ctl.c revision 268280 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 268280 2014-07-05 03:34:52Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/kernel.h>
50#include <sys/types.h>
51#include <sys/kthread.h>
52#include <sys/bio.h>
53#include <sys/fcntl.h>
54#include <sys/lock.h>
55#include <sys/module.h>
56#include <sys/mutex.h>
57#include <sys/condvar.h>
58#include <sys/malloc.h>
59#include <sys/conf.h>
60#include <sys/ioccom.h>
61#include <sys/queue.h>
62#include <sys/sbuf.h>
63#include <sys/smp.h>
64#include <sys/endian.h>
65#include <sys/sysctl.h>
66
67#include <cam/cam.h>
68#include <cam/scsi/scsi_all.h>
69#include <cam/scsi/scsi_da.h>
70#include <cam/ctl/ctl_io.h>
71#include <cam/ctl/ctl.h>
72#include <cam/ctl/ctl_frontend.h>
73#include <cam/ctl/ctl_frontend_internal.h>
74#include <cam/ctl/ctl_util.h>
75#include <cam/ctl/ctl_backend.h>
76#include <cam/ctl/ctl_ioctl.h>
77#include <cam/ctl/ctl_ha.h>
78#include <cam/ctl/ctl_private.h>
79#include <cam/ctl/ctl_debug.h>
80#include <cam/ctl/ctl_scsi_all.h>
81#include <cam/ctl/ctl_error.h>
82
83struct ctl_softc *control_softc = NULL;
84
85/*
86 * Size and alignment macros needed for Copan-specific HA hardware.  These
87 * can go away when the HA code is re-written, and uses busdma for any
88 * hardware.
89 */
90#define	CTL_ALIGN_8B(target, source, type)				\
91	if (((uint32_t)source & 0x7) != 0)				\
92		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
93	else								\
94		target = (type)source;
95
96#define	CTL_SIZE_8B(target, size)					\
97	if ((size & 0x7) != 0)						\
98		target = size + (0x8 - (size & 0x7));			\
99	else								\
100		target = size;
101
102#define CTL_ALIGN_8B_MARGIN	16
103
104/*
105 * Template mode pages.
106 */
107
108/*
109 * Note that these are default values only.  The actual values will be
110 * filled in when the user does a mode sense.
111 */
112static struct copan_power_subpage power_page_default = {
113	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
114	/*subpage*/ PWR_SUBPAGE_CODE,
115	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
116			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
117	/*page_version*/ PWR_VERSION,
118	/* total_luns */ 26,
119	/* max_active_luns*/ PWR_DFLT_MAX_LUNS,
120	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
121		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
122		      0, 0, 0, 0, 0, 0}
123};
124
125static struct copan_power_subpage power_page_changeable = {
126	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
127	/*subpage*/ PWR_SUBPAGE_CODE,
128	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
129			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
130	/*page_version*/ 0,
131	/* total_luns */ 0,
132	/* max_active_luns*/ 0,
133	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
134		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
135		      0, 0, 0, 0, 0, 0}
136};
137
138static struct copan_aps_subpage aps_page_default = {
139	APS_PAGE_CODE | SMPH_SPF, //page_code
140	APS_SUBPAGE_CODE, //subpage
141	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
142	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
143	APS_VERSION, //page_version
144	0, //lock_active
145	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
146	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
147	0, 0, 0, 0, 0} //reserved
148};
149
150static struct copan_aps_subpage aps_page_changeable = {
151	APS_PAGE_CODE | SMPH_SPF, //page_code
152	APS_SUBPAGE_CODE, //subpage
153	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
154	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
155	0, //page_version
156	0, //lock_active
157	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
158	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
159	0, 0, 0, 0, 0} //reserved
160};
161
162static struct copan_debugconf_subpage debugconf_page_default = {
163	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
164	DBGCNF_SUBPAGE_CODE,		/* subpage */
165	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
166	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
167	DBGCNF_VERSION,			/* page_version */
168	{CTL_TIME_IO_DEFAULT_SECS>>8,
169	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
170};
171
172static struct copan_debugconf_subpage debugconf_page_changeable = {
173	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
174	DBGCNF_SUBPAGE_CODE,		/* subpage */
175	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
176	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
177	0,				/* page_version */
178	{0xff,0xff},			/* ctl_time_io_secs */
179};
180
181static struct scsi_format_page format_page_default = {
182	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
183	/*page_length*/sizeof(struct scsi_format_page) - 2,
184	/*tracks_per_zone*/ {0, 0},
185	/*alt_sectors_per_zone*/ {0, 0},
186	/*alt_tracks_per_zone*/ {0, 0},
187	/*alt_tracks_per_lun*/ {0, 0},
188	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
189			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
190	/*bytes_per_sector*/ {0, 0},
191	/*interleave*/ {0, 0},
192	/*track_skew*/ {0, 0},
193	/*cylinder_skew*/ {0, 0},
194	/*flags*/ SFP_HSEC,
195	/*reserved*/ {0, 0, 0}
196};
197
198static struct scsi_format_page format_page_changeable = {
199	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
200	/*page_length*/sizeof(struct scsi_format_page) - 2,
201	/*tracks_per_zone*/ {0, 0},
202	/*alt_sectors_per_zone*/ {0, 0},
203	/*alt_tracks_per_zone*/ {0, 0},
204	/*alt_tracks_per_lun*/ {0, 0},
205	/*sectors_per_track*/ {0, 0},
206	/*bytes_per_sector*/ {0, 0},
207	/*interleave*/ {0, 0},
208	/*track_skew*/ {0, 0},
209	/*cylinder_skew*/ {0, 0},
210	/*flags*/ 0,
211	/*reserved*/ {0, 0, 0}
212};
213
214static struct scsi_rigid_disk_page rigid_disk_page_default = {
215	/*page_code*/SMS_RIGID_DISK_PAGE,
216	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
217	/*cylinders*/ {0, 0, 0},
218	/*heads*/ CTL_DEFAULT_HEADS,
219	/*start_write_precomp*/ {0, 0, 0},
220	/*start_reduced_current*/ {0, 0, 0},
221	/*step_rate*/ {0, 0},
222	/*landing_zone_cylinder*/ {0, 0, 0},
223	/*rpl*/ SRDP_RPL_DISABLED,
224	/*rotational_offset*/ 0,
225	/*reserved1*/ 0,
226	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
227			   CTL_DEFAULT_ROTATION_RATE & 0xff},
228	/*reserved2*/ {0, 0}
229};
230
231static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
232	/*page_code*/SMS_RIGID_DISK_PAGE,
233	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
234	/*cylinders*/ {0, 0, 0},
235	/*heads*/ 0,
236	/*start_write_precomp*/ {0, 0, 0},
237	/*start_reduced_current*/ {0, 0, 0},
238	/*step_rate*/ {0, 0},
239	/*landing_zone_cylinder*/ {0, 0, 0},
240	/*rpl*/ 0,
241	/*rotational_offset*/ 0,
242	/*reserved1*/ 0,
243	/*rotation_rate*/ {0, 0},
244	/*reserved2*/ {0, 0}
245};
246
247static struct scsi_caching_page caching_page_default = {
248	/*page_code*/SMS_CACHING_PAGE,
249	/*page_length*/sizeof(struct scsi_caching_page) - 2,
250	/*flags1*/ SCP_DISC | SCP_WCE,
251	/*ret_priority*/ 0,
252	/*disable_pf_transfer_len*/ {0xff, 0xff},
253	/*min_prefetch*/ {0, 0},
254	/*max_prefetch*/ {0xff, 0xff},
255	/*max_pf_ceiling*/ {0xff, 0xff},
256	/*flags2*/ 0,
257	/*cache_segments*/ 0,
258	/*cache_seg_size*/ {0, 0},
259	/*reserved*/ 0,
260	/*non_cache_seg_size*/ {0, 0, 0}
261};
262
263static struct scsi_caching_page caching_page_changeable = {
264	/*page_code*/SMS_CACHING_PAGE,
265	/*page_length*/sizeof(struct scsi_caching_page) - 2,
266	/*flags1*/ 0,
267	/*ret_priority*/ 0,
268	/*disable_pf_transfer_len*/ {0, 0},
269	/*min_prefetch*/ {0, 0},
270	/*max_prefetch*/ {0, 0},
271	/*max_pf_ceiling*/ {0, 0},
272	/*flags2*/ 0,
273	/*cache_segments*/ 0,
274	/*cache_seg_size*/ {0, 0},
275	/*reserved*/ 0,
276	/*non_cache_seg_size*/ {0, 0, 0}
277};
278
279static struct scsi_control_page control_page_default = {
280	/*page_code*/SMS_CONTROL_MODE_PAGE,
281	/*page_length*/sizeof(struct scsi_control_page) - 2,
282	/*rlec*/0,
283	/*queue_flags*/0,
284	/*eca_and_aen*/0,
285	/*reserved*/0,
286	/*aen_holdoff_period*/{0, 0}
287};
288
289static struct scsi_control_page control_page_changeable = {
290	/*page_code*/SMS_CONTROL_MODE_PAGE,
291	/*page_length*/sizeof(struct scsi_control_page) - 2,
292	/*rlec*/SCP_DSENSE,
293	/*queue_flags*/0,
294	/*eca_and_aen*/0,
295	/*reserved*/0,
296	/*aen_holdoff_period*/{0, 0}
297};
298
299
300/*
301 * XXX KDM move these into the softc.
302 */
303static int rcv_sync_msg;
304static int persis_offset;
305static uint8_t ctl_pause_rtr;
306static int     ctl_is_single = 1;
307static int     index_to_aps_page;
308
309SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
310static int worker_threads = -1;
311SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
312    &worker_threads, 1, "Number of worker threads");
313static int verbose = 0;
314SYSCTL_INT(_kern_cam_ctl, OID_AUTO, verbose, CTLFLAG_RWTUN,
315    &verbose, 0, "Show SCSI errors returned to initiator");
316
317/*
318 * Serial number (0x80), device id (0x83), supported pages (0x00),
319 * Block limits (0xB0) and Logical Block Provisioning (0xB2)
320 */
321#define SCSI_EVPD_NUM_SUPPORTED_PAGES	5
322
323static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
324				  int param);
325static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
326static int ctl_init(void);
327void ctl_shutdown(void);
328static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
329static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
330static void ctl_ioctl_online(void *arg);
331static void ctl_ioctl_offline(void *arg);
332static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
333static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
334static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
335static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
336static int ctl_ioctl_submit_wait(union ctl_io *io);
337static void ctl_ioctl_datamove(union ctl_io *io);
338static void ctl_ioctl_done(union ctl_io *io);
339static void ctl_ioctl_hard_startstop_callback(void *arg,
340					      struct cfi_metatask *metatask);
341static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
342static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
343			      struct ctl_ooa *ooa_hdr,
344			      struct ctl_ooa_entry *kern_entries);
345static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
346		     struct thread *td);
347uint32_t ctl_get_resindex(struct ctl_nexus *nexus);
348uint32_t ctl_port_idx(int port_num);
349#ifdef unused
350static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
351				   uint32_t targ_target, uint32_t targ_lun,
352				   int can_wait);
353static void ctl_kfree_io(union ctl_io *io);
354#endif /* unused */
355static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
356			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
357static int ctl_free_lun(struct ctl_lun *lun);
358static void ctl_create_lun(struct ctl_be_lun *be_lun);
359/**
360static void ctl_failover_change_pages(struct ctl_softc *softc,
361				      struct ctl_scsiio *ctsio, int master);
362**/
363
364static int ctl_do_mode_select(union ctl_io *io);
365static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
366			   uint64_t res_key, uint64_t sa_res_key,
367			   uint8_t type, uint32_t residx,
368			   struct ctl_scsiio *ctsio,
369			   struct scsi_per_res_out *cdb,
370			   struct scsi_per_res_out_parms* param);
371static void ctl_pro_preempt_other(struct ctl_lun *lun,
372				  union ctl_ha_msg *msg);
373static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
374static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
375static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
376static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
377static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
378					 int alloc_len);
379static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
380static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
381static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
382static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint32_t *len);
383static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
384static ctl_action ctl_check_for_blockage(union ctl_io *pending_io,
385					 union ctl_io *ooa_io);
386static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
387				union ctl_io *starting_io);
388static int ctl_check_blocked(struct ctl_lun *lun);
389static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
390				struct ctl_lun *lun,
391				const struct ctl_cmd_entry *entry,
392				struct ctl_scsiio *ctsio);
393//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
394static void ctl_failover(void);
395static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
396			       struct ctl_scsiio *ctsio);
397static int ctl_scsiio(struct ctl_scsiio *ctsio);
398
399static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
400static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
401			    ctl_ua_type ua_type);
402static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
403			 ctl_ua_type ua_type);
404static int ctl_abort_task(union ctl_io *io);
405static void ctl_run_task(union ctl_io *io);
406#ifdef CTL_IO_DELAY
407static void ctl_datamove_timer_wakeup(void *arg);
408static void ctl_done_timer_wakeup(void *arg);
409#endif /* CTL_IO_DELAY */
410
411static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
412static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
413static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
414static void ctl_datamove_remote_write(union ctl_io *io);
415static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
416static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
417static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
418static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
419				    ctl_ha_dt_cb callback);
420static void ctl_datamove_remote_read(union ctl_io *io);
421static void ctl_datamove_remote(union ctl_io *io);
422static int ctl_process_done(union ctl_io *io);
423static void ctl_lun_thread(void *arg);
424static void ctl_work_thread(void *arg);
425static void ctl_enqueue_incoming(union ctl_io *io);
426static void ctl_enqueue_rtr(union ctl_io *io);
427static void ctl_enqueue_done(union ctl_io *io);
428static void ctl_enqueue_isc(union ctl_io *io);
429static const struct ctl_cmd_entry *
430    ctl_get_cmd_entry(struct ctl_scsiio *ctsio);
431static const struct ctl_cmd_entry *
432    ctl_validate_command(struct ctl_scsiio *ctsio);
433static int ctl_cmd_applicable(uint8_t lun_type,
434    const struct ctl_cmd_entry *entry);
435
436/*
437 * Load the serialization table.  This isn't very pretty, but is probably
438 * the easiest way to do it.
439 */
440#include "ctl_ser_table.c"
441
442/*
443 * We only need to define open, close and ioctl routines for this driver.
444 */
445static struct cdevsw ctl_cdevsw = {
446	.d_version =	D_VERSION,
447	.d_flags =	0,
448	.d_open =	ctl_open,
449	.d_close =	ctl_close,
450	.d_ioctl =	ctl_ioctl,
451	.d_name =	"ctl",
452};
453
454
455MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
456MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
457
458static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
459
460static moduledata_t ctl_moduledata = {
461	"ctl",
462	ctl_module_event_handler,
463	NULL
464};
465
466DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
467MODULE_VERSION(ctl, 1);
468
469static struct ctl_frontend ioctl_frontend =
470{
471	.name = "ioctl",
472};
473
474static void
475ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
476			    union ctl_ha_msg *msg_info)
477{
478	struct ctl_scsiio *ctsio;
479
480	if (msg_info->hdr.original_sc == NULL) {
481		printf("%s: original_sc == NULL!\n", __func__);
482		/* XXX KDM now what? */
483		return;
484	}
485
486	ctsio = &msg_info->hdr.original_sc->scsiio;
487	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
488	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
489	ctsio->io_hdr.status = msg_info->hdr.status;
490	ctsio->scsi_status = msg_info->scsi.scsi_status;
491	ctsio->sense_len = msg_info->scsi.sense_len;
492	ctsio->sense_residual = msg_info->scsi.sense_residual;
493	ctsio->residual = msg_info->scsi.residual;
494	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
495	       sizeof(ctsio->sense_data));
496	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
497	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
498	ctl_enqueue_isc((union ctl_io *)ctsio);
499}
500
501static void
502ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
503				union ctl_ha_msg *msg_info)
504{
505	struct ctl_scsiio *ctsio;
506
507	if (msg_info->hdr.serializing_sc == NULL) {
508		printf("%s: serializing_sc == NULL!\n", __func__);
509		/* XXX KDM now what? */
510		return;
511	}
512
513	ctsio = &msg_info->hdr.serializing_sc->scsiio;
514#if 0
515	/*
516	 * Attempt to catch the situation where an I/O has
517	 * been freed, and we're using it again.
518	 */
519	if (ctsio->io_hdr.io_type == 0xff) {
520		union ctl_io *tmp_io;
521		tmp_io = (union ctl_io *)ctsio;
522		printf("%s: %p use after free!\n", __func__,
523		       ctsio);
524		printf("%s: type %d msg %d cdb %x iptl: "
525		       "%d:%d:%d:%d tag 0x%04x "
526		       "flag %#x status %x\n",
527			__func__,
528			tmp_io->io_hdr.io_type,
529			tmp_io->io_hdr.msg_type,
530			tmp_io->scsiio.cdb[0],
531			tmp_io->io_hdr.nexus.initid.id,
532			tmp_io->io_hdr.nexus.targ_port,
533			tmp_io->io_hdr.nexus.targ_target.id,
534			tmp_io->io_hdr.nexus.targ_lun,
535			(tmp_io->io_hdr.io_type ==
536			CTL_IO_TASK) ?
537			tmp_io->taskio.tag_num :
538			tmp_io->scsiio.tag_num,
539		        tmp_io->io_hdr.flags,
540			tmp_io->io_hdr.status);
541	}
542#endif
543	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
544	ctl_enqueue_isc((union ctl_io *)ctsio);
545}
546
547/*
548 * ISC (Inter Shelf Communication) event handler.  Events from the HA
549 * subsystem come in here.
550 */
551static void
552ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
553{
554	struct ctl_softc *ctl_softc;
555	union ctl_io *io;
556	struct ctl_prio *presio;
557	ctl_ha_status isc_status;
558
559	ctl_softc = control_softc;
560	io = NULL;
561
562
563#if 0
564	printf("CTL: Isc Msg event %d\n", event);
565#endif
566	if (event == CTL_HA_EVT_MSG_RECV) {
567		union ctl_ha_msg msg_info;
568
569		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
570					     sizeof(msg_info), /*wait*/ 0);
571#if 0
572		printf("CTL: msg_type %d\n", msg_info.msg_type);
573#endif
574		if (isc_status != 0) {
575			printf("Error receiving message, status = %d\n",
576			       isc_status);
577			return;
578		}
579
580		switch (msg_info.hdr.msg_type) {
581		case CTL_MSG_SERIALIZE:
582#if 0
583			printf("Serialize\n");
584#endif
585			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
586			if (io == NULL) {
587				printf("ctl_isc_event_handler: can't allocate "
588				       "ctl_io!\n");
589				/* Bad Juju */
590				/* Need to set busy and send msg back */
591				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
592				msg_info.hdr.status = CTL_SCSI_ERROR;
593				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
594				msg_info.scsi.sense_len = 0;
595			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
596				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
597				}
598				goto bailout;
599			}
600			ctl_zero_io(io);
601			// populate ctsio from msg_info
602			io->io_hdr.io_type = CTL_IO_SCSI;
603			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
604			io->io_hdr.original_sc = msg_info.hdr.original_sc;
605#if 0
606			printf("pOrig %x\n", (int)msg_info.original_sc);
607#endif
608			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
609					    CTL_FLAG_IO_ACTIVE;
610			/*
611			 * If we're in serialization-only mode, we don't
612			 * want to go through full done processing.  Thus
613			 * the COPY flag.
614			 *
615			 * XXX KDM add another flag that is more specific.
616			 */
617			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
618				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
619			io->io_hdr.nexus = msg_info.hdr.nexus;
620#if 0
621			printf("targ %d, port %d, iid %d, lun %d\n",
622			       io->io_hdr.nexus.targ_target.id,
623			       io->io_hdr.nexus.targ_port,
624			       io->io_hdr.nexus.initid.id,
625			       io->io_hdr.nexus.targ_lun);
626#endif
627			io->scsiio.tag_num = msg_info.scsi.tag_num;
628			io->scsiio.tag_type = msg_info.scsi.tag_type;
629			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
630			       CTL_MAX_CDBLEN);
631			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
632				const struct ctl_cmd_entry *entry;
633
634				entry = ctl_get_cmd_entry(&io->scsiio);
635				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
636				io->io_hdr.flags |=
637					entry->flags & CTL_FLAG_DATA_MASK;
638			}
639			ctl_enqueue_isc(io);
640			break;
641
642		/* Performed on the Originating SC, XFER mode only */
643		case CTL_MSG_DATAMOVE: {
644			struct ctl_sg_entry *sgl;
645			int i, j;
646
647			io = msg_info.hdr.original_sc;
648			if (io == NULL) {
649				printf("%s: original_sc == NULL!\n", __func__);
650				/* XXX KDM do something here */
651				break;
652			}
653			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
654			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
655			/*
656			 * Keep track of this, we need to send it back over
657			 * when the datamove is complete.
658			 */
659			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
660
661			if (msg_info.dt.sg_sequence == 0) {
662				/*
663				 * XXX KDM we use the preallocated S/G list
664				 * here, but we'll need to change this to
665				 * dynamic allocation if we need larger S/G
666				 * lists.
667				 */
668				if (msg_info.dt.kern_sg_entries >
669				    sizeof(io->io_hdr.remote_sglist) /
670				    sizeof(io->io_hdr.remote_sglist[0])) {
671					printf("%s: number of S/G entries "
672					    "needed %u > allocated num %zd\n",
673					    __func__,
674					    msg_info.dt.kern_sg_entries,
675					    sizeof(io->io_hdr.remote_sglist)/
676					    sizeof(io->io_hdr.remote_sglist[0]));
677
678					/*
679					 * XXX KDM send a message back to
680					 * the other side to shut down the
681					 * DMA.  The error will come back
682					 * through via the normal channel.
683					 */
684					break;
685				}
686				sgl = io->io_hdr.remote_sglist;
687				memset(sgl, 0,
688				       sizeof(io->io_hdr.remote_sglist));
689
690				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
691
692				io->scsiio.kern_sg_entries =
693					msg_info.dt.kern_sg_entries;
694				io->scsiio.rem_sg_entries =
695					msg_info.dt.kern_sg_entries;
696				io->scsiio.kern_data_len =
697					msg_info.dt.kern_data_len;
698				io->scsiio.kern_total_len =
699					msg_info.dt.kern_total_len;
700				io->scsiio.kern_data_resid =
701					msg_info.dt.kern_data_resid;
702				io->scsiio.kern_rel_offset =
703					msg_info.dt.kern_rel_offset;
704				/*
705				 * Clear out per-DMA flags.
706				 */
707				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
708				/*
709				 * Add per-DMA flags that are set for this
710				 * particular DMA request.
711				 */
712				io->io_hdr.flags |= msg_info.dt.flags &
713						    CTL_FLAG_RDMA_MASK;
714			} else
715				sgl = (struct ctl_sg_entry *)
716					io->scsiio.kern_data_ptr;
717
718			for (i = msg_info.dt.sent_sg_entries, j = 0;
719			     i < (msg_info.dt.sent_sg_entries +
720			     msg_info.dt.cur_sg_entries); i++, j++) {
721				sgl[i].addr = msg_info.dt.sg_list[j].addr;
722				sgl[i].len = msg_info.dt.sg_list[j].len;
723
724#if 0
725				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
726				       __func__,
727				       msg_info.dt.sg_list[j].addr,
728				       msg_info.dt.sg_list[j].len,
729				       sgl[i].addr, sgl[i].len, j, i);
730#endif
731			}
732#if 0
733			memcpy(&sgl[msg_info.dt.sent_sg_entries],
734			       msg_info.dt.sg_list,
735			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
736#endif
737
738			/*
739			 * If this is the last piece of the I/O, we've got
740			 * the full S/G list.  Queue processing in the thread.
741			 * Otherwise wait for the next piece.
742			 */
743			if (msg_info.dt.sg_last != 0)
744				ctl_enqueue_isc(io);
745			break;
746		}
747		/* Performed on the Serializing (primary) SC, XFER mode only */
748		case CTL_MSG_DATAMOVE_DONE: {
749			if (msg_info.hdr.serializing_sc == NULL) {
750				printf("%s: serializing_sc == NULL!\n",
751				       __func__);
752				/* XXX KDM now what? */
753				break;
754			}
755			/*
756			 * We grab the sense information here in case
757			 * there was a failure, so we can return status
758			 * back to the initiator.
759			 */
760			io = msg_info.hdr.serializing_sc;
761			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
762			io->io_hdr.status = msg_info.hdr.status;
763			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
764			io->scsiio.sense_len = msg_info.scsi.sense_len;
765			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
766			io->io_hdr.port_status = msg_info.scsi.fetd_status;
767			io->scsiio.residual = msg_info.scsi.residual;
768			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
769			       sizeof(io->scsiio.sense_data));
770			ctl_enqueue_isc(io);
771			break;
772		}
773
774		/* Preformed on Originating SC, SER_ONLY mode */
775		case CTL_MSG_R2R:
776			io = msg_info.hdr.original_sc;
777			if (io == NULL) {
778				printf("%s: Major Bummer\n", __func__);
779				return;
780			} else {
781#if 0
782				printf("pOrig %x\n",(int) ctsio);
783#endif
784			}
785			io->io_hdr.msg_type = CTL_MSG_R2R;
786			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
787			ctl_enqueue_isc(io);
788			break;
789
790		/*
791		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
792		 * mode.
793		 * Performed on the Originating (i.e. secondary) SC in XFER
794		 * mode
795		 */
796		case CTL_MSG_FINISH_IO:
797			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
798				ctl_isc_handler_finish_xfer(ctl_softc,
799							    &msg_info);
800			else
801				ctl_isc_handler_finish_ser_only(ctl_softc,
802								&msg_info);
803			break;
804
805		/* Preformed on Originating SC */
806		case CTL_MSG_BAD_JUJU:
807			io = msg_info.hdr.original_sc;
808			if (io == NULL) {
809				printf("%s: Bad JUJU!, original_sc is NULL!\n",
810				       __func__);
811				break;
812			}
813			ctl_copy_sense_data(&msg_info, io);
814			/*
815			 * IO should have already been cleaned up on other
816			 * SC so clear this flag so we won't send a message
817			 * back to finish the IO there.
818			 */
819			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
820			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
821
822			/* io = msg_info.hdr.serializing_sc; */
823			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
824			ctl_enqueue_isc(io);
825			break;
826
827		/* Handle resets sent from the other side */
828		case CTL_MSG_MANAGE_TASKS: {
829			struct ctl_taskio *taskio;
830			taskio = (struct ctl_taskio *)ctl_alloc_io(
831				(void *)ctl_softc->othersc_pool);
832			if (taskio == NULL) {
833				printf("ctl_isc_event_handler: can't allocate "
834				       "ctl_io!\n");
835				/* Bad Juju */
836				/* should I just call the proper reset func
837				   here??? */
838				goto bailout;
839			}
840			ctl_zero_io((union ctl_io *)taskio);
841			taskio->io_hdr.io_type = CTL_IO_TASK;
842			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
843			taskio->io_hdr.nexus = msg_info.hdr.nexus;
844			taskio->task_action = msg_info.task.task_action;
845			taskio->tag_num = msg_info.task.tag_num;
846			taskio->tag_type = msg_info.task.tag_type;
847#ifdef CTL_TIME_IO
848			taskio->io_hdr.start_time = time_uptime;
849			getbintime(&taskio->io_hdr.start_bt);
850#if 0
851			cs_prof_gettime(&taskio->io_hdr.start_ticks);
852#endif
853#endif /* CTL_TIME_IO */
854			ctl_run_task((union ctl_io *)taskio);
855			break;
856		}
857		/* Persistent Reserve action which needs attention */
858		case CTL_MSG_PERS_ACTION:
859			presio = (struct ctl_prio *)ctl_alloc_io(
860				(void *)ctl_softc->othersc_pool);
861			if (presio == NULL) {
862				printf("ctl_isc_event_handler: can't allocate "
863				       "ctl_io!\n");
864				/* Bad Juju */
865				/* Need to set busy and send msg back */
866				goto bailout;
867			}
868			ctl_zero_io((union ctl_io *)presio);
869			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
870			presio->pr_msg = msg_info.pr;
871			ctl_enqueue_isc((union ctl_io *)presio);
872			break;
873		case CTL_MSG_SYNC_FE:
874			rcv_sync_msg = 1;
875			break;
876		case CTL_MSG_APS_LOCK: {
877			// It's quicker to execute this then to
878			// queue it.
879			struct ctl_lun *lun;
880			struct ctl_page_index *page_index;
881			struct copan_aps_subpage *current_sp;
882			uint32_t targ_lun;
883
884			targ_lun = msg_info.hdr.nexus.targ_mapped_lun;
885			lun = ctl_softc->ctl_luns[targ_lun];
886			mtx_lock(&lun->lun_lock);
887			page_index = &lun->mode_pages.index[index_to_aps_page];
888			current_sp = (struct copan_aps_subpage *)
889				     (page_index->page_data +
890				     (page_index->page_len * CTL_PAGE_CURRENT));
891
892			current_sp->lock_active = msg_info.aps.lock_flag;
893			mtx_unlock(&lun->lun_lock);
894		        break;
895		}
896		default:
897		        printf("How did I get here?\n");
898		}
899	} else if (event == CTL_HA_EVT_MSG_SENT) {
900		if (param != CTL_HA_STATUS_SUCCESS) {
901			printf("Bad status from ctl_ha_msg_send status %d\n",
902			       param);
903		}
904		return;
905	} else if (event == CTL_HA_EVT_DISCONNECT) {
906		printf("CTL: Got a disconnect from Isc\n");
907		return;
908	} else {
909		printf("ctl_isc_event_handler: Unknown event %d\n", event);
910		return;
911	}
912
913bailout:
914	return;
915}
916
917static void
918ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
919{
920	struct scsi_sense_data *sense;
921
922	sense = &dest->scsiio.sense_data;
923	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
924	dest->scsiio.scsi_status = src->scsi.scsi_status;
925	dest->scsiio.sense_len = src->scsi.sense_len;
926	dest->io_hdr.status = src->hdr.status;
927}
928
929static int
930ctl_init(void)
931{
932	struct ctl_softc *softc;
933	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
934	struct ctl_port *port;
935        uint8_t sc_id =0;
936	int i, error, retval;
937	//int isc_retval;
938
939	retval = 0;
940	ctl_pause_rtr = 0;
941        rcv_sync_msg = 0;
942
943	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
944			       M_WAITOK | M_ZERO);
945	softc = control_softc;
946
947	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
948			      "cam/ctl");
949
950	softc->dev->si_drv1 = softc;
951
952	/*
953	 * By default, return a "bad LUN" peripheral qualifier for unknown
954	 * LUNs.  The user can override this default using the tunable or
955	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
956	 */
957	softc->inquiry_pq_no_lun = 1;
958	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
959			  &softc->inquiry_pq_no_lun);
960	sysctl_ctx_init(&softc->sysctl_ctx);
961	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
962		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
963		CTLFLAG_RD, 0, "CAM Target Layer");
964
965	if (softc->sysctl_tree == NULL) {
966		printf("%s: unable to allocate sysctl tree\n", __func__);
967		destroy_dev(softc->dev);
968		free(control_softc, M_DEVBUF);
969		control_softc = NULL;
970		return (ENOMEM);
971	}
972
973	SYSCTL_ADD_INT(&softc->sysctl_ctx,
974		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
975		       "inquiry_pq_no_lun", CTLFLAG_RW,
976		       &softc->inquiry_pq_no_lun, 0,
977		       "Report no lun possible for invalid LUNs");
978
979	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
980	mtx_init(&softc->pool_lock, "CTL pool mutex", NULL, MTX_DEF);
981	softc->open_count = 0;
982
983	/*
984	 * Default to actually sending a SYNCHRONIZE CACHE command down to
985	 * the drive.
986	 */
987	softc->flags = CTL_FLAG_REAL_SYNC;
988
989	/*
990	 * In Copan's HA scheme, the "master" and "slave" roles are
991	 * figured out through the slot the controller is in.  Although it
992	 * is an active/active system, someone has to be in charge.
993 	 */
994#ifdef NEEDTOPORT
995        scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
996#endif
997
998        if (sc_id == 0) {
999		softc->flags |= CTL_FLAG_MASTER_SHELF;
1000		persis_offset = 0;
1001	} else
1002		persis_offset = CTL_MAX_INITIATORS;
1003
1004	/*
1005	 * XXX KDM need to figure out where we want to get our target ID
1006	 * and WWID.  Is it different on each port?
1007	 */
1008	softc->target.id = 0;
1009	softc->target.wwid[0] = 0x12345678;
1010	softc->target.wwid[1] = 0x87654321;
1011	STAILQ_INIT(&softc->lun_list);
1012	STAILQ_INIT(&softc->pending_lun_queue);
1013	STAILQ_INIT(&softc->fe_list);
1014	STAILQ_INIT(&softc->port_list);
1015	STAILQ_INIT(&softc->be_list);
1016	STAILQ_INIT(&softc->io_pools);
1017
1018	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1019			    &internal_pool)!= 0){
1020		printf("ctl: can't allocate %d entry internal pool, "
1021		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1022		return (ENOMEM);
1023	}
1024
1025	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1026			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1027		printf("ctl: can't allocate %d entry emergency pool, "
1028		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1029		ctl_pool_free(internal_pool);
1030		return (ENOMEM);
1031	}
1032
1033	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1034	                    &other_pool) != 0)
1035	{
1036		printf("ctl: can't allocate %d entry other SC pool, "
1037		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1038		ctl_pool_free(internal_pool);
1039		ctl_pool_free(emergency_pool);
1040		return (ENOMEM);
1041	}
1042
1043	softc->internal_pool = internal_pool;
1044	softc->emergency_pool = emergency_pool;
1045	softc->othersc_pool = other_pool;
1046
1047	if (worker_threads <= 0)
1048		worker_threads = max(1, mp_ncpus / 4);
1049	if (worker_threads > CTL_MAX_THREADS)
1050		worker_threads = CTL_MAX_THREADS;
1051
1052	for (i = 0; i < worker_threads; i++) {
1053		struct ctl_thread *thr = &softc->threads[i];
1054
1055		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1056		thr->ctl_softc = softc;
1057		STAILQ_INIT(&thr->incoming_queue);
1058		STAILQ_INIT(&thr->rtr_queue);
1059		STAILQ_INIT(&thr->done_queue);
1060		STAILQ_INIT(&thr->isc_queue);
1061
1062		error = kproc_kthread_add(ctl_work_thread, thr,
1063		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1064		if (error != 0) {
1065			printf("error creating CTL work thread!\n");
1066			ctl_pool_free(internal_pool);
1067			ctl_pool_free(emergency_pool);
1068			ctl_pool_free(other_pool);
1069			return (error);
1070		}
1071	}
1072	error = kproc_kthread_add(ctl_lun_thread, softc,
1073	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1074	if (error != 0) {
1075		printf("error creating CTL lun thread!\n");
1076		ctl_pool_free(internal_pool);
1077		ctl_pool_free(emergency_pool);
1078		ctl_pool_free(other_pool);
1079		return (error);
1080	}
1081	if (bootverbose)
1082		printf("ctl: CAM Target Layer loaded\n");
1083
1084	/*
1085	 * Initialize the initiator and portname mappings
1086	 */
1087	memset(softc->wwpn_iid, 0, sizeof(softc->wwpn_iid));
1088
1089	/*
1090	 * Initialize the ioctl front end.
1091	 */
1092	ctl_frontend_register(&ioctl_frontend);
1093	port = &softc->ioctl_info.port;
1094	port->frontend = &ioctl_frontend;
1095	sprintf(softc->ioctl_info.port_name, "ioctl");
1096	port->port_type = CTL_PORT_IOCTL;
1097	port->num_requested_ctl_io = 100;
1098	port->port_name = softc->ioctl_info.port_name;
1099	port->port_online = ctl_ioctl_online;
1100	port->port_offline = ctl_ioctl_offline;
1101	port->onoff_arg = &softc->ioctl_info;
1102	port->lun_enable = ctl_ioctl_lun_enable;
1103	port->lun_disable = ctl_ioctl_lun_disable;
1104	port->targ_lun_arg = &softc->ioctl_info;
1105	port->fe_datamove = ctl_ioctl_datamove;
1106	port->fe_done = ctl_ioctl_done;
1107	port->max_targets = 15;
1108	port->max_target_id = 15;
1109
1110	if (ctl_port_register(&softc->ioctl_info.port,
1111	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1112		printf("ctl: ioctl front end registration failed, will "
1113		       "continue anyway\n");
1114	}
1115
1116#ifdef CTL_IO_DELAY
1117	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1118		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1119		       sizeof(struct callout), CTL_TIMER_BYTES);
1120		return (EINVAL);
1121	}
1122#endif /* CTL_IO_DELAY */
1123
1124	return (0);
1125}
1126
1127void
1128ctl_shutdown(void)
1129{
1130	struct ctl_softc *softc;
1131	struct ctl_lun *lun, *next_lun;
1132	struct ctl_io_pool *pool;
1133
1134	softc = (struct ctl_softc *)control_softc;
1135
1136	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1137		printf("ctl: ioctl front end deregistration failed\n");
1138
1139	mtx_lock(&softc->ctl_lock);
1140
1141	/*
1142	 * Free up each LUN.
1143	 */
1144	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1145		next_lun = STAILQ_NEXT(lun, links);
1146		ctl_free_lun(lun);
1147	}
1148
1149	mtx_unlock(&softc->ctl_lock);
1150
1151	ctl_frontend_deregister(&ioctl_frontend);
1152
1153	/*
1154	 * This will rip the rug out from under any FETDs or anyone else
1155	 * that has a pool allocated.  Since we increment our module
1156	 * refcount any time someone outside the main CTL module allocates
1157	 * a pool, we shouldn't have any problems here.  The user won't be
1158	 * able to unload the CTL module until client modules have
1159	 * successfully unloaded.
1160	 */
1161	while ((pool = STAILQ_FIRST(&softc->io_pools)) != NULL)
1162		ctl_pool_free(pool);
1163
1164#if 0
1165	ctl_shutdown_thread(softc->work_thread);
1166	mtx_destroy(&softc->queue_lock);
1167#endif
1168
1169	mtx_destroy(&softc->pool_lock);
1170	mtx_destroy(&softc->ctl_lock);
1171
1172	destroy_dev(softc->dev);
1173
1174	sysctl_ctx_free(&softc->sysctl_ctx);
1175
1176	free(control_softc, M_DEVBUF);
1177	control_softc = NULL;
1178
1179	if (bootverbose)
1180		printf("ctl: CAM Target Layer unloaded\n");
1181}
1182
1183static int
1184ctl_module_event_handler(module_t mod, int what, void *arg)
1185{
1186
1187	switch (what) {
1188	case MOD_LOAD:
1189		return (ctl_init());
1190	case MOD_UNLOAD:
1191		return (EBUSY);
1192	default:
1193		return (EOPNOTSUPP);
1194	}
1195}
1196
1197/*
1198 * XXX KDM should we do some access checks here?  Bump a reference count to
1199 * prevent a CTL module from being unloaded while someone has it open?
1200 */
1201static int
1202ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1203{
1204	return (0);
1205}
1206
1207static int
1208ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1209{
1210	return (0);
1211}
1212
1213int
1214ctl_port_enable(ctl_port_type port_type)
1215{
1216	struct ctl_softc *softc;
1217	struct ctl_port *port;
1218
1219	if (ctl_is_single == 0) {
1220		union ctl_ha_msg msg_info;
1221		int isc_retval;
1222
1223#if 0
1224		printf("%s: HA mode, synchronizing frontend enable\n",
1225		        __func__);
1226#endif
1227		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1228	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1229		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1230			printf("Sync msg send error retval %d\n", isc_retval);
1231		}
1232		if (!rcv_sync_msg) {
1233			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1234			        sizeof(msg_info), 1);
1235		}
1236#if 0
1237        	printf("CTL:Frontend Enable\n");
1238	} else {
1239		printf("%s: single mode, skipping frontend synchronization\n",
1240		        __func__);
1241#endif
1242	}
1243
1244	softc = control_softc;
1245
1246	STAILQ_FOREACH(port, &softc->port_list, links) {
1247		if (port_type & port->port_type)
1248		{
1249#if 0
1250			printf("port %d\n", port->targ_port);
1251#endif
1252			ctl_port_online(port);
1253		}
1254	}
1255
1256	return (0);
1257}
1258
1259int
1260ctl_port_disable(ctl_port_type port_type)
1261{
1262	struct ctl_softc *softc;
1263	struct ctl_port *port;
1264
1265	softc = control_softc;
1266
1267	STAILQ_FOREACH(port, &softc->port_list, links) {
1268		if (port_type & port->port_type)
1269			ctl_port_offline(port);
1270	}
1271
1272	return (0);
1273}
1274
1275/*
1276 * Returns 0 for success, 1 for failure.
1277 * Currently the only failure mode is if there aren't enough entries
1278 * allocated.  So, in case of a failure, look at num_entries_dropped,
1279 * reallocate and try again.
1280 */
1281int
1282ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1283	      int *num_entries_filled, int *num_entries_dropped,
1284	      ctl_port_type port_type, int no_virtual)
1285{
1286	struct ctl_softc *softc;
1287	struct ctl_port *port;
1288	int entries_dropped, entries_filled;
1289	int retval;
1290	int i;
1291
1292	softc = control_softc;
1293
1294	retval = 0;
1295	entries_filled = 0;
1296	entries_dropped = 0;
1297
1298	i = 0;
1299	mtx_lock(&softc->ctl_lock);
1300	STAILQ_FOREACH(port, &softc->port_list, links) {
1301		struct ctl_port_entry *entry;
1302
1303		if ((port->port_type & port_type) == 0)
1304			continue;
1305
1306		if ((no_virtual != 0)
1307		 && (port->virtual_port != 0))
1308			continue;
1309
1310		if (entries_filled >= num_entries_alloced) {
1311			entries_dropped++;
1312			continue;
1313		}
1314		entry = &entries[i];
1315
1316		entry->port_type = port->port_type;
1317		strlcpy(entry->port_name, port->port_name,
1318			sizeof(entry->port_name));
1319		entry->physical_port = port->physical_port;
1320		entry->virtual_port = port->virtual_port;
1321		entry->wwnn = port->wwnn;
1322		entry->wwpn = port->wwpn;
1323
1324		i++;
1325		entries_filled++;
1326	}
1327
1328	mtx_unlock(&softc->ctl_lock);
1329
1330	if (entries_dropped > 0)
1331		retval = 1;
1332
1333	*num_entries_dropped = entries_dropped;
1334	*num_entries_filled = entries_filled;
1335
1336	return (retval);
1337}
1338
1339static void
1340ctl_ioctl_online(void *arg)
1341{
1342	struct ctl_ioctl_info *ioctl_info;
1343
1344	ioctl_info = (struct ctl_ioctl_info *)arg;
1345
1346	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1347}
1348
1349static void
1350ctl_ioctl_offline(void *arg)
1351{
1352	struct ctl_ioctl_info *ioctl_info;
1353
1354	ioctl_info = (struct ctl_ioctl_info *)arg;
1355
1356	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1357}
1358
1359/*
1360 * Remove an initiator by port number and initiator ID.
1361 * Returns 0 for success, 1 for failure.
1362 */
1363int
1364ctl_remove_initiator(int32_t targ_port, uint32_t iid)
1365{
1366	struct ctl_softc *softc;
1367
1368	softc = control_softc;
1369
1370	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1371
1372	if ((targ_port < 0)
1373	 || (targ_port > CTL_MAX_PORTS)) {
1374		printf("%s: invalid port number %d\n", __func__, targ_port);
1375		return (1);
1376	}
1377	if (iid > CTL_MAX_INIT_PER_PORT) {
1378		printf("%s: initiator ID %u > maximun %u!\n",
1379		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1380		return (1);
1381	}
1382
1383	mtx_lock(&softc->ctl_lock);
1384
1385	softc->wwpn_iid[targ_port][iid].in_use = 0;
1386
1387	mtx_unlock(&softc->ctl_lock);
1388
1389	return (0);
1390}
1391
1392/*
1393 * Add an initiator to the initiator map.
1394 * Returns 0 for success, 1 for failure.
1395 */
1396int
1397ctl_add_initiator(uint64_t wwpn, int32_t targ_port, uint32_t iid)
1398{
1399	struct ctl_softc *softc;
1400	int retval;
1401
1402	softc = control_softc;
1403
1404	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1405
1406	retval = 0;
1407
1408	if ((targ_port < 0)
1409	 || (targ_port > CTL_MAX_PORTS)) {
1410		printf("%s: invalid port number %d\n", __func__, targ_port);
1411		return (1);
1412	}
1413	if (iid > CTL_MAX_INIT_PER_PORT) {
1414		printf("%s: WWPN %#jx initiator ID %u > maximun %u!\n",
1415		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1416		return (1);
1417	}
1418
1419	mtx_lock(&softc->ctl_lock);
1420
1421	if (softc->wwpn_iid[targ_port][iid].in_use != 0) {
1422		/*
1423		 * We don't treat this as an error.
1424		 */
1425		if (softc->wwpn_iid[targ_port][iid].wwpn == wwpn) {
1426			printf("%s: port %d iid %u WWPN %#jx arrived again?\n",
1427			       __func__, targ_port, iid, (uintmax_t)wwpn);
1428			goto bailout;
1429		}
1430
1431		/*
1432		 * This is an error, but what do we do about it?  The
1433		 * driver is telling us we have a new WWPN for this
1434		 * initiator ID, so we pretty much need to use it.
1435		 */
1436		printf("%s: port %d iid %u WWPN %#jx arrived, WWPN %#jx is "
1437		       "still at that address\n", __func__, targ_port, iid,
1438		       (uintmax_t)wwpn,
1439		       (uintmax_t)softc->wwpn_iid[targ_port][iid].wwpn);
1440
1441		/*
1442		 * XXX KDM clear have_ca and ua_pending on each LUN for
1443		 * this initiator.
1444		 */
1445	}
1446	softc->wwpn_iid[targ_port][iid].in_use = 1;
1447	softc->wwpn_iid[targ_port][iid].iid = iid;
1448	softc->wwpn_iid[targ_port][iid].wwpn = wwpn;
1449	softc->wwpn_iid[targ_port][iid].port = targ_port;
1450
1451bailout:
1452
1453	mtx_unlock(&softc->ctl_lock);
1454
1455	return (retval);
1456}
1457
1458static int
1459ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1460{
1461	return (0);
1462}
1463
1464static int
1465ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1466{
1467	return (0);
1468}
1469
1470/*
1471 * Data movement routine for the CTL ioctl frontend port.
1472 */
1473static int
1474ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1475{
1476	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1477	struct ctl_sg_entry ext_entry, kern_entry;
1478	int ext_sglen, ext_sg_entries, kern_sg_entries;
1479	int ext_sg_start, ext_offset;
1480	int len_to_copy, len_copied;
1481	int kern_watermark, ext_watermark;
1482	int ext_sglist_malloced;
1483	int i, j;
1484
1485	ext_sglist_malloced = 0;
1486	ext_sg_start = 0;
1487	ext_offset = 0;
1488
1489	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1490
1491	/*
1492	 * If this flag is set, fake the data transfer.
1493	 */
1494	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1495		ctsio->ext_data_filled = ctsio->ext_data_len;
1496		goto bailout;
1497	}
1498
1499	/*
1500	 * To simplify things here, if we have a single buffer, stick it in
1501	 * a S/G entry and just make it a single entry S/G list.
1502	 */
1503	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1504		int len_seen;
1505
1506		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1507
1508		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1509							   M_WAITOK);
1510		ext_sglist_malloced = 1;
1511		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1512				   ext_sglen) != 0) {
1513			ctl_set_internal_failure(ctsio,
1514						 /*sks_valid*/ 0,
1515						 /*retry_count*/ 0);
1516			goto bailout;
1517		}
1518		ext_sg_entries = ctsio->ext_sg_entries;
1519		len_seen = 0;
1520		for (i = 0; i < ext_sg_entries; i++) {
1521			if ((len_seen + ext_sglist[i].len) >=
1522			     ctsio->ext_data_filled) {
1523				ext_sg_start = i;
1524				ext_offset = ctsio->ext_data_filled - len_seen;
1525				break;
1526			}
1527			len_seen += ext_sglist[i].len;
1528		}
1529	} else {
1530		ext_sglist = &ext_entry;
1531		ext_sglist->addr = ctsio->ext_data_ptr;
1532		ext_sglist->len = ctsio->ext_data_len;
1533		ext_sg_entries = 1;
1534		ext_sg_start = 0;
1535		ext_offset = ctsio->ext_data_filled;
1536	}
1537
1538	if (ctsio->kern_sg_entries > 0) {
1539		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1540		kern_sg_entries = ctsio->kern_sg_entries;
1541	} else {
1542		kern_sglist = &kern_entry;
1543		kern_sglist->addr = ctsio->kern_data_ptr;
1544		kern_sglist->len = ctsio->kern_data_len;
1545		kern_sg_entries = 1;
1546	}
1547
1548
1549	kern_watermark = 0;
1550	ext_watermark = ext_offset;
1551	len_copied = 0;
1552	for (i = ext_sg_start, j = 0;
1553	     i < ext_sg_entries && j < kern_sg_entries;) {
1554		uint8_t *ext_ptr, *kern_ptr;
1555
1556		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1557				      kern_sglist[j].len - kern_watermark);
1558
1559		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1560		ext_ptr = ext_ptr + ext_watermark;
1561		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1562			/*
1563			 * XXX KDM fix this!
1564			 */
1565			panic("need to implement bus address support");
1566#if 0
1567			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1568#endif
1569		} else
1570			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1571		kern_ptr = kern_ptr + kern_watermark;
1572
1573		kern_watermark += len_to_copy;
1574		ext_watermark += len_to_copy;
1575
1576		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1577		     CTL_FLAG_DATA_IN) {
1578			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1579					 "bytes to user\n", len_to_copy));
1580			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1581					 "to %p\n", kern_ptr, ext_ptr));
1582			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1583				ctl_set_internal_failure(ctsio,
1584							 /*sks_valid*/ 0,
1585							 /*retry_count*/ 0);
1586				goto bailout;
1587			}
1588		} else {
1589			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1590					 "bytes from user\n", len_to_copy));
1591			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1592					 "to %p\n", ext_ptr, kern_ptr));
1593			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1594				ctl_set_internal_failure(ctsio,
1595							 /*sks_valid*/ 0,
1596							 /*retry_count*/0);
1597				goto bailout;
1598			}
1599		}
1600
1601		len_copied += len_to_copy;
1602
1603		if (ext_sglist[i].len == ext_watermark) {
1604			i++;
1605			ext_watermark = 0;
1606		}
1607
1608		if (kern_sglist[j].len == kern_watermark) {
1609			j++;
1610			kern_watermark = 0;
1611		}
1612	}
1613
1614	ctsio->ext_data_filled += len_copied;
1615
1616	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1617			 "kern_sg_entries: %d\n", ext_sg_entries,
1618			 kern_sg_entries));
1619	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1620			 "kern_data_len = %d\n", ctsio->ext_data_len,
1621			 ctsio->kern_data_len));
1622
1623
1624	/* XXX KDM set residual?? */
1625bailout:
1626
1627	if (ext_sglist_malloced != 0)
1628		free(ext_sglist, M_CTL);
1629
1630	return (CTL_RETVAL_COMPLETE);
1631}
1632
1633/*
1634 * Serialize a command that went down the "wrong" side, and so was sent to
1635 * this controller for execution.  The logic is a little different than the
1636 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1637 * sent back to the other side, but in the success case, we execute the
1638 * command on this side (XFER mode) or tell the other side to execute it
1639 * (SER_ONLY mode).
1640 */
1641static int
1642ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1643{
1644	struct ctl_softc *ctl_softc;
1645	union ctl_ha_msg msg_info;
1646	struct ctl_lun *lun;
1647	int retval = 0;
1648	uint32_t targ_lun;
1649
1650	ctl_softc = control_softc;
1651
1652	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1653	lun = ctl_softc->ctl_luns[targ_lun];
1654	if (lun==NULL)
1655	{
1656		/*
1657		 * Why isn't LUN defined? The other side wouldn't
1658		 * send a cmd if the LUN is undefined.
1659		 */
1660		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1661
1662		/* "Logical unit not supported" */
1663		ctl_set_sense_data(&msg_info.scsi.sense_data,
1664				   lun,
1665				   /*sense_format*/SSD_TYPE_NONE,
1666				   /*current_error*/ 1,
1667				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1668				   /*asc*/ 0x25,
1669				   /*ascq*/ 0x00,
1670				   SSD_ELEM_NONE);
1671
1672		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1673		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1674		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1675		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1676		msg_info.hdr.serializing_sc = NULL;
1677		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1678	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1679				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1680		}
1681		return(1);
1682
1683	}
1684
1685	mtx_lock(&lun->lun_lock);
1686    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1687
1688	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1689		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1690		 ooa_links))) {
1691	case CTL_ACTION_BLOCK:
1692		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1693		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1694				  blocked_links);
1695		break;
1696	case CTL_ACTION_PASS:
1697	case CTL_ACTION_SKIP:
1698		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1699			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1700			ctl_enqueue_rtr((union ctl_io *)ctsio);
1701		} else {
1702
1703			/* send msg back to other side */
1704			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1705			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1706			msg_info.hdr.msg_type = CTL_MSG_R2R;
1707#if 0
1708			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1709#endif
1710		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1711			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1712			}
1713		}
1714		break;
1715	case CTL_ACTION_OVERLAP:
1716		/* OVERLAPPED COMMANDS ATTEMPTED */
1717		ctl_set_sense_data(&msg_info.scsi.sense_data,
1718				   lun,
1719				   /*sense_format*/SSD_TYPE_NONE,
1720				   /*current_error*/ 1,
1721				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1722				   /*asc*/ 0x4E,
1723				   /*ascq*/ 0x00,
1724				   SSD_ELEM_NONE);
1725
1726		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1727		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1728		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1729		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1730		msg_info.hdr.serializing_sc = NULL;
1731		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1732#if 0
1733		printf("BAD JUJU:Major Bummer Overlap\n");
1734#endif
1735		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1736		retval = 1;
1737		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1738		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1739		}
1740		break;
1741	case CTL_ACTION_OVERLAP_TAG:
1742		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1743		ctl_set_sense_data(&msg_info.scsi.sense_data,
1744				   lun,
1745				   /*sense_format*/SSD_TYPE_NONE,
1746				   /*current_error*/ 1,
1747				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1748				   /*asc*/ 0x4D,
1749				   /*ascq*/ ctsio->tag_num & 0xff,
1750				   SSD_ELEM_NONE);
1751
1752		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1753		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1754		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1755		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1756		msg_info.hdr.serializing_sc = NULL;
1757		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1758#if 0
1759		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1760#endif
1761		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1762		retval = 1;
1763		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1764		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1765		}
1766		break;
1767	case CTL_ACTION_ERROR:
1768	default:
1769		/* "Internal target failure" */
1770		ctl_set_sense_data(&msg_info.scsi.sense_data,
1771				   lun,
1772				   /*sense_format*/SSD_TYPE_NONE,
1773				   /*current_error*/ 1,
1774				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1775				   /*asc*/ 0x44,
1776				   /*ascq*/ 0x00,
1777				   SSD_ELEM_NONE);
1778
1779		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1780		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1781		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1782		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1783		msg_info.hdr.serializing_sc = NULL;
1784		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1785#if 0
1786		printf("BAD JUJU:Major Bummer HW Error\n");
1787#endif
1788		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1789		retval = 1;
1790		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1791		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1792		}
1793		break;
1794	}
1795	mtx_unlock(&lun->lun_lock);
1796	return (retval);
1797}
1798
1799static int
1800ctl_ioctl_submit_wait(union ctl_io *io)
1801{
1802	struct ctl_fe_ioctl_params params;
1803	ctl_fe_ioctl_state last_state;
1804	int done, retval;
1805
1806	retval = 0;
1807
1808	bzero(&params, sizeof(params));
1809
1810	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1811	cv_init(&params.sem, "ctlioccv");
1812	params.state = CTL_IOCTL_INPROG;
1813	last_state = params.state;
1814
1815	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1816
1817	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1818
1819	/* This shouldn't happen */
1820	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1821		return (retval);
1822
1823	done = 0;
1824
1825	do {
1826		mtx_lock(&params.ioctl_mtx);
1827		/*
1828		 * Check the state here, and don't sleep if the state has
1829		 * already changed (i.e. wakeup has already occured, but we
1830		 * weren't waiting yet).
1831		 */
1832		if (params.state == last_state) {
1833			/* XXX KDM cv_wait_sig instead? */
1834			cv_wait(&params.sem, &params.ioctl_mtx);
1835		}
1836		last_state = params.state;
1837
1838		switch (params.state) {
1839		case CTL_IOCTL_INPROG:
1840			/* Why did we wake up? */
1841			/* XXX KDM error here? */
1842			mtx_unlock(&params.ioctl_mtx);
1843			break;
1844		case CTL_IOCTL_DATAMOVE:
1845			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
1846
1847			/*
1848			 * change last_state back to INPROG to avoid
1849			 * deadlock on subsequent data moves.
1850			 */
1851			params.state = last_state = CTL_IOCTL_INPROG;
1852
1853			mtx_unlock(&params.ioctl_mtx);
1854			ctl_ioctl_do_datamove(&io->scsiio);
1855			/*
1856			 * Note that in some cases, most notably writes,
1857			 * this will queue the I/O and call us back later.
1858			 * In other cases, generally reads, this routine
1859			 * will immediately call back and wake us up,
1860			 * probably using our own context.
1861			 */
1862			io->scsiio.be_move_done(io);
1863			break;
1864		case CTL_IOCTL_DONE:
1865			mtx_unlock(&params.ioctl_mtx);
1866			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
1867			done = 1;
1868			break;
1869		default:
1870			mtx_unlock(&params.ioctl_mtx);
1871			/* XXX KDM error here? */
1872			break;
1873		}
1874	} while (done == 0);
1875
1876	mtx_destroy(&params.ioctl_mtx);
1877	cv_destroy(&params.sem);
1878
1879	return (CTL_RETVAL_COMPLETE);
1880}
1881
1882static void
1883ctl_ioctl_datamove(union ctl_io *io)
1884{
1885	struct ctl_fe_ioctl_params *params;
1886
1887	params = (struct ctl_fe_ioctl_params *)
1888		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1889
1890	mtx_lock(&params->ioctl_mtx);
1891	params->state = CTL_IOCTL_DATAMOVE;
1892	cv_broadcast(&params->sem);
1893	mtx_unlock(&params->ioctl_mtx);
1894}
1895
1896static void
1897ctl_ioctl_done(union ctl_io *io)
1898{
1899	struct ctl_fe_ioctl_params *params;
1900
1901	params = (struct ctl_fe_ioctl_params *)
1902		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1903
1904	mtx_lock(&params->ioctl_mtx);
1905	params->state = CTL_IOCTL_DONE;
1906	cv_broadcast(&params->sem);
1907	mtx_unlock(&params->ioctl_mtx);
1908}
1909
1910static void
1911ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
1912{
1913	struct ctl_fe_ioctl_startstop_info *sd_info;
1914
1915	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
1916
1917	sd_info->hs_info.status = metatask->status;
1918	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
1919	sd_info->hs_info.luns_complete =
1920		metatask->taskinfo.startstop.luns_complete;
1921	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
1922
1923	cv_broadcast(&sd_info->sem);
1924}
1925
1926static void
1927ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
1928{
1929	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
1930
1931	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
1932
1933	mtx_lock(fe_bbr_info->lock);
1934	fe_bbr_info->bbr_info->status = metatask->status;
1935	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
1936	fe_bbr_info->wakeup_done = 1;
1937	mtx_unlock(fe_bbr_info->lock);
1938
1939	cv_broadcast(&fe_bbr_info->sem);
1940}
1941
1942/*
1943 * Returns 0 for success, errno for failure.
1944 */
1945static int
1946ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1947		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1948{
1949	union ctl_io *io;
1950	int retval;
1951
1952	retval = 0;
1953
1954	mtx_lock(&lun->lun_lock);
1955	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1956	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1957	     ooa_links)) {
1958		struct ctl_ooa_entry *entry;
1959
1960		/*
1961		 * If we've got more than we can fit, just count the
1962		 * remaining entries.
1963		 */
1964		if (*cur_fill_num >= ooa_hdr->alloc_num)
1965			continue;
1966
1967		entry = &kern_entries[*cur_fill_num];
1968
1969		entry->tag_num = io->scsiio.tag_num;
1970		entry->lun_num = lun->lun;
1971#ifdef CTL_TIME_IO
1972		entry->start_bt = io->io_hdr.start_bt;
1973#endif
1974		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
1975		entry->cdb_len = io->scsiio.cdb_len;
1976		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1977			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1978
1979		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1980			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
1981
1982		if (io->io_hdr.flags & CTL_FLAG_ABORT)
1983			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
1984
1985		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
1986			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
1987
1988		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
1989			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
1990	}
1991	mtx_unlock(&lun->lun_lock);
1992
1993	return (retval);
1994}
1995
1996static void *
1997ctl_copyin_alloc(void *user_addr, int len, char *error_str,
1998		 size_t error_str_len)
1999{
2000	void *kptr;
2001
2002	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2003
2004	if (copyin(user_addr, kptr, len) != 0) {
2005		snprintf(error_str, error_str_len, "Error copying %d bytes "
2006			 "from user address %p to kernel address %p", len,
2007			 user_addr, kptr);
2008		free(kptr, M_CTL);
2009		return (NULL);
2010	}
2011
2012	return (kptr);
2013}
2014
2015static void
2016ctl_free_args(int num_be_args, struct ctl_be_arg *be_args)
2017{
2018	int i;
2019
2020	if (be_args == NULL)
2021		return;
2022
2023	for (i = 0; i < num_be_args; i++) {
2024		free(be_args[i].kname, M_CTL);
2025		free(be_args[i].kvalue, M_CTL);
2026	}
2027
2028	free(be_args, M_CTL);
2029}
2030
2031static struct ctl_be_arg *
2032ctl_copyin_args(int num_be_args, struct ctl_be_arg *be_args,
2033		char *error_str, size_t error_str_len)
2034{
2035	struct ctl_be_arg *args;
2036	int i;
2037
2038	args = ctl_copyin_alloc(be_args, num_be_args * sizeof(*be_args),
2039				error_str, error_str_len);
2040
2041	if (args == NULL)
2042		goto bailout;
2043
2044	for (i = 0; i < num_be_args; i++) {
2045		args[i].kname = NULL;
2046		args[i].kvalue = NULL;
2047	}
2048
2049	for (i = 0; i < num_be_args; i++) {
2050		uint8_t *tmpptr;
2051
2052		args[i].kname = ctl_copyin_alloc(args[i].name,
2053			args[i].namelen, error_str, error_str_len);
2054		if (args[i].kname == NULL)
2055			goto bailout;
2056
2057		if (args[i].kname[args[i].namelen - 1] != '\0') {
2058			snprintf(error_str, error_str_len, "Argument %d "
2059				 "name is not NUL-terminated", i);
2060			goto bailout;
2061		}
2062
2063		args[i].kvalue = NULL;
2064
2065		tmpptr = ctl_copyin_alloc(args[i].value,
2066			args[i].vallen, error_str, error_str_len);
2067		if (tmpptr == NULL)
2068			goto bailout;
2069
2070		args[i].kvalue = tmpptr;
2071
2072		if ((args[i].flags & CTL_BEARG_ASCII)
2073		 && (tmpptr[args[i].vallen - 1] != '\0')) {
2074			snprintf(error_str, error_str_len, "Argument %d "
2075				 "value is not NUL-terminated", i);
2076			goto bailout;
2077		}
2078	}
2079
2080	return (args);
2081bailout:
2082
2083	ctl_free_args(num_be_args, args);
2084
2085	return (NULL);
2086}
2087
2088/*
2089 * Escape characters that are illegal or not recommended in XML.
2090 */
2091int
2092ctl_sbuf_printf_esc(struct sbuf *sb, char *str)
2093{
2094	int retval;
2095
2096	retval = 0;
2097
2098	for (; *str; str++) {
2099		switch (*str) {
2100		case '&':
2101			retval = sbuf_printf(sb, "&amp;");
2102			break;
2103		case '>':
2104			retval = sbuf_printf(sb, "&gt;");
2105			break;
2106		case '<':
2107			retval = sbuf_printf(sb, "&lt;");
2108			break;
2109		default:
2110			retval = sbuf_putc(sb, *str);
2111			break;
2112		}
2113
2114		if (retval != 0)
2115			break;
2116
2117	}
2118
2119	return (retval);
2120}
2121
2122static int
2123ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2124	  struct thread *td)
2125{
2126	struct ctl_softc *softc;
2127	int retval;
2128
2129	softc = control_softc;
2130
2131	retval = 0;
2132
2133	switch (cmd) {
2134	case CTL_IO: {
2135		union ctl_io *io;
2136		void *pool_tmp;
2137
2138		/*
2139		 * If we haven't been "enabled", don't allow any SCSI I/O
2140		 * to this FETD.
2141		 */
2142		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2143			retval = EPERM;
2144			break;
2145		}
2146
2147		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2148		if (io == NULL) {
2149			printf("ctl_ioctl: can't allocate ctl_io!\n");
2150			retval = ENOSPC;
2151			break;
2152		}
2153
2154		/*
2155		 * Need to save the pool reference so it doesn't get
2156		 * spammed by the user's ctl_io.
2157		 */
2158		pool_tmp = io->io_hdr.pool;
2159
2160		memcpy(io, (void *)addr, sizeof(*io));
2161
2162		io->io_hdr.pool = pool_tmp;
2163		/*
2164		 * No status yet, so make sure the status is set properly.
2165		 */
2166		io->io_hdr.status = CTL_STATUS_NONE;
2167
2168		/*
2169		 * The user sets the initiator ID, target and LUN IDs.
2170		 */
2171		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2172		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2173		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2174		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2175			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2176
2177		retval = ctl_ioctl_submit_wait(io);
2178
2179		if (retval != 0) {
2180			ctl_free_io(io);
2181			break;
2182		}
2183
2184		memcpy((void *)addr, io, sizeof(*io));
2185
2186		/* return this to our pool */
2187		ctl_free_io(io);
2188
2189		break;
2190	}
2191	case CTL_ENABLE_PORT:
2192	case CTL_DISABLE_PORT:
2193	case CTL_SET_PORT_WWNS: {
2194		struct ctl_port *port;
2195		struct ctl_port_entry *entry;
2196
2197		entry = (struct ctl_port_entry *)addr;
2198
2199		mtx_lock(&softc->ctl_lock);
2200		STAILQ_FOREACH(port, &softc->port_list, links) {
2201			int action, done;
2202
2203			action = 0;
2204			done = 0;
2205
2206			if ((entry->port_type == CTL_PORT_NONE)
2207			 && (entry->targ_port == port->targ_port)) {
2208				/*
2209				 * If the user only wants to enable or
2210				 * disable or set WWNs on a specific port,
2211				 * do the operation and we're done.
2212				 */
2213				action = 1;
2214				done = 1;
2215			} else if (entry->port_type & port->port_type) {
2216				/*
2217				 * Compare the user's type mask with the
2218				 * particular frontend type to see if we
2219				 * have a match.
2220				 */
2221				action = 1;
2222				done = 0;
2223
2224				/*
2225				 * Make sure the user isn't trying to set
2226				 * WWNs on multiple ports at the same time.
2227				 */
2228				if (cmd == CTL_SET_PORT_WWNS) {
2229					printf("%s: Can't set WWNs on "
2230					       "multiple ports\n", __func__);
2231					retval = EINVAL;
2232					break;
2233				}
2234			}
2235			if (action != 0) {
2236				/*
2237				 * XXX KDM we have to drop the lock here,
2238				 * because the online/offline operations
2239				 * can potentially block.  We need to
2240				 * reference count the frontends so they
2241				 * can't go away,
2242				 */
2243				mtx_unlock(&softc->ctl_lock);
2244
2245				if (cmd == CTL_ENABLE_PORT) {
2246					struct ctl_lun *lun;
2247
2248					STAILQ_FOREACH(lun, &softc->lun_list,
2249						       links) {
2250						port->lun_enable(port->targ_lun_arg,
2251						    lun->target,
2252						    lun->lun);
2253					}
2254
2255					ctl_port_online(port);
2256				} else if (cmd == CTL_DISABLE_PORT) {
2257					struct ctl_lun *lun;
2258
2259					ctl_port_offline(port);
2260
2261					STAILQ_FOREACH(lun, &softc->lun_list,
2262						       links) {
2263						port->lun_disable(
2264						    port->targ_lun_arg,
2265						    lun->target,
2266						    lun->lun);
2267					}
2268				}
2269
2270				mtx_lock(&softc->ctl_lock);
2271
2272				if (cmd == CTL_SET_PORT_WWNS)
2273					ctl_port_set_wwns(port,
2274					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2275					    1 : 0, entry->wwnn,
2276					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2277					    1 : 0, entry->wwpn);
2278			}
2279			if (done != 0)
2280				break;
2281		}
2282		mtx_unlock(&softc->ctl_lock);
2283		break;
2284	}
2285	case CTL_GET_PORT_LIST: {
2286		struct ctl_port *port;
2287		struct ctl_port_list *list;
2288		int i;
2289
2290		list = (struct ctl_port_list *)addr;
2291
2292		if (list->alloc_len != (list->alloc_num *
2293		    sizeof(struct ctl_port_entry))) {
2294			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2295			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2296			       "%zu\n", __func__, list->alloc_len,
2297			       list->alloc_num, sizeof(struct ctl_port_entry));
2298			retval = EINVAL;
2299			break;
2300		}
2301		list->fill_len = 0;
2302		list->fill_num = 0;
2303		list->dropped_num = 0;
2304		i = 0;
2305		mtx_lock(&softc->ctl_lock);
2306		STAILQ_FOREACH(port, &softc->port_list, links) {
2307			struct ctl_port_entry entry, *list_entry;
2308
2309			if (list->fill_num >= list->alloc_num) {
2310				list->dropped_num++;
2311				continue;
2312			}
2313
2314			entry.port_type = port->port_type;
2315			strlcpy(entry.port_name, port->port_name,
2316				sizeof(entry.port_name));
2317			entry.targ_port = port->targ_port;
2318			entry.physical_port = port->physical_port;
2319			entry.virtual_port = port->virtual_port;
2320			entry.wwnn = port->wwnn;
2321			entry.wwpn = port->wwpn;
2322			if (port->status & CTL_PORT_STATUS_ONLINE)
2323				entry.online = 1;
2324			else
2325				entry.online = 0;
2326
2327			list_entry = &list->entries[i];
2328
2329			retval = copyout(&entry, list_entry, sizeof(entry));
2330			if (retval != 0) {
2331				printf("%s: CTL_GET_PORT_LIST: copyout "
2332				       "returned %d\n", __func__, retval);
2333				break;
2334			}
2335			i++;
2336			list->fill_num++;
2337			list->fill_len += sizeof(entry);
2338		}
2339		mtx_unlock(&softc->ctl_lock);
2340
2341		/*
2342		 * If this is non-zero, we had a copyout fault, so there's
2343		 * probably no point in attempting to set the status inside
2344		 * the structure.
2345		 */
2346		if (retval != 0)
2347			break;
2348
2349		if (list->dropped_num > 0)
2350			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2351		else
2352			list->status = CTL_PORT_LIST_OK;
2353		break;
2354	}
2355	case CTL_DUMP_OOA: {
2356		struct ctl_lun *lun;
2357		union ctl_io *io;
2358		char printbuf[128];
2359		struct sbuf sb;
2360
2361		mtx_lock(&softc->ctl_lock);
2362		printf("Dumping OOA queues:\n");
2363		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2364			mtx_lock(&lun->lun_lock);
2365			for (io = (union ctl_io *)TAILQ_FIRST(
2366			     &lun->ooa_queue); io != NULL;
2367			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2368			     ooa_links)) {
2369				sbuf_new(&sb, printbuf, sizeof(printbuf),
2370					 SBUF_FIXEDLEN);
2371				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2372					    (intmax_t)lun->lun,
2373					    io->scsiio.tag_num,
2374					    (io->io_hdr.flags &
2375					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2376					    (io->io_hdr.flags &
2377					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2378					    (io->io_hdr.flags &
2379					    CTL_FLAG_ABORT) ? " ABORT" : "",
2380			                    (io->io_hdr.flags &
2381		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2382				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2383				sbuf_finish(&sb);
2384				printf("%s\n", sbuf_data(&sb));
2385			}
2386			mtx_unlock(&lun->lun_lock);
2387		}
2388		printf("OOA queues dump done\n");
2389		mtx_unlock(&softc->ctl_lock);
2390		break;
2391	}
2392	case CTL_GET_OOA: {
2393		struct ctl_lun *lun;
2394		struct ctl_ooa *ooa_hdr;
2395		struct ctl_ooa_entry *entries;
2396		uint32_t cur_fill_num;
2397
2398		ooa_hdr = (struct ctl_ooa *)addr;
2399
2400		if ((ooa_hdr->alloc_len == 0)
2401		 || (ooa_hdr->alloc_num == 0)) {
2402			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2403			       "must be non-zero\n", __func__,
2404			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2405			retval = EINVAL;
2406			break;
2407		}
2408
2409		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2410		    sizeof(struct ctl_ooa_entry))) {
2411			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2412			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2413			       __func__, ooa_hdr->alloc_len,
2414			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2415			retval = EINVAL;
2416			break;
2417		}
2418
2419		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2420		if (entries == NULL) {
2421			printf("%s: could not allocate %d bytes for OOA "
2422			       "dump\n", __func__, ooa_hdr->alloc_len);
2423			retval = ENOMEM;
2424			break;
2425		}
2426
2427		mtx_lock(&softc->ctl_lock);
2428		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2429		 && ((ooa_hdr->lun_num > CTL_MAX_LUNS)
2430		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2431			mtx_unlock(&softc->ctl_lock);
2432			free(entries, M_CTL);
2433			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2434			       __func__, (uintmax_t)ooa_hdr->lun_num);
2435			retval = EINVAL;
2436			break;
2437		}
2438
2439		cur_fill_num = 0;
2440
2441		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2442			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2443				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2444					ooa_hdr, entries);
2445				if (retval != 0)
2446					break;
2447			}
2448			if (retval != 0) {
2449				mtx_unlock(&softc->ctl_lock);
2450				free(entries, M_CTL);
2451				break;
2452			}
2453		} else {
2454			lun = softc->ctl_luns[ooa_hdr->lun_num];
2455
2456			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2457						    entries);
2458		}
2459		mtx_unlock(&softc->ctl_lock);
2460
2461		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2462		ooa_hdr->fill_len = ooa_hdr->fill_num *
2463			sizeof(struct ctl_ooa_entry);
2464		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2465		if (retval != 0) {
2466			printf("%s: error copying out %d bytes for OOA dump\n",
2467			       __func__, ooa_hdr->fill_len);
2468		}
2469
2470		getbintime(&ooa_hdr->cur_bt);
2471
2472		if (cur_fill_num > ooa_hdr->alloc_num) {
2473			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2474			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2475		} else {
2476			ooa_hdr->dropped_num = 0;
2477			ooa_hdr->status = CTL_OOA_OK;
2478		}
2479
2480		free(entries, M_CTL);
2481		break;
2482	}
2483	case CTL_CHECK_OOA: {
2484		union ctl_io *io;
2485		struct ctl_lun *lun;
2486		struct ctl_ooa_info *ooa_info;
2487
2488
2489		ooa_info = (struct ctl_ooa_info *)addr;
2490
2491		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2492			ooa_info->status = CTL_OOA_INVALID_LUN;
2493			break;
2494		}
2495		mtx_lock(&softc->ctl_lock);
2496		lun = softc->ctl_luns[ooa_info->lun_id];
2497		if (lun == NULL) {
2498			mtx_unlock(&softc->ctl_lock);
2499			ooa_info->status = CTL_OOA_INVALID_LUN;
2500			break;
2501		}
2502		mtx_lock(&lun->lun_lock);
2503		mtx_unlock(&softc->ctl_lock);
2504		ooa_info->num_entries = 0;
2505		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2506		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2507		     &io->io_hdr, ooa_links)) {
2508			ooa_info->num_entries++;
2509		}
2510		mtx_unlock(&lun->lun_lock);
2511
2512		ooa_info->status = CTL_OOA_SUCCESS;
2513
2514		break;
2515	}
2516	case CTL_HARD_START:
2517	case CTL_HARD_STOP: {
2518		struct ctl_fe_ioctl_startstop_info ss_info;
2519		struct cfi_metatask *metatask;
2520		struct mtx hs_mtx;
2521
2522		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2523
2524		cv_init(&ss_info.sem, "hard start/stop cv" );
2525
2526		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2527		if (metatask == NULL) {
2528			retval = ENOMEM;
2529			mtx_destroy(&hs_mtx);
2530			break;
2531		}
2532
2533		if (cmd == CTL_HARD_START)
2534			metatask->tasktype = CFI_TASK_STARTUP;
2535		else
2536			metatask->tasktype = CFI_TASK_SHUTDOWN;
2537
2538		metatask->callback = ctl_ioctl_hard_startstop_callback;
2539		metatask->callback_arg = &ss_info;
2540
2541		cfi_action(metatask);
2542
2543		/* Wait for the callback */
2544		mtx_lock(&hs_mtx);
2545		cv_wait_sig(&ss_info.sem, &hs_mtx);
2546		mtx_unlock(&hs_mtx);
2547
2548		/*
2549		 * All information has been copied from the metatask by the
2550		 * time cv_broadcast() is called, so we free the metatask here.
2551		 */
2552		cfi_free_metatask(metatask);
2553
2554		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2555
2556		mtx_destroy(&hs_mtx);
2557		break;
2558	}
2559	case CTL_BBRREAD: {
2560		struct ctl_bbrread_info *bbr_info;
2561		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2562		struct mtx bbr_mtx;
2563		struct cfi_metatask *metatask;
2564
2565		bbr_info = (struct ctl_bbrread_info *)addr;
2566
2567		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2568
2569		bzero(&bbr_mtx, sizeof(bbr_mtx));
2570		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2571
2572		fe_bbr_info.bbr_info = bbr_info;
2573		fe_bbr_info.lock = &bbr_mtx;
2574
2575		cv_init(&fe_bbr_info.sem, "BBR read cv");
2576		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2577
2578		if (metatask == NULL) {
2579			mtx_destroy(&bbr_mtx);
2580			cv_destroy(&fe_bbr_info.sem);
2581			retval = ENOMEM;
2582			break;
2583		}
2584		metatask->tasktype = CFI_TASK_BBRREAD;
2585		metatask->callback = ctl_ioctl_bbrread_callback;
2586		metatask->callback_arg = &fe_bbr_info;
2587		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2588		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2589		metatask->taskinfo.bbrread.len = bbr_info->len;
2590
2591		cfi_action(metatask);
2592
2593		mtx_lock(&bbr_mtx);
2594		while (fe_bbr_info.wakeup_done == 0)
2595			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2596		mtx_unlock(&bbr_mtx);
2597
2598		bbr_info->status = metatask->status;
2599		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2600		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2601		memcpy(&bbr_info->sense_data,
2602		       &metatask->taskinfo.bbrread.sense_data,
2603		       ctl_min(sizeof(bbr_info->sense_data),
2604			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2605
2606		cfi_free_metatask(metatask);
2607
2608		mtx_destroy(&bbr_mtx);
2609		cv_destroy(&fe_bbr_info.sem);
2610
2611		break;
2612	}
2613	case CTL_DELAY_IO: {
2614		struct ctl_io_delay_info *delay_info;
2615#ifdef CTL_IO_DELAY
2616		struct ctl_lun *lun;
2617#endif /* CTL_IO_DELAY */
2618
2619		delay_info = (struct ctl_io_delay_info *)addr;
2620
2621#ifdef CTL_IO_DELAY
2622		mtx_lock(&softc->ctl_lock);
2623
2624		if ((delay_info->lun_id > CTL_MAX_LUNS)
2625		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2626			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2627		} else {
2628			lun = softc->ctl_luns[delay_info->lun_id];
2629			mtx_lock(&lun->lun_lock);
2630
2631			delay_info->status = CTL_DELAY_STATUS_OK;
2632
2633			switch (delay_info->delay_type) {
2634			case CTL_DELAY_TYPE_CONT:
2635				break;
2636			case CTL_DELAY_TYPE_ONESHOT:
2637				break;
2638			default:
2639				delay_info->status =
2640					CTL_DELAY_STATUS_INVALID_TYPE;
2641				break;
2642			}
2643
2644			switch (delay_info->delay_loc) {
2645			case CTL_DELAY_LOC_DATAMOVE:
2646				lun->delay_info.datamove_type =
2647					delay_info->delay_type;
2648				lun->delay_info.datamove_delay =
2649					delay_info->delay_secs;
2650				break;
2651			case CTL_DELAY_LOC_DONE:
2652				lun->delay_info.done_type =
2653					delay_info->delay_type;
2654				lun->delay_info.done_delay =
2655					delay_info->delay_secs;
2656				break;
2657			default:
2658				delay_info->status =
2659					CTL_DELAY_STATUS_INVALID_LOC;
2660				break;
2661			}
2662			mtx_unlock(&lun->lun_lock);
2663		}
2664
2665		mtx_unlock(&softc->ctl_lock);
2666#else
2667		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2668#endif /* CTL_IO_DELAY */
2669		break;
2670	}
2671	case CTL_REALSYNC_SET: {
2672		int *syncstate;
2673
2674		syncstate = (int *)addr;
2675
2676		mtx_lock(&softc->ctl_lock);
2677		switch (*syncstate) {
2678		case 0:
2679			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2680			break;
2681		case 1:
2682			softc->flags |= CTL_FLAG_REAL_SYNC;
2683			break;
2684		default:
2685			retval = EINVAL;
2686			break;
2687		}
2688		mtx_unlock(&softc->ctl_lock);
2689		break;
2690	}
2691	case CTL_REALSYNC_GET: {
2692		int *syncstate;
2693
2694		syncstate = (int*)addr;
2695
2696		mtx_lock(&softc->ctl_lock);
2697		if (softc->flags & CTL_FLAG_REAL_SYNC)
2698			*syncstate = 1;
2699		else
2700			*syncstate = 0;
2701		mtx_unlock(&softc->ctl_lock);
2702
2703		break;
2704	}
2705	case CTL_SETSYNC:
2706	case CTL_GETSYNC: {
2707		struct ctl_sync_info *sync_info;
2708		struct ctl_lun *lun;
2709
2710		sync_info = (struct ctl_sync_info *)addr;
2711
2712		mtx_lock(&softc->ctl_lock);
2713		lun = softc->ctl_luns[sync_info->lun_id];
2714		if (lun == NULL) {
2715			mtx_unlock(&softc->ctl_lock);
2716			sync_info->status = CTL_GS_SYNC_NO_LUN;
2717		}
2718		/*
2719		 * Get or set the sync interval.  We're not bounds checking
2720		 * in the set case, hopefully the user won't do something
2721		 * silly.
2722		 */
2723		mtx_lock(&lun->lun_lock);
2724		mtx_unlock(&softc->ctl_lock);
2725		if (cmd == CTL_GETSYNC)
2726			sync_info->sync_interval = lun->sync_interval;
2727		else
2728			lun->sync_interval = sync_info->sync_interval;
2729		mtx_unlock(&lun->lun_lock);
2730
2731		sync_info->status = CTL_GS_SYNC_OK;
2732
2733		break;
2734	}
2735	case CTL_GETSTATS: {
2736		struct ctl_stats *stats;
2737		struct ctl_lun *lun;
2738		int i;
2739
2740		stats = (struct ctl_stats *)addr;
2741
2742		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2743		     stats->alloc_len) {
2744			stats->status = CTL_SS_NEED_MORE_SPACE;
2745			stats->num_luns = softc->num_luns;
2746			break;
2747		}
2748		/*
2749		 * XXX KDM no locking here.  If the LUN list changes,
2750		 * things can blow up.
2751		 */
2752		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2753		     i++, lun = STAILQ_NEXT(lun, links)) {
2754			retval = copyout(&lun->stats, &stats->lun_stats[i],
2755					 sizeof(lun->stats));
2756			if (retval != 0)
2757				break;
2758		}
2759		stats->num_luns = softc->num_luns;
2760		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2761				 softc->num_luns;
2762		stats->status = CTL_SS_OK;
2763#ifdef CTL_TIME_IO
2764		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2765#else
2766		stats->flags = CTL_STATS_FLAG_NONE;
2767#endif
2768		getnanouptime(&stats->timestamp);
2769		break;
2770	}
2771	case CTL_ERROR_INJECT: {
2772		struct ctl_error_desc *err_desc, *new_err_desc;
2773		struct ctl_lun *lun;
2774
2775		err_desc = (struct ctl_error_desc *)addr;
2776
2777		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2778				      M_WAITOK | M_ZERO);
2779		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2780
2781		mtx_lock(&softc->ctl_lock);
2782		lun = softc->ctl_luns[err_desc->lun_id];
2783		if (lun == NULL) {
2784			mtx_unlock(&softc->ctl_lock);
2785			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2786			       __func__, (uintmax_t)err_desc->lun_id);
2787			retval = EINVAL;
2788			break;
2789		}
2790		mtx_lock(&lun->lun_lock);
2791		mtx_unlock(&softc->ctl_lock);
2792
2793		/*
2794		 * We could do some checking here to verify the validity
2795		 * of the request, but given the complexity of error
2796		 * injection requests, the checking logic would be fairly
2797		 * complex.
2798		 *
2799		 * For now, if the request is invalid, it just won't get
2800		 * executed and might get deleted.
2801		 */
2802		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2803
2804		/*
2805		 * XXX KDM check to make sure the serial number is unique,
2806		 * in case we somehow manage to wrap.  That shouldn't
2807		 * happen for a very long time, but it's the right thing to
2808		 * do.
2809		 */
2810		new_err_desc->serial = lun->error_serial;
2811		err_desc->serial = lun->error_serial;
2812		lun->error_serial++;
2813
2814		mtx_unlock(&lun->lun_lock);
2815		break;
2816	}
2817	case CTL_ERROR_INJECT_DELETE: {
2818		struct ctl_error_desc *delete_desc, *desc, *desc2;
2819		struct ctl_lun *lun;
2820		int delete_done;
2821
2822		delete_desc = (struct ctl_error_desc *)addr;
2823		delete_done = 0;
2824
2825		mtx_lock(&softc->ctl_lock);
2826		lun = softc->ctl_luns[delete_desc->lun_id];
2827		if (lun == NULL) {
2828			mtx_unlock(&softc->ctl_lock);
2829			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2830			       __func__, (uintmax_t)delete_desc->lun_id);
2831			retval = EINVAL;
2832			break;
2833		}
2834		mtx_lock(&lun->lun_lock);
2835		mtx_unlock(&softc->ctl_lock);
2836		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2837			if (desc->serial != delete_desc->serial)
2838				continue;
2839
2840			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2841				      links);
2842			free(desc, M_CTL);
2843			delete_done = 1;
2844		}
2845		mtx_unlock(&lun->lun_lock);
2846		if (delete_done == 0) {
2847			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2848			       "error serial %ju on LUN %u\n", __func__,
2849			       delete_desc->serial, delete_desc->lun_id);
2850			retval = EINVAL;
2851			break;
2852		}
2853		break;
2854	}
2855	case CTL_DUMP_STRUCTS: {
2856		int i, j, k;
2857		struct ctl_port *port;
2858		struct ctl_frontend *fe;
2859
2860		printf("CTL IID to WWPN map start:\n");
2861		for (i = 0; i < CTL_MAX_PORTS; i++) {
2862			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2863				if (softc->wwpn_iid[i][j].in_use == 0)
2864					continue;
2865
2866				printf("port %d iid %u WWPN %#jx\n",
2867				       softc->wwpn_iid[i][j].port,
2868				       softc->wwpn_iid[i][j].iid,
2869				       (uintmax_t)softc->wwpn_iid[i][j].wwpn);
2870			}
2871		}
2872		printf("CTL IID to WWPN map end\n");
2873		printf("CTL Persistent Reservation information start:\n");
2874		for (i = 0; i < CTL_MAX_LUNS; i++) {
2875			struct ctl_lun *lun;
2876
2877			lun = softc->ctl_luns[i];
2878
2879			if ((lun == NULL)
2880			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2881				continue;
2882
2883			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
2884				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2885					if (lun->per_res[j+k].registered == 0)
2886						continue;
2887					printf("LUN %d port %d iid %d key "
2888					       "%#jx\n", i, j, k,
2889					       (uintmax_t)scsi_8btou64(
2890					       lun->per_res[j+k].res_key.key));
2891				}
2892			}
2893		}
2894		printf("CTL Persistent Reservation information end\n");
2895		printf("CTL Ports:\n");
2896		/*
2897		 * XXX KDM calling this without a lock.  We'd likely want
2898		 * to drop the lock before calling the frontend's dump
2899		 * routine anyway.
2900		 */
2901		STAILQ_FOREACH(port, &softc->port_list, links) {
2902			printf("Port %s Frontend %s Type %u pport %d vport %d WWNN "
2903			       "%#jx WWPN %#jx\n", port->port_name,
2904			       port->frontend->name, port->port_type,
2905			       port->physical_port, port->virtual_port,
2906			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2907		}
2908		printf("CTL Port information end\n");
2909		printf("CTL Frontends:\n");
2910		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2911			printf("Frontend %s\n", fe->name);
2912			if (fe->fe_dump != NULL)
2913				fe->fe_dump();
2914		}
2915		printf("CTL Frontend information end\n");
2916		break;
2917	}
2918	case CTL_LUN_REQ: {
2919		struct ctl_lun_req *lun_req;
2920		struct ctl_backend_driver *backend;
2921
2922		lun_req = (struct ctl_lun_req *)addr;
2923
2924		backend = ctl_backend_find(lun_req->backend);
2925		if (backend == NULL) {
2926			lun_req->status = CTL_LUN_ERROR;
2927			snprintf(lun_req->error_str,
2928				 sizeof(lun_req->error_str),
2929				 "Backend \"%s\" not found.",
2930				 lun_req->backend);
2931			break;
2932		}
2933		if (lun_req->num_be_args > 0) {
2934			lun_req->kern_be_args = ctl_copyin_args(
2935				lun_req->num_be_args,
2936				lun_req->be_args,
2937				lun_req->error_str,
2938				sizeof(lun_req->error_str));
2939			if (lun_req->kern_be_args == NULL) {
2940				lun_req->status = CTL_LUN_ERROR;
2941				break;
2942			}
2943		}
2944
2945		retval = backend->ioctl(dev, cmd, addr, flag, td);
2946
2947		if (lun_req->num_be_args > 0) {
2948			ctl_free_args(lun_req->num_be_args,
2949				      lun_req->kern_be_args);
2950		}
2951		break;
2952	}
2953	case CTL_LUN_LIST: {
2954		struct sbuf *sb;
2955		struct ctl_lun *lun;
2956		struct ctl_lun_list *list;
2957		struct ctl_option *opt;
2958
2959		list = (struct ctl_lun_list *)addr;
2960
2961		/*
2962		 * Allocate a fixed length sbuf here, based on the length
2963		 * of the user's buffer.  We could allocate an auto-extending
2964		 * buffer, and then tell the user how much larger our
2965		 * amount of data is than his buffer, but that presents
2966		 * some problems:
2967		 *
2968		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2969		 *     we can't hold a lock while calling them with an
2970		 *     auto-extending buffer.
2971 		 *
2972		 * 2.  There is not currently a LUN reference counting
2973		 *     mechanism, outside of outstanding transactions on
2974		 *     the LUN's OOA queue.  So a LUN could go away on us
2975		 *     while we're getting the LUN number, backend-specific
2976		 *     information, etc.  Thus, given the way things
2977		 *     currently work, we need to hold the CTL lock while
2978		 *     grabbing LUN information.
2979		 *
2980		 * So, from the user's standpoint, the best thing to do is
2981		 * allocate what he thinks is a reasonable buffer length,
2982		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2983		 * double the buffer length and try again.  (And repeat
2984		 * that until he succeeds.)
2985		 */
2986		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2987		if (sb == NULL) {
2988			list->status = CTL_LUN_LIST_ERROR;
2989			snprintf(list->error_str, sizeof(list->error_str),
2990				 "Unable to allocate %d bytes for LUN list",
2991				 list->alloc_len);
2992			break;
2993		}
2994
2995		sbuf_printf(sb, "<ctllunlist>\n");
2996
2997		mtx_lock(&softc->ctl_lock);
2998		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2999			mtx_lock(&lun->lun_lock);
3000			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3001					     (uintmax_t)lun->lun);
3002
3003			/*
3004			 * Bail out as soon as we see that we've overfilled
3005			 * the buffer.
3006			 */
3007			if (retval != 0)
3008				break;
3009
3010			retval = sbuf_printf(sb, "<backend_type>%s"
3011					     "</backend_type>\n",
3012					     (lun->backend == NULL) ?  "none" :
3013					     lun->backend->name);
3014
3015			if (retval != 0)
3016				break;
3017
3018			retval = sbuf_printf(sb, "<lun_type>%d</lun_type>\n",
3019					     lun->be_lun->lun_type);
3020
3021			if (retval != 0)
3022				break;
3023
3024			if (lun->backend == NULL) {
3025				retval = sbuf_printf(sb, "</lun>\n");
3026				if (retval != 0)
3027					break;
3028				continue;
3029			}
3030
3031			retval = sbuf_printf(sb, "<size>%ju</size>\n",
3032					     (lun->be_lun->maxlba > 0) ?
3033					     lun->be_lun->maxlba + 1 : 0);
3034
3035			if (retval != 0)
3036				break;
3037
3038			retval = sbuf_printf(sb, "<blocksize>%u</blocksize>\n",
3039					     lun->be_lun->blocksize);
3040
3041			if (retval != 0)
3042				break;
3043
3044			retval = sbuf_printf(sb, "<serial_number>");
3045
3046			if (retval != 0)
3047				break;
3048
3049			retval = ctl_sbuf_printf_esc(sb,
3050						     lun->be_lun->serial_num);
3051
3052			if (retval != 0)
3053				break;
3054
3055			retval = sbuf_printf(sb, "</serial_number>\n");
3056
3057			if (retval != 0)
3058				break;
3059
3060			retval = sbuf_printf(sb, "<device_id>");
3061
3062			if (retval != 0)
3063				break;
3064
3065			retval = ctl_sbuf_printf_esc(sb,lun->be_lun->device_id);
3066
3067			if (retval != 0)
3068				break;
3069
3070			retval = sbuf_printf(sb, "</device_id>\n");
3071
3072			if (retval != 0)
3073				break;
3074
3075			if (lun->backend->lun_info != NULL) {
3076				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3077				if (retval != 0)
3078					break;
3079			}
3080			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3081				retval = sbuf_printf(sb, "<%s>%s</%s>", opt->name, opt->value, opt->name);
3082				if (retval != 0)
3083					break;
3084			}
3085
3086			retval = sbuf_printf(sb, "</lun>\n");
3087
3088			if (retval != 0)
3089				break;
3090			mtx_unlock(&lun->lun_lock);
3091		}
3092		if (lun != NULL)
3093			mtx_unlock(&lun->lun_lock);
3094		mtx_unlock(&softc->ctl_lock);
3095
3096		if ((retval != 0)
3097		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3098			retval = 0;
3099			sbuf_delete(sb);
3100			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3101			snprintf(list->error_str, sizeof(list->error_str),
3102				 "Out of space, %d bytes is too small",
3103				 list->alloc_len);
3104			break;
3105		}
3106
3107		sbuf_finish(sb);
3108
3109		retval = copyout(sbuf_data(sb), list->lun_xml,
3110				 sbuf_len(sb) + 1);
3111
3112		list->fill_len = sbuf_len(sb) + 1;
3113		list->status = CTL_LUN_LIST_OK;
3114		sbuf_delete(sb);
3115		break;
3116	}
3117	case CTL_ISCSI: {
3118		struct ctl_iscsi *ci;
3119		struct ctl_frontend *fe;
3120
3121		ci = (struct ctl_iscsi *)addr;
3122
3123		mtx_lock(&softc->ctl_lock);
3124		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3125			if (strcmp(fe->name, "iscsi") == 0)
3126				break;
3127		}
3128		mtx_unlock(&softc->ctl_lock);
3129
3130		if (fe == NULL) {
3131			ci->status = CTL_ISCSI_ERROR;
3132			snprintf(ci->error_str, sizeof(ci->error_str),
3133			    "Frontend \"iscsi\" not found.");
3134			break;
3135		}
3136
3137		retval = fe->ioctl(dev, cmd, addr, flag, td);
3138		break;
3139	}
3140	default: {
3141		/* XXX KDM should we fix this? */
3142#if 0
3143		struct ctl_backend_driver *backend;
3144		unsigned int type;
3145		int found;
3146
3147		found = 0;
3148
3149		/*
3150		 * We encode the backend type as the ioctl type for backend
3151		 * ioctls.  So parse it out here, and then search for a
3152		 * backend of this type.
3153		 */
3154		type = _IOC_TYPE(cmd);
3155
3156		STAILQ_FOREACH(backend, &softc->be_list, links) {
3157			if (backend->type == type) {
3158				found = 1;
3159				break;
3160			}
3161		}
3162		if (found == 0) {
3163			printf("ctl: unknown ioctl command %#lx or backend "
3164			       "%d\n", cmd, type);
3165			retval = EINVAL;
3166			break;
3167		}
3168		retval = backend->ioctl(dev, cmd, addr, flag, td);
3169#endif
3170		retval = ENOTTY;
3171		break;
3172	}
3173	}
3174	return (retval);
3175}
3176
3177uint32_t
3178ctl_get_initindex(struct ctl_nexus *nexus)
3179{
3180	if (nexus->targ_port < CTL_MAX_PORTS)
3181		return (nexus->initid.id +
3182			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3183	else
3184		return (nexus->initid.id +
3185		       ((nexus->targ_port - CTL_MAX_PORTS) *
3186			CTL_MAX_INIT_PER_PORT));
3187}
3188
3189uint32_t
3190ctl_get_resindex(struct ctl_nexus *nexus)
3191{
3192	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3193}
3194
3195uint32_t
3196ctl_port_idx(int port_num)
3197{
3198	if (port_num < CTL_MAX_PORTS)
3199		return(port_num);
3200	else
3201		return(port_num - CTL_MAX_PORTS);
3202}
3203
3204/*
3205 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3206 * that are a power of 2.
3207 */
3208int
3209ctl_ffz(uint32_t *mask, uint32_t size)
3210{
3211	uint32_t num_chunks, num_pieces;
3212	int i, j;
3213
3214	num_chunks = (size >> 5);
3215	if (num_chunks == 0)
3216		num_chunks++;
3217	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3218
3219	for (i = 0; i < num_chunks; i++) {
3220		for (j = 0; j < num_pieces; j++) {
3221			if ((mask[i] & (1 << j)) == 0)
3222				return ((i << 5) + j);
3223		}
3224	}
3225
3226	return (-1);
3227}
3228
3229int
3230ctl_set_mask(uint32_t *mask, uint32_t bit)
3231{
3232	uint32_t chunk, piece;
3233
3234	chunk = bit >> 5;
3235	piece = bit % (sizeof(uint32_t) * 8);
3236
3237	if ((mask[chunk] & (1 << piece)) != 0)
3238		return (-1);
3239	else
3240		mask[chunk] |= (1 << piece);
3241
3242	return (0);
3243}
3244
3245int
3246ctl_clear_mask(uint32_t *mask, uint32_t bit)
3247{
3248	uint32_t chunk, piece;
3249
3250	chunk = bit >> 5;
3251	piece = bit % (sizeof(uint32_t) * 8);
3252
3253	if ((mask[chunk] & (1 << piece)) == 0)
3254		return (-1);
3255	else
3256		mask[chunk] &= ~(1 << piece);
3257
3258	return (0);
3259}
3260
3261int
3262ctl_is_set(uint32_t *mask, uint32_t bit)
3263{
3264	uint32_t chunk, piece;
3265
3266	chunk = bit >> 5;
3267	piece = bit % (sizeof(uint32_t) * 8);
3268
3269	if ((mask[chunk] & (1 << piece)) == 0)
3270		return (0);
3271	else
3272		return (1);
3273}
3274
3275#ifdef unused
3276/*
3277 * The bus, target and lun are optional, they can be filled in later.
3278 * can_wait is used to determine whether we can wait on the malloc or not.
3279 */
3280union ctl_io*
3281ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3282	      uint32_t targ_lun, int can_wait)
3283{
3284	union ctl_io *io;
3285
3286	if (can_wait)
3287		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3288	else
3289		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3290
3291	if (io != NULL) {
3292		io->io_hdr.io_type = io_type;
3293		io->io_hdr.targ_port = targ_port;
3294		/*
3295		 * XXX KDM this needs to change/go away.  We need to move
3296		 * to a preallocated pool of ctl_scsiio structures.
3297		 */
3298		io->io_hdr.nexus.targ_target.id = targ_target;
3299		io->io_hdr.nexus.targ_lun = targ_lun;
3300	}
3301
3302	return (io);
3303}
3304
3305void
3306ctl_kfree_io(union ctl_io *io)
3307{
3308	free(io, M_CTL);
3309}
3310#endif /* unused */
3311
3312/*
3313 * ctl_softc, pool_type, total_ctl_io are passed in.
3314 * npool is passed out.
3315 */
3316int
3317ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3318		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3319{
3320	uint32_t i;
3321	union ctl_io *cur_io, *next_io;
3322	struct ctl_io_pool *pool;
3323	int retval;
3324
3325	retval = 0;
3326
3327	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3328					    M_NOWAIT | M_ZERO);
3329	if (pool == NULL) {
3330		retval = ENOMEM;
3331		goto bailout;
3332	}
3333
3334	pool->type = pool_type;
3335	pool->ctl_softc = ctl_softc;
3336
3337	mtx_lock(&ctl_softc->pool_lock);
3338	pool->id = ctl_softc->cur_pool_id++;
3339	mtx_unlock(&ctl_softc->pool_lock);
3340
3341	pool->flags = CTL_POOL_FLAG_NONE;
3342	pool->refcount = 1;		/* Reference for validity. */
3343	STAILQ_INIT(&pool->free_queue);
3344
3345	/*
3346	 * XXX KDM other options here:
3347	 * - allocate a page at a time
3348	 * - allocate one big chunk of memory.
3349	 * Page allocation might work well, but would take a little more
3350	 * tracking.
3351	 */
3352	for (i = 0; i < total_ctl_io; i++) {
3353		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTLIO,
3354						M_NOWAIT);
3355		if (cur_io == NULL) {
3356			retval = ENOMEM;
3357			break;
3358		}
3359		cur_io->io_hdr.pool = pool;
3360		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3361		pool->total_ctl_io++;
3362		pool->free_ctl_io++;
3363	}
3364
3365	if (retval != 0) {
3366		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3367		     cur_io != NULL; cur_io = next_io) {
3368			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3369							      links);
3370			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3371				      ctl_io_hdr, links);
3372			free(cur_io, M_CTLIO);
3373		}
3374
3375		free(pool, M_CTL);
3376		goto bailout;
3377	}
3378	mtx_lock(&ctl_softc->pool_lock);
3379	ctl_softc->num_pools++;
3380	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3381	/*
3382	 * Increment our usage count if this is an external consumer, so we
3383	 * can't get unloaded until the external consumer (most likely a
3384	 * FETD) unloads and frees his pool.
3385	 *
3386	 * XXX KDM will this increment the caller's module use count, or
3387	 * mine?
3388	 */
3389#if 0
3390	if ((pool_type != CTL_POOL_EMERGENCY)
3391	 && (pool_type != CTL_POOL_INTERNAL)
3392	 && (pool_type != CTL_POOL_4OTHERSC))
3393		MOD_INC_USE_COUNT;
3394#endif
3395
3396	mtx_unlock(&ctl_softc->pool_lock);
3397
3398	*npool = pool;
3399
3400bailout:
3401
3402	return (retval);
3403}
3404
3405static int
3406ctl_pool_acquire(struct ctl_io_pool *pool)
3407{
3408
3409	mtx_assert(&pool->ctl_softc->pool_lock, MA_OWNED);
3410
3411	if (pool->flags & CTL_POOL_FLAG_INVALID)
3412		return (EINVAL);
3413
3414	pool->refcount++;
3415
3416	return (0);
3417}
3418
3419static void
3420ctl_pool_release(struct ctl_io_pool *pool)
3421{
3422	struct ctl_softc *ctl_softc = pool->ctl_softc;
3423	union ctl_io *io;
3424
3425	mtx_assert(&ctl_softc->pool_lock, MA_OWNED);
3426
3427	if (--pool->refcount != 0)
3428		return;
3429
3430	while ((io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue)) != NULL) {
3431		STAILQ_REMOVE(&pool->free_queue, &io->io_hdr, ctl_io_hdr,
3432			      links);
3433		free(io, M_CTLIO);
3434	}
3435
3436	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3437	ctl_softc->num_pools--;
3438
3439	/*
3440	 * XXX KDM will this decrement the caller's usage count or mine?
3441	 */
3442#if 0
3443	if ((pool->type != CTL_POOL_EMERGENCY)
3444	 && (pool->type != CTL_POOL_INTERNAL)
3445	 && (pool->type != CTL_POOL_4OTHERSC))
3446		MOD_DEC_USE_COUNT;
3447#endif
3448
3449	free(pool, M_CTL);
3450}
3451
3452void
3453ctl_pool_free(struct ctl_io_pool *pool)
3454{
3455	struct ctl_softc *ctl_softc;
3456
3457	if (pool == NULL)
3458		return;
3459
3460	ctl_softc = pool->ctl_softc;
3461	mtx_lock(&ctl_softc->pool_lock);
3462	pool->flags |= CTL_POOL_FLAG_INVALID;
3463	ctl_pool_release(pool);
3464	mtx_unlock(&ctl_softc->pool_lock);
3465}
3466
3467/*
3468 * This routine does not block (except for spinlocks of course).
3469 * It tries to allocate a ctl_io union from the caller's pool as quickly as
3470 * possible.
3471 */
3472union ctl_io *
3473ctl_alloc_io(void *pool_ref)
3474{
3475	union ctl_io *io;
3476	struct ctl_softc *ctl_softc;
3477	struct ctl_io_pool *pool, *npool;
3478	struct ctl_io_pool *emergency_pool;
3479
3480	pool = (struct ctl_io_pool *)pool_ref;
3481
3482	if (pool == NULL) {
3483		printf("%s: pool is NULL\n", __func__);
3484		return (NULL);
3485	}
3486
3487	emergency_pool = NULL;
3488
3489	ctl_softc = pool->ctl_softc;
3490
3491	mtx_lock(&ctl_softc->pool_lock);
3492	/*
3493	 * First, try to get the io structure from the user's pool.
3494	 */
3495	if (ctl_pool_acquire(pool) == 0) {
3496		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3497		if (io != NULL) {
3498			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3499			pool->total_allocated++;
3500			pool->free_ctl_io--;
3501			mtx_unlock(&ctl_softc->pool_lock);
3502			return (io);
3503		} else
3504			ctl_pool_release(pool);
3505	}
3506	/*
3507	 * If he doesn't have any io structures left, search for an
3508	 * emergency pool and grab one from there.
3509	 */
3510	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3511		if (npool->type != CTL_POOL_EMERGENCY)
3512			continue;
3513
3514		if (ctl_pool_acquire(npool) != 0)
3515			continue;
3516
3517		emergency_pool = npool;
3518
3519		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3520		if (io != NULL) {
3521			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3522			npool->total_allocated++;
3523			npool->free_ctl_io--;
3524			mtx_unlock(&ctl_softc->pool_lock);
3525			return (io);
3526		} else
3527			ctl_pool_release(npool);
3528	}
3529
3530	/* Drop the spinlock before we malloc */
3531	mtx_unlock(&ctl_softc->pool_lock);
3532
3533	/*
3534	 * The emergency pool (if it exists) didn't have one, so try an
3535	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3536	 */
3537	io = (union ctl_io *)malloc(sizeof(*io), M_CTLIO, M_NOWAIT);
3538	if (io != NULL) {
3539		/*
3540		 * If the emergency pool exists but is empty, add this
3541		 * ctl_io to its list when it gets freed.
3542		 */
3543		if (emergency_pool != NULL) {
3544			mtx_lock(&ctl_softc->pool_lock);
3545			if (ctl_pool_acquire(emergency_pool) == 0) {
3546				io->io_hdr.pool = emergency_pool;
3547				emergency_pool->total_ctl_io++;
3548				/*
3549				 * Need to bump this, otherwise
3550				 * total_allocated and total_freed won't
3551				 * match when we no longer have anything
3552				 * outstanding.
3553				 */
3554				emergency_pool->total_allocated++;
3555			}
3556			mtx_unlock(&ctl_softc->pool_lock);
3557		} else
3558			io->io_hdr.pool = NULL;
3559	}
3560
3561	return (io);
3562}
3563
3564void
3565ctl_free_io(union ctl_io *io)
3566{
3567	if (io == NULL)
3568		return;
3569
3570	/*
3571	 * If this ctl_io has a pool, return it to that pool.
3572	 */
3573	if (io->io_hdr.pool != NULL) {
3574		struct ctl_io_pool *pool;
3575
3576		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3577		mtx_lock(&pool->ctl_softc->pool_lock);
3578		io->io_hdr.io_type = 0xff;
3579		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3580		pool->total_freed++;
3581		pool->free_ctl_io++;
3582		ctl_pool_release(pool);
3583		mtx_unlock(&pool->ctl_softc->pool_lock);
3584	} else {
3585		/*
3586		 * Otherwise, just free it.  We probably malloced it and
3587		 * the emergency pool wasn't available.
3588		 */
3589		free(io, M_CTLIO);
3590	}
3591
3592}
3593
3594void
3595ctl_zero_io(union ctl_io *io)
3596{
3597	void *pool_ref;
3598
3599	if (io == NULL)
3600		return;
3601
3602	/*
3603	 * May need to preserve linked list pointers at some point too.
3604	 */
3605	pool_ref = io->io_hdr.pool;
3606
3607	memset(io, 0, sizeof(*io));
3608
3609	io->io_hdr.pool = pool_ref;
3610}
3611
3612/*
3613 * This routine is currently used for internal copies of ctl_ios that need
3614 * to persist for some reason after we've already returned status to the
3615 * FETD.  (Thus the flag set.)
3616 *
3617 * XXX XXX
3618 * Note that this makes a blind copy of all fields in the ctl_io, except
3619 * for the pool reference.  This includes any memory that has been
3620 * allocated!  That memory will no longer be valid after done has been
3621 * called, so this would be VERY DANGEROUS for command that actually does
3622 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3623 * start and stop commands, which don't transfer any data, so this is not a
3624 * problem.  If it is used for anything else, the caller would also need to
3625 * allocate data buffer space and this routine would need to be modified to
3626 * copy the data buffer(s) as well.
3627 */
3628void
3629ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3630{
3631	void *pool_ref;
3632
3633	if ((src == NULL)
3634	 || (dest == NULL))
3635		return;
3636
3637	/*
3638	 * May need to preserve linked list pointers at some point too.
3639	 */
3640	pool_ref = dest->io_hdr.pool;
3641
3642	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
3643
3644	dest->io_hdr.pool = pool_ref;
3645	/*
3646	 * We need to know that this is an internal copy, and doesn't need
3647	 * to get passed back to the FETD that allocated it.
3648	 */
3649	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3650}
3651
3652#ifdef NEEDTOPORT
3653static void
3654ctl_update_power_subpage(struct copan_power_subpage *page)
3655{
3656	int num_luns, num_partitions, config_type;
3657	struct ctl_softc *softc;
3658	cs_BOOL_t aor_present, shelf_50pct_power;
3659	cs_raidset_personality_t rs_type;
3660	int max_active_luns;
3661
3662	softc = control_softc;
3663
3664	/* subtract out the processor LUN */
3665	num_luns = softc->num_luns - 1;
3666	/*
3667	 * Default to 7 LUNs active, which was the only number we allowed
3668	 * in the past.
3669	 */
3670	max_active_luns = 7;
3671
3672	num_partitions = config_GetRsPartitionInfo();
3673	config_type = config_GetConfigType();
3674	shelf_50pct_power = config_GetShelfPowerMode();
3675	aor_present = config_IsAorRsPresent();
3676
3677	rs_type = ddb_GetRsRaidType(1);
3678	if ((rs_type != CS_RAIDSET_PERSONALITY_RAID5)
3679	 && (rs_type != CS_RAIDSET_PERSONALITY_RAID1)) {
3680		EPRINT(0, "Unsupported RS type %d!", rs_type);
3681	}
3682
3683
3684	page->total_luns = num_luns;
3685
3686	switch (config_type) {
3687	case 40:
3688		/*
3689		 * In a 40 drive configuration, it doesn't matter what DC
3690		 * cards we have, whether we have AOR enabled or not,
3691		 * partitioning or not, or what type of RAIDset we have.
3692		 * In that scenario, we can power up every LUN we present
3693		 * to the user.
3694		 */
3695		max_active_luns = num_luns;
3696
3697		break;
3698	case 64:
3699		if (shelf_50pct_power == CS_FALSE) {
3700			/* 25% power */
3701			if (aor_present == CS_TRUE) {
3702				if (rs_type ==
3703				     CS_RAIDSET_PERSONALITY_RAID5) {
3704					max_active_luns = 7;
3705				} else if (rs_type ==
3706					 CS_RAIDSET_PERSONALITY_RAID1){
3707					max_active_luns = 14;
3708				} else {
3709					/* XXX KDM now what?? */
3710				}
3711			} else {
3712				if (rs_type ==
3713				     CS_RAIDSET_PERSONALITY_RAID5) {
3714					max_active_luns = 8;
3715				} else if (rs_type ==
3716					 CS_RAIDSET_PERSONALITY_RAID1){
3717					max_active_luns = 16;
3718				} else {
3719					/* XXX KDM now what?? */
3720				}
3721			}
3722		} else {
3723			/* 50% power */
3724			/*
3725			 * With 50% power in a 64 drive configuration, we
3726			 * can power all LUNs we present.
3727			 */
3728			max_active_luns = num_luns;
3729		}
3730		break;
3731	case 112:
3732		if (shelf_50pct_power == CS_FALSE) {
3733			/* 25% power */
3734			if (aor_present == CS_TRUE) {
3735				if (rs_type ==
3736				     CS_RAIDSET_PERSONALITY_RAID5) {
3737					max_active_luns = 7;
3738				} else if (rs_type ==
3739					 CS_RAIDSET_PERSONALITY_RAID1){
3740					max_active_luns = 14;
3741				} else {
3742					/* XXX KDM now what?? */
3743				}
3744			} else {
3745				if (rs_type ==
3746				     CS_RAIDSET_PERSONALITY_RAID5) {
3747					max_active_luns = 8;
3748				} else if (rs_type ==
3749					 CS_RAIDSET_PERSONALITY_RAID1){
3750					max_active_luns = 16;
3751				} else {
3752					/* XXX KDM now what?? */
3753				}
3754			}
3755		} else {
3756			/* 50% power */
3757			if (aor_present == CS_TRUE) {
3758				if (rs_type ==
3759				     CS_RAIDSET_PERSONALITY_RAID5) {
3760					max_active_luns = 14;
3761				} else if (rs_type ==
3762					 CS_RAIDSET_PERSONALITY_RAID1){
3763					/*
3764					 * We're assuming here that disk
3765					 * caching is enabled, and so we're
3766					 * able to power up half of each
3767					 * LUN, and cache all writes.
3768					 */
3769					max_active_luns = num_luns;
3770				} else {
3771					/* XXX KDM now what?? */
3772				}
3773			} else {
3774				if (rs_type ==
3775				     CS_RAIDSET_PERSONALITY_RAID5) {
3776					max_active_luns = 15;
3777				} else if (rs_type ==
3778					 CS_RAIDSET_PERSONALITY_RAID1){
3779					max_active_luns = 30;
3780				} else {
3781					/* XXX KDM now what?? */
3782				}
3783			}
3784		}
3785		break;
3786	default:
3787		/*
3788		 * In this case, we have an unknown configuration, so we
3789		 * just use the default from above.
3790		 */
3791		break;
3792	}
3793
3794	page->max_active_luns = max_active_luns;
3795#if 0
3796	printk("%s: total_luns = %d, max_active_luns = %d\n", __func__,
3797	       page->total_luns, page->max_active_luns);
3798#endif
3799}
3800#endif /* NEEDTOPORT */
3801
3802/*
3803 * This routine could be used in the future to load default and/or saved
3804 * mode page parameters for a particuar lun.
3805 */
3806static int
3807ctl_init_page_index(struct ctl_lun *lun)
3808{
3809	int i;
3810	struct ctl_page_index *page_index;
3811	struct ctl_softc *softc;
3812
3813	memcpy(&lun->mode_pages.index, page_index_template,
3814	       sizeof(page_index_template));
3815
3816	softc = lun->ctl_softc;
3817
3818	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3819
3820		page_index = &lun->mode_pages.index[i];
3821		/*
3822		 * If this is a disk-only mode page, there's no point in
3823		 * setting it up.  For some pages, we have to have some
3824		 * basic information about the disk in order to calculate the
3825		 * mode page data.
3826		 */
3827		if ((lun->be_lun->lun_type != T_DIRECT)
3828		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3829			continue;
3830
3831		switch (page_index->page_code & SMPH_PC_MASK) {
3832		case SMS_FORMAT_DEVICE_PAGE: {
3833			struct scsi_format_page *format_page;
3834
3835			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3836				panic("subpage is incorrect!");
3837
3838			/*
3839			 * Sectors per track are set above.  Bytes per
3840			 * sector need to be set here on a per-LUN basis.
3841			 */
3842			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3843			       &format_page_default,
3844			       sizeof(format_page_default));
3845			memcpy(&lun->mode_pages.format_page[
3846			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3847			       sizeof(format_page_changeable));
3848			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3849			       &format_page_default,
3850			       sizeof(format_page_default));
3851			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3852			       &format_page_default,
3853			       sizeof(format_page_default));
3854
3855			format_page = &lun->mode_pages.format_page[
3856				CTL_PAGE_CURRENT];
3857			scsi_ulto2b(lun->be_lun->blocksize,
3858				    format_page->bytes_per_sector);
3859
3860			format_page = &lun->mode_pages.format_page[
3861				CTL_PAGE_DEFAULT];
3862			scsi_ulto2b(lun->be_lun->blocksize,
3863				    format_page->bytes_per_sector);
3864
3865			format_page = &lun->mode_pages.format_page[
3866				CTL_PAGE_SAVED];
3867			scsi_ulto2b(lun->be_lun->blocksize,
3868				    format_page->bytes_per_sector);
3869
3870			page_index->page_data =
3871				(uint8_t *)lun->mode_pages.format_page;
3872			break;
3873		}
3874		case SMS_RIGID_DISK_PAGE: {
3875			struct scsi_rigid_disk_page *rigid_disk_page;
3876			uint32_t sectors_per_cylinder;
3877			uint64_t cylinders;
3878#ifndef	__XSCALE__
3879			int shift;
3880#endif /* !__XSCALE__ */
3881
3882			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3883				panic("invalid subpage value %d",
3884				      page_index->subpage);
3885
3886			/*
3887			 * Rotation rate and sectors per track are set
3888			 * above.  We calculate the cylinders here based on
3889			 * capacity.  Due to the number of heads and
3890			 * sectors per track we're using, smaller arrays
3891			 * may turn out to have 0 cylinders.  Linux and
3892			 * FreeBSD don't pay attention to these mode pages
3893			 * to figure out capacity, but Solaris does.  It
3894			 * seems to deal with 0 cylinders just fine, and
3895			 * works out a fake geometry based on the capacity.
3896			 */
3897			memcpy(&lun->mode_pages.rigid_disk_page[
3898			       CTL_PAGE_CURRENT], &rigid_disk_page_default,
3899			       sizeof(rigid_disk_page_default));
3900			memcpy(&lun->mode_pages.rigid_disk_page[
3901			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3902			       sizeof(rigid_disk_page_changeable));
3903			memcpy(&lun->mode_pages.rigid_disk_page[
3904			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3905			       sizeof(rigid_disk_page_default));
3906			memcpy(&lun->mode_pages.rigid_disk_page[
3907			       CTL_PAGE_SAVED], &rigid_disk_page_default,
3908			       sizeof(rigid_disk_page_default));
3909
3910			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3911				CTL_DEFAULT_HEADS;
3912
3913			/*
3914			 * The divide method here will be more accurate,
3915			 * probably, but results in floating point being
3916			 * used in the kernel on i386 (__udivdi3()).  On the
3917			 * XScale, though, __udivdi3() is implemented in
3918			 * software.
3919			 *
3920			 * The shift method for cylinder calculation is
3921			 * accurate if sectors_per_cylinder is a power of
3922			 * 2.  Otherwise it might be slightly off -- you
3923			 * might have a bit of a truncation problem.
3924			 */
3925#ifdef	__XSCALE__
3926			cylinders = (lun->be_lun->maxlba + 1) /
3927				sectors_per_cylinder;
3928#else
3929			for (shift = 31; shift > 0; shift--) {
3930				if (sectors_per_cylinder & (1 << shift))
3931					break;
3932			}
3933			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3934#endif
3935
3936			/*
3937			 * We've basically got 3 bytes, or 24 bits for the
3938			 * cylinder size in the mode page.  If we're over,
3939			 * just round down to 2^24.
3940			 */
3941			if (cylinders > 0xffffff)
3942				cylinders = 0xffffff;
3943
3944			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3945				CTL_PAGE_CURRENT];
3946			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3947
3948			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3949				CTL_PAGE_DEFAULT];
3950			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3951
3952			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3953				CTL_PAGE_SAVED];
3954			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3955
3956			page_index->page_data =
3957				(uint8_t *)lun->mode_pages.rigid_disk_page;
3958			break;
3959		}
3960		case SMS_CACHING_PAGE: {
3961
3962			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3963				panic("invalid subpage value %d",
3964				      page_index->subpage);
3965			/*
3966			 * Defaults should be okay here, no calculations
3967			 * needed.
3968			 */
3969			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3970			       &caching_page_default,
3971			       sizeof(caching_page_default));
3972			memcpy(&lun->mode_pages.caching_page[
3973			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3974			       sizeof(caching_page_changeable));
3975			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3976			       &caching_page_default,
3977			       sizeof(caching_page_default));
3978			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3979			       &caching_page_default,
3980			       sizeof(caching_page_default));
3981			page_index->page_data =
3982				(uint8_t *)lun->mode_pages.caching_page;
3983			break;
3984		}
3985		case SMS_CONTROL_MODE_PAGE: {
3986
3987			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3988				panic("invalid subpage value %d",
3989				      page_index->subpage);
3990
3991			/*
3992			 * Defaults should be okay here, no calculations
3993			 * needed.
3994			 */
3995			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3996			       &control_page_default,
3997			       sizeof(control_page_default));
3998			memcpy(&lun->mode_pages.control_page[
3999			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4000			       sizeof(control_page_changeable));
4001			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4002			       &control_page_default,
4003			       sizeof(control_page_default));
4004			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4005			       &control_page_default,
4006			       sizeof(control_page_default));
4007			page_index->page_data =
4008				(uint8_t *)lun->mode_pages.control_page;
4009			break;
4010
4011		}
4012		case SMS_VENDOR_SPECIFIC_PAGE:{
4013			switch (page_index->subpage) {
4014			case PWR_SUBPAGE_CODE: {
4015				struct copan_power_subpage *current_page,
4016							   *saved_page;
4017
4018				memcpy(&lun->mode_pages.power_subpage[
4019				       CTL_PAGE_CURRENT],
4020				       &power_page_default,
4021				       sizeof(power_page_default));
4022				memcpy(&lun->mode_pages.power_subpage[
4023				       CTL_PAGE_CHANGEABLE],
4024				       &power_page_changeable,
4025				       sizeof(power_page_changeable));
4026				memcpy(&lun->mode_pages.power_subpage[
4027				       CTL_PAGE_DEFAULT],
4028				       &power_page_default,
4029				       sizeof(power_page_default));
4030				memcpy(&lun->mode_pages.power_subpage[
4031				       CTL_PAGE_SAVED],
4032				       &power_page_default,
4033				       sizeof(power_page_default));
4034				page_index->page_data =
4035				    (uint8_t *)lun->mode_pages.power_subpage;
4036
4037				current_page = (struct copan_power_subpage *)
4038					(page_index->page_data +
4039					 (page_index->page_len *
4040					  CTL_PAGE_CURRENT));
4041			        saved_page = (struct copan_power_subpage *)
4042				        (page_index->page_data +
4043					 (page_index->page_len *
4044					  CTL_PAGE_SAVED));
4045				break;
4046			}
4047			case APS_SUBPAGE_CODE: {
4048				struct copan_aps_subpage *current_page,
4049							 *saved_page;
4050
4051				// This gets set multiple times but
4052				// it should always be the same. It's
4053				// only done during init so who cares.
4054				index_to_aps_page = i;
4055
4056				memcpy(&lun->mode_pages.aps_subpage[
4057				       CTL_PAGE_CURRENT],
4058				       &aps_page_default,
4059				       sizeof(aps_page_default));
4060				memcpy(&lun->mode_pages.aps_subpage[
4061				       CTL_PAGE_CHANGEABLE],
4062				       &aps_page_changeable,
4063				       sizeof(aps_page_changeable));
4064				memcpy(&lun->mode_pages.aps_subpage[
4065				       CTL_PAGE_DEFAULT],
4066				       &aps_page_default,
4067				       sizeof(aps_page_default));
4068				memcpy(&lun->mode_pages.aps_subpage[
4069				       CTL_PAGE_SAVED],
4070				       &aps_page_default,
4071				       sizeof(aps_page_default));
4072				page_index->page_data =
4073					(uint8_t *)lun->mode_pages.aps_subpage;
4074
4075				current_page = (struct copan_aps_subpage *)
4076					(page_index->page_data +
4077					 (page_index->page_len *
4078					  CTL_PAGE_CURRENT));
4079				saved_page = (struct copan_aps_subpage *)
4080					(page_index->page_data +
4081					 (page_index->page_len *
4082					  CTL_PAGE_SAVED));
4083				break;
4084			}
4085			case DBGCNF_SUBPAGE_CODE: {
4086				struct copan_debugconf_subpage *current_page,
4087							       *saved_page;
4088
4089				memcpy(&lun->mode_pages.debugconf_subpage[
4090				       CTL_PAGE_CURRENT],
4091				       &debugconf_page_default,
4092				       sizeof(debugconf_page_default));
4093				memcpy(&lun->mode_pages.debugconf_subpage[
4094				       CTL_PAGE_CHANGEABLE],
4095				       &debugconf_page_changeable,
4096				       sizeof(debugconf_page_changeable));
4097				memcpy(&lun->mode_pages.debugconf_subpage[
4098				       CTL_PAGE_DEFAULT],
4099				       &debugconf_page_default,
4100				       sizeof(debugconf_page_default));
4101				memcpy(&lun->mode_pages.debugconf_subpage[
4102				       CTL_PAGE_SAVED],
4103				       &debugconf_page_default,
4104				       sizeof(debugconf_page_default));
4105				page_index->page_data =
4106					(uint8_t *)lun->mode_pages.debugconf_subpage;
4107
4108				current_page = (struct copan_debugconf_subpage *)
4109					(page_index->page_data +
4110					 (page_index->page_len *
4111					  CTL_PAGE_CURRENT));
4112				saved_page = (struct copan_debugconf_subpage *)
4113					(page_index->page_data +
4114					 (page_index->page_len *
4115					  CTL_PAGE_SAVED));
4116				break;
4117			}
4118			default:
4119				panic("invalid subpage value %d",
4120				      page_index->subpage);
4121				break;
4122			}
4123   			break;
4124		}
4125		default:
4126			panic("invalid page value %d",
4127			      page_index->page_code & SMPH_PC_MASK);
4128			break;
4129    	}
4130	}
4131
4132	return (CTL_RETVAL_COMPLETE);
4133}
4134
4135/*
4136 * LUN allocation.
4137 *
4138 * Requirements:
4139 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4140 *   wants us to allocate the LUN and he can block.
4141 * - ctl_softc is always set
4142 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4143 *
4144 * Returns 0 for success, non-zero (errno) for failure.
4145 */
4146static int
4147ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4148	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4149{
4150	struct ctl_lun *nlun, *lun;
4151	struct ctl_port *port;
4152	int lun_number, i, lun_malloced;
4153
4154	if (be_lun == NULL)
4155		return (EINVAL);
4156
4157	/*
4158	 * We currently only support Direct Access or Processor LUN types.
4159	 */
4160	switch (be_lun->lun_type) {
4161	case T_DIRECT:
4162		break;
4163	case T_PROCESSOR:
4164		break;
4165	case T_SEQUENTIAL:
4166	case T_CHANGER:
4167	default:
4168		be_lun->lun_config_status(be_lun->be_lun,
4169					  CTL_LUN_CONFIG_FAILURE);
4170		break;
4171	}
4172	if (ctl_lun == NULL) {
4173		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4174		lun_malloced = 1;
4175	} else {
4176		lun_malloced = 0;
4177		lun = ctl_lun;
4178	}
4179
4180	memset(lun, 0, sizeof(*lun));
4181	if (lun_malloced)
4182		lun->flags = CTL_LUN_MALLOCED;
4183
4184	mtx_lock(&ctl_softc->ctl_lock);
4185	/*
4186	 * See if the caller requested a particular LUN number.  If so, see
4187	 * if it is available.  Otherwise, allocate the first available LUN.
4188	 */
4189	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4190		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4191		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4192			mtx_unlock(&ctl_softc->ctl_lock);
4193			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4194				printf("ctl: requested LUN ID %d is higher "
4195				       "than CTL_MAX_LUNS - 1 (%d)\n",
4196				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4197			} else {
4198				/*
4199				 * XXX KDM return an error, or just assign
4200				 * another LUN ID in this case??
4201				 */
4202				printf("ctl: requested LUN ID %d is already "
4203				       "in use\n", be_lun->req_lun_id);
4204			}
4205			if (lun->flags & CTL_LUN_MALLOCED)
4206				free(lun, M_CTL);
4207			be_lun->lun_config_status(be_lun->be_lun,
4208						  CTL_LUN_CONFIG_FAILURE);
4209			return (ENOSPC);
4210		}
4211		lun_number = be_lun->req_lun_id;
4212	} else {
4213		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4214		if (lun_number == -1) {
4215			mtx_unlock(&ctl_softc->ctl_lock);
4216			printf("ctl: can't allocate LUN on target %ju, out of "
4217			       "LUNs\n", (uintmax_t)target_id.id);
4218			if (lun->flags & CTL_LUN_MALLOCED)
4219				free(lun, M_CTL);
4220			be_lun->lun_config_status(be_lun->be_lun,
4221						  CTL_LUN_CONFIG_FAILURE);
4222			return (ENOSPC);
4223		}
4224	}
4225	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4226
4227	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4228	lun->target = target_id;
4229	lun->lun = lun_number;
4230	lun->be_lun = be_lun;
4231	/*
4232	 * The processor LUN is always enabled.  Disk LUNs come on line
4233	 * disabled, and must be enabled by the backend.
4234	 */
4235	lun->flags |= CTL_LUN_DISABLED;
4236	lun->backend = be_lun->be;
4237	be_lun->ctl_lun = lun;
4238	be_lun->lun_id = lun_number;
4239	atomic_add_int(&be_lun->be->num_luns, 1);
4240	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4241		lun->flags |= CTL_LUN_STOPPED;
4242
4243	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4244		lun->flags |= CTL_LUN_INOPERABLE;
4245
4246	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4247		lun->flags |= CTL_LUN_PRIMARY_SC;
4248
4249	lun->ctl_softc = ctl_softc;
4250	TAILQ_INIT(&lun->ooa_queue);
4251	TAILQ_INIT(&lun->blocked_queue);
4252	STAILQ_INIT(&lun->error_list);
4253
4254	/*
4255	 * Initialize the mode page index.
4256	 */
4257	ctl_init_page_index(lun);
4258
4259	/*
4260	 * Set the poweron UA for all initiators on this LUN only.
4261	 */
4262	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4263		lun->pending_sense[i].ua_pending = CTL_UA_POWERON;
4264
4265	/*
4266	 * Now, before we insert this lun on the lun list, set the lun
4267	 * inventory changed UA for all other luns.
4268	 */
4269	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4270		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4271			nlun->pending_sense[i].ua_pending |= CTL_UA_LUN_CHANGE;
4272		}
4273	}
4274
4275	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4276
4277	ctl_softc->ctl_luns[lun_number] = lun;
4278
4279	ctl_softc->num_luns++;
4280
4281	/* Setup statistics gathering */
4282	lun->stats.device_type = be_lun->lun_type;
4283	lun->stats.lun_number = lun_number;
4284	if (lun->stats.device_type == T_DIRECT)
4285		lun->stats.blocksize = be_lun->blocksize;
4286	else
4287		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4288	for (i = 0;i < CTL_MAX_PORTS;i++)
4289		lun->stats.ports[i].targ_port = i;
4290
4291	mtx_unlock(&ctl_softc->ctl_lock);
4292
4293	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4294
4295	/*
4296	 * Run through each registered FETD and bring it online if it isn't
4297	 * already.  Enable the target ID if it hasn't been enabled, and
4298	 * enable this particular LUN.
4299	 */
4300	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4301		int retval;
4302
4303		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4304		if (retval != 0) {
4305			printf("ctl_alloc_lun: FETD %s port %d returned error "
4306			       "%d for lun_enable on target %ju lun %d\n",
4307			       port->port_name, port->targ_port, retval,
4308			       (uintmax_t)target_id.id, lun_number);
4309		} else
4310			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4311	}
4312	return (0);
4313}
4314
4315/*
4316 * Delete a LUN.
4317 * Assumptions:
4318 * - LUN has already been marked invalid and any pending I/O has been taken
4319 *   care of.
4320 */
4321static int
4322ctl_free_lun(struct ctl_lun *lun)
4323{
4324	struct ctl_softc *softc;
4325#if 0
4326	struct ctl_port *port;
4327#endif
4328	struct ctl_lun *nlun;
4329	int i;
4330
4331	softc = lun->ctl_softc;
4332
4333	mtx_assert(&softc->ctl_lock, MA_OWNED);
4334
4335	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4336
4337	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4338
4339	softc->ctl_luns[lun->lun] = NULL;
4340
4341	if (!TAILQ_EMPTY(&lun->ooa_queue))
4342		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4343
4344	softc->num_luns--;
4345
4346	/*
4347	 * XXX KDM this scheme only works for a single target/multiple LUN
4348	 * setup.  It needs to be revamped for a multiple target scheme.
4349	 *
4350	 * XXX KDM this results in port->lun_disable() getting called twice,
4351	 * once when ctl_disable_lun() is called, and a second time here.
4352	 * We really need to re-think the LUN disable semantics.  There
4353	 * should probably be several steps/levels to LUN removal:
4354	 *  - disable
4355	 *  - invalidate
4356	 *  - free
4357 	 *
4358	 * Right now we only have a disable method when communicating to
4359	 * the front end ports, at least for individual LUNs.
4360	 */
4361#if 0
4362	STAILQ_FOREACH(port, &softc->port_list, links) {
4363		int retval;
4364
4365		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4366					 lun->lun);
4367		if (retval != 0) {
4368			printf("ctl_free_lun: FETD %s port %d returned error "
4369			       "%d for lun_disable on target %ju lun %jd\n",
4370			       port->port_name, port->targ_port, retval,
4371			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4372		}
4373
4374		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4375			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4376
4377			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4378			if (retval != 0) {
4379				printf("ctl_free_lun: FETD %s port %d "
4380				       "returned error %d for targ_disable on "
4381				       "target %ju\n", port->port_name,
4382				       port->targ_port, retval,
4383				       (uintmax_t)lun->target.id);
4384			} else
4385				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4386
4387			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4388				continue;
4389
4390#if 0
4391			port->port_offline(port->onoff_arg);
4392			port->status &= ~CTL_PORT_STATUS_ONLINE;
4393#endif
4394		}
4395	}
4396#endif
4397
4398	/*
4399	 * Tell the backend to free resources, if this LUN has a backend.
4400	 */
4401	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4402	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4403
4404	mtx_destroy(&lun->lun_lock);
4405	if (lun->flags & CTL_LUN_MALLOCED)
4406		free(lun, M_CTL);
4407
4408	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4409		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4410			nlun->pending_sense[i].ua_pending |= CTL_UA_LUN_CHANGE;
4411		}
4412	}
4413
4414	return (0);
4415}
4416
4417static void
4418ctl_create_lun(struct ctl_be_lun *be_lun)
4419{
4420	struct ctl_softc *ctl_softc;
4421
4422	ctl_softc = control_softc;
4423
4424	/*
4425	 * ctl_alloc_lun() should handle all potential failure cases.
4426	 */
4427	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4428}
4429
4430int
4431ctl_add_lun(struct ctl_be_lun *be_lun)
4432{
4433	struct ctl_softc *ctl_softc = control_softc;
4434
4435	mtx_lock(&ctl_softc->ctl_lock);
4436	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4437	mtx_unlock(&ctl_softc->ctl_lock);
4438	wakeup(&ctl_softc->pending_lun_queue);
4439
4440	return (0);
4441}
4442
4443int
4444ctl_enable_lun(struct ctl_be_lun *be_lun)
4445{
4446	struct ctl_softc *ctl_softc;
4447	struct ctl_port *port, *nport;
4448	struct ctl_lun *lun;
4449	int retval;
4450
4451	ctl_softc = control_softc;
4452
4453	lun = (struct ctl_lun *)be_lun->ctl_lun;
4454
4455	mtx_lock(&ctl_softc->ctl_lock);
4456	mtx_lock(&lun->lun_lock);
4457	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4458		/*
4459		 * eh?  Why did we get called if the LUN is already
4460		 * enabled?
4461		 */
4462		mtx_unlock(&lun->lun_lock);
4463		mtx_unlock(&ctl_softc->ctl_lock);
4464		return (0);
4465	}
4466	lun->flags &= ~CTL_LUN_DISABLED;
4467	mtx_unlock(&lun->lun_lock);
4468
4469	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
4470		nport = STAILQ_NEXT(port, links);
4471
4472		/*
4473		 * Drop the lock while we call the FETD's enable routine.
4474		 * This can lead to a callback into CTL (at least in the
4475		 * case of the internal initiator frontend.
4476		 */
4477		mtx_unlock(&ctl_softc->ctl_lock);
4478		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4479		mtx_lock(&ctl_softc->ctl_lock);
4480		if (retval != 0) {
4481			printf("%s: FETD %s port %d returned error "
4482			       "%d for lun_enable on target %ju lun %jd\n",
4483			       __func__, port->port_name, port->targ_port, retval,
4484			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4485		}
4486#if 0
4487		 else {
4488            /* NOTE:  TODO:  why does lun enable affect port status? */
4489			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4490		}
4491#endif
4492	}
4493
4494	mtx_unlock(&ctl_softc->ctl_lock);
4495
4496	return (0);
4497}
4498
4499int
4500ctl_disable_lun(struct ctl_be_lun *be_lun)
4501{
4502	struct ctl_softc *ctl_softc;
4503	struct ctl_port *port;
4504	struct ctl_lun *lun;
4505	int retval;
4506
4507	ctl_softc = control_softc;
4508
4509	lun = (struct ctl_lun *)be_lun->ctl_lun;
4510
4511	mtx_lock(&ctl_softc->ctl_lock);
4512	mtx_lock(&lun->lun_lock);
4513	if (lun->flags & CTL_LUN_DISABLED) {
4514		mtx_unlock(&lun->lun_lock);
4515		mtx_unlock(&ctl_softc->ctl_lock);
4516		return (0);
4517	}
4518	lun->flags |= CTL_LUN_DISABLED;
4519	mtx_unlock(&lun->lun_lock);
4520
4521	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4522		mtx_unlock(&ctl_softc->ctl_lock);
4523		/*
4524		 * Drop the lock before we call the frontend's disable
4525		 * routine, to avoid lock order reversals.
4526		 *
4527		 * XXX KDM what happens if the frontend list changes while
4528		 * we're traversing it?  It's unlikely, but should be handled.
4529		 */
4530		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4531					 lun->lun);
4532		mtx_lock(&ctl_softc->ctl_lock);
4533		if (retval != 0) {
4534			printf("ctl_alloc_lun: FETD %s port %d returned error "
4535			       "%d for lun_disable on target %ju lun %jd\n",
4536			       port->port_name, port->targ_port, retval,
4537			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4538		}
4539	}
4540
4541	mtx_unlock(&ctl_softc->ctl_lock);
4542
4543	return (0);
4544}
4545
4546int
4547ctl_start_lun(struct ctl_be_lun *be_lun)
4548{
4549	struct ctl_softc *ctl_softc;
4550	struct ctl_lun *lun;
4551
4552	ctl_softc = control_softc;
4553
4554	lun = (struct ctl_lun *)be_lun->ctl_lun;
4555
4556	mtx_lock(&lun->lun_lock);
4557	lun->flags &= ~CTL_LUN_STOPPED;
4558	mtx_unlock(&lun->lun_lock);
4559
4560	return (0);
4561}
4562
4563int
4564ctl_stop_lun(struct ctl_be_lun *be_lun)
4565{
4566	struct ctl_softc *ctl_softc;
4567	struct ctl_lun *lun;
4568
4569	ctl_softc = control_softc;
4570
4571	lun = (struct ctl_lun *)be_lun->ctl_lun;
4572
4573	mtx_lock(&lun->lun_lock);
4574	lun->flags |= CTL_LUN_STOPPED;
4575	mtx_unlock(&lun->lun_lock);
4576
4577	return (0);
4578}
4579
4580int
4581ctl_lun_offline(struct ctl_be_lun *be_lun)
4582{
4583	struct ctl_softc *ctl_softc;
4584	struct ctl_lun *lun;
4585
4586	ctl_softc = control_softc;
4587
4588	lun = (struct ctl_lun *)be_lun->ctl_lun;
4589
4590	mtx_lock(&lun->lun_lock);
4591	lun->flags |= CTL_LUN_OFFLINE;
4592	mtx_unlock(&lun->lun_lock);
4593
4594	return (0);
4595}
4596
4597int
4598ctl_lun_online(struct ctl_be_lun *be_lun)
4599{
4600	struct ctl_softc *ctl_softc;
4601	struct ctl_lun *lun;
4602
4603	ctl_softc = control_softc;
4604
4605	lun = (struct ctl_lun *)be_lun->ctl_lun;
4606
4607	mtx_lock(&lun->lun_lock);
4608	lun->flags &= ~CTL_LUN_OFFLINE;
4609	mtx_unlock(&lun->lun_lock);
4610
4611	return (0);
4612}
4613
4614int
4615ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4616{
4617	struct ctl_softc *ctl_softc;
4618	struct ctl_lun *lun;
4619
4620	ctl_softc = control_softc;
4621
4622	lun = (struct ctl_lun *)be_lun->ctl_lun;
4623
4624	mtx_lock(&lun->lun_lock);
4625
4626	/*
4627	 * The LUN needs to be disabled before it can be marked invalid.
4628	 */
4629	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4630		mtx_unlock(&lun->lun_lock);
4631		return (-1);
4632	}
4633	/*
4634	 * Mark the LUN invalid.
4635	 */
4636	lun->flags |= CTL_LUN_INVALID;
4637
4638	/*
4639	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4640	 * If we have something in the OOA queue, we'll free it when the
4641	 * last I/O completes.
4642	 */
4643	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4644		mtx_unlock(&lun->lun_lock);
4645		mtx_lock(&ctl_softc->ctl_lock);
4646		ctl_free_lun(lun);
4647		mtx_unlock(&ctl_softc->ctl_lock);
4648	} else
4649		mtx_unlock(&lun->lun_lock);
4650
4651	return (0);
4652}
4653
4654int
4655ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4656{
4657	struct ctl_softc *ctl_softc;
4658	struct ctl_lun *lun;
4659
4660	ctl_softc = control_softc;
4661	lun = (struct ctl_lun *)be_lun->ctl_lun;
4662
4663	mtx_lock(&lun->lun_lock);
4664	lun->flags |= CTL_LUN_INOPERABLE;
4665	mtx_unlock(&lun->lun_lock);
4666
4667	return (0);
4668}
4669
4670int
4671ctl_lun_operable(struct ctl_be_lun *be_lun)
4672{
4673	struct ctl_softc *ctl_softc;
4674	struct ctl_lun *lun;
4675
4676	ctl_softc = control_softc;
4677	lun = (struct ctl_lun *)be_lun->ctl_lun;
4678
4679	mtx_lock(&lun->lun_lock);
4680	lun->flags &= ~CTL_LUN_INOPERABLE;
4681	mtx_unlock(&lun->lun_lock);
4682
4683	return (0);
4684}
4685
4686int
4687ctl_lun_power_lock(struct ctl_be_lun *be_lun, struct ctl_nexus *nexus,
4688		   int lock)
4689{
4690	struct ctl_softc *softc;
4691	struct ctl_lun *lun;
4692	struct copan_aps_subpage *current_sp;
4693	struct ctl_page_index *page_index;
4694	int i;
4695
4696	softc = control_softc;
4697
4698	mtx_lock(&softc->ctl_lock);
4699
4700	lun = (struct ctl_lun *)be_lun->ctl_lun;
4701	mtx_lock(&lun->lun_lock);
4702
4703	page_index = NULL;
4704	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4705		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
4706		     APS_PAGE_CODE)
4707			continue;
4708
4709		if (lun->mode_pages.index[i].subpage != APS_SUBPAGE_CODE)
4710			continue;
4711		page_index = &lun->mode_pages.index[i];
4712	}
4713
4714	if (page_index == NULL) {
4715		mtx_unlock(&lun->lun_lock);
4716		mtx_unlock(&softc->ctl_lock);
4717		printf("%s: APS subpage not found for lun %ju!\n", __func__,
4718		       (uintmax_t)lun->lun);
4719		return (1);
4720	}
4721#if 0
4722	if ((softc->aps_locked_lun != 0)
4723	 && (softc->aps_locked_lun != lun->lun)) {
4724		printf("%s: attempt to lock LUN %llu when %llu is already "
4725		       "locked\n");
4726		mtx_unlock(&lun->lun_lock);
4727		mtx_unlock(&softc->ctl_lock);
4728		return (1);
4729	}
4730#endif
4731
4732	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
4733		(page_index->page_len * CTL_PAGE_CURRENT));
4734
4735	if (lock != 0) {
4736		current_sp->lock_active = APS_LOCK_ACTIVE;
4737		softc->aps_locked_lun = lun->lun;
4738	} else {
4739		current_sp->lock_active = 0;
4740		softc->aps_locked_lun = 0;
4741	}
4742
4743
4744	/*
4745	 * If we're in HA mode, try to send the lock message to the other
4746	 * side.
4747	 */
4748	if (ctl_is_single == 0) {
4749		int isc_retval;
4750		union ctl_ha_msg lock_msg;
4751
4752		lock_msg.hdr.nexus = *nexus;
4753		lock_msg.hdr.msg_type = CTL_MSG_APS_LOCK;
4754		if (lock != 0)
4755			lock_msg.aps.lock_flag = 1;
4756		else
4757			lock_msg.aps.lock_flag = 0;
4758		isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &lock_msg,
4759					 sizeof(lock_msg), 0);
4760		if (isc_retval > CTL_HA_STATUS_SUCCESS) {
4761			printf("%s: APS (lock=%d) error returned from "
4762			       "ctl_ha_msg_send: %d\n", __func__, lock, isc_retval);
4763			mtx_unlock(&lun->lun_lock);
4764			mtx_unlock(&softc->ctl_lock);
4765			return (1);
4766		}
4767	}
4768
4769	mtx_unlock(&lun->lun_lock);
4770	mtx_unlock(&softc->ctl_lock);
4771
4772	return (0);
4773}
4774
4775void
4776ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4777{
4778	struct ctl_lun *lun;
4779	struct ctl_softc *softc;
4780	int i;
4781
4782	softc = control_softc;
4783
4784	lun = (struct ctl_lun *)be_lun->ctl_lun;
4785
4786	mtx_lock(&lun->lun_lock);
4787
4788	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4789		lun->pending_sense[i].ua_pending |= CTL_UA_CAPACITY_CHANGED;
4790
4791	mtx_unlock(&lun->lun_lock);
4792}
4793
4794/*
4795 * Backend "memory move is complete" callback for requests that never
4796 * make it down to say RAIDCore's configuration code.
4797 */
4798int
4799ctl_config_move_done(union ctl_io *io)
4800{
4801	int retval;
4802
4803	retval = CTL_RETVAL_COMPLETE;
4804
4805
4806	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4807	/*
4808	 * XXX KDM this shouldn't happen, but what if it does?
4809	 */
4810	if (io->io_hdr.io_type != CTL_IO_SCSI)
4811		panic("I/O type isn't CTL_IO_SCSI!");
4812
4813	if ((io->io_hdr.port_status == 0)
4814	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
4815	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
4816		io->io_hdr.status = CTL_SUCCESS;
4817	else if ((io->io_hdr.port_status != 0)
4818	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
4819	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
4820		/*
4821		 * For hardware error sense keys, the sense key
4822		 * specific value is defined to be a retry count,
4823		 * but we use it to pass back an internal FETD
4824		 * error code.  XXX KDM  Hopefully the FETD is only
4825		 * using 16 bits for an error code, since that's
4826		 * all the space we have in the sks field.
4827		 */
4828		ctl_set_internal_failure(&io->scsiio,
4829					 /*sks_valid*/ 1,
4830					 /*retry_count*/
4831					 io->io_hdr.port_status);
4832		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4833			free(io->scsiio.kern_data_ptr, M_CTL);
4834		ctl_done(io);
4835		goto bailout;
4836	}
4837
4838	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
4839	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
4840	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4841		/*
4842		 * XXX KDM just assuming a single pointer here, and not a
4843		 * S/G list.  If we start using S/G lists for config data,
4844		 * we'll need to know how to clean them up here as well.
4845		 */
4846		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4847			free(io->scsiio.kern_data_ptr, M_CTL);
4848		/* Hopefully the user has already set the status... */
4849		ctl_done(io);
4850	} else {
4851		/*
4852		 * XXX KDM now we need to continue data movement.  Some
4853		 * options:
4854		 * - call ctl_scsiio() again?  We don't do this for data
4855		 *   writes, because for those at least we know ahead of
4856		 *   time where the write will go and how long it is.  For
4857		 *   config writes, though, that information is largely
4858		 *   contained within the write itself, thus we need to
4859		 *   parse out the data again.
4860		 *
4861		 * - Call some other function once the data is in?
4862		 */
4863
4864		/*
4865		 * XXX KDM call ctl_scsiio() again for now, and check flag
4866		 * bits to see whether we're allocated or not.
4867		 */
4868		retval = ctl_scsiio(&io->scsiio);
4869	}
4870bailout:
4871	return (retval);
4872}
4873
4874/*
4875 * This gets called by a backend driver when it is done with a
4876 * data_submit method.
4877 */
4878void
4879ctl_data_submit_done(union ctl_io *io)
4880{
4881	/*
4882	 * If the IO_CONT flag is set, we need to call the supplied
4883	 * function to continue processing the I/O, instead of completing
4884	 * the I/O just yet.
4885	 *
4886	 * If there is an error, though, we don't want to keep processing.
4887	 * Instead, just send status back to the initiator.
4888	 */
4889	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4890	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4891	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4892	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4893		io->scsiio.io_cont(io);
4894		return;
4895	}
4896	ctl_done(io);
4897}
4898
4899/*
4900 * This gets called by a backend driver when it is done with a
4901 * configuration write.
4902 */
4903void
4904ctl_config_write_done(union ctl_io *io)
4905{
4906	/*
4907	 * If the IO_CONT flag is set, we need to call the supplied
4908	 * function to continue processing the I/O, instead of completing
4909	 * the I/O just yet.
4910	 *
4911	 * If there is an error, though, we don't want to keep processing.
4912	 * Instead, just send status back to the initiator.
4913	 */
4914	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT)
4915	 && (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)
4916	  || ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))) {
4917		io->scsiio.io_cont(io);
4918		return;
4919	}
4920	/*
4921	 * Since a configuration write can be done for commands that actually
4922	 * have data allocated, like write buffer, and commands that have
4923	 * no data, like start/stop unit, we need to check here.
4924	 */
4925	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
4926		free(io->scsiio.kern_data_ptr, M_CTL);
4927	ctl_done(io);
4928}
4929
4930/*
4931 * SCSI release command.
4932 */
4933int
4934ctl_scsi_release(struct ctl_scsiio *ctsio)
4935{
4936	int length, longid, thirdparty_id, resv_id;
4937	struct ctl_softc *ctl_softc;
4938	struct ctl_lun *lun;
4939
4940	length = 0;
4941	resv_id = 0;
4942
4943	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4944
4945	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4946	ctl_softc = control_softc;
4947
4948	switch (ctsio->cdb[0]) {
4949	case RELEASE_10: {
4950		struct scsi_release_10 *cdb;
4951
4952		cdb = (struct scsi_release_10 *)ctsio->cdb;
4953
4954		if (cdb->byte2 & SR10_LONGID)
4955			longid = 1;
4956		else
4957			thirdparty_id = cdb->thirdparty_id;
4958
4959		resv_id = cdb->resv_id;
4960		length = scsi_2btoul(cdb->length);
4961		break;
4962	}
4963	}
4964
4965
4966	/*
4967	 * XXX KDM right now, we only support LUN reservation.  We don't
4968	 * support 3rd party reservations, or extent reservations, which
4969	 * might actually need the parameter list.  If we've gotten this
4970	 * far, we've got a LUN reservation.  Anything else got kicked out
4971	 * above.  So, according to SPC, ignore the length.
4972	 */
4973	length = 0;
4974
4975	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4976	 && (length > 0)) {
4977		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4978		ctsio->kern_data_len = length;
4979		ctsio->kern_total_len = length;
4980		ctsio->kern_data_resid = 0;
4981		ctsio->kern_rel_offset = 0;
4982		ctsio->kern_sg_entries = 0;
4983		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4984		ctsio->be_move_done = ctl_config_move_done;
4985		ctl_datamove((union ctl_io *)ctsio);
4986
4987		return (CTL_RETVAL_COMPLETE);
4988	}
4989
4990	if (length > 0)
4991		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4992
4993	mtx_lock(&lun->lun_lock);
4994
4995	/*
4996	 * According to SPC, it is not an error for an intiator to attempt
4997	 * to release a reservation on a LUN that isn't reserved, or that
4998	 * is reserved by another initiator.  The reservation can only be
4999	 * released, though, by the initiator who made it or by one of
5000	 * several reset type events.
5001	 */
5002	if (lun->flags & CTL_LUN_RESERVED) {
5003		if ((ctsio->io_hdr.nexus.initid.id == lun->rsv_nexus.initid.id)
5004		 && (ctsio->io_hdr.nexus.targ_port == lun->rsv_nexus.targ_port)
5005		 && (ctsio->io_hdr.nexus.targ_target.id ==
5006		     lun->rsv_nexus.targ_target.id)) {
5007			lun->flags &= ~CTL_LUN_RESERVED;
5008		}
5009	}
5010
5011	mtx_unlock(&lun->lun_lock);
5012
5013	ctsio->scsi_status = SCSI_STATUS_OK;
5014	ctsio->io_hdr.status = CTL_SUCCESS;
5015
5016	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5017		free(ctsio->kern_data_ptr, M_CTL);
5018		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5019	}
5020
5021	ctl_done((union ctl_io *)ctsio);
5022	return (CTL_RETVAL_COMPLETE);
5023}
5024
5025int
5026ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5027{
5028	int extent, thirdparty, longid;
5029	int resv_id, length;
5030	uint64_t thirdparty_id;
5031	struct ctl_softc *ctl_softc;
5032	struct ctl_lun *lun;
5033
5034	extent = 0;
5035	thirdparty = 0;
5036	longid = 0;
5037	resv_id = 0;
5038	length = 0;
5039	thirdparty_id = 0;
5040
5041	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5042
5043	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5044	ctl_softc = control_softc;
5045
5046	switch (ctsio->cdb[0]) {
5047	case RESERVE_10: {
5048		struct scsi_reserve_10 *cdb;
5049
5050		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5051
5052		if (cdb->byte2 & SR10_LONGID)
5053			longid = 1;
5054		else
5055			thirdparty_id = cdb->thirdparty_id;
5056
5057		resv_id = cdb->resv_id;
5058		length = scsi_2btoul(cdb->length);
5059		break;
5060	}
5061	}
5062
5063	/*
5064	 * XXX KDM right now, we only support LUN reservation.  We don't
5065	 * support 3rd party reservations, or extent reservations, which
5066	 * might actually need the parameter list.  If we've gotten this
5067	 * far, we've got a LUN reservation.  Anything else got kicked out
5068	 * above.  So, according to SPC, ignore the length.
5069	 */
5070	length = 0;
5071
5072	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5073	 && (length > 0)) {
5074		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5075		ctsio->kern_data_len = length;
5076		ctsio->kern_total_len = length;
5077		ctsio->kern_data_resid = 0;
5078		ctsio->kern_rel_offset = 0;
5079		ctsio->kern_sg_entries = 0;
5080		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5081		ctsio->be_move_done = ctl_config_move_done;
5082		ctl_datamove((union ctl_io *)ctsio);
5083
5084		return (CTL_RETVAL_COMPLETE);
5085	}
5086
5087	if (length > 0)
5088		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5089
5090	mtx_lock(&lun->lun_lock);
5091	if (lun->flags & CTL_LUN_RESERVED) {
5092		if ((ctsio->io_hdr.nexus.initid.id != lun->rsv_nexus.initid.id)
5093		 || (ctsio->io_hdr.nexus.targ_port != lun->rsv_nexus.targ_port)
5094		 || (ctsio->io_hdr.nexus.targ_target.id !=
5095		     lun->rsv_nexus.targ_target.id)) {
5096			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
5097			ctsio->io_hdr.status = CTL_SCSI_ERROR;
5098			goto bailout;
5099		}
5100	}
5101
5102	lun->flags |= CTL_LUN_RESERVED;
5103	lun->rsv_nexus = ctsio->io_hdr.nexus;
5104
5105	ctsio->scsi_status = SCSI_STATUS_OK;
5106	ctsio->io_hdr.status = CTL_SUCCESS;
5107
5108bailout:
5109	mtx_unlock(&lun->lun_lock);
5110
5111	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5112		free(ctsio->kern_data_ptr, M_CTL);
5113		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5114	}
5115
5116	ctl_done((union ctl_io *)ctsio);
5117	return (CTL_RETVAL_COMPLETE);
5118}
5119
5120int
5121ctl_start_stop(struct ctl_scsiio *ctsio)
5122{
5123	struct scsi_start_stop_unit *cdb;
5124	struct ctl_lun *lun;
5125	struct ctl_softc *ctl_softc;
5126	int retval;
5127
5128	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5129
5130	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5131	ctl_softc = control_softc;
5132	retval = 0;
5133
5134	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5135
5136	/*
5137	 * XXX KDM
5138	 * We don't support the immediate bit on a stop unit.  In order to
5139	 * do that, we would need to code up a way to know that a stop is
5140	 * pending, and hold off any new commands until it completes, one
5141	 * way or another.  Then we could accept or reject those commands
5142	 * depending on its status.  We would almost need to do the reverse
5143	 * of what we do below for an immediate start -- return the copy of
5144	 * the ctl_io to the FETD with status to send to the host (and to
5145	 * free the copy!) and then free the original I/O once the stop
5146	 * actually completes.  That way, the OOA queue mechanism can work
5147	 * to block commands that shouldn't proceed.  Another alternative
5148	 * would be to put the copy in the queue in place of the original,
5149	 * and return the original back to the caller.  That could be
5150	 * slightly safer..
5151	 */
5152	if ((cdb->byte2 & SSS_IMMED)
5153	 && ((cdb->how & SSS_START) == 0)) {
5154		ctl_set_invalid_field(ctsio,
5155				      /*sks_valid*/ 1,
5156				      /*command*/ 1,
5157				      /*field*/ 1,
5158				      /*bit_valid*/ 1,
5159				      /*bit*/ 0);
5160		ctl_done((union ctl_io *)ctsio);
5161		return (CTL_RETVAL_COMPLETE);
5162	}
5163
5164	if ((lun->flags & CTL_LUN_PR_RESERVED)
5165	 && ((cdb->how & SSS_START)==0)) {
5166		uint32_t residx;
5167
5168		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5169		if (!lun->per_res[residx].registered
5170		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5171
5172			ctl_set_reservation_conflict(ctsio);
5173			ctl_done((union ctl_io *)ctsio);
5174			return (CTL_RETVAL_COMPLETE);
5175		}
5176	}
5177
5178	/*
5179	 * If there is no backend on this device, we can't start or stop
5180	 * it.  In theory we shouldn't get any start/stop commands in the
5181	 * first place at this level if the LUN doesn't have a backend.
5182	 * That should get stopped by the command decode code.
5183	 */
5184	if (lun->backend == NULL) {
5185		ctl_set_invalid_opcode(ctsio);
5186		ctl_done((union ctl_io *)ctsio);
5187		return (CTL_RETVAL_COMPLETE);
5188	}
5189
5190	/*
5191	 * XXX KDM Copan-specific offline behavior.
5192	 * Figure out a reasonable way to port this?
5193	 */
5194#ifdef NEEDTOPORT
5195	mtx_lock(&lun->lun_lock);
5196
5197	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5198	 && (lun->flags & CTL_LUN_OFFLINE)) {
5199		/*
5200		 * If the LUN is offline, and the on/offline bit isn't set,
5201		 * reject the start or stop.  Otherwise, let it through.
5202		 */
5203		mtx_unlock(&lun->lun_lock);
5204		ctl_set_lun_not_ready(ctsio);
5205		ctl_done((union ctl_io *)ctsio);
5206	} else {
5207		mtx_unlock(&lun->lun_lock);
5208#endif /* NEEDTOPORT */
5209		/*
5210		 * This could be a start or a stop when we're online,
5211		 * or a stop/offline or start/online.  A start or stop when
5212		 * we're offline is covered in the case above.
5213		 */
5214		/*
5215		 * In the non-immediate case, we send the request to
5216		 * the backend and return status to the user when
5217		 * it is done.
5218		 *
5219		 * In the immediate case, we allocate a new ctl_io
5220		 * to hold a copy of the request, and send that to
5221		 * the backend.  We then set good status on the
5222		 * user's request and return it immediately.
5223		 */
5224		if (cdb->byte2 & SSS_IMMED) {
5225			union ctl_io *new_io;
5226
5227			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5228			if (new_io == NULL) {
5229				ctl_set_busy(ctsio);
5230				ctl_done((union ctl_io *)ctsio);
5231			} else {
5232				ctl_copy_io((union ctl_io *)ctsio,
5233					    new_io);
5234				retval = lun->backend->config_write(new_io);
5235				ctl_set_success(ctsio);
5236				ctl_done((union ctl_io *)ctsio);
5237			}
5238		} else {
5239			retval = lun->backend->config_write(
5240				(union ctl_io *)ctsio);
5241		}
5242#ifdef NEEDTOPORT
5243	}
5244#endif
5245	return (retval);
5246}
5247
5248/*
5249 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5250 * we don't really do anything with the LBA and length fields if the user
5251 * passes them in.  Instead we'll just flush out the cache for the entire
5252 * LUN.
5253 */
5254int
5255ctl_sync_cache(struct ctl_scsiio *ctsio)
5256{
5257	struct ctl_lun *lun;
5258	struct ctl_softc *ctl_softc;
5259	uint64_t starting_lba;
5260	uint32_t block_count;
5261	int retval;
5262
5263	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5264
5265	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5266	ctl_softc = control_softc;
5267	retval = 0;
5268
5269	switch (ctsio->cdb[0]) {
5270	case SYNCHRONIZE_CACHE: {
5271		struct scsi_sync_cache *cdb;
5272		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5273
5274		starting_lba = scsi_4btoul(cdb->begin_lba);
5275		block_count = scsi_2btoul(cdb->lb_count);
5276		break;
5277	}
5278	case SYNCHRONIZE_CACHE_16: {
5279		struct scsi_sync_cache_16 *cdb;
5280		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5281
5282		starting_lba = scsi_8btou64(cdb->begin_lba);
5283		block_count = scsi_4btoul(cdb->lb_count);
5284		break;
5285	}
5286	default:
5287		ctl_set_invalid_opcode(ctsio);
5288		ctl_done((union ctl_io *)ctsio);
5289		goto bailout;
5290		break; /* NOTREACHED */
5291	}
5292
5293	/*
5294	 * We check the LBA and length, but don't do anything with them.
5295	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5296	 * get flushed.  This check will just help satisfy anyone who wants
5297	 * to see an error for an out of range LBA.
5298	 */
5299	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5300		ctl_set_lba_out_of_range(ctsio);
5301		ctl_done((union ctl_io *)ctsio);
5302		goto bailout;
5303	}
5304
5305	/*
5306	 * If this LUN has no backend, we can't flush the cache anyway.
5307	 */
5308	if (lun->backend == NULL) {
5309		ctl_set_invalid_opcode(ctsio);
5310		ctl_done((union ctl_io *)ctsio);
5311		goto bailout;
5312	}
5313
5314	/*
5315	 * Check to see whether we're configured to send the SYNCHRONIZE
5316	 * CACHE command directly to the back end.
5317	 */
5318	mtx_lock(&lun->lun_lock);
5319	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5320	 && (++(lun->sync_count) >= lun->sync_interval)) {
5321		lun->sync_count = 0;
5322		mtx_unlock(&lun->lun_lock);
5323		retval = lun->backend->config_write((union ctl_io *)ctsio);
5324	} else {
5325		mtx_unlock(&lun->lun_lock);
5326		ctl_set_success(ctsio);
5327		ctl_done((union ctl_io *)ctsio);
5328	}
5329
5330bailout:
5331
5332	return (retval);
5333}
5334
5335int
5336ctl_format(struct ctl_scsiio *ctsio)
5337{
5338	struct scsi_format *cdb;
5339	struct ctl_lun *lun;
5340	struct ctl_softc *ctl_softc;
5341	int length, defect_list_len;
5342
5343	CTL_DEBUG_PRINT(("ctl_format\n"));
5344
5345	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5346	ctl_softc = control_softc;
5347
5348	cdb = (struct scsi_format *)ctsio->cdb;
5349
5350	length = 0;
5351	if (cdb->byte2 & SF_FMTDATA) {
5352		if (cdb->byte2 & SF_LONGLIST)
5353			length = sizeof(struct scsi_format_header_long);
5354		else
5355			length = sizeof(struct scsi_format_header_short);
5356	}
5357
5358	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5359	 && (length > 0)) {
5360		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5361		ctsio->kern_data_len = length;
5362		ctsio->kern_total_len = length;
5363		ctsio->kern_data_resid = 0;
5364		ctsio->kern_rel_offset = 0;
5365		ctsio->kern_sg_entries = 0;
5366		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5367		ctsio->be_move_done = ctl_config_move_done;
5368		ctl_datamove((union ctl_io *)ctsio);
5369
5370		return (CTL_RETVAL_COMPLETE);
5371	}
5372
5373	defect_list_len = 0;
5374
5375	if (cdb->byte2 & SF_FMTDATA) {
5376		if (cdb->byte2 & SF_LONGLIST) {
5377			struct scsi_format_header_long *header;
5378
5379			header = (struct scsi_format_header_long *)
5380				ctsio->kern_data_ptr;
5381
5382			defect_list_len = scsi_4btoul(header->defect_list_len);
5383			if (defect_list_len != 0) {
5384				ctl_set_invalid_field(ctsio,
5385						      /*sks_valid*/ 1,
5386						      /*command*/ 0,
5387						      /*field*/ 2,
5388						      /*bit_valid*/ 0,
5389						      /*bit*/ 0);
5390				goto bailout;
5391			}
5392		} else {
5393			struct scsi_format_header_short *header;
5394
5395			header = (struct scsi_format_header_short *)
5396				ctsio->kern_data_ptr;
5397
5398			defect_list_len = scsi_2btoul(header->defect_list_len);
5399			if (defect_list_len != 0) {
5400				ctl_set_invalid_field(ctsio,
5401						      /*sks_valid*/ 1,
5402						      /*command*/ 0,
5403						      /*field*/ 2,
5404						      /*bit_valid*/ 0,
5405						      /*bit*/ 0);
5406				goto bailout;
5407			}
5408		}
5409	}
5410
5411	/*
5412	 * The format command will clear out the "Medium format corrupted"
5413	 * status if set by the configuration code.  That status is really
5414	 * just a way to notify the host that we have lost the media, and
5415	 * get them to issue a command that will basically make them think
5416	 * they're blowing away the media.
5417	 */
5418	mtx_lock(&lun->lun_lock);
5419	lun->flags &= ~CTL_LUN_INOPERABLE;
5420	mtx_unlock(&lun->lun_lock);
5421
5422	ctsio->scsi_status = SCSI_STATUS_OK;
5423	ctsio->io_hdr.status = CTL_SUCCESS;
5424bailout:
5425
5426	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5427		free(ctsio->kern_data_ptr, M_CTL);
5428		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5429	}
5430
5431	ctl_done((union ctl_io *)ctsio);
5432	return (CTL_RETVAL_COMPLETE);
5433}
5434
5435int
5436ctl_read_buffer(struct ctl_scsiio *ctsio)
5437{
5438	struct scsi_read_buffer *cdb;
5439	struct ctl_lun *lun;
5440	int buffer_offset, len;
5441	static uint8_t descr[4];
5442	static uint8_t echo_descr[4] = { 0 };
5443
5444	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5445
5446	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5447	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5448
5449	if (lun->flags & CTL_LUN_PR_RESERVED) {
5450		uint32_t residx;
5451
5452		/*
5453		 * XXX KDM need a lock here.
5454		 */
5455		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5456		if ((lun->res_type == SPR_TYPE_EX_AC
5457		  && residx != lun->pr_res_idx)
5458		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
5459		   || lun->res_type == SPR_TYPE_EX_AC_AR)
5460		  && !lun->per_res[residx].registered)) {
5461			ctl_set_reservation_conflict(ctsio);
5462			ctl_done((union ctl_io *)ctsio);
5463			return (CTL_RETVAL_COMPLETE);
5464	        }
5465	}
5466
5467	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5468	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5469	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5470		ctl_set_invalid_field(ctsio,
5471				      /*sks_valid*/ 1,
5472				      /*command*/ 1,
5473				      /*field*/ 1,
5474				      /*bit_valid*/ 1,
5475				      /*bit*/ 4);
5476		ctl_done((union ctl_io *)ctsio);
5477		return (CTL_RETVAL_COMPLETE);
5478	}
5479
5480	len = scsi_3btoul(cdb->length);
5481	buffer_offset = scsi_3btoul(cdb->offset);
5482
5483	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5484		ctl_set_invalid_field(ctsio,
5485				      /*sks_valid*/ 1,
5486				      /*command*/ 1,
5487				      /*field*/ 6,
5488				      /*bit_valid*/ 0,
5489				      /*bit*/ 0);
5490		ctl_done((union ctl_io *)ctsio);
5491		return (CTL_RETVAL_COMPLETE);
5492	}
5493
5494	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5495		descr[0] = 0;
5496		scsi_ulto3b(sizeof(lun->write_buffer), &descr[1]);
5497		ctsio->kern_data_ptr = descr;
5498		len = min(len, sizeof(descr));
5499	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5500		ctsio->kern_data_ptr = echo_descr;
5501		len = min(len, sizeof(echo_descr));
5502	} else
5503		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5504	ctsio->kern_data_len = len;
5505	ctsio->kern_total_len = len;
5506	ctsio->kern_data_resid = 0;
5507	ctsio->kern_rel_offset = 0;
5508	ctsio->kern_sg_entries = 0;
5509	ctsio->be_move_done = ctl_config_move_done;
5510	ctl_datamove((union ctl_io *)ctsio);
5511
5512	return (CTL_RETVAL_COMPLETE);
5513}
5514
5515int
5516ctl_write_buffer(struct ctl_scsiio *ctsio)
5517{
5518	struct scsi_write_buffer *cdb;
5519	struct ctl_lun *lun;
5520	int buffer_offset, len;
5521
5522	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5523
5524	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5525	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5526
5527	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5528		ctl_set_invalid_field(ctsio,
5529				      /*sks_valid*/ 1,
5530				      /*command*/ 1,
5531				      /*field*/ 1,
5532				      /*bit_valid*/ 1,
5533				      /*bit*/ 4);
5534		ctl_done((union ctl_io *)ctsio);
5535		return (CTL_RETVAL_COMPLETE);
5536	}
5537
5538	len = scsi_3btoul(cdb->length);
5539	buffer_offset = scsi_3btoul(cdb->offset);
5540
5541	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5542		ctl_set_invalid_field(ctsio,
5543				      /*sks_valid*/ 1,
5544				      /*command*/ 1,
5545				      /*field*/ 6,
5546				      /*bit_valid*/ 0,
5547				      /*bit*/ 0);
5548		ctl_done((union ctl_io *)ctsio);
5549		return (CTL_RETVAL_COMPLETE);
5550	}
5551
5552	/*
5553	 * If we've got a kernel request that hasn't been malloced yet,
5554	 * malloc it and tell the caller the data buffer is here.
5555	 */
5556	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5557		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5558		ctsio->kern_data_len = len;
5559		ctsio->kern_total_len = len;
5560		ctsio->kern_data_resid = 0;
5561		ctsio->kern_rel_offset = 0;
5562		ctsio->kern_sg_entries = 0;
5563		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5564		ctsio->be_move_done = ctl_config_move_done;
5565		ctl_datamove((union ctl_io *)ctsio);
5566
5567		return (CTL_RETVAL_COMPLETE);
5568	}
5569
5570	ctl_done((union ctl_io *)ctsio);
5571
5572	return (CTL_RETVAL_COMPLETE);
5573}
5574
5575int
5576ctl_write_same(struct ctl_scsiio *ctsio)
5577{
5578	struct ctl_lun *lun;
5579	struct ctl_lba_len_flags *lbalen;
5580	uint64_t lba;
5581	uint32_t num_blocks;
5582	int len, retval;
5583	uint8_t byte2;
5584
5585	retval = CTL_RETVAL_COMPLETE;
5586
5587	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5588
5589	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5590
5591	switch (ctsio->cdb[0]) {
5592	case WRITE_SAME_10: {
5593		struct scsi_write_same_10 *cdb;
5594
5595		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5596
5597		lba = scsi_4btoul(cdb->addr);
5598		num_blocks = scsi_2btoul(cdb->length);
5599		byte2 = cdb->byte2;
5600		break;
5601	}
5602	case WRITE_SAME_16: {
5603		struct scsi_write_same_16 *cdb;
5604
5605		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5606
5607		lba = scsi_8btou64(cdb->addr);
5608		num_blocks = scsi_4btoul(cdb->length);
5609		byte2 = cdb->byte2;
5610		break;
5611	}
5612	default:
5613		/*
5614		 * We got a command we don't support.  This shouldn't
5615		 * happen, commands should be filtered out above us.
5616		 */
5617		ctl_set_invalid_opcode(ctsio);
5618		ctl_done((union ctl_io *)ctsio);
5619
5620		return (CTL_RETVAL_COMPLETE);
5621		break; /* NOTREACHED */
5622	}
5623
5624	/*
5625	 * The first check is to make sure we're in bounds, the second
5626	 * check is to catch wrap-around problems.  If the lba + num blocks
5627	 * is less than the lba, then we've wrapped around and the block
5628	 * range is invalid anyway.
5629	 */
5630	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5631	 || ((lba + num_blocks) < lba)) {
5632		ctl_set_lba_out_of_range(ctsio);
5633		ctl_done((union ctl_io *)ctsio);
5634		return (CTL_RETVAL_COMPLETE);
5635	}
5636
5637	/* Zero number of blocks means "to the last logical block" */
5638	if (num_blocks == 0) {
5639		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5640			ctl_set_invalid_field(ctsio,
5641					      /*sks_valid*/ 0,
5642					      /*command*/ 1,
5643					      /*field*/ 0,
5644					      /*bit_valid*/ 0,
5645					      /*bit*/ 0);
5646			ctl_done((union ctl_io *)ctsio);
5647			return (CTL_RETVAL_COMPLETE);
5648		}
5649		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5650	}
5651
5652	len = lun->be_lun->blocksize;
5653
5654	/*
5655	 * If we've got a kernel request that hasn't been malloced yet,
5656	 * malloc it and tell the caller the data buffer is here.
5657	 */
5658	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5659		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5660		ctsio->kern_data_len = len;
5661		ctsio->kern_total_len = len;
5662		ctsio->kern_data_resid = 0;
5663		ctsio->kern_rel_offset = 0;
5664		ctsio->kern_sg_entries = 0;
5665		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5666		ctsio->be_move_done = ctl_config_move_done;
5667		ctl_datamove((union ctl_io *)ctsio);
5668
5669		return (CTL_RETVAL_COMPLETE);
5670	}
5671
5672	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5673	lbalen->lba = lba;
5674	lbalen->len = num_blocks;
5675	lbalen->flags = byte2;
5676	retval = lun->backend->config_write((union ctl_io *)ctsio);
5677
5678	return (retval);
5679}
5680
5681int
5682ctl_unmap(struct ctl_scsiio *ctsio)
5683{
5684	struct ctl_lun *lun;
5685	struct scsi_unmap *cdb;
5686	struct ctl_ptr_len_flags *ptrlen;
5687	struct scsi_unmap_header *hdr;
5688	struct scsi_unmap_desc *buf, *end;
5689	uint64_t lba;
5690	uint32_t num_blocks;
5691	int len, retval;
5692	uint8_t byte2;
5693
5694	retval = CTL_RETVAL_COMPLETE;
5695
5696	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5697
5698	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5699	cdb = (struct scsi_unmap *)ctsio->cdb;
5700
5701	len = scsi_2btoul(cdb->length);
5702	byte2 = cdb->byte2;
5703
5704	/*
5705	 * If we've got a kernel request that hasn't been malloced yet,
5706	 * malloc it and tell the caller the data buffer is here.
5707	 */
5708	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5709		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5710		ctsio->kern_data_len = len;
5711		ctsio->kern_total_len = len;
5712		ctsio->kern_data_resid = 0;
5713		ctsio->kern_rel_offset = 0;
5714		ctsio->kern_sg_entries = 0;
5715		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5716		ctsio->be_move_done = ctl_config_move_done;
5717		ctl_datamove((union ctl_io *)ctsio);
5718
5719		return (CTL_RETVAL_COMPLETE);
5720	}
5721
5722	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5723	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5724	if (len < sizeof (*hdr) ||
5725	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5726	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5727	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5728		ctl_set_invalid_field(ctsio,
5729				      /*sks_valid*/ 0,
5730				      /*command*/ 0,
5731				      /*field*/ 0,
5732				      /*bit_valid*/ 0,
5733				      /*bit*/ 0);
5734		ctl_done((union ctl_io *)ctsio);
5735		return (CTL_RETVAL_COMPLETE);
5736	}
5737	len = scsi_2btoul(hdr->desc_length);
5738	buf = (struct scsi_unmap_desc *)(hdr + 1);
5739	end = buf + len / sizeof(*buf);
5740
5741	ptrlen = (struct ctl_ptr_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5742	ptrlen->ptr = (void *)buf;
5743	ptrlen->len = len;
5744	ptrlen->flags = byte2;
5745
5746	for (; buf < end; buf++) {
5747		lba = scsi_8btou64(buf->lba);
5748		num_blocks = scsi_4btoul(buf->length);
5749		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5750		 || ((lba + num_blocks) < lba)) {
5751			ctl_set_lba_out_of_range(ctsio);
5752			ctl_done((union ctl_io *)ctsio);
5753			return (CTL_RETVAL_COMPLETE);
5754		}
5755	}
5756
5757	retval = lun->backend->config_write((union ctl_io *)ctsio);
5758
5759	return (retval);
5760}
5761
5762/*
5763 * Note that this function currently doesn't actually do anything inside
5764 * CTL to enforce things if the DQue bit is turned on.
5765 *
5766 * Also note that this function can't be used in the default case, because
5767 * the DQue bit isn't set in the changeable mask for the control mode page
5768 * anyway.  This is just here as an example for how to implement a page
5769 * handler, and a placeholder in case we want to allow the user to turn
5770 * tagged queueing on and off.
5771 *
5772 * The D_SENSE bit handling is functional, however, and will turn
5773 * descriptor sense on and off for a given LUN.
5774 */
5775int
5776ctl_control_page_handler(struct ctl_scsiio *ctsio,
5777			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5778{
5779	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5780	struct ctl_lun *lun;
5781	struct ctl_softc *softc;
5782	int set_ua;
5783	uint32_t initidx;
5784
5785	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5786	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5787	set_ua = 0;
5788
5789	user_cp = (struct scsi_control_page *)page_ptr;
5790	current_cp = (struct scsi_control_page *)
5791		(page_index->page_data + (page_index->page_len *
5792		CTL_PAGE_CURRENT));
5793	saved_cp = (struct scsi_control_page *)
5794		(page_index->page_data + (page_index->page_len *
5795		CTL_PAGE_SAVED));
5796
5797	softc = control_softc;
5798
5799	mtx_lock(&lun->lun_lock);
5800	if (((current_cp->rlec & SCP_DSENSE) == 0)
5801	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5802		/*
5803		 * Descriptor sense is currently turned off and the user
5804		 * wants to turn it on.
5805		 */
5806		current_cp->rlec |= SCP_DSENSE;
5807		saved_cp->rlec |= SCP_DSENSE;
5808		lun->flags |= CTL_LUN_SENSE_DESC;
5809		set_ua = 1;
5810	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5811		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5812		/*
5813		 * Descriptor sense is currently turned on, and the user
5814		 * wants to turn it off.
5815		 */
5816		current_cp->rlec &= ~SCP_DSENSE;
5817		saved_cp->rlec &= ~SCP_DSENSE;
5818		lun->flags &= ~CTL_LUN_SENSE_DESC;
5819		set_ua = 1;
5820	}
5821	if (current_cp->queue_flags & SCP_QUEUE_DQUE) {
5822		if (user_cp->queue_flags & SCP_QUEUE_DQUE) {
5823#ifdef NEEDTOPORT
5824			csevent_log(CSC_CTL | CSC_SHELF_SW |
5825				    CTL_UNTAG_TO_UNTAG,
5826				    csevent_LogType_Trace,
5827				    csevent_Severity_Information,
5828				    csevent_AlertLevel_Green,
5829				    csevent_FRU_Firmware,
5830				    csevent_FRU_Unknown,
5831				    "Received untagged to untagged transition");
5832#endif /* NEEDTOPORT */
5833		} else {
5834#ifdef NEEDTOPORT
5835			csevent_log(CSC_CTL | CSC_SHELF_SW |
5836				    CTL_UNTAG_TO_TAG,
5837				    csevent_LogType_ConfigChange,
5838				    csevent_Severity_Information,
5839				    csevent_AlertLevel_Green,
5840				    csevent_FRU_Firmware,
5841				    csevent_FRU_Unknown,
5842				    "Received untagged to tagged "
5843				    "queueing transition");
5844#endif /* NEEDTOPORT */
5845
5846			current_cp->queue_flags &= ~SCP_QUEUE_DQUE;
5847			saved_cp->queue_flags &= ~SCP_QUEUE_DQUE;
5848			set_ua = 1;
5849		}
5850	} else {
5851		if (user_cp->queue_flags & SCP_QUEUE_DQUE) {
5852#ifdef NEEDTOPORT
5853			csevent_log(CSC_CTL | CSC_SHELF_SW |
5854				    CTL_TAG_TO_UNTAG,
5855				    csevent_LogType_ConfigChange,
5856				    csevent_Severity_Warning,
5857				    csevent_AlertLevel_Yellow,
5858				    csevent_FRU_Firmware,
5859				    csevent_FRU_Unknown,
5860				    "Received tagged queueing to untagged "
5861				    "transition");
5862#endif /* NEEDTOPORT */
5863
5864			current_cp->queue_flags |= SCP_QUEUE_DQUE;
5865			saved_cp->queue_flags |= SCP_QUEUE_DQUE;
5866			set_ua = 1;
5867		} else {
5868#ifdef NEEDTOPORT
5869			csevent_log(CSC_CTL | CSC_SHELF_SW |
5870				    CTL_TAG_TO_TAG,
5871				    csevent_LogType_Trace,
5872				    csevent_Severity_Information,
5873				    csevent_AlertLevel_Green,
5874				    csevent_FRU_Firmware,
5875				    csevent_FRU_Unknown,
5876				    "Received tagged queueing to tagged "
5877				    "queueing transition");
5878#endif /* NEEDTOPORT */
5879		}
5880	}
5881	if (set_ua != 0) {
5882		int i;
5883		/*
5884		 * Let other initiators know that the mode
5885		 * parameters for this LUN have changed.
5886		 */
5887		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
5888			if (i == initidx)
5889				continue;
5890
5891			lun->pending_sense[i].ua_pending |=
5892				CTL_UA_MODE_CHANGE;
5893		}
5894	}
5895	mtx_unlock(&lun->lun_lock);
5896
5897	return (0);
5898}
5899
5900int
5901ctl_power_sp_handler(struct ctl_scsiio *ctsio,
5902		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5903{
5904	return (0);
5905}
5906
5907int
5908ctl_power_sp_sense_handler(struct ctl_scsiio *ctsio,
5909			   struct ctl_page_index *page_index, int pc)
5910{
5911	struct copan_power_subpage *page;
5912
5913	page = (struct copan_power_subpage *)page_index->page_data +
5914		(page_index->page_len * pc);
5915
5916	switch (pc) {
5917	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5918		/*
5919		 * We don't update the changable bits for this page.
5920		 */
5921		break;
5922	case SMS_PAGE_CTRL_CURRENT >> 6:
5923	case SMS_PAGE_CTRL_DEFAULT >> 6:
5924	case SMS_PAGE_CTRL_SAVED >> 6:
5925#ifdef NEEDTOPORT
5926		ctl_update_power_subpage(page);
5927#endif
5928		break;
5929	default:
5930#ifdef NEEDTOPORT
5931		EPRINT(0, "Invalid PC %d!!", pc);
5932#endif
5933		break;
5934	}
5935	return (0);
5936}
5937
5938
5939int
5940ctl_aps_sp_handler(struct ctl_scsiio *ctsio,
5941		   struct ctl_page_index *page_index, uint8_t *page_ptr)
5942{
5943	struct copan_aps_subpage *user_sp;
5944	struct copan_aps_subpage *current_sp;
5945	union ctl_modepage_info *modepage_info;
5946	struct ctl_softc *softc;
5947	struct ctl_lun *lun;
5948	int retval;
5949
5950	retval = CTL_RETVAL_COMPLETE;
5951	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
5952		     (page_index->page_len * CTL_PAGE_CURRENT));
5953	softc = control_softc;
5954	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5955
5956	user_sp = (struct copan_aps_subpage *)page_ptr;
5957
5958	modepage_info = (union ctl_modepage_info *)
5959		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5960
5961	modepage_info->header.page_code = page_index->page_code & SMPH_PC_MASK;
5962	modepage_info->header.subpage = page_index->subpage;
5963	modepage_info->aps.lock_active = user_sp->lock_active;
5964
5965	mtx_lock(&softc->ctl_lock);
5966
5967	/*
5968	 * If there is a request to lock the LUN and another LUN is locked
5969	 * this is an error. If the requested LUN is already locked ignore
5970	 * the request. If no LUN is locked attempt to lock it.
5971	 * if there is a request to unlock the LUN and the LUN is currently
5972	 * locked attempt to unlock it. Otherwise ignore the request. i.e.
5973	 * if another LUN is locked or no LUN is locked.
5974	 */
5975	if (user_sp->lock_active & APS_LOCK_ACTIVE) {
5976		if (softc->aps_locked_lun == lun->lun) {
5977			/*
5978			 * This LUN is already locked, so we're done.
5979			 */
5980			retval = CTL_RETVAL_COMPLETE;
5981		} else if (softc->aps_locked_lun == 0) {
5982			/*
5983			 * No one has the lock, pass the request to the
5984			 * backend.
5985			 */
5986			retval = lun->backend->config_write(
5987				(union ctl_io *)ctsio);
5988		} else {
5989			/*
5990			 * Someone else has the lock, throw out the request.
5991			 */
5992			ctl_set_already_locked(ctsio);
5993			free(ctsio->kern_data_ptr, M_CTL);
5994			ctl_done((union ctl_io *)ctsio);
5995
5996			/*
5997			 * Set the return value so that ctl_do_mode_select()
5998			 * won't try to complete the command.  We already
5999			 * completed it here.
6000			 */
6001			retval = CTL_RETVAL_ERROR;
6002		}
6003	} else if (softc->aps_locked_lun == lun->lun) {
6004		/*
6005		 * This LUN is locked, so pass the unlock request to the
6006		 * backend.
6007		 */
6008		retval = lun->backend->config_write((union ctl_io *)ctsio);
6009	}
6010	mtx_unlock(&softc->ctl_lock);
6011
6012	return (retval);
6013}
6014
6015int
6016ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6017				struct ctl_page_index *page_index,
6018				uint8_t *page_ptr)
6019{
6020	uint8_t *c;
6021	int i;
6022
6023	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6024	ctl_time_io_secs =
6025		(c[0] << 8) |
6026		(c[1] << 0) |
6027		0;
6028	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6029	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6030	printf("page data:");
6031	for (i=0; i<8; i++)
6032		printf(" %.2x",page_ptr[i]);
6033	printf("\n");
6034	return (0);
6035}
6036
6037int
6038ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6039			       struct ctl_page_index *page_index,
6040			       int pc)
6041{
6042	struct copan_debugconf_subpage *page;
6043
6044	page = (struct copan_debugconf_subpage *)page_index->page_data +
6045		(page_index->page_len * pc);
6046
6047	switch (pc) {
6048	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6049	case SMS_PAGE_CTRL_DEFAULT >> 6:
6050	case SMS_PAGE_CTRL_SAVED >> 6:
6051		/*
6052		 * We don't update the changable or default bits for this page.
6053		 */
6054		break;
6055	case SMS_PAGE_CTRL_CURRENT >> 6:
6056		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6057		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6058		break;
6059	default:
6060#ifdef NEEDTOPORT
6061		EPRINT(0, "Invalid PC %d!!", pc);
6062#endif /* NEEDTOPORT */
6063		break;
6064	}
6065	return (0);
6066}
6067
6068
6069static int
6070ctl_do_mode_select(union ctl_io *io)
6071{
6072	struct scsi_mode_page_header *page_header;
6073	struct ctl_page_index *page_index;
6074	struct ctl_scsiio *ctsio;
6075	int control_dev, page_len;
6076	int page_len_offset, page_len_size;
6077	union ctl_modepage_info *modepage_info;
6078	struct ctl_lun *lun;
6079	int *len_left, *len_used;
6080	int retval, i;
6081
6082	ctsio = &io->scsiio;
6083	page_index = NULL;
6084	page_len = 0;
6085	retval = CTL_RETVAL_COMPLETE;
6086
6087	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6088
6089	if (lun->be_lun->lun_type != T_DIRECT)
6090		control_dev = 1;
6091	else
6092		control_dev = 0;
6093
6094	modepage_info = (union ctl_modepage_info *)
6095		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6096	len_left = &modepage_info->header.len_left;
6097	len_used = &modepage_info->header.len_used;
6098
6099do_next_page:
6100
6101	page_header = (struct scsi_mode_page_header *)
6102		(ctsio->kern_data_ptr + *len_used);
6103
6104	if (*len_left == 0) {
6105		free(ctsio->kern_data_ptr, M_CTL);
6106		ctl_set_success(ctsio);
6107		ctl_done((union ctl_io *)ctsio);
6108		return (CTL_RETVAL_COMPLETE);
6109	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6110
6111		free(ctsio->kern_data_ptr, M_CTL);
6112		ctl_set_param_len_error(ctsio);
6113		ctl_done((union ctl_io *)ctsio);
6114		return (CTL_RETVAL_COMPLETE);
6115
6116	} else if ((page_header->page_code & SMPH_SPF)
6117		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6118
6119		free(ctsio->kern_data_ptr, M_CTL);
6120		ctl_set_param_len_error(ctsio);
6121		ctl_done((union ctl_io *)ctsio);
6122		return (CTL_RETVAL_COMPLETE);
6123	}
6124
6125
6126	/*
6127	 * XXX KDM should we do something with the block descriptor?
6128	 */
6129	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6130
6131		if ((control_dev != 0)
6132		 && (lun->mode_pages.index[i].page_flags &
6133		     CTL_PAGE_FLAG_DISK_ONLY))
6134			continue;
6135
6136		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6137		    (page_header->page_code & SMPH_PC_MASK))
6138			continue;
6139
6140		/*
6141		 * If neither page has a subpage code, then we've got a
6142		 * match.
6143		 */
6144		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6145		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6146			page_index = &lun->mode_pages.index[i];
6147			page_len = page_header->page_length;
6148			break;
6149		}
6150
6151		/*
6152		 * If both pages have subpages, then the subpage numbers
6153		 * have to match.
6154		 */
6155		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6156		  && (page_header->page_code & SMPH_SPF)) {
6157			struct scsi_mode_page_header_sp *sph;
6158
6159			sph = (struct scsi_mode_page_header_sp *)page_header;
6160
6161			if (lun->mode_pages.index[i].subpage ==
6162			    sph->subpage) {
6163				page_index = &lun->mode_pages.index[i];
6164				page_len = scsi_2btoul(sph->page_length);
6165				break;
6166			}
6167		}
6168	}
6169
6170	/*
6171	 * If we couldn't find the page, or if we don't have a mode select
6172	 * handler for it, send back an error to the user.
6173	 */
6174	if ((page_index == NULL)
6175	 || (page_index->select_handler == NULL)) {
6176		ctl_set_invalid_field(ctsio,
6177				      /*sks_valid*/ 1,
6178				      /*command*/ 0,
6179				      /*field*/ *len_used,
6180				      /*bit_valid*/ 0,
6181				      /*bit*/ 0);
6182		free(ctsio->kern_data_ptr, M_CTL);
6183		ctl_done((union ctl_io *)ctsio);
6184		return (CTL_RETVAL_COMPLETE);
6185	}
6186
6187	if (page_index->page_code & SMPH_SPF) {
6188		page_len_offset = 2;
6189		page_len_size = 2;
6190	} else {
6191		page_len_size = 1;
6192		page_len_offset = 1;
6193	}
6194
6195	/*
6196	 * If the length the initiator gives us isn't the one we specify in
6197	 * the mode page header, or if they didn't specify enough data in
6198	 * the CDB to avoid truncating this page, kick out the request.
6199	 */
6200	if ((page_len != (page_index->page_len - page_len_offset -
6201			  page_len_size))
6202	 || (*len_left < page_index->page_len)) {
6203
6204
6205		ctl_set_invalid_field(ctsio,
6206				      /*sks_valid*/ 1,
6207				      /*command*/ 0,
6208				      /*field*/ *len_used + page_len_offset,
6209				      /*bit_valid*/ 0,
6210				      /*bit*/ 0);
6211		free(ctsio->kern_data_ptr, M_CTL);
6212		ctl_done((union ctl_io *)ctsio);
6213		return (CTL_RETVAL_COMPLETE);
6214	}
6215
6216	/*
6217	 * Run through the mode page, checking to make sure that the bits
6218	 * the user changed are actually legal for him to change.
6219	 */
6220	for (i = 0; i < page_index->page_len; i++) {
6221		uint8_t *user_byte, *change_mask, *current_byte;
6222		int bad_bit;
6223		int j;
6224
6225		user_byte = (uint8_t *)page_header + i;
6226		change_mask = page_index->page_data +
6227			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6228		current_byte = page_index->page_data +
6229			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6230
6231		/*
6232		 * Check to see whether the user set any bits in this byte
6233		 * that he is not allowed to set.
6234		 */
6235		if ((*user_byte & ~(*change_mask)) ==
6236		    (*current_byte & ~(*change_mask)))
6237			continue;
6238
6239		/*
6240		 * Go through bit by bit to determine which one is illegal.
6241		 */
6242		bad_bit = 0;
6243		for (j = 7; j >= 0; j--) {
6244			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6245			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6246				bad_bit = i;
6247				break;
6248			}
6249		}
6250		ctl_set_invalid_field(ctsio,
6251				      /*sks_valid*/ 1,
6252				      /*command*/ 0,
6253				      /*field*/ *len_used + i,
6254				      /*bit_valid*/ 1,
6255				      /*bit*/ bad_bit);
6256		free(ctsio->kern_data_ptr, M_CTL);
6257		ctl_done((union ctl_io *)ctsio);
6258		return (CTL_RETVAL_COMPLETE);
6259	}
6260
6261	/*
6262	 * Decrement these before we call the page handler, since we may
6263	 * end up getting called back one way or another before the handler
6264	 * returns to this context.
6265	 */
6266	*len_left -= page_index->page_len;
6267	*len_used += page_index->page_len;
6268
6269	retval = page_index->select_handler(ctsio, page_index,
6270					    (uint8_t *)page_header);
6271
6272	/*
6273	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6274	 * wait until this queued command completes to finish processing
6275	 * the mode page.  If it returns anything other than
6276	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6277	 * already set the sense information, freed the data pointer, and
6278	 * completed the io for us.
6279	 */
6280	if (retval != CTL_RETVAL_COMPLETE)
6281		goto bailout_no_done;
6282
6283	/*
6284	 * If the initiator sent us more than one page, parse the next one.
6285	 */
6286	if (*len_left > 0)
6287		goto do_next_page;
6288
6289	ctl_set_success(ctsio);
6290	free(ctsio->kern_data_ptr, M_CTL);
6291	ctl_done((union ctl_io *)ctsio);
6292
6293bailout_no_done:
6294
6295	return (CTL_RETVAL_COMPLETE);
6296
6297}
6298
6299int
6300ctl_mode_select(struct ctl_scsiio *ctsio)
6301{
6302	int param_len, pf, sp;
6303	int header_size, bd_len;
6304	int len_left, len_used;
6305	struct ctl_page_index *page_index;
6306	struct ctl_lun *lun;
6307	int control_dev, page_len;
6308	union ctl_modepage_info *modepage_info;
6309	int retval;
6310
6311	pf = 0;
6312	sp = 0;
6313	page_len = 0;
6314	len_used = 0;
6315	len_left = 0;
6316	retval = 0;
6317	bd_len = 0;
6318	page_index = NULL;
6319
6320	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6321
6322	if (lun->be_lun->lun_type != T_DIRECT)
6323		control_dev = 1;
6324	else
6325		control_dev = 0;
6326
6327	switch (ctsio->cdb[0]) {
6328	case MODE_SELECT_6: {
6329		struct scsi_mode_select_6 *cdb;
6330
6331		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6332
6333		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6334		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6335
6336		param_len = cdb->length;
6337		header_size = sizeof(struct scsi_mode_header_6);
6338		break;
6339	}
6340	case MODE_SELECT_10: {
6341		struct scsi_mode_select_10 *cdb;
6342
6343		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6344
6345		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6346		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6347
6348		param_len = scsi_2btoul(cdb->length);
6349		header_size = sizeof(struct scsi_mode_header_10);
6350		break;
6351	}
6352	default:
6353		ctl_set_invalid_opcode(ctsio);
6354		ctl_done((union ctl_io *)ctsio);
6355		return (CTL_RETVAL_COMPLETE);
6356		break; /* NOTREACHED */
6357	}
6358
6359	/*
6360	 * From SPC-3:
6361	 * "A parameter list length of zero indicates that the Data-Out Buffer
6362	 * shall be empty. This condition shall not be considered as an error."
6363	 */
6364	if (param_len == 0) {
6365		ctl_set_success(ctsio);
6366		ctl_done((union ctl_io *)ctsio);
6367		return (CTL_RETVAL_COMPLETE);
6368	}
6369
6370	/*
6371	 * Since we'll hit this the first time through, prior to
6372	 * allocation, we don't need to free a data buffer here.
6373	 */
6374	if (param_len < header_size) {
6375		ctl_set_param_len_error(ctsio);
6376		ctl_done((union ctl_io *)ctsio);
6377		return (CTL_RETVAL_COMPLETE);
6378	}
6379
6380	/*
6381	 * Allocate the data buffer and grab the user's data.  In theory,
6382	 * we shouldn't have to sanity check the parameter list length here
6383	 * because the maximum size is 64K.  We should be able to malloc
6384	 * that much without too many problems.
6385	 */
6386	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6387		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6388		ctsio->kern_data_len = param_len;
6389		ctsio->kern_total_len = param_len;
6390		ctsio->kern_data_resid = 0;
6391		ctsio->kern_rel_offset = 0;
6392		ctsio->kern_sg_entries = 0;
6393		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6394		ctsio->be_move_done = ctl_config_move_done;
6395		ctl_datamove((union ctl_io *)ctsio);
6396
6397		return (CTL_RETVAL_COMPLETE);
6398	}
6399
6400	switch (ctsio->cdb[0]) {
6401	case MODE_SELECT_6: {
6402		struct scsi_mode_header_6 *mh6;
6403
6404		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6405		bd_len = mh6->blk_desc_len;
6406		break;
6407	}
6408	case MODE_SELECT_10: {
6409		struct scsi_mode_header_10 *mh10;
6410
6411		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6412		bd_len = scsi_2btoul(mh10->blk_desc_len);
6413		break;
6414	}
6415	default:
6416		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6417		break;
6418	}
6419
6420	if (param_len < (header_size + bd_len)) {
6421		free(ctsio->kern_data_ptr, M_CTL);
6422		ctl_set_param_len_error(ctsio);
6423		ctl_done((union ctl_io *)ctsio);
6424		return (CTL_RETVAL_COMPLETE);
6425	}
6426
6427	/*
6428	 * Set the IO_CONT flag, so that if this I/O gets passed to
6429	 * ctl_config_write_done(), it'll get passed back to
6430	 * ctl_do_mode_select() for further processing, or completion if
6431	 * we're all done.
6432	 */
6433	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6434	ctsio->io_cont = ctl_do_mode_select;
6435
6436	modepage_info = (union ctl_modepage_info *)
6437		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6438
6439	memset(modepage_info, 0, sizeof(*modepage_info));
6440
6441	len_left = param_len - header_size - bd_len;
6442	len_used = header_size + bd_len;
6443
6444	modepage_info->header.len_left = len_left;
6445	modepage_info->header.len_used = len_used;
6446
6447	return (ctl_do_mode_select((union ctl_io *)ctsio));
6448}
6449
6450int
6451ctl_mode_sense(struct ctl_scsiio *ctsio)
6452{
6453	struct ctl_lun *lun;
6454	int pc, page_code, dbd, llba, subpage;
6455	int alloc_len, page_len, header_len, total_len;
6456	struct scsi_mode_block_descr *block_desc;
6457	struct ctl_page_index *page_index;
6458	int control_dev;
6459
6460	dbd = 0;
6461	llba = 0;
6462	block_desc = NULL;
6463	page_index = NULL;
6464
6465	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6466
6467	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6468
6469	if (lun->be_lun->lun_type != T_DIRECT)
6470		control_dev = 1;
6471	else
6472		control_dev = 0;
6473
6474	if (lun->flags & CTL_LUN_PR_RESERVED) {
6475		uint32_t residx;
6476
6477		/*
6478		 * XXX KDM need a lock here.
6479		 */
6480		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
6481		if ((lun->res_type == SPR_TYPE_EX_AC
6482		  && residx != lun->pr_res_idx)
6483		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
6484		   || lun->res_type == SPR_TYPE_EX_AC_AR)
6485		  && !lun->per_res[residx].registered)) {
6486			ctl_set_reservation_conflict(ctsio);
6487			ctl_done((union ctl_io *)ctsio);
6488			return (CTL_RETVAL_COMPLETE);
6489		}
6490	}
6491
6492	switch (ctsio->cdb[0]) {
6493	case MODE_SENSE_6: {
6494		struct scsi_mode_sense_6 *cdb;
6495
6496		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6497
6498		header_len = sizeof(struct scsi_mode_hdr_6);
6499		if (cdb->byte2 & SMS_DBD)
6500			dbd = 1;
6501		else
6502			header_len += sizeof(struct scsi_mode_block_descr);
6503
6504		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6505		page_code = cdb->page & SMS_PAGE_CODE;
6506		subpage = cdb->subpage;
6507		alloc_len = cdb->length;
6508		break;
6509	}
6510	case MODE_SENSE_10: {
6511		struct scsi_mode_sense_10 *cdb;
6512
6513		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6514
6515		header_len = sizeof(struct scsi_mode_hdr_10);
6516
6517		if (cdb->byte2 & SMS_DBD)
6518			dbd = 1;
6519		else
6520			header_len += sizeof(struct scsi_mode_block_descr);
6521		if (cdb->byte2 & SMS10_LLBAA)
6522			llba = 1;
6523		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6524		page_code = cdb->page & SMS_PAGE_CODE;
6525		subpage = cdb->subpage;
6526		alloc_len = scsi_2btoul(cdb->length);
6527		break;
6528	}
6529	default:
6530		ctl_set_invalid_opcode(ctsio);
6531		ctl_done((union ctl_io *)ctsio);
6532		return (CTL_RETVAL_COMPLETE);
6533		break; /* NOTREACHED */
6534	}
6535
6536	/*
6537	 * We have to make a first pass through to calculate the size of
6538	 * the pages that match the user's query.  Then we allocate enough
6539	 * memory to hold it, and actually copy the data into the buffer.
6540	 */
6541	switch (page_code) {
6542	case SMS_ALL_PAGES_PAGE: {
6543		int i;
6544
6545		page_len = 0;
6546
6547		/*
6548		 * At the moment, values other than 0 and 0xff here are
6549		 * reserved according to SPC-3.
6550		 */
6551		if ((subpage != SMS_SUBPAGE_PAGE_0)
6552		 && (subpage != SMS_SUBPAGE_ALL)) {
6553			ctl_set_invalid_field(ctsio,
6554					      /*sks_valid*/ 1,
6555					      /*command*/ 1,
6556					      /*field*/ 3,
6557					      /*bit_valid*/ 0,
6558					      /*bit*/ 0);
6559			ctl_done((union ctl_io *)ctsio);
6560			return (CTL_RETVAL_COMPLETE);
6561		}
6562
6563		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6564			if ((control_dev != 0)
6565			 && (lun->mode_pages.index[i].page_flags &
6566			     CTL_PAGE_FLAG_DISK_ONLY))
6567				continue;
6568
6569			/*
6570			 * We don't use this subpage if the user didn't
6571			 * request all subpages.
6572			 */
6573			if ((lun->mode_pages.index[i].subpage != 0)
6574			 && (subpage == SMS_SUBPAGE_PAGE_0))
6575				continue;
6576
6577#if 0
6578			printf("found page %#x len %d\n",
6579			       lun->mode_pages.index[i].page_code &
6580			       SMPH_PC_MASK,
6581			       lun->mode_pages.index[i].page_len);
6582#endif
6583			page_len += lun->mode_pages.index[i].page_len;
6584		}
6585		break;
6586	}
6587	default: {
6588		int i;
6589
6590		page_len = 0;
6591
6592		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6593			/* Look for the right page code */
6594			if ((lun->mode_pages.index[i].page_code &
6595			     SMPH_PC_MASK) != page_code)
6596				continue;
6597
6598			/* Look for the right subpage or the subpage wildcard*/
6599			if ((lun->mode_pages.index[i].subpage != subpage)
6600			 && (subpage != SMS_SUBPAGE_ALL))
6601				continue;
6602
6603			/* Make sure the page is supported for this dev type */
6604			if ((control_dev != 0)
6605			 && (lun->mode_pages.index[i].page_flags &
6606			     CTL_PAGE_FLAG_DISK_ONLY))
6607				continue;
6608
6609#if 0
6610			printf("found page %#x len %d\n",
6611			       lun->mode_pages.index[i].page_code &
6612			       SMPH_PC_MASK,
6613			       lun->mode_pages.index[i].page_len);
6614#endif
6615
6616			page_len += lun->mode_pages.index[i].page_len;
6617		}
6618
6619		if (page_len == 0) {
6620			ctl_set_invalid_field(ctsio,
6621					      /*sks_valid*/ 1,
6622					      /*command*/ 1,
6623					      /*field*/ 2,
6624					      /*bit_valid*/ 1,
6625					      /*bit*/ 5);
6626			ctl_done((union ctl_io *)ctsio);
6627			return (CTL_RETVAL_COMPLETE);
6628		}
6629		break;
6630	}
6631	}
6632
6633	total_len = header_len + page_len;
6634#if 0
6635	printf("header_len = %d, page_len = %d, total_len = %d\n",
6636	       header_len, page_len, total_len);
6637#endif
6638
6639	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6640	ctsio->kern_sg_entries = 0;
6641	ctsio->kern_data_resid = 0;
6642	ctsio->kern_rel_offset = 0;
6643	if (total_len < alloc_len) {
6644		ctsio->residual = alloc_len - total_len;
6645		ctsio->kern_data_len = total_len;
6646		ctsio->kern_total_len = total_len;
6647	} else {
6648		ctsio->residual = 0;
6649		ctsio->kern_data_len = alloc_len;
6650		ctsio->kern_total_len = alloc_len;
6651	}
6652
6653	switch (ctsio->cdb[0]) {
6654	case MODE_SENSE_6: {
6655		struct scsi_mode_hdr_6 *header;
6656
6657		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6658
6659		header->datalen = ctl_min(total_len - 1, 254);
6660
6661		if (dbd)
6662			header->block_descr_len = 0;
6663		else
6664			header->block_descr_len =
6665				sizeof(struct scsi_mode_block_descr);
6666		block_desc = (struct scsi_mode_block_descr *)&header[1];
6667		break;
6668	}
6669	case MODE_SENSE_10: {
6670		struct scsi_mode_hdr_10 *header;
6671		int datalen;
6672
6673		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6674
6675		datalen = ctl_min(total_len - 2, 65533);
6676		scsi_ulto2b(datalen, header->datalen);
6677		if (dbd)
6678			scsi_ulto2b(0, header->block_descr_len);
6679		else
6680			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6681				    header->block_descr_len);
6682		block_desc = (struct scsi_mode_block_descr *)&header[1];
6683		break;
6684	}
6685	default:
6686		panic("invalid CDB type %#x", ctsio->cdb[0]);
6687		break; /* NOTREACHED */
6688	}
6689
6690	/*
6691	 * If we've got a disk, use its blocksize in the block
6692	 * descriptor.  Otherwise, just set it to 0.
6693	 */
6694	if (dbd == 0) {
6695		if (control_dev != 0)
6696			scsi_ulto3b(lun->be_lun->blocksize,
6697				    block_desc->block_len);
6698		else
6699			scsi_ulto3b(0, block_desc->block_len);
6700	}
6701
6702	switch (page_code) {
6703	case SMS_ALL_PAGES_PAGE: {
6704		int i, data_used;
6705
6706		data_used = header_len;
6707		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6708			struct ctl_page_index *page_index;
6709
6710			page_index = &lun->mode_pages.index[i];
6711
6712			if ((control_dev != 0)
6713			 && (page_index->page_flags &
6714			    CTL_PAGE_FLAG_DISK_ONLY))
6715				continue;
6716
6717			/*
6718			 * We don't use this subpage if the user didn't
6719			 * request all subpages.  We already checked (above)
6720			 * to make sure the user only specified a subpage
6721			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6722			 */
6723			if ((page_index->subpage != 0)
6724			 && (subpage == SMS_SUBPAGE_PAGE_0))
6725				continue;
6726
6727			/*
6728			 * Call the handler, if it exists, to update the
6729			 * page to the latest values.
6730			 */
6731			if (page_index->sense_handler != NULL)
6732				page_index->sense_handler(ctsio, page_index,pc);
6733
6734			memcpy(ctsio->kern_data_ptr + data_used,
6735			       page_index->page_data +
6736			       (page_index->page_len * pc),
6737			       page_index->page_len);
6738			data_used += page_index->page_len;
6739		}
6740		break;
6741	}
6742	default: {
6743		int i, data_used;
6744
6745		data_used = header_len;
6746
6747		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6748			struct ctl_page_index *page_index;
6749
6750			page_index = &lun->mode_pages.index[i];
6751
6752			/* Look for the right page code */
6753			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6754				continue;
6755
6756			/* Look for the right subpage or the subpage wildcard*/
6757			if ((page_index->subpage != subpage)
6758			 && (subpage != SMS_SUBPAGE_ALL))
6759				continue;
6760
6761			/* Make sure the page is supported for this dev type */
6762			if ((control_dev != 0)
6763			 && (page_index->page_flags &
6764			     CTL_PAGE_FLAG_DISK_ONLY))
6765				continue;
6766
6767			/*
6768			 * Call the handler, if it exists, to update the
6769			 * page to the latest values.
6770			 */
6771			if (page_index->sense_handler != NULL)
6772				page_index->sense_handler(ctsio, page_index,pc);
6773
6774			memcpy(ctsio->kern_data_ptr + data_used,
6775			       page_index->page_data +
6776			       (page_index->page_len * pc),
6777			       page_index->page_len);
6778			data_used += page_index->page_len;
6779		}
6780		break;
6781	}
6782	}
6783
6784	ctsio->scsi_status = SCSI_STATUS_OK;
6785
6786	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6787	ctsio->be_move_done = ctl_config_move_done;
6788	ctl_datamove((union ctl_io *)ctsio);
6789
6790	return (CTL_RETVAL_COMPLETE);
6791}
6792
6793int
6794ctl_read_capacity(struct ctl_scsiio *ctsio)
6795{
6796	struct scsi_read_capacity *cdb;
6797	struct scsi_read_capacity_data *data;
6798	struct ctl_lun *lun;
6799	uint32_t lba;
6800
6801	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6802
6803	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6804
6805	lba = scsi_4btoul(cdb->addr);
6806	if (((cdb->pmi & SRC_PMI) == 0)
6807	 && (lba != 0)) {
6808		ctl_set_invalid_field(/*ctsio*/ ctsio,
6809				      /*sks_valid*/ 1,
6810				      /*command*/ 1,
6811				      /*field*/ 2,
6812				      /*bit_valid*/ 0,
6813				      /*bit*/ 0);
6814		ctl_done((union ctl_io *)ctsio);
6815		return (CTL_RETVAL_COMPLETE);
6816	}
6817
6818	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6819
6820	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6821	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6822	ctsio->residual = 0;
6823	ctsio->kern_data_len = sizeof(*data);
6824	ctsio->kern_total_len = sizeof(*data);
6825	ctsio->kern_data_resid = 0;
6826	ctsio->kern_rel_offset = 0;
6827	ctsio->kern_sg_entries = 0;
6828
6829	/*
6830	 * If the maximum LBA is greater than 0xfffffffe, the user must
6831	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6832	 * serivce action set.
6833	 */
6834	if (lun->be_lun->maxlba > 0xfffffffe)
6835		scsi_ulto4b(0xffffffff, data->addr);
6836	else
6837		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6838
6839	/*
6840	 * XXX KDM this may not be 512 bytes...
6841	 */
6842	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6843
6844	ctsio->scsi_status = SCSI_STATUS_OK;
6845
6846	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6847	ctsio->be_move_done = ctl_config_move_done;
6848	ctl_datamove((union ctl_io *)ctsio);
6849
6850	return (CTL_RETVAL_COMPLETE);
6851}
6852
6853int
6854ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6855{
6856	struct scsi_read_capacity_16 *cdb;
6857	struct scsi_read_capacity_data_long *data;
6858	struct ctl_lun *lun;
6859	uint64_t lba;
6860	uint32_t alloc_len;
6861
6862	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6863
6864	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6865
6866	alloc_len = scsi_4btoul(cdb->alloc_len);
6867	lba = scsi_8btou64(cdb->addr);
6868
6869	if ((cdb->reladr & SRC16_PMI)
6870	 && (lba != 0)) {
6871		ctl_set_invalid_field(/*ctsio*/ ctsio,
6872				      /*sks_valid*/ 1,
6873				      /*command*/ 1,
6874				      /*field*/ 2,
6875				      /*bit_valid*/ 0,
6876				      /*bit*/ 0);
6877		ctl_done((union ctl_io *)ctsio);
6878		return (CTL_RETVAL_COMPLETE);
6879	}
6880
6881	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6882
6883	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6884	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6885
6886	if (sizeof(*data) < alloc_len) {
6887		ctsio->residual = alloc_len - sizeof(*data);
6888		ctsio->kern_data_len = sizeof(*data);
6889		ctsio->kern_total_len = sizeof(*data);
6890	} else {
6891		ctsio->residual = 0;
6892		ctsio->kern_data_len = alloc_len;
6893		ctsio->kern_total_len = alloc_len;
6894	}
6895	ctsio->kern_data_resid = 0;
6896	ctsio->kern_rel_offset = 0;
6897	ctsio->kern_sg_entries = 0;
6898
6899	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6900	/* XXX KDM this may not be 512 bytes... */
6901	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6902	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6903	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6904	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6905		data->lalba_lbp[0] |= SRC16_LBPME;
6906
6907	ctsio->scsi_status = SCSI_STATUS_OK;
6908
6909	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6910	ctsio->be_move_done = ctl_config_move_done;
6911	ctl_datamove((union ctl_io *)ctsio);
6912
6913	return (CTL_RETVAL_COMPLETE);
6914}
6915
6916int
6917ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
6918{
6919	struct scsi_maintenance_in *cdb;
6920	int retval;
6921	int alloc_len, total_len = 0;
6922	int num_target_port_groups, single;
6923	struct ctl_lun *lun;
6924	struct ctl_softc *softc;
6925	struct scsi_target_group_data *rtg_ptr;
6926	struct scsi_target_port_group_descriptor *tpg_desc_ptr1, *tpg_desc_ptr2;
6927	struct scsi_target_port_descriptor  *tp_desc_ptr1_1, *tp_desc_ptr1_2,
6928	                                    *tp_desc_ptr2_1, *tp_desc_ptr2_2;
6929
6930	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
6931
6932	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
6933	softc = control_softc;
6934	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6935
6936	retval = CTL_RETVAL_COMPLETE;
6937
6938	single = ctl_is_single;
6939	if (single)
6940        	num_target_port_groups = NUM_TARGET_PORT_GROUPS - 1;
6941	else
6942        	num_target_port_groups = NUM_TARGET_PORT_GROUPS;
6943
6944	total_len = sizeof(struct scsi_target_group_data) +
6945		sizeof(struct scsi_target_port_group_descriptor) *
6946		num_target_port_groups +
6947		sizeof(struct scsi_target_port_descriptor) *
6948		NUM_PORTS_PER_GRP * num_target_port_groups;
6949
6950	alloc_len = scsi_4btoul(cdb->length);
6951
6952	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6953
6954	ctsio->kern_sg_entries = 0;
6955
6956	if (total_len < alloc_len) {
6957		ctsio->residual = alloc_len - total_len;
6958		ctsio->kern_data_len = total_len;
6959		ctsio->kern_total_len = total_len;
6960	} else {
6961		ctsio->residual = 0;
6962		ctsio->kern_data_len = alloc_len;
6963		ctsio->kern_total_len = alloc_len;
6964	}
6965	ctsio->kern_data_resid = 0;
6966	ctsio->kern_rel_offset = 0;
6967
6968	rtg_ptr = (struct scsi_target_group_data *)ctsio->kern_data_ptr;
6969
6970	tpg_desc_ptr1 = &rtg_ptr->groups[0];
6971	tp_desc_ptr1_1 = &tpg_desc_ptr1->descriptors[0];
6972	tp_desc_ptr1_2 = (struct scsi_target_port_descriptor *)
6973	        &tp_desc_ptr1_1->desc_list[0];
6974
6975	if (single == 0) {
6976		tpg_desc_ptr2 = (struct scsi_target_port_group_descriptor *)
6977	                &tp_desc_ptr1_2->desc_list[0];
6978		tp_desc_ptr2_1 = &tpg_desc_ptr2->descriptors[0];
6979		tp_desc_ptr2_2 = (struct scsi_target_port_descriptor *)
6980	        	&tp_desc_ptr2_1->desc_list[0];
6981        } else {
6982		tpg_desc_ptr2 = NULL;
6983		tp_desc_ptr2_1 = NULL;
6984		tp_desc_ptr2_2 = NULL;
6985	}
6986
6987	scsi_ulto4b(total_len - 4, rtg_ptr->length);
6988	if (single == 0) {
6989        	if (ctsio->io_hdr.nexus.targ_port < CTL_MAX_PORTS) {
6990			if (lun->flags & CTL_LUN_PRIMARY_SC) {
6991				tpg_desc_ptr1->pref_state = TPG_PRIMARY;
6992				tpg_desc_ptr2->pref_state =
6993					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6994			} else {
6995				tpg_desc_ptr1->pref_state =
6996					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6997				tpg_desc_ptr2->pref_state = TPG_PRIMARY;
6998			}
6999		} else {
7000			if (lun->flags & CTL_LUN_PRIMARY_SC) {
7001				tpg_desc_ptr1->pref_state =
7002					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7003				tpg_desc_ptr2->pref_state = TPG_PRIMARY;
7004			} else {
7005				tpg_desc_ptr1->pref_state = TPG_PRIMARY;
7006				tpg_desc_ptr2->pref_state =
7007					TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7008			}
7009		}
7010	} else {
7011		tpg_desc_ptr1->pref_state = TPG_PRIMARY;
7012	}
7013	tpg_desc_ptr1->support = 0;
7014	tpg_desc_ptr1->target_port_group[1] = 1;
7015	tpg_desc_ptr1->status = TPG_IMPLICIT;
7016	tpg_desc_ptr1->target_port_count= NUM_PORTS_PER_GRP;
7017
7018	if (single == 0) {
7019		tpg_desc_ptr2->support = 0;
7020		tpg_desc_ptr2->target_port_group[1] = 2;
7021		tpg_desc_ptr2->status = TPG_IMPLICIT;
7022		tpg_desc_ptr2->target_port_count = NUM_PORTS_PER_GRP;
7023
7024		tp_desc_ptr1_1->relative_target_port_identifier[1] = 1;
7025		tp_desc_ptr1_2->relative_target_port_identifier[1] = 2;
7026
7027		tp_desc_ptr2_1->relative_target_port_identifier[1] = 9;
7028		tp_desc_ptr2_2->relative_target_port_identifier[1] = 10;
7029	} else {
7030        	if (ctsio->io_hdr.nexus.targ_port < CTL_MAX_PORTS) {
7031			tp_desc_ptr1_1->relative_target_port_identifier[1] = 1;
7032			tp_desc_ptr1_2->relative_target_port_identifier[1] = 2;
7033		} else {
7034			tp_desc_ptr1_1->relative_target_port_identifier[1] = 9;
7035			tp_desc_ptr1_2->relative_target_port_identifier[1] = 10;
7036		}
7037	}
7038
7039	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7040	ctsio->be_move_done = ctl_config_move_done;
7041
7042	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7043			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7044			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7045			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7046			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7047
7048	ctl_datamove((union ctl_io *)ctsio);
7049	return(retval);
7050}
7051
7052int
7053ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7054{
7055	struct ctl_lun *lun;
7056	struct scsi_report_supported_opcodes *cdb;
7057	const struct ctl_cmd_entry *entry, *sentry;
7058	struct scsi_report_supported_opcodes_all *all;
7059	struct scsi_report_supported_opcodes_descr *descr;
7060	struct scsi_report_supported_opcodes_one *one;
7061	int retval;
7062	int alloc_len, total_len;
7063	int opcode, service_action, i, j, num;
7064
7065	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7066
7067	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7068	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7069
7070	retval = CTL_RETVAL_COMPLETE;
7071
7072	opcode = cdb->requested_opcode;
7073	service_action = scsi_2btoul(cdb->requested_service_action);
7074	switch (cdb->options & RSO_OPTIONS_MASK) {
7075	case RSO_OPTIONS_ALL:
7076		num = 0;
7077		for (i = 0; i < 256; i++) {
7078			entry = &ctl_cmd_table[i];
7079			if (entry->flags & CTL_CMD_FLAG_SA5) {
7080				for (j = 0; j < 32; j++) {
7081					sentry = &((const struct ctl_cmd_entry *)
7082					    entry->execute)[j];
7083					if (ctl_cmd_applicable(
7084					    lun->be_lun->lun_type, sentry))
7085						num++;
7086				}
7087			} else {
7088				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7089				    entry))
7090					num++;
7091			}
7092		}
7093		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7094		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7095		break;
7096	case RSO_OPTIONS_OC:
7097		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7098			ctl_set_invalid_field(/*ctsio*/ ctsio,
7099					      /*sks_valid*/ 1,
7100					      /*command*/ 1,
7101					      /*field*/ 2,
7102					      /*bit_valid*/ 1,
7103					      /*bit*/ 2);
7104			ctl_done((union ctl_io *)ctsio);
7105			return (CTL_RETVAL_COMPLETE);
7106		}
7107		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7108		break;
7109	case RSO_OPTIONS_OC_SA:
7110		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7111		    service_action >= 32) {
7112			ctl_set_invalid_field(/*ctsio*/ ctsio,
7113					      /*sks_valid*/ 1,
7114					      /*command*/ 1,
7115					      /*field*/ 2,
7116					      /*bit_valid*/ 1,
7117					      /*bit*/ 2);
7118			ctl_done((union ctl_io *)ctsio);
7119			return (CTL_RETVAL_COMPLETE);
7120		}
7121		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7122		break;
7123	default:
7124		ctl_set_invalid_field(/*ctsio*/ ctsio,
7125				      /*sks_valid*/ 1,
7126				      /*command*/ 1,
7127				      /*field*/ 2,
7128				      /*bit_valid*/ 1,
7129				      /*bit*/ 2);
7130		ctl_done((union ctl_io *)ctsio);
7131		return (CTL_RETVAL_COMPLETE);
7132	}
7133
7134	alloc_len = scsi_4btoul(cdb->length);
7135
7136	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7137
7138	ctsio->kern_sg_entries = 0;
7139
7140	if (total_len < alloc_len) {
7141		ctsio->residual = alloc_len - total_len;
7142		ctsio->kern_data_len = total_len;
7143		ctsio->kern_total_len = total_len;
7144	} else {
7145		ctsio->residual = 0;
7146		ctsio->kern_data_len = alloc_len;
7147		ctsio->kern_total_len = alloc_len;
7148	}
7149	ctsio->kern_data_resid = 0;
7150	ctsio->kern_rel_offset = 0;
7151
7152	switch (cdb->options & RSO_OPTIONS_MASK) {
7153	case RSO_OPTIONS_ALL:
7154		all = (struct scsi_report_supported_opcodes_all *)
7155		    ctsio->kern_data_ptr;
7156		num = 0;
7157		for (i = 0; i < 256; i++) {
7158			entry = &ctl_cmd_table[i];
7159			if (entry->flags & CTL_CMD_FLAG_SA5) {
7160				for (j = 0; j < 32; j++) {
7161					sentry = &((const struct ctl_cmd_entry *)
7162					    entry->execute)[j];
7163					if (!ctl_cmd_applicable(
7164					    lun->be_lun->lun_type, sentry))
7165						continue;
7166					descr = &all->descr[num++];
7167					descr->opcode = i;
7168					scsi_ulto2b(j, descr->service_action);
7169					descr->flags = RSO_SERVACTV;
7170					scsi_ulto2b(sentry->length,
7171					    descr->cdb_length);
7172				}
7173			} else {
7174				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7175				    entry))
7176					continue;
7177				descr = &all->descr[num++];
7178				descr->opcode = i;
7179				scsi_ulto2b(0, descr->service_action);
7180				descr->flags = 0;
7181				scsi_ulto2b(entry->length, descr->cdb_length);
7182			}
7183		}
7184		scsi_ulto4b(
7185		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7186		    all->length);
7187		break;
7188	case RSO_OPTIONS_OC:
7189		one = (struct scsi_report_supported_opcodes_one *)
7190		    ctsio->kern_data_ptr;
7191		entry = &ctl_cmd_table[opcode];
7192		goto fill_one;
7193	case RSO_OPTIONS_OC_SA:
7194		one = (struct scsi_report_supported_opcodes_one *)
7195		    ctsio->kern_data_ptr;
7196		entry = &ctl_cmd_table[opcode];
7197		entry = &((const struct ctl_cmd_entry *)
7198		    entry->execute)[service_action];
7199fill_one:
7200		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7201			one->support = 3;
7202			scsi_ulto2b(entry->length, one->cdb_length);
7203			one->cdb_usage[0] = opcode;
7204			memcpy(&one->cdb_usage[1], entry->usage,
7205			    entry->length - 1);
7206		} else
7207			one->support = 1;
7208		break;
7209	}
7210
7211	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7212	ctsio->be_move_done = ctl_config_move_done;
7213
7214	ctl_datamove((union ctl_io *)ctsio);
7215	return(retval);
7216}
7217
7218int
7219ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7220{
7221	struct ctl_lun *lun;
7222	struct scsi_report_supported_tmf *cdb;
7223	struct scsi_report_supported_tmf_data *data;
7224	int retval;
7225	int alloc_len, total_len;
7226
7227	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7228
7229	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7230	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7231
7232	retval = CTL_RETVAL_COMPLETE;
7233
7234	total_len = sizeof(struct scsi_report_supported_tmf_data);
7235	alloc_len = scsi_4btoul(cdb->length);
7236
7237	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7238
7239	ctsio->kern_sg_entries = 0;
7240
7241	if (total_len < alloc_len) {
7242		ctsio->residual = alloc_len - total_len;
7243		ctsio->kern_data_len = total_len;
7244		ctsio->kern_total_len = total_len;
7245	} else {
7246		ctsio->residual = 0;
7247		ctsio->kern_data_len = alloc_len;
7248		ctsio->kern_total_len = alloc_len;
7249	}
7250	ctsio->kern_data_resid = 0;
7251	ctsio->kern_rel_offset = 0;
7252
7253	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7254	data->byte1 |= RST_ATS | RST_LURS | RST_TRS;
7255
7256	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7257	ctsio->be_move_done = ctl_config_move_done;
7258
7259	ctl_datamove((union ctl_io *)ctsio);
7260	return (retval);
7261}
7262
7263int
7264ctl_report_timestamp(struct ctl_scsiio *ctsio)
7265{
7266	struct ctl_lun *lun;
7267	struct scsi_report_timestamp *cdb;
7268	struct scsi_report_timestamp_data *data;
7269	struct timeval tv;
7270	int64_t timestamp;
7271	int retval;
7272	int alloc_len, total_len;
7273
7274	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7275
7276	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7277	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7278
7279	retval = CTL_RETVAL_COMPLETE;
7280
7281	total_len = sizeof(struct scsi_report_timestamp_data);
7282	alloc_len = scsi_4btoul(cdb->length);
7283
7284	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7285
7286	ctsio->kern_sg_entries = 0;
7287
7288	if (total_len < alloc_len) {
7289		ctsio->residual = alloc_len - total_len;
7290		ctsio->kern_data_len = total_len;
7291		ctsio->kern_total_len = total_len;
7292	} else {
7293		ctsio->residual = 0;
7294		ctsio->kern_data_len = alloc_len;
7295		ctsio->kern_total_len = alloc_len;
7296	}
7297	ctsio->kern_data_resid = 0;
7298	ctsio->kern_rel_offset = 0;
7299
7300	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7301	scsi_ulto2b(sizeof(*data) - 2, data->length);
7302	data->origin = RTS_ORIG_OUTSIDE;
7303	getmicrotime(&tv);
7304	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7305	scsi_ulto4b(timestamp >> 16, data->timestamp);
7306	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7307
7308	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7309	ctsio->be_move_done = ctl_config_move_done;
7310
7311	ctl_datamove((union ctl_io *)ctsio);
7312	return (retval);
7313}
7314
7315int
7316ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7317{
7318	struct scsi_per_res_in *cdb;
7319	int alloc_len, total_len = 0;
7320	/* struct scsi_per_res_in_rsrv in_data; */
7321	struct ctl_lun *lun;
7322	struct ctl_softc *softc;
7323
7324	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7325
7326	softc = control_softc;
7327
7328	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7329
7330	alloc_len = scsi_2btoul(cdb->length);
7331
7332	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7333
7334retry:
7335	mtx_lock(&lun->lun_lock);
7336	switch (cdb->action) {
7337	case SPRI_RK: /* read keys */
7338		total_len = sizeof(struct scsi_per_res_in_keys) +
7339			lun->pr_key_count *
7340			sizeof(struct scsi_per_res_key);
7341		break;
7342	case SPRI_RR: /* read reservation */
7343		if (lun->flags & CTL_LUN_PR_RESERVED)
7344			total_len = sizeof(struct scsi_per_res_in_rsrv);
7345		else
7346			total_len = sizeof(struct scsi_per_res_in_header);
7347		break;
7348	case SPRI_RC: /* report capabilities */
7349		total_len = sizeof(struct scsi_per_res_cap);
7350		break;
7351	default:
7352		panic("Invalid PR type %x", cdb->action);
7353	}
7354	mtx_unlock(&lun->lun_lock);
7355
7356	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7357
7358	if (total_len < alloc_len) {
7359		ctsio->residual = alloc_len - total_len;
7360		ctsio->kern_data_len = total_len;
7361		ctsio->kern_total_len = total_len;
7362	} else {
7363		ctsio->residual = 0;
7364		ctsio->kern_data_len = alloc_len;
7365		ctsio->kern_total_len = alloc_len;
7366	}
7367
7368	ctsio->kern_data_resid = 0;
7369	ctsio->kern_rel_offset = 0;
7370	ctsio->kern_sg_entries = 0;
7371
7372	mtx_lock(&lun->lun_lock);
7373	switch (cdb->action) {
7374	case SPRI_RK: { // read keys
7375        struct scsi_per_res_in_keys *res_keys;
7376		int i, key_count;
7377
7378		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7379
7380		/*
7381		 * We had to drop the lock to allocate our buffer, which
7382		 * leaves time for someone to come in with another
7383		 * persistent reservation.  (That is unlikely, though,
7384		 * since this should be the only persistent reservation
7385		 * command active right now.)
7386		 */
7387		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7388		    (lun->pr_key_count *
7389		     sizeof(struct scsi_per_res_key)))){
7390			mtx_unlock(&lun->lun_lock);
7391			free(ctsio->kern_data_ptr, M_CTL);
7392			printf("%s: reservation length changed, retrying\n",
7393			       __func__);
7394			goto retry;
7395		}
7396
7397		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7398
7399		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7400			     lun->pr_key_count, res_keys->header.length);
7401
7402		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7403			if (!lun->per_res[i].registered)
7404				continue;
7405
7406			/*
7407			 * We used lun->pr_key_count to calculate the
7408			 * size to allocate.  If it turns out the number of
7409			 * initiators with the registered flag set is
7410			 * larger than that (i.e. they haven't been kept in
7411			 * sync), we've got a problem.
7412			 */
7413			if (key_count >= lun->pr_key_count) {
7414#ifdef NEEDTOPORT
7415				csevent_log(CSC_CTL | CSC_SHELF_SW |
7416					    CTL_PR_ERROR,
7417					    csevent_LogType_Fault,
7418					    csevent_AlertLevel_Yellow,
7419					    csevent_FRU_ShelfController,
7420					    csevent_FRU_Firmware,
7421				        csevent_FRU_Unknown,
7422					    "registered keys %d >= key "
7423					    "count %d", key_count,
7424					    lun->pr_key_count);
7425#endif
7426				key_count++;
7427				continue;
7428			}
7429			memcpy(res_keys->keys[key_count].key,
7430			       lun->per_res[i].res_key.key,
7431			       ctl_min(sizeof(res_keys->keys[key_count].key),
7432			       sizeof(lun->per_res[i].res_key)));
7433			key_count++;
7434		}
7435		break;
7436	}
7437	case SPRI_RR: { // read reservation
7438		struct scsi_per_res_in_rsrv *res;
7439		int tmp_len, header_only;
7440
7441		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7442
7443		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7444
7445		if (lun->flags & CTL_LUN_PR_RESERVED)
7446		{
7447			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7448			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7449				    res->header.length);
7450			header_only = 0;
7451		} else {
7452			tmp_len = sizeof(struct scsi_per_res_in_header);
7453			scsi_ulto4b(0, res->header.length);
7454			header_only = 1;
7455		}
7456
7457		/*
7458		 * We had to drop the lock to allocate our buffer, which
7459		 * leaves time for someone to come in with another
7460		 * persistent reservation.  (That is unlikely, though,
7461		 * since this should be the only persistent reservation
7462		 * command active right now.)
7463		 */
7464		if (tmp_len != total_len) {
7465			mtx_unlock(&lun->lun_lock);
7466			free(ctsio->kern_data_ptr, M_CTL);
7467			printf("%s: reservation status changed, retrying\n",
7468			       __func__);
7469			goto retry;
7470		}
7471
7472		/*
7473		 * No reservation held, so we're done.
7474		 */
7475		if (header_only != 0)
7476			break;
7477
7478		/*
7479		 * If the registration is an All Registrants type, the key
7480		 * is 0, since it doesn't really matter.
7481		 */
7482		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7483			memcpy(res->data.reservation,
7484			       &lun->per_res[lun->pr_res_idx].res_key,
7485			       sizeof(struct scsi_per_res_key));
7486		}
7487		res->data.scopetype = lun->res_type;
7488		break;
7489	}
7490	case SPRI_RC:     //report capabilities
7491	{
7492		struct scsi_per_res_cap *res_cap;
7493		uint16_t type_mask;
7494
7495		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7496		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7497		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_3;
7498		type_mask = SPRI_TM_WR_EX_AR |
7499			    SPRI_TM_EX_AC_RO |
7500			    SPRI_TM_WR_EX_RO |
7501			    SPRI_TM_EX_AC |
7502			    SPRI_TM_WR_EX |
7503			    SPRI_TM_EX_AC_AR;
7504		scsi_ulto2b(type_mask, res_cap->type_mask);
7505		break;
7506	}
7507	case SPRI_RS: //read full status
7508	default:
7509		/*
7510		 * This is a bug, because we just checked for this above,
7511		 * and should have returned an error.
7512		 */
7513		panic("Invalid PR type %x", cdb->action);
7514		break; /* NOTREACHED */
7515	}
7516	mtx_unlock(&lun->lun_lock);
7517
7518	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7519	ctsio->be_move_done = ctl_config_move_done;
7520
7521	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7522			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7523			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7524			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7525			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7526
7527	ctl_datamove((union ctl_io *)ctsio);
7528
7529	return (CTL_RETVAL_COMPLETE);
7530}
7531
7532/*
7533 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7534 * it should return.
7535 */
7536static int
7537ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7538		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7539		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7540		struct scsi_per_res_out_parms* param)
7541{
7542	union ctl_ha_msg persis_io;
7543	int retval, i;
7544	int isc_retval;
7545
7546	retval = 0;
7547
7548	mtx_lock(&lun->lun_lock);
7549	if (sa_res_key == 0) {
7550		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7551			/* validate scope and type */
7552			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7553			     SPR_LU_SCOPE) {
7554				mtx_unlock(&lun->lun_lock);
7555				ctl_set_invalid_field(/*ctsio*/ ctsio,
7556						      /*sks_valid*/ 1,
7557						      /*command*/ 1,
7558						      /*field*/ 2,
7559						      /*bit_valid*/ 1,
7560						      /*bit*/ 4);
7561				ctl_done((union ctl_io *)ctsio);
7562				return (1);
7563			}
7564
7565		        if (type>8 || type==2 || type==4 || type==0) {
7566				mtx_unlock(&lun->lun_lock);
7567				ctl_set_invalid_field(/*ctsio*/ ctsio,
7568       	           				      /*sks_valid*/ 1,
7569						      /*command*/ 1,
7570						      /*field*/ 2,
7571						      /*bit_valid*/ 1,
7572						      /*bit*/ 0);
7573				ctl_done((union ctl_io *)ctsio);
7574				return (1);
7575		        }
7576
7577			/* temporarily unregister this nexus */
7578			lun->per_res[residx].registered = 0;
7579
7580			/*
7581			 * Unregister everybody else and build UA for
7582			 * them
7583			 */
7584			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7585				if (lun->per_res[i].registered == 0)
7586					continue;
7587
7588				if (!persis_offset
7589				 && i <CTL_MAX_INITIATORS)
7590					lun->pending_sense[i].ua_pending |=
7591						CTL_UA_REG_PREEMPT;
7592				else if (persis_offset
7593				      && i >= persis_offset)
7594					lun->pending_sense[i-persis_offset
7595						].ua_pending |=
7596						CTL_UA_REG_PREEMPT;
7597				lun->per_res[i].registered = 0;
7598				memset(&lun->per_res[i].res_key, 0,
7599				       sizeof(struct scsi_per_res_key));
7600			}
7601			lun->per_res[residx].registered = 1;
7602			lun->pr_key_count = 1;
7603			lun->res_type = type;
7604			if (lun->res_type != SPR_TYPE_WR_EX_AR
7605			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7606				lun->pr_res_idx = residx;
7607
7608			/* send msg to other side */
7609			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7610			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7611			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7612			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7613			persis_io.pr.pr_info.res_type = type;
7614			memcpy(persis_io.pr.pr_info.sa_res_key,
7615			       param->serv_act_res_key,
7616			       sizeof(param->serv_act_res_key));
7617			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7618			     &persis_io, sizeof(persis_io), 0)) >
7619			     CTL_HA_STATUS_SUCCESS) {
7620				printf("CTL:Persis Out error returned "
7621				       "from ctl_ha_msg_send %d\n",
7622				       isc_retval);
7623			}
7624		} else {
7625			/* not all registrants */
7626			mtx_unlock(&lun->lun_lock);
7627			free(ctsio->kern_data_ptr, M_CTL);
7628			ctl_set_invalid_field(ctsio,
7629					      /*sks_valid*/ 1,
7630					      /*command*/ 0,
7631					      /*field*/ 8,
7632					      /*bit_valid*/ 0,
7633					      /*bit*/ 0);
7634			ctl_done((union ctl_io *)ctsio);
7635			return (1);
7636		}
7637	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7638		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7639		int found = 0;
7640
7641		if (res_key == sa_res_key) {
7642			/* special case */
7643			/*
7644			 * The spec implies this is not good but doesn't
7645			 * say what to do. There are two choices either
7646			 * generate a res conflict or check condition
7647			 * with illegal field in parameter data. Since
7648			 * that is what is done when the sa_res_key is
7649			 * zero I'll take that approach since this has
7650			 * to do with the sa_res_key.
7651			 */
7652			mtx_unlock(&lun->lun_lock);
7653			free(ctsio->kern_data_ptr, M_CTL);
7654			ctl_set_invalid_field(ctsio,
7655					      /*sks_valid*/ 1,
7656					      /*command*/ 0,
7657					      /*field*/ 8,
7658					      /*bit_valid*/ 0,
7659					      /*bit*/ 0);
7660			ctl_done((union ctl_io *)ctsio);
7661			return (1);
7662		}
7663
7664		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7665			if (lun->per_res[i].registered
7666			 && memcmp(param->serv_act_res_key,
7667			    lun->per_res[i].res_key.key,
7668			    sizeof(struct scsi_per_res_key)) != 0)
7669				continue;
7670
7671			found = 1;
7672			lun->per_res[i].registered = 0;
7673			memset(&lun->per_res[i].res_key, 0,
7674			       sizeof(struct scsi_per_res_key));
7675			lun->pr_key_count--;
7676
7677			if (!persis_offset
7678			 && i < CTL_MAX_INITIATORS)
7679				lun->pending_sense[i].ua_pending |=
7680					CTL_UA_REG_PREEMPT;
7681			else if (persis_offset
7682			      && i >= persis_offset)
7683				lun->pending_sense[i-persis_offset].ua_pending|=
7684					CTL_UA_REG_PREEMPT;
7685		}
7686		if (!found) {
7687			mtx_unlock(&lun->lun_lock);
7688			free(ctsio->kern_data_ptr, M_CTL);
7689			ctl_set_reservation_conflict(ctsio);
7690			ctl_done((union ctl_io *)ctsio);
7691			return (CTL_RETVAL_COMPLETE);
7692		}
7693		/* send msg to other side */
7694		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7695		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7696		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7697		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7698		persis_io.pr.pr_info.res_type = type;
7699		memcpy(persis_io.pr.pr_info.sa_res_key,
7700		       param->serv_act_res_key,
7701		       sizeof(param->serv_act_res_key));
7702		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7703		     &persis_io, sizeof(persis_io), 0)) >
7704		     CTL_HA_STATUS_SUCCESS) {
7705			printf("CTL:Persis Out error returned from "
7706			       "ctl_ha_msg_send %d\n", isc_retval);
7707		}
7708	} else {
7709		/* Reserved but not all registrants */
7710		/* sa_res_key is res holder */
7711		if (memcmp(param->serv_act_res_key,
7712                   lun->per_res[lun->pr_res_idx].res_key.key,
7713                   sizeof(struct scsi_per_res_key)) == 0) {
7714			/* validate scope and type */
7715			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7716			     SPR_LU_SCOPE) {
7717				mtx_unlock(&lun->lun_lock);
7718				ctl_set_invalid_field(/*ctsio*/ ctsio,
7719						      /*sks_valid*/ 1,
7720						      /*command*/ 1,
7721						      /*field*/ 2,
7722						      /*bit_valid*/ 1,
7723						      /*bit*/ 4);
7724				ctl_done((union ctl_io *)ctsio);
7725				return (1);
7726			}
7727
7728			if (type>8 || type==2 || type==4 || type==0) {
7729				mtx_unlock(&lun->lun_lock);
7730				ctl_set_invalid_field(/*ctsio*/ ctsio,
7731						      /*sks_valid*/ 1,
7732						      /*command*/ 1,
7733						      /*field*/ 2,
7734						      /*bit_valid*/ 1,
7735						      /*bit*/ 0);
7736				ctl_done((union ctl_io *)ctsio);
7737				return (1);
7738			}
7739
7740			/*
7741			 * Do the following:
7742			 * if sa_res_key != res_key remove all
7743			 * registrants w/sa_res_key and generate UA
7744			 * for these registrants(Registrations
7745			 * Preempted) if it wasn't an exclusive
7746			 * reservation generate UA(Reservations
7747			 * Preempted) for all other registered nexuses
7748			 * if the type has changed. Establish the new
7749			 * reservation and holder. If res_key and
7750			 * sa_res_key are the same do the above
7751			 * except don't unregister the res holder.
7752			 */
7753
7754			/*
7755			 * Temporarily unregister so it won't get
7756			 * removed or UA generated
7757			 */
7758			lun->per_res[residx].registered = 0;
7759			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7760				if (lun->per_res[i].registered == 0)
7761					continue;
7762
7763				if (memcmp(param->serv_act_res_key,
7764				    lun->per_res[i].res_key.key,
7765				    sizeof(struct scsi_per_res_key)) == 0) {
7766					lun->per_res[i].registered = 0;
7767					memset(&lun->per_res[i].res_key,
7768					       0,
7769					       sizeof(struct scsi_per_res_key));
7770					lun->pr_key_count--;
7771
7772					if (!persis_offset
7773					 && i < CTL_MAX_INITIATORS)
7774						lun->pending_sense[i
7775							].ua_pending |=
7776							CTL_UA_REG_PREEMPT;
7777					else if (persis_offset
7778					      && i >= persis_offset)
7779						lun->pending_sense[
7780						  i-persis_offset].ua_pending |=
7781						  CTL_UA_REG_PREEMPT;
7782				} else if (type != lun->res_type
7783					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7784					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7785						if (!persis_offset
7786						 && i < CTL_MAX_INITIATORS)
7787							lun->pending_sense[i
7788							].ua_pending |=
7789							CTL_UA_RES_RELEASE;
7790						else if (persis_offset
7791						      && i >= persis_offset)
7792							lun->pending_sense[
7793							i-persis_offset
7794							].ua_pending |=
7795							CTL_UA_RES_RELEASE;
7796				}
7797			}
7798			lun->per_res[residx].registered = 1;
7799			lun->res_type = type;
7800			if (lun->res_type != SPR_TYPE_WR_EX_AR
7801			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7802				lun->pr_res_idx = residx;
7803			else
7804				lun->pr_res_idx =
7805					CTL_PR_ALL_REGISTRANTS;
7806
7807			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7808			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7809			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7810			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7811			persis_io.pr.pr_info.res_type = type;
7812			memcpy(persis_io.pr.pr_info.sa_res_key,
7813			       param->serv_act_res_key,
7814			       sizeof(param->serv_act_res_key));
7815			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7816			     &persis_io, sizeof(persis_io), 0)) >
7817			     CTL_HA_STATUS_SUCCESS) {
7818				printf("CTL:Persis Out error returned "
7819				       "from ctl_ha_msg_send %d\n",
7820				       isc_retval);
7821			}
7822		} else {
7823			/*
7824			 * sa_res_key is not the res holder just
7825			 * remove registrants
7826			 */
7827			int found=0;
7828
7829			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7830				if (memcmp(param->serv_act_res_key,
7831				    lun->per_res[i].res_key.key,
7832				    sizeof(struct scsi_per_res_key)) != 0)
7833					continue;
7834
7835				found = 1;
7836				lun->per_res[i].registered = 0;
7837				memset(&lun->per_res[i].res_key, 0,
7838				       sizeof(struct scsi_per_res_key));
7839				lun->pr_key_count--;
7840
7841				if (!persis_offset
7842				 && i < CTL_MAX_INITIATORS)
7843					lun->pending_sense[i].ua_pending |=
7844						CTL_UA_REG_PREEMPT;
7845				else if (persis_offset
7846				      && i >= persis_offset)
7847					lun->pending_sense[
7848						i-persis_offset].ua_pending |=
7849						CTL_UA_REG_PREEMPT;
7850			}
7851
7852			if (!found) {
7853				mtx_unlock(&lun->lun_lock);
7854				free(ctsio->kern_data_ptr, M_CTL);
7855				ctl_set_reservation_conflict(ctsio);
7856				ctl_done((union ctl_io *)ctsio);
7857		        	return (1);
7858			}
7859			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7860			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7861			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7862			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7863			persis_io.pr.pr_info.res_type = type;
7864			memcpy(persis_io.pr.pr_info.sa_res_key,
7865			       param->serv_act_res_key,
7866			       sizeof(param->serv_act_res_key));
7867			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7868			     &persis_io, sizeof(persis_io), 0)) >
7869			     CTL_HA_STATUS_SUCCESS) {
7870				printf("CTL:Persis Out error returned "
7871				       "from ctl_ha_msg_send %d\n",
7872				isc_retval);
7873			}
7874		}
7875	}
7876
7877	lun->PRGeneration++;
7878	mtx_unlock(&lun->lun_lock);
7879
7880	return (retval);
7881}
7882
7883static void
7884ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7885{
7886	int i;
7887
7888	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7889	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7890	 || memcmp(&lun->per_res[lun->pr_res_idx].res_key,
7891		   msg->pr.pr_info.sa_res_key,
7892		   sizeof(struct scsi_per_res_key)) != 0) {
7893		uint64_t sa_res_key;
7894		sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7895
7896		if (sa_res_key == 0) {
7897			/* temporarily unregister this nexus */
7898			lun->per_res[msg->pr.pr_info.residx].registered = 0;
7899
7900			/*
7901			 * Unregister everybody else and build UA for
7902			 * them
7903			 */
7904			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7905				if (lun->per_res[i].registered == 0)
7906					continue;
7907
7908				if (!persis_offset
7909				 && i < CTL_MAX_INITIATORS)
7910					lun->pending_sense[i].ua_pending |=
7911						CTL_UA_REG_PREEMPT;
7912				else if (persis_offset && i >= persis_offset)
7913					lun->pending_sense[i -
7914						persis_offset].ua_pending |=
7915						CTL_UA_REG_PREEMPT;
7916				lun->per_res[i].registered = 0;
7917				memset(&lun->per_res[i].res_key, 0,
7918				       sizeof(struct scsi_per_res_key));
7919			}
7920
7921			lun->per_res[msg->pr.pr_info.residx].registered = 1;
7922			lun->pr_key_count = 1;
7923			lun->res_type = msg->pr.pr_info.res_type;
7924			if (lun->res_type != SPR_TYPE_WR_EX_AR
7925			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7926				lun->pr_res_idx = msg->pr.pr_info.residx;
7927		} else {
7928		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7929				if (memcmp(msg->pr.pr_info.sa_res_key,
7930		                   lun->per_res[i].res_key.key,
7931		                   sizeof(struct scsi_per_res_key)) != 0)
7932					continue;
7933
7934				lun->per_res[i].registered = 0;
7935				memset(&lun->per_res[i].res_key, 0,
7936				       sizeof(struct scsi_per_res_key));
7937				lun->pr_key_count--;
7938
7939				if (!persis_offset
7940				 && i < persis_offset)
7941					lun->pending_sense[i].ua_pending |=
7942						CTL_UA_REG_PREEMPT;
7943				else if (persis_offset
7944				      && i >= persis_offset)
7945					lun->pending_sense[i -
7946						persis_offset].ua_pending |=
7947						CTL_UA_REG_PREEMPT;
7948			}
7949		}
7950	} else {
7951		/*
7952		 * Temporarily unregister so it won't get removed
7953		 * or UA generated
7954		 */
7955		lun->per_res[msg->pr.pr_info.residx].registered = 0;
7956		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7957			if (lun->per_res[i].registered == 0)
7958				continue;
7959
7960			if (memcmp(msg->pr.pr_info.sa_res_key,
7961	                   lun->per_res[i].res_key.key,
7962	                   sizeof(struct scsi_per_res_key)) == 0) {
7963				lun->per_res[i].registered = 0;
7964				memset(&lun->per_res[i].res_key, 0,
7965				       sizeof(struct scsi_per_res_key));
7966				lun->pr_key_count--;
7967				if (!persis_offset
7968				 && i < CTL_MAX_INITIATORS)
7969					lun->pending_sense[i].ua_pending |=
7970						CTL_UA_REG_PREEMPT;
7971				else if (persis_offset
7972				      && i >= persis_offset)
7973					lun->pending_sense[i -
7974						persis_offset].ua_pending |=
7975						CTL_UA_REG_PREEMPT;
7976			} else if (msg->pr.pr_info.res_type != lun->res_type
7977				&& (lun->res_type == SPR_TYPE_WR_EX_RO
7978				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
7979					if (!persis_offset
7980					 && i < persis_offset)
7981						lun->pending_sense[i
7982							].ua_pending |=
7983							CTL_UA_RES_RELEASE;
7984					else if (persis_offset
7985					      && i >= persis_offset)
7986					lun->pending_sense[i -
7987						persis_offset].ua_pending |=
7988						CTL_UA_RES_RELEASE;
7989			}
7990		}
7991		lun->per_res[msg->pr.pr_info.residx].registered = 1;
7992		lun->res_type = msg->pr.pr_info.res_type;
7993		if (lun->res_type != SPR_TYPE_WR_EX_AR
7994		 && lun->res_type != SPR_TYPE_EX_AC_AR)
7995			lun->pr_res_idx = msg->pr.pr_info.residx;
7996		else
7997			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7998	}
7999	lun->PRGeneration++;
8000
8001}
8002
8003
8004int
8005ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8006{
8007	int retval;
8008	int isc_retval;
8009	u_int32_t param_len;
8010	struct scsi_per_res_out *cdb;
8011	struct ctl_lun *lun;
8012	struct scsi_per_res_out_parms* param;
8013	struct ctl_softc *softc;
8014	uint32_t residx;
8015	uint64_t res_key, sa_res_key;
8016	uint8_t type;
8017	union ctl_ha_msg persis_io;
8018	int    i;
8019
8020	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8021
8022	retval = CTL_RETVAL_COMPLETE;
8023
8024	softc = control_softc;
8025
8026	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8027	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8028
8029	/*
8030	 * We only support whole-LUN scope.  The scope & type are ignored for
8031	 * register, register and ignore existing key and clear.
8032	 * We sometimes ignore scope and type on preempts too!!
8033	 * Verify reservation type here as well.
8034	 */
8035	type = cdb->scope_type & SPR_TYPE_MASK;
8036	if ((cdb->action == SPRO_RESERVE)
8037	 || (cdb->action == SPRO_RELEASE)) {
8038		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8039			ctl_set_invalid_field(/*ctsio*/ ctsio,
8040					      /*sks_valid*/ 1,
8041					      /*command*/ 1,
8042					      /*field*/ 2,
8043					      /*bit_valid*/ 1,
8044					      /*bit*/ 4);
8045			ctl_done((union ctl_io *)ctsio);
8046			return (CTL_RETVAL_COMPLETE);
8047		}
8048
8049		if (type>8 || type==2 || type==4 || type==0) {
8050			ctl_set_invalid_field(/*ctsio*/ ctsio,
8051					      /*sks_valid*/ 1,
8052					      /*command*/ 1,
8053					      /*field*/ 2,
8054					      /*bit_valid*/ 1,
8055					      /*bit*/ 0);
8056			ctl_done((union ctl_io *)ctsio);
8057			return (CTL_RETVAL_COMPLETE);
8058		}
8059	}
8060
8061	param_len = scsi_4btoul(cdb->length);
8062
8063	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8064		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8065		ctsio->kern_data_len = param_len;
8066		ctsio->kern_total_len = param_len;
8067		ctsio->kern_data_resid = 0;
8068		ctsio->kern_rel_offset = 0;
8069		ctsio->kern_sg_entries = 0;
8070		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8071		ctsio->be_move_done = ctl_config_move_done;
8072		ctl_datamove((union ctl_io *)ctsio);
8073
8074		return (CTL_RETVAL_COMPLETE);
8075	}
8076
8077	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8078
8079	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8080	res_key = scsi_8btou64(param->res_key.key);
8081	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8082
8083	/*
8084	 * Validate the reservation key here except for SPRO_REG_IGNO
8085	 * This must be done for all other service actions
8086	 */
8087	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8088		mtx_lock(&lun->lun_lock);
8089		if (lun->per_res[residx].registered) {
8090		    if (memcmp(param->res_key.key,
8091			       lun->per_res[residx].res_key.key,
8092			       ctl_min(sizeof(param->res_key),
8093			       sizeof(lun->per_res[residx].res_key))) != 0) {
8094				/*
8095				 * The current key passed in doesn't match
8096				 * the one the initiator previously
8097				 * registered.
8098				 */
8099				mtx_unlock(&lun->lun_lock);
8100				free(ctsio->kern_data_ptr, M_CTL);
8101				ctl_set_reservation_conflict(ctsio);
8102				ctl_done((union ctl_io *)ctsio);
8103				return (CTL_RETVAL_COMPLETE);
8104			}
8105		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8106			/*
8107			 * We are not registered
8108			 */
8109			mtx_unlock(&lun->lun_lock);
8110			free(ctsio->kern_data_ptr, M_CTL);
8111			ctl_set_reservation_conflict(ctsio);
8112			ctl_done((union ctl_io *)ctsio);
8113			return (CTL_RETVAL_COMPLETE);
8114		} else if (res_key != 0) {
8115			/*
8116			 * We are not registered and trying to register but
8117			 * the register key isn't zero.
8118			 */
8119			mtx_unlock(&lun->lun_lock);
8120			free(ctsio->kern_data_ptr, M_CTL);
8121			ctl_set_reservation_conflict(ctsio);
8122			ctl_done((union ctl_io *)ctsio);
8123			return (CTL_RETVAL_COMPLETE);
8124		}
8125		mtx_unlock(&lun->lun_lock);
8126	}
8127
8128	switch (cdb->action & SPRO_ACTION_MASK) {
8129	case SPRO_REGISTER:
8130	case SPRO_REG_IGNO: {
8131
8132#if 0
8133		printf("Registration received\n");
8134#endif
8135
8136		/*
8137		 * We don't support any of these options, as we report in
8138		 * the read capabilities request (see
8139		 * ctl_persistent_reserve_in(), above).
8140		 */
8141		if ((param->flags & SPR_SPEC_I_PT)
8142		 || (param->flags & SPR_ALL_TG_PT)
8143		 || (param->flags & SPR_APTPL)) {
8144			int bit_ptr;
8145
8146			if (param->flags & SPR_APTPL)
8147				bit_ptr = 0;
8148			else if (param->flags & SPR_ALL_TG_PT)
8149				bit_ptr = 2;
8150			else /* SPR_SPEC_I_PT */
8151				bit_ptr = 3;
8152
8153			free(ctsio->kern_data_ptr, M_CTL);
8154			ctl_set_invalid_field(ctsio,
8155					      /*sks_valid*/ 1,
8156					      /*command*/ 0,
8157					      /*field*/ 20,
8158					      /*bit_valid*/ 1,
8159					      /*bit*/ bit_ptr);
8160			ctl_done((union ctl_io *)ctsio);
8161			return (CTL_RETVAL_COMPLETE);
8162		}
8163
8164		mtx_lock(&lun->lun_lock);
8165
8166		/*
8167		 * The initiator wants to clear the
8168		 * key/unregister.
8169		 */
8170		if (sa_res_key == 0) {
8171			if ((res_key == 0
8172			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8173			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8174			  && !lun->per_res[residx].registered)) {
8175				mtx_unlock(&lun->lun_lock);
8176				goto done;
8177			}
8178
8179			lun->per_res[residx].registered = 0;
8180			memset(&lun->per_res[residx].res_key,
8181			       0, sizeof(lun->per_res[residx].res_key));
8182			lun->pr_key_count--;
8183
8184			if (residx == lun->pr_res_idx) {
8185				lun->flags &= ~CTL_LUN_PR_RESERVED;
8186				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8187
8188				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8189				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8190				 && lun->pr_key_count) {
8191					/*
8192					 * If the reservation is a registrants
8193					 * only type we need to generate a UA
8194					 * for other registered inits.  The
8195					 * sense code should be RESERVATIONS
8196					 * RELEASED
8197					 */
8198
8199					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8200						if (lun->per_res[
8201						    i+persis_offset].registered
8202						    == 0)
8203							continue;
8204						lun->pending_sense[i
8205							].ua_pending |=
8206							CTL_UA_RES_RELEASE;
8207					}
8208				}
8209				lun->res_type = 0;
8210			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8211				if (lun->pr_key_count==0) {
8212					lun->flags &= ~CTL_LUN_PR_RESERVED;
8213					lun->res_type = 0;
8214					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8215				}
8216			}
8217			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8218			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8219			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8220			persis_io.pr.pr_info.residx = residx;
8221			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8222			     &persis_io, sizeof(persis_io), 0 )) >
8223			     CTL_HA_STATUS_SUCCESS) {
8224				printf("CTL:Persis Out error returned from "
8225				       "ctl_ha_msg_send %d\n", isc_retval);
8226			}
8227		} else /* sa_res_key != 0 */ {
8228
8229			/*
8230			 * If we aren't registered currently then increment
8231			 * the key count and set the registered flag.
8232			 */
8233			if (!lun->per_res[residx].registered) {
8234				lun->pr_key_count++;
8235				lun->per_res[residx].registered = 1;
8236			}
8237
8238			memcpy(&lun->per_res[residx].res_key,
8239			       param->serv_act_res_key,
8240			       ctl_min(sizeof(param->serv_act_res_key),
8241			       sizeof(lun->per_res[residx].res_key)));
8242
8243			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8244			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8245			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8246			persis_io.pr.pr_info.residx = residx;
8247			memcpy(persis_io.pr.pr_info.sa_res_key,
8248			       param->serv_act_res_key,
8249			       sizeof(param->serv_act_res_key));
8250			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8251			     &persis_io, sizeof(persis_io), 0)) >
8252			     CTL_HA_STATUS_SUCCESS) {
8253				printf("CTL:Persis Out error returned from "
8254				       "ctl_ha_msg_send %d\n", isc_retval);
8255			}
8256		}
8257		lun->PRGeneration++;
8258		mtx_unlock(&lun->lun_lock);
8259
8260		break;
8261	}
8262	case SPRO_RESERVE:
8263#if 0
8264                printf("Reserve executed type %d\n", type);
8265#endif
8266		mtx_lock(&lun->lun_lock);
8267		if (lun->flags & CTL_LUN_PR_RESERVED) {
8268			/*
8269			 * if this isn't the reservation holder and it's
8270			 * not a "all registrants" type or if the type is
8271			 * different then we have a conflict
8272			 */
8273			if ((lun->pr_res_idx != residx
8274			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8275			 || lun->res_type != type) {
8276				mtx_unlock(&lun->lun_lock);
8277				free(ctsio->kern_data_ptr, M_CTL);
8278				ctl_set_reservation_conflict(ctsio);
8279				ctl_done((union ctl_io *)ctsio);
8280				return (CTL_RETVAL_COMPLETE);
8281			}
8282			mtx_unlock(&lun->lun_lock);
8283		} else /* create a reservation */ {
8284			/*
8285			 * If it's not an "all registrants" type record
8286			 * reservation holder
8287			 */
8288			if (type != SPR_TYPE_WR_EX_AR
8289			 && type != SPR_TYPE_EX_AC_AR)
8290				lun->pr_res_idx = residx; /* Res holder */
8291			else
8292				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8293
8294			lun->flags |= CTL_LUN_PR_RESERVED;
8295			lun->res_type = type;
8296
8297			mtx_unlock(&lun->lun_lock);
8298
8299			/* send msg to other side */
8300			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8301			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8302			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8303			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8304			persis_io.pr.pr_info.res_type = type;
8305			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8306			     &persis_io, sizeof(persis_io), 0)) >
8307			     CTL_HA_STATUS_SUCCESS) {
8308				printf("CTL:Persis Out error returned from "
8309				       "ctl_ha_msg_send %d\n", isc_retval);
8310			}
8311		}
8312		break;
8313
8314	case SPRO_RELEASE:
8315		mtx_lock(&lun->lun_lock);
8316		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8317			/* No reservation exists return good status */
8318			mtx_unlock(&lun->lun_lock);
8319			goto done;
8320		}
8321		/*
8322		 * Is this nexus a reservation holder?
8323		 */
8324		if (lun->pr_res_idx != residx
8325		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8326			/*
8327			 * not a res holder return good status but
8328			 * do nothing
8329			 */
8330			mtx_unlock(&lun->lun_lock);
8331			goto done;
8332		}
8333
8334		if (lun->res_type != type) {
8335			mtx_unlock(&lun->lun_lock);
8336			free(ctsio->kern_data_ptr, M_CTL);
8337			ctl_set_illegal_pr_release(ctsio);
8338			ctl_done((union ctl_io *)ctsio);
8339			return (CTL_RETVAL_COMPLETE);
8340		}
8341
8342		/* okay to release */
8343		lun->flags &= ~CTL_LUN_PR_RESERVED;
8344		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8345		lun->res_type = 0;
8346
8347		/*
8348		 * if this isn't an exclusive access
8349		 * res generate UA for all other
8350		 * registrants.
8351		 */
8352		if (type != SPR_TYPE_EX_AC
8353		 && type != SPR_TYPE_WR_EX) {
8354			/*
8355			 * temporarily unregister so we don't generate UA
8356			 */
8357			lun->per_res[residx].registered = 0;
8358
8359			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8360				if (lun->per_res[i+persis_offset].registered
8361				    == 0)
8362					continue;
8363				lun->pending_sense[i].ua_pending |=
8364					CTL_UA_RES_RELEASE;
8365			}
8366
8367			lun->per_res[residx].registered = 1;
8368		}
8369		mtx_unlock(&lun->lun_lock);
8370		/* Send msg to other side */
8371		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8372		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8373		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8374		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8375		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8376			printf("CTL:Persis Out error returned from "
8377			       "ctl_ha_msg_send %d\n", isc_retval);
8378		}
8379		break;
8380
8381	case SPRO_CLEAR:
8382		/* send msg to other side */
8383
8384		mtx_lock(&lun->lun_lock);
8385		lun->flags &= ~CTL_LUN_PR_RESERVED;
8386		lun->res_type = 0;
8387		lun->pr_key_count = 0;
8388		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8389
8390
8391		memset(&lun->per_res[residx].res_key,
8392		       0, sizeof(lun->per_res[residx].res_key));
8393		lun->per_res[residx].registered = 0;
8394
8395		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8396			if (lun->per_res[i].registered) {
8397				if (!persis_offset && i < CTL_MAX_INITIATORS)
8398					lun->pending_sense[i].ua_pending |=
8399						CTL_UA_RES_PREEMPT;
8400				else if (persis_offset && i >= persis_offset)
8401					lun->pending_sense[i-persis_offset
8402					    ].ua_pending |= CTL_UA_RES_PREEMPT;
8403
8404				memset(&lun->per_res[i].res_key,
8405				       0, sizeof(struct scsi_per_res_key));
8406				lun->per_res[i].registered = 0;
8407			}
8408		lun->PRGeneration++;
8409		mtx_unlock(&lun->lun_lock);
8410		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8411		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8412		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8413		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8414		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8415			printf("CTL:Persis Out error returned from "
8416			       "ctl_ha_msg_send %d\n", isc_retval);
8417		}
8418		break;
8419
8420	case SPRO_PREEMPT: {
8421		int nretval;
8422
8423		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8424					  residx, ctsio, cdb, param);
8425		if (nretval != 0)
8426			return (CTL_RETVAL_COMPLETE);
8427		break;
8428	}
8429	default:
8430		panic("Invalid PR type %x", cdb->action);
8431	}
8432
8433done:
8434	free(ctsio->kern_data_ptr, M_CTL);
8435	ctl_set_success(ctsio);
8436	ctl_done((union ctl_io *)ctsio);
8437
8438	return (retval);
8439}
8440
8441/*
8442 * This routine is for handling a message from the other SC pertaining to
8443 * persistent reserve out. All the error checking will have been done
8444 * so only perorming the action need be done here to keep the two
8445 * in sync.
8446 */
8447static void
8448ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8449{
8450	struct ctl_lun *lun;
8451	struct ctl_softc *softc;
8452	int i;
8453	uint32_t targ_lun;
8454
8455	softc = control_softc;
8456
8457	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8458	lun = softc->ctl_luns[targ_lun];
8459	mtx_lock(&lun->lun_lock);
8460	switch(msg->pr.pr_info.action) {
8461	case CTL_PR_REG_KEY:
8462		if (!lun->per_res[msg->pr.pr_info.residx].registered) {
8463			lun->per_res[msg->pr.pr_info.residx].registered = 1;
8464			lun->pr_key_count++;
8465		}
8466		lun->PRGeneration++;
8467		memcpy(&lun->per_res[msg->pr.pr_info.residx].res_key,
8468		       msg->pr.pr_info.sa_res_key,
8469		       sizeof(struct scsi_per_res_key));
8470		break;
8471
8472	case CTL_PR_UNREG_KEY:
8473		lun->per_res[msg->pr.pr_info.residx].registered = 0;
8474		memset(&lun->per_res[msg->pr.pr_info.residx].res_key,
8475		       0, sizeof(struct scsi_per_res_key));
8476		lun->pr_key_count--;
8477
8478		/* XXX Need to see if the reservation has been released */
8479		/* if so do we need to generate UA? */
8480		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8481			lun->flags &= ~CTL_LUN_PR_RESERVED;
8482			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8483
8484			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8485			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8486			 && lun->pr_key_count) {
8487				/*
8488				 * If the reservation is a registrants
8489				 * only type we need to generate a UA
8490				 * for other registered inits.  The
8491				 * sense code should be RESERVATIONS
8492				 * RELEASED
8493				 */
8494
8495				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8496					if (lun->per_res[i+
8497					    persis_offset].registered == 0)
8498						continue;
8499
8500					lun->pending_sense[i
8501						].ua_pending |=
8502						CTL_UA_RES_RELEASE;
8503				}
8504			}
8505			lun->res_type = 0;
8506		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8507			if (lun->pr_key_count==0) {
8508				lun->flags &= ~CTL_LUN_PR_RESERVED;
8509				lun->res_type = 0;
8510				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8511			}
8512		}
8513		lun->PRGeneration++;
8514		break;
8515
8516	case CTL_PR_RESERVE:
8517		lun->flags |= CTL_LUN_PR_RESERVED;
8518		lun->res_type = msg->pr.pr_info.res_type;
8519		lun->pr_res_idx = msg->pr.pr_info.residx;
8520
8521		break;
8522
8523	case CTL_PR_RELEASE:
8524		/*
8525		 * if this isn't an exclusive access res generate UA for all
8526		 * other registrants.
8527		 */
8528		if (lun->res_type != SPR_TYPE_EX_AC
8529		 && lun->res_type != SPR_TYPE_WR_EX) {
8530			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8531				if (lun->per_res[i+persis_offset].registered)
8532					lun->pending_sense[i].ua_pending |=
8533						CTL_UA_RES_RELEASE;
8534		}
8535
8536		lun->flags &= ~CTL_LUN_PR_RESERVED;
8537		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8538		lun->res_type = 0;
8539		break;
8540
8541	case CTL_PR_PREEMPT:
8542		ctl_pro_preempt_other(lun, msg);
8543		break;
8544	case CTL_PR_CLEAR:
8545		lun->flags &= ~CTL_LUN_PR_RESERVED;
8546		lun->res_type = 0;
8547		lun->pr_key_count = 0;
8548		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8549
8550		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8551			if (lun->per_res[i].registered == 0)
8552				continue;
8553			if (!persis_offset
8554			 && i < CTL_MAX_INITIATORS)
8555				lun->pending_sense[i].ua_pending |=
8556					CTL_UA_RES_PREEMPT;
8557			else if (persis_offset
8558			      && i >= persis_offset)
8559   				lun->pending_sense[i-persis_offset].ua_pending|=
8560					CTL_UA_RES_PREEMPT;
8561			memset(&lun->per_res[i].res_key, 0,
8562			       sizeof(struct scsi_per_res_key));
8563			lun->per_res[i].registered = 0;
8564		}
8565		lun->PRGeneration++;
8566		break;
8567	}
8568
8569	mtx_unlock(&lun->lun_lock);
8570}
8571
8572int
8573ctl_read_write(struct ctl_scsiio *ctsio)
8574{
8575	struct ctl_lun *lun;
8576	struct ctl_lba_len_flags *lbalen;
8577	uint64_t lba;
8578	uint32_t num_blocks;
8579	int fua, dpo;
8580	int retval;
8581	int isread;
8582
8583	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8584
8585	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8586
8587	fua = 0;
8588	dpo = 0;
8589
8590	retval = CTL_RETVAL_COMPLETE;
8591
8592	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8593	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8594	if (lun->flags & CTL_LUN_PR_RESERVED && isread) {
8595		uint32_t residx;
8596
8597		/*
8598		 * XXX KDM need a lock here.
8599		 */
8600		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8601		if ((lun->res_type == SPR_TYPE_EX_AC
8602		  && residx != lun->pr_res_idx)
8603		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
8604		   || lun->res_type == SPR_TYPE_EX_AC_AR)
8605		  && !lun->per_res[residx].registered)) {
8606			ctl_set_reservation_conflict(ctsio);
8607			ctl_done((union ctl_io *)ctsio);
8608			return (CTL_RETVAL_COMPLETE);
8609	        }
8610	}
8611
8612	switch (ctsio->cdb[0]) {
8613	case READ_6:
8614	case WRITE_6: {
8615		struct scsi_rw_6 *cdb;
8616
8617		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8618
8619		lba = scsi_3btoul(cdb->addr);
8620		/* only 5 bits are valid in the most significant address byte */
8621		lba &= 0x1fffff;
8622		num_blocks = cdb->length;
8623		/*
8624		 * This is correct according to SBC-2.
8625		 */
8626		if (num_blocks == 0)
8627			num_blocks = 256;
8628		break;
8629	}
8630	case READ_10:
8631	case WRITE_10: {
8632		struct scsi_rw_10 *cdb;
8633
8634		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8635
8636		if (cdb->byte2 & SRW10_FUA)
8637			fua = 1;
8638		if (cdb->byte2 & SRW10_DPO)
8639			dpo = 1;
8640
8641		lba = scsi_4btoul(cdb->addr);
8642		num_blocks = scsi_2btoul(cdb->length);
8643		break;
8644	}
8645	case WRITE_VERIFY_10: {
8646		struct scsi_write_verify_10 *cdb;
8647
8648		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8649
8650		/*
8651		 * XXX KDM we should do actual write verify support at some
8652		 * point.  This is obviously fake, we're just translating
8653		 * things to a write.  So we don't even bother checking the
8654		 * BYTCHK field, since we don't do any verification.  If
8655		 * the user asks for it, we'll just pretend we did it.
8656		 */
8657		if (cdb->byte2 & SWV_DPO)
8658			dpo = 1;
8659
8660		lba = scsi_4btoul(cdb->addr);
8661		num_blocks = scsi_2btoul(cdb->length);
8662		break;
8663	}
8664	case READ_12:
8665	case WRITE_12: {
8666		struct scsi_rw_12 *cdb;
8667
8668		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8669
8670		if (cdb->byte2 & SRW12_FUA)
8671			fua = 1;
8672		if (cdb->byte2 & SRW12_DPO)
8673			dpo = 1;
8674		lba = scsi_4btoul(cdb->addr);
8675		num_blocks = scsi_4btoul(cdb->length);
8676		break;
8677	}
8678	case WRITE_VERIFY_12: {
8679		struct scsi_write_verify_12 *cdb;
8680
8681		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8682
8683		if (cdb->byte2 & SWV_DPO)
8684			dpo = 1;
8685
8686		lba = scsi_4btoul(cdb->addr);
8687		num_blocks = scsi_4btoul(cdb->length);
8688
8689		break;
8690	}
8691	case READ_16:
8692	case WRITE_16: {
8693		struct scsi_rw_16 *cdb;
8694
8695		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8696
8697		if (cdb->byte2 & SRW12_FUA)
8698			fua = 1;
8699		if (cdb->byte2 & SRW12_DPO)
8700			dpo = 1;
8701
8702		lba = scsi_8btou64(cdb->addr);
8703		num_blocks = scsi_4btoul(cdb->length);
8704		break;
8705	}
8706	case WRITE_VERIFY_16: {
8707		struct scsi_write_verify_16 *cdb;
8708
8709		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8710
8711		if (cdb->byte2 & SWV_DPO)
8712			dpo = 1;
8713
8714		lba = scsi_8btou64(cdb->addr);
8715		num_blocks = scsi_4btoul(cdb->length);
8716		break;
8717	}
8718	default:
8719		/*
8720		 * We got a command we don't support.  This shouldn't
8721		 * happen, commands should be filtered out above us.
8722		 */
8723		ctl_set_invalid_opcode(ctsio);
8724		ctl_done((union ctl_io *)ctsio);
8725
8726		return (CTL_RETVAL_COMPLETE);
8727		break; /* NOTREACHED */
8728	}
8729
8730	/*
8731	 * XXX KDM what do we do with the DPO and FUA bits?  FUA might be
8732	 * interesting for us, but if RAIDCore is in write-back mode,
8733	 * getting it to do write-through for a particular transaction may
8734	 * not be possible.
8735	 */
8736
8737	/*
8738	 * The first check is to make sure we're in bounds, the second
8739	 * check is to catch wrap-around problems.  If the lba + num blocks
8740	 * is less than the lba, then we've wrapped around and the block
8741	 * range is invalid anyway.
8742	 */
8743	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8744	 || ((lba + num_blocks) < lba)) {
8745		ctl_set_lba_out_of_range(ctsio);
8746		ctl_done((union ctl_io *)ctsio);
8747		return (CTL_RETVAL_COMPLETE);
8748	}
8749
8750	/*
8751	 * According to SBC-3, a transfer length of 0 is not an error.
8752	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8753	 * translates to 256 blocks for those commands.
8754	 */
8755	if (num_blocks == 0) {
8756		ctl_set_success(ctsio);
8757		ctl_done((union ctl_io *)ctsio);
8758		return (CTL_RETVAL_COMPLETE);
8759	}
8760
8761	lbalen = (struct ctl_lba_len_flags *)
8762	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8763	lbalen->lba = lba;
8764	lbalen->len = num_blocks;
8765	lbalen->flags = isread ? CTL_LLF_READ : CTL_LLF_WRITE;
8766
8767	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8768	ctsio->kern_rel_offset = 0;
8769
8770	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8771
8772	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8773
8774	return (retval);
8775}
8776
8777static int
8778ctl_cnw_cont(union ctl_io *io)
8779{
8780	struct ctl_scsiio *ctsio;
8781	struct ctl_lun *lun;
8782	struct ctl_lba_len_flags *lbalen;
8783	int retval;
8784
8785	ctsio = &io->scsiio;
8786	ctsio->io_hdr.status = CTL_STATUS_NONE;
8787	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8788	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8789	lbalen = (struct ctl_lba_len_flags *)
8790	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8791	lbalen->flags = CTL_LLF_WRITE;
8792
8793	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8794	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8795	return (retval);
8796}
8797
8798int
8799ctl_cnw(struct ctl_scsiio *ctsio)
8800{
8801	struct ctl_lun *lun;
8802	struct ctl_lba_len_flags *lbalen;
8803	uint64_t lba;
8804	uint32_t num_blocks;
8805	int fua, dpo;
8806	int retval;
8807
8808	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8809
8810	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8811
8812	fua = 0;
8813	dpo = 0;
8814
8815	retval = CTL_RETVAL_COMPLETE;
8816
8817	switch (ctsio->cdb[0]) {
8818	case COMPARE_AND_WRITE: {
8819		struct scsi_compare_and_write *cdb;
8820
8821		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8822
8823		if (cdb->byte2 & SRW10_FUA)
8824			fua = 1;
8825		if (cdb->byte2 & SRW10_DPO)
8826			dpo = 1;
8827		lba = scsi_8btou64(cdb->addr);
8828		num_blocks = cdb->length;
8829		break;
8830	}
8831	default:
8832		/*
8833		 * We got a command we don't support.  This shouldn't
8834		 * happen, commands should be filtered out above us.
8835		 */
8836		ctl_set_invalid_opcode(ctsio);
8837		ctl_done((union ctl_io *)ctsio);
8838
8839		return (CTL_RETVAL_COMPLETE);
8840		break; /* NOTREACHED */
8841	}
8842
8843	/*
8844	 * XXX KDM what do we do with the DPO and FUA bits?  FUA might be
8845	 * interesting for us, but if RAIDCore is in write-back mode,
8846	 * getting it to do write-through for a particular transaction may
8847	 * not be possible.
8848	 */
8849
8850	/*
8851	 * The first check is to make sure we're in bounds, the second
8852	 * check is to catch wrap-around problems.  If the lba + num blocks
8853	 * is less than the lba, then we've wrapped around and the block
8854	 * range is invalid anyway.
8855	 */
8856	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8857	 || ((lba + num_blocks) < lba)) {
8858		ctl_set_lba_out_of_range(ctsio);
8859		ctl_done((union ctl_io *)ctsio);
8860		return (CTL_RETVAL_COMPLETE);
8861	}
8862
8863	/*
8864	 * According to SBC-3, a transfer length of 0 is not an error.
8865	 */
8866	if (num_blocks == 0) {
8867		ctl_set_success(ctsio);
8868		ctl_done((union ctl_io *)ctsio);
8869		return (CTL_RETVAL_COMPLETE);
8870	}
8871
8872	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8873	ctsio->kern_rel_offset = 0;
8874
8875	/*
8876	 * Set the IO_CONT flag, so that if this I/O gets passed to
8877	 * ctl_data_submit_done(), it'll get passed back to
8878	 * ctl_ctl_cnw_cont() for further processing.
8879	 */
8880	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8881	ctsio->io_cont = ctl_cnw_cont;
8882
8883	lbalen = (struct ctl_lba_len_flags *)
8884	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8885	lbalen->lba = lba;
8886	lbalen->len = num_blocks;
8887	lbalen->flags = CTL_LLF_COMPARE;
8888
8889	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8890	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8891	return (retval);
8892}
8893
8894int
8895ctl_verify(struct ctl_scsiio *ctsio)
8896{
8897	struct ctl_lun *lun;
8898	struct ctl_lba_len_flags *lbalen;
8899	uint64_t lba;
8900	uint32_t num_blocks;
8901	int bytchk, dpo;
8902	int retval;
8903
8904	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8905
8906	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8907
8908	bytchk = 0;
8909	dpo = 0;
8910	retval = CTL_RETVAL_COMPLETE;
8911
8912	switch (ctsio->cdb[0]) {
8913	case VERIFY_10: {
8914		struct scsi_verify_10 *cdb;
8915
8916		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8917		if (cdb->byte2 & SVFY_BYTCHK)
8918			bytchk = 1;
8919		if (cdb->byte2 & SVFY_DPO)
8920			dpo = 1;
8921		lba = scsi_4btoul(cdb->addr);
8922		num_blocks = scsi_2btoul(cdb->length);
8923		break;
8924	}
8925	case VERIFY_12: {
8926		struct scsi_verify_12 *cdb;
8927
8928		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8929		if (cdb->byte2 & SVFY_BYTCHK)
8930			bytchk = 1;
8931		if (cdb->byte2 & SVFY_DPO)
8932			dpo = 1;
8933		lba = scsi_4btoul(cdb->addr);
8934		num_blocks = scsi_4btoul(cdb->length);
8935		break;
8936	}
8937	case VERIFY_16: {
8938		struct scsi_rw_16 *cdb;
8939
8940		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8941		if (cdb->byte2 & SVFY_BYTCHK)
8942			bytchk = 1;
8943		if (cdb->byte2 & SVFY_DPO)
8944			dpo = 1;
8945		lba = scsi_8btou64(cdb->addr);
8946		num_blocks = scsi_4btoul(cdb->length);
8947		break;
8948	}
8949	default:
8950		/*
8951		 * We got a command we don't support.  This shouldn't
8952		 * happen, commands should be filtered out above us.
8953		 */
8954		ctl_set_invalid_opcode(ctsio);
8955		ctl_done((union ctl_io *)ctsio);
8956		return (CTL_RETVAL_COMPLETE);
8957	}
8958
8959	/*
8960	 * The first check is to make sure we're in bounds, the second
8961	 * check is to catch wrap-around problems.  If the lba + num blocks
8962	 * is less than the lba, then we've wrapped around and the block
8963	 * range is invalid anyway.
8964	 */
8965	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8966	 || ((lba + num_blocks) < lba)) {
8967		ctl_set_lba_out_of_range(ctsio);
8968		ctl_done((union ctl_io *)ctsio);
8969		return (CTL_RETVAL_COMPLETE);
8970	}
8971
8972	/*
8973	 * According to SBC-3, a transfer length of 0 is not an error.
8974	 */
8975	if (num_blocks == 0) {
8976		ctl_set_success(ctsio);
8977		ctl_done((union ctl_io *)ctsio);
8978		return (CTL_RETVAL_COMPLETE);
8979	}
8980
8981	lbalen = (struct ctl_lba_len_flags *)
8982	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8983	lbalen->lba = lba;
8984	lbalen->len = num_blocks;
8985	if (bytchk) {
8986		lbalen->flags = CTL_LLF_COMPARE;
8987		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8988	} else {
8989		lbalen->flags = CTL_LLF_VERIFY;
8990		ctsio->kern_total_len = 0;
8991	}
8992	ctsio->kern_rel_offset = 0;
8993
8994	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8995	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8996	return (retval);
8997}
8998
8999int
9000ctl_report_luns(struct ctl_scsiio *ctsio)
9001{
9002	struct scsi_report_luns *cdb;
9003	struct scsi_report_luns_data *lun_data;
9004	struct ctl_lun *lun, *request_lun;
9005	int num_luns, retval;
9006	uint32_t alloc_len, lun_datalen;
9007	int num_filled, well_known;
9008	uint32_t initidx, targ_lun_id, lun_id;
9009
9010	retval = CTL_RETVAL_COMPLETE;
9011	well_known = 0;
9012
9013	cdb = (struct scsi_report_luns *)ctsio->cdb;
9014
9015	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9016
9017	mtx_lock(&control_softc->ctl_lock);
9018	num_luns = control_softc->num_luns;
9019	mtx_unlock(&control_softc->ctl_lock);
9020
9021	switch (cdb->select_report) {
9022	case RPL_REPORT_DEFAULT:
9023	case RPL_REPORT_ALL:
9024		break;
9025	case RPL_REPORT_WELLKNOWN:
9026		well_known = 1;
9027		num_luns = 0;
9028		break;
9029	default:
9030		ctl_set_invalid_field(ctsio,
9031				      /*sks_valid*/ 1,
9032				      /*command*/ 1,
9033				      /*field*/ 2,
9034				      /*bit_valid*/ 0,
9035				      /*bit*/ 0);
9036		ctl_done((union ctl_io *)ctsio);
9037		return (retval);
9038		break; /* NOTREACHED */
9039	}
9040
9041	alloc_len = scsi_4btoul(cdb->length);
9042	/*
9043	 * The initiator has to allocate at least 16 bytes for this request,
9044	 * so he can at least get the header and the first LUN.  Otherwise
9045	 * we reject the request (per SPC-3 rev 14, section 6.21).
9046	 */
9047	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9048	    sizeof(struct scsi_report_luns_lundata))) {
9049		ctl_set_invalid_field(ctsio,
9050				      /*sks_valid*/ 1,
9051				      /*command*/ 1,
9052				      /*field*/ 6,
9053				      /*bit_valid*/ 0,
9054				      /*bit*/ 0);
9055		ctl_done((union ctl_io *)ctsio);
9056		return (retval);
9057	}
9058
9059	request_lun = (struct ctl_lun *)
9060		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9061
9062	lun_datalen = sizeof(*lun_data) +
9063		(num_luns * sizeof(struct scsi_report_luns_lundata));
9064
9065	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9066	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9067	ctsio->kern_sg_entries = 0;
9068
9069	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9070
9071	mtx_lock(&control_softc->ctl_lock);
9072	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9073		lun_id = targ_lun_id;
9074		if (ctsio->io_hdr.nexus.lun_map_fn != NULL)
9075			lun_id = ctsio->io_hdr.nexus.lun_map_fn(ctsio->io_hdr.nexus.lun_map_arg, lun_id);
9076		if (lun_id >= CTL_MAX_LUNS)
9077			continue;
9078		lun = control_softc->ctl_luns[lun_id];
9079		if (lun == NULL)
9080			continue;
9081
9082		if (targ_lun_id <= 0xff) {
9083			/*
9084			 * Peripheral addressing method, bus number 0.
9085			 */
9086			lun_data->luns[num_filled].lundata[0] =
9087				RPL_LUNDATA_ATYP_PERIPH;
9088			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9089			num_filled++;
9090		} else if (targ_lun_id <= 0x3fff) {
9091			/*
9092			 * Flat addressing method.
9093			 */
9094			lun_data->luns[num_filled].lundata[0] =
9095				RPL_LUNDATA_ATYP_FLAT |
9096				(targ_lun_id & RPL_LUNDATA_FLAT_LUN_MASK);
9097#ifdef OLDCTLHEADERS
9098				(SRLD_ADDR_FLAT << SRLD_ADDR_SHIFT) |
9099				(targ_lun_id & SRLD_BUS_LUN_MASK);
9100#endif
9101			lun_data->luns[num_filled].lundata[1] =
9102#ifdef OLDCTLHEADERS
9103				targ_lun_id >> SRLD_BUS_LUN_BITS;
9104#endif
9105				targ_lun_id >> RPL_LUNDATA_FLAT_LUN_BITS;
9106			num_filled++;
9107		} else {
9108			printf("ctl_report_luns: bogus LUN number %jd, "
9109			       "skipping\n", (intmax_t)targ_lun_id);
9110		}
9111		/*
9112		 * According to SPC-3, rev 14 section 6.21:
9113		 *
9114		 * "The execution of a REPORT LUNS command to any valid and
9115		 * installed logical unit shall clear the REPORTED LUNS DATA
9116		 * HAS CHANGED unit attention condition for all logical
9117		 * units of that target with respect to the requesting
9118		 * initiator. A valid and installed logical unit is one
9119		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9120		 * INQUIRY data (see 6.4.2)."
9121		 *
9122		 * If request_lun is NULL, the LUN this report luns command
9123		 * was issued to is either disabled or doesn't exist. In that
9124		 * case, we shouldn't clear any pending lun change unit
9125		 * attention.
9126		 */
9127		if (request_lun != NULL) {
9128			mtx_lock(&lun->lun_lock);
9129			lun->pending_sense[initidx].ua_pending &=
9130				~CTL_UA_LUN_CHANGE;
9131			mtx_unlock(&lun->lun_lock);
9132		}
9133	}
9134	mtx_unlock(&control_softc->ctl_lock);
9135
9136	/*
9137	 * It's quite possible that we've returned fewer LUNs than we allocated
9138	 * space for.  Trim it.
9139	 */
9140	lun_datalen = sizeof(*lun_data) +
9141		(num_filled * sizeof(struct scsi_report_luns_lundata));
9142
9143	if (lun_datalen < alloc_len) {
9144		ctsio->residual = alloc_len - lun_datalen;
9145		ctsio->kern_data_len = lun_datalen;
9146		ctsio->kern_total_len = lun_datalen;
9147	} else {
9148		ctsio->residual = 0;
9149		ctsio->kern_data_len = alloc_len;
9150		ctsio->kern_total_len = alloc_len;
9151	}
9152	ctsio->kern_data_resid = 0;
9153	ctsio->kern_rel_offset = 0;
9154	ctsio->kern_sg_entries = 0;
9155
9156	/*
9157	 * We set this to the actual data length, regardless of how much
9158	 * space we actually have to return results.  If the user looks at
9159	 * this value, he'll know whether or not he allocated enough space
9160	 * and reissue the command if necessary.  We don't support well
9161	 * known logical units, so if the user asks for that, return none.
9162	 */
9163	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9164
9165	/*
9166	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9167	 * this request.
9168	 */
9169	ctsio->scsi_status = SCSI_STATUS_OK;
9170
9171	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9172	ctsio->be_move_done = ctl_config_move_done;
9173	ctl_datamove((union ctl_io *)ctsio);
9174
9175	return (retval);
9176}
9177
9178int
9179ctl_request_sense(struct ctl_scsiio *ctsio)
9180{
9181	struct scsi_request_sense *cdb;
9182	struct scsi_sense_data *sense_ptr;
9183	struct ctl_lun *lun;
9184	uint32_t initidx;
9185	int have_error;
9186	scsi_sense_data_type sense_format;
9187
9188	cdb = (struct scsi_request_sense *)ctsio->cdb;
9189
9190	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9191
9192	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9193
9194	/*
9195	 * Determine which sense format the user wants.
9196	 */
9197	if (cdb->byte2 & SRS_DESC)
9198		sense_format = SSD_TYPE_DESC;
9199	else
9200		sense_format = SSD_TYPE_FIXED;
9201
9202	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9203	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9204	ctsio->kern_sg_entries = 0;
9205
9206	/*
9207	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9208	 * larger than the largest allowed value for the length field in the
9209	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9210	 */
9211	ctsio->residual = 0;
9212	ctsio->kern_data_len = cdb->length;
9213	ctsio->kern_total_len = cdb->length;
9214
9215	ctsio->kern_data_resid = 0;
9216	ctsio->kern_rel_offset = 0;
9217	ctsio->kern_sg_entries = 0;
9218
9219	/*
9220	 * If we don't have a LUN, we don't have any pending sense.
9221	 */
9222	if (lun == NULL)
9223		goto no_sense;
9224
9225	have_error = 0;
9226	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9227	/*
9228	 * Check for pending sense, and then for pending unit attentions.
9229	 * Pending sense gets returned first, then pending unit attentions.
9230	 */
9231	mtx_lock(&lun->lun_lock);
9232	if (ctl_is_set(lun->have_ca, initidx)) {
9233		scsi_sense_data_type stored_format;
9234
9235		/*
9236		 * Check to see which sense format was used for the stored
9237		 * sense data.
9238		 */
9239		stored_format = scsi_sense_type(
9240		    &lun->pending_sense[initidx].sense);
9241
9242		/*
9243		 * If the user requested a different sense format than the
9244		 * one we stored, then we need to convert it to the other
9245		 * format.  If we're going from descriptor to fixed format
9246		 * sense data, we may lose things in translation, depending
9247		 * on what options were used.
9248		 *
9249		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9250		 * for some reason we'll just copy it out as-is.
9251		 */
9252		if ((stored_format == SSD_TYPE_FIXED)
9253		 && (sense_format == SSD_TYPE_DESC))
9254			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9255			    &lun->pending_sense[initidx].sense,
9256			    (struct scsi_sense_data_desc *)sense_ptr);
9257		else if ((stored_format == SSD_TYPE_DESC)
9258		      && (sense_format == SSD_TYPE_FIXED))
9259			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9260			    &lun->pending_sense[initidx].sense,
9261			    (struct scsi_sense_data_fixed *)sense_ptr);
9262		else
9263			memcpy(sense_ptr, &lun->pending_sense[initidx].sense,
9264			       ctl_min(sizeof(*sense_ptr),
9265			       sizeof(lun->pending_sense[initidx].sense)));
9266
9267		ctl_clear_mask(lun->have_ca, initidx);
9268		have_error = 1;
9269	} else if (lun->pending_sense[initidx].ua_pending != CTL_UA_NONE) {
9270		ctl_ua_type ua_type;
9271
9272		ua_type = ctl_build_ua(lun->pending_sense[initidx].ua_pending,
9273				       sense_ptr, sense_format);
9274		if (ua_type != CTL_UA_NONE) {
9275			have_error = 1;
9276			/* We're reporting this UA, so clear it */
9277			lun->pending_sense[initidx].ua_pending &= ~ua_type;
9278		}
9279	}
9280	mtx_unlock(&lun->lun_lock);
9281
9282	/*
9283	 * We already have a pending error, return it.
9284	 */
9285	if (have_error != 0) {
9286		/*
9287		 * We report the SCSI status as OK, since the status of the
9288		 * request sense command itself is OK.
9289		 */
9290		ctsio->scsi_status = SCSI_STATUS_OK;
9291
9292		/*
9293		 * We report 0 for the sense length, because we aren't doing
9294		 * autosense in this case.  We're reporting sense as
9295		 * parameter data.
9296		 */
9297		ctsio->sense_len = 0;
9298		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9299		ctsio->be_move_done = ctl_config_move_done;
9300		ctl_datamove((union ctl_io *)ctsio);
9301
9302		return (CTL_RETVAL_COMPLETE);
9303	}
9304
9305no_sense:
9306
9307	/*
9308	 * No sense information to report, so we report that everything is
9309	 * okay.
9310	 */
9311	ctl_set_sense_data(sense_ptr,
9312			   lun,
9313			   sense_format,
9314			   /*current_error*/ 1,
9315			   /*sense_key*/ SSD_KEY_NO_SENSE,
9316			   /*asc*/ 0x00,
9317			   /*ascq*/ 0x00,
9318			   SSD_ELEM_NONE);
9319
9320	ctsio->scsi_status = SCSI_STATUS_OK;
9321
9322	/*
9323	 * We report 0 for the sense length, because we aren't doing
9324	 * autosense in this case.  We're reporting sense as parameter data.
9325	 */
9326	ctsio->sense_len = 0;
9327	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9328	ctsio->be_move_done = ctl_config_move_done;
9329	ctl_datamove((union ctl_io *)ctsio);
9330
9331	return (CTL_RETVAL_COMPLETE);
9332}
9333
9334int
9335ctl_tur(struct ctl_scsiio *ctsio)
9336{
9337	struct ctl_lun *lun;
9338
9339	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9340
9341	CTL_DEBUG_PRINT(("ctl_tur\n"));
9342
9343	if (lun == NULL)
9344		return (EINVAL);
9345
9346	ctsio->scsi_status = SCSI_STATUS_OK;
9347	ctsio->io_hdr.status = CTL_SUCCESS;
9348
9349	ctl_done((union ctl_io *)ctsio);
9350
9351	return (CTL_RETVAL_COMPLETE);
9352}
9353
9354#ifdef notyet
9355static int
9356ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9357{
9358
9359}
9360#endif
9361
9362static int
9363ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9364{
9365	struct scsi_vpd_supported_pages *pages;
9366	int sup_page_size;
9367	struct ctl_lun *lun;
9368
9369	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9370
9371	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9372	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9373	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9374	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9375	ctsio->kern_sg_entries = 0;
9376
9377	if (sup_page_size < alloc_len) {
9378		ctsio->residual = alloc_len - sup_page_size;
9379		ctsio->kern_data_len = sup_page_size;
9380		ctsio->kern_total_len = sup_page_size;
9381	} else {
9382		ctsio->residual = 0;
9383		ctsio->kern_data_len = alloc_len;
9384		ctsio->kern_total_len = alloc_len;
9385	}
9386	ctsio->kern_data_resid = 0;
9387	ctsio->kern_rel_offset = 0;
9388	ctsio->kern_sg_entries = 0;
9389
9390	/*
9391	 * The control device is always connected.  The disk device, on the
9392	 * other hand, may not be online all the time.  Need to change this
9393	 * to figure out whether the disk device is actually online or not.
9394	 */
9395	if (lun != NULL)
9396		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9397				lun->be_lun->lun_type;
9398	else
9399		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9400
9401	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
9402	/* Supported VPD pages */
9403	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
9404	/* Serial Number */
9405	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
9406	/* Device Identification */
9407	pages->page_list[2] = SVPD_DEVICE_ID;
9408	/* Block limits */
9409	pages->page_list[3] = SVPD_BLOCK_LIMITS;
9410	/* Logical Block Provisioning */
9411	pages->page_list[4] = SVPD_LBP;
9412
9413	ctsio->scsi_status = SCSI_STATUS_OK;
9414
9415	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9416	ctsio->be_move_done = ctl_config_move_done;
9417	ctl_datamove((union ctl_io *)ctsio);
9418
9419	return (CTL_RETVAL_COMPLETE);
9420}
9421
9422static int
9423ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9424{
9425	struct scsi_vpd_unit_serial_number *sn_ptr;
9426	struct ctl_lun *lun;
9427
9428	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9429
9430	ctsio->kern_data_ptr = malloc(sizeof(*sn_ptr), M_CTL, M_WAITOK | M_ZERO);
9431	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9432	ctsio->kern_sg_entries = 0;
9433
9434	if (sizeof(*sn_ptr) < alloc_len) {
9435		ctsio->residual = alloc_len - sizeof(*sn_ptr);
9436		ctsio->kern_data_len = sizeof(*sn_ptr);
9437		ctsio->kern_total_len = sizeof(*sn_ptr);
9438	} else {
9439		ctsio->residual = 0;
9440		ctsio->kern_data_len = alloc_len;
9441		ctsio->kern_total_len = alloc_len;
9442	}
9443	ctsio->kern_data_resid = 0;
9444	ctsio->kern_rel_offset = 0;
9445	ctsio->kern_sg_entries = 0;
9446
9447	/*
9448	 * The control device is always connected.  The disk device, on the
9449	 * other hand, may not be online all the time.  Need to change this
9450	 * to figure out whether the disk device is actually online or not.
9451	 */
9452	if (lun != NULL)
9453		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9454				  lun->be_lun->lun_type;
9455	else
9456		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9457
9458	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9459	sn_ptr->length = ctl_min(sizeof(*sn_ptr) - 4, CTL_SN_LEN);
9460	/*
9461	 * If we don't have a LUN, we just leave the serial number as
9462	 * all spaces.
9463	 */
9464	memset(sn_ptr->serial_num, 0x20, sizeof(sn_ptr->serial_num));
9465	if (lun != NULL) {
9466		strncpy((char *)sn_ptr->serial_num,
9467			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9468	}
9469	ctsio->scsi_status = SCSI_STATUS_OK;
9470
9471	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9472	ctsio->be_move_done = ctl_config_move_done;
9473	ctl_datamove((union ctl_io *)ctsio);
9474
9475	return (CTL_RETVAL_COMPLETE);
9476}
9477
9478
9479static int
9480ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9481{
9482	struct scsi_vpd_device_id *devid_ptr;
9483	struct scsi_vpd_id_descriptor *desc, *desc1;
9484	struct scsi_vpd_id_descriptor *desc2, *desc3; /* for types 4h and 5h */
9485	struct scsi_vpd_id_t10 *t10id;
9486	struct ctl_softc *ctl_softc;
9487	struct ctl_lun *lun;
9488	struct ctl_port *port;
9489	char *val;
9490	int data_len, devid_len;
9491
9492	ctl_softc = control_softc;
9493
9494	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9495
9496	if (port->devid != NULL)
9497		return ((port->devid)(ctsio, alloc_len));
9498
9499	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9500
9501	if (lun == NULL) {
9502		devid_len = CTL_DEVID_MIN_LEN;
9503	} else {
9504		devid_len = max(CTL_DEVID_MIN_LEN,
9505		    strnlen(lun->be_lun->device_id, CTL_DEVID_LEN));
9506	}
9507
9508	data_len = sizeof(struct scsi_vpd_device_id) +
9509		sizeof(struct scsi_vpd_id_descriptor) +
9510		sizeof(struct scsi_vpd_id_t10) + devid_len +
9511		sizeof(struct scsi_vpd_id_descriptor) + CTL_WWPN_LEN +
9512		sizeof(struct scsi_vpd_id_descriptor) +
9513		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9514		sizeof(struct scsi_vpd_id_descriptor) +
9515		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9516
9517	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9518	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9519	ctsio->kern_sg_entries = 0;
9520
9521	if (data_len < alloc_len) {
9522		ctsio->residual = alloc_len - data_len;
9523		ctsio->kern_data_len = data_len;
9524		ctsio->kern_total_len = data_len;
9525	} else {
9526		ctsio->residual = 0;
9527		ctsio->kern_data_len = alloc_len;
9528		ctsio->kern_total_len = alloc_len;
9529	}
9530	ctsio->kern_data_resid = 0;
9531	ctsio->kern_rel_offset = 0;
9532	ctsio->kern_sg_entries = 0;
9533
9534	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9535	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
9536	desc1 = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9537		sizeof(struct scsi_vpd_id_t10) + devid_len);
9538	desc2 = (struct scsi_vpd_id_descriptor *)(&desc1->identifier[0] +
9539	          CTL_WWPN_LEN);
9540	desc3 = (struct scsi_vpd_id_descriptor *)(&desc2->identifier[0] +
9541	         sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9542
9543	/*
9544	 * The control device is always connected.  The disk device, on the
9545	 * other hand, may not be online all the time.
9546	 */
9547	if (lun != NULL)
9548		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9549				     lun->be_lun->lun_type;
9550	else
9551		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9552
9553	devid_ptr->page_code = SVPD_DEVICE_ID;
9554
9555	scsi_ulto2b(data_len - 4, devid_ptr->length);
9556
9557	/*
9558	 * For Fibre channel,
9559	 */
9560	if (port->port_type == CTL_PORT_FC)
9561	{
9562		desc->proto_codeset = (SCSI_PROTO_FC << 4) |
9563				      SVPD_ID_CODESET_ASCII;
9564        	desc1->proto_codeset = (SCSI_PROTO_FC << 4) |
9565		              SVPD_ID_CODESET_BINARY;
9566	}
9567	else
9568	{
9569		desc->proto_codeset = (SCSI_PROTO_SPI << 4) |
9570				      SVPD_ID_CODESET_ASCII;
9571        	desc1->proto_codeset = (SCSI_PROTO_SPI << 4) |
9572		              SVPD_ID_CODESET_BINARY;
9573	}
9574	desc2->proto_codeset = desc3->proto_codeset = desc1->proto_codeset;
9575
9576	/*
9577	 * We're using a LUN association here.  i.e., this device ID is a
9578	 * per-LUN identifier.
9579	 */
9580	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
9581	desc->length = sizeof(*t10id) + devid_len;
9582	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
9583	    "vendor")) == NULL) {
9584		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
9585	} else {
9586		memset(t10id->vendor, ' ', sizeof(t10id->vendor));
9587		strncpy(t10id->vendor, val,
9588		    min(sizeof(t10id->vendor), strlen(val)));
9589	}
9590
9591	/*
9592	 * desc1 is for the WWPN which is a port asscociation.
9593	 */
9594	desc1->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT | SVPD_ID_TYPE_NAA;
9595	desc1->length = CTL_WWPN_LEN;
9596	/* XXX Call Reggie's get_WWNN func here then add port # to the end */
9597	/* For testing just create the WWPN */
9598#if 0
9599	ddb_GetWWNN((char *)desc1->identifier);
9600
9601	/* NOTE: if the port is 0 or 8 we don't want to subtract 1 */
9602	/* This is so Copancontrol will return something sane */
9603	if (ctsio->io_hdr.nexus.targ_port!=0 &&
9604	    ctsio->io_hdr.nexus.targ_port!=8)
9605		desc1->identifier[7] += ctsio->io_hdr.nexus.targ_port-1;
9606	else
9607		desc1->identifier[7] += ctsio->io_hdr.nexus.targ_port;
9608#endif
9609
9610	be64enc(desc1->identifier, port->wwpn);
9611
9612	/*
9613	 * desc2 is for the Relative Target Port(type 4h) identifier
9614	 */
9615	desc2->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT
9616	                 | SVPD_ID_TYPE_RELTARG;
9617	desc2->length = 4;
9618//#if 0
9619	/* NOTE: if the port is 0 or 8 we don't want to subtract 1 */
9620	/* This is so Copancontrol will return something sane */
9621	if (ctsio->io_hdr.nexus.targ_port!=0 &&
9622	    ctsio->io_hdr.nexus.targ_port!=8)
9623		desc2->identifier[3] = ctsio->io_hdr.nexus.targ_port - 1;
9624	else
9625	        desc2->identifier[3] = ctsio->io_hdr.nexus.targ_port;
9626//#endif
9627
9628	/*
9629	 * desc3 is for the Target Port Group(type 5h) identifier
9630	 */
9631	desc3->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT
9632	                 | SVPD_ID_TYPE_TPORTGRP;
9633	desc3->length = 4;
9634	if (ctsio->io_hdr.nexus.targ_port < CTL_MAX_PORTS || ctl_is_single)
9635		desc3->identifier[3] = 1;
9636	else
9637		desc3->identifier[3] = 2;
9638
9639	/*
9640	 * If we've actually got a backend, copy the device id from the
9641	 * per-LUN data.  Otherwise, set it to all spaces.
9642	 */
9643	if (lun != NULL) {
9644		/*
9645		 * Copy the backend's LUN ID.
9646		 */
9647		strncpy((char *)t10id->vendor_spec_id,
9648			(char *)lun->be_lun->device_id, devid_len);
9649	} else {
9650		/*
9651		 * No backend, set this to spaces.
9652		 */
9653		memset(t10id->vendor_spec_id, 0x20, devid_len);
9654	}
9655
9656	ctsio->scsi_status = SCSI_STATUS_OK;
9657
9658	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9659	ctsio->be_move_done = ctl_config_move_done;
9660	ctl_datamove((union ctl_io *)ctsio);
9661
9662	return (CTL_RETVAL_COMPLETE);
9663}
9664
9665static int
9666ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9667{
9668	struct scsi_vpd_block_limits *bl_ptr;
9669	struct ctl_lun *lun;
9670	int bs;
9671
9672	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9673	bs = lun->be_lun->blocksize;
9674
9675	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9676	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9677	ctsio->kern_sg_entries = 0;
9678
9679	if (sizeof(*bl_ptr) < alloc_len) {
9680		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9681		ctsio->kern_data_len = sizeof(*bl_ptr);
9682		ctsio->kern_total_len = sizeof(*bl_ptr);
9683	} else {
9684		ctsio->residual = 0;
9685		ctsio->kern_data_len = alloc_len;
9686		ctsio->kern_total_len = alloc_len;
9687	}
9688	ctsio->kern_data_resid = 0;
9689	ctsio->kern_rel_offset = 0;
9690	ctsio->kern_sg_entries = 0;
9691
9692	/*
9693	 * The control device is always connected.  The disk device, on the
9694	 * other hand, may not be online all the time.  Need to change this
9695	 * to figure out whether the disk device is actually online or not.
9696	 */
9697	if (lun != NULL)
9698		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9699				  lun->be_lun->lun_type;
9700	else
9701		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9702
9703	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9704	scsi_ulto2b(sizeof(*bl_ptr), bl_ptr->page_length);
9705	bl_ptr->max_cmp_write_len = 0xff;
9706	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9707	scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
9708	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9709		scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9710		scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9711	}
9712	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9713
9714	ctsio->scsi_status = SCSI_STATUS_OK;
9715	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9716	ctsio->be_move_done = ctl_config_move_done;
9717	ctl_datamove((union ctl_io *)ctsio);
9718
9719	return (CTL_RETVAL_COMPLETE);
9720}
9721
9722static int
9723ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9724{
9725	struct scsi_vpd_logical_block_prov *lbp_ptr;
9726	struct ctl_lun *lun;
9727	int bs;
9728
9729	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9730	bs = lun->be_lun->blocksize;
9731
9732	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9733	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9734	ctsio->kern_sg_entries = 0;
9735
9736	if (sizeof(*lbp_ptr) < alloc_len) {
9737		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9738		ctsio->kern_data_len = sizeof(*lbp_ptr);
9739		ctsio->kern_total_len = sizeof(*lbp_ptr);
9740	} else {
9741		ctsio->residual = 0;
9742		ctsio->kern_data_len = alloc_len;
9743		ctsio->kern_total_len = alloc_len;
9744	}
9745	ctsio->kern_data_resid = 0;
9746	ctsio->kern_rel_offset = 0;
9747	ctsio->kern_sg_entries = 0;
9748
9749	/*
9750	 * The control device is always connected.  The disk device, on the
9751	 * other hand, may not be online all the time.  Need to change this
9752	 * to figure out whether the disk device is actually online or not.
9753	 */
9754	if (lun != NULL)
9755		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9756				  lun->be_lun->lun_type;
9757	else
9758		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9759
9760	lbp_ptr->page_code = SVPD_LBP;
9761	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
9762		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 | SVPD_LBP_WS10;
9763
9764	ctsio->scsi_status = SCSI_STATUS_OK;
9765	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9766	ctsio->be_move_done = ctl_config_move_done;
9767	ctl_datamove((union ctl_io *)ctsio);
9768
9769	return (CTL_RETVAL_COMPLETE);
9770}
9771
9772static int
9773ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9774{
9775	struct scsi_inquiry *cdb;
9776	struct ctl_lun *lun;
9777	int alloc_len, retval;
9778
9779	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9780	cdb = (struct scsi_inquiry *)ctsio->cdb;
9781
9782	retval = CTL_RETVAL_COMPLETE;
9783
9784	alloc_len = scsi_2btoul(cdb->length);
9785
9786	switch (cdb->page_code) {
9787	case SVPD_SUPPORTED_PAGES:
9788		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9789		break;
9790	case SVPD_UNIT_SERIAL_NUMBER:
9791		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9792		break;
9793	case SVPD_DEVICE_ID:
9794		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9795		break;
9796	case SVPD_BLOCK_LIMITS:
9797		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9798		break;
9799	case SVPD_LBP:
9800		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9801		break;
9802	default:
9803		ctl_set_invalid_field(ctsio,
9804				      /*sks_valid*/ 1,
9805				      /*command*/ 1,
9806				      /*field*/ 2,
9807				      /*bit_valid*/ 0,
9808				      /*bit*/ 0);
9809		ctl_done((union ctl_io *)ctsio);
9810		retval = CTL_RETVAL_COMPLETE;
9811		break;
9812	}
9813
9814	return (retval);
9815}
9816
9817static int
9818ctl_inquiry_std(struct ctl_scsiio *ctsio)
9819{
9820	struct scsi_inquiry_data *inq_ptr;
9821	struct scsi_inquiry *cdb;
9822	struct ctl_softc *ctl_softc;
9823	struct ctl_lun *lun;
9824	char *val;
9825	uint32_t alloc_len;
9826	int is_fc;
9827
9828	ctl_softc = control_softc;
9829
9830	/*
9831	 * Figure out whether we're talking to a Fibre Channel port or not.
9832	 * We treat the ioctl front end, and any SCSI adapters, as packetized
9833	 * SCSI front ends.
9834	 */
9835	if (ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type !=
9836	    CTL_PORT_FC)
9837		is_fc = 0;
9838	else
9839		is_fc = 1;
9840
9841	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9842	cdb = (struct scsi_inquiry *)ctsio->cdb;
9843	alloc_len = scsi_2btoul(cdb->length);
9844
9845	/*
9846	 * We malloc the full inquiry data size here and fill it
9847	 * in.  If the user only asks for less, we'll give him
9848	 * that much.
9849	 */
9850	ctsio->kern_data_ptr = malloc(sizeof(*inq_ptr), M_CTL, M_WAITOK | M_ZERO);
9851	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
9852	ctsio->kern_sg_entries = 0;
9853	ctsio->kern_data_resid = 0;
9854	ctsio->kern_rel_offset = 0;
9855
9856	if (sizeof(*inq_ptr) < alloc_len) {
9857		ctsio->residual = alloc_len - sizeof(*inq_ptr);
9858		ctsio->kern_data_len = sizeof(*inq_ptr);
9859		ctsio->kern_total_len = sizeof(*inq_ptr);
9860	} else {
9861		ctsio->residual = 0;
9862		ctsio->kern_data_len = alloc_len;
9863		ctsio->kern_total_len = alloc_len;
9864	}
9865
9866	/*
9867	 * If we have a LUN configured, report it as connected.  Otherwise,
9868	 * report that it is offline or no device is supported, depending
9869	 * on the value of inquiry_pq_no_lun.
9870	 *
9871	 * According to the spec (SPC-4 r34), the peripheral qualifier
9872	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
9873	 *
9874	 * "A peripheral device having the specified peripheral device type
9875	 * is not connected to this logical unit. However, the device
9876	 * server is capable of supporting the specified peripheral device
9877	 * type on this logical unit."
9878	 *
9879	 * According to the same spec, the peripheral qualifier
9880	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
9881	 *
9882	 * "The device server is not capable of supporting a peripheral
9883	 * device on this logical unit. For this peripheral qualifier the
9884	 * peripheral device type shall be set to 1Fh. All other peripheral
9885	 * device type values are reserved for this peripheral qualifier."
9886	 *
9887	 * Given the text, it would seem that we probably want to report that
9888	 * the LUN is offline here.  There is no LUN connected, but we can
9889	 * support a LUN at the given LUN number.
9890	 *
9891	 * In the real world, though, it sounds like things are a little
9892	 * different:
9893	 *
9894	 * - Linux, when presented with a LUN with the offline peripheral
9895	 *   qualifier, will create an sg driver instance for it.  So when
9896	 *   you attach it to CTL, you wind up with a ton of sg driver
9897	 *   instances.  (One for every LUN that Linux bothered to probe.)
9898	 *   Linux does this despite the fact that it issues a REPORT LUNs
9899	 *   to LUN 0 to get the inventory of supported LUNs.
9900	 *
9901	 * - There is other anecdotal evidence (from Emulex folks) about
9902	 *   arrays that use the offline peripheral qualifier for LUNs that
9903	 *   are on the "passive" path in an active/passive array.
9904	 *
9905	 * So the solution is provide a hopefully reasonable default
9906	 * (return bad/no LUN) and allow the user to change the behavior
9907	 * with a tunable/sysctl variable.
9908	 */
9909	if (lun != NULL)
9910		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9911				  lun->be_lun->lun_type;
9912	else if (ctl_softc->inquiry_pq_no_lun == 0)
9913		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9914	else
9915		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
9916
9917	/* RMB in byte 2 is 0 */
9918	inq_ptr->version = SCSI_REV_SPC3;
9919
9920	/*
9921	 * According to SAM-3, even if a device only supports a single
9922	 * level of LUN addressing, it should still set the HISUP bit:
9923	 *
9924	 * 4.9.1 Logical unit numbers overview
9925	 *
9926	 * All logical unit number formats described in this standard are
9927	 * hierarchical in structure even when only a single level in that
9928	 * hierarchy is used. The HISUP bit shall be set to one in the
9929	 * standard INQUIRY data (see SPC-2) when any logical unit number
9930	 * format described in this standard is used.  Non-hierarchical
9931	 * formats are outside the scope of this standard.
9932	 *
9933	 * Therefore we set the HiSup bit here.
9934	 *
9935	 * The reponse format is 2, per SPC-3.
9936	 */
9937	inq_ptr->response_format = SID_HiSup | 2;
9938
9939	inq_ptr->additional_length = sizeof(*inq_ptr) - 4;
9940	CTL_DEBUG_PRINT(("additional_length = %d\n",
9941			 inq_ptr->additional_length));
9942
9943	inq_ptr->spc3_flags = SPC3_SID_TPGS_IMPLICIT;
9944	/* 16 bit addressing */
9945	if (is_fc == 0)
9946		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
9947	/* XXX set the SID_MultiP bit here if we're actually going to
9948	   respond on multiple ports */
9949	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
9950
9951	/* 16 bit data bus, synchronous transfers */
9952	/* XXX these flags don't apply for FC */
9953	if (is_fc == 0)
9954		inq_ptr->flags = SID_WBus16 | SID_Sync;
9955	/*
9956	 * XXX KDM do we want to support tagged queueing on the control
9957	 * device at all?
9958	 */
9959	if ((lun == NULL)
9960	 || (lun->be_lun->lun_type != T_PROCESSOR))
9961		inq_ptr->flags |= SID_CmdQue;
9962	/*
9963	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
9964	 * We have 8 bytes for the vendor name, and 16 bytes for the device
9965	 * name and 4 bytes for the revision.
9966	 */
9967	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
9968	    "vendor")) == NULL) {
9969		strcpy(inq_ptr->vendor, CTL_VENDOR);
9970	} else {
9971		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
9972		strncpy(inq_ptr->vendor, val,
9973		    min(sizeof(inq_ptr->vendor), strlen(val)));
9974	}
9975	if (lun == NULL) {
9976		strcpy(inq_ptr->product, CTL_DIRECT_PRODUCT);
9977	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
9978		switch (lun->be_lun->lun_type) {
9979		case T_DIRECT:
9980			strcpy(inq_ptr->product, CTL_DIRECT_PRODUCT);
9981			break;
9982		case T_PROCESSOR:
9983			strcpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT);
9984			break;
9985		default:
9986			strcpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT);
9987			break;
9988		}
9989	} else {
9990		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
9991		strncpy(inq_ptr->product, val,
9992		    min(sizeof(inq_ptr->product), strlen(val)));
9993	}
9994
9995	/*
9996	 * XXX make this a macro somewhere so it automatically gets
9997	 * incremented when we make changes.
9998	 */
9999	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10000	    "revision")) == NULL) {
10001		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10002	} else {
10003		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10004		strncpy(inq_ptr->revision, val,
10005		    min(sizeof(inq_ptr->revision), strlen(val)));
10006	}
10007
10008	/*
10009	 * For parallel SCSI, we support double transition and single
10010	 * transition clocking.  We also support QAS (Quick Arbitration
10011	 * and Selection) and Information Unit transfers on both the
10012	 * control and array devices.
10013	 */
10014	if (is_fc == 0)
10015		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10016				    SID_SPI_IUS;
10017
10018	/* SAM-3 */
10019	scsi_ulto2b(0x0060, inq_ptr->version1);
10020	/* SPC-3 (no version claimed) XXX should we claim a version? */
10021	scsi_ulto2b(0x0300, inq_ptr->version2);
10022	if (is_fc) {
10023		/* FCP-2 ANSI INCITS.350:2003 */
10024		scsi_ulto2b(0x0917, inq_ptr->version3);
10025	} else {
10026		/* SPI-4 ANSI INCITS.362:200x */
10027		scsi_ulto2b(0x0B56, inq_ptr->version3);
10028	}
10029
10030	if (lun == NULL) {
10031		/* SBC-2 (no version claimed) XXX should we claim a version? */
10032		scsi_ulto2b(0x0320, inq_ptr->version4);
10033	} else {
10034		switch (lun->be_lun->lun_type) {
10035		case T_DIRECT:
10036			/*
10037			 * SBC-2 (no version claimed) XXX should we claim a
10038			 * version?
10039			 */
10040			scsi_ulto2b(0x0320, inq_ptr->version4);
10041			break;
10042		case T_PROCESSOR:
10043		default:
10044			break;
10045		}
10046	}
10047
10048	ctsio->scsi_status = SCSI_STATUS_OK;
10049	if (ctsio->kern_data_len > 0) {
10050		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10051		ctsio->be_move_done = ctl_config_move_done;
10052		ctl_datamove((union ctl_io *)ctsio);
10053	} else {
10054		ctsio->io_hdr.status = CTL_SUCCESS;
10055		ctl_done((union ctl_io *)ctsio);
10056	}
10057
10058	return (CTL_RETVAL_COMPLETE);
10059}
10060
10061int
10062ctl_inquiry(struct ctl_scsiio *ctsio)
10063{
10064	struct scsi_inquiry *cdb;
10065	int retval;
10066
10067	cdb = (struct scsi_inquiry *)ctsio->cdb;
10068
10069	retval = 0;
10070
10071	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10072
10073	/*
10074	 * Right now, we don't support the CmdDt inquiry information.
10075	 * This would be nice to support in the future.  When we do
10076	 * support it, we should change this test so that it checks to make
10077	 * sure SI_EVPD and SI_CMDDT aren't both set at the same time.
10078	 */
10079#ifdef notyet
10080	if (((cdb->byte2 & SI_EVPD)
10081	 && (cdb->byte2 & SI_CMDDT)))
10082#endif
10083	if (cdb->byte2 & SI_CMDDT) {
10084		/*
10085		 * Point to the SI_CMDDT bit.  We might change this
10086		 * when we support SI_CMDDT, but since both bits would be
10087		 * "wrong", this should probably just stay as-is then.
10088		 */
10089		ctl_set_invalid_field(ctsio,
10090				      /*sks_valid*/ 1,
10091				      /*command*/ 1,
10092				      /*field*/ 1,
10093				      /*bit_valid*/ 1,
10094				      /*bit*/ 1);
10095		ctl_done((union ctl_io *)ctsio);
10096		return (CTL_RETVAL_COMPLETE);
10097	}
10098	if (cdb->byte2 & SI_EVPD)
10099		retval = ctl_inquiry_evpd(ctsio);
10100#ifdef notyet
10101	else if (cdb->byte2 & SI_CMDDT)
10102		retval = ctl_inquiry_cmddt(ctsio);
10103#endif
10104	else
10105		retval = ctl_inquiry_std(ctsio);
10106
10107	return (retval);
10108}
10109
10110/*
10111 * For known CDB types, parse the LBA and length.
10112 */
10113static int
10114ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint32_t *len)
10115{
10116	if (io->io_hdr.io_type != CTL_IO_SCSI)
10117		return (1);
10118
10119	switch (io->scsiio.cdb[0]) {
10120	case COMPARE_AND_WRITE: {
10121		struct scsi_compare_and_write *cdb;
10122
10123		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10124
10125		*lba = scsi_8btou64(cdb->addr);
10126		*len = cdb->length;
10127		break;
10128	}
10129	case READ_6:
10130	case WRITE_6: {
10131		struct scsi_rw_6 *cdb;
10132
10133		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10134
10135		*lba = scsi_3btoul(cdb->addr);
10136		/* only 5 bits are valid in the most significant address byte */
10137		*lba &= 0x1fffff;
10138		*len = cdb->length;
10139		break;
10140	}
10141	case READ_10:
10142	case WRITE_10: {
10143		struct scsi_rw_10 *cdb;
10144
10145		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10146
10147		*lba = scsi_4btoul(cdb->addr);
10148		*len = scsi_2btoul(cdb->length);
10149		break;
10150	}
10151	case WRITE_VERIFY_10: {
10152		struct scsi_write_verify_10 *cdb;
10153
10154		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10155
10156		*lba = scsi_4btoul(cdb->addr);
10157		*len = scsi_2btoul(cdb->length);
10158		break;
10159	}
10160	case READ_12:
10161	case WRITE_12: {
10162		struct scsi_rw_12 *cdb;
10163
10164		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10165
10166		*lba = scsi_4btoul(cdb->addr);
10167		*len = scsi_4btoul(cdb->length);
10168		break;
10169	}
10170	case WRITE_VERIFY_12: {
10171		struct scsi_write_verify_12 *cdb;
10172
10173		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10174
10175		*lba = scsi_4btoul(cdb->addr);
10176		*len = scsi_4btoul(cdb->length);
10177		break;
10178	}
10179	case READ_16:
10180	case WRITE_16: {
10181		struct scsi_rw_16 *cdb;
10182
10183		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10184
10185		*lba = scsi_8btou64(cdb->addr);
10186		*len = scsi_4btoul(cdb->length);
10187		break;
10188	}
10189	case WRITE_VERIFY_16: {
10190		struct scsi_write_verify_16 *cdb;
10191
10192		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10193
10194
10195		*lba = scsi_8btou64(cdb->addr);
10196		*len = scsi_4btoul(cdb->length);
10197		break;
10198	}
10199	case WRITE_SAME_10: {
10200		struct scsi_write_same_10 *cdb;
10201
10202		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10203
10204		*lba = scsi_4btoul(cdb->addr);
10205		*len = scsi_2btoul(cdb->length);
10206		break;
10207	}
10208	case WRITE_SAME_16: {
10209		struct scsi_write_same_16 *cdb;
10210
10211		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10212
10213		*lba = scsi_8btou64(cdb->addr);
10214		*len = scsi_4btoul(cdb->length);
10215		break;
10216	}
10217	case VERIFY_10: {
10218		struct scsi_verify_10 *cdb;
10219
10220		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10221
10222		*lba = scsi_4btoul(cdb->addr);
10223		*len = scsi_2btoul(cdb->length);
10224		break;
10225	}
10226	case VERIFY_12: {
10227		struct scsi_verify_12 *cdb;
10228
10229		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10230
10231		*lba = scsi_4btoul(cdb->addr);
10232		*len = scsi_4btoul(cdb->length);
10233		break;
10234	}
10235	case VERIFY_16: {
10236		struct scsi_verify_16 *cdb;
10237
10238		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10239
10240		*lba = scsi_8btou64(cdb->addr);
10241		*len = scsi_4btoul(cdb->length);
10242		break;
10243	}
10244	default:
10245		return (1);
10246		break; /* NOTREACHED */
10247	}
10248
10249	return (0);
10250}
10251
10252static ctl_action
10253ctl_extent_check_lba(uint64_t lba1, uint32_t len1, uint64_t lba2, uint32_t len2)
10254{
10255	uint64_t endlba1, endlba2;
10256
10257	endlba1 = lba1 + len1 - 1;
10258	endlba2 = lba2 + len2 - 1;
10259
10260	if ((endlba1 < lba2)
10261	 || (endlba2 < lba1))
10262		return (CTL_ACTION_PASS);
10263	else
10264		return (CTL_ACTION_BLOCK);
10265}
10266
10267static ctl_action
10268ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
10269{
10270	uint64_t lba1, lba2;
10271	uint32_t len1, len2;
10272	int retval;
10273
10274	retval = ctl_get_lba_len(io1, &lba1, &len1);
10275	if (retval != 0)
10276		return (CTL_ACTION_ERROR);
10277
10278	retval = ctl_get_lba_len(io2, &lba2, &len2);
10279	if (retval != 0)
10280		return (CTL_ACTION_ERROR);
10281
10282	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
10283}
10284
10285static ctl_action
10286ctl_check_for_blockage(union ctl_io *pending_io, union ctl_io *ooa_io)
10287{
10288	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10289	ctl_serialize_action *serialize_row;
10290
10291	/*
10292	 * The initiator attempted multiple untagged commands at the same
10293	 * time.  Can't do that.
10294	 */
10295	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10296	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10297	 && ((pending_io->io_hdr.nexus.targ_port ==
10298	      ooa_io->io_hdr.nexus.targ_port)
10299	  && (pending_io->io_hdr.nexus.initid.id ==
10300	      ooa_io->io_hdr.nexus.initid.id))
10301	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10302		return (CTL_ACTION_OVERLAP);
10303
10304	/*
10305	 * The initiator attempted to send multiple tagged commands with
10306	 * the same ID.  (It's fine if different initiators have the same
10307	 * tag ID.)
10308	 *
10309	 * Even if all of those conditions are true, we don't kill the I/O
10310	 * if the command ahead of us has been aborted.  We won't end up
10311	 * sending it to the FETD, and it's perfectly legal to resend a
10312	 * command with the same tag number as long as the previous
10313	 * instance of this tag number has been aborted somehow.
10314	 */
10315	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10316	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10317	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10318	 && ((pending_io->io_hdr.nexus.targ_port ==
10319	      ooa_io->io_hdr.nexus.targ_port)
10320	  && (pending_io->io_hdr.nexus.initid.id ==
10321	      ooa_io->io_hdr.nexus.initid.id))
10322	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10323		return (CTL_ACTION_OVERLAP_TAG);
10324
10325	/*
10326	 * If we get a head of queue tag, SAM-3 says that we should
10327	 * immediately execute it.
10328	 *
10329	 * What happens if this command would normally block for some other
10330	 * reason?  e.g. a request sense with a head of queue tag
10331	 * immediately after a write.  Normally that would block, but this
10332	 * will result in its getting executed immediately...
10333	 *
10334	 * We currently return "pass" instead of "skip", so we'll end up
10335	 * going through the rest of the queue to check for overlapped tags.
10336	 *
10337	 * XXX KDM check for other types of blockage first??
10338	 */
10339	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10340		return (CTL_ACTION_PASS);
10341
10342	/*
10343	 * Ordered tags have to block until all items ahead of them
10344	 * have completed.  If we get called with an ordered tag, we always
10345	 * block, if something else is ahead of us in the queue.
10346	 */
10347	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10348		return (CTL_ACTION_BLOCK);
10349
10350	/*
10351	 * Simple tags get blocked until all head of queue and ordered tags
10352	 * ahead of them have completed.  I'm lumping untagged commands in
10353	 * with simple tags here.  XXX KDM is that the right thing to do?
10354	 */
10355	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10356	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10357	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10358	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10359		return (CTL_ACTION_BLOCK);
10360
10361	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio);
10362	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio);
10363
10364	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10365
10366	switch (serialize_row[pending_entry->seridx]) {
10367	case CTL_SER_BLOCK:
10368		return (CTL_ACTION_BLOCK);
10369		break; /* NOTREACHED */
10370	case CTL_SER_EXTENT:
10371		return (ctl_extent_check(pending_io, ooa_io));
10372		break; /* NOTREACHED */
10373	case CTL_SER_PASS:
10374		return (CTL_ACTION_PASS);
10375		break; /* NOTREACHED */
10376	case CTL_SER_SKIP:
10377		return (CTL_ACTION_SKIP);
10378		break;
10379	default:
10380		panic("invalid serialization value %d",
10381		      serialize_row[pending_entry->seridx]);
10382		break; /* NOTREACHED */
10383	}
10384
10385	return (CTL_ACTION_ERROR);
10386}
10387
10388/*
10389 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10390 * Assumptions:
10391 * - pending_io is generally either incoming, or on the blocked queue
10392 * - starting I/O is the I/O we want to start the check with.
10393 */
10394static ctl_action
10395ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10396	      union ctl_io *starting_io)
10397{
10398	union ctl_io *ooa_io;
10399	ctl_action action;
10400
10401	mtx_assert(&lun->lun_lock, MA_OWNED);
10402
10403	/*
10404	 * Run back along the OOA queue, starting with the current
10405	 * blocked I/O and going through every I/O before it on the
10406	 * queue.  If starting_io is NULL, we'll just end up returning
10407	 * CTL_ACTION_PASS.
10408	 */
10409	for (ooa_io = starting_io; ooa_io != NULL;
10410	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10411	     ooa_links)){
10412
10413		/*
10414		 * This routine just checks to see whether
10415		 * cur_blocked is blocked by ooa_io, which is ahead
10416		 * of it in the queue.  It doesn't queue/dequeue
10417		 * cur_blocked.
10418		 */
10419		action = ctl_check_for_blockage(pending_io, ooa_io);
10420		switch (action) {
10421		case CTL_ACTION_BLOCK:
10422		case CTL_ACTION_OVERLAP:
10423		case CTL_ACTION_OVERLAP_TAG:
10424		case CTL_ACTION_SKIP:
10425		case CTL_ACTION_ERROR:
10426			return (action);
10427			break; /* NOTREACHED */
10428		case CTL_ACTION_PASS:
10429			break;
10430		default:
10431			panic("invalid action %d", action);
10432			break;  /* NOTREACHED */
10433		}
10434	}
10435
10436	return (CTL_ACTION_PASS);
10437}
10438
10439/*
10440 * Assumptions:
10441 * - An I/O has just completed, and has been removed from the per-LUN OOA
10442 *   queue, so some items on the blocked queue may now be unblocked.
10443 */
10444static int
10445ctl_check_blocked(struct ctl_lun *lun)
10446{
10447	union ctl_io *cur_blocked, *next_blocked;
10448
10449	mtx_assert(&lun->lun_lock, MA_OWNED);
10450
10451	/*
10452	 * Run forward from the head of the blocked queue, checking each
10453	 * entry against the I/Os prior to it on the OOA queue to see if
10454	 * there is still any blockage.
10455	 *
10456	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10457	 * with our removing a variable on it while it is traversing the
10458	 * list.
10459	 */
10460	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10461	     cur_blocked != NULL; cur_blocked = next_blocked) {
10462		union ctl_io *prev_ooa;
10463		ctl_action action;
10464
10465		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10466							  blocked_links);
10467
10468		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10469						      ctl_ooaq, ooa_links);
10470
10471		/*
10472		 * If cur_blocked happens to be the first item in the OOA
10473		 * queue now, prev_ooa will be NULL, and the action
10474		 * returned will just be CTL_ACTION_PASS.
10475		 */
10476		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10477
10478		switch (action) {
10479		case CTL_ACTION_BLOCK:
10480			/* Nothing to do here, still blocked */
10481			break;
10482		case CTL_ACTION_OVERLAP:
10483		case CTL_ACTION_OVERLAP_TAG:
10484			/*
10485			 * This shouldn't happen!  In theory we've already
10486			 * checked this command for overlap...
10487			 */
10488			break;
10489		case CTL_ACTION_PASS:
10490		case CTL_ACTION_SKIP: {
10491			struct ctl_softc *softc;
10492			const struct ctl_cmd_entry *entry;
10493			uint32_t initidx;
10494			int isc_retval;
10495
10496			/*
10497			 * The skip case shouldn't happen, this transaction
10498			 * should have never made it onto the blocked queue.
10499			 */
10500			/*
10501			 * This I/O is no longer blocked, we can remove it
10502			 * from the blocked queue.  Since this is a TAILQ
10503			 * (doubly linked list), we can do O(1) removals
10504			 * from any place on the list.
10505			 */
10506			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10507				     blocked_links);
10508			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10509
10510			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
10511				/*
10512				 * Need to send IO back to original side to
10513				 * run
10514				 */
10515				union ctl_ha_msg msg_info;
10516
10517				msg_info.hdr.original_sc =
10518					cur_blocked->io_hdr.original_sc;
10519				msg_info.hdr.serializing_sc = cur_blocked;
10520				msg_info.hdr.msg_type = CTL_MSG_R2R;
10521				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
10522				     &msg_info, sizeof(msg_info), 0)) >
10523				     CTL_HA_STATUS_SUCCESS) {
10524					printf("CTL:Check Blocked error from "
10525					       "ctl_ha_msg_send %d\n",
10526					       isc_retval);
10527				}
10528				break;
10529			}
10530			entry = ctl_get_cmd_entry(&cur_blocked->scsiio);
10531			softc = control_softc;
10532
10533			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
10534
10535			/*
10536			 * Check this I/O for LUN state changes that may
10537			 * have happened while this command was blocked.
10538			 * The LUN state may have been changed by a command
10539			 * ahead of us in the queue, so we need to re-check
10540			 * for any states that can be caused by SCSI
10541			 * commands.
10542			 */
10543			if (ctl_scsiio_lun_check(softc, lun, entry,
10544						 &cur_blocked->scsiio) == 0) {
10545				cur_blocked->io_hdr.flags |=
10546				                      CTL_FLAG_IS_WAS_ON_RTR;
10547				ctl_enqueue_rtr(cur_blocked);
10548			} else
10549				ctl_done(cur_blocked);
10550			break;
10551		}
10552		default:
10553			/*
10554			 * This probably shouldn't happen -- we shouldn't
10555			 * get CTL_ACTION_ERROR, or anything else.
10556			 */
10557			break;
10558		}
10559	}
10560
10561	return (CTL_RETVAL_COMPLETE);
10562}
10563
10564/*
10565 * This routine (with one exception) checks LUN flags that can be set by
10566 * commands ahead of us in the OOA queue.  These flags have to be checked
10567 * when a command initially comes in, and when we pull a command off the
10568 * blocked queue and are preparing to execute it.  The reason we have to
10569 * check these flags for commands on the blocked queue is that the LUN
10570 * state may have been changed by a command ahead of us while we're on the
10571 * blocked queue.
10572 *
10573 * Ordering is somewhat important with these checks, so please pay
10574 * careful attention to the placement of any new checks.
10575 */
10576static int
10577ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
10578    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10579{
10580	int retval;
10581
10582	retval = 0;
10583
10584	mtx_assert(&lun->lun_lock, MA_OWNED);
10585
10586	/*
10587	 * If this shelf is a secondary shelf controller, we have to reject
10588	 * any media access commands.
10589	 */
10590#if 0
10591	/* No longer needed for HA */
10592	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
10593	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
10594		ctl_set_lun_standby(ctsio);
10595		retval = 1;
10596		goto bailout;
10597	}
10598#endif
10599
10600	/*
10601	 * Check for a reservation conflict.  If this command isn't allowed
10602	 * even on reserved LUNs, and if this initiator isn't the one who
10603	 * reserved us, reject the command with a reservation conflict.
10604	 */
10605	if ((lun->flags & CTL_LUN_RESERVED)
10606	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10607		if ((ctsio->io_hdr.nexus.initid.id != lun->rsv_nexus.initid.id)
10608		 || (ctsio->io_hdr.nexus.targ_port != lun->rsv_nexus.targ_port)
10609		 || (ctsio->io_hdr.nexus.targ_target.id !=
10610		     lun->rsv_nexus.targ_target.id)) {
10611			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
10612			ctsio->io_hdr.status = CTL_SCSI_ERROR;
10613			retval = 1;
10614			goto bailout;
10615		}
10616	}
10617
10618	if ( (lun->flags & CTL_LUN_PR_RESERVED)
10619	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV) == 0)) {
10620		uint32_t residx;
10621
10622		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
10623		/*
10624		 * if we aren't registered or it's a res holder type
10625		 * reservation and this isn't the res holder then set a
10626		 * conflict.
10627		 * NOTE: Commands which might be allowed on write exclusive
10628		 * type reservations are checked in the particular command
10629		 * for a conflict. Read and SSU are the only ones.
10630		 */
10631		if (!lun->per_res[residx].registered
10632		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10633			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
10634			ctsio->io_hdr.status = CTL_SCSI_ERROR;
10635			retval = 1;
10636			goto bailout;
10637		}
10638
10639	}
10640
10641	if ((lun->flags & CTL_LUN_OFFLINE)
10642	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
10643		ctl_set_lun_not_ready(ctsio);
10644		retval = 1;
10645		goto bailout;
10646	}
10647
10648	/*
10649	 * If the LUN is stopped, see if this particular command is allowed
10650	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
10651	 */
10652	if ((lun->flags & CTL_LUN_STOPPED)
10653	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10654		/* "Logical unit not ready, initializing cmd. required" */
10655		ctl_set_lun_stopped(ctsio);
10656		retval = 1;
10657		goto bailout;
10658	}
10659
10660	if ((lun->flags & CTL_LUN_INOPERABLE)
10661	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10662		/* "Medium format corrupted" */
10663		ctl_set_medium_format_corrupted(ctsio);
10664		retval = 1;
10665		goto bailout;
10666	}
10667
10668bailout:
10669	return (retval);
10670
10671}
10672
10673static void
10674ctl_failover_io(union ctl_io *io, int have_lock)
10675{
10676	ctl_set_busy(&io->scsiio);
10677	ctl_done(io);
10678}
10679
10680static void
10681ctl_failover(void)
10682{
10683	struct ctl_lun *lun;
10684	struct ctl_softc *ctl_softc;
10685	union ctl_io *next_io, *pending_io;
10686	union ctl_io *io;
10687	int lun_idx;
10688	int i;
10689
10690	ctl_softc = control_softc;
10691
10692	mtx_lock(&ctl_softc->ctl_lock);
10693	/*
10694	 * Remove any cmds from the other SC from the rtr queue.  These
10695	 * will obviously only be for LUNs for which we're the primary.
10696	 * We can't send status or get/send data for these commands.
10697	 * Since they haven't been executed yet, we can just remove them.
10698	 * We'll either abort them or delete them below, depending on
10699	 * which HA mode we're in.
10700	 */
10701#ifdef notyet
10702	mtx_lock(&ctl_softc->queue_lock);
10703	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
10704	     io != NULL; io = next_io) {
10705		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
10706		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10707			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
10708				      ctl_io_hdr, links);
10709	}
10710	mtx_unlock(&ctl_softc->queue_lock);
10711#endif
10712
10713	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
10714		lun = ctl_softc->ctl_luns[lun_idx];
10715		if (lun==NULL)
10716			continue;
10717
10718		/*
10719		 * Processor LUNs are primary on both sides.
10720		 * XXX will this always be true?
10721		 */
10722		if (lun->be_lun->lun_type == T_PROCESSOR)
10723			continue;
10724
10725		if ((lun->flags & CTL_LUN_PRIMARY_SC)
10726		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10727			printf("FAILOVER: primary lun %d\n", lun_idx);
10728		        /*
10729			 * Remove all commands from the other SC. First from the
10730			 * blocked queue then from the ooa queue. Once we have
10731			 * removed them. Call ctl_check_blocked to see if there
10732			 * is anything that can run.
10733			 */
10734			for (io = (union ctl_io *)TAILQ_FIRST(
10735			     &lun->blocked_queue); io != NULL; io = next_io) {
10736
10737		        	next_io = (union ctl_io *)TAILQ_NEXT(
10738				    &io->io_hdr, blocked_links);
10739
10740				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10741					TAILQ_REMOVE(&lun->blocked_queue,
10742						     &io->io_hdr,blocked_links);
10743					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10744					TAILQ_REMOVE(&lun->ooa_queue,
10745						     &io->io_hdr, ooa_links);
10746
10747					ctl_free_io(io);
10748				}
10749			}
10750
10751			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10752	     		     io != NULL; io = next_io) {
10753
10754		        	next_io = (union ctl_io *)TAILQ_NEXT(
10755				    &io->io_hdr, ooa_links);
10756
10757				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10758
10759					TAILQ_REMOVE(&lun->ooa_queue,
10760						&io->io_hdr,
10761					     	ooa_links);
10762
10763					ctl_free_io(io);
10764				}
10765			}
10766			ctl_check_blocked(lun);
10767		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
10768			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
10769
10770			printf("FAILOVER: primary lun %d\n", lun_idx);
10771			/*
10772			 * Abort all commands from the other SC.  We can't
10773			 * send status back for them now.  These should get
10774			 * cleaned up when they are completed or come out
10775			 * for a datamove operation.
10776			 */
10777			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10778	     		     io != NULL; io = next_io) {
10779		        	next_io = (union ctl_io *)TAILQ_NEXT(
10780					&io->io_hdr, ooa_links);
10781
10782				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10783					io->io_hdr.flags |= CTL_FLAG_ABORT;
10784			}
10785		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10786			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
10787
10788			printf("FAILOVER: secondary lun %d\n", lun_idx);
10789
10790			lun->flags |= CTL_LUN_PRIMARY_SC;
10791
10792			/*
10793			 * We send all I/O that was sent to this controller
10794			 * and redirected to the other side back with
10795			 * busy status, and have the initiator retry it.
10796			 * Figuring out how much data has been transferred,
10797			 * etc. and picking up where we left off would be
10798			 * very tricky.
10799			 *
10800			 * XXX KDM need to remove I/O from the blocked
10801			 * queue as well!
10802			 */
10803			for (pending_io = (union ctl_io *)TAILQ_FIRST(
10804			     &lun->ooa_queue); pending_io != NULL;
10805			     pending_io = next_io) {
10806
10807				next_io =  (union ctl_io *)TAILQ_NEXT(
10808					&pending_io->io_hdr, ooa_links);
10809
10810				pending_io->io_hdr.flags &=
10811					~CTL_FLAG_SENT_2OTHER_SC;
10812
10813				if (pending_io->io_hdr.flags &
10814				    CTL_FLAG_IO_ACTIVE) {
10815					pending_io->io_hdr.flags |=
10816						CTL_FLAG_FAILOVER;
10817				} else {
10818					ctl_set_busy(&pending_io->scsiio);
10819					ctl_done(pending_io);
10820				}
10821			}
10822
10823			/*
10824			 * Build Unit Attention
10825			 */
10826			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
10827				lun->pending_sense[i].ua_pending |=
10828				                     CTL_UA_ASYM_ACC_CHANGE;
10829			}
10830		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10831			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10832			printf("FAILOVER: secondary lun %d\n", lun_idx);
10833			/*
10834			 * if the first io on the OOA is not on the RtR queue
10835			 * add it.
10836			 */
10837			lun->flags |= CTL_LUN_PRIMARY_SC;
10838
10839			pending_io = (union ctl_io *)TAILQ_FIRST(
10840			    &lun->ooa_queue);
10841			if (pending_io==NULL) {
10842				printf("Nothing on OOA queue\n");
10843				continue;
10844			}
10845
10846			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10847			if ((pending_io->io_hdr.flags &
10848			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
10849				pending_io->io_hdr.flags |=
10850				    CTL_FLAG_IS_WAS_ON_RTR;
10851				ctl_enqueue_rtr(pending_io);
10852			}
10853#if 0
10854			else
10855			{
10856				printf("Tag 0x%04x is running\n",
10857				      pending_io->scsiio.tag_num);
10858			}
10859#endif
10860
10861			next_io = (union ctl_io *)TAILQ_NEXT(
10862			    &pending_io->io_hdr, ooa_links);
10863			for (pending_io=next_io; pending_io != NULL;
10864			     pending_io = next_io) {
10865				pending_io->io_hdr.flags &=
10866				    ~CTL_FLAG_SENT_2OTHER_SC;
10867				next_io = (union ctl_io *)TAILQ_NEXT(
10868					&pending_io->io_hdr, ooa_links);
10869				if (pending_io->io_hdr.flags &
10870				    CTL_FLAG_IS_WAS_ON_RTR) {
10871#if 0
10872				        printf("Tag 0x%04x is running\n",
10873				      		pending_io->scsiio.tag_num);
10874#endif
10875					continue;
10876				}
10877
10878				switch (ctl_check_ooa(lun, pending_io,
10879			            (union ctl_io *)TAILQ_PREV(
10880				    &pending_io->io_hdr, ctl_ooaq,
10881				    ooa_links))) {
10882
10883				case CTL_ACTION_BLOCK:
10884					TAILQ_INSERT_TAIL(&lun->blocked_queue,
10885							  &pending_io->io_hdr,
10886							  blocked_links);
10887					pending_io->io_hdr.flags |=
10888					    CTL_FLAG_BLOCKED;
10889					break;
10890				case CTL_ACTION_PASS:
10891				case CTL_ACTION_SKIP:
10892					pending_io->io_hdr.flags |=
10893					    CTL_FLAG_IS_WAS_ON_RTR;
10894					ctl_enqueue_rtr(pending_io);
10895					break;
10896				case CTL_ACTION_OVERLAP:
10897					ctl_set_overlapped_cmd(
10898					    (struct ctl_scsiio *)pending_io);
10899					ctl_done(pending_io);
10900					break;
10901				case CTL_ACTION_OVERLAP_TAG:
10902					ctl_set_overlapped_tag(
10903					    (struct ctl_scsiio *)pending_io,
10904					    pending_io->scsiio.tag_num & 0xff);
10905					ctl_done(pending_io);
10906					break;
10907				case CTL_ACTION_ERROR:
10908				default:
10909					ctl_set_internal_failure(
10910						(struct ctl_scsiio *)pending_io,
10911						0,  // sks_valid
10912						0); //retry count
10913					ctl_done(pending_io);
10914					break;
10915				}
10916			}
10917
10918			/*
10919			 * Build Unit Attention
10920			 */
10921			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
10922				lun->pending_sense[i].ua_pending |=
10923				                     CTL_UA_ASYM_ACC_CHANGE;
10924			}
10925		} else {
10926			panic("Unhandled HA mode failover, LUN flags = %#x, "
10927			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
10928		}
10929	}
10930	ctl_pause_rtr = 0;
10931	mtx_unlock(&ctl_softc->ctl_lock);
10932}
10933
10934static int
10935ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
10936{
10937	struct ctl_lun *lun;
10938	const struct ctl_cmd_entry *entry;
10939	uint32_t initidx, targ_lun;
10940	int retval;
10941
10942	retval = 0;
10943
10944	lun = NULL;
10945
10946	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
10947	if ((targ_lun < CTL_MAX_LUNS)
10948	 && (ctl_softc->ctl_luns[targ_lun] != NULL)) {
10949		lun = ctl_softc->ctl_luns[targ_lun];
10950		/*
10951		 * If the LUN is invalid, pretend that it doesn't exist.
10952		 * It will go away as soon as all pending I/O has been
10953		 * completed.
10954		 */
10955		if (lun->flags & CTL_LUN_DISABLED) {
10956			lun = NULL;
10957		} else {
10958			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
10959			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
10960				lun->be_lun;
10961			if (lun->be_lun->lun_type == T_PROCESSOR) {
10962				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
10963			}
10964
10965			/*
10966			 * Every I/O goes into the OOA queue for a
10967			 * particular LUN, and stays there until completion.
10968			 */
10969			mtx_lock(&lun->lun_lock);
10970			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
10971			    ooa_links);
10972		}
10973	} else {
10974		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
10975		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
10976	}
10977
10978	/* Get command entry and return error if it is unsuppotyed. */
10979	entry = ctl_validate_command(ctsio);
10980	if (entry == NULL) {
10981		if (lun)
10982			mtx_unlock(&lun->lun_lock);
10983		return (retval);
10984	}
10985
10986	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
10987	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
10988
10989	/*
10990	 * Check to see whether we can send this command to LUNs that don't
10991	 * exist.  This should pretty much only be the case for inquiry
10992	 * and request sense.  Further checks, below, really require having
10993	 * a LUN, so we can't really check the command anymore.  Just put
10994	 * it on the rtr queue.
10995	 */
10996	if (lun == NULL) {
10997		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
10998			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
10999			ctl_enqueue_rtr((union ctl_io *)ctsio);
11000			return (retval);
11001		}
11002
11003		ctl_set_unsupported_lun(ctsio);
11004		ctl_done((union ctl_io *)ctsio);
11005		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11006		return (retval);
11007	} else {
11008		/*
11009		 * Make sure we support this particular command on this LUN.
11010		 * e.g., we don't support writes to the control LUN.
11011		 */
11012		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11013			mtx_unlock(&lun->lun_lock);
11014			ctl_set_invalid_opcode(ctsio);
11015			ctl_done((union ctl_io *)ctsio);
11016			return (retval);
11017		}
11018	}
11019
11020	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11021
11022	/*
11023	 * If we've got a request sense, it'll clear the contingent
11024	 * allegiance condition.  Otherwise, if we have a CA condition for
11025	 * this initiator, clear it, because it sent down a command other
11026	 * than request sense.
11027	 */
11028	if ((ctsio->cdb[0] != REQUEST_SENSE)
11029	 && (ctl_is_set(lun->have_ca, initidx)))
11030		ctl_clear_mask(lun->have_ca, initidx);
11031
11032	/*
11033	 * If the command has this flag set, it handles its own unit
11034	 * attention reporting, we shouldn't do anything.  Otherwise we
11035	 * check for any pending unit attentions, and send them back to the
11036	 * initiator.  We only do this when a command initially comes in,
11037	 * not when we pull it off the blocked queue.
11038	 *
11039	 * According to SAM-3, section 5.3.2, the order that things get
11040	 * presented back to the host is basically unit attentions caused
11041	 * by some sort of reset event, busy status, reservation conflicts
11042	 * or task set full, and finally any other status.
11043	 *
11044	 * One issue here is that some of the unit attentions we report
11045	 * don't fall into the "reset" category (e.g. "reported luns data
11046	 * has changed").  So reporting it here, before the reservation
11047	 * check, may be technically wrong.  I guess the only thing to do
11048	 * would be to check for and report the reset events here, and then
11049	 * check for the other unit attention types after we check for a
11050	 * reservation conflict.
11051	 *
11052	 * XXX KDM need to fix this
11053	 */
11054	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11055		ctl_ua_type ua_type;
11056
11057		ua_type = lun->pending_sense[initidx].ua_pending;
11058		if (ua_type != CTL_UA_NONE) {
11059			scsi_sense_data_type sense_format;
11060
11061			if (lun != NULL)
11062				sense_format = (lun->flags &
11063				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
11064				    SSD_TYPE_FIXED;
11065			else
11066				sense_format = SSD_TYPE_FIXED;
11067
11068			ua_type = ctl_build_ua(ua_type, &ctsio->sense_data,
11069					       sense_format);
11070			if (ua_type != CTL_UA_NONE) {
11071				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11072				ctsio->io_hdr.status = CTL_SCSI_ERROR |
11073						       CTL_AUTOSENSE;
11074				ctsio->sense_len = SSD_FULL_SIZE;
11075				lun->pending_sense[initidx].ua_pending &=
11076					~ua_type;
11077				mtx_unlock(&lun->lun_lock);
11078				ctl_done((union ctl_io *)ctsio);
11079				return (retval);
11080			}
11081		}
11082	}
11083
11084
11085	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
11086		mtx_unlock(&lun->lun_lock);
11087		ctl_done((union ctl_io *)ctsio);
11088		return (retval);
11089	}
11090
11091	/*
11092	 * XXX CHD this is where we want to send IO to other side if
11093	 * this LUN is secondary on this SC. We will need to make a copy
11094	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11095	 * the copy we send as FROM_OTHER.
11096	 * We also need to stuff the address of the original IO so we can
11097	 * find it easily. Something similar will need be done on the other
11098	 * side so when we are done we can find the copy.
11099	 */
11100	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11101		union ctl_ha_msg msg_info;
11102		int isc_retval;
11103
11104		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11105
11106		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11107		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11108#if 0
11109		printf("1. ctsio %p\n", ctsio);
11110#endif
11111		msg_info.hdr.serializing_sc = NULL;
11112		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11113		msg_info.scsi.tag_num = ctsio->tag_num;
11114		msg_info.scsi.tag_type = ctsio->tag_type;
11115		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11116
11117		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11118
11119		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11120		    (void *)&msg_info, sizeof(msg_info), 0)) >
11121		    CTL_HA_STATUS_SUCCESS) {
11122			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11123			       isc_retval);
11124			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11125		} else {
11126#if 0
11127			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11128#endif
11129		}
11130
11131		/*
11132		 * XXX KDM this I/O is off the incoming queue, but hasn't
11133		 * been inserted on any other queue.  We may need to come
11134		 * up with a holding queue while we wait for serialization
11135		 * so that we have an idea of what we're waiting for from
11136		 * the other side.
11137		 */
11138		mtx_unlock(&lun->lun_lock);
11139		return (retval);
11140	}
11141
11142	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11143			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11144			      ctl_ooaq, ooa_links))) {
11145	case CTL_ACTION_BLOCK:
11146		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11147		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11148				  blocked_links);
11149		mtx_unlock(&lun->lun_lock);
11150		return (retval);
11151	case CTL_ACTION_PASS:
11152	case CTL_ACTION_SKIP:
11153		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11154		mtx_unlock(&lun->lun_lock);
11155		ctl_enqueue_rtr((union ctl_io *)ctsio);
11156		break;
11157	case CTL_ACTION_OVERLAP:
11158		mtx_unlock(&lun->lun_lock);
11159		ctl_set_overlapped_cmd(ctsio);
11160		ctl_done((union ctl_io *)ctsio);
11161		break;
11162	case CTL_ACTION_OVERLAP_TAG:
11163		mtx_unlock(&lun->lun_lock);
11164		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11165		ctl_done((union ctl_io *)ctsio);
11166		break;
11167	case CTL_ACTION_ERROR:
11168	default:
11169		mtx_unlock(&lun->lun_lock);
11170		ctl_set_internal_failure(ctsio,
11171					 /*sks_valid*/ 0,
11172					 /*retry_count*/ 0);
11173		ctl_done((union ctl_io *)ctsio);
11174		break;
11175	}
11176	return (retval);
11177}
11178
11179const struct ctl_cmd_entry *
11180ctl_get_cmd_entry(struct ctl_scsiio *ctsio)
11181{
11182	const struct ctl_cmd_entry *entry;
11183	int service_action;
11184
11185	entry = &ctl_cmd_table[ctsio->cdb[0]];
11186	if (entry->flags & CTL_CMD_FLAG_SA5) {
11187		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11188		entry = &((const struct ctl_cmd_entry *)
11189		    entry->execute)[service_action];
11190	}
11191	return (entry);
11192}
11193
11194const struct ctl_cmd_entry *
11195ctl_validate_command(struct ctl_scsiio *ctsio)
11196{
11197	const struct ctl_cmd_entry *entry;
11198	int i;
11199	uint8_t diff;
11200
11201	entry = ctl_get_cmd_entry(ctsio);
11202	if (entry->execute == NULL) {
11203		ctl_set_invalid_opcode(ctsio);
11204		ctl_done((union ctl_io *)ctsio);
11205		return (NULL);
11206	}
11207	KASSERT(entry->length > 0,
11208	    ("Not defined length for command 0x%02x/0x%02x",
11209	     ctsio->cdb[0], ctsio->cdb[1]));
11210	for (i = 1; i < entry->length; i++) {
11211		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11212		if (diff == 0)
11213			continue;
11214		ctl_set_invalid_field(ctsio,
11215				      /*sks_valid*/ 1,
11216				      /*command*/ 1,
11217				      /*field*/ i,
11218				      /*bit_valid*/ 1,
11219				      /*bit*/ fls(diff) - 1);
11220		ctl_done((union ctl_io *)ctsio);
11221		return (NULL);
11222	}
11223	return (entry);
11224}
11225
11226static int
11227ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11228{
11229
11230	switch (lun_type) {
11231	case T_PROCESSOR:
11232		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11233		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11234			return (0);
11235		break;
11236	case T_DIRECT:
11237		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11238		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11239			return (0);
11240		break;
11241	default:
11242		return (0);
11243	}
11244	return (1);
11245}
11246
11247static int
11248ctl_scsiio(struct ctl_scsiio *ctsio)
11249{
11250	int retval;
11251	const struct ctl_cmd_entry *entry;
11252
11253	retval = CTL_RETVAL_COMPLETE;
11254
11255	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11256
11257	entry = ctl_get_cmd_entry(ctsio);
11258
11259	/*
11260	 * If this I/O has been aborted, just send it straight to
11261	 * ctl_done() without executing it.
11262	 */
11263	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11264		ctl_done((union ctl_io *)ctsio);
11265		goto bailout;
11266	}
11267
11268	/*
11269	 * All the checks should have been handled by ctl_scsiio_precheck().
11270	 * We should be clear now to just execute the I/O.
11271	 */
11272	retval = entry->execute(ctsio);
11273
11274bailout:
11275	return (retval);
11276}
11277
11278/*
11279 * Since we only implement one target right now, a bus reset simply resets
11280 * our single target.
11281 */
11282static int
11283ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
11284{
11285	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
11286}
11287
11288static int
11289ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
11290		 ctl_ua_type ua_type)
11291{
11292	struct ctl_lun *lun;
11293	int retval;
11294
11295	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11296		union ctl_ha_msg msg_info;
11297
11298		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11299		msg_info.hdr.nexus = io->io_hdr.nexus;
11300		if (ua_type==CTL_UA_TARG_RESET)
11301			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11302		else
11303			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11304		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11305		msg_info.hdr.original_sc = NULL;
11306		msg_info.hdr.serializing_sc = NULL;
11307		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11308		    (void *)&msg_info, sizeof(msg_info), 0)) {
11309		}
11310	}
11311	retval = 0;
11312
11313	mtx_lock(&ctl_softc->ctl_lock);
11314	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
11315		retval += ctl_lun_reset(lun, io, ua_type);
11316	mtx_unlock(&ctl_softc->ctl_lock);
11317
11318	return (retval);
11319}
11320
11321/*
11322 * The LUN should always be set.  The I/O is optional, and is used to
11323 * distinguish between I/Os sent by this initiator, and by other
11324 * initiators.  We set unit attention for initiators other than this one.
11325 * SAM-3 is vague on this point.  It does say that a unit attention should
11326 * be established for other initiators when a LUN is reset (see section
11327 * 5.7.3), but it doesn't specifically say that the unit attention should
11328 * be established for this particular initiator when a LUN is reset.  Here
11329 * is the relevant text, from SAM-3 rev 8:
11330 *
11331 * 5.7.2 When a SCSI initiator port aborts its own tasks
11332 *
11333 * When a SCSI initiator port causes its own task(s) to be aborted, no
11334 * notification that the task(s) have been aborted shall be returned to
11335 * the SCSI initiator port other than the completion response for the
11336 * command or task management function action that caused the task(s) to
11337 * be aborted and notification(s) associated with related effects of the
11338 * action (e.g., a reset unit attention condition).
11339 *
11340 * XXX KDM for now, we're setting unit attention for all initiators.
11341 */
11342static int
11343ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11344{
11345	union ctl_io *xio;
11346#if 0
11347	uint32_t initindex;
11348#endif
11349	int i;
11350
11351	mtx_lock(&lun->lun_lock);
11352	/*
11353	 * Run through the OOA queue and abort each I/O.
11354	 */
11355#if 0
11356	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11357#endif
11358	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11359	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11360		xio->io_hdr.flags |= CTL_FLAG_ABORT;
11361	}
11362
11363	/*
11364	 * This version sets unit attention for every
11365	 */
11366#if 0
11367	initindex = ctl_get_initindex(&io->io_hdr.nexus);
11368	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11369		if (initindex == i)
11370			continue;
11371		lun->pending_sense[i].ua_pending |= ua_type;
11372	}
11373#endif
11374
11375	/*
11376	 * A reset (any kind, really) clears reservations established with
11377	 * RESERVE/RELEASE.  It does not clear reservations established
11378	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11379	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11380	 * reservations made with the RESERVE/RELEASE commands, because
11381	 * those commands are obsolete in SPC-3.
11382	 */
11383	lun->flags &= ~CTL_LUN_RESERVED;
11384
11385	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11386		ctl_clear_mask(lun->have_ca, i);
11387		lun->pending_sense[i].ua_pending |= ua_type;
11388	}
11389	mtx_lock(&lun->lun_lock);
11390
11391	return (0);
11392}
11393
11394static int
11395ctl_abort_task(union ctl_io *io)
11396{
11397	union ctl_io *xio;
11398	struct ctl_lun *lun;
11399	struct ctl_softc *ctl_softc;
11400#if 0
11401	struct sbuf sb;
11402	char printbuf[128];
11403#endif
11404	int found;
11405	uint32_t targ_lun;
11406
11407	ctl_softc = control_softc;
11408	found = 0;
11409
11410	/*
11411	 * Look up the LUN.
11412	 */
11413	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11414	mtx_lock(&ctl_softc->ctl_lock);
11415	if ((targ_lun < CTL_MAX_LUNS)
11416	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
11417		lun = ctl_softc->ctl_luns[targ_lun];
11418	else {
11419		mtx_unlock(&ctl_softc->ctl_lock);
11420		goto bailout;
11421	}
11422
11423#if 0
11424	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11425	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11426#endif
11427
11428	mtx_lock(&lun->lun_lock);
11429	mtx_unlock(&ctl_softc->ctl_lock);
11430	/*
11431	 * Run through the OOA queue and attempt to find the given I/O.
11432	 * The target port, initiator ID, tag type and tag number have to
11433	 * match the values that we got from the initiator.  If we have an
11434	 * untagged command to abort, simply abort the first untagged command
11435	 * we come to.  We only allow one untagged command at a time of course.
11436	 */
11437#if 0
11438	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11439#endif
11440	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11441	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11442#if 0
11443		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11444
11445		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11446			    lun->lun, xio->scsiio.tag_num,
11447			    xio->scsiio.tag_type,
11448			    (xio->io_hdr.blocked_links.tqe_prev
11449			    == NULL) ? "" : " BLOCKED",
11450			    (xio->io_hdr.flags &
11451			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11452			    (xio->io_hdr.flags &
11453			    CTL_FLAG_ABORT) ? " ABORT" : "",
11454			    (xio->io_hdr.flags &
11455			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11456		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11457		sbuf_finish(&sb);
11458		printf("%s\n", sbuf_data(&sb));
11459#endif
11460
11461		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
11462		 && (xio->io_hdr.nexus.initid.id ==
11463		     io->io_hdr.nexus.initid.id)) {
11464			/*
11465			 * If the abort says that the task is untagged, the
11466			 * task in the queue must be untagged.  Otherwise,
11467			 * we just check to see whether the tag numbers
11468			 * match.  This is because the QLogic firmware
11469			 * doesn't pass back the tag type in an abort
11470			 * request.
11471			 */
11472#if 0
11473			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11474			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11475			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
11476#endif
11477			/*
11478			 * XXX KDM we've got problems with FC, because it
11479			 * doesn't send down a tag type with aborts.  So we
11480			 * can only really go by the tag number...
11481			 * This may cause problems with parallel SCSI.
11482			 * Need to figure that out!!
11483			 */
11484			if (xio->scsiio.tag_num == io->taskio.tag_num) {
11485				xio->io_hdr.flags |= CTL_FLAG_ABORT;
11486				found = 1;
11487				if ((io->io_hdr.flags &
11488				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
11489				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11490					union ctl_ha_msg msg_info;
11491
11492					io->io_hdr.flags |=
11493					                CTL_FLAG_SENT_2OTHER_SC;
11494					msg_info.hdr.nexus = io->io_hdr.nexus;
11495					msg_info.task.task_action =
11496						CTL_TASK_ABORT_TASK;
11497					msg_info.task.tag_num =
11498						io->taskio.tag_num;
11499					msg_info.task.tag_type =
11500						io->taskio.tag_type;
11501					msg_info.hdr.msg_type =
11502						CTL_MSG_MANAGE_TASKS;
11503					msg_info.hdr.original_sc = NULL;
11504					msg_info.hdr.serializing_sc = NULL;
11505#if 0
11506					printf("Sent Abort to other side\n");
11507#endif
11508					if (CTL_HA_STATUS_SUCCESS !=
11509					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11510		    				(void *)&msg_info,
11511						sizeof(msg_info), 0)) {
11512					}
11513				}
11514#if 0
11515				printf("ctl_abort_task: found I/O to abort\n");
11516#endif
11517				break;
11518			}
11519		}
11520	}
11521	mtx_unlock(&lun->lun_lock);
11522
11523bailout:
11524
11525	if (found == 0) {
11526		/*
11527		 * This isn't really an error.  It's entirely possible for
11528		 * the abort and command completion to cross on the wire.
11529		 * This is more of an informative/diagnostic error.
11530		 */
11531#if 0
11532		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11533		       "%d:%d:%d:%d tag %d type %d\n",
11534		       io->io_hdr.nexus.initid.id,
11535		       io->io_hdr.nexus.targ_port,
11536		       io->io_hdr.nexus.targ_target.id,
11537		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11538		       io->taskio.tag_type);
11539#endif
11540		return (1);
11541	} else
11542		return (0);
11543}
11544
11545/*
11546 * This routine cannot block!  It must be callable from an interrupt
11547 * handler as well as from the work thread.
11548 */
11549static void
11550ctl_run_task(union ctl_io *io)
11551{
11552	struct ctl_softc *ctl_softc;
11553	int retval;
11554	const char *task_desc;
11555
11556	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11557
11558	ctl_softc = control_softc;
11559	retval = 0;
11560
11561	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11562	    ("ctl_run_task: Unextected io_type %d\n",
11563	     io->io_hdr.io_type));
11564
11565	task_desc = ctl_scsi_task_string(&io->taskio);
11566	if (task_desc != NULL) {
11567#ifdef NEEDTOPORT
11568		csevent_log(CSC_CTL | CSC_SHELF_SW |
11569			    CTL_TASK_REPORT,
11570			    csevent_LogType_Trace,
11571			    csevent_Severity_Information,
11572			    csevent_AlertLevel_Green,
11573			    csevent_FRU_Firmware,
11574			    csevent_FRU_Unknown,
11575			    "CTL: received task: %s",task_desc);
11576#endif
11577	} else {
11578#ifdef NEEDTOPORT
11579		csevent_log(CSC_CTL | CSC_SHELF_SW |
11580			    CTL_TASK_REPORT,
11581			    csevent_LogType_Trace,
11582			    csevent_Severity_Information,
11583			    csevent_AlertLevel_Green,
11584			    csevent_FRU_Firmware,
11585			    csevent_FRU_Unknown,
11586			    "CTL: received unknown task "
11587			    "type: %d (%#x)",
11588			    io->taskio.task_action,
11589			    io->taskio.task_action);
11590#endif
11591	}
11592	switch (io->taskio.task_action) {
11593	case CTL_TASK_ABORT_TASK:
11594		retval = ctl_abort_task(io);
11595		break;
11596	case CTL_TASK_ABORT_TASK_SET:
11597		break;
11598	case CTL_TASK_CLEAR_ACA:
11599		break;
11600	case CTL_TASK_CLEAR_TASK_SET:
11601		break;
11602	case CTL_TASK_LUN_RESET: {
11603		struct ctl_lun *lun;
11604		uint32_t targ_lun;
11605		int retval;
11606
11607		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11608		mtx_lock(&ctl_softc->ctl_lock);
11609		if ((targ_lun < CTL_MAX_LUNS)
11610		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
11611			lun = ctl_softc->ctl_luns[targ_lun];
11612		else {
11613			mtx_unlock(&ctl_softc->ctl_lock);
11614			retval = 1;
11615			break;
11616		}
11617
11618		if (!(io->io_hdr.flags &
11619		    CTL_FLAG_FROM_OTHER_SC)) {
11620			union ctl_ha_msg msg_info;
11621
11622			io->io_hdr.flags |=
11623				CTL_FLAG_SENT_2OTHER_SC;
11624			msg_info.hdr.msg_type =
11625				CTL_MSG_MANAGE_TASKS;
11626			msg_info.hdr.nexus = io->io_hdr.nexus;
11627			msg_info.task.task_action =
11628				CTL_TASK_LUN_RESET;
11629			msg_info.hdr.original_sc = NULL;
11630			msg_info.hdr.serializing_sc = NULL;
11631			if (CTL_HA_STATUS_SUCCESS !=
11632			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11633			    (void *)&msg_info,
11634			    sizeof(msg_info), 0)) {
11635			}
11636		}
11637
11638		retval = ctl_lun_reset(lun, io,
11639				       CTL_UA_LUN_RESET);
11640		mtx_unlock(&ctl_softc->ctl_lock);
11641		break;
11642	}
11643	case CTL_TASK_TARGET_RESET:
11644		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
11645		break;
11646	case CTL_TASK_BUS_RESET:
11647		retval = ctl_bus_reset(ctl_softc, io);
11648		break;
11649	case CTL_TASK_PORT_LOGIN:
11650		break;
11651	case CTL_TASK_PORT_LOGOUT:
11652		break;
11653	default:
11654		printf("ctl_run_task: got unknown task management event %d\n",
11655		       io->taskio.task_action);
11656		break;
11657	}
11658	if (retval == 0)
11659		io->io_hdr.status = CTL_SUCCESS;
11660	else
11661		io->io_hdr.status = CTL_ERROR;
11662
11663	/*
11664	 * This will queue this I/O to the done queue, but the
11665	 * work thread won't be able to process it until we
11666	 * return and the lock is released.
11667	 */
11668	ctl_done(io);
11669}
11670
11671/*
11672 * For HA operation.  Handle commands that come in from the other
11673 * controller.
11674 */
11675static void
11676ctl_handle_isc(union ctl_io *io)
11677{
11678	int free_io;
11679	struct ctl_lun *lun;
11680	struct ctl_softc *ctl_softc;
11681	uint32_t targ_lun;
11682
11683	ctl_softc = control_softc;
11684
11685	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11686	lun = ctl_softc->ctl_luns[targ_lun];
11687
11688	switch (io->io_hdr.msg_type) {
11689	case CTL_MSG_SERIALIZE:
11690		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11691		break;
11692	case CTL_MSG_R2R: {
11693		const struct ctl_cmd_entry *entry;
11694
11695		/*
11696		 * This is only used in SER_ONLY mode.
11697		 */
11698		free_io = 0;
11699		entry = ctl_get_cmd_entry(&io->scsiio);
11700		mtx_lock(&lun->lun_lock);
11701		if (ctl_scsiio_lun_check(ctl_softc, lun,
11702		    entry, (struct ctl_scsiio *)io) != 0) {
11703			mtx_unlock(&lun->lun_lock);
11704			ctl_done(io);
11705			break;
11706		}
11707		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11708		mtx_unlock(&lun->lun_lock);
11709		ctl_enqueue_rtr(io);
11710		break;
11711	}
11712	case CTL_MSG_FINISH_IO:
11713		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
11714			free_io = 0;
11715			ctl_done(io);
11716		} else {
11717			free_io = 1;
11718			mtx_lock(&lun->lun_lock);
11719			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11720				     ooa_links);
11721			ctl_check_blocked(lun);
11722			mtx_unlock(&lun->lun_lock);
11723		}
11724		break;
11725	case CTL_MSG_PERS_ACTION:
11726		ctl_hndl_per_res_out_on_other_sc(
11727			(union ctl_ha_msg *)&io->presio.pr_msg);
11728		free_io = 1;
11729		break;
11730	case CTL_MSG_BAD_JUJU:
11731		free_io = 0;
11732		ctl_done(io);
11733		break;
11734	case CTL_MSG_DATAMOVE:
11735		/* Only used in XFER mode */
11736		free_io = 0;
11737		ctl_datamove_remote(io);
11738		break;
11739	case CTL_MSG_DATAMOVE_DONE:
11740		/* Only used in XFER mode */
11741		free_io = 0;
11742		io->scsiio.be_move_done(io);
11743		break;
11744	default:
11745		free_io = 1;
11746		printf("%s: Invalid message type %d\n",
11747		       __func__, io->io_hdr.msg_type);
11748		break;
11749	}
11750	if (free_io)
11751		ctl_free_io(io);
11752
11753}
11754
11755
11756/*
11757 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11758 * there is no match.
11759 */
11760static ctl_lun_error_pattern
11761ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11762{
11763	const struct ctl_cmd_entry *entry;
11764	ctl_lun_error_pattern filtered_pattern, pattern;
11765
11766	pattern = desc->error_pattern;
11767
11768	/*
11769	 * XXX KDM we need more data passed into this function to match a
11770	 * custom pattern, and we actually need to implement custom pattern
11771	 * matching.
11772	 */
11773	if (pattern & CTL_LUN_PAT_CMD)
11774		return (CTL_LUN_PAT_CMD);
11775
11776	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11777		return (CTL_LUN_PAT_ANY);
11778
11779	entry = ctl_get_cmd_entry(ctsio);
11780
11781	filtered_pattern = entry->pattern & pattern;
11782
11783	/*
11784	 * If the user requested specific flags in the pattern (e.g.
11785	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11786	 * flags.
11787	 *
11788	 * If the user did not specify any flags, it doesn't matter whether
11789	 * or not the command supports the flags.
11790	 */
11791	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11792	     (pattern & ~CTL_LUN_PAT_MASK))
11793		return (CTL_LUN_PAT_NONE);
11794
11795	/*
11796	 * If the user asked for a range check, see if the requested LBA
11797	 * range overlaps with this command's LBA range.
11798	 */
11799	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
11800		uint64_t lba1;
11801		uint32_t len1;
11802		ctl_action action;
11803		int retval;
11804
11805		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
11806		if (retval != 0)
11807			return (CTL_LUN_PAT_NONE);
11808
11809		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
11810					      desc->lba_range.len);
11811		/*
11812		 * A "pass" means that the LBA ranges don't overlap, so
11813		 * this doesn't match the user's range criteria.
11814		 */
11815		if (action == CTL_ACTION_PASS)
11816			return (CTL_LUN_PAT_NONE);
11817	}
11818
11819	return (filtered_pattern);
11820}
11821
11822static void
11823ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
11824{
11825	struct ctl_error_desc *desc, *desc2;
11826
11827	mtx_assert(&lun->lun_lock, MA_OWNED);
11828
11829	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
11830		ctl_lun_error_pattern pattern;
11831		/*
11832		 * Check to see whether this particular command matches
11833		 * the pattern in the descriptor.
11834		 */
11835		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
11836		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
11837			continue;
11838
11839		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
11840		case CTL_LUN_INJ_ABORTED:
11841			ctl_set_aborted(&io->scsiio);
11842			break;
11843		case CTL_LUN_INJ_MEDIUM_ERR:
11844			ctl_set_medium_error(&io->scsiio);
11845			break;
11846		case CTL_LUN_INJ_UA:
11847			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
11848			 * OCCURRED */
11849			ctl_set_ua(&io->scsiio, 0x29, 0x00);
11850			break;
11851		case CTL_LUN_INJ_CUSTOM:
11852			/*
11853			 * We're assuming the user knows what he is doing.
11854			 * Just copy the sense information without doing
11855			 * checks.
11856			 */
11857			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
11858			      ctl_min(sizeof(desc->custom_sense),
11859				      sizeof(io->scsiio.sense_data)));
11860			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
11861			io->scsiio.sense_len = SSD_FULL_SIZE;
11862			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11863			break;
11864		case CTL_LUN_INJ_NONE:
11865		default:
11866			/*
11867			 * If this is an error injection type we don't know
11868			 * about, clear the continuous flag (if it is set)
11869			 * so it will get deleted below.
11870			 */
11871			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
11872			break;
11873		}
11874		/*
11875		 * By default, each error injection action is a one-shot
11876		 */
11877		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
11878			continue;
11879
11880		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
11881
11882		free(desc, M_CTL);
11883	}
11884}
11885
11886#ifdef CTL_IO_DELAY
11887static void
11888ctl_datamove_timer_wakeup(void *arg)
11889{
11890	union ctl_io *io;
11891
11892	io = (union ctl_io *)arg;
11893
11894	ctl_datamove(io);
11895}
11896#endif /* CTL_IO_DELAY */
11897
11898void
11899ctl_datamove(union ctl_io *io)
11900{
11901	void (*fe_datamove)(union ctl_io *io);
11902
11903	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
11904
11905	CTL_DEBUG_PRINT(("ctl_datamove\n"));
11906
11907#ifdef CTL_TIME_IO
11908	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
11909		char str[256];
11910		char path_str[64];
11911		struct sbuf sb;
11912
11913		ctl_scsi_path_string(io, path_str, sizeof(path_str));
11914		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
11915
11916		sbuf_cat(&sb, path_str);
11917		switch (io->io_hdr.io_type) {
11918		case CTL_IO_SCSI:
11919			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
11920			sbuf_printf(&sb, "\n");
11921			sbuf_cat(&sb, path_str);
11922			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
11923				    io->scsiio.tag_num, io->scsiio.tag_type);
11924			break;
11925		case CTL_IO_TASK:
11926			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
11927				    "Tag Type: %d\n", io->taskio.task_action,
11928				    io->taskio.tag_num, io->taskio.tag_type);
11929			break;
11930		default:
11931			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
11932			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
11933			break;
11934		}
11935		sbuf_cat(&sb, path_str);
11936		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
11937			    (intmax_t)time_uptime - io->io_hdr.start_time);
11938		sbuf_finish(&sb);
11939		printf("%s", sbuf_data(&sb));
11940	}
11941#endif /* CTL_TIME_IO */
11942
11943#ifdef CTL_IO_DELAY
11944	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
11945		struct ctl_lun *lun;
11946
11947		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
11948
11949		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
11950	} else {
11951		struct ctl_lun *lun;
11952
11953		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
11954		if ((lun != NULL)
11955		 && (lun->delay_info.datamove_delay > 0)) {
11956			struct callout *callout;
11957
11958			callout = (struct callout *)&io->io_hdr.timer_bytes;
11959			callout_init(callout, /*mpsafe*/ 1);
11960			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
11961			callout_reset(callout,
11962				      lun->delay_info.datamove_delay * hz,
11963				      ctl_datamove_timer_wakeup, io);
11964			if (lun->delay_info.datamove_type ==
11965			    CTL_DELAY_TYPE_ONESHOT)
11966				lun->delay_info.datamove_delay = 0;
11967			return;
11968		}
11969	}
11970#endif
11971
11972	/*
11973	 * This command has been aborted.  Set the port status, so we fail
11974	 * the data move.
11975	 */
11976	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
11977		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
11978		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
11979		       io->io_hdr.nexus.targ_port,
11980		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
11981		       io->io_hdr.nexus.targ_lun);
11982		io->io_hdr.status = CTL_CMD_ABORTED;
11983		io->io_hdr.port_status = 31337;
11984		/*
11985		 * Note that the backend, in this case, will get the
11986		 * callback in its context.  In other cases it may get
11987		 * called in the frontend's interrupt thread context.
11988		 */
11989		io->scsiio.be_move_done(io);
11990		return;
11991	}
11992
11993	/*
11994	 * If we're in XFER mode and this I/O is from the other shelf
11995	 * controller, we need to send the DMA to the other side to
11996	 * actually transfer the data to/from the host.  In serialize only
11997	 * mode the transfer happens below CTL and ctl_datamove() is only
11998	 * called on the machine that originally received the I/O.
11999	 */
12000	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12001	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12002		union ctl_ha_msg msg;
12003		uint32_t sg_entries_sent;
12004		int do_sg_copy;
12005		int i;
12006
12007		memset(&msg, 0, sizeof(msg));
12008		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12009		msg.hdr.original_sc = io->io_hdr.original_sc;
12010		msg.hdr.serializing_sc = io;
12011		msg.hdr.nexus = io->io_hdr.nexus;
12012		msg.dt.flags = io->io_hdr.flags;
12013		/*
12014		 * We convert everything into a S/G list here.  We can't
12015		 * pass by reference, only by value between controllers.
12016		 * So we can't pass a pointer to the S/G list, only as many
12017		 * S/G entries as we can fit in here.  If it's possible for
12018		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12019		 * then we need to break this up into multiple transfers.
12020		 */
12021		if (io->scsiio.kern_sg_entries == 0) {
12022			msg.dt.kern_sg_entries = 1;
12023			/*
12024			 * If this is in cached memory, flush the cache
12025			 * before we send the DMA request to the other
12026			 * controller.  We want to do this in either the
12027			 * read or the write case.  The read case is
12028			 * straightforward.  In the write case, we want to
12029			 * make sure nothing is in the local cache that
12030			 * could overwrite the DMAed data.
12031			 */
12032			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12033				/*
12034				 * XXX KDM use bus_dmamap_sync() here.
12035				 */
12036			}
12037
12038			/*
12039			 * Convert to a physical address if this is a
12040			 * virtual address.
12041			 */
12042			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12043				msg.dt.sg_list[0].addr =
12044					io->scsiio.kern_data_ptr;
12045			} else {
12046				/*
12047				 * XXX KDM use busdma here!
12048				 */
12049#if 0
12050				msg.dt.sg_list[0].addr = (void *)
12051					vtophys(io->scsiio.kern_data_ptr);
12052#endif
12053			}
12054
12055			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12056			do_sg_copy = 0;
12057		} else {
12058			struct ctl_sg_entry *sgl;
12059
12060			do_sg_copy = 1;
12061			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12062			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12063			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12064				/*
12065				 * XXX KDM use bus_dmamap_sync() here.
12066				 */
12067			}
12068		}
12069
12070		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12071		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12072		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12073		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12074		msg.dt.sg_sequence = 0;
12075
12076		/*
12077		 * Loop until we've sent all of the S/G entries.  On the
12078		 * other end, we'll recompose these S/G entries into one
12079		 * contiguous list before passing it to the
12080		 */
12081		for (sg_entries_sent = 0; sg_entries_sent <
12082		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12083			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
12084				sizeof(msg.dt.sg_list[0])),
12085				msg.dt.kern_sg_entries - sg_entries_sent);
12086
12087			if (do_sg_copy != 0) {
12088				struct ctl_sg_entry *sgl;
12089				int j;
12090
12091				sgl = (struct ctl_sg_entry *)
12092					io->scsiio.kern_data_ptr;
12093				/*
12094				 * If this is in cached memory, flush the cache
12095				 * before we send the DMA request to the other
12096				 * controller.  We want to do this in either
12097				 * the * read or the write case.  The read
12098				 * case is straightforward.  In the write
12099				 * case, we want to make sure nothing is
12100				 * in the local cache that could overwrite
12101				 * the DMAed data.
12102				 */
12103
12104				for (i = sg_entries_sent, j = 0;
12105				     i < msg.dt.cur_sg_entries; i++, j++) {
12106					if ((io->io_hdr.flags &
12107					     CTL_FLAG_NO_DATASYNC) == 0) {
12108						/*
12109						 * XXX KDM use bus_dmamap_sync()
12110						 */
12111					}
12112					if ((io->io_hdr.flags &
12113					     CTL_FLAG_BUS_ADDR) == 0) {
12114						/*
12115						 * XXX KDM use busdma.
12116						 */
12117#if 0
12118						msg.dt.sg_list[j].addr =(void *)
12119						       vtophys(sgl[i].addr);
12120#endif
12121					} else {
12122						msg.dt.sg_list[j].addr =
12123							sgl[i].addr;
12124					}
12125					msg.dt.sg_list[j].len = sgl[i].len;
12126				}
12127			}
12128
12129			sg_entries_sent += msg.dt.cur_sg_entries;
12130			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12131				msg.dt.sg_last = 1;
12132			else
12133				msg.dt.sg_last = 0;
12134
12135			/*
12136			 * XXX KDM drop and reacquire the lock here?
12137			 */
12138			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12139			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12140				/*
12141				 * XXX do something here.
12142				 */
12143			}
12144
12145			msg.dt.sent_sg_entries = sg_entries_sent;
12146		}
12147		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12148		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12149			ctl_failover_io(io, /*have_lock*/ 0);
12150
12151	} else {
12152
12153		/*
12154		 * Lookup the fe_datamove() function for this particular
12155		 * front end.
12156		 */
12157		fe_datamove =
12158		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12159
12160		fe_datamove(io);
12161	}
12162}
12163
12164static void
12165ctl_send_datamove_done(union ctl_io *io, int have_lock)
12166{
12167	union ctl_ha_msg msg;
12168	int isc_status;
12169
12170	memset(&msg, 0, sizeof(msg));
12171
12172	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12173	msg.hdr.original_sc = io;
12174	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12175	msg.hdr.nexus = io->io_hdr.nexus;
12176	msg.hdr.status = io->io_hdr.status;
12177	msg.scsi.tag_num = io->scsiio.tag_num;
12178	msg.scsi.tag_type = io->scsiio.tag_type;
12179	msg.scsi.scsi_status = io->scsiio.scsi_status;
12180	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12181	       sizeof(io->scsiio.sense_data));
12182	msg.scsi.sense_len = io->scsiio.sense_len;
12183	msg.scsi.sense_residual = io->scsiio.sense_residual;
12184	msg.scsi.fetd_status = io->io_hdr.port_status;
12185	msg.scsi.residual = io->scsiio.residual;
12186	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12187
12188	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12189		ctl_failover_io(io, /*have_lock*/ have_lock);
12190		return;
12191	}
12192
12193	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12194	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12195		/* XXX do something if this fails */
12196	}
12197
12198}
12199
12200/*
12201 * The DMA to the remote side is done, now we need to tell the other side
12202 * we're done so it can continue with its data movement.
12203 */
12204static void
12205ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12206{
12207	union ctl_io *io;
12208
12209	io = rq->context;
12210
12211	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12212		printf("%s: ISC DMA write failed with error %d", __func__,
12213		       rq->ret);
12214		ctl_set_internal_failure(&io->scsiio,
12215					 /*sks_valid*/ 1,
12216					 /*retry_count*/ rq->ret);
12217	}
12218
12219	ctl_dt_req_free(rq);
12220
12221	/*
12222	 * In this case, we had to malloc the memory locally.  Free it.
12223	 */
12224	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12225		int i;
12226		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12227			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12228	}
12229	/*
12230	 * The data is in local and remote memory, so now we need to send
12231	 * status (good or back) back to the other side.
12232	 */
12233	ctl_send_datamove_done(io, /*have_lock*/ 0);
12234}
12235
12236/*
12237 * We've moved the data from the host/controller into local memory.  Now we
12238 * need to push it over to the remote controller's memory.
12239 */
12240static int
12241ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12242{
12243	int retval;
12244
12245	retval = 0;
12246
12247	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12248					  ctl_datamove_remote_write_cb);
12249
12250	return (retval);
12251}
12252
12253static void
12254ctl_datamove_remote_write(union ctl_io *io)
12255{
12256	int retval;
12257	void (*fe_datamove)(union ctl_io *io);
12258
12259	/*
12260	 * - Get the data from the host/HBA into local memory.
12261	 * - DMA memory from the local controller to the remote controller.
12262	 * - Send status back to the remote controller.
12263	 */
12264
12265	retval = ctl_datamove_remote_sgl_setup(io);
12266	if (retval != 0)
12267		return;
12268
12269	/* Switch the pointer over so the FETD knows what to do */
12270	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12271
12272	/*
12273	 * Use a custom move done callback, since we need to send completion
12274	 * back to the other controller, not to the backend on this side.
12275	 */
12276	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12277
12278	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12279
12280	fe_datamove(io);
12281
12282	return;
12283
12284}
12285
12286static int
12287ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12288{
12289#if 0
12290	char str[256];
12291	char path_str[64];
12292	struct sbuf sb;
12293#endif
12294
12295	/*
12296	 * In this case, we had to malloc the memory locally.  Free it.
12297	 */
12298	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12299		int i;
12300		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12301			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12302	}
12303
12304#if 0
12305	scsi_path_string(io, path_str, sizeof(path_str));
12306	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12307	sbuf_cat(&sb, path_str);
12308	scsi_command_string(&io->scsiio, NULL, &sb);
12309	sbuf_printf(&sb, "\n");
12310	sbuf_cat(&sb, path_str);
12311	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12312		    io->scsiio.tag_num, io->scsiio.tag_type);
12313	sbuf_cat(&sb, path_str);
12314	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12315		    io->io_hdr.flags, io->io_hdr.status);
12316	sbuf_finish(&sb);
12317	printk("%s", sbuf_data(&sb));
12318#endif
12319
12320
12321	/*
12322	 * The read is done, now we need to send status (good or bad) back
12323	 * to the other side.
12324	 */
12325	ctl_send_datamove_done(io, /*have_lock*/ 0);
12326
12327	return (0);
12328}
12329
12330static void
12331ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12332{
12333	union ctl_io *io;
12334	void (*fe_datamove)(union ctl_io *io);
12335
12336	io = rq->context;
12337
12338	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12339		printf("%s: ISC DMA read failed with error %d", __func__,
12340		       rq->ret);
12341		ctl_set_internal_failure(&io->scsiio,
12342					 /*sks_valid*/ 1,
12343					 /*retry_count*/ rq->ret);
12344	}
12345
12346	ctl_dt_req_free(rq);
12347
12348	/* Switch the pointer over so the FETD knows what to do */
12349	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12350
12351	/*
12352	 * Use a custom move done callback, since we need to send completion
12353	 * back to the other controller, not to the backend on this side.
12354	 */
12355	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12356
12357	/* XXX KDM add checks like the ones in ctl_datamove? */
12358
12359	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12360
12361	fe_datamove(io);
12362}
12363
12364static int
12365ctl_datamove_remote_sgl_setup(union ctl_io *io)
12366{
12367	struct ctl_sg_entry *local_sglist, *remote_sglist;
12368	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
12369	struct ctl_softc *softc;
12370	int retval;
12371	int i;
12372
12373	retval = 0;
12374	softc = control_softc;
12375
12376	local_sglist = io->io_hdr.local_sglist;
12377	local_dma_sglist = io->io_hdr.local_dma_sglist;
12378	remote_sglist = io->io_hdr.remote_sglist;
12379	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12380
12381	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
12382		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
12383			local_sglist[i].len = remote_sglist[i].len;
12384
12385			/*
12386			 * XXX Detect the situation where the RS-level I/O
12387			 * redirector on the other side has already read the
12388			 * data off of the AOR RS on this side, and
12389			 * transferred it to remote (mirror) memory on the
12390			 * other side.  Since we already have the data in
12391			 * memory here, we just need to use it.
12392			 *
12393			 * XXX KDM this can probably be removed once we
12394			 * get the cache device code in and take the
12395			 * current AOR implementation out.
12396			 */
12397#ifdef NEEDTOPORT
12398			if ((remote_sglist[i].addr >=
12399			     (void *)vtophys(softc->mirr->addr))
12400			 && (remote_sglist[i].addr <
12401			     ((void *)vtophys(softc->mirr->addr) +
12402			     CacheMirrorOffset))) {
12403				local_sglist[i].addr = remote_sglist[i].addr -
12404					CacheMirrorOffset;
12405				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12406				     CTL_FLAG_DATA_IN)
12407					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
12408			} else {
12409				local_sglist[i].addr = remote_sglist[i].addr +
12410					CacheMirrorOffset;
12411			}
12412#endif
12413#if 0
12414			printf("%s: local %p, remote %p, len %d\n",
12415			       __func__, local_sglist[i].addr,
12416			       remote_sglist[i].addr, local_sglist[i].len);
12417#endif
12418		}
12419	} else {
12420		uint32_t len_to_go;
12421
12422		/*
12423		 * In this case, we don't have automatically allocated
12424		 * memory for this I/O on this controller.  This typically
12425		 * happens with internal CTL I/O -- e.g. inquiry, mode
12426		 * sense, etc.  Anything coming from RAIDCore will have
12427		 * a mirror area available.
12428		 */
12429		len_to_go = io->scsiio.kern_data_len;
12430
12431		/*
12432		 * Clear the no datasync flag, we have to use malloced
12433		 * buffers.
12434		 */
12435		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
12436
12437		/*
12438		 * The difficult thing here is that the size of the various
12439		 * S/G segments may be different than the size from the
12440		 * remote controller.  That'll make it harder when DMAing
12441		 * the data back to the other side.
12442		 */
12443		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
12444		     sizeof(io->io_hdr.remote_sglist[0])) &&
12445		     (len_to_go > 0); i++) {
12446			local_sglist[i].len = ctl_min(len_to_go, 131072);
12447			CTL_SIZE_8B(local_dma_sglist[i].len,
12448				    local_sglist[i].len);
12449			local_sglist[i].addr =
12450				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
12451
12452			local_dma_sglist[i].addr = local_sglist[i].addr;
12453
12454			if (local_sglist[i].addr == NULL) {
12455				int j;
12456
12457				printf("malloc failed for %zd bytes!",
12458				       local_dma_sglist[i].len);
12459				for (j = 0; j < i; j++) {
12460					free(local_sglist[j].addr, M_CTL);
12461				}
12462				ctl_set_internal_failure(&io->scsiio,
12463							 /*sks_valid*/ 1,
12464							 /*retry_count*/ 4857);
12465				retval = 1;
12466				goto bailout_error;
12467
12468			}
12469			/* XXX KDM do we need a sync here? */
12470
12471			len_to_go -= local_sglist[i].len;
12472		}
12473		/*
12474		 * Reset the number of S/G entries accordingly.  The
12475		 * original number of S/G entries is available in
12476		 * rem_sg_entries.
12477		 */
12478		io->scsiio.kern_sg_entries = i;
12479
12480#if 0
12481		printf("%s: kern_sg_entries = %d\n", __func__,
12482		       io->scsiio.kern_sg_entries);
12483		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12484			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
12485			       local_sglist[i].addr, local_sglist[i].len,
12486			       local_dma_sglist[i].len);
12487#endif
12488	}
12489
12490
12491	return (retval);
12492
12493bailout_error:
12494
12495	ctl_send_datamove_done(io, /*have_lock*/ 0);
12496
12497	return (retval);
12498}
12499
12500static int
12501ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12502			 ctl_ha_dt_cb callback)
12503{
12504	struct ctl_ha_dt_req *rq;
12505	struct ctl_sg_entry *remote_sglist, *local_sglist;
12506	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
12507	uint32_t local_used, remote_used, total_used;
12508	int retval;
12509	int i, j;
12510
12511	retval = 0;
12512
12513	rq = ctl_dt_req_alloc();
12514
12515	/*
12516	 * If we failed to allocate the request, and if the DMA didn't fail
12517	 * anyway, set busy status.  This is just a resource allocation
12518	 * failure.
12519	 */
12520	if ((rq == NULL)
12521	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
12522		ctl_set_busy(&io->scsiio);
12523
12524	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
12525
12526		if (rq != NULL)
12527			ctl_dt_req_free(rq);
12528
12529		/*
12530		 * The data move failed.  We need to return status back
12531		 * to the other controller.  No point in trying to DMA
12532		 * data to the remote controller.
12533		 */
12534
12535		ctl_send_datamove_done(io, /*have_lock*/ 0);
12536
12537		retval = 1;
12538
12539		goto bailout;
12540	}
12541
12542	local_sglist = io->io_hdr.local_sglist;
12543	local_dma_sglist = io->io_hdr.local_dma_sglist;
12544	remote_sglist = io->io_hdr.remote_sglist;
12545	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12546	local_used = 0;
12547	remote_used = 0;
12548	total_used = 0;
12549
12550	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
12551		rq->ret = CTL_HA_STATUS_SUCCESS;
12552		rq->context = io;
12553		callback(rq);
12554		goto bailout;
12555	}
12556
12557	/*
12558	 * Pull/push the data over the wire from/to the other controller.
12559	 * This takes into account the possibility that the local and
12560	 * remote sglists may not be identical in terms of the size of
12561	 * the elements and the number of elements.
12562	 *
12563	 * One fundamental assumption here is that the length allocated for
12564	 * both the local and remote sglists is identical.  Otherwise, we've
12565	 * essentially got a coding error of some sort.
12566	 */
12567	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12568		int isc_ret;
12569		uint32_t cur_len, dma_length;
12570		uint8_t *tmp_ptr;
12571
12572		rq->id = CTL_HA_DATA_CTL;
12573		rq->command = command;
12574		rq->context = io;
12575
12576		/*
12577		 * Both pointers should be aligned.  But it is possible
12578		 * that the allocation length is not.  They should both
12579		 * also have enough slack left over at the end, though,
12580		 * to round up to the next 8 byte boundary.
12581		 */
12582		cur_len = ctl_min(local_sglist[i].len - local_used,
12583				  remote_sglist[j].len - remote_used);
12584
12585		/*
12586		 * In this case, we have a size issue and need to decrease
12587		 * the size, except in the case where we actually have less
12588		 * than 8 bytes left.  In that case, we need to increase
12589		 * the DMA length to get the last bit.
12590		 */
12591		if ((cur_len & 0x7) != 0) {
12592			if (cur_len > 0x7) {
12593				cur_len = cur_len - (cur_len & 0x7);
12594				dma_length = cur_len;
12595			} else {
12596				CTL_SIZE_8B(dma_length, cur_len);
12597			}
12598
12599		} else
12600			dma_length = cur_len;
12601
12602		/*
12603		 * If we had to allocate memory for this I/O, instead of using
12604		 * the non-cached mirror memory, we'll need to flush the cache
12605		 * before trying to DMA to the other controller.
12606		 *
12607		 * We could end up doing this multiple times for the same
12608		 * segment if we have a larger local segment than remote
12609		 * segment.  That shouldn't be an issue.
12610		 */
12611		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12612			/*
12613			 * XXX KDM use bus_dmamap_sync() here.
12614			 */
12615		}
12616
12617		rq->size = dma_length;
12618
12619		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12620		tmp_ptr += local_used;
12621
12622		/* Use physical addresses when talking to ISC hardware */
12623		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12624			/* XXX KDM use busdma */
12625#if 0
12626			rq->local = vtophys(tmp_ptr);
12627#endif
12628		} else
12629			rq->local = tmp_ptr;
12630
12631		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12632		tmp_ptr += remote_used;
12633		rq->remote = tmp_ptr;
12634
12635		rq->callback = NULL;
12636
12637		local_used += cur_len;
12638		if (local_used >= local_sglist[i].len) {
12639			i++;
12640			local_used = 0;
12641		}
12642
12643		remote_used += cur_len;
12644		if (remote_used >= remote_sglist[j].len) {
12645			j++;
12646			remote_used = 0;
12647		}
12648		total_used += cur_len;
12649
12650		if (total_used >= io->scsiio.kern_data_len)
12651			rq->callback = callback;
12652
12653		if ((rq->size & 0x7) != 0) {
12654			printf("%s: warning: size %d is not on 8b boundary\n",
12655			       __func__, rq->size);
12656		}
12657		if (((uintptr_t)rq->local & 0x7) != 0) {
12658			printf("%s: warning: local %p not on 8b boundary\n",
12659			       __func__, rq->local);
12660		}
12661		if (((uintptr_t)rq->remote & 0x7) != 0) {
12662			printf("%s: warning: remote %p not on 8b boundary\n",
12663			       __func__, rq->local);
12664		}
12665#if 0
12666		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12667		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12668		       rq->local, rq->remote, rq->size);
12669#endif
12670
12671		isc_ret = ctl_dt_single(rq);
12672		if (isc_ret == CTL_HA_STATUS_WAIT)
12673			continue;
12674
12675		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
12676			rq->ret = CTL_HA_STATUS_SUCCESS;
12677		} else {
12678			rq->ret = isc_ret;
12679		}
12680		callback(rq);
12681		goto bailout;
12682	}
12683
12684bailout:
12685	return (retval);
12686
12687}
12688
12689static void
12690ctl_datamove_remote_read(union ctl_io *io)
12691{
12692	int retval;
12693	int i;
12694
12695	/*
12696	 * This will send an error to the other controller in the case of a
12697	 * failure.
12698	 */
12699	retval = ctl_datamove_remote_sgl_setup(io);
12700	if (retval != 0)
12701		return;
12702
12703	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12704					  ctl_datamove_remote_read_cb);
12705	if ((retval != 0)
12706	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
12707		/*
12708		 * Make sure we free memory if there was an error..  The
12709		 * ctl_datamove_remote_xfer() function will send the
12710		 * datamove done message, or call the callback with an
12711		 * error if there is a problem.
12712		 */
12713		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12714			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12715	}
12716
12717	return;
12718}
12719
12720/*
12721 * Process a datamove request from the other controller.  This is used for
12722 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12723 * first.  Once that is complete, the data gets DMAed into the remote
12724 * controller's memory.  For reads, we DMA from the remote controller's
12725 * memory into our memory first, and then move it out to the FETD.
12726 */
12727static void
12728ctl_datamove_remote(union ctl_io *io)
12729{
12730	struct ctl_softc *softc;
12731
12732	softc = control_softc;
12733
12734	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
12735
12736	/*
12737	 * Note that we look for an aborted I/O here, but don't do some of
12738	 * the other checks that ctl_datamove() normally does.  We don't
12739	 * need to run the task queue, because this I/O is on the ISC
12740	 * queue, which is executed by the work thread after the task queue.
12741	 * We don't need to run the datamove delay code, since that should
12742	 * have been done if need be on the other controller.
12743	 */
12744	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12745
12746		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
12747		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
12748		       io->io_hdr.nexus.targ_port,
12749		       io->io_hdr.nexus.targ_target.id,
12750		       io->io_hdr.nexus.targ_lun);
12751		io->io_hdr.status = CTL_CMD_ABORTED;
12752		io->io_hdr.port_status = 31338;
12753
12754		ctl_send_datamove_done(io, /*have_lock*/ 0);
12755
12756		return;
12757	}
12758
12759	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
12760		ctl_datamove_remote_write(io);
12761	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
12762		ctl_datamove_remote_read(io);
12763	} else {
12764		union ctl_ha_msg msg;
12765		struct scsi_sense_data *sense;
12766		uint8_t sks[3];
12767		int retry_count;
12768
12769		memset(&msg, 0, sizeof(msg));
12770
12771		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
12772		msg.hdr.status = CTL_SCSI_ERROR;
12773		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
12774
12775		retry_count = 4243;
12776
12777		sense = &msg.scsi.sense_data;
12778		sks[0] = SSD_SCS_VALID;
12779		sks[1] = (retry_count >> 8) & 0xff;
12780		sks[2] = retry_count & 0xff;
12781
12782		/* "Internal target failure" */
12783		scsi_set_sense_data(sense,
12784				    /*sense_format*/ SSD_TYPE_NONE,
12785				    /*current_error*/ 1,
12786				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
12787				    /*asc*/ 0x44,
12788				    /*ascq*/ 0x00,
12789				    /*type*/ SSD_ELEM_SKS,
12790				    /*size*/ sizeof(sks),
12791				    /*data*/ sks,
12792				    SSD_ELEM_NONE);
12793
12794		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12795		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12796			ctl_failover_io(io, /*have_lock*/ 1);
12797			return;
12798		}
12799
12800		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
12801		    CTL_HA_STATUS_SUCCESS) {
12802			/* XXX KDM what to do if this fails? */
12803		}
12804		return;
12805	}
12806
12807}
12808
12809static int
12810ctl_process_done(union ctl_io *io)
12811{
12812	struct ctl_lun *lun;
12813	struct ctl_softc *ctl_softc;
12814	void (*fe_done)(union ctl_io *io);
12815	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
12816
12817	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12818
12819	fe_done =
12820	    control_softc->ctl_ports[targ_port]->fe_done;
12821
12822#ifdef CTL_TIME_IO
12823	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12824		char str[256];
12825		char path_str[64];
12826		struct sbuf sb;
12827
12828		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12829		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12830
12831		sbuf_cat(&sb, path_str);
12832		switch (io->io_hdr.io_type) {
12833		case CTL_IO_SCSI:
12834			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12835			sbuf_printf(&sb, "\n");
12836			sbuf_cat(&sb, path_str);
12837			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12838				    io->scsiio.tag_num, io->scsiio.tag_type);
12839			break;
12840		case CTL_IO_TASK:
12841			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12842				    "Tag Type: %d\n", io->taskio.task_action,
12843				    io->taskio.tag_num, io->taskio.tag_type);
12844			break;
12845		default:
12846			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12847			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12848			break;
12849		}
12850		sbuf_cat(&sb, path_str);
12851		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12852			    (intmax_t)time_uptime - io->io_hdr.start_time);
12853		sbuf_finish(&sb);
12854		printf("%s", sbuf_data(&sb));
12855	}
12856#endif /* CTL_TIME_IO */
12857
12858	switch (io->io_hdr.io_type) {
12859	case CTL_IO_SCSI:
12860		break;
12861	case CTL_IO_TASK:
12862		if (bootverbose || verbose > 0)
12863			ctl_io_error_print(io, NULL);
12864		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12865			ctl_free_io(io);
12866		else
12867			fe_done(io);
12868		return (CTL_RETVAL_COMPLETE);
12869		break;
12870	default:
12871		printf("ctl_process_done: invalid io type %d\n",
12872		       io->io_hdr.io_type);
12873		panic("ctl_process_done: invalid io type %d\n",
12874		      io->io_hdr.io_type);
12875		break; /* NOTREACHED */
12876	}
12877
12878	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12879	if (lun == NULL) {
12880		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12881				 io->io_hdr.nexus.targ_mapped_lun));
12882		fe_done(io);
12883		goto bailout;
12884	}
12885	ctl_softc = lun->ctl_softc;
12886
12887	mtx_lock(&lun->lun_lock);
12888
12889	/*
12890	 * Check to see if we have any errors to inject here.  We only
12891	 * inject errors for commands that don't already have errors set.
12892	 */
12893	if ((STAILQ_FIRST(&lun->error_list) != NULL)
12894	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
12895		ctl_inject_error(lun, io);
12896
12897	/*
12898	 * XXX KDM how do we treat commands that aren't completed
12899	 * successfully?
12900	 *
12901	 * XXX KDM should we also track I/O latency?
12902	 */
12903	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12904	    io->io_hdr.io_type == CTL_IO_SCSI) {
12905#ifdef CTL_TIME_IO
12906		struct bintime cur_bt;
12907#endif
12908		int type;
12909
12910		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12911		    CTL_FLAG_DATA_IN)
12912			type = CTL_STATS_READ;
12913		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12914		    CTL_FLAG_DATA_OUT)
12915			type = CTL_STATS_WRITE;
12916		else
12917			type = CTL_STATS_NO_IO;
12918
12919		lun->stats.ports[targ_port].bytes[type] +=
12920		    io->scsiio.kern_total_len;
12921		lun->stats.ports[targ_port].operations[type]++;
12922#ifdef CTL_TIME_IO
12923		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12924		   &io->io_hdr.dma_bt);
12925		lun->stats.ports[targ_port].num_dmas[type] +=
12926		    io->io_hdr.num_dmas;
12927		getbintime(&cur_bt);
12928		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12929		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12930#endif
12931	}
12932
12933	/*
12934	 * Remove this from the OOA queue.
12935	 */
12936	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12937
12938	/*
12939	 * Run through the blocked queue on this LUN and see if anything
12940	 * has become unblocked, now that this transaction is done.
12941	 */
12942	ctl_check_blocked(lun);
12943
12944	/*
12945	 * If the LUN has been invalidated, free it if there is nothing
12946	 * left on its OOA queue.
12947	 */
12948	if ((lun->flags & CTL_LUN_INVALID)
12949	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12950		mtx_unlock(&lun->lun_lock);
12951		mtx_lock(&ctl_softc->ctl_lock);
12952		ctl_free_lun(lun);
12953		mtx_unlock(&ctl_softc->ctl_lock);
12954	} else
12955		mtx_unlock(&lun->lun_lock);
12956
12957	/*
12958	 * If this command has been aborted, make sure we set the status
12959	 * properly.  The FETD is responsible for freeing the I/O and doing
12960	 * whatever it needs to do to clean up its state.
12961	 */
12962	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12963		io->io_hdr.status = CTL_CMD_ABORTED;
12964
12965	/*
12966	 * We print out status for every task management command.  For SCSI
12967	 * commands, we filter out any unit attention errors; they happen
12968	 * on every boot, and would clutter up the log.  Note:  task
12969	 * management commands aren't printed here, they are printed above,
12970	 * since they should never even make it down here.
12971	 */
12972	switch (io->io_hdr.io_type) {
12973	case CTL_IO_SCSI: {
12974		int error_code, sense_key, asc, ascq;
12975
12976		sense_key = 0;
12977
12978		if (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR)
12979		 && (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
12980			/*
12981			 * Since this is just for printing, no need to
12982			 * show errors here.
12983			 */
12984			scsi_extract_sense_len(&io->scsiio.sense_data,
12985					       io->scsiio.sense_len,
12986					       &error_code,
12987					       &sense_key,
12988					       &asc,
12989					       &ascq,
12990					       /*show_errors*/ 0);
12991		}
12992
12993		if (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
12994		 && (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SCSI_ERROR)
12995		  || (io->scsiio.scsi_status != SCSI_STATUS_CHECK_COND)
12996		  || (sense_key != SSD_KEY_UNIT_ATTENTION))) {
12997
12998			if ((time_uptime - ctl_softc->last_print_jiffies) <= 0){
12999				ctl_softc->skipped_prints++;
13000			} else {
13001				uint32_t skipped_prints;
13002
13003				skipped_prints = ctl_softc->skipped_prints;
13004
13005				ctl_softc->skipped_prints = 0;
13006				ctl_softc->last_print_jiffies = time_uptime;
13007
13008				if (skipped_prints > 0) {
13009#ifdef NEEDTOPORT
13010					csevent_log(CSC_CTL | CSC_SHELF_SW |
13011					    CTL_ERROR_REPORT,
13012					    csevent_LogType_Trace,
13013					    csevent_Severity_Information,
13014					    csevent_AlertLevel_Green,
13015					    csevent_FRU_Firmware,
13016					    csevent_FRU_Unknown,
13017					    "High CTL error volume, %d prints "
13018					    "skipped", skipped_prints);
13019#endif
13020				}
13021				if (bootverbose || verbose > 0)
13022					ctl_io_error_print(io, NULL);
13023			}
13024		}
13025		break;
13026	}
13027	case CTL_IO_TASK:
13028		if (bootverbose || verbose > 0)
13029			ctl_io_error_print(io, NULL);
13030		break;
13031	default:
13032		break;
13033	}
13034
13035	/*
13036	 * Tell the FETD or the other shelf controller we're done with this
13037	 * command.  Note that only SCSI commands get to this point.  Task
13038	 * management commands are completed above.
13039	 *
13040	 * We only send status to the other controller if we're in XFER
13041	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13042	 * received the I/O (from CTL's perspective), and so the status is
13043	 * generated there.
13044	 *
13045	 * XXX KDM if we hold the lock here, we could cause a deadlock
13046	 * if the frontend comes back in in this context to queue
13047	 * something.
13048	 */
13049	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
13050	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13051		union ctl_ha_msg msg;
13052
13053		memset(&msg, 0, sizeof(msg));
13054		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13055		msg.hdr.original_sc = io->io_hdr.original_sc;
13056		msg.hdr.nexus = io->io_hdr.nexus;
13057		msg.hdr.status = io->io_hdr.status;
13058		msg.scsi.scsi_status = io->scsiio.scsi_status;
13059		msg.scsi.tag_num = io->scsiio.tag_num;
13060		msg.scsi.tag_type = io->scsiio.tag_type;
13061		msg.scsi.sense_len = io->scsiio.sense_len;
13062		msg.scsi.sense_residual = io->scsiio.sense_residual;
13063		msg.scsi.residual = io->scsiio.residual;
13064		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13065		       sizeof(io->scsiio.sense_data));
13066		/*
13067		 * We copy this whether or not this is an I/O-related
13068		 * command.  Otherwise, we'd have to go and check to see
13069		 * whether it's a read/write command, and it really isn't
13070		 * worth it.
13071		 */
13072		memcpy(&msg.scsi.lbalen,
13073		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13074		       sizeof(msg.scsi.lbalen));
13075
13076		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13077				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13078			/* XXX do something here */
13079		}
13080
13081		ctl_free_io(io);
13082	} else
13083		fe_done(io);
13084
13085bailout:
13086
13087	return (CTL_RETVAL_COMPLETE);
13088}
13089
13090/*
13091 * Front end should call this if it doesn't do autosense.  When the request
13092 * sense comes back in from the initiator, we'll dequeue this and send it.
13093 */
13094int
13095ctl_queue_sense(union ctl_io *io)
13096{
13097	struct ctl_lun *lun;
13098	struct ctl_softc *ctl_softc;
13099	uint32_t initidx, targ_lun;
13100
13101	ctl_softc = control_softc;
13102
13103	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13104
13105	/*
13106	 * LUN lookup will likely move to the ctl_work_thread() once we
13107	 * have our new queueing infrastructure (that doesn't put things on
13108	 * a per-LUN queue initially).  That is so that we can handle
13109	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13110	 * can't deal with that right now.
13111	 */
13112	mtx_lock(&ctl_softc->ctl_lock);
13113
13114	/*
13115	 * If we don't have a LUN for this, just toss the sense
13116	 * information.
13117	 */
13118	targ_lun = io->io_hdr.nexus.targ_lun;
13119	if (io->io_hdr.nexus.lun_map_fn != NULL)
13120		targ_lun = io->io_hdr.nexus.lun_map_fn(io->io_hdr.nexus.lun_map_arg, targ_lun);
13121	if ((targ_lun < CTL_MAX_LUNS)
13122	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
13123		lun = ctl_softc->ctl_luns[targ_lun];
13124	else
13125		goto bailout;
13126
13127	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13128
13129	mtx_lock(&lun->lun_lock);
13130	/*
13131	 * Already have CA set for this LUN...toss the sense information.
13132	 */
13133	if (ctl_is_set(lun->have_ca, initidx)) {
13134		mtx_unlock(&lun->lun_lock);
13135		goto bailout;
13136	}
13137
13138	memcpy(&lun->pending_sense[initidx].sense, &io->scsiio.sense_data,
13139	       ctl_min(sizeof(lun->pending_sense[initidx].sense),
13140	       sizeof(io->scsiio.sense_data)));
13141	ctl_set_mask(lun->have_ca, initidx);
13142	mtx_unlock(&lun->lun_lock);
13143
13144bailout:
13145	mtx_unlock(&ctl_softc->ctl_lock);
13146
13147	ctl_free_io(io);
13148
13149	return (CTL_RETVAL_COMPLETE);
13150}
13151
13152/*
13153 * Primary command inlet from frontend ports.  All SCSI and task I/O
13154 * requests must go through this function.
13155 */
13156int
13157ctl_queue(union ctl_io *io)
13158{
13159	struct ctl_softc *ctl_softc;
13160
13161	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13162
13163	ctl_softc = control_softc;
13164
13165#ifdef CTL_TIME_IO
13166	io->io_hdr.start_time = time_uptime;
13167	getbintime(&io->io_hdr.start_bt);
13168#endif /* CTL_TIME_IO */
13169
13170	/* Map FE-specific LUN ID into global one. */
13171	if (io->io_hdr.nexus.lun_map_fn != NULL)
13172		io->io_hdr.nexus.targ_mapped_lun = io->io_hdr.nexus.lun_map_fn(
13173		    io->io_hdr.nexus.lun_map_arg, io->io_hdr.nexus.targ_lun);
13174	else
13175		io->io_hdr.nexus.targ_mapped_lun = io->io_hdr.nexus.targ_lun;
13176
13177	switch (io->io_hdr.io_type) {
13178	case CTL_IO_SCSI:
13179		ctl_enqueue_incoming(io);
13180		break;
13181	case CTL_IO_TASK:
13182		ctl_run_task(io);
13183		break;
13184	default:
13185		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13186		return (EINVAL);
13187	}
13188
13189	return (CTL_RETVAL_COMPLETE);
13190}
13191
13192#ifdef CTL_IO_DELAY
13193static void
13194ctl_done_timer_wakeup(void *arg)
13195{
13196	union ctl_io *io;
13197
13198	io = (union ctl_io *)arg;
13199	ctl_done(io);
13200}
13201#endif /* CTL_IO_DELAY */
13202
13203void
13204ctl_done(union ctl_io *io)
13205{
13206	struct ctl_softc *ctl_softc;
13207
13208	ctl_softc = control_softc;
13209
13210	/*
13211	 * Enable this to catch duplicate completion issues.
13212	 */
13213#if 0
13214	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13215		printf("%s: type %d msg %d cdb %x iptl: "
13216		       "%d:%d:%d:%d tag 0x%04x "
13217		       "flag %#x status %x\n",
13218			__func__,
13219			io->io_hdr.io_type,
13220			io->io_hdr.msg_type,
13221			io->scsiio.cdb[0],
13222			io->io_hdr.nexus.initid.id,
13223			io->io_hdr.nexus.targ_port,
13224			io->io_hdr.nexus.targ_target.id,
13225			io->io_hdr.nexus.targ_lun,
13226			(io->io_hdr.io_type ==
13227			CTL_IO_TASK) ?
13228			io->taskio.tag_num :
13229			io->scsiio.tag_num,
13230		        io->io_hdr.flags,
13231			io->io_hdr.status);
13232	} else
13233		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13234#endif
13235
13236	/*
13237	 * This is an internal copy of an I/O, and should not go through
13238	 * the normal done processing logic.
13239	 */
13240	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13241		return;
13242
13243	/*
13244	 * We need to send a msg to the serializing shelf to finish the IO
13245	 * as well.  We don't send a finish message to the other shelf if
13246	 * this is a task management command.  Task management commands
13247	 * aren't serialized in the OOA queue, but rather just executed on
13248	 * both shelf controllers for commands that originated on that
13249	 * controller.
13250	 */
13251	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13252	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13253		union ctl_ha_msg msg_io;
13254
13255		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13256		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13257		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13258		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13259		}
13260		/* continue on to finish IO */
13261	}
13262#ifdef CTL_IO_DELAY
13263	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13264		struct ctl_lun *lun;
13265
13266		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13267
13268		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13269	} else {
13270		struct ctl_lun *lun;
13271
13272		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13273
13274		if ((lun != NULL)
13275		 && (lun->delay_info.done_delay > 0)) {
13276			struct callout *callout;
13277
13278			callout = (struct callout *)&io->io_hdr.timer_bytes;
13279			callout_init(callout, /*mpsafe*/ 1);
13280			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13281			callout_reset(callout,
13282				      lun->delay_info.done_delay * hz,
13283				      ctl_done_timer_wakeup, io);
13284			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13285				lun->delay_info.done_delay = 0;
13286			return;
13287		}
13288	}
13289#endif /* CTL_IO_DELAY */
13290
13291	ctl_enqueue_done(io);
13292}
13293
13294int
13295ctl_isc(struct ctl_scsiio *ctsio)
13296{
13297	struct ctl_lun *lun;
13298	int retval;
13299
13300	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13301
13302	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13303
13304	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13305
13306	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13307
13308	return (retval);
13309}
13310
13311
13312static void
13313ctl_work_thread(void *arg)
13314{
13315	struct ctl_thread *thr = (struct ctl_thread *)arg;
13316	struct ctl_softc *softc = thr->ctl_softc;
13317	union ctl_io *io;
13318	int retval;
13319
13320	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13321
13322	for (;;) {
13323		retval = 0;
13324
13325		/*
13326		 * We handle the queues in this order:
13327		 * - ISC
13328		 * - done queue (to free up resources, unblock other commands)
13329		 * - RtR queue
13330		 * - incoming queue
13331		 *
13332		 * If those queues are empty, we break out of the loop and
13333		 * go to sleep.
13334		 */
13335		mtx_lock(&thr->queue_lock);
13336		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13337		if (io != NULL) {
13338			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13339			mtx_unlock(&thr->queue_lock);
13340			ctl_handle_isc(io);
13341			continue;
13342		}
13343		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13344		if (io != NULL) {
13345			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13346			/* clear any blocked commands, call fe_done */
13347			mtx_unlock(&thr->queue_lock);
13348			retval = ctl_process_done(io);
13349			continue;
13350		}
13351		if (!ctl_pause_rtr) {
13352			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13353			if (io != NULL) {
13354				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13355				mtx_unlock(&thr->queue_lock);
13356				retval = ctl_scsiio(&io->scsiio);
13357				if (retval != CTL_RETVAL_COMPLETE)
13358					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13359				continue;
13360			}
13361		}
13362		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13363		if (io != NULL) {
13364			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13365			mtx_unlock(&thr->queue_lock);
13366			ctl_scsiio_precheck(softc, &io->scsiio);
13367			continue;
13368		}
13369
13370		/* Sleep until we have something to do. */
13371		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13372	}
13373}
13374
13375static void
13376ctl_lun_thread(void *arg)
13377{
13378	struct ctl_softc *softc = (struct ctl_softc *)arg;
13379	struct ctl_be_lun *be_lun;
13380	int retval;
13381
13382	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13383
13384	for (;;) {
13385		retval = 0;
13386		mtx_lock(&softc->ctl_lock);
13387		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13388		if (be_lun != NULL) {
13389			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13390			mtx_unlock(&softc->ctl_lock);
13391			ctl_create_lun(be_lun);
13392			continue;
13393		}
13394
13395		/* Sleep until we have something to do. */
13396		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13397		    PDROP | PRIBIO, "-", 0);
13398	}
13399}
13400
13401static void
13402ctl_enqueue_incoming(union ctl_io *io)
13403{
13404	struct ctl_softc *softc = control_softc;
13405	struct ctl_thread *thr;
13406
13407	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13408	mtx_lock(&thr->queue_lock);
13409	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13410	mtx_unlock(&thr->queue_lock);
13411	wakeup(thr);
13412}
13413
13414static void
13415ctl_enqueue_rtr(union ctl_io *io)
13416{
13417	struct ctl_softc *softc = control_softc;
13418	struct ctl_thread *thr;
13419
13420	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13421	mtx_lock(&thr->queue_lock);
13422	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13423	mtx_unlock(&thr->queue_lock);
13424	wakeup(thr);
13425}
13426
13427static void
13428ctl_enqueue_done(union ctl_io *io)
13429{
13430	struct ctl_softc *softc = control_softc;
13431	struct ctl_thread *thr;
13432
13433	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13434	mtx_lock(&thr->queue_lock);
13435	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13436	mtx_unlock(&thr->queue_lock);
13437	wakeup(thr);
13438}
13439
13440static void
13441ctl_enqueue_isc(union ctl_io *io)
13442{
13443	struct ctl_softc *softc = control_softc;
13444	struct ctl_thread *thr;
13445
13446	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13447	mtx_lock(&thr->queue_lock);
13448	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13449	mtx_unlock(&thr->queue_lock);
13450	wakeup(thr);
13451}
13452
13453/* Initialization and failover */
13454
13455void
13456ctl_init_isc_msg(void)
13457{
13458	printf("CTL: Still calling this thing\n");
13459}
13460
13461/*
13462 * Init component
13463 * 	Initializes component into configuration defined by bootMode
13464 *	(see hasc-sv.c)
13465 *  	returns hasc_Status:
13466 * 		OK
13467 *		ERROR - fatal error
13468 */
13469static ctl_ha_comp_status
13470ctl_isc_init(struct ctl_ha_component *c)
13471{
13472	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13473
13474	c->status = ret;
13475	return ret;
13476}
13477
13478/* Start component
13479 * 	Starts component in state requested. If component starts successfully,
13480 *	it must set its own state to the requestrd state
13481 *	When requested state is HASC_STATE_HA, the component may refine it
13482 * 	by adding _SLAVE or _MASTER flags.
13483 *	Currently allowed state transitions are:
13484 *	UNKNOWN->HA		- initial startup
13485 *	UNKNOWN->SINGLE - initial startup when no parter detected
13486 *	HA->SINGLE		- failover
13487 * returns ctl_ha_comp_status:
13488 * 		OK	- component successfully started in requested state
13489 *		FAILED  - could not start the requested state, failover may
13490 * 			  be possible
13491 *		ERROR	- fatal error detected, no future startup possible
13492 */
13493static ctl_ha_comp_status
13494ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
13495{
13496	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13497
13498	printf("%s: go\n", __func__);
13499
13500	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
13501	if (c->state == CTL_HA_STATE_UNKNOWN ) {
13502		ctl_is_single = 0;
13503		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
13504		    != CTL_HA_STATUS_SUCCESS) {
13505			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
13506			ret = CTL_HA_COMP_STATUS_ERROR;
13507		}
13508	} else if (CTL_HA_STATE_IS_HA(c->state)
13509		&& CTL_HA_STATE_IS_SINGLE(state)){
13510		// HA->SINGLE transition
13511	        ctl_failover();
13512		ctl_is_single = 1;
13513	} else {
13514		printf("ctl_isc_start:Invalid state transition %X->%X\n",
13515		       c->state, state);
13516		ret = CTL_HA_COMP_STATUS_ERROR;
13517	}
13518	if (CTL_HA_STATE_IS_SINGLE(state))
13519		ctl_is_single = 1;
13520
13521	c->state = state;
13522	c->status = ret;
13523	return ret;
13524}
13525
13526/*
13527 * Quiesce component
13528 * The component must clear any error conditions (set status to OK) and
13529 * prepare itself to another Start call
13530 * returns ctl_ha_comp_status:
13531 * 	OK
13532 *	ERROR
13533 */
13534static ctl_ha_comp_status
13535ctl_isc_quiesce(struct ctl_ha_component *c)
13536{
13537	int ret = CTL_HA_COMP_STATUS_OK;
13538
13539	ctl_pause_rtr = 1;
13540	c->status = ret;
13541	return ret;
13542}
13543
13544struct ctl_ha_component ctl_ha_component_ctlisc =
13545{
13546	.name = "CTL ISC",
13547	.state = CTL_HA_STATE_UNKNOWN,
13548	.init = ctl_isc_init,
13549	.start = ctl_isc_start,
13550	.quiesce = ctl_isc_quiesce
13551};
13552
13553/*
13554 *  vim: ts=8
13555 */
13556