ctl.c revision 268362 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 268362 2014-07-07 09:37:22Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/kernel.h>
50#include <sys/types.h>
51#include <sys/kthread.h>
52#include <sys/bio.h>
53#include <sys/fcntl.h>
54#include <sys/lock.h>
55#include <sys/module.h>
56#include <sys/mutex.h>
57#include <sys/condvar.h>
58#include <sys/malloc.h>
59#include <sys/conf.h>
60#include <sys/ioccom.h>
61#include <sys/queue.h>
62#include <sys/sbuf.h>
63#include <sys/smp.h>
64#include <sys/endian.h>
65#include <sys/sysctl.h>
66
67#include <cam/cam.h>
68#include <cam/scsi/scsi_all.h>
69#include <cam/scsi/scsi_da.h>
70#include <cam/ctl/ctl_io.h>
71#include <cam/ctl/ctl.h>
72#include <cam/ctl/ctl_frontend.h>
73#include <cam/ctl/ctl_frontend_internal.h>
74#include <cam/ctl/ctl_util.h>
75#include <cam/ctl/ctl_backend.h>
76#include <cam/ctl/ctl_ioctl.h>
77#include <cam/ctl/ctl_ha.h>
78#include <cam/ctl/ctl_private.h>
79#include <cam/ctl/ctl_debug.h>
80#include <cam/ctl/ctl_scsi_all.h>
81#include <cam/ctl/ctl_error.h>
82
83struct ctl_softc *control_softc = NULL;
84
85/*
86 * Size and alignment macros needed for Copan-specific HA hardware.  These
87 * can go away when the HA code is re-written, and uses busdma for any
88 * hardware.
89 */
90#define	CTL_ALIGN_8B(target, source, type)				\
91	if (((uint32_t)source & 0x7) != 0)				\
92		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
93	else								\
94		target = (type)source;
95
96#define	CTL_SIZE_8B(target, size)					\
97	if ((size & 0x7) != 0)						\
98		target = size + (0x8 - (size & 0x7));			\
99	else								\
100		target = size;
101
102#define CTL_ALIGN_8B_MARGIN	16
103
104/*
105 * Template mode pages.
106 */
107
108/*
109 * Note that these are default values only.  The actual values will be
110 * filled in when the user does a mode sense.
111 */
112static struct copan_power_subpage power_page_default = {
113	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
114	/*subpage*/ PWR_SUBPAGE_CODE,
115	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
116			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
117	/*page_version*/ PWR_VERSION,
118	/* total_luns */ 26,
119	/* max_active_luns*/ PWR_DFLT_MAX_LUNS,
120	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
121		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
122		      0, 0, 0, 0, 0, 0}
123};
124
125static struct copan_power_subpage power_page_changeable = {
126	/*page_code*/ PWR_PAGE_CODE | SMPH_SPF,
127	/*subpage*/ PWR_SUBPAGE_CODE,
128	/*page_length*/ {(sizeof(struct copan_power_subpage) - 4) & 0xff00,
129			 (sizeof(struct copan_power_subpage) - 4) & 0x00ff},
130	/*page_version*/ 0,
131	/* total_luns */ 0,
132	/* max_active_luns*/ 0,
133	/*reserved*/ {0, 0, 0, 0, 0, 0, 0, 0, 0,
134		      0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
135		      0, 0, 0, 0, 0, 0}
136};
137
138static struct copan_aps_subpage aps_page_default = {
139	APS_PAGE_CODE | SMPH_SPF, //page_code
140	APS_SUBPAGE_CODE, //subpage
141	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
142	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
143	APS_VERSION, //page_version
144	0, //lock_active
145	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
146	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
147	0, 0, 0, 0, 0} //reserved
148};
149
150static struct copan_aps_subpage aps_page_changeable = {
151	APS_PAGE_CODE | SMPH_SPF, //page_code
152	APS_SUBPAGE_CODE, //subpage
153	{(sizeof(struct copan_aps_subpage) - 4) & 0xff00,
154	 (sizeof(struct copan_aps_subpage) - 4) & 0x00ff}, //page_length
155	0, //page_version
156	0, //lock_active
157	{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
158	0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
159	0, 0, 0, 0, 0} //reserved
160};
161
162static struct copan_debugconf_subpage debugconf_page_default = {
163	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
164	DBGCNF_SUBPAGE_CODE,		/* subpage */
165	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
166	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
167	DBGCNF_VERSION,			/* page_version */
168	{CTL_TIME_IO_DEFAULT_SECS>>8,
169	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
170};
171
172static struct copan_debugconf_subpage debugconf_page_changeable = {
173	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
174	DBGCNF_SUBPAGE_CODE,		/* subpage */
175	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
176	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
177	0,				/* page_version */
178	{0xff,0xff},			/* ctl_time_io_secs */
179};
180
181static struct scsi_format_page format_page_default = {
182	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
183	/*page_length*/sizeof(struct scsi_format_page) - 2,
184	/*tracks_per_zone*/ {0, 0},
185	/*alt_sectors_per_zone*/ {0, 0},
186	/*alt_tracks_per_zone*/ {0, 0},
187	/*alt_tracks_per_lun*/ {0, 0},
188	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
189			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
190	/*bytes_per_sector*/ {0, 0},
191	/*interleave*/ {0, 0},
192	/*track_skew*/ {0, 0},
193	/*cylinder_skew*/ {0, 0},
194	/*flags*/ SFP_HSEC,
195	/*reserved*/ {0, 0, 0}
196};
197
198static struct scsi_format_page format_page_changeable = {
199	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
200	/*page_length*/sizeof(struct scsi_format_page) - 2,
201	/*tracks_per_zone*/ {0, 0},
202	/*alt_sectors_per_zone*/ {0, 0},
203	/*alt_tracks_per_zone*/ {0, 0},
204	/*alt_tracks_per_lun*/ {0, 0},
205	/*sectors_per_track*/ {0, 0},
206	/*bytes_per_sector*/ {0, 0},
207	/*interleave*/ {0, 0},
208	/*track_skew*/ {0, 0},
209	/*cylinder_skew*/ {0, 0},
210	/*flags*/ 0,
211	/*reserved*/ {0, 0, 0}
212};
213
214static struct scsi_rigid_disk_page rigid_disk_page_default = {
215	/*page_code*/SMS_RIGID_DISK_PAGE,
216	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
217	/*cylinders*/ {0, 0, 0},
218	/*heads*/ CTL_DEFAULT_HEADS,
219	/*start_write_precomp*/ {0, 0, 0},
220	/*start_reduced_current*/ {0, 0, 0},
221	/*step_rate*/ {0, 0},
222	/*landing_zone_cylinder*/ {0, 0, 0},
223	/*rpl*/ SRDP_RPL_DISABLED,
224	/*rotational_offset*/ 0,
225	/*reserved1*/ 0,
226	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
227			   CTL_DEFAULT_ROTATION_RATE & 0xff},
228	/*reserved2*/ {0, 0}
229};
230
231static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
232	/*page_code*/SMS_RIGID_DISK_PAGE,
233	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
234	/*cylinders*/ {0, 0, 0},
235	/*heads*/ 0,
236	/*start_write_precomp*/ {0, 0, 0},
237	/*start_reduced_current*/ {0, 0, 0},
238	/*step_rate*/ {0, 0},
239	/*landing_zone_cylinder*/ {0, 0, 0},
240	/*rpl*/ 0,
241	/*rotational_offset*/ 0,
242	/*reserved1*/ 0,
243	/*rotation_rate*/ {0, 0},
244	/*reserved2*/ {0, 0}
245};
246
247static struct scsi_caching_page caching_page_default = {
248	/*page_code*/SMS_CACHING_PAGE,
249	/*page_length*/sizeof(struct scsi_caching_page) - 2,
250	/*flags1*/ SCP_DISC | SCP_WCE,
251	/*ret_priority*/ 0,
252	/*disable_pf_transfer_len*/ {0xff, 0xff},
253	/*min_prefetch*/ {0, 0},
254	/*max_prefetch*/ {0xff, 0xff},
255	/*max_pf_ceiling*/ {0xff, 0xff},
256	/*flags2*/ 0,
257	/*cache_segments*/ 0,
258	/*cache_seg_size*/ {0, 0},
259	/*reserved*/ 0,
260	/*non_cache_seg_size*/ {0, 0, 0}
261};
262
263static struct scsi_caching_page caching_page_changeable = {
264	/*page_code*/SMS_CACHING_PAGE,
265	/*page_length*/sizeof(struct scsi_caching_page) - 2,
266	/*flags1*/ 0,
267	/*ret_priority*/ 0,
268	/*disable_pf_transfer_len*/ {0, 0},
269	/*min_prefetch*/ {0, 0},
270	/*max_prefetch*/ {0, 0},
271	/*max_pf_ceiling*/ {0, 0},
272	/*flags2*/ 0,
273	/*cache_segments*/ 0,
274	/*cache_seg_size*/ {0, 0},
275	/*reserved*/ 0,
276	/*non_cache_seg_size*/ {0, 0, 0}
277};
278
279static struct scsi_control_page control_page_default = {
280	/*page_code*/SMS_CONTROL_MODE_PAGE,
281	/*page_length*/sizeof(struct scsi_control_page) - 2,
282	/*rlec*/0,
283	/*queue_flags*/0,
284	/*eca_and_aen*/0,
285	/*reserved*/0,
286	/*aen_holdoff_period*/{0, 0}
287};
288
289static struct scsi_control_page control_page_changeable = {
290	/*page_code*/SMS_CONTROL_MODE_PAGE,
291	/*page_length*/sizeof(struct scsi_control_page) - 2,
292	/*rlec*/SCP_DSENSE,
293	/*queue_flags*/0,
294	/*eca_and_aen*/0,
295	/*reserved*/0,
296	/*aen_holdoff_period*/{0, 0}
297};
298
299
300/*
301 * XXX KDM move these into the softc.
302 */
303static int rcv_sync_msg;
304static int persis_offset;
305static uint8_t ctl_pause_rtr;
306static int     ctl_is_single = 1;
307static int     index_to_aps_page;
308
309SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
310static int worker_threads = -1;
311SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
312    &worker_threads, 1, "Number of worker threads");
313static int verbose = 0;
314SYSCTL_INT(_kern_cam_ctl, OID_AUTO, verbose, CTLFLAG_RWTUN,
315    &verbose, 0, "Show SCSI errors returned to initiator");
316
317/*
318 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
319 * SCSI Ports (0x88), Block limits (0xB0) and
320 * Logical Block Provisioning (0xB2)
321 */
322#define SCSI_EVPD_NUM_SUPPORTED_PAGES	6
323
324static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
325				  int param);
326static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
327static int ctl_init(void);
328void ctl_shutdown(void);
329static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
330static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
331static void ctl_ioctl_online(void *arg);
332static void ctl_ioctl_offline(void *arg);
333static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
334static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
335static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
336static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
337static int ctl_ioctl_submit_wait(union ctl_io *io);
338static void ctl_ioctl_datamove(union ctl_io *io);
339static void ctl_ioctl_done(union ctl_io *io);
340static void ctl_ioctl_hard_startstop_callback(void *arg,
341					      struct cfi_metatask *metatask);
342static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
343static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
344			      struct ctl_ooa *ooa_hdr,
345			      struct ctl_ooa_entry *kern_entries);
346static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
347		     struct thread *td);
348uint32_t ctl_get_resindex(struct ctl_nexus *nexus);
349uint32_t ctl_port_idx(int port_num);
350static uint32_t ctl_map_lun(int port_num, uint32_t lun);
351static uint32_t ctl_map_lun_back(int port_num, uint32_t lun);
352#ifdef unused
353static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
354				   uint32_t targ_target, uint32_t targ_lun,
355				   int can_wait);
356static void ctl_kfree_io(union ctl_io *io);
357#endif /* unused */
358static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
359			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
360static int ctl_free_lun(struct ctl_lun *lun);
361static void ctl_create_lun(struct ctl_be_lun *be_lun);
362/**
363static void ctl_failover_change_pages(struct ctl_softc *softc,
364				      struct ctl_scsiio *ctsio, int master);
365**/
366
367static int ctl_do_mode_select(union ctl_io *io);
368static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
369			   uint64_t res_key, uint64_t sa_res_key,
370			   uint8_t type, uint32_t residx,
371			   struct ctl_scsiio *ctsio,
372			   struct scsi_per_res_out *cdb,
373			   struct scsi_per_res_out_parms* param);
374static void ctl_pro_preempt_other(struct ctl_lun *lun,
375				  union ctl_ha_msg *msg);
376static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
377static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
378static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
379static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
380static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
381					 int alloc_len);
382static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
383					 int alloc_len);
384static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
385static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
386static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
387static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint32_t *len);
388static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
389static ctl_action ctl_check_for_blockage(union ctl_io *pending_io,
390					 union ctl_io *ooa_io);
391static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
392				union ctl_io *starting_io);
393static int ctl_check_blocked(struct ctl_lun *lun);
394static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
395				struct ctl_lun *lun,
396				const struct ctl_cmd_entry *entry,
397				struct ctl_scsiio *ctsio);
398//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
399static void ctl_failover(void);
400static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
401			       struct ctl_scsiio *ctsio);
402static int ctl_scsiio(struct ctl_scsiio *ctsio);
403
404static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
405static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
406			    ctl_ua_type ua_type);
407static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
408			 ctl_ua_type ua_type);
409static int ctl_abort_task(union ctl_io *io);
410static int ctl_abort_task_set(union ctl_io *io);
411static int ctl_i_t_nexus_reset(union ctl_io *io);
412static void ctl_run_task(union ctl_io *io);
413#ifdef CTL_IO_DELAY
414static void ctl_datamove_timer_wakeup(void *arg);
415static void ctl_done_timer_wakeup(void *arg);
416#endif /* CTL_IO_DELAY */
417
418static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
419static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
420static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
421static void ctl_datamove_remote_write(union ctl_io *io);
422static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
423static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
424static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
425static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
426				    ctl_ha_dt_cb callback);
427static void ctl_datamove_remote_read(union ctl_io *io);
428static void ctl_datamove_remote(union ctl_io *io);
429static int ctl_process_done(union ctl_io *io);
430static void ctl_lun_thread(void *arg);
431static void ctl_work_thread(void *arg);
432static void ctl_enqueue_incoming(union ctl_io *io);
433static void ctl_enqueue_rtr(union ctl_io *io);
434static void ctl_enqueue_done(union ctl_io *io);
435static void ctl_enqueue_isc(union ctl_io *io);
436static const struct ctl_cmd_entry *
437    ctl_get_cmd_entry(struct ctl_scsiio *ctsio);
438static const struct ctl_cmd_entry *
439    ctl_validate_command(struct ctl_scsiio *ctsio);
440static int ctl_cmd_applicable(uint8_t lun_type,
441    const struct ctl_cmd_entry *entry);
442
443/*
444 * Load the serialization table.  This isn't very pretty, but is probably
445 * the easiest way to do it.
446 */
447#include "ctl_ser_table.c"
448
449/*
450 * We only need to define open, close and ioctl routines for this driver.
451 */
452static struct cdevsw ctl_cdevsw = {
453	.d_version =	D_VERSION,
454	.d_flags =	0,
455	.d_open =	ctl_open,
456	.d_close =	ctl_close,
457	.d_ioctl =	ctl_ioctl,
458	.d_name =	"ctl",
459};
460
461
462MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
463MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
464
465static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
466
467static moduledata_t ctl_moduledata = {
468	"ctl",
469	ctl_module_event_handler,
470	NULL
471};
472
473DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
474MODULE_VERSION(ctl, 1);
475
476static struct ctl_frontend ioctl_frontend =
477{
478	.name = "ioctl",
479};
480
481static void
482ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
483			    union ctl_ha_msg *msg_info)
484{
485	struct ctl_scsiio *ctsio;
486
487	if (msg_info->hdr.original_sc == NULL) {
488		printf("%s: original_sc == NULL!\n", __func__);
489		/* XXX KDM now what? */
490		return;
491	}
492
493	ctsio = &msg_info->hdr.original_sc->scsiio;
494	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
495	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
496	ctsio->io_hdr.status = msg_info->hdr.status;
497	ctsio->scsi_status = msg_info->scsi.scsi_status;
498	ctsio->sense_len = msg_info->scsi.sense_len;
499	ctsio->sense_residual = msg_info->scsi.sense_residual;
500	ctsio->residual = msg_info->scsi.residual;
501	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
502	       sizeof(ctsio->sense_data));
503	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
504	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
505	ctl_enqueue_isc((union ctl_io *)ctsio);
506}
507
508static void
509ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
510				union ctl_ha_msg *msg_info)
511{
512	struct ctl_scsiio *ctsio;
513
514	if (msg_info->hdr.serializing_sc == NULL) {
515		printf("%s: serializing_sc == NULL!\n", __func__);
516		/* XXX KDM now what? */
517		return;
518	}
519
520	ctsio = &msg_info->hdr.serializing_sc->scsiio;
521#if 0
522	/*
523	 * Attempt to catch the situation where an I/O has
524	 * been freed, and we're using it again.
525	 */
526	if (ctsio->io_hdr.io_type == 0xff) {
527		union ctl_io *tmp_io;
528		tmp_io = (union ctl_io *)ctsio;
529		printf("%s: %p use after free!\n", __func__,
530		       ctsio);
531		printf("%s: type %d msg %d cdb %x iptl: "
532		       "%d:%d:%d:%d tag 0x%04x "
533		       "flag %#x status %x\n",
534			__func__,
535			tmp_io->io_hdr.io_type,
536			tmp_io->io_hdr.msg_type,
537			tmp_io->scsiio.cdb[0],
538			tmp_io->io_hdr.nexus.initid.id,
539			tmp_io->io_hdr.nexus.targ_port,
540			tmp_io->io_hdr.nexus.targ_target.id,
541			tmp_io->io_hdr.nexus.targ_lun,
542			(tmp_io->io_hdr.io_type ==
543			CTL_IO_TASK) ?
544			tmp_io->taskio.tag_num :
545			tmp_io->scsiio.tag_num,
546		        tmp_io->io_hdr.flags,
547			tmp_io->io_hdr.status);
548	}
549#endif
550	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
551	ctl_enqueue_isc((union ctl_io *)ctsio);
552}
553
554/*
555 * ISC (Inter Shelf Communication) event handler.  Events from the HA
556 * subsystem come in here.
557 */
558static void
559ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
560{
561	struct ctl_softc *ctl_softc;
562	union ctl_io *io;
563	struct ctl_prio *presio;
564	ctl_ha_status isc_status;
565
566	ctl_softc = control_softc;
567	io = NULL;
568
569
570#if 0
571	printf("CTL: Isc Msg event %d\n", event);
572#endif
573	if (event == CTL_HA_EVT_MSG_RECV) {
574		union ctl_ha_msg msg_info;
575
576		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
577					     sizeof(msg_info), /*wait*/ 0);
578#if 0
579		printf("CTL: msg_type %d\n", msg_info.msg_type);
580#endif
581		if (isc_status != 0) {
582			printf("Error receiving message, status = %d\n",
583			       isc_status);
584			return;
585		}
586
587		switch (msg_info.hdr.msg_type) {
588		case CTL_MSG_SERIALIZE:
589#if 0
590			printf("Serialize\n");
591#endif
592			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
593			if (io == NULL) {
594				printf("ctl_isc_event_handler: can't allocate "
595				       "ctl_io!\n");
596				/* Bad Juju */
597				/* Need to set busy and send msg back */
598				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
599				msg_info.hdr.status = CTL_SCSI_ERROR;
600				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
601				msg_info.scsi.sense_len = 0;
602			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
603				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
604				}
605				goto bailout;
606			}
607			ctl_zero_io(io);
608			// populate ctsio from msg_info
609			io->io_hdr.io_type = CTL_IO_SCSI;
610			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
611			io->io_hdr.original_sc = msg_info.hdr.original_sc;
612#if 0
613			printf("pOrig %x\n", (int)msg_info.original_sc);
614#endif
615			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
616					    CTL_FLAG_IO_ACTIVE;
617			/*
618			 * If we're in serialization-only mode, we don't
619			 * want to go through full done processing.  Thus
620			 * the COPY flag.
621			 *
622			 * XXX KDM add another flag that is more specific.
623			 */
624			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
625				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
626			io->io_hdr.nexus = msg_info.hdr.nexus;
627#if 0
628			printf("targ %d, port %d, iid %d, lun %d\n",
629			       io->io_hdr.nexus.targ_target.id,
630			       io->io_hdr.nexus.targ_port,
631			       io->io_hdr.nexus.initid.id,
632			       io->io_hdr.nexus.targ_lun);
633#endif
634			io->scsiio.tag_num = msg_info.scsi.tag_num;
635			io->scsiio.tag_type = msg_info.scsi.tag_type;
636			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
637			       CTL_MAX_CDBLEN);
638			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
639				const struct ctl_cmd_entry *entry;
640
641				entry = ctl_get_cmd_entry(&io->scsiio);
642				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
643				io->io_hdr.flags |=
644					entry->flags & CTL_FLAG_DATA_MASK;
645			}
646			ctl_enqueue_isc(io);
647			break;
648
649		/* Performed on the Originating SC, XFER mode only */
650		case CTL_MSG_DATAMOVE: {
651			struct ctl_sg_entry *sgl;
652			int i, j;
653
654			io = msg_info.hdr.original_sc;
655			if (io == NULL) {
656				printf("%s: original_sc == NULL!\n", __func__);
657				/* XXX KDM do something here */
658				break;
659			}
660			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
661			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
662			/*
663			 * Keep track of this, we need to send it back over
664			 * when the datamove is complete.
665			 */
666			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
667
668			if (msg_info.dt.sg_sequence == 0) {
669				/*
670				 * XXX KDM we use the preallocated S/G list
671				 * here, but we'll need to change this to
672				 * dynamic allocation if we need larger S/G
673				 * lists.
674				 */
675				if (msg_info.dt.kern_sg_entries >
676				    sizeof(io->io_hdr.remote_sglist) /
677				    sizeof(io->io_hdr.remote_sglist[0])) {
678					printf("%s: number of S/G entries "
679					    "needed %u > allocated num %zd\n",
680					    __func__,
681					    msg_info.dt.kern_sg_entries,
682					    sizeof(io->io_hdr.remote_sglist)/
683					    sizeof(io->io_hdr.remote_sglist[0]));
684
685					/*
686					 * XXX KDM send a message back to
687					 * the other side to shut down the
688					 * DMA.  The error will come back
689					 * through via the normal channel.
690					 */
691					break;
692				}
693				sgl = io->io_hdr.remote_sglist;
694				memset(sgl, 0,
695				       sizeof(io->io_hdr.remote_sglist));
696
697				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
698
699				io->scsiio.kern_sg_entries =
700					msg_info.dt.kern_sg_entries;
701				io->scsiio.rem_sg_entries =
702					msg_info.dt.kern_sg_entries;
703				io->scsiio.kern_data_len =
704					msg_info.dt.kern_data_len;
705				io->scsiio.kern_total_len =
706					msg_info.dt.kern_total_len;
707				io->scsiio.kern_data_resid =
708					msg_info.dt.kern_data_resid;
709				io->scsiio.kern_rel_offset =
710					msg_info.dt.kern_rel_offset;
711				/*
712				 * Clear out per-DMA flags.
713				 */
714				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
715				/*
716				 * Add per-DMA flags that are set for this
717				 * particular DMA request.
718				 */
719				io->io_hdr.flags |= msg_info.dt.flags &
720						    CTL_FLAG_RDMA_MASK;
721			} else
722				sgl = (struct ctl_sg_entry *)
723					io->scsiio.kern_data_ptr;
724
725			for (i = msg_info.dt.sent_sg_entries, j = 0;
726			     i < (msg_info.dt.sent_sg_entries +
727			     msg_info.dt.cur_sg_entries); i++, j++) {
728				sgl[i].addr = msg_info.dt.sg_list[j].addr;
729				sgl[i].len = msg_info.dt.sg_list[j].len;
730
731#if 0
732				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
733				       __func__,
734				       msg_info.dt.sg_list[j].addr,
735				       msg_info.dt.sg_list[j].len,
736				       sgl[i].addr, sgl[i].len, j, i);
737#endif
738			}
739#if 0
740			memcpy(&sgl[msg_info.dt.sent_sg_entries],
741			       msg_info.dt.sg_list,
742			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
743#endif
744
745			/*
746			 * If this is the last piece of the I/O, we've got
747			 * the full S/G list.  Queue processing in the thread.
748			 * Otherwise wait for the next piece.
749			 */
750			if (msg_info.dt.sg_last != 0)
751				ctl_enqueue_isc(io);
752			break;
753		}
754		/* Performed on the Serializing (primary) SC, XFER mode only */
755		case CTL_MSG_DATAMOVE_DONE: {
756			if (msg_info.hdr.serializing_sc == NULL) {
757				printf("%s: serializing_sc == NULL!\n",
758				       __func__);
759				/* XXX KDM now what? */
760				break;
761			}
762			/*
763			 * We grab the sense information here in case
764			 * there was a failure, so we can return status
765			 * back to the initiator.
766			 */
767			io = msg_info.hdr.serializing_sc;
768			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
769			io->io_hdr.status = msg_info.hdr.status;
770			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
771			io->scsiio.sense_len = msg_info.scsi.sense_len;
772			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
773			io->io_hdr.port_status = msg_info.scsi.fetd_status;
774			io->scsiio.residual = msg_info.scsi.residual;
775			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
776			       sizeof(io->scsiio.sense_data));
777			ctl_enqueue_isc(io);
778			break;
779		}
780
781		/* Preformed on Originating SC, SER_ONLY mode */
782		case CTL_MSG_R2R:
783			io = msg_info.hdr.original_sc;
784			if (io == NULL) {
785				printf("%s: Major Bummer\n", __func__);
786				return;
787			} else {
788#if 0
789				printf("pOrig %x\n",(int) ctsio);
790#endif
791			}
792			io->io_hdr.msg_type = CTL_MSG_R2R;
793			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
794			ctl_enqueue_isc(io);
795			break;
796
797		/*
798		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
799		 * mode.
800		 * Performed on the Originating (i.e. secondary) SC in XFER
801		 * mode
802		 */
803		case CTL_MSG_FINISH_IO:
804			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
805				ctl_isc_handler_finish_xfer(ctl_softc,
806							    &msg_info);
807			else
808				ctl_isc_handler_finish_ser_only(ctl_softc,
809								&msg_info);
810			break;
811
812		/* Preformed on Originating SC */
813		case CTL_MSG_BAD_JUJU:
814			io = msg_info.hdr.original_sc;
815			if (io == NULL) {
816				printf("%s: Bad JUJU!, original_sc is NULL!\n",
817				       __func__);
818				break;
819			}
820			ctl_copy_sense_data(&msg_info, io);
821			/*
822			 * IO should have already been cleaned up on other
823			 * SC so clear this flag so we won't send a message
824			 * back to finish the IO there.
825			 */
826			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
827			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
828
829			/* io = msg_info.hdr.serializing_sc; */
830			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
831			ctl_enqueue_isc(io);
832			break;
833
834		/* Handle resets sent from the other side */
835		case CTL_MSG_MANAGE_TASKS: {
836			struct ctl_taskio *taskio;
837			taskio = (struct ctl_taskio *)ctl_alloc_io(
838				(void *)ctl_softc->othersc_pool);
839			if (taskio == NULL) {
840				printf("ctl_isc_event_handler: can't allocate "
841				       "ctl_io!\n");
842				/* Bad Juju */
843				/* should I just call the proper reset func
844				   here??? */
845				goto bailout;
846			}
847			ctl_zero_io((union ctl_io *)taskio);
848			taskio->io_hdr.io_type = CTL_IO_TASK;
849			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
850			taskio->io_hdr.nexus = msg_info.hdr.nexus;
851			taskio->task_action = msg_info.task.task_action;
852			taskio->tag_num = msg_info.task.tag_num;
853			taskio->tag_type = msg_info.task.tag_type;
854#ifdef CTL_TIME_IO
855			taskio->io_hdr.start_time = time_uptime;
856			getbintime(&taskio->io_hdr.start_bt);
857#if 0
858			cs_prof_gettime(&taskio->io_hdr.start_ticks);
859#endif
860#endif /* CTL_TIME_IO */
861			ctl_run_task((union ctl_io *)taskio);
862			break;
863		}
864		/* Persistent Reserve action which needs attention */
865		case CTL_MSG_PERS_ACTION:
866			presio = (struct ctl_prio *)ctl_alloc_io(
867				(void *)ctl_softc->othersc_pool);
868			if (presio == NULL) {
869				printf("ctl_isc_event_handler: can't allocate "
870				       "ctl_io!\n");
871				/* Bad Juju */
872				/* Need to set busy and send msg back */
873				goto bailout;
874			}
875			ctl_zero_io((union ctl_io *)presio);
876			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
877			presio->pr_msg = msg_info.pr;
878			ctl_enqueue_isc((union ctl_io *)presio);
879			break;
880		case CTL_MSG_SYNC_FE:
881			rcv_sync_msg = 1;
882			break;
883		case CTL_MSG_APS_LOCK: {
884			// It's quicker to execute this then to
885			// queue it.
886			struct ctl_lun *lun;
887			struct ctl_page_index *page_index;
888			struct copan_aps_subpage *current_sp;
889			uint32_t targ_lun;
890
891			targ_lun = msg_info.hdr.nexus.targ_mapped_lun;
892			lun = ctl_softc->ctl_luns[targ_lun];
893			mtx_lock(&lun->lun_lock);
894			page_index = &lun->mode_pages.index[index_to_aps_page];
895			current_sp = (struct copan_aps_subpage *)
896				     (page_index->page_data +
897				     (page_index->page_len * CTL_PAGE_CURRENT));
898
899			current_sp->lock_active = msg_info.aps.lock_flag;
900			mtx_unlock(&lun->lun_lock);
901		        break;
902		}
903		default:
904		        printf("How did I get here?\n");
905		}
906	} else if (event == CTL_HA_EVT_MSG_SENT) {
907		if (param != CTL_HA_STATUS_SUCCESS) {
908			printf("Bad status from ctl_ha_msg_send status %d\n",
909			       param);
910		}
911		return;
912	} else if (event == CTL_HA_EVT_DISCONNECT) {
913		printf("CTL: Got a disconnect from Isc\n");
914		return;
915	} else {
916		printf("ctl_isc_event_handler: Unknown event %d\n", event);
917		return;
918	}
919
920bailout:
921	return;
922}
923
924static void
925ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
926{
927	struct scsi_sense_data *sense;
928
929	sense = &dest->scsiio.sense_data;
930	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
931	dest->scsiio.scsi_status = src->scsi.scsi_status;
932	dest->scsiio.sense_len = src->scsi.sense_len;
933	dest->io_hdr.status = src->hdr.status;
934}
935
936static int
937ctl_init(void)
938{
939	struct ctl_softc *softc;
940	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
941	struct ctl_port *port;
942        uint8_t sc_id =0;
943	int i, error, retval;
944	//int isc_retval;
945
946	retval = 0;
947	ctl_pause_rtr = 0;
948        rcv_sync_msg = 0;
949
950	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
951			       M_WAITOK | M_ZERO);
952	softc = control_softc;
953
954	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
955			      "cam/ctl");
956
957	softc->dev->si_drv1 = softc;
958
959	/*
960	 * By default, return a "bad LUN" peripheral qualifier for unknown
961	 * LUNs.  The user can override this default using the tunable or
962	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
963	 */
964	softc->inquiry_pq_no_lun = 1;
965	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
966			  &softc->inquiry_pq_no_lun);
967	sysctl_ctx_init(&softc->sysctl_ctx);
968	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
969		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
970		CTLFLAG_RD, 0, "CAM Target Layer");
971
972	if (softc->sysctl_tree == NULL) {
973		printf("%s: unable to allocate sysctl tree\n", __func__);
974		destroy_dev(softc->dev);
975		free(control_softc, M_DEVBUF);
976		control_softc = NULL;
977		return (ENOMEM);
978	}
979
980	SYSCTL_ADD_INT(&softc->sysctl_ctx,
981		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
982		       "inquiry_pq_no_lun", CTLFLAG_RW,
983		       &softc->inquiry_pq_no_lun, 0,
984		       "Report no lun possible for invalid LUNs");
985
986	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
987	mtx_init(&softc->pool_lock, "CTL pool mutex", NULL, MTX_DEF);
988	softc->open_count = 0;
989
990	/*
991	 * Default to actually sending a SYNCHRONIZE CACHE command down to
992	 * the drive.
993	 */
994	softc->flags = CTL_FLAG_REAL_SYNC;
995
996	/*
997	 * In Copan's HA scheme, the "master" and "slave" roles are
998	 * figured out through the slot the controller is in.  Although it
999	 * is an active/active system, someone has to be in charge.
1000 	 */
1001#ifdef NEEDTOPORT
1002        scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
1003#endif
1004
1005        if (sc_id == 0) {
1006		softc->flags |= CTL_FLAG_MASTER_SHELF;
1007		persis_offset = 0;
1008	} else
1009		persis_offset = CTL_MAX_INITIATORS;
1010
1011	/*
1012	 * XXX KDM need to figure out where we want to get our target ID
1013	 * and WWID.  Is it different on each port?
1014	 */
1015	softc->target.id = 0;
1016	softc->target.wwid[0] = 0x12345678;
1017	softc->target.wwid[1] = 0x87654321;
1018	STAILQ_INIT(&softc->lun_list);
1019	STAILQ_INIT(&softc->pending_lun_queue);
1020	STAILQ_INIT(&softc->fe_list);
1021	STAILQ_INIT(&softc->port_list);
1022	STAILQ_INIT(&softc->be_list);
1023	STAILQ_INIT(&softc->io_pools);
1024
1025	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1026			    &internal_pool)!= 0){
1027		printf("ctl: can't allocate %d entry internal pool, "
1028		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1029		return (ENOMEM);
1030	}
1031
1032	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1033			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1034		printf("ctl: can't allocate %d entry emergency pool, "
1035		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1036		ctl_pool_free(internal_pool);
1037		return (ENOMEM);
1038	}
1039
1040	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1041	                    &other_pool) != 0)
1042	{
1043		printf("ctl: can't allocate %d entry other SC pool, "
1044		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1045		ctl_pool_free(internal_pool);
1046		ctl_pool_free(emergency_pool);
1047		return (ENOMEM);
1048	}
1049
1050	softc->internal_pool = internal_pool;
1051	softc->emergency_pool = emergency_pool;
1052	softc->othersc_pool = other_pool;
1053
1054	if (worker_threads <= 0)
1055		worker_threads = max(1, mp_ncpus / 4);
1056	if (worker_threads > CTL_MAX_THREADS)
1057		worker_threads = CTL_MAX_THREADS;
1058
1059	for (i = 0; i < worker_threads; i++) {
1060		struct ctl_thread *thr = &softc->threads[i];
1061
1062		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1063		thr->ctl_softc = softc;
1064		STAILQ_INIT(&thr->incoming_queue);
1065		STAILQ_INIT(&thr->rtr_queue);
1066		STAILQ_INIT(&thr->done_queue);
1067		STAILQ_INIT(&thr->isc_queue);
1068
1069		error = kproc_kthread_add(ctl_work_thread, thr,
1070		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1071		if (error != 0) {
1072			printf("error creating CTL work thread!\n");
1073			ctl_pool_free(internal_pool);
1074			ctl_pool_free(emergency_pool);
1075			ctl_pool_free(other_pool);
1076			return (error);
1077		}
1078	}
1079	error = kproc_kthread_add(ctl_lun_thread, softc,
1080	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1081	if (error != 0) {
1082		printf("error creating CTL lun thread!\n");
1083		ctl_pool_free(internal_pool);
1084		ctl_pool_free(emergency_pool);
1085		ctl_pool_free(other_pool);
1086		return (error);
1087	}
1088	if (bootverbose)
1089		printf("ctl: CAM Target Layer loaded\n");
1090
1091	/*
1092	 * Initialize the ioctl front end.
1093	 */
1094	ctl_frontend_register(&ioctl_frontend);
1095	port = &softc->ioctl_info.port;
1096	port->frontend = &ioctl_frontend;
1097	sprintf(softc->ioctl_info.port_name, "ioctl");
1098	port->port_type = CTL_PORT_IOCTL;
1099	port->num_requested_ctl_io = 100;
1100	port->port_name = softc->ioctl_info.port_name;
1101	port->port_online = ctl_ioctl_online;
1102	port->port_offline = ctl_ioctl_offline;
1103	port->onoff_arg = &softc->ioctl_info;
1104	port->lun_enable = ctl_ioctl_lun_enable;
1105	port->lun_disable = ctl_ioctl_lun_disable;
1106	port->targ_lun_arg = &softc->ioctl_info;
1107	port->fe_datamove = ctl_ioctl_datamove;
1108	port->fe_done = ctl_ioctl_done;
1109	port->max_targets = 15;
1110	port->max_target_id = 15;
1111
1112	if (ctl_port_register(&softc->ioctl_info.port,
1113	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1114		printf("ctl: ioctl front end registration failed, will "
1115		       "continue anyway\n");
1116	}
1117
1118#ifdef CTL_IO_DELAY
1119	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1120		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1121		       sizeof(struct callout), CTL_TIMER_BYTES);
1122		return (EINVAL);
1123	}
1124#endif /* CTL_IO_DELAY */
1125
1126	return (0);
1127}
1128
1129void
1130ctl_shutdown(void)
1131{
1132	struct ctl_softc *softc;
1133	struct ctl_lun *lun, *next_lun;
1134	struct ctl_io_pool *pool;
1135
1136	softc = (struct ctl_softc *)control_softc;
1137
1138	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1139		printf("ctl: ioctl front end deregistration failed\n");
1140
1141	mtx_lock(&softc->ctl_lock);
1142
1143	/*
1144	 * Free up each LUN.
1145	 */
1146	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1147		next_lun = STAILQ_NEXT(lun, links);
1148		ctl_free_lun(lun);
1149	}
1150
1151	mtx_unlock(&softc->ctl_lock);
1152
1153	ctl_frontend_deregister(&ioctl_frontend);
1154
1155	/*
1156	 * This will rip the rug out from under any FETDs or anyone else
1157	 * that has a pool allocated.  Since we increment our module
1158	 * refcount any time someone outside the main CTL module allocates
1159	 * a pool, we shouldn't have any problems here.  The user won't be
1160	 * able to unload the CTL module until client modules have
1161	 * successfully unloaded.
1162	 */
1163	while ((pool = STAILQ_FIRST(&softc->io_pools)) != NULL)
1164		ctl_pool_free(pool);
1165
1166#if 0
1167	ctl_shutdown_thread(softc->work_thread);
1168	mtx_destroy(&softc->queue_lock);
1169#endif
1170
1171	mtx_destroy(&softc->pool_lock);
1172	mtx_destroy(&softc->ctl_lock);
1173
1174	destroy_dev(softc->dev);
1175
1176	sysctl_ctx_free(&softc->sysctl_ctx);
1177
1178	free(control_softc, M_DEVBUF);
1179	control_softc = NULL;
1180
1181	if (bootverbose)
1182		printf("ctl: CAM Target Layer unloaded\n");
1183}
1184
1185static int
1186ctl_module_event_handler(module_t mod, int what, void *arg)
1187{
1188
1189	switch (what) {
1190	case MOD_LOAD:
1191		return (ctl_init());
1192	case MOD_UNLOAD:
1193		return (EBUSY);
1194	default:
1195		return (EOPNOTSUPP);
1196	}
1197}
1198
1199/*
1200 * XXX KDM should we do some access checks here?  Bump a reference count to
1201 * prevent a CTL module from being unloaded while someone has it open?
1202 */
1203static int
1204ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1205{
1206	return (0);
1207}
1208
1209static int
1210ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1211{
1212	return (0);
1213}
1214
1215int
1216ctl_port_enable(ctl_port_type port_type)
1217{
1218	struct ctl_softc *softc;
1219	struct ctl_port *port;
1220
1221	if (ctl_is_single == 0) {
1222		union ctl_ha_msg msg_info;
1223		int isc_retval;
1224
1225#if 0
1226		printf("%s: HA mode, synchronizing frontend enable\n",
1227		        __func__);
1228#endif
1229		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1230	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1231		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1232			printf("Sync msg send error retval %d\n", isc_retval);
1233		}
1234		if (!rcv_sync_msg) {
1235			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1236			        sizeof(msg_info), 1);
1237		}
1238#if 0
1239        	printf("CTL:Frontend Enable\n");
1240	} else {
1241		printf("%s: single mode, skipping frontend synchronization\n",
1242		        __func__);
1243#endif
1244	}
1245
1246	softc = control_softc;
1247
1248	STAILQ_FOREACH(port, &softc->port_list, links) {
1249		if (port_type & port->port_type)
1250		{
1251#if 0
1252			printf("port %d\n", port->targ_port);
1253#endif
1254			ctl_port_online(port);
1255		}
1256	}
1257
1258	return (0);
1259}
1260
1261int
1262ctl_port_disable(ctl_port_type port_type)
1263{
1264	struct ctl_softc *softc;
1265	struct ctl_port *port;
1266
1267	softc = control_softc;
1268
1269	STAILQ_FOREACH(port, &softc->port_list, links) {
1270		if (port_type & port->port_type)
1271			ctl_port_offline(port);
1272	}
1273
1274	return (0);
1275}
1276
1277/*
1278 * Returns 0 for success, 1 for failure.
1279 * Currently the only failure mode is if there aren't enough entries
1280 * allocated.  So, in case of a failure, look at num_entries_dropped,
1281 * reallocate and try again.
1282 */
1283int
1284ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1285	      int *num_entries_filled, int *num_entries_dropped,
1286	      ctl_port_type port_type, int no_virtual)
1287{
1288	struct ctl_softc *softc;
1289	struct ctl_port *port;
1290	int entries_dropped, entries_filled;
1291	int retval;
1292	int i;
1293
1294	softc = control_softc;
1295
1296	retval = 0;
1297	entries_filled = 0;
1298	entries_dropped = 0;
1299
1300	i = 0;
1301	mtx_lock(&softc->ctl_lock);
1302	STAILQ_FOREACH(port, &softc->port_list, links) {
1303		struct ctl_port_entry *entry;
1304
1305		if ((port->port_type & port_type) == 0)
1306			continue;
1307
1308		if ((no_virtual != 0)
1309		 && (port->virtual_port != 0))
1310			continue;
1311
1312		if (entries_filled >= num_entries_alloced) {
1313			entries_dropped++;
1314			continue;
1315		}
1316		entry = &entries[i];
1317
1318		entry->port_type = port->port_type;
1319		strlcpy(entry->port_name, port->port_name,
1320			sizeof(entry->port_name));
1321		entry->physical_port = port->physical_port;
1322		entry->virtual_port = port->virtual_port;
1323		entry->wwnn = port->wwnn;
1324		entry->wwpn = port->wwpn;
1325
1326		i++;
1327		entries_filled++;
1328	}
1329
1330	mtx_unlock(&softc->ctl_lock);
1331
1332	if (entries_dropped > 0)
1333		retval = 1;
1334
1335	*num_entries_dropped = entries_dropped;
1336	*num_entries_filled = entries_filled;
1337
1338	return (retval);
1339}
1340
1341static void
1342ctl_ioctl_online(void *arg)
1343{
1344	struct ctl_ioctl_info *ioctl_info;
1345
1346	ioctl_info = (struct ctl_ioctl_info *)arg;
1347
1348	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1349}
1350
1351static void
1352ctl_ioctl_offline(void *arg)
1353{
1354	struct ctl_ioctl_info *ioctl_info;
1355
1356	ioctl_info = (struct ctl_ioctl_info *)arg;
1357
1358	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1359}
1360
1361/*
1362 * Remove an initiator by port number and initiator ID.
1363 * Returns 0 for success, -1 for failure.
1364 */
1365int
1366ctl_remove_initiator(struct ctl_port *port, int iid)
1367{
1368	struct ctl_softc *softc = control_softc;
1369
1370	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1371
1372	if (iid > CTL_MAX_INIT_PER_PORT) {
1373		printf("%s: initiator ID %u > maximun %u!\n",
1374		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1375		return (-1);
1376	}
1377
1378	mtx_lock(&softc->ctl_lock);
1379	port->wwpn_iid[iid].in_use--;
1380	port->wwpn_iid[iid].last_use = time_uptime;
1381	mtx_unlock(&softc->ctl_lock);
1382
1383	return (0);
1384}
1385
1386/*
1387 * Add an initiator to the initiator map.
1388 * Returns iid for success, < 0 for failure.
1389 */
1390int
1391ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1392{
1393	struct ctl_softc *softc = control_softc;
1394	time_t best_time;
1395	int i, best;
1396
1397	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1398
1399	if (iid >= CTL_MAX_INIT_PER_PORT) {
1400		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1401		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1402		free(name, M_CTL);
1403		return (-1);
1404	}
1405
1406	mtx_lock(&softc->ctl_lock);
1407
1408	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1409		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1410			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1411				iid = i;
1412				break;
1413			}
1414			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1415			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1416				iid = i;
1417				break;
1418			}
1419		}
1420	}
1421
1422	if (iid < 0) {
1423		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1424			if (port->wwpn_iid[i].in_use == 0 &&
1425			    port->wwpn_iid[i].wwpn == 0 &&
1426			    port->wwpn_iid[i].name == NULL) {
1427				iid = i;
1428				break;
1429			}
1430		}
1431	}
1432
1433	if (iid < 0) {
1434		best = -1;
1435		best_time = INT32_MAX;
1436		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1437			if (port->wwpn_iid[i].in_use == 0) {
1438				if (port->wwpn_iid[i].last_use < best_time) {
1439					best = i;
1440					best_time = port->wwpn_iid[i].last_use;
1441				}
1442			}
1443		}
1444		iid = best;
1445	}
1446
1447	if (iid < 0) {
1448		mtx_unlock(&softc->ctl_lock);
1449		free(name, M_CTL);
1450		return (-2);
1451	}
1452
1453	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1454		/*
1455		 * This is not an error yet.
1456		 */
1457		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1458#if 0
1459			printf("%s: port %d iid %u WWPN %#jx arrived"
1460			    " again\n", __func__, port->targ_port,
1461			    iid, (uintmax_t)wwpn);
1462#endif
1463			goto take;
1464		}
1465		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1466		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1467#if 0
1468			printf("%s: port %d iid %u name '%s' arrived"
1469			    " again\n", __func__, port->targ_port,
1470			    iid, name);
1471#endif
1472			goto take;
1473		}
1474
1475		/*
1476		 * This is an error, but what do we do about it?  The
1477		 * driver is telling us we have a new WWPN for this
1478		 * initiator ID, so we pretty much need to use it.
1479		 */
1480		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1481		    " but WWPN %#jx '%s' is still at that address\n",
1482		    __func__, port->targ_port, iid, wwpn, name,
1483		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1484		    port->wwpn_iid[iid].name);
1485
1486		/*
1487		 * XXX KDM clear have_ca and ua_pending on each LUN for
1488		 * this initiator.
1489		 */
1490	}
1491take:
1492	free(port->wwpn_iid[iid].name, M_CTL);
1493	port->wwpn_iid[iid].name = name;
1494	port->wwpn_iid[iid].wwpn = wwpn;
1495	port->wwpn_iid[iid].in_use++;
1496	mtx_unlock(&softc->ctl_lock);
1497
1498	return (iid);
1499}
1500
1501static int
1502ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1503{
1504	return (0);
1505}
1506
1507static int
1508ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1509{
1510	return (0);
1511}
1512
1513/*
1514 * Data movement routine for the CTL ioctl frontend port.
1515 */
1516static int
1517ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1518{
1519	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1520	struct ctl_sg_entry ext_entry, kern_entry;
1521	int ext_sglen, ext_sg_entries, kern_sg_entries;
1522	int ext_sg_start, ext_offset;
1523	int len_to_copy, len_copied;
1524	int kern_watermark, ext_watermark;
1525	int ext_sglist_malloced;
1526	int i, j;
1527
1528	ext_sglist_malloced = 0;
1529	ext_sg_start = 0;
1530	ext_offset = 0;
1531
1532	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1533
1534	/*
1535	 * If this flag is set, fake the data transfer.
1536	 */
1537	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1538		ctsio->ext_data_filled = ctsio->ext_data_len;
1539		goto bailout;
1540	}
1541
1542	/*
1543	 * To simplify things here, if we have a single buffer, stick it in
1544	 * a S/G entry and just make it a single entry S/G list.
1545	 */
1546	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1547		int len_seen;
1548
1549		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1550
1551		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1552							   M_WAITOK);
1553		ext_sglist_malloced = 1;
1554		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1555				   ext_sglen) != 0) {
1556			ctl_set_internal_failure(ctsio,
1557						 /*sks_valid*/ 0,
1558						 /*retry_count*/ 0);
1559			goto bailout;
1560		}
1561		ext_sg_entries = ctsio->ext_sg_entries;
1562		len_seen = 0;
1563		for (i = 0; i < ext_sg_entries; i++) {
1564			if ((len_seen + ext_sglist[i].len) >=
1565			     ctsio->ext_data_filled) {
1566				ext_sg_start = i;
1567				ext_offset = ctsio->ext_data_filled - len_seen;
1568				break;
1569			}
1570			len_seen += ext_sglist[i].len;
1571		}
1572	} else {
1573		ext_sglist = &ext_entry;
1574		ext_sglist->addr = ctsio->ext_data_ptr;
1575		ext_sglist->len = ctsio->ext_data_len;
1576		ext_sg_entries = 1;
1577		ext_sg_start = 0;
1578		ext_offset = ctsio->ext_data_filled;
1579	}
1580
1581	if (ctsio->kern_sg_entries > 0) {
1582		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1583		kern_sg_entries = ctsio->kern_sg_entries;
1584	} else {
1585		kern_sglist = &kern_entry;
1586		kern_sglist->addr = ctsio->kern_data_ptr;
1587		kern_sglist->len = ctsio->kern_data_len;
1588		kern_sg_entries = 1;
1589	}
1590
1591
1592	kern_watermark = 0;
1593	ext_watermark = ext_offset;
1594	len_copied = 0;
1595	for (i = ext_sg_start, j = 0;
1596	     i < ext_sg_entries && j < kern_sg_entries;) {
1597		uint8_t *ext_ptr, *kern_ptr;
1598
1599		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1600				      kern_sglist[j].len - kern_watermark);
1601
1602		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1603		ext_ptr = ext_ptr + ext_watermark;
1604		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1605			/*
1606			 * XXX KDM fix this!
1607			 */
1608			panic("need to implement bus address support");
1609#if 0
1610			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1611#endif
1612		} else
1613			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1614		kern_ptr = kern_ptr + kern_watermark;
1615
1616		kern_watermark += len_to_copy;
1617		ext_watermark += len_to_copy;
1618
1619		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1620		     CTL_FLAG_DATA_IN) {
1621			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1622					 "bytes to user\n", len_to_copy));
1623			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1624					 "to %p\n", kern_ptr, ext_ptr));
1625			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1626				ctl_set_internal_failure(ctsio,
1627							 /*sks_valid*/ 0,
1628							 /*retry_count*/ 0);
1629				goto bailout;
1630			}
1631		} else {
1632			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1633					 "bytes from user\n", len_to_copy));
1634			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1635					 "to %p\n", ext_ptr, kern_ptr));
1636			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1637				ctl_set_internal_failure(ctsio,
1638							 /*sks_valid*/ 0,
1639							 /*retry_count*/0);
1640				goto bailout;
1641			}
1642		}
1643
1644		len_copied += len_to_copy;
1645
1646		if (ext_sglist[i].len == ext_watermark) {
1647			i++;
1648			ext_watermark = 0;
1649		}
1650
1651		if (kern_sglist[j].len == kern_watermark) {
1652			j++;
1653			kern_watermark = 0;
1654		}
1655	}
1656
1657	ctsio->ext_data_filled += len_copied;
1658
1659	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1660			 "kern_sg_entries: %d\n", ext_sg_entries,
1661			 kern_sg_entries));
1662	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1663			 "kern_data_len = %d\n", ctsio->ext_data_len,
1664			 ctsio->kern_data_len));
1665
1666
1667	/* XXX KDM set residual?? */
1668bailout:
1669
1670	if (ext_sglist_malloced != 0)
1671		free(ext_sglist, M_CTL);
1672
1673	return (CTL_RETVAL_COMPLETE);
1674}
1675
1676/*
1677 * Serialize a command that went down the "wrong" side, and so was sent to
1678 * this controller for execution.  The logic is a little different than the
1679 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1680 * sent back to the other side, but in the success case, we execute the
1681 * command on this side (XFER mode) or tell the other side to execute it
1682 * (SER_ONLY mode).
1683 */
1684static int
1685ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1686{
1687	struct ctl_softc *ctl_softc;
1688	union ctl_ha_msg msg_info;
1689	struct ctl_lun *lun;
1690	int retval = 0;
1691	uint32_t targ_lun;
1692
1693	ctl_softc = control_softc;
1694
1695	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1696	lun = ctl_softc->ctl_luns[targ_lun];
1697	if (lun==NULL)
1698	{
1699		/*
1700		 * Why isn't LUN defined? The other side wouldn't
1701		 * send a cmd if the LUN is undefined.
1702		 */
1703		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1704
1705		/* "Logical unit not supported" */
1706		ctl_set_sense_data(&msg_info.scsi.sense_data,
1707				   lun,
1708				   /*sense_format*/SSD_TYPE_NONE,
1709				   /*current_error*/ 1,
1710				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1711				   /*asc*/ 0x25,
1712				   /*ascq*/ 0x00,
1713				   SSD_ELEM_NONE);
1714
1715		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1716		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1717		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1718		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1719		msg_info.hdr.serializing_sc = NULL;
1720		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1721	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1722				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1723		}
1724		return(1);
1725
1726	}
1727
1728	mtx_lock(&lun->lun_lock);
1729    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1730
1731	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1732		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1733		 ooa_links))) {
1734	case CTL_ACTION_BLOCK:
1735		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1736		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1737				  blocked_links);
1738		break;
1739	case CTL_ACTION_PASS:
1740	case CTL_ACTION_SKIP:
1741		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1742			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1743			ctl_enqueue_rtr((union ctl_io *)ctsio);
1744		} else {
1745
1746			/* send msg back to other side */
1747			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1748			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1749			msg_info.hdr.msg_type = CTL_MSG_R2R;
1750#if 0
1751			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1752#endif
1753		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1754			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1755			}
1756		}
1757		break;
1758	case CTL_ACTION_OVERLAP:
1759		/* OVERLAPPED COMMANDS ATTEMPTED */
1760		ctl_set_sense_data(&msg_info.scsi.sense_data,
1761				   lun,
1762				   /*sense_format*/SSD_TYPE_NONE,
1763				   /*current_error*/ 1,
1764				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1765				   /*asc*/ 0x4E,
1766				   /*ascq*/ 0x00,
1767				   SSD_ELEM_NONE);
1768
1769		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1770		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1771		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1772		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1773		msg_info.hdr.serializing_sc = NULL;
1774		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1775#if 0
1776		printf("BAD JUJU:Major Bummer Overlap\n");
1777#endif
1778		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1779		retval = 1;
1780		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1781		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1782		}
1783		break;
1784	case CTL_ACTION_OVERLAP_TAG:
1785		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1786		ctl_set_sense_data(&msg_info.scsi.sense_data,
1787				   lun,
1788				   /*sense_format*/SSD_TYPE_NONE,
1789				   /*current_error*/ 1,
1790				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1791				   /*asc*/ 0x4D,
1792				   /*ascq*/ ctsio->tag_num & 0xff,
1793				   SSD_ELEM_NONE);
1794
1795		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1796		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1797		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1798		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1799		msg_info.hdr.serializing_sc = NULL;
1800		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1801#if 0
1802		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1803#endif
1804		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1805		retval = 1;
1806		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1807		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1808		}
1809		break;
1810	case CTL_ACTION_ERROR:
1811	default:
1812		/* "Internal target failure" */
1813		ctl_set_sense_data(&msg_info.scsi.sense_data,
1814				   lun,
1815				   /*sense_format*/SSD_TYPE_NONE,
1816				   /*current_error*/ 1,
1817				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1818				   /*asc*/ 0x44,
1819				   /*ascq*/ 0x00,
1820				   SSD_ELEM_NONE);
1821
1822		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1823		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1824		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1825		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1826		msg_info.hdr.serializing_sc = NULL;
1827		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1828#if 0
1829		printf("BAD JUJU:Major Bummer HW Error\n");
1830#endif
1831		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1832		retval = 1;
1833		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1834		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1835		}
1836		break;
1837	}
1838	mtx_unlock(&lun->lun_lock);
1839	return (retval);
1840}
1841
1842static int
1843ctl_ioctl_submit_wait(union ctl_io *io)
1844{
1845	struct ctl_fe_ioctl_params params;
1846	ctl_fe_ioctl_state last_state;
1847	int done, retval;
1848
1849	retval = 0;
1850
1851	bzero(&params, sizeof(params));
1852
1853	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1854	cv_init(&params.sem, "ctlioccv");
1855	params.state = CTL_IOCTL_INPROG;
1856	last_state = params.state;
1857
1858	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1859
1860	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1861
1862	/* This shouldn't happen */
1863	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1864		return (retval);
1865
1866	done = 0;
1867
1868	do {
1869		mtx_lock(&params.ioctl_mtx);
1870		/*
1871		 * Check the state here, and don't sleep if the state has
1872		 * already changed (i.e. wakeup has already occured, but we
1873		 * weren't waiting yet).
1874		 */
1875		if (params.state == last_state) {
1876			/* XXX KDM cv_wait_sig instead? */
1877			cv_wait(&params.sem, &params.ioctl_mtx);
1878		}
1879		last_state = params.state;
1880
1881		switch (params.state) {
1882		case CTL_IOCTL_INPROG:
1883			/* Why did we wake up? */
1884			/* XXX KDM error here? */
1885			mtx_unlock(&params.ioctl_mtx);
1886			break;
1887		case CTL_IOCTL_DATAMOVE:
1888			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
1889
1890			/*
1891			 * change last_state back to INPROG to avoid
1892			 * deadlock on subsequent data moves.
1893			 */
1894			params.state = last_state = CTL_IOCTL_INPROG;
1895
1896			mtx_unlock(&params.ioctl_mtx);
1897			ctl_ioctl_do_datamove(&io->scsiio);
1898			/*
1899			 * Note that in some cases, most notably writes,
1900			 * this will queue the I/O and call us back later.
1901			 * In other cases, generally reads, this routine
1902			 * will immediately call back and wake us up,
1903			 * probably using our own context.
1904			 */
1905			io->scsiio.be_move_done(io);
1906			break;
1907		case CTL_IOCTL_DONE:
1908			mtx_unlock(&params.ioctl_mtx);
1909			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
1910			done = 1;
1911			break;
1912		default:
1913			mtx_unlock(&params.ioctl_mtx);
1914			/* XXX KDM error here? */
1915			break;
1916		}
1917	} while (done == 0);
1918
1919	mtx_destroy(&params.ioctl_mtx);
1920	cv_destroy(&params.sem);
1921
1922	return (CTL_RETVAL_COMPLETE);
1923}
1924
1925static void
1926ctl_ioctl_datamove(union ctl_io *io)
1927{
1928	struct ctl_fe_ioctl_params *params;
1929
1930	params = (struct ctl_fe_ioctl_params *)
1931		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1932
1933	mtx_lock(&params->ioctl_mtx);
1934	params->state = CTL_IOCTL_DATAMOVE;
1935	cv_broadcast(&params->sem);
1936	mtx_unlock(&params->ioctl_mtx);
1937}
1938
1939static void
1940ctl_ioctl_done(union ctl_io *io)
1941{
1942	struct ctl_fe_ioctl_params *params;
1943
1944	params = (struct ctl_fe_ioctl_params *)
1945		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1946
1947	mtx_lock(&params->ioctl_mtx);
1948	params->state = CTL_IOCTL_DONE;
1949	cv_broadcast(&params->sem);
1950	mtx_unlock(&params->ioctl_mtx);
1951}
1952
1953static void
1954ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
1955{
1956	struct ctl_fe_ioctl_startstop_info *sd_info;
1957
1958	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
1959
1960	sd_info->hs_info.status = metatask->status;
1961	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
1962	sd_info->hs_info.luns_complete =
1963		metatask->taskinfo.startstop.luns_complete;
1964	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
1965
1966	cv_broadcast(&sd_info->sem);
1967}
1968
1969static void
1970ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
1971{
1972	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
1973
1974	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
1975
1976	mtx_lock(fe_bbr_info->lock);
1977	fe_bbr_info->bbr_info->status = metatask->status;
1978	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
1979	fe_bbr_info->wakeup_done = 1;
1980	mtx_unlock(fe_bbr_info->lock);
1981
1982	cv_broadcast(&fe_bbr_info->sem);
1983}
1984
1985/*
1986 * Returns 0 for success, errno for failure.
1987 */
1988static int
1989ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1990		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1991{
1992	union ctl_io *io;
1993	int retval;
1994
1995	retval = 0;
1996
1997	mtx_lock(&lun->lun_lock);
1998	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1999	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2000	     ooa_links)) {
2001		struct ctl_ooa_entry *entry;
2002
2003		/*
2004		 * If we've got more than we can fit, just count the
2005		 * remaining entries.
2006		 */
2007		if (*cur_fill_num >= ooa_hdr->alloc_num)
2008			continue;
2009
2010		entry = &kern_entries[*cur_fill_num];
2011
2012		entry->tag_num = io->scsiio.tag_num;
2013		entry->lun_num = lun->lun;
2014#ifdef CTL_TIME_IO
2015		entry->start_bt = io->io_hdr.start_bt;
2016#endif
2017		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2018		entry->cdb_len = io->scsiio.cdb_len;
2019		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2020			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2021
2022		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2023			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2024
2025		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2026			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2027
2028		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2029			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2030
2031		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2032			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2033	}
2034	mtx_unlock(&lun->lun_lock);
2035
2036	return (retval);
2037}
2038
2039static void *
2040ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2041		 size_t error_str_len)
2042{
2043	void *kptr;
2044
2045	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2046
2047	if (copyin(user_addr, kptr, len) != 0) {
2048		snprintf(error_str, error_str_len, "Error copying %d bytes "
2049			 "from user address %p to kernel address %p", len,
2050			 user_addr, kptr);
2051		free(kptr, M_CTL);
2052		return (NULL);
2053	}
2054
2055	return (kptr);
2056}
2057
2058static void
2059ctl_free_args(int num_args, struct ctl_be_arg *args)
2060{
2061	int i;
2062
2063	if (args == NULL)
2064		return;
2065
2066	for (i = 0; i < num_args; i++) {
2067		free(args[i].kname, M_CTL);
2068		free(args[i].kvalue, M_CTL);
2069	}
2070
2071	free(args, M_CTL);
2072}
2073
2074static struct ctl_be_arg *
2075ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2076		char *error_str, size_t error_str_len)
2077{
2078	struct ctl_be_arg *args;
2079	int i;
2080
2081	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2082				error_str, error_str_len);
2083
2084	if (args == NULL)
2085		goto bailout;
2086
2087	for (i = 0; i < num_args; i++) {
2088		args[i].kname = NULL;
2089		args[i].kvalue = NULL;
2090	}
2091
2092	for (i = 0; i < num_args; i++) {
2093		uint8_t *tmpptr;
2094
2095		args[i].kname = ctl_copyin_alloc(args[i].name,
2096			args[i].namelen, error_str, error_str_len);
2097		if (args[i].kname == NULL)
2098			goto bailout;
2099
2100		if (args[i].kname[args[i].namelen - 1] != '\0') {
2101			snprintf(error_str, error_str_len, "Argument %d "
2102				 "name is not NUL-terminated", i);
2103			goto bailout;
2104		}
2105
2106		if (args[i].flags & CTL_BEARG_RD) {
2107			tmpptr = ctl_copyin_alloc(args[i].value,
2108				args[i].vallen, error_str, error_str_len);
2109			if (tmpptr == NULL)
2110				goto bailout;
2111			if ((args[i].flags & CTL_BEARG_ASCII)
2112			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2113				snprintf(error_str, error_str_len, "Argument "
2114				    "%d value is not NUL-terminated", i);
2115				goto bailout;
2116			}
2117			args[i].kvalue = tmpptr;
2118		} else {
2119			args[i].kvalue = malloc(args[i].vallen,
2120			    M_CTL, M_WAITOK | M_ZERO);
2121		}
2122	}
2123
2124	return (args);
2125bailout:
2126
2127	ctl_free_args(num_args, args);
2128
2129	return (NULL);
2130}
2131
2132static void
2133ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2134{
2135	int i;
2136
2137	for (i = 0; i < num_args; i++) {
2138		if (args[i].flags & CTL_BEARG_WR)
2139			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2140	}
2141}
2142
2143/*
2144 * Escape characters that are illegal or not recommended in XML.
2145 */
2146int
2147ctl_sbuf_printf_esc(struct sbuf *sb, char *str)
2148{
2149	int retval;
2150
2151	retval = 0;
2152
2153	for (; *str; str++) {
2154		switch (*str) {
2155		case '&':
2156			retval = sbuf_printf(sb, "&amp;");
2157			break;
2158		case '>':
2159			retval = sbuf_printf(sb, "&gt;");
2160			break;
2161		case '<':
2162			retval = sbuf_printf(sb, "&lt;");
2163			break;
2164		default:
2165			retval = sbuf_putc(sb, *str);
2166			break;
2167		}
2168
2169		if (retval != 0)
2170			break;
2171
2172	}
2173
2174	return (retval);
2175}
2176
2177static int
2178ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2179	  struct thread *td)
2180{
2181	struct ctl_softc *softc;
2182	int retval;
2183
2184	softc = control_softc;
2185
2186	retval = 0;
2187
2188	switch (cmd) {
2189	case CTL_IO: {
2190		union ctl_io *io;
2191		void *pool_tmp;
2192
2193		/*
2194		 * If we haven't been "enabled", don't allow any SCSI I/O
2195		 * to this FETD.
2196		 */
2197		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2198			retval = EPERM;
2199			break;
2200		}
2201
2202		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2203		if (io == NULL) {
2204			printf("ctl_ioctl: can't allocate ctl_io!\n");
2205			retval = ENOSPC;
2206			break;
2207		}
2208
2209		/*
2210		 * Need to save the pool reference so it doesn't get
2211		 * spammed by the user's ctl_io.
2212		 */
2213		pool_tmp = io->io_hdr.pool;
2214
2215		memcpy(io, (void *)addr, sizeof(*io));
2216
2217		io->io_hdr.pool = pool_tmp;
2218		/*
2219		 * No status yet, so make sure the status is set properly.
2220		 */
2221		io->io_hdr.status = CTL_STATUS_NONE;
2222
2223		/*
2224		 * The user sets the initiator ID, target and LUN IDs.
2225		 */
2226		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2227		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2228		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2229		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2230			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2231
2232		retval = ctl_ioctl_submit_wait(io);
2233
2234		if (retval != 0) {
2235			ctl_free_io(io);
2236			break;
2237		}
2238
2239		memcpy((void *)addr, io, sizeof(*io));
2240
2241		/* return this to our pool */
2242		ctl_free_io(io);
2243
2244		break;
2245	}
2246	case CTL_ENABLE_PORT:
2247	case CTL_DISABLE_PORT:
2248	case CTL_SET_PORT_WWNS: {
2249		struct ctl_port *port;
2250		struct ctl_port_entry *entry;
2251
2252		entry = (struct ctl_port_entry *)addr;
2253
2254		mtx_lock(&softc->ctl_lock);
2255		STAILQ_FOREACH(port, &softc->port_list, links) {
2256			int action, done;
2257
2258			action = 0;
2259			done = 0;
2260
2261			if ((entry->port_type == CTL_PORT_NONE)
2262			 && (entry->targ_port == port->targ_port)) {
2263				/*
2264				 * If the user only wants to enable or
2265				 * disable or set WWNs on a specific port,
2266				 * do the operation and we're done.
2267				 */
2268				action = 1;
2269				done = 1;
2270			} else if (entry->port_type & port->port_type) {
2271				/*
2272				 * Compare the user's type mask with the
2273				 * particular frontend type to see if we
2274				 * have a match.
2275				 */
2276				action = 1;
2277				done = 0;
2278
2279				/*
2280				 * Make sure the user isn't trying to set
2281				 * WWNs on multiple ports at the same time.
2282				 */
2283				if (cmd == CTL_SET_PORT_WWNS) {
2284					printf("%s: Can't set WWNs on "
2285					       "multiple ports\n", __func__);
2286					retval = EINVAL;
2287					break;
2288				}
2289			}
2290			if (action != 0) {
2291				/*
2292				 * XXX KDM we have to drop the lock here,
2293				 * because the online/offline operations
2294				 * can potentially block.  We need to
2295				 * reference count the frontends so they
2296				 * can't go away,
2297				 */
2298				mtx_unlock(&softc->ctl_lock);
2299
2300				if (cmd == CTL_ENABLE_PORT) {
2301					struct ctl_lun *lun;
2302
2303					STAILQ_FOREACH(lun, &softc->lun_list,
2304						       links) {
2305						port->lun_enable(port->targ_lun_arg,
2306						    lun->target,
2307						    lun->lun);
2308					}
2309
2310					ctl_port_online(port);
2311				} else if (cmd == CTL_DISABLE_PORT) {
2312					struct ctl_lun *lun;
2313
2314					ctl_port_offline(port);
2315
2316					STAILQ_FOREACH(lun, &softc->lun_list,
2317						       links) {
2318						port->lun_disable(
2319						    port->targ_lun_arg,
2320						    lun->target,
2321						    lun->lun);
2322					}
2323				}
2324
2325				mtx_lock(&softc->ctl_lock);
2326
2327				if (cmd == CTL_SET_PORT_WWNS)
2328					ctl_port_set_wwns(port,
2329					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2330					    1 : 0, entry->wwnn,
2331					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2332					    1 : 0, entry->wwpn);
2333			}
2334			if (done != 0)
2335				break;
2336		}
2337		mtx_unlock(&softc->ctl_lock);
2338		break;
2339	}
2340	case CTL_GET_PORT_LIST: {
2341		struct ctl_port *port;
2342		struct ctl_port_list *list;
2343		int i;
2344
2345		list = (struct ctl_port_list *)addr;
2346
2347		if (list->alloc_len != (list->alloc_num *
2348		    sizeof(struct ctl_port_entry))) {
2349			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2350			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2351			       "%zu\n", __func__, list->alloc_len,
2352			       list->alloc_num, sizeof(struct ctl_port_entry));
2353			retval = EINVAL;
2354			break;
2355		}
2356		list->fill_len = 0;
2357		list->fill_num = 0;
2358		list->dropped_num = 0;
2359		i = 0;
2360		mtx_lock(&softc->ctl_lock);
2361		STAILQ_FOREACH(port, &softc->port_list, links) {
2362			struct ctl_port_entry entry, *list_entry;
2363
2364			if (list->fill_num >= list->alloc_num) {
2365				list->dropped_num++;
2366				continue;
2367			}
2368
2369			entry.port_type = port->port_type;
2370			strlcpy(entry.port_name, port->port_name,
2371				sizeof(entry.port_name));
2372			entry.targ_port = port->targ_port;
2373			entry.physical_port = port->physical_port;
2374			entry.virtual_port = port->virtual_port;
2375			entry.wwnn = port->wwnn;
2376			entry.wwpn = port->wwpn;
2377			if (port->status & CTL_PORT_STATUS_ONLINE)
2378				entry.online = 1;
2379			else
2380				entry.online = 0;
2381
2382			list_entry = &list->entries[i];
2383
2384			retval = copyout(&entry, list_entry, sizeof(entry));
2385			if (retval != 0) {
2386				printf("%s: CTL_GET_PORT_LIST: copyout "
2387				       "returned %d\n", __func__, retval);
2388				break;
2389			}
2390			i++;
2391			list->fill_num++;
2392			list->fill_len += sizeof(entry);
2393		}
2394		mtx_unlock(&softc->ctl_lock);
2395
2396		/*
2397		 * If this is non-zero, we had a copyout fault, so there's
2398		 * probably no point in attempting to set the status inside
2399		 * the structure.
2400		 */
2401		if (retval != 0)
2402			break;
2403
2404		if (list->dropped_num > 0)
2405			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2406		else
2407			list->status = CTL_PORT_LIST_OK;
2408		break;
2409	}
2410	case CTL_DUMP_OOA: {
2411		struct ctl_lun *lun;
2412		union ctl_io *io;
2413		char printbuf[128];
2414		struct sbuf sb;
2415
2416		mtx_lock(&softc->ctl_lock);
2417		printf("Dumping OOA queues:\n");
2418		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2419			mtx_lock(&lun->lun_lock);
2420			for (io = (union ctl_io *)TAILQ_FIRST(
2421			     &lun->ooa_queue); io != NULL;
2422			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2423			     ooa_links)) {
2424				sbuf_new(&sb, printbuf, sizeof(printbuf),
2425					 SBUF_FIXEDLEN);
2426				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2427					    (intmax_t)lun->lun,
2428					    io->scsiio.tag_num,
2429					    (io->io_hdr.flags &
2430					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2431					    (io->io_hdr.flags &
2432					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2433					    (io->io_hdr.flags &
2434					    CTL_FLAG_ABORT) ? " ABORT" : "",
2435			                    (io->io_hdr.flags &
2436		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2437				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2438				sbuf_finish(&sb);
2439				printf("%s\n", sbuf_data(&sb));
2440			}
2441			mtx_unlock(&lun->lun_lock);
2442		}
2443		printf("OOA queues dump done\n");
2444		mtx_unlock(&softc->ctl_lock);
2445		break;
2446	}
2447	case CTL_GET_OOA: {
2448		struct ctl_lun *lun;
2449		struct ctl_ooa *ooa_hdr;
2450		struct ctl_ooa_entry *entries;
2451		uint32_t cur_fill_num;
2452
2453		ooa_hdr = (struct ctl_ooa *)addr;
2454
2455		if ((ooa_hdr->alloc_len == 0)
2456		 || (ooa_hdr->alloc_num == 0)) {
2457			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2458			       "must be non-zero\n", __func__,
2459			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2460			retval = EINVAL;
2461			break;
2462		}
2463
2464		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2465		    sizeof(struct ctl_ooa_entry))) {
2466			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2467			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2468			       __func__, ooa_hdr->alloc_len,
2469			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2470			retval = EINVAL;
2471			break;
2472		}
2473
2474		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2475		if (entries == NULL) {
2476			printf("%s: could not allocate %d bytes for OOA "
2477			       "dump\n", __func__, ooa_hdr->alloc_len);
2478			retval = ENOMEM;
2479			break;
2480		}
2481
2482		mtx_lock(&softc->ctl_lock);
2483		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2484		 && ((ooa_hdr->lun_num > CTL_MAX_LUNS)
2485		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2486			mtx_unlock(&softc->ctl_lock);
2487			free(entries, M_CTL);
2488			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2489			       __func__, (uintmax_t)ooa_hdr->lun_num);
2490			retval = EINVAL;
2491			break;
2492		}
2493
2494		cur_fill_num = 0;
2495
2496		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2497			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2498				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2499					ooa_hdr, entries);
2500				if (retval != 0)
2501					break;
2502			}
2503			if (retval != 0) {
2504				mtx_unlock(&softc->ctl_lock);
2505				free(entries, M_CTL);
2506				break;
2507			}
2508		} else {
2509			lun = softc->ctl_luns[ooa_hdr->lun_num];
2510
2511			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2512						    entries);
2513		}
2514		mtx_unlock(&softc->ctl_lock);
2515
2516		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2517		ooa_hdr->fill_len = ooa_hdr->fill_num *
2518			sizeof(struct ctl_ooa_entry);
2519		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2520		if (retval != 0) {
2521			printf("%s: error copying out %d bytes for OOA dump\n",
2522			       __func__, ooa_hdr->fill_len);
2523		}
2524
2525		getbintime(&ooa_hdr->cur_bt);
2526
2527		if (cur_fill_num > ooa_hdr->alloc_num) {
2528			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2529			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2530		} else {
2531			ooa_hdr->dropped_num = 0;
2532			ooa_hdr->status = CTL_OOA_OK;
2533		}
2534
2535		free(entries, M_CTL);
2536		break;
2537	}
2538	case CTL_CHECK_OOA: {
2539		union ctl_io *io;
2540		struct ctl_lun *lun;
2541		struct ctl_ooa_info *ooa_info;
2542
2543
2544		ooa_info = (struct ctl_ooa_info *)addr;
2545
2546		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2547			ooa_info->status = CTL_OOA_INVALID_LUN;
2548			break;
2549		}
2550		mtx_lock(&softc->ctl_lock);
2551		lun = softc->ctl_luns[ooa_info->lun_id];
2552		if (lun == NULL) {
2553			mtx_unlock(&softc->ctl_lock);
2554			ooa_info->status = CTL_OOA_INVALID_LUN;
2555			break;
2556		}
2557		mtx_lock(&lun->lun_lock);
2558		mtx_unlock(&softc->ctl_lock);
2559		ooa_info->num_entries = 0;
2560		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2561		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2562		     &io->io_hdr, ooa_links)) {
2563			ooa_info->num_entries++;
2564		}
2565		mtx_unlock(&lun->lun_lock);
2566
2567		ooa_info->status = CTL_OOA_SUCCESS;
2568
2569		break;
2570	}
2571	case CTL_HARD_START:
2572	case CTL_HARD_STOP: {
2573		struct ctl_fe_ioctl_startstop_info ss_info;
2574		struct cfi_metatask *metatask;
2575		struct mtx hs_mtx;
2576
2577		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2578
2579		cv_init(&ss_info.sem, "hard start/stop cv" );
2580
2581		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2582		if (metatask == NULL) {
2583			retval = ENOMEM;
2584			mtx_destroy(&hs_mtx);
2585			break;
2586		}
2587
2588		if (cmd == CTL_HARD_START)
2589			metatask->tasktype = CFI_TASK_STARTUP;
2590		else
2591			metatask->tasktype = CFI_TASK_SHUTDOWN;
2592
2593		metatask->callback = ctl_ioctl_hard_startstop_callback;
2594		metatask->callback_arg = &ss_info;
2595
2596		cfi_action(metatask);
2597
2598		/* Wait for the callback */
2599		mtx_lock(&hs_mtx);
2600		cv_wait_sig(&ss_info.sem, &hs_mtx);
2601		mtx_unlock(&hs_mtx);
2602
2603		/*
2604		 * All information has been copied from the metatask by the
2605		 * time cv_broadcast() is called, so we free the metatask here.
2606		 */
2607		cfi_free_metatask(metatask);
2608
2609		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2610
2611		mtx_destroy(&hs_mtx);
2612		break;
2613	}
2614	case CTL_BBRREAD: {
2615		struct ctl_bbrread_info *bbr_info;
2616		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2617		struct mtx bbr_mtx;
2618		struct cfi_metatask *metatask;
2619
2620		bbr_info = (struct ctl_bbrread_info *)addr;
2621
2622		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2623
2624		bzero(&bbr_mtx, sizeof(bbr_mtx));
2625		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2626
2627		fe_bbr_info.bbr_info = bbr_info;
2628		fe_bbr_info.lock = &bbr_mtx;
2629
2630		cv_init(&fe_bbr_info.sem, "BBR read cv");
2631		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2632
2633		if (metatask == NULL) {
2634			mtx_destroy(&bbr_mtx);
2635			cv_destroy(&fe_bbr_info.sem);
2636			retval = ENOMEM;
2637			break;
2638		}
2639		metatask->tasktype = CFI_TASK_BBRREAD;
2640		metatask->callback = ctl_ioctl_bbrread_callback;
2641		metatask->callback_arg = &fe_bbr_info;
2642		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2643		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2644		metatask->taskinfo.bbrread.len = bbr_info->len;
2645
2646		cfi_action(metatask);
2647
2648		mtx_lock(&bbr_mtx);
2649		while (fe_bbr_info.wakeup_done == 0)
2650			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2651		mtx_unlock(&bbr_mtx);
2652
2653		bbr_info->status = metatask->status;
2654		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2655		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2656		memcpy(&bbr_info->sense_data,
2657		       &metatask->taskinfo.bbrread.sense_data,
2658		       ctl_min(sizeof(bbr_info->sense_data),
2659			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2660
2661		cfi_free_metatask(metatask);
2662
2663		mtx_destroy(&bbr_mtx);
2664		cv_destroy(&fe_bbr_info.sem);
2665
2666		break;
2667	}
2668	case CTL_DELAY_IO: {
2669		struct ctl_io_delay_info *delay_info;
2670#ifdef CTL_IO_DELAY
2671		struct ctl_lun *lun;
2672#endif /* CTL_IO_DELAY */
2673
2674		delay_info = (struct ctl_io_delay_info *)addr;
2675
2676#ifdef CTL_IO_DELAY
2677		mtx_lock(&softc->ctl_lock);
2678
2679		if ((delay_info->lun_id > CTL_MAX_LUNS)
2680		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2681			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2682		} else {
2683			lun = softc->ctl_luns[delay_info->lun_id];
2684			mtx_lock(&lun->lun_lock);
2685
2686			delay_info->status = CTL_DELAY_STATUS_OK;
2687
2688			switch (delay_info->delay_type) {
2689			case CTL_DELAY_TYPE_CONT:
2690				break;
2691			case CTL_DELAY_TYPE_ONESHOT:
2692				break;
2693			default:
2694				delay_info->status =
2695					CTL_DELAY_STATUS_INVALID_TYPE;
2696				break;
2697			}
2698
2699			switch (delay_info->delay_loc) {
2700			case CTL_DELAY_LOC_DATAMOVE:
2701				lun->delay_info.datamove_type =
2702					delay_info->delay_type;
2703				lun->delay_info.datamove_delay =
2704					delay_info->delay_secs;
2705				break;
2706			case CTL_DELAY_LOC_DONE:
2707				lun->delay_info.done_type =
2708					delay_info->delay_type;
2709				lun->delay_info.done_delay =
2710					delay_info->delay_secs;
2711				break;
2712			default:
2713				delay_info->status =
2714					CTL_DELAY_STATUS_INVALID_LOC;
2715				break;
2716			}
2717			mtx_unlock(&lun->lun_lock);
2718		}
2719
2720		mtx_unlock(&softc->ctl_lock);
2721#else
2722		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2723#endif /* CTL_IO_DELAY */
2724		break;
2725	}
2726	case CTL_REALSYNC_SET: {
2727		int *syncstate;
2728
2729		syncstate = (int *)addr;
2730
2731		mtx_lock(&softc->ctl_lock);
2732		switch (*syncstate) {
2733		case 0:
2734			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2735			break;
2736		case 1:
2737			softc->flags |= CTL_FLAG_REAL_SYNC;
2738			break;
2739		default:
2740			retval = EINVAL;
2741			break;
2742		}
2743		mtx_unlock(&softc->ctl_lock);
2744		break;
2745	}
2746	case CTL_REALSYNC_GET: {
2747		int *syncstate;
2748
2749		syncstate = (int*)addr;
2750
2751		mtx_lock(&softc->ctl_lock);
2752		if (softc->flags & CTL_FLAG_REAL_SYNC)
2753			*syncstate = 1;
2754		else
2755			*syncstate = 0;
2756		mtx_unlock(&softc->ctl_lock);
2757
2758		break;
2759	}
2760	case CTL_SETSYNC:
2761	case CTL_GETSYNC: {
2762		struct ctl_sync_info *sync_info;
2763		struct ctl_lun *lun;
2764
2765		sync_info = (struct ctl_sync_info *)addr;
2766
2767		mtx_lock(&softc->ctl_lock);
2768		lun = softc->ctl_luns[sync_info->lun_id];
2769		if (lun == NULL) {
2770			mtx_unlock(&softc->ctl_lock);
2771			sync_info->status = CTL_GS_SYNC_NO_LUN;
2772		}
2773		/*
2774		 * Get or set the sync interval.  We're not bounds checking
2775		 * in the set case, hopefully the user won't do something
2776		 * silly.
2777		 */
2778		mtx_lock(&lun->lun_lock);
2779		mtx_unlock(&softc->ctl_lock);
2780		if (cmd == CTL_GETSYNC)
2781			sync_info->sync_interval = lun->sync_interval;
2782		else
2783			lun->sync_interval = sync_info->sync_interval;
2784		mtx_unlock(&lun->lun_lock);
2785
2786		sync_info->status = CTL_GS_SYNC_OK;
2787
2788		break;
2789	}
2790	case CTL_GETSTATS: {
2791		struct ctl_stats *stats;
2792		struct ctl_lun *lun;
2793		int i;
2794
2795		stats = (struct ctl_stats *)addr;
2796
2797		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2798		     stats->alloc_len) {
2799			stats->status = CTL_SS_NEED_MORE_SPACE;
2800			stats->num_luns = softc->num_luns;
2801			break;
2802		}
2803		/*
2804		 * XXX KDM no locking here.  If the LUN list changes,
2805		 * things can blow up.
2806		 */
2807		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2808		     i++, lun = STAILQ_NEXT(lun, links)) {
2809			retval = copyout(&lun->stats, &stats->lun_stats[i],
2810					 sizeof(lun->stats));
2811			if (retval != 0)
2812				break;
2813		}
2814		stats->num_luns = softc->num_luns;
2815		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2816				 softc->num_luns;
2817		stats->status = CTL_SS_OK;
2818#ifdef CTL_TIME_IO
2819		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2820#else
2821		stats->flags = CTL_STATS_FLAG_NONE;
2822#endif
2823		getnanouptime(&stats->timestamp);
2824		break;
2825	}
2826	case CTL_ERROR_INJECT: {
2827		struct ctl_error_desc *err_desc, *new_err_desc;
2828		struct ctl_lun *lun;
2829
2830		err_desc = (struct ctl_error_desc *)addr;
2831
2832		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2833				      M_WAITOK | M_ZERO);
2834		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2835
2836		mtx_lock(&softc->ctl_lock);
2837		lun = softc->ctl_luns[err_desc->lun_id];
2838		if (lun == NULL) {
2839			mtx_unlock(&softc->ctl_lock);
2840			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2841			       __func__, (uintmax_t)err_desc->lun_id);
2842			retval = EINVAL;
2843			break;
2844		}
2845		mtx_lock(&lun->lun_lock);
2846		mtx_unlock(&softc->ctl_lock);
2847
2848		/*
2849		 * We could do some checking here to verify the validity
2850		 * of the request, but given the complexity of error
2851		 * injection requests, the checking logic would be fairly
2852		 * complex.
2853		 *
2854		 * For now, if the request is invalid, it just won't get
2855		 * executed and might get deleted.
2856		 */
2857		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2858
2859		/*
2860		 * XXX KDM check to make sure the serial number is unique,
2861		 * in case we somehow manage to wrap.  That shouldn't
2862		 * happen for a very long time, but it's the right thing to
2863		 * do.
2864		 */
2865		new_err_desc->serial = lun->error_serial;
2866		err_desc->serial = lun->error_serial;
2867		lun->error_serial++;
2868
2869		mtx_unlock(&lun->lun_lock);
2870		break;
2871	}
2872	case CTL_ERROR_INJECT_DELETE: {
2873		struct ctl_error_desc *delete_desc, *desc, *desc2;
2874		struct ctl_lun *lun;
2875		int delete_done;
2876
2877		delete_desc = (struct ctl_error_desc *)addr;
2878		delete_done = 0;
2879
2880		mtx_lock(&softc->ctl_lock);
2881		lun = softc->ctl_luns[delete_desc->lun_id];
2882		if (lun == NULL) {
2883			mtx_unlock(&softc->ctl_lock);
2884			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2885			       __func__, (uintmax_t)delete_desc->lun_id);
2886			retval = EINVAL;
2887			break;
2888		}
2889		mtx_lock(&lun->lun_lock);
2890		mtx_unlock(&softc->ctl_lock);
2891		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2892			if (desc->serial != delete_desc->serial)
2893				continue;
2894
2895			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2896				      links);
2897			free(desc, M_CTL);
2898			delete_done = 1;
2899		}
2900		mtx_unlock(&lun->lun_lock);
2901		if (delete_done == 0) {
2902			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2903			       "error serial %ju on LUN %u\n", __func__,
2904			       delete_desc->serial, delete_desc->lun_id);
2905			retval = EINVAL;
2906			break;
2907		}
2908		break;
2909	}
2910	case CTL_DUMP_STRUCTS: {
2911		int i, j, k, idx;
2912		struct ctl_port *port;
2913		struct ctl_frontend *fe;
2914
2915		mtx_lock(&softc->ctl_lock);
2916		printf("CTL Persistent Reservation information start:\n");
2917		for (i = 0; i < CTL_MAX_LUNS; i++) {
2918			struct ctl_lun *lun;
2919
2920			lun = softc->ctl_luns[i];
2921
2922			if ((lun == NULL)
2923			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2924				continue;
2925
2926			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
2927				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2928					idx = j * CTL_MAX_INIT_PER_PORT + k;
2929					if (lun->per_res[idx].registered == 0)
2930						continue;
2931					printf("  LUN %d port %d iid %d key "
2932					       "%#jx\n", i, j, k,
2933					       (uintmax_t)scsi_8btou64(
2934					       lun->per_res[idx].res_key.key));
2935				}
2936			}
2937		}
2938		printf("CTL Persistent Reservation information end\n");
2939		printf("CTL Ports:\n");
2940		STAILQ_FOREACH(port, &softc->port_list, links) {
2941			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2942			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2943			       port->frontend->name, port->port_type,
2944			       port->physical_port, port->virtual_port,
2945			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2946			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2947				if (port->wwpn_iid[j].in_use == 0 &&
2948				    port->wwpn_iid[j].wwpn == 0 &&
2949				    port->wwpn_iid[j].name == NULL)
2950					continue;
2951
2952				printf("    iid %u use %d WWPN %#jx '%s'\n",
2953				    j, port->wwpn_iid[j].in_use,
2954				    (uintmax_t)port->wwpn_iid[j].wwpn,
2955				    port->wwpn_iid[j].name);
2956			}
2957		}
2958		printf("CTL Port information end\n");
2959		mtx_unlock(&softc->ctl_lock);
2960		/*
2961		 * XXX KDM calling this without a lock.  We'd likely want
2962		 * to drop the lock before calling the frontend's dump
2963		 * routine anyway.
2964		 */
2965		printf("CTL Frontends:\n");
2966		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2967			printf("  Frontend '%s'\n", fe->name);
2968			if (fe->fe_dump != NULL)
2969				fe->fe_dump();
2970		}
2971		printf("CTL Frontend information end\n");
2972		break;
2973	}
2974	case CTL_LUN_REQ: {
2975		struct ctl_lun_req *lun_req;
2976		struct ctl_backend_driver *backend;
2977
2978		lun_req = (struct ctl_lun_req *)addr;
2979
2980		backend = ctl_backend_find(lun_req->backend);
2981		if (backend == NULL) {
2982			lun_req->status = CTL_LUN_ERROR;
2983			snprintf(lun_req->error_str,
2984				 sizeof(lun_req->error_str),
2985				 "Backend \"%s\" not found.",
2986				 lun_req->backend);
2987			break;
2988		}
2989		if (lun_req->num_be_args > 0) {
2990			lun_req->kern_be_args = ctl_copyin_args(
2991				lun_req->num_be_args,
2992				lun_req->be_args,
2993				lun_req->error_str,
2994				sizeof(lun_req->error_str));
2995			if (lun_req->kern_be_args == NULL) {
2996				lun_req->status = CTL_LUN_ERROR;
2997				break;
2998			}
2999		}
3000
3001		retval = backend->ioctl(dev, cmd, addr, flag, td);
3002
3003		if (lun_req->num_be_args > 0) {
3004			ctl_copyout_args(lun_req->num_be_args,
3005				      lun_req->kern_be_args);
3006			ctl_free_args(lun_req->num_be_args,
3007				      lun_req->kern_be_args);
3008		}
3009		break;
3010	}
3011	case CTL_LUN_LIST: {
3012		struct sbuf *sb;
3013		struct ctl_lun *lun;
3014		struct ctl_lun_list *list;
3015		struct ctl_option *opt;
3016
3017		list = (struct ctl_lun_list *)addr;
3018
3019		/*
3020		 * Allocate a fixed length sbuf here, based on the length
3021		 * of the user's buffer.  We could allocate an auto-extending
3022		 * buffer, and then tell the user how much larger our
3023		 * amount of data is than his buffer, but that presents
3024		 * some problems:
3025		 *
3026		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3027		 *     we can't hold a lock while calling them with an
3028		 *     auto-extending buffer.
3029 		 *
3030		 * 2.  There is not currently a LUN reference counting
3031		 *     mechanism, outside of outstanding transactions on
3032		 *     the LUN's OOA queue.  So a LUN could go away on us
3033		 *     while we're getting the LUN number, backend-specific
3034		 *     information, etc.  Thus, given the way things
3035		 *     currently work, we need to hold the CTL lock while
3036		 *     grabbing LUN information.
3037		 *
3038		 * So, from the user's standpoint, the best thing to do is
3039		 * allocate what he thinks is a reasonable buffer length,
3040		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3041		 * double the buffer length and try again.  (And repeat
3042		 * that until he succeeds.)
3043		 */
3044		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3045		if (sb == NULL) {
3046			list->status = CTL_LUN_LIST_ERROR;
3047			snprintf(list->error_str, sizeof(list->error_str),
3048				 "Unable to allocate %d bytes for LUN list",
3049				 list->alloc_len);
3050			break;
3051		}
3052
3053		sbuf_printf(sb, "<ctllunlist>\n");
3054
3055		mtx_lock(&softc->ctl_lock);
3056		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3057			mtx_lock(&lun->lun_lock);
3058			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3059					     (uintmax_t)lun->lun);
3060
3061			/*
3062			 * Bail out as soon as we see that we've overfilled
3063			 * the buffer.
3064			 */
3065			if (retval != 0)
3066				break;
3067
3068			retval = sbuf_printf(sb, "\t<backend_type>%s"
3069					     "</backend_type>\n",
3070					     (lun->backend == NULL) ?  "none" :
3071					     lun->backend->name);
3072
3073			if (retval != 0)
3074				break;
3075
3076			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3077					     lun->be_lun->lun_type);
3078
3079			if (retval != 0)
3080				break;
3081
3082			if (lun->backend == NULL) {
3083				retval = sbuf_printf(sb, "</lun>\n");
3084				if (retval != 0)
3085					break;
3086				continue;
3087			}
3088
3089			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3090					     (lun->be_lun->maxlba > 0) ?
3091					     lun->be_lun->maxlba + 1 : 0);
3092
3093			if (retval != 0)
3094				break;
3095
3096			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3097					     lun->be_lun->blocksize);
3098
3099			if (retval != 0)
3100				break;
3101
3102			retval = sbuf_printf(sb, "\t<serial_number>");
3103
3104			if (retval != 0)
3105				break;
3106
3107			retval = ctl_sbuf_printf_esc(sb,
3108						     lun->be_lun->serial_num);
3109
3110			if (retval != 0)
3111				break;
3112
3113			retval = sbuf_printf(sb, "</serial_number>\n");
3114
3115			if (retval != 0)
3116				break;
3117
3118			retval = sbuf_printf(sb, "\t<device_id>");
3119
3120			if (retval != 0)
3121				break;
3122
3123			retval = ctl_sbuf_printf_esc(sb,lun->be_lun->device_id);
3124
3125			if (retval != 0)
3126				break;
3127
3128			retval = sbuf_printf(sb, "</device_id>\n");
3129
3130			if (retval != 0)
3131				break;
3132
3133			if (lun->backend->lun_info != NULL) {
3134				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3135				if (retval != 0)
3136					break;
3137			}
3138			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3139				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3140				    opt->name, opt->value, opt->name);
3141				if (retval != 0)
3142					break;
3143			}
3144
3145			retval = sbuf_printf(sb, "</lun>\n");
3146
3147			if (retval != 0)
3148				break;
3149			mtx_unlock(&lun->lun_lock);
3150		}
3151		if (lun != NULL)
3152			mtx_unlock(&lun->lun_lock);
3153		mtx_unlock(&softc->ctl_lock);
3154
3155		if ((retval != 0)
3156		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3157			retval = 0;
3158			sbuf_delete(sb);
3159			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3160			snprintf(list->error_str, sizeof(list->error_str),
3161				 "Out of space, %d bytes is too small",
3162				 list->alloc_len);
3163			break;
3164		}
3165
3166		sbuf_finish(sb);
3167
3168		retval = copyout(sbuf_data(sb), list->lun_xml,
3169				 sbuf_len(sb) + 1);
3170
3171		list->fill_len = sbuf_len(sb) + 1;
3172		list->status = CTL_LUN_LIST_OK;
3173		sbuf_delete(sb);
3174		break;
3175	}
3176	case CTL_ISCSI: {
3177		struct ctl_iscsi *ci;
3178		struct ctl_frontend *fe;
3179
3180		ci = (struct ctl_iscsi *)addr;
3181
3182		fe = ctl_frontend_find("iscsi");
3183		if (fe == NULL) {
3184			ci->status = CTL_ISCSI_ERROR;
3185			snprintf(ci->error_str, sizeof(ci->error_str),
3186			    "Frontend \"iscsi\" not found.");
3187			break;
3188		}
3189
3190		retval = fe->ioctl(dev, cmd, addr, flag, td);
3191		break;
3192	}
3193	case CTL_PORT_REQ: {
3194		struct ctl_req *req;
3195		struct ctl_frontend *fe;
3196
3197		req = (struct ctl_req *)addr;
3198
3199		fe = ctl_frontend_find(req->driver);
3200		if (fe == NULL) {
3201			req->status = CTL_LUN_ERROR;
3202			snprintf(req->error_str, sizeof(req->error_str),
3203			    "Frontend \"%s\" not found.", req->driver);
3204			break;
3205		}
3206		if (req->num_args > 0) {
3207			req->kern_args = ctl_copyin_args(req->num_args,
3208			    req->args, req->error_str, sizeof(req->error_str));
3209			if (req->kern_args == NULL) {
3210				req->status = CTL_LUN_ERROR;
3211				break;
3212			}
3213		}
3214
3215		retval = fe->ioctl(dev, cmd, addr, flag, td);
3216
3217		if (req->num_args > 0) {
3218			ctl_copyout_args(req->num_args, req->kern_args);
3219			ctl_free_args(req->num_args, req->kern_args);
3220		}
3221		break;
3222	}
3223	case CTL_PORT_LIST: {
3224		struct sbuf *sb;
3225		struct ctl_port *port;
3226		struct ctl_lun_list *list;
3227		struct ctl_option *opt;
3228
3229		list = (struct ctl_lun_list *)addr;
3230
3231		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3232		if (sb == NULL) {
3233			list->status = CTL_LUN_LIST_ERROR;
3234			snprintf(list->error_str, sizeof(list->error_str),
3235				 "Unable to allocate %d bytes for LUN list",
3236				 list->alloc_len);
3237			break;
3238		}
3239
3240		sbuf_printf(sb, "<ctlportlist>\n");
3241
3242		mtx_lock(&softc->ctl_lock);
3243		STAILQ_FOREACH(port, &softc->port_list, links) {
3244			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3245					     (uintmax_t)port->targ_port);
3246
3247			/*
3248			 * Bail out as soon as we see that we've overfilled
3249			 * the buffer.
3250			 */
3251			if (retval != 0)
3252				break;
3253
3254			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3255			    "</frontend_type>\n", port->frontend->name);
3256			if (retval != 0)
3257				break;
3258
3259			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3260					     port->port_type);
3261			if (retval != 0)
3262				break;
3263
3264			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3265			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3266			if (retval != 0)
3267				break;
3268
3269			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3270			    port->port_name);
3271			if (retval != 0)
3272				break;
3273
3274			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3275			    port->physical_port);
3276			if (retval != 0)
3277				break;
3278
3279			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3280			    port->virtual_port);
3281			if (retval != 0)
3282				break;
3283
3284			retval = sbuf_printf(sb, "\t<wwnn>%#jx</wwnn>\n",
3285			    (uintmax_t)port->wwnn);
3286			if (retval != 0)
3287				break;
3288
3289			retval = sbuf_printf(sb, "\t<wwpn>%#jx</wwpn>\n",
3290			    (uintmax_t)port->wwpn);
3291			if (retval != 0)
3292				break;
3293
3294			if (port->port_info != NULL) {
3295				retval = port->port_info(port->onoff_arg, sb);
3296				if (retval != 0)
3297					break;
3298			}
3299			STAILQ_FOREACH(opt, &port->options, links) {
3300				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3301				    opt->name, opt->value, opt->name);
3302				if (retval != 0)
3303					break;
3304			}
3305
3306			retval = sbuf_printf(sb, "</targ_port>\n");
3307			if (retval != 0)
3308				break;
3309		}
3310		mtx_unlock(&softc->ctl_lock);
3311
3312		if ((retval != 0)
3313		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3314			retval = 0;
3315			sbuf_delete(sb);
3316			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3317			snprintf(list->error_str, sizeof(list->error_str),
3318				 "Out of space, %d bytes is too small",
3319				 list->alloc_len);
3320			break;
3321		}
3322
3323		sbuf_finish(sb);
3324
3325		retval = copyout(sbuf_data(sb), list->lun_xml,
3326				 sbuf_len(sb) + 1);
3327
3328		list->fill_len = sbuf_len(sb) + 1;
3329		list->status = CTL_LUN_LIST_OK;
3330		sbuf_delete(sb);
3331		break;
3332	}
3333	default: {
3334		/* XXX KDM should we fix this? */
3335#if 0
3336		struct ctl_backend_driver *backend;
3337		unsigned int type;
3338		int found;
3339
3340		found = 0;
3341
3342		/*
3343		 * We encode the backend type as the ioctl type for backend
3344		 * ioctls.  So parse it out here, and then search for a
3345		 * backend of this type.
3346		 */
3347		type = _IOC_TYPE(cmd);
3348
3349		STAILQ_FOREACH(backend, &softc->be_list, links) {
3350			if (backend->type == type) {
3351				found = 1;
3352				break;
3353			}
3354		}
3355		if (found == 0) {
3356			printf("ctl: unknown ioctl command %#lx or backend "
3357			       "%d\n", cmd, type);
3358			retval = EINVAL;
3359			break;
3360		}
3361		retval = backend->ioctl(dev, cmd, addr, flag, td);
3362#endif
3363		retval = ENOTTY;
3364		break;
3365	}
3366	}
3367	return (retval);
3368}
3369
3370uint32_t
3371ctl_get_initindex(struct ctl_nexus *nexus)
3372{
3373	if (nexus->targ_port < CTL_MAX_PORTS)
3374		return (nexus->initid.id +
3375			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3376	else
3377		return (nexus->initid.id +
3378		       ((nexus->targ_port - CTL_MAX_PORTS) *
3379			CTL_MAX_INIT_PER_PORT));
3380}
3381
3382uint32_t
3383ctl_get_resindex(struct ctl_nexus *nexus)
3384{
3385	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3386}
3387
3388uint32_t
3389ctl_port_idx(int port_num)
3390{
3391	if (port_num < CTL_MAX_PORTS)
3392		return(port_num);
3393	else
3394		return(port_num - CTL_MAX_PORTS);
3395}
3396
3397static uint32_t
3398ctl_map_lun(int port_num, uint32_t lun_id)
3399{
3400	struct ctl_port *port;
3401
3402	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3403	if (port == NULL)
3404		return (UINT32_MAX);
3405	if (port->lun_map == NULL)
3406		return (lun_id);
3407	return (port->lun_map(port->targ_lun_arg, lun_id));
3408}
3409
3410static uint32_t
3411ctl_map_lun_back(int port_num, uint32_t lun_id)
3412{
3413	struct ctl_port *port;
3414	uint32_t i;
3415
3416	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3417	if (port->lun_map == NULL)
3418		return (lun_id);
3419	for (i = 0; i < CTL_MAX_LUNS; i++) {
3420		if (port->lun_map(port->targ_lun_arg, i) == lun_id)
3421			return (i);
3422	}
3423	return (UINT32_MAX);
3424}
3425
3426/*
3427 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3428 * that are a power of 2.
3429 */
3430int
3431ctl_ffz(uint32_t *mask, uint32_t size)
3432{
3433	uint32_t num_chunks, num_pieces;
3434	int i, j;
3435
3436	num_chunks = (size >> 5);
3437	if (num_chunks == 0)
3438		num_chunks++;
3439	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3440
3441	for (i = 0; i < num_chunks; i++) {
3442		for (j = 0; j < num_pieces; j++) {
3443			if ((mask[i] & (1 << j)) == 0)
3444				return ((i << 5) + j);
3445		}
3446	}
3447
3448	return (-1);
3449}
3450
3451int
3452ctl_set_mask(uint32_t *mask, uint32_t bit)
3453{
3454	uint32_t chunk, piece;
3455
3456	chunk = bit >> 5;
3457	piece = bit % (sizeof(uint32_t) * 8);
3458
3459	if ((mask[chunk] & (1 << piece)) != 0)
3460		return (-1);
3461	else
3462		mask[chunk] |= (1 << piece);
3463
3464	return (0);
3465}
3466
3467int
3468ctl_clear_mask(uint32_t *mask, uint32_t bit)
3469{
3470	uint32_t chunk, piece;
3471
3472	chunk = bit >> 5;
3473	piece = bit % (sizeof(uint32_t) * 8);
3474
3475	if ((mask[chunk] & (1 << piece)) == 0)
3476		return (-1);
3477	else
3478		mask[chunk] &= ~(1 << piece);
3479
3480	return (0);
3481}
3482
3483int
3484ctl_is_set(uint32_t *mask, uint32_t bit)
3485{
3486	uint32_t chunk, piece;
3487
3488	chunk = bit >> 5;
3489	piece = bit % (sizeof(uint32_t) * 8);
3490
3491	if ((mask[chunk] & (1 << piece)) == 0)
3492		return (0);
3493	else
3494		return (1);
3495}
3496
3497#ifdef unused
3498/*
3499 * The bus, target and lun are optional, they can be filled in later.
3500 * can_wait is used to determine whether we can wait on the malloc or not.
3501 */
3502union ctl_io*
3503ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3504	      uint32_t targ_lun, int can_wait)
3505{
3506	union ctl_io *io;
3507
3508	if (can_wait)
3509		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3510	else
3511		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3512
3513	if (io != NULL) {
3514		io->io_hdr.io_type = io_type;
3515		io->io_hdr.targ_port = targ_port;
3516		/*
3517		 * XXX KDM this needs to change/go away.  We need to move
3518		 * to a preallocated pool of ctl_scsiio structures.
3519		 */
3520		io->io_hdr.nexus.targ_target.id = targ_target;
3521		io->io_hdr.nexus.targ_lun = targ_lun;
3522	}
3523
3524	return (io);
3525}
3526
3527void
3528ctl_kfree_io(union ctl_io *io)
3529{
3530	free(io, M_CTL);
3531}
3532#endif /* unused */
3533
3534/*
3535 * ctl_softc, pool_type, total_ctl_io are passed in.
3536 * npool is passed out.
3537 */
3538int
3539ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3540		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3541{
3542	uint32_t i;
3543	union ctl_io *cur_io, *next_io;
3544	struct ctl_io_pool *pool;
3545	int retval;
3546
3547	retval = 0;
3548
3549	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3550					    M_NOWAIT | M_ZERO);
3551	if (pool == NULL) {
3552		retval = ENOMEM;
3553		goto bailout;
3554	}
3555
3556	pool->type = pool_type;
3557	pool->ctl_softc = ctl_softc;
3558
3559	mtx_lock(&ctl_softc->pool_lock);
3560	pool->id = ctl_softc->cur_pool_id++;
3561	mtx_unlock(&ctl_softc->pool_lock);
3562
3563	pool->flags = CTL_POOL_FLAG_NONE;
3564	pool->refcount = 1;		/* Reference for validity. */
3565	STAILQ_INIT(&pool->free_queue);
3566
3567	/*
3568	 * XXX KDM other options here:
3569	 * - allocate a page at a time
3570	 * - allocate one big chunk of memory.
3571	 * Page allocation might work well, but would take a little more
3572	 * tracking.
3573	 */
3574	for (i = 0; i < total_ctl_io; i++) {
3575		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTLIO,
3576						M_NOWAIT);
3577		if (cur_io == NULL) {
3578			retval = ENOMEM;
3579			break;
3580		}
3581		cur_io->io_hdr.pool = pool;
3582		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3583		pool->total_ctl_io++;
3584		pool->free_ctl_io++;
3585	}
3586
3587	if (retval != 0) {
3588		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3589		     cur_io != NULL; cur_io = next_io) {
3590			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3591							      links);
3592			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3593				      ctl_io_hdr, links);
3594			free(cur_io, M_CTLIO);
3595		}
3596
3597		free(pool, M_CTL);
3598		goto bailout;
3599	}
3600	mtx_lock(&ctl_softc->pool_lock);
3601	ctl_softc->num_pools++;
3602	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3603	/*
3604	 * Increment our usage count if this is an external consumer, so we
3605	 * can't get unloaded until the external consumer (most likely a
3606	 * FETD) unloads and frees his pool.
3607	 *
3608	 * XXX KDM will this increment the caller's module use count, or
3609	 * mine?
3610	 */
3611#if 0
3612	if ((pool_type != CTL_POOL_EMERGENCY)
3613	 && (pool_type != CTL_POOL_INTERNAL)
3614	 && (pool_type != CTL_POOL_4OTHERSC))
3615		MOD_INC_USE_COUNT;
3616#endif
3617
3618	mtx_unlock(&ctl_softc->pool_lock);
3619
3620	*npool = pool;
3621
3622bailout:
3623
3624	return (retval);
3625}
3626
3627static int
3628ctl_pool_acquire(struct ctl_io_pool *pool)
3629{
3630
3631	mtx_assert(&pool->ctl_softc->pool_lock, MA_OWNED);
3632
3633	if (pool->flags & CTL_POOL_FLAG_INVALID)
3634		return (EINVAL);
3635
3636	pool->refcount++;
3637
3638	return (0);
3639}
3640
3641static void
3642ctl_pool_release(struct ctl_io_pool *pool)
3643{
3644	struct ctl_softc *ctl_softc = pool->ctl_softc;
3645	union ctl_io *io;
3646
3647	mtx_assert(&ctl_softc->pool_lock, MA_OWNED);
3648
3649	if (--pool->refcount != 0)
3650		return;
3651
3652	while ((io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue)) != NULL) {
3653		STAILQ_REMOVE(&pool->free_queue, &io->io_hdr, ctl_io_hdr,
3654			      links);
3655		free(io, M_CTLIO);
3656	}
3657
3658	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3659	ctl_softc->num_pools--;
3660
3661	/*
3662	 * XXX KDM will this decrement the caller's usage count or mine?
3663	 */
3664#if 0
3665	if ((pool->type != CTL_POOL_EMERGENCY)
3666	 && (pool->type != CTL_POOL_INTERNAL)
3667	 && (pool->type != CTL_POOL_4OTHERSC))
3668		MOD_DEC_USE_COUNT;
3669#endif
3670
3671	free(pool, M_CTL);
3672}
3673
3674void
3675ctl_pool_free(struct ctl_io_pool *pool)
3676{
3677	struct ctl_softc *ctl_softc;
3678
3679	if (pool == NULL)
3680		return;
3681
3682	ctl_softc = pool->ctl_softc;
3683	mtx_lock(&ctl_softc->pool_lock);
3684	pool->flags |= CTL_POOL_FLAG_INVALID;
3685	ctl_pool_release(pool);
3686	mtx_unlock(&ctl_softc->pool_lock);
3687}
3688
3689/*
3690 * This routine does not block (except for spinlocks of course).
3691 * It tries to allocate a ctl_io union from the caller's pool as quickly as
3692 * possible.
3693 */
3694union ctl_io *
3695ctl_alloc_io(void *pool_ref)
3696{
3697	union ctl_io *io;
3698	struct ctl_softc *ctl_softc;
3699	struct ctl_io_pool *pool, *npool;
3700	struct ctl_io_pool *emergency_pool;
3701
3702	pool = (struct ctl_io_pool *)pool_ref;
3703
3704	if (pool == NULL) {
3705		printf("%s: pool is NULL\n", __func__);
3706		return (NULL);
3707	}
3708
3709	emergency_pool = NULL;
3710
3711	ctl_softc = pool->ctl_softc;
3712
3713	mtx_lock(&ctl_softc->pool_lock);
3714	/*
3715	 * First, try to get the io structure from the user's pool.
3716	 */
3717	if (ctl_pool_acquire(pool) == 0) {
3718		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3719		if (io != NULL) {
3720			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3721			pool->total_allocated++;
3722			pool->free_ctl_io--;
3723			mtx_unlock(&ctl_softc->pool_lock);
3724			return (io);
3725		} else
3726			ctl_pool_release(pool);
3727	}
3728	/*
3729	 * If he doesn't have any io structures left, search for an
3730	 * emergency pool and grab one from there.
3731	 */
3732	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3733		if (npool->type != CTL_POOL_EMERGENCY)
3734			continue;
3735
3736		if (ctl_pool_acquire(npool) != 0)
3737			continue;
3738
3739		emergency_pool = npool;
3740
3741		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3742		if (io != NULL) {
3743			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3744			npool->total_allocated++;
3745			npool->free_ctl_io--;
3746			mtx_unlock(&ctl_softc->pool_lock);
3747			return (io);
3748		} else
3749			ctl_pool_release(npool);
3750	}
3751
3752	/* Drop the spinlock before we malloc */
3753	mtx_unlock(&ctl_softc->pool_lock);
3754
3755	/*
3756	 * The emergency pool (if it exists) didn't have one, so try an
3757	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3758	 */
3759	io = (union ctl_io *)malloc(sizeof(*io), M_CTLIO, M_NOWAIT);
3760	if (io != NULL) {
3761		/*
3762		 * If the emergency pool exists but is empty, add this
3763		 * ctl_io to its list when it gets freed.
3764		 */
3765		if (emergency_pool != NULL) {
3766			mtx_lock(&ctl_softc->pool_lock);
3767			if (ctl_pool_acquire(emergency_pool) == 0) {
3768				io->io_hdr.pool = emergency_pool;
3769				emergency_pool->total_ctl_io++;
3770				/*
3771				 * Need to bump this, otherwise
3772				 * total_allocated and total_freed won't
3773				 * match when we no longer have anything
3774				 * outstanding.
3775				 */
3776				emergency_pool->total_allocated++;
3777			}
3778			mtx_unlock(&ctl_softc->pool_lock);
3779		} else
3780			io->io_hdr.pool = NULL;
3781	}
3782
3783	return (io);
3784}
3785
3786void
3787ctl_free_io(union ctl_io *io)
3788{
3789	if (io == NULL)
3790		return;
3791
3792	/*
3793	 * If this ctl_io has a pool, return it to that pool.
3794	 */
3795	if (io->io_hdr.pool != NULL) {
3796		struct ctl_io_pool *pool;
3797
3798		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3799		mtx_lock(&pool->ctl_softc->pool_lock);
3800		io->io_hdr.io_type = 0xff;
3801		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3802		pool->total_freed++;
3803		pool->free_ctl_io++;
3804		ctl_pool_release(pool);
3805		mtx_unlock(&pool->ctl_softc->pool_lock);
3806	} else {
3807		/*
3808		 * Otherwise, just free it.  We probably malloced it and
3809		 * the emergency pool wasn't available.
3810		 */
3811		free(io, M_CTLIO);
3812	}
3813
3814}
3815
3816void
3817ctl_zero_io(union ctl_io *io)
3818{
3819	void *pool_ref;
3820
3821	if (io == NULL)
3822		return;
3823
3824	/*
3825	 * May need to preserve linked list pointers at some point too.
3826	 */
3827	pool_ref = io->io_hdr.pool;
3828
3829	memset(io, 0, sizeof(*io));
3830
3831	io->io_hdr.pool = pool_ref;
3832}
3833
3834/*
3835 * This routine is currently used for internal copies of ctl_ios that need
3836 * to persist for some reason after we've already returned status to the
3837 * FETD.  (Thus the flag set.)
3838 *
3839 * XXX XXX
3840 * Note that this makes a blind copy of all fields in the ctl_io, except
3841 * for the pool reference.  This includes any memory that has been
3842 * allocated!  That memory will no longer be valid after done has been
3843 * called, so this would be VERY DANGEROUS for command that actually does
3844 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3845 * start and stop commands, which don't transfer any data, so this is not a
3846 * problem.  If it is used for anything else, the caller would also need to
3847 * allocate data buffer space and this routine would need to be modified to
3848 * copy the data buffer(s) as well.
3849 */
3850void
3851ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3852{
3853	void *pool_ref;
3854
3855	if ((src == NULL)
3856	 || (dest == NULL))
3857		return;
3858
3859	/*
3860	 * May need to preserve linked list pointers at some point too.
3861	 */
3862	pool_ref = dest->io_hdr.pool;
3863
3864	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
3865
3866	dest->io_hdr.pool = pool_ref;
3867	/*
3868	 * We need to know that this is an internal copy, and doesn't need
3869	 * to get passed back to the FETD that allocated it.
3870	 */
3871	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3872}
3873
3874#ifdef NEEDTOPORT
3875static void
3876ctl_update_power_subpage(struct copan_power_subpage *page)
3877{
3878	int num_luns, num_partitions, config_type;
3879	struct ctl_softc *softc;
3880	cs_BOOL_t aor_present, shelf_50pct_power;
3881	cs_raidset_personality_t rs_type;
3882	int max_active_luns;
3883
3884	softc = control_softc;
3885
3886	/* subtract out the processor LUN */
3887	num_luns = softc->num_luns - 1;
3888	/*
3889	 * Default to 7 LUNs active, which was the only number we allowed
3890	 * in the past.
3891	 */
3892	max_active_luns = 7;
3893
3894	num_partitions = config_GetRsPartitionInfo();
3895	config_type = config_GetConfigType();
3896	shelf_50pct_power = config_GetShelfPowerMode();
3897	aor_present = config_IsAorRsPresent();
3898
3899	rs_type = ddb_GetRsRaidType(1);
3900	if ((rs_type != CS_RAIDSET_PERSONALITY_RAID5)
3901	 && (rs_type != CS_RAIDSET_PERSONALITY_RAID1)) {
3902		EPRINT(0, "Unsupported RS type %d!", rs_type);
3903	}
3904
3905
3906	page->total_luns = num_luns;
3907
3908	switch (config_type) {
3909	case 40:
3910		/*
3911		 * In a 40 drive configuration, it doesn't matter what DC
3912		 * cards we have, whether we have AOR enabled or not,
3913		 * partitioning or not, or what type of RAIDset we have.
3914		 * In that scenario, we can power up every LUN we present
3915		 * to the user.
3916		 */
3917		max_active_luns = num_luns;
3918
3919		break;
3920	case 64:
3921		if (shelf_50pct_power == CS_FALSE) {
3922			/* 25% power */
3923			if (aor_present == CS_TRUE) {
3924				if (rs_type ==
3925				     CS_RAIDSET_PERSONALITY_RAID5) {
3926					max_active_luns = 7;
3927				} else if (rs_type ==
3928					 CS_RAIDSET_PERSONALITY_RAID1){
3929					max_active_luns = 14;
3930				} else {
3931					/* XXX KDM now what?? */
3932				}
3933			} else {
3934				if (rs_type ==
3935				     CS_RAIDSET_PERSONALITY_RAID5) {
3936					max_active_luns = 8;
3937				} else if (rs_type ==
3938					 CS_RAIDSET_PERSONALITY_RAID1){
3939					max_active_luns = 16;
3940				} else {
3941					/* XXX KDM now what?? */
3942				}
3943			}
3944		} else {
3945			/* 50% power */
3946			/*
3947			 * With 50% power in a 64 drive configuration, we
3948			 * can power all LUNs we present.
3949			 */
3950			max_active_luns = num_luns;
3951		}
3952		break;
3953	case 112:
3954		if (shelf_50pct_power == CS_FALSE) {
3955			/* 25% power */
3956			if (aor_present == CS_TRUE) {
3957				if (rs_type ==
3958				     CS_RAIDSET_PERSONALITY_RAID5) {
3959					max_active_luns = 7;
3960				} else if (rs_type ==
3961					 CS_RAIDSET_PERSONALITY_RAID1){
3962					max_active_luns = 14;
3963				} else {
3964					/* XXX KDM now what?? */
3965				}
3966			} else {
3967				if (rs_type ==
3968				     CS_RAIDSET_PERSONALITY_RAID5) {
3969					max_active_luns = 8;
3970				} else if (rs_type ==
3971					 CS_RAIDSET_PERSONALITY_RAID1){
3972					max_active_luns = 16;
3973				} else {
3974					/* XXX KDM now what?? */
3975				}
3976			}
3977		} else {
3978			/* 50% power */
3979			if (aor_present == CS_TRUE) {
3980				if (rs_type ==
3981				     CS_RAIDSET_PERSONALITY_RAID5) {
3982					max_active_luns = 14;
3983				} else if (rs_type ==
3984					 CS_RAIDSET_PERSONALITY_RAID1){
3985					/*
3986					 * We're assuming here that disk
3987					 * caching is enabled, and so we're
3988					 * able to power up half of each
3989					 * LUN, and cache all writes.
3990					 */
3991					max_active_luns = num_luns;
3992				} else {
3993					/* XXX KDM now what?? */
3994				}
3995			} else {
3996				if (rs_type ==
3997				     CS_RAIDSET_PERSONALITY_RAID5) {
3998					max_active_luns = 15;
3999				} else if (rs_type ==
4000					 CS_RAIDSET_PERSONALITY_RAID1){
4001					max_active_luns = 30;
4002				} else {
4003					/* XXX KDM now what?? */
4004				}
4005			}
4006		}
4007		break;
4008	default:
4009		/*
4010		 * In this case, we have an unknown configuration, so we
4011		 * just use the default from above.
4012		 */
4013		break;
4014	}
4015
4016	page->max_active_luns = max_active_luns;
4017#if 0
4018	printk("%s: total_luns = %d, max_active_luns = %d\n", __func__,
4019	       page->total_luns, page->max_active_luns);
4020#endif
4021}
4022#endif /* NEEDTOPORT */
4023
4024/*
4025 * This routine could be used in the future to load default and/or saved
4026 * mode page parameters for a particuar lun.
4027 */
4028static int
4029ctl_init_page_index(struct ctl_lun *lun)
4030{
4031	int i;
4032	struct ctl_page_index *page_index;
4033	struct ctl_softc *softc;
4034
4035	memcpy(&lun->mode_pages.index, page_index_template,
4036	       sizeof(page_index_template));
4037
4038	softc = lun->ctl_softc;
4039
4040	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4041
4042		page_index = &lun->mode_pages.index[i];
4043		/*
4044		 * If this is a disk-only mode page, there's no point in
4045		 * setting it up.  For some pages, we have to have some
4046		 * basic information about the disk in order to calculate the
4047		 * mode page data.
4048		 */
4049		if ((lun->be_lun->lun_type != T_DIRECT)
4050		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4051			continue;
4052
4053		switch (page_index->page_code & SMPH_PC_MASK) {
4054		case SMS_FORMAT_DEVICE_PAGE: {
4055			struct scsi_format_page *format_page;
4056
4057			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4058				panic("subpage is incorrect!");
4059
4060			/*
4061			 * Sectors per track are set above.  Bytes per
4062			 * sector need to be set here on a per-LUN basis.
4063			 */
4064			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4065			       &format_page_default,
4066			       sizeof(format_page_default));
4067			memcpy(&lun->mode_pages.format_page[
4068			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4069			       sizeof(format_page_changeable));
4070			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4071			       &format_page_default,
4072			       sizeof(format_page_default));
4073			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4074			       &format_page_default,
4075			       sizeof(format_page_default));
4076
4077			format_page = &lun->mode_pages.format_page[
4078				CTL_PAGE_CURRENT];
4079			scsi_ulto2b(lun->be_lun->blocksize,
4080				    format_page->bytes_per_sector);
4081
4082			format_page = &lun->mode_pages.format_page[
4083				CTL_PAGE_DEFAULT];
4084			scsi_ulto2b(lun->be_lun->blocksize,
4085				    format_page->bytes_per_sector);
4086
4087			format_page = &lun->mode_pages.format_page[
4088				CTL_PAGE_SAVED];
4089			scsi_ulto2b(lun->be_lun->blocksize,
4090				    format_page->bytes_per_sector);
4091
4092			page_index->page_data =
4093				(uint8_t *)lun->mode_pages.format_page;
4094			break;
4095		}
4096		case SMS_RIGID_DISK_PAGE: {
4097			struct scsi_rigid_disk_page *rigid_disk_page;
4098			uint32_t sectors_per_cylinder;
4099			uint64_t cylinders;
4100#ifndef	__XSCALE__
4101			int shift;
4102#endif /* !__XSCALE__ */
4103
4104			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4105				panic("invalid subpage value %d",
4106				      page_index->subpage);
4107
4108			/*
4109			 * Rotation rate and sectors per track are set
4110			 * above.  We calculate the cylinders here based on
4111			 * capacity.  Due to the number of heads and
4112			 * sectors per track we're using, smaller arrays
4113			 * may turn out to have 0 cylinders.  Linux and
4114			 * FreeBSD don't pay attention to these mode pages
4115			 * to figure out capacity, but Solaris does.  It
4116			 * seems to deal with 0 cylinders just fine, and
4117			 * works out a fake geometry based on the capacity.
4118			 */
4119			memcpy(&lun->mode_pages.rigid_disk_page[
4120			       CTL_PAGE_CURRENT], &rigid_disk_page_default,
4121			       sizeof(rigid_disk_page_default));
4122			memcpy(&lun->mode_pages.rigid_disk_page[
4123			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4124			       sizeof(rigid_disk_page_changeable));
4125			memcpy(&lun->mode_pages.rigid_disk_page[
4126			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4127			       sizeof(rigid_disk_page_default));
4128			memcpy(&lun->mode_pages.rigid_disk_page[
4129			       CTL_PAGE_SAVED], &rigid_disk_page_default,
4130			       sizeof(rigid_disk_page_default));
4131
4132			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4133				CTL_DEFAULT_HEADS;
4134
4135			/*
4136			 * The divide method here will be more accurate,
4137			 * probably, but results in floating point being
4138			 * used in the kernel on i386 (__udivdi3()).  On the
4139			 * XScale, though, __udivdi3() is implemented in
4140			 * software.
4141			 *
4142			 * The shift method for cylinder calculation is
4143			 * accurate if sectors_per_cylinder is a power of
4144			 * 2.  Otherwise it might be slightly off -- you
4145			 * might have a bit of a truncation problem.
4146			 */
4147#ifdef	__XSCALE__
4148			cylinders = (lun->be_lun->maxlba + 1) /
4149				sectors_per_cylinder;
4150#else
4151			for (shift = 31; shift > 0; shift--) {
4152				if (sectors_per_cylinder & (1 << shift))
4153					break;
4154			}
4155			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4156#endif
4157
4158			/*
4159			 * We've basically got 3 bytes, or 24 bits for the
4160			 * cylinder size in the mode page.  If we're over,
4161			 * just round down to 2^24.
4162			 */
4163			if (cylinders > 0xffffff)
4164				cylinders = 0xffffff;
4165
4166			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4167				CTL_PAGE_CURRENT];
4168			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4169
4170			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4171				CTL_PAGE_DEFAULT];
4172			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4173
4174			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4175				CTL_PAGE_SAVED];
4176			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4177
4178			page_index->page_data =
4179				(uint8_t *)lun->mode_pages.rigid_disk_page;
4180			break;
4181		}
4182		case SMS_CACHING_PAGE: {
4183
4184			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4185				panic("invalid subpage value %d",
4186				      page_index->subpage);
4187			/*
4188			 * Defaults should be okay here, no calculations
4189			 * needed.
4190			 */
4191			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4192			       &caching_page_default,
4193			       sizeof(caching_page_default));
4194			memcpy(&lun->mode_pages.caching_page[
4195			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4196			       sizeof(caching_page_changeable));
4197			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4198			       &caching_page_default,
4199			       sizeof(caching_page_default));
4200			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4201			       &caching_page_default,
4202			       sizeof(caching_page_default));
4203			page_index->page_data =
4204				(uint8_t *)lun->mode_pages.caching_page;
4205			break;
4206		}
4207		case SMS_CONTROL_MODE_PAGE: {
4208
4209			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4210				panic("invalid subpage value %d",
4211				      page_index->subpage);
4212
4213			/*
4214			 * Defaults should be okay here, no calculations
4215			 * needed.
4216			 */
4217			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4218			       &control_page_default,
4219			       sizeof(control_page_default));
4220			memcpy(&lun->mode_pages.control_page[
4221			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4222			       sizeof(control_page_changeable));
4223			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4224			       &control_page_default,
4225			       sizeof(control_page_default));
4226			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4227			       &control_page_default,
4228			       sizeof(control_page_default));
4229			page_index->page_data =
4230				(uint8_t *)lun->mode_pages.control_page;
4231			break;
4232
4233		}
4234		case SMS_VENDOR_SPECIFIC_PAGE:{
4235			switch (page_index->subpage) {
4236			case PWR_SUBPAGE_CODE: {
4237				struct copan_power_subpage *current_page,
4238							   *saved_page;
4239
4240				memcpy(&lun->mode_pages.power_subpage[
4241				       CTL_PAGE_CURRENT],
4242				       &power_page_default,
4243				       sizeof(power_page_default));
4244				memcpy(&lun->mode_pages.power_subpage[
4245				       CTL_PAGE_CHANGEABLE],
4246				       &power_page_changeable,
4247				       sizeof(power_page_changeable));
4248				memcpy(&lun->mode_pages.power_subpage[
4249				       CTL_PAGE_DEFAULT],
4250				       &power_page_default,
4251				       sizeof(power_page_default));
4252				memcpy(&lun->mode_pages.power_subpage[
4253				       CTL_PAGE_SAVED],
4254				       &power_page_default,
4255				       sizeof(power_page_default));
4256				page_index->page_data =
4257				    (uint8_t *)lun->mode_pages.power_subpage;
4258
4259				current_page = (struct copan_power_subpage *)
4260					(page_index->page_data +
4261					 (page_index->page_len *
4262					  CTL_PAGE_CURRENT));
4263			        saved_page = (struct copan_power_subpage *)
4264				        (page_index->page_data +
4265					 (page_index->page_len *
4266					  CTL_PAGE_SAVED));
4267				break;
4268			}
4269			case APS_SUBPAGE_CODE: {
4270				struct copan_aps_subpage *current_page,
4271							 *saved_page;
4272
4273				// This gets set multiple times but
4274				// it should always be the same. It's
4275				// only done during init so who cares.
4276				index_to_aps_page = i;
4277
4278				memcpy(&lun->mode_pages.aps_subpage[
4279				       CTL_PAGE_CURRENT],
4280				       &aps_page_default,
4281				       sizeof(aps_page_default));
4282				memcpy(&lun->mode_pages.aps_subpage[
4283				       CTL_PAGE_CHANGEABLE],
4284				       &aps_page_changeable,
4285				       sizeof(aps_page_changeable));
4286				memcpy(&lun->mode_pages.aps_subpage[
4287				       CTL_PAGE_DEFAULT],
4288				       &aps_page_default,
4289				       sizeof(aps_page_default));
4290				memcpy(&lun->mode_pages.aps_subpage[
4291				       CTL_PAGE_SAVED],
4292				       &aps_page_default,
4293				       sizeof(aps_page_default));
4294				page_index->page_data =
4295					(uint8_t *)lun->mode_pages.aps_subpage;
4296
4297				current_page = (struct copan_aps_subpage *)
4298					(page_index->page_data +
4299					 (page_index->page_len *
4300					  CTL_PAGE_CURRENT));
4301				saved_page = (struct copan_aps_subpage *)
4302					(page_index->page_data +
4303					 (page_index->page_len *
4304					  CTL_PAGE_SAVED));
4305				break;
4306			}
4307			case DBGCNF_SUBPAGE_CODE: {
4308				struct copan_debugconf_subpage *current_page,
4309							       *saved_page;
4310
4311				memcpy(&lun->mode_pages.debugconf_subpage[
4312				       CTL_PAGE_CURRENT],
4313				       &debugconf_page_default,
4314				       sizeof(debugconf_page_default));
4315				memcpy(&lun->mode_pages.debugconf_subpage[
4316				       CTL_PAGE_CHANGEABLE],
4317				       &debugconf_page_changeable,
4318				       sizeof(debugconf_page_changeable));
4319				memcpy(&lun->mode_pages.debugconf_subpage[
4320				       CTL_PAGE_DEFAULT],
4321				       &debugconf_page_default,
4322				       sizeof(debugconf_page_default));
4323				memcpy(&lun->mode_pages.debugconf_subpage[
4324				       CTL_PAGE_SAVED],
4325				       &debugconf_page_default,
4326				       sizeof(debugconf_page_default));
4327				page_index->page_data =
4328					(uint8_t *)lun->mode_pages.debugconf_subpage;
4329
4330				current_page = (struct copan_debugconf_subpage *)
4331					(page_index->page_data +
4332					 (page_index->page_len *
4333					  CTL_PAGE_CURRENT));
4334				saved_page = (struct copan_debugconf_subpage *)
4335					(page_index->page_data +
4336					 (page_index->page_len *
4337					  CTL_PAGE_SAVED));
4338				break;
4339			}
4340			default:
4341				panic("invalid subpage value %d",
4342				      page_index->subpage);
4343				break;
4344			}
4345   			break;
4346		}
4347		default:
4348			panic("invalid page value %d",
4349			      page_index->page_code & SMPH_PC_MASK);
4350			break;
4351    	}
4352	}
4353
4354	return (CTL_RETVAL_COMPLETE);
4355}
4356
4357/*
4358 * LUN allocation.
4359 *
4360 * Requirements:
4361 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4362 *   wants us to allocate the LUN and he can block.
4363 * - ctl_softc is always set
4364 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4365 *
4366 * Returns 0 for success, non-zero (errno) for failure.
4367 */
4368static int
4369ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4370	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4371{
4372	struct ctl_lun *nlun, *lun;
4373	struct ctl_port *port;
4374	struct scsi_vpd_id_descriptor *desc;
4375	struct scsi_vpd_id_t10 *t10id;
4376	const char *scsiname, *vendor;
4377	int lun_number, i, lun_malloced;
4378	int devidlen, idlen1, idlen2 = 0, len;
4379
4380	if (be_lun == NULL)
4381		return (EINVAL);
4382
4383	/*
4384	 * We currently only support Direct Access or Processor LUN types.
4385	 */
4386	switch (be_lun->lun_type) {
4387	case T_DIRECT:
4388		break;
4389	case T_PROCESSOR:
4390		break;
4391	case T_SEQUENTIAL:
4392	case T_CHANGER:
4393	default:
4394		be_lun->lun_config_status(be_lun->be_lun,
4395					  CTL_LUN_CONFIG_FAILURE);
4396		break;
4397	}
4398	if (ctl_lun == NULL) {
4399		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4400		lun_malloced = 1;
4401	} else {
4402		lun_malloced = 0;
4403		lun = ctl_lun;
4404	}
4405
4406	memset(lun, 0, sizeof(*lun));
4407	if (lun_malloced)
4408		lun->flags = CTL_LUN_MALLOCED;
4409
4410	/* Generate LUN ID. */
4411	devidlen = max(CTL_DEVID_MIN_LEN,
4412	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4413	idlen1 = sizeof(*t10id) + devidlen;
4414	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4415	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4416	if (scsiname != NULL) {
4417		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4418		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4419	}
4420	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4421	    M_CTL, M_WAITOK | M_ZERO);
4422	lun->lun_devid->len = len;
4423	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4424	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4425	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4426	desc->length = idlen1;
4427	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4428	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4429	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4430		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4431	} else {
4432		strncpy(t10id->vendor, vendor,
4433		    min(sizeof(t10id->vendor), strlen(vendor)));
4434	}
4435	strncpy((char *)t10id->vendor_spec_id,
4436	    (char *)be_lun->device_id, devidlen);
4437	if (scsiname != NULL) {
4438		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4439		    desc->length);
4440		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4441		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4442		    SVPD_ID_TYPE_SCSI_NAME;
4443		desc->length = idlen2;
4444		strlcpy(desc->identifier, scsiname, idlen2);
4445	}
4446
4447	mtx_lock(&ctl_softc->ctl_lock);
4448	/*
4449	 * See if the caller requested a particular LUN number.  If so, see
4450	 * if it is available.  Otherwise, allocate the first available LUN.
4451	 */
4452	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4453		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4454		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4455			mtx_unlock(&ctl_softc->ctl_lock);
4456			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4457				printf("ctl: requested LUN ID %d is higher "
4458				       "than CTL_MAX_LUNS - 1 (%d)\n",
4459				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4460			} else {
4461				/*
4462				 * XXX KDM return an error, or just assign
4463				 * another LUN ID in this case??
4464				 */
4465				printf("ctl: requested LUN ID %d is already "
4466				       "in use\n", be_lun->req_lun_id);
4467			}
4468			if (lun->flags & CTL_LUN_MALLOCED)
4469				free(lun, M_CTL);
4470			be_lun->lun_config_status(be_lun->be_lun,
4471						  CTL_LUN_CONFIG_FAILURE);
4472			return (ENOSPC);
4473		}
4474		lun_number = be_lun->req_lun_id;
4475	} else {
4476		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4477		if (lun_number == -1) {
4478			mtx_unlock(&ctl_softc->ctl_lock);
4479			printf("ctl: can't allocate LUN on target %ju, out of "
4480			       "LUNs\n", (uintmax_t)target_id.id);
4481			if (lun->flags & CTL_LUN_MALLOCED)
4482				free(lun, M_CTL);
4483			be_lun->lun_config_status(be_lun->be_lun,
4484						  CTL_LUN_CONFIG_FAILURE);
4485			return (ENOSPC);
4486		}
4487	}
4488	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4489
4490	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4491	lun->target = target_id;
4492	lun->lun = lun_number;
4493	lun->be_lun = be_lun;
4494	/*
4495	 * The processor LUN is always enabled.  Disk LUNs come on line
4496	 * disabled, and must be enabled by the backend.
4497	 */
4498	lun->flags |= CTL_LUN_DISABLED;
4499	lun->backend = be_lun->be;
4500	be_lun->ctl_lun = lun;
4501	be_lun->lun_id = lun_number;
4502	atomic_add_int(&be_lun->be->num_luns, 1);
4503	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4504		lun->flags |= CTL_LUN_STOPPED;
4505
4506	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4507		lun->flags |= CTL_LUN_INOPERABLE;
4508
4509	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4510		lun->flags |= CTL_LUN_PRIMARY_SC;
4511
4512	lun->ctl_softc = ctl_softc;
4513	TAILQ_INIT(&lun->ooa_queue);
4514	TAILQ_INIT(&lun->blocked_queue);
4515	STAILQ_INIT(&lun->error_list);
4516
4517	/*
4518	 * Initialize the mode page index.
4519	 */
4520	ctl_init_page_index(lun);
4521
4522	/*
4523	 * Set the poweron UA for all initiators on this LUN only.
4524	 */
4525	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4526		lun->pending_sense[i].ua_pending = CTL_UA_POWERON;
4527
4528	/*
4529	 * Now, before we insert this lun on the lun list, set the lun
4530	 * inventory changed UA for all other luns.
4531	 */
4532	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4533		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4534			nlun->pending_sense[i].ua_pending |= CTL_UA_LUN_CHANGE;
4535		}
4536	}
4537
4538	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4539
4540	ctl_softc->ctl_luns[lun_number] = lun;
4541
4542	ctl_softc->num_luns++;
4543
4544	/* Setup statistics gathering */
4545	lun->stats.device_type = be_lun->lun_type;
4546	lun->stats.lun_number = lun_number;
4547	if (lun->stats.device_type == T_DIRECT)
4548		lun->stats.blocksize = be_lun->blocksize;
4549	else
4550		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4551	for (i = 0;i < CTL_MAX_PORTS;i++)
4552		lun->stats.ports[i].targ_port = i;
4553
4554	mtx_unlock(&ctl_softc->ctl_lock);
4555
4556	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4557
4558	/*
4559	 * Run through each registered FETD and bring it online if it isn't
4560	 * already.  Enable the target ID if it hasn't been enabled, and
4561	 * enable this particular LUN.
4562	 */
4563	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4564		int retval;
4565
4566		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4567		if (retval != 0) {
4568			printf("ctl_alloc_lun: FETD %s port %d returned error "
4569			       "%d for lun_enable on target %ju lun %d\n",
4570			       port->port_name, port->targ_port, retval,
4571			       (uintmax_t)target_id.id, lun_number);
4572		} else
4573			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4574	}
4575	return (0);
4576}
4577
4578/*
4579 * Delete a LUN.
4580 * Assumptions:
4581 * - LUN has already been marked invalid and any pending I/O has been taken
4582 *   care of.
4583 */
4584static int
4585ctl_free_lun(struct ctl_lun *lun)
4586{
4587	struct ctl_softc *softc;
4588#if 0
4589	struct ctl_port *port;
4590#endif
4591	struct ctl_lun *nlun;
4592	int i;
4593
4594	softc = lun->ctl_softc;
4595
4596	mtx_assert(&softc->ctl_lock, MA_OWNED);
4597
4598	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4599
4600	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4601
4602	softc->ctl_luns[lun->lun] = NULL;
4603
4604	if (!TAILQ_EMPTY(&lun->ooa_queue))
4605		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4606
4607	softc->num_luns--;
4608
4609	/*
4610	 * XXX KDM this scheme only works for a single target/multiple LUN
4611	 * setup.  It needs to be revamped for a multiple target scheme.
4612	 *
4613	 * XXX KDM this results in port->lun_disable() getting called twice,
4614	 * once when ctl_disable_lun() is called, and a second time here.
4615	 * We really need to re-think the LUN disable semantics.  There
4616	 * should probably be several steps/levels to LUN removal:
4617	 *  - disable
4618	 *  - invalidate
4619	 *  - free
4620 	 *
4621	 * Right now we only have a disable method when communicating to
4622	 * the front end ports, at least for individual LUNs.
4623	 */
4624#if 0
4625	STAILQ_FOREACH(port, &softc->port_list, links) {
4626		int retval;
4627
4628		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4629					 lun->lun);
4630		if (retval != 0) {
4631			printf("ctl_free_lun: FETD %s port %d returned error "
4632			       "%d for lun_disable on target %ju lun %jd\n",
4633			       port->port_name, port->targ_port, retval,
4634			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4635		}
4636
4637		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4638			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4639
4640			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4641			if (retval != 0) {
4642				printf("ctl_free_lun: FETD %s port %d "
4643				       "returned error %d for targ_disable on "
4644				       "target %ju\n", port->port_name,
4645				       port->targ_port, retval,
4646				       (uintmax_t)lun->target.id);
4647			} else
4648				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4649
4650			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4651				continue;
4652
4653#if 0
4654			port->port_offline(port->onoff_arg);
4655			port->status &= ~CTL_PORT_STATUS_ONLINE;
4656#endif
4657		}
4658	}
4659#endif
4660
4661	/*
4662	 * Tell the backend to free resources, if this LUN has a backend.
4663	 */
4664	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4665	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4666
4667	mtx_destroy(&lun->lun_lock);
4668	free(lun->lun_devid, M_CTL);
4669	if (lun->flags & CTL_LUN_MALLOCED)
4670		free(lun, M_CTL);
4671
4672	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4673		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4674			nlun->pending_sense[i].ua_pending |= CTL_UA_LUN_CHANGE;
4675		}
4676	}
4677
4678	return (0);
4679}
4680
4681static void
4682ctl_create_lun(struct ctl_be_lun *be_lun)
4683{
4684	struct ctl_softc *ctl_softc;
4685
4686	ctl_softc = control_softc;
4687
4688	/*
4689	 * ctl_alloc_lun() should handle all potential failure cases.
4690	 */
4691	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4692}
4693
4694int
4695ctl_add_lun(struct ctl_be_lun *be_lun)
4696{
4697	struct ctl_softc *ctl_softc = control_softc;
4698
4699	mtx_lock(&ctl_softc->ctl_lock);
4700	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4701	mtx_unlock(&ctl_softc->ctl_lock);
4702	wakeup(&ctl_softc->pending_lun_queue);
4703
4704	return (0);
4705}
4706
4707int
4708ctl_enable_lun(struct ctl_be_lun *be_lun)
4709{
4710	struct ctl_softc *ctl_softc;
4711	struct ctl_port *port, *nport;
4712	struct ctl_lun *lun;
4713	int retval;
4714
4715	ctl_softc = control_softc;
4716
4717	lun = (struct ctl_lun *)be_lun->ctl_lun;
4718
4719	mtx_lock(&ctl_softc->ctl_lock);
4720	mtx_lock(&lun->lun_lock);
4721	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4722		/*
4723		 * eh?  Why did we get called if the LUN is already
4724		 * enabled?
4725		 */
4726		mtx_unlock(&lun->lun_lock);
4727		mtx_unlock(&ctl_softc->ctl_lock);
4728		return (0);
4729	}
4730	lun->flags &= ~CTL_LUN_DISABLED;
4731	mtx_unlock(&lun->lun_lock);
4732
4733	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
4734		nport = STAILQ_NEXT(port, links);
4735
4736		/*
4737		 * Drop the lock while we call the FETD's enable routine.
4738		 * This can lead to a callback into CTL (at least in the
4739		 * case of the internal initiator frontend.
4740		 */
4741		mtx_unlock(&ctl_softc->ctl_lock);
4742		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4743		mtx_lock(&ctl_softc->ctl_lock);
4744		if (retval != 0) {
4745			printf("%s: FETD %s port %d returned error "
4746			       "%d for lun_enable on target %ju lun %jd\n",
4747			       __func__, port->port_name, port->targ_port, retval,
4748			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4749		}
4750#if 0
4751		 else {
4752            /* NOTE:  TODO:  why does lun enable affect port status? */
4753			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4754		}
4755#endif
4756	}
4757
4758	mtx_unlock(&ctl_softc->ctl_lock);
4759
4760	return (0);
4761}
4762
4763int
4764ctl_disable_lun(struct ctl_be_lun *be_lun)
4765{
4766	struct ctl_softc *ctl_softc;
4767	struct ctl_port *port;
4768	struct ctl_lun *lun;
4769	int retval;
4770
4771	ctl_softc = control_softc;
4772
4773	lun = (struct ctl_lun *)be_lun->ctl_lun;
4774
4775	mtx_lock(&ctl_softc->ctl_lock);
4776	mtx_lock(&lun->lun_lock);
4777	if (lun->flags & CTL_LUN_DISABLED) {
4778		mtx_unlock(&lun->lun_lock);
4779		mtx_unlock(&ctl_softc->ctl_lock);
4780		return (0);
4781	}
4782	lun->flags |= CTL_LUN_DISABLED;
4783	mtx_unlock(&lun->lun_lock);
4784
4785	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4786		mtx_unlock(&ctl_softc->ctl_lock);
4787		/*
4788		 * Drop the lock before we call the frontend's disable
4789		 * routine, to avoid lock order reversals.
4790		 *
4791		 * XXX KDM what happens if the frontend list changes while
4792		 * we're traversing it?  It's unlikely, but should be handled.
4793		 */
4794		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4795					 lun->lun);
4796		mtx_lock(&ctl_softc->ctl_lock);
4797		if (retval != 0) {
4798			printf("ctl_alloc_lun: FETD %s port %d returned error "
4799			       "%d for lun_disable on target %ju lun %jd\n",
4800			       port->port_name, port->targ_port, retval,
4801			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4802		}
4803	}
4804
4805	mtx_unlock(&ctl_softc->ctl_lock);
4806
4807	return (0);
4808}
4809
4810int
4811ctl_start_lun(struct ctl_be_lun *be_lun)
4812{
4813	struct ctl_softc *ctl_softc;
4814	struct ctl_lun *lun;
4815
4816	ctl_softc = control_softc;
4817
4818	lun = (struct ctl_lun *)be_lun->ctl_lun;
4819
4820	mtx_lock(&lun->lun_lock);
4821	lun->flags &= ~CTL_LUN_STOPPED;
4822	mtx_unlock(&lun->lun_lock);
4823
4824	return (0);
4825}
4826
4827int
4828ctl_stop_lun(struct ctl_be_lun *be_lun)
4829{
4830	struct ctl_softc *ctl_softc;
4831	struct ctl_lun *lun;
4832
4833	ctl_softc = control_softc;
4834
4835	lun = (struct ctl_lun *)be_lun->ctl_lun;
4836
4837	mtx_lock(&lun->lun_lock);
4838	lun->flags |= CTL_LUN_STOPPED;
4839	mtx_unlock(&lun->lun_lock);
4840
4841	return (0);
4842}
4843
4844int
4845ctl_lun_offline(struct ctl_be_lun *be_lun)
4846{
4847	struct ctl_softc *ctl_softc;
4848	struct ctl_lun *lun;
4849
4850	ctl_softc = control_softc;
4851
4852	lun = (struct ctl_lun *)be_lun->ctl_lun;
4853
4854	mtx_lock(&lun->lun_lock);
4855	lun->flags |= CTL_LUN_OFFLINE;
4856	mtx_unlock(&lun->lun_lock);
4857
4858	return (0);
4859}
4860
4861int
4862ctl_lun_online(struct ctl_be_lun *be_lun)
4863{
4864	struct ctl_softc *ctl_softc;
4865	struct ctl_lun *lun;
4866
4867	ctl_softc = control_softc;
4868
4869	lun = (struct ctl_lun *)be_lun->ctl_lun;
4870
4871	mtx_lock(&lun->lun_lock);
4872	lun->flags &= ~CTL_LUN_OFFLINE;
4873	mtx_unlock(&lun->lun_lock);
4874
4875	return (0);
4876}
4877
4878int
4879ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4880{
4881	struct ctl_softc *ctl_softc;
4882	struct ctl_lun *lun;
4883
4884	ctl_softc = control_softc;
4885
4886	lun = (struct ctl_lun *)be_lun->ctl_lun;
4887
4888	mtx_lock(&lun->lun_lock);
4889
4890	/*
4891	 * The LUN needs to be disabled before it can be marked invalid.
4892	 */
4893	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4894		mtx_unlock(&lun->lun_lock);
4895		return (-1);
4896	}
4897	/*
4898	 * Mark the LUN invalid.
4899	 */
4900	lun->flags |= CTL_LUN_INVALID;
4901
4902	/*
4903	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4904	 * If we have something in the OOA queue, we'll free it when the
4905	 * last I/O completes.
4906	 */
4907	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4908		mtx_unlock(&lun->lun_lock);
4909		mtx_lock(&ctl_softc->ctl_lock);
4910		ctl_free_lun(lun);
4911		mtx_unlock(&ctl_softc->ctl_lock);
4912	} else
4913		mtx_unlock(&lun->lun_lock);
4914
4915	return (0);
4916}
4917
4918int
4919ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4920{
4921	struct ctl_softc *ctl_softc;
4922	struct ctl_lun *lun;
4923
4924	ctl_softc = control_softc;
4925	lun = (struct ctl_lun *)be_lun->ctl_lun;
4926
4927	mtx_lock(&lun->lun_lock);
4928	lun->flags |= CTL_LUN_INOPERABLE;
4929	mtx_unlock(&lun->lun_lock);
4930
4931	return (0);
4932}
4933
4934int
4935ctl_lun_operable(struct ctl_be_lun *be_lun)
4936{
4937	struct ctl_softc *ctl_softc;
4938	struct ctl_lun *lun;
4939
4940	ctl_softc = control_softc;
4941	lun = (struct ctl_lun *)be_lun->ctl_lun;
4942
4943	mtx_lock(&lun->lun_lock);
4944	lun->flags &= ~CTL_LUN_INOPERABLE;
4945	mtx_unlock(&lun->lun_lock);
4946
4947	return (0);
4948}
4949
4950int
4951ctl_lun_power_lock(struct ctl_be_lun *be_lun, struct ctl_nexus *nexus,
4952		   int lock)
4953{
4954	struct ctl_softc *softc;
4955	struct ctl_lun *lun;
4956	struct copan_aps_subpage *current_sp;
4957	struct ctl_page_index *page_index;
4958	int i;
4959
4960	softc = control_softc;
4961
4962	mtx_lock(&softc->ctl_lock);
4963
4964	lun = (struct ctl_lun *)be_lun->ctl_lun;
4965	mtx_lock(&lun->lun_lock);
4966
4967	page_index = NULL;
4968	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4969		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
4970		     APS_PAGE_CODE)
4971			continue;
4972
4973		if (lun->mode_pages.index[i].subpage != APS_SUBPAGE_CODE)
4974			continue;
4975		page_index = &lun->mode_pages.index[i];
4976	}
4977
4978	if (page_index == NULL) {
4979		mtx_unlock(&lun->lun_lock);
4980		mtx_unlock(&softc->ctl_lock);
4981		printf("%s: APS subpage not found for lun %ju!\n", __func__,
4982		       (uintmax_t)lun->lun);
4983		return (1);
4984	}
4985#if 0
4986	if ((softc->aps_locked_lun != 0)
4987	 && (softc->aps_locked_lun != lun->lun)) {
4988		printf("%s: attempt to lock LUN %llu when %llu is already "
4989		       "locked\n");
4990		mtx_unlock(&lun->lun_lock);
4991		mtx_unlock(&softc->ctl_lock);
4992		return (1);
4993	}
4994#endif
4995
4996	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
4997		(page_index->page_len * CTL_PAGE_CURRENT));
4998
4999	if (lock != 0) {
5000		current_sp->lock_active = APS_LOCK_ACTIVE;
5001		softc->aps_locked_lun = lun->lun;
5002	} else {
5003		current_sp->lock_active = 0;
5004		softc->aps_locked_lun = 0;
5005	}
5006
5007
5008	/*
5009	 * If we're in HA mode, try to send the lock message to the other
5010	 * side.
5011	 */
5012	if (ctl_is_single == 0) {
5013		int isc_retval;
5014		union ctl_ha_msg lock_msg;
5015
5016		lock_msg.hdr.nexus = *nexus;
5017		lock_msg.hdr.msg_type = CTL_MSG_APS_LOCK;
5018		if (lock != 0)
5019			lock_msg.aps.lock_flag = 1;
5020		else
5021			lock_msg.aps.lock_flag = 0;
5022		isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &lock_msg,
5023					 sizeof(lock_msg), 0);
5024		if (isc_retval > CTL_HA_STATUS_SUCCESS) {
5025			printf("%s: APS (lock=%d) error returned from "
5026			       "ctl_ha_msg_send: %d\n", __func__, lock, isc_retval);
5027			mtx_unlock(&lun->lun_lock);
5028			mtx_unlock(&softc->ctl_lock);
5029			return (1);
5030		}
5031	}
5032
5033	mtx_unlock(&lun->lun_lock);
5034	mtx_unlock(&softc->ctl_lock);
5035
5036	return (0);
5037}
5038
5039void
5040ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5041{
5042	struct ctl_lun *lun;
5043	struct ctl_softc *softc;
5044	int i;
5045
5046	softc = control_softc;
5047
5048	lun = (struct ctl_lun *)be_lun->ctl_lun;
5049
5050	mtx_lock(&lun->lun_lock);
5051
5052	for (i = 0; i < CTL_MAX_INITIATORS; i++)
5053		lun->pending_sense[i].ua_pending |= CTL_UA_CAPACITY_CHANGED;
5054
5055	mtx_unlock(&lun->lun_lock);
5056}
5057
5058/*
5059 * Backend "memory move is complete" callback for requests that never
5060 * make it down to say RAIDCore's configuration code.
5061 */
5062int
5063ctl_config_move_done(union ctl_io *io)
5064{
5065	int retval;
5066
5067	retval = CTL_RETVAL_COMPLETE;
5068
5069
5070	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5071	/*
5072	 * XXX KDM this shouldn't happen, but what if it does?
5073	 */
5074	if (io->io_hdr.io_type != CTL_IO_SCSI)
5075		panic("I/O type isn't CTL_IO_SCSI!");
5076
5077	if ((io->io_hdr.port_status == 0)
5078	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5079	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
5080		io->io_hdr.status = CTL_SUCCESS;
5081	else if ((io->io_hdr.port_status != 0)
5082	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5083	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
5084		/*
5085		 * For hardware error sense keys, the sense key
5086		 * specific value is defined to be a retry count,
5087		 * but we use it to pass back an internal FETD
5088		 * error code.  XXX KDM  Hopefully the FETD is only
5089		 * using 16 bits for an error code, since that's
5090		 * all the space we have in the sks field.
5091		 */
5092		ctl_set_internal_failure(&io->scsiio,
5093					 /*sks_valid*/ 1,
5094					 /*retry_count*/
5095					 io->io_hdr.port_status);
5096		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5097			free(io->scsiio.kern_data_ptr, M_CTL);
5098		ctl_done(io);
5099		goto bailout;
5100	}
5101
5102	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
5103	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
5104	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5105		/*
5106		 * XXX KDM just assuming a single pointer here, and not a
5107		 * S/G list.  If we start using S/G lists for config data,
5108		 * we'll need to know how to clean them up here as well.
5109		 */
5110		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5111			free(io->scsiio.kern_data_ptr, M_CTL);
5112		/* Hopefully the user has already set the status... */
5113		ctl_done(io);
5114	} else {
5115		/*
5116		 * XXX KDM now we need to continue data movement.  Some
5117		 * options:
5118		 * - call ctl_scsiio() again?  We don't do this for data
5119		 *   writes, because for those at least we know ahead of
5120		 *   time where the write will go and how long it is.  For
5121		 *   config writes, though, that information is largely
5122		 *   contained within the write itself, thus we need to
5123		 *   parse out the data again.
5124		 *
5125		 * - Call some other function once the data is in?
5126		 */
5127
5128		/*
5129		 * XXX KDM call ctl_scsiio() again for now, and check flag
5130		 * bits to see whether we're allocated or not.
5131		 */
5132		retval = ctl_scsiio(&io->scsiio);
5133	}
5134bailout:
5135	return (retval);
5136}
5137
5138/*
5139 * This gets called by a backend driver when it is done with a
5140 * data_submit method.
5141 */
5142void
5143ctl_data_submit_done(union ctl_io *io)
5144{
5145	/*
5146	 * If the IO_CONT flag is set, we need to call the supplied
5147	 * function to continue processing the I/O, instead of completing
5148	 * the I/O just yet.
5149	 *
5150	 * If there is an error, though, we don't want to keep processing.
5151	 * Instead, just send status back to the initiator.
5152	 */
5153	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5154	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5155	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5156	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5157		io->scsiio.io_cont(io);
5158		return;
5159	}
5160	ctl_done(io);
5161}
5162
5163/*
5164 * This gets called by a backend driver when it is done with a
5165 * configuration write.
5166 */
5167void
5168ctl_config_write_done(union ctl_io *io)
5169{
5170	/*
5171	 * If the IO_CONT flag is set, we need to call the supplied
5172	 * function to continue processing the I/O, instead of completing
5173	 * the I/O just yet.
5174	 *
5175	 * If there is an error, though, we don't want to keep processing.
5176	 * Instead, just send status back to the initiator.
5177	 */
5178	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT)
5179	 && (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)
5180	  || ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))) {
5181		io->scsiio.io_cont(io);
5182		return;
5183	}
5184	/*
5185	 * Since a configuration write can be done for commands that actually
5186	 * have data allocated, like write buffer, and commands that have
5187	 * no data, like start/stop unit, we need to check here.
5188	 */
5189	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
5190		free(io->scsiio.kern_data_ptr, M_CTL);
5191	ctl_done(io);
5192}
5193
5194/*
5195 * SCSI release command.
5196 */
5197int
5198ctl_scsi_release(struct ctl_scsiio *ctsio)
5199{
5200	int length, longid, thirdparty_id, resv_id;
5201	struct ctl_softc *ctl_softc;
5202	struct ctl_lun *lun;
5203
5204	length = 0;
5205	resv_id = 0;
5206
5207	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5208
5209	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5210	ctl_softc = control_softc;
5211
5212	switch (ctsio->cdb[0]) {
5213	case RELEASE_10: {
5214		struct scsi_release_10 *cdb;
5215
5216		cdb = (struct scsi_release_10 *)ctsio->cdb;
5217
5218		if (cdb->byte2 & SR10_LONGID)
5219			longid = 1;
5220		else
5221			thirdparty_id = cdb->thirdparty_id;
5222
5223		resv_id = cdb->resv_id;
5224		length = scsi_2btoul(cdb->length);
5225		break;
5226	}
5227	}
5228
5229
5230	/*
5231	 * XXX KDM right now, we only support LUN reservation.  We don't
5232	 * support 3rd party reservations, or extent reservations, which
5233	 * might actually need the parameter list.  If we've gotten this
5234	 * far, we've got a LUN reservation.  Anything else got kicked out
5235	 * above.  So, according to SPC, ignore the length.
5236	 */
5237	length = 0;
5238
5239	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5240	 && (length > 0)) {
5241		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5242		ctsio->kern_data_len = length;
5243		ctsio->kern_total_len = length;
5244		ctsio->kern_data_resid = 0;
5245		ctsio->kern_rel_offset = 0;
5246		ctsio->kern_sg_entries = 0;
5247		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5248		ctsio->be_move_done = ctl_config_move_done;
5249		ctl_datamove((union ctl_io *)ctsio);
5250
5251		return (CTL_RETVAL_COMPLETE);
5252	}
5253
5254	if (length > 0)
5255		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5256
5257	mtx_lock(&lun->lun_lock);
5258
5259	/*
5260	 * According to SPC, it is not an error for an intiator to attempt
5261	 * to release a reservation on a LUN that isn't reserved, or that
5262	 * is reserved by another initiator.  The reservation can only be
5263	 * released, though, by the initiator who made it or by one of
5264	 * several reset type events.
5265	 */
5266	if (lun->flags & CTL_LUN_RESERVED) {
5267		if ((ctsio->io_hdr.nexus.initid.id == lun->rsv_nexus.initid.id)
5268		 && (ctsio->io_hdr.nexus.targ_port == lun->rsv_nexus.targ_port)
5269		 && (ctsio->io_hdr.nexus.targ_target.id ==
5270		     lun->rsv_nexus.targ_target.id)) {
5271			lun->flags &= ~CTL_LUN_RESERVED;
5272		}
5273	}
5274
5275	mtx_unlock(&lun->lun_lock);
5276
5277	ctsio->scsi_status = SCSI_STATUS_OK;
5278	ctsio->io_hdr.status = CTL_SUCCESS;
5279
5280	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5281		free(ctsio->kern_data_ptr, M_CTL);
5282		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5283	}
5284
5285	ctl_done((union ctl_io *)ctsio);
5286	return (CTL_RETVAL_COMPLETE);
5287}
5288
5289int
5290ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5291{
5292	int extent, thirdparty, longid;
5293	int resv_id, length;
5294	uint64_t thirdparty_id;
5295	struct ctl_softc *ctl_softc;
5296	struct ctl_lun *lun;
5297
5298	extent = 0;
5299	thirdparty = 0;
5300	longid = 0;
5301	resv_id = 0;
5302	length = 0;
5303	thirdparty_id = 0;
5304
5305	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5306
5307	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5308	ctl_softc = control_softc;
5309
5310	switch (ctsio->cdb[0]) {
5311	case RESERVE_10: {
5312		struct scsi_reserve_10 *cdb;
5313
5314		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5315
5316		if (cdb->byte2 & SR10_LONGID)
5317			longid = 1;
5318		else
5319			thirdparty_id = cdb->thirdparty_id;
5320
5321		resv_id = cdb->resv_id;
5322		length = scsi_2btoul(cdb->length);
5323		break;
5324	}
5325	}
5326
5327	/*
5328	 * XXX KDM right now, we only support LUN reservation.  We don't
5329	 * support 3rd party reservations, or extent reservations, which
5330	 * might actually need the parameter list.  If we've gotten this
5331	 * far, we've got a LUN reservation.  Anything else got kicked out
5332	 * above.  So, according to SPC, ignore the length.
5333	 */
5334	length = 0;
5335
5336	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5337	 && (length > 0)) {
5338		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5339		ctsio->kern_data_len = length;
5340		ctsio->kern_total_len = length;
5341		ctsio->kern_data_resid = 0;
5342		ctsio->kern_rel_offset = 0;
5343		ctsio->kern_sg_entries = 0;
5344		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5345		ctsio->be_move_done = ctl_config_move_done;
5346		ctl_datamove((union ctl_io *)ctsio);
5347
5348		return (CTL_RETVAL_COMPLETE);
5349	}
5350
5351	if (length > 0)
5352		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5353
5354	mtx_lock(&lun->lun_lock);
5355	if (lun->flags & CTL_LUN_RESERVED) {
5356		if ((ctsio->io_hdr.nexus.initid.id != lun->rsv_nexus.initid.id)
5357		 || (ctsio->io_hdr.nexus.targ_port != lun->rsv_nexus.targ_port)
5358		 || (ctsio->io_hdr.nexus.targ_target.id !=
5359		     lun->rsv_nexus.targ_target.id)) {
5360			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
5361			ctsio->io_hdr.status = CTL_SCSI_ERROR;
5362			goto bailout;
5363		}
5364	}
5365
5366	lun->flags |= CTL_LUN_RESERVED;
5367	lun->rsv_nexus = ctsio->io_hdr.nexus;
5368
5369	ctsio->scsi_status = SCSI_STATUS_OK;
5370	ctsio->io_hdr.status = CTL_SUCCESS;
5371
5372bailout:
5373	mtx_unlock(&lun->lun_lock);
5374
5375	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5376		free(ctsio->kern_data_ptr, M_CTL);
5377		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5378	}
5379
5380	ctl_done((union ctl_io *)ctsio);
5381	return (CTL_RETVAL_COMPLETE);
5382}
5383
5384int
5385ctl_start_stop(struct ctl_scsiio *ctsio)
5386{
5387	struct scsi_start_stop_unit *cdb;
5388	struct ctl_lun *lun;
5389	struct ctl_softc *ctl_softc;
5390	int retval;
5391
5392	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5393
5394	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5395	ctl_softc = control_softc;
5396	retval = 0;
5397
5398	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5399
5400	/*
5401	 * XXX KDM
5402	 * We don't support the immediate bit on a stop unit.  In order to
5403	 * do that, we would need to code up a way to know that a stop is
5404	 * pending, and hold off any new commands until it completes, one
5405	 * way or another.  Then we could accept or reject those commands
5406	 * depending on its status.  We would almost need to do the reverse
5407	 * of what we do below for an immediate start -- return the copy of
5408	 * the ctl_io to the FETD with status to send to the host (and to
5409	 * free the copy!) and then free the original I/O once the stop
5410	 * actually completes.  That way, the OOA queue mechanism can work
5411	 * to block commands that shouldn't proceed.  Another alternative
5412	 * would be to put the copy in the queue in place of the original,
5413	 * and return the original back to the caller.  That could be
5414	 * slightly safer..
5415	 */
5416	if ((cdb->byte2 & SSS_IMMED)
5417	 && ((cdb->how & SSS_START) == 0)) {
5418		ctl_set_invalid_field(ctsio,
5419				      /*sks_valid*/ 1,
5420				      /*command*/ 1,
5421				      /*field*/ 1,
5422				      /*bit_valid*/ 1,
5423				      /*bit*/ 0);
5424		ctl_done((union ctl_io *)ctsio);
5425		return (CTL_RETVAL_COMPLETE);
5426	}
5427
5428	if ((lun->flags & CTL_LUN_PR_RESERVED)
5429	 && ((cdb->how & SSS_START)==0)) {
5430		uint32_t residx;
5431
5432		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5433		if (!lun->per_res[residx].registered
5434		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5435
5436			ctl_set_reservation_conflict(ctsio);
5437			ctl_done((union ctl_io *)ctsio);
5438			return (CTL_RETVAL_COMPLETE);
5439		}
5440	}
5441
5442	/*
5443	 * If there is no backend on this device, we can't start or stop
5444	 * it.  In theory we shouldn't get any start/stop commands in the
5445	 * first place at this level if the LUN doesn't have a backend.
5446	 * That should get stopped by the command decode code.
5447	 */
5448	if (lun->backend == NULL) {
5449		ctl_set_invalid_opcode(ctsio);
5450		ctl_done((union ctl_io *)ctsio);
5451		return (CTL_RETVAL_COMPLETE);
5452	}
5453
5454	/*
5455	 * XXX KDM Copan-specific offline behavior.
5456	 * Figure out a reasonable way to port this?
5457	 */
5458#ifdef NEEDTOPORT
5459	mtx_lock(&lun->lun_lock);
5460
5461	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5462	 && (lun->flags & CTL_LUN_OFFLINE)) {
5463		/*
5464		 * If the LUN is offline, and the on/offline bit isn't set,
5465		 * reject the start or stop.  Otherwise, let it through.
5466		 */
5467		mtx_unlock(&lun->lun_lock);
5468		ctl_set_lun_not_ready(ctsio);
5469		ctl_done((union ctl_io *)ctsio);
5470	} else {
5471		mtx_unlock(&lun->lun_lock);
5472#endif /* NEEDTOPORT */
5473		/*
5474		 * This could be a start or a stop when we're online,
5475		 * or a stop/offline or start/online.  A start or stop when
5476		 * we're offline is covered in the case above.
5477		 */
5478		/*
5479		 * In the non-immediate case, we send the request to
5480		 * the backend and return status to the user when
5481		 * it is done.
5482		 *
5483		 * In the immediate case, we allocate a new ctl_io
5484		 * to hold a copy of the request, and send that to
5485		 * the backend.  We then set good status on the
5486		 * user's request and return it immediately.
5487		 */
5488		if (cdb->byte2 & SSS_IMMED) {
5489			union ctl_io *new_io;
5490
5491			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5492			if (new_io == NULL) {
5493				ctl_set_busy(ctsio);
5494				ctl_done((union ctl_io *)ctsio);
5495			} else {
5496				ctl_copy_io((union ctl_io *)ctsio,
5497					    new_io);
5498				retval = lun->backend->config_write(new_io);
5499				ctl_set_success(ctsio);
5500				ctl_done((union ctl_io *)ctsio);
5501			}
5502		} else {
5503			retval = lun->backend->config_write(
5504				(union ctl_io *)ctsio);
5505		}
5506#ifdef NEEDTOPORT
5507	}
5508#endif
5509	return (retval);
5510}
5511
5512/*
5513 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5514 * we don't really do anything with the LBA and length fields if the user
5515 * passes them in.  Instead we'll just flush out the cache for the entire
5516 * LUN.
5517 */
5518int
5519ctl_sync_cache(struct ctl_scsiio *ctsio)
5520{
5521	struct ctl_lun *lun;
5522	struct ctl_softc *ctl_softc;
5523	uint64_t starting_lba;
5524	uint32_t block_count;
5525	int retval;
5526
5527	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5528
5529	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5530	ctl_softc = control_softc;
5531	retval = 0;
5532
5533	switch (ctsio->cdb[0]) {
5534	case SYNCHRONIZE_CACHE: {
5535		struct scsi_sync_cache *cdb;
5536		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5537
5538		starting_lba = scsi_4btoul(cdb->begin_lba);
5539		block_count = scsi_2btoul(cdb->lb_count);
5540		break;
5541	}
5542	case SYNCHRONIZE_CACHE_16: {
5543		struct scsi_sync_cache_16 *cdb;
5544		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5545
5546		starting_lba = scsi_8btou64(cdb->begin_lba);
5547		block_count = scsi_4btoul(cdb->lb_count);
5548		break;
5549	}
5550	default:
5551		ctl_set_invalid_opcode(ctsio);
5552		ctl_done((union ctl_io *)ctsio);
5553		goto bailout;
5554		break; /* NOTREACHED */
5555	}
5556
5557	/*
5558	 * We check the LBA and length, but don't do anything with them.
5559	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5560	 * get flushed.  This check will just help satisfy anyone who wants
5561	 * to see an error for an out of range LBA.
5562	 */
5563	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5564		ctl_set_lba_out_of_range(ctsio);
5565		ctl_done((union ctl_io *)ctsio);
5566		goto bailout;
5567	}
5568
5569	/*
5570	 * If this LUN has no backend, we can't flush the cache anyway.
5571	 */
5572	if (lun->backend == NULL) {
5573		ctl_set_invalid_opcode(ctsio);
5574		ctl_done((union ctl_io *)ctsio);
5575		goto bailout;
5576	}
5577
5578	/*
5579	 * Check to see whether we're configured to send the SYNCHRONIZE
5580	 * CACHE command directly to the back end.
5581	 */
5582	mtx_lock(&lun->lun_lock);
5583	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5584	 && (++(lun->sync_count) >= lun->sync_interval)) {
5585		lun->sync_count = 0;
5586		mtx_unlock(&lun->lun_lock);
5587		retval = lun->backend->config_write((union ctl_io *)ctsio);
5588	} else {
5589		mtx_unlock(&lun->lun_lock);
5590		ctl_set_success(ctsio);
5591		ctl_done((union ctl_io *)ctsio);
5592	}
5593
5594bailout:
5595
5596	return (retval);
5597}
5598
5599int
5600ctl_format(struct ctl_scsiio *ctsio)
5601{
5602	struct scsi_format *cdb;
5603	struct ctl_lun *lun;
5604	struct ctl_softc *ctl_softc;
5605	int length, defect_list_len;
5606
5607	CTL_DEBUG_PRINT(("ctl_format\n"));
5608
5609	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5610	ctl_softc = control_softc;
5611
5612	cdb = (struct scsi_format *)ctsio->cdb;
5613
5614	length = 0;
5615	if (cdb->byte2 & SF_FMTDATA) {
5616		if (cdb->byte2 & SF_LONGLIST)
5617			length = sizeof(struct scsi_format_header_long);
5618		else
5619			length = sizeof(struct scsi_format_header_short);
5620	}
5621
5622	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5623	 && (length > 0)) {
5624		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5625		ctsio->kern_data_len = length;
5626		ctsio->kern_total_len = length;
5627		ctsio->kern_data_resid = 0;
5628		ctsio->kern_rel_offset = 0;
5629		ctsio->kern_sg_entries = 0;
5630		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5631		ctsio->be_move_done = ctl_config_move_done;
5632		ctl_datamove((union ctl_io *)ctsio);
5633
5634		return (CTL_RETVAL_COMPLETE);
5635	}
5636
5637	defect_list_len = 0;
5638
5639	if (cdb->byte2 & SF_FMTDATA) {
5640		if (cdb->byte2 & SF_LONGLIST) {
5641			struct scsi_format_header_long *header;
5642
5643			header = (struct scsi_format_header_long *)
5644				ctsio->kern_data_ptr;
5645
5646			defect_list_len = scsi_4btoul(header->defect_list_len);
5647			if (defect_list_len != 0) {
5648				ctl_set_invalid_field(ctsio,
5649						      /*sks_valid*/ 1,
5650						      /*command*/ 0,
5651						      /*field*/ 2,
5652						      /*bit_valid*/ 0,
5653						      /*bit*/ 0);
5654				goto bailout;
5655			}
5656		} else {
5657			struct scsi_format_header_short *header;
5658
5659			header = (struct scsi_format_header_short *)
5660				ctsio->kern_data_ptr;
5661
5662			defect_list_len = scsi_2btoul(header->defect_list_len);
5663			if (defect_list_len != 0) {
5664				ctl_set_invalid_field(ctsio,
5665						      /*sks_valid*/ 1,
5666						      /*command*/ 0,
5667						      /*field*/ 2,
5668						      /*bit_valid*/ 0,
5669						      /*bit*/ 0);
5670				goto bailout;
5671			}
5672		}
5673	}
5674
5675	/*
5676	 * The format command will clear out the "Medium format corrupted"
5677	 * status if set by the configuration code.  That status is really
5678	 * just a way to notify the host that we have lost the media, and
5679	 * get them to issue a command that will basically make them think
5680	 * they're blowing away the media.
5681	 */
5682	mtx_lock(&lun->lun_lock);
5683	lun->flags &= ~CTL_LUN_INOPERABLE;
5684	mtx_unlock(&lun->lun_lock);
5685
5686	ctsio->scsi_status = SCSI_STATUS_OK;
5687	ctsio->io_hdr.status = CTL_SUCCESS;
5688bailout:
5689
5690	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5691		free(ctsio->kern_data_ptr, M_CTL);
5692		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5693	}
5694
5695	ctl_done((union ctl_io *)ctsio);
5696	return (CTL_RETVAL_COMPLETE);
5697}
5698
5699int
5700ctl_read_buffer(struct ctl_scsiio *ctsio)
5701{
5702	struct scsi_read_buffer *cdb;
5703	struct ctl_lun *lun;
5704	int buffer_offset, len;
5705	static uint8_t descr[4];
5706	static uint8_t echo_descr[4] = { 0 };
5707
5708	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5709
5710	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5711	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5712
5713	if (lun->flags & CTL_LUN_PR_RESERVED) {
5714		uint32_t residx;
5715
5716		/*
5717		 * XXX KDM need a lock here.
5718		 */
5719		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5720		if ((lun->res_type == SPR_TYPE_EX_AC
5721		  && residx != lun->pr_res_idx)
5722		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
5723		   || lun->res_type == SPR_TYPE_EX_AC_AR)
5724		  && !lun->per_res[residx].registered)) {
5725			ctl_set_reservation_conflict(ctsio);
5726			ctl_done((union ctl_io *)ctsio);
5727			return (CTL_RETVAL_COMPLETE);
5728	        }
5729	}
5730
5731	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5732	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5733	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5734		ctl_set_invalid_field(ctsio,
5735				      /*sks_valid*/ 1,
5736				      /*command*/ 1,
5737				      /*field*/ 1,
5738				      /*bit_valid*/ 1,
5739				      /*bit*/ 4);
5740		ctl_done((union ctl_io *)ctsio);
5741		return (CTL_RETVAL_COMPLETE);
5742	}
5743
5744	len = scsi_3btoul(cdb->length);
5745	buffer_offset = scsi_3btoul(cdb->offset);
5746
5747	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5748		ctl_set_invalid_field(ctsio,
5749				      /*sks_valid*/ 1,
5750				      /*command*/ 1,
5751				      /*field*/ 6,
5752				      /*bit_valid*/ 0,
5753				      /*bit*/ 0);
5754		ctl_done((union ctl_io *)ctsio);
5755		return (CTL_RETVAL_COMPLETE);
5756	}
5757
5758	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5759		descr[0] = 0;
5760		scsi_ulto3b(sizeof(lun->write_buffer), &descr[1]);
5761		ctsio->kern_data_ptr = descr;
5762		len = min(len, sizeof(descr));
5763	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5764		ctsio->kern_data_ptr = echo_descr;
5765		len = min(len, sizeof(echo_descr));
5766	} else
5767		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5768	ctsio->kern_data_len = len;
5769	ctsio->kern_total_len = len;
5770	ctsio->kern_data_resid = 0;
5771	ctsio->kern_rel_offset = 0;
5772	ctsio->kern_sg_entries = 0;
5773	ctsio->be_move_done = ctl_config_move_done;
5774	ctl_datamove((union ctl_io *)ctsio);
5775
5776	return (CTL_RETVAL_COMPLETE);
5777}
5778
5779int
5780ctl_write_buffer(struct ctl_scsiio *ctsio)
5781{
5782	struct scsi_write_buffer *cdb;
5783	struct ctl_lun *lun;
5784	int buffer_offset, len;
5785
5786	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5787
5788	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5789	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5790
5791	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5792		ctl_set_invalid_field(ctsio,
5793				      /*sks_valid*/ 1,
5794				      /*command*/ 1,
5795				      /*field*/ 1,
5796				      /*bit_valid*/ 1,
5797				      /*bit*/ 4);
5798		ctl_done((union ctl_io *)ctsio);
5799		return (CTL_RETVAL_COMPLETE);
5800	}
5801
5802	len = scsi_3btoul(cdb->length);
5803	buffer_offset = scsi_3btoul(cdb->offset);
5804
5805	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5806		ctl_set_invalid_field(ctsio,
5807				      /*sks_valid*/ 1,
5808				      /*command*/ 1,
5809				      /*field*/ 6,
5810				      /*bit_valid*/ 0,
5811				      /*bit*/ 0);
5812		ctl_done((union ctl_io *)ctsio);
5813		return (CTL_RETVAL_COMPLETE);
5814	}
5815
5816	/*
5817	 * If we've got a kernel request that hasn't been malloced yet,
5818	 * malloc it and tell the caller the data buffer is here.
5819	 */
5820	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5821		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5822		ctsio->kern_data_len = len;
5823		ctsio->kern_total_len = len;
5824		ctsio->kern_data_resid = 0;
5825		ctsio->kern_rel_offset = 0;
5826		ctsio->kern_sg_entries = 0;
5827		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5828		ctsio->be_move_done = ctl_config_move_done;
5829		ctl_datamove((union ctl_io *)ctsio);
5830
5831		return (CTL_RETVAL_COMPLETE);
5832	}
5833
5834	ctl_done((union ctl_io *)ctsio);
5835
5836	return (CTL_RETVAL_COMPLETE);
5837}
5838
5839int
5840ctl_write_same(struct ctl_scsiio *ctsio)
5841{
5842	struct ctl_lun *lun;
5843	struct ctl_lba_len_flags *lbalen;
5844	uint64_t lba;
5845	uint32_t num_blocks;
5846	int len, retval;
5847	uint8_t byte2;
5848
5849	retval = CTL_RETVAL_COMPLETE;
5850
5851	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5852
5853	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5854
5855	switch (ctsio->cdb[0]) {
5856	case WRITE_SAME_10: {
5857		struct scsi_write_same_10 *cdb;
5858
5859		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5860
5861		lba = scsi_4btoul(cdb->addr);
5862		num_blocks = scsi_2btoul(cdb->length);
5863		byte2 = cdb->byte2;
5864		break;
5865	}
5866	case WRITE_SAME_16: {
5867		struct scsi_write_same_16 *cdb;
5868
5869		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5870
5871		lba = scsi_8btou64(cdb->addr);
5872		num_blocks = scsi_4btoul(cdb->length);
5873		byte2 = cdb->byte2;
5874		break;
5875	}
5876	default:
5877		/*
5878		 * We got a command we don't support.  This shouldn't
5879		 * happen, commands should be filtered out above us.
5880		 */
5881		ctl_set_invalid_opcode(ctsio);
5882		ctl_done((union ctl_io *)ctsio);
5883
5884		return (CTL_RETVAL_COMPLETE);
5885		break; /* NOTREACHED */
5886	}
5887
5888	/*
5889	 * The first check is to make sure we're in bounds, the second
5890	 * check is to catch wrap-around problems.  If the lba + num blocks
5891	 * is less than the lba, then we've wrapped around and the block
5892	 * range is invalid anyway.
5893	 */
5894	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5895	 || ((lba + num_blocks) < lba)) {
5896		ctl_set_lba_out_of_range(ctsio);
5897		ctl_done((union ctl_io *)ctsio);
5898		return (CTL_RETVAL_COMPLETE);
5899	}
5900
5901	/* Zero number of blocks means "to the last logical block" */
5902	if (num_blocks == 0) {
5903		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5904			ctl_set_invalid_field(ctsio,
5905					      /*sks_valid*/ 0,
5906					      /*command*/ 1,
5907					      /*field*/ 0,
5908					      /*bit_valid*/ 0,
5909					      /*bit*/ 0);
5910			ctl_done((union ctl_io *)ctsio);
5911			return (CTL_RETVAL_COMPLETE);
5912		}
5913		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5914	}
5915
5916	len = lun->be_lun->blocksize;
5917
5918	/*
5919	 * If we've got a kernel request that hasn't been malloced yet,
5920	 * malloc it and tell the caller the data buffer is here.
5921	 */
5922	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5923		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5924		ctsio->kern_data_len = len;
5925		ctsio->kern_total_len = len;
5926		ctsio->kern_data_resid = 0;
5927		ctsio->kern_rel_offset = 0;
5928		ctsio->kern_sg_entries = 0;
5929		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5930		ctsio->be_move_done = ctl_config_move_done;
5931		ctl_datamove((union ctl_io *)ctsio);
5932
5933		return (CTL_RETVAL_COMPLETE);
5934	}
5935
5936	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5937	lbalen->lba = lba;
5938	lbalen->len = num_blocks;
5939	lbalen->flags = byte2;
5940	retval = lun->backend->config_write((union ctl_io *)ctsio);
5941
5942	return (retval);
5943}
5944
5945int
5946ctl_unmap(struct ctl_scsiio *ctsio)
5947{
5948	struct ctl_lun *lun;
5949	struct scsi_unmap *cdb;
5950	struct ctl_ptr_len_flags *ptrlen;
5951	struct scsi_unmap_header *hdr;
5952	struct scsi_unmap_desc *buf, *end;
5953	uint64_t lba;
5954	uint32_t num_blocks;
5955	int len, retval;
5956	uint8_t byte2;
5957
5958	retval = CTL_RETVAL_COMPLETE;
5959
5960	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5961
5962	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5963	cdb = (struct scsi_unmap *)ctsio->cdb;
5964
5965	len = scsi_2btoul(cdb->length);
5966	byte2 = cdb->byte2;
5967
5968	/*
5969	 * If we've got a kernel request that hasn't been malloced yet,
5970	 * malloc it and tell the caller the data buffer is here.
5971	 */
5972	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5973		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5974		ctsio->kern_data_len = len;
5975		ctsio->kern_total_len = len;
5976		ctsio->kern_data_resid = 0;
5977		ctsio->kern_rel_offset = 0;
5978		ctsio->kern_sg_entries = 0;
5979		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5980		ctsio->be_move_done = ctl_config_move_done;
5981		ctl_datamove((union ctl_io *)ctsio);
5982
5983		return (CTL_RETVAL_COMPLETE);
5984	}
5985
5986	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5987	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5988	if (len < sizeof (*hdr) ||
5989	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5990	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5991	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5992		ctl_set_invalid_field(ctsio,
5993				      /*sks_valid*/ 0,
5994				      /*command*/ 0,
5995				      /*field*/ 0,
5996				      /*bit_valid*/ 0,
5997				      /*bit*/ 0);
5998		ctl_done((union ctl_io *)ctsio);
5999		return (CTL_RETVAL_COMPLETE);
6000	}
6001	len = scsi_2btoul(hdr->desc_length);
6002	buf = (struct scsi_unmap_desc *)(hdr + 1);
6003	end = buf + len / sizeof(*buf);
6004
6005	ptrlen = (struct ctl_ptr_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6006	ptrlen->ptr = (void *)buf;
6007	ptrlen->len = len;
6008	ptrlen->flags = byte2;
6009
6010	for (; buf < end; buf++) {
6011		lba = scsi_8btou64(buf->lba);
6012		num_blocks = scsi_4btoul(buf->length);
6013		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6014		 || ((lba + num_blocks) < lba)) {
6015			ctl_set_lba_out_of_range(ctsio);
6016			ctl_done((union ctl_io *)ctsio);
6017			return (CTL_RETVAL_COMPLETE);
6018		}
6019	}
6020
6021	retval = lun->backend->config_write((union ctl_io *)ctsio);
6022
6023	return (retval);
6024}
6025
6026/*
6027 * Note that this function currently doesn't actually do anything inside
6028 * CTL to enforce things if the DQue bit is turned on.
6029 *
6030 * Also note that this function can't be used in the default case, because
6031 * the DQue bit isn't set in the changeable mask for the control mode page
6032 * anyway.  This is just here as an example for how to implement a page
6033 * handler, and a placeholder in case we want to allow the user to turn
6034 * tagged queueing on and off.
6035 *
6036 * The D_SENSE bit handling is functional, however, and will turn
6037 * descriptor sense on and off for a given LUN.
6038 */
6039int
6040ctl_control_page_handler(struct ctl_scsiio *ctsio,
6041			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6042{
6043	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6044	struct ctl_lun *lun;
6045	struct ctl_softc *softc;
6046	int set_ua;
6047	uint32_t initidx;
6048
6049	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6050	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6051	set_ua = 0;
6052
6053	user_cp = (struct scsi_control_page *)page_ptr;
6054	current_cp = (struct scsi_control_page *)
6055		(page_index->page_data + (page_index->page_len *
6056		CTL_PAGE_CURRENT));
6057	saved_cp = (struct scsi_control_page *)
6058		(page_index->page_data + (page_index->page_len *
6059		CTL_PAGE_SAVED));
6060
6061	softc = control_softc;
6062
6063	mtx_lock(&lun->lun_lock);
6064	if (((current_cp->rlec & SCP_DSENSE) == 0)
6065	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6066		/*
6067		 * Descriptor sense is currently turned off and the user
6068		 * wants to turn it on.
6069		 */
6070		current_cp->rlec |= SCP_DSENSE;
6071		saved_cp->rlec |= SCP_DSENSE;
6072		lun->flags |= CTL_LUN_SENSE_DESC;
6073		set_ua = 1;
6074	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6075		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6076		/*
6077		 * Descriptor sense is currently turned on, and the user
6078		 * wants to turn it off.
6079		 */
6080		current_cp->rlec &= ~SCP_DSENSE;
6081		saved_cp->rlec &= ~SCP_DSENSE;
6082		lun->flags &= ~CTL_LUN_SENSE_DESC;
6083		set_ua = 1;
6084	}
6085	if (current_cp->queue_flags & SCP_QUEUE_DQUE) {
6086		if (user_cp->queue_flags & SCP_QUEUE_DQUE) {
6087#ifdef NEEDTOPORT
6088			csevent_log(CSC_CTL | CSC_SHELF_SW |
6089				    CTL_UNTAG_TO_UNTAG,
6090				    csevent_LogType_Trace,
6091				    csevent_Severity_Information,
6092				    csevent_AlertLevel_Green,
6093				    csevent_FRU_Firmware,
6094				    csevent_FRU_Unknown,
6095				    "Received untagged to untagged transition");
6096#endif /* NEEDTOPORT */
6097		} else {
6098#ifdef NEEDTOPORT
6099			csevent_log(CSC_CTL | CSC_SHELF_SW |
6100				    CTL_UNTAG_TO_TAG,
6101				    csevent_LogType_ConfigChange,
6102				    csevent_Severity_Information,
6103				    csevent_AlertLevel_Green,
6104				    csevent_FRU_Firmware,
6105				    csevent_FRU_Unknown,
6106				    "Received untagged to tagged "
6107				    "queueing transition");
6108#endif /* NEEDTOPORT */
6109
6110			current_cp->queue_flags &= ~SCP_QUEUE_DQUE;
6111			saved_cp->queue_flags &= ~SCP_QUEUE_DQUE;
6112			set_ua = 1;
6113		}
6114	} else {
6115		if (user_cp->queue_flags & SCP_QUEUE_DQUE) {
6116#ifdef NEEDTOPORT
6117			csevent_log(CSC_CTL | CSC_SHELF_SW |
6118				    CTL_TAG_TO_UNTAG,
6119				    csevent_LogType_ConfigChange,
6120				    csevent_Severity_Warning,
6121				    csevent_AlertLevel_Yellow,
6122				    csevent_FRU_Firmware,
6123				    csevent_FRU_Unknown,
6124				    "Received tagged queueing to untagged "
6125				    "transition");
6126#endif /* NEEDTOPORT */
6127
6128			current_cp->queue_flags |= SCP_QUEUE_DQUE;
6129			saved_cp->queue_flags |= SCP_QUEUE_DQUE;
6130			set_ua = 1;
6131		} else {
6132#ifdef NEEDTOPORT
6133			csevent_log(CSC_CTL | CSC_SHELF_SW |
6134				    CTL_TAG_TO_TAG,
6135				    csevent_LogType_Trace,
6136				    csevent_Severity_Information,
6137				    csevent_AlertLevel_Green,
6138				    csevent_FRU_Firmware,
6139				    csevent_FRU_Unknown,
6140				    "Received tagged queueing to tagged "
6141				    "queueing transition");
6142#endif /* NEEDTOPORT */
6143		}
6144	}
6145	if (set_ua != 0) {
6146		int i;
6147		/*
6148		 * Let other initiators know that the mode
6149		 * parameters for this LUN have changed.
6150		 */
6151		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6152			if (i == initidx)
6153				continue;
6154
6155			lun->pending_sense[i].ua_pending |=
6156				CTL_UA_MODE_CHANGE;
6157		}
6158	}
6159	mtx_unlock(&lun->lun_lock);
6160
6161	return (0);
6162}
6163
6164int
6165ctl_power_sp_handler(struct ctl_scsiio *ctsio,
6166		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6167{
6168	return (0);
6169}
6170
6171int
6172ctl_power_sp_sense_handler(struct ctl_scsiio *ctsio,
6173			   struct ctl_page_index *page_index, int pc)
6174{
6175	struct copan_power_subpage *page;
6176
6177	page = (struct copan_power_subpage *)page_index->page_data +
6178		(page_index->page_len * pc);
6179
6180	switch (pc) {
6181	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6182		/*
6183		 * We don't update the changable bits for this page.
6184		 */
6185		break;
6186	case SMS_PAGE_CTRL_CURRENT >> 6:
6187	case SMS_PAGE_CTRL_DEFAULT >> 6:
6188	case SMS_PAGE_CTRL_SAVED >> 6:
6189#ifdef NEEDTOPORT
6190		ctl_update_power_subpage(page);
6191#endif
6192		break;
6193	default:
6194#ifdef NEEDTOPORT
6195		EPRINT(0, "Invalid PC %d!!", pc);
6196#endif
6197		break;
6198	}
6199	return (0);
6200}
6201
6202
6203int
6204ctl_aps_sp_handler(struct ctl_scsiio *ctsio,
6205		   struct ctl_page_index *page_index, uint8_t *page_ptr)
6206{
6207	struct copan_aps_subpage *user_sp;
6208	struct copan_aps_subpage *current_sp;
6209	union ctl_modepage_info *modepage_info;
6210	struct ctl_softc *softc;
6211	struct ctl_lun *lun;
6212	int retval;
6213
6214	retval = CTL_RETVAL_COMPLETE;
6215	current_sp = (struct copan_aps_subpage *)(page_index->page_data +
6216		     (page_index->page_len * CTL_PAGE_CURRENT));
6217	softc = control_softc;
6218	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6219
6220	user_sp = (struct copan_aps_subpage *)page_ptr;
6221
6222	modepage_info = (union ctl_modepage_info *)
6223		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6224
6225	modepage_info->header.page_code = page_index->page_code & SMPH_PC_MASK;
6226	modepage_info->header.subpage = page_index->subpage;
6227	modepage_info->aps.lock_active = user_sp->lock_active;
6228
6229	mtx_lock(&softc->ctl_lock);
6230
6231	/*
6232	 * If there is a request to lock the LUN and another LUN is locked
6233	 * this is an error. If the requested LUN is already locked ignore
6234	 * the request. If no LUN is locked attempt to lock it.
6235	 * if there is a request to unlock the LUN and the LUN is currently
6236	 * locked attempt to unlock it. Otherwise ignore the request. i.e.
6237	 * if another LUN is locked or no LUN is locked.
6238	 */
6239	if (user_sp->lock_active & APS_LOCK_ACTIVE) {
6240		if (softc->aps_locked_lun == lun->lun) {
6241			/*
6242			 * This LUN is already locked, so we're done.
6243			 */
6244			retval = CTL_RETVAL_COMPLETE;
6245		} else if (softc->aps_locked_lun == 0) {
6246			/*
6247			 * No one has the lock, pass the request to the
6248			 * backend.
6249			 */
6250			retval = lun->backend->config_write(
6251				(union ctl_io *)ctsio);
6252		} else {
6253			/*
6254			 * Someone else has the lock, throw out the request.
6255			 */
6256			ctl_set_already_locked(ctsio);
6257			free(ctsio->kern_data_ptr, M_CTL);
6258			ctl_done((union ctl_io *)ctsio);
6259
6260			/*
6261			 * Set the return value so that ctl_do_mode_select()
6262			 * won't try to complete the command.  We already
6263			 * completed it here.
6264			 */
6265			retval = CTL_RETVAL_ERROR;
6266		}
6267	} else if (softc->aps_locked_lun == lun->lun) {
6268		/*
6269		 * This LUN is locked, so pass the unlock request to the
6270		 * backend.
6271		 */
6272		retval = lun->backend->config_write((union ctl_io *)ctsio);
6273	}
6274	mtx_unlock(&softc->ctl_lock);
6275
6276	return (retval);
6277}
6278
6279int
6280ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6281				struct ctl_page_index *page_index,
6282				uint8_t *page_ptr)
6283{
6284	uint8_t *c;
6285	int i;
6286
6287	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6288	ctl_time_io_secs =
6289		(c[0] << 8) |
6290		(c[1] << 0) |
6291		0;
6292	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6293	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6294	printf("page data:");
6295	for (i=0; i<8; i++)
6296		printf(" %.2x",page_ptr[i]);
6297	printf("\n");
6298	return (0);
6299}
6300
6301int
6302ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6303			       struct ctl_page_index *page_index,
6304			       int pc)
6305{
6306	struct copan_debugconf_subpage *page;
6307
6308	page = (struct copan_debugconf_subpage *)page_index->page_data +
6309		(page_index->page_len * pc);
6310
6311	switch (pc) {
6312	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6313	case SMS_PAGE_CTRL_DEFAULT >> 6:
6314	case SMS_PAGE_CTRL_SAVED >> 6:
6315		/*
6316		 * We don't update the changable or default bits for this page.
6317		 */
6318		break;
6319	case SMS_PAGE_CTRL_CURRENT >> 6:
6320		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6321		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6322		break;
6323	default:
6324#ifdef NEEDTOPORT
6325		EPRINT(0, "Invalid PC %d!!", pc);
6326#endif /* NEEDTOPORT */
6327		break;
6328	}
6329	return (0);
6330}
6331
6332
6333static int
6334ctl_do_mode_select(union ctl_io *io)
6335{
6336	struct scsi_mode_page_header *page_header;
6337	struct ctl_page_index *page_index;
6338	struct ctl_scsiio *ctsio;
6339	int control_dev, page_len;
6340	int page_len_offset, page_len_size;
6341	union ctl_modepage_info *modepage_info;
6342	struct ctl_lun *lun;
6343	int *len_left, *len_used;
6344	int retval, i;
6345
6346	ctsio = &io->scsiio;
6347	page_index = NULL;
6348	page_len = 0;
6349	retval = CTL_RETVAL_COMPLETE;
6350
6351	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6352
6353	if (lun->be_lun->lun_type != T_DIRECT)
6354		control_dev = 1;
6355	else
6356		control_dev = 0;
6357
6358	modepage_info = (union ctl_modepage_info *)
6359		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6360	len_left = &modepage_info->header.len_left;
6361	len_used = &modepage_info->header.len_used;
6362
6363do_next_page:
6364
6365	page_header = (struct scsi_mode_page_header *)
6366		(ctsio->kern_data_ptr + *len_used);
6367
6368	if (*len_left == 0) {
6369		free(ctsio->kern_data_ptr, M_CTL);
6370		ctl_set_success(ctsio);
6371		ctl_done((union ctl_io *)ctsio);
6372		return (CTL_RETVAL_COMPLETE);
6373	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6374
6375		free(ctsio->kern_data_ptr, M_CTL);
6376		ctl_set_param_len_error(ctsio);
6377		ctl_done((union ctl_io *)ctsio);
6378		return (CTL_RETVAL_COMPLETE);
6379
6380	} else if ((page_header->page_code & SMPH_SPF)
6381		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6382
6383		free(ctsio->kern_data_ptr, M_CTL);
6384		ctl_set_param_len_error(ctsio);
6385		ctl_done((union ctl_io *)ctsio);
6386		return (CTL_RETVAL_COMPLETE);
6387	}
6388
6389
6390	/*
6391	 * XXX KDM should we do something with the block descriptor?
6392	 */
6393	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6394
6395		if ((control_dev != 0)
6396		 && (lun->mode_pages.index[i].page_flags &
6397		     CTL_PAGE_FLAG_DISK_ONLY))
6398			continue;
6399
6400		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6401		    (page_header->page_code & SMPH_PC_MASK))
6402			continue;
6403
6404		/*
6405		 * If neither page has a subpage code, then we've got a
6406		 * match.
6407		 */
6408		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6409		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6410			page_index = &lun->mode_pages.index[i];
6411			page_len = page_header->page_length;
6412			break;
6413		}
6414
6415		/*
6416		 * If both pages have subpages, then the subpage numbers
6417		 * have to match.
6418		 */
6419		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6420		  && (page_header->page_code & SMPH_SPF)) {
6421			struct scsi_mode_page_header_sp *sph;
6422
6423			sph = (struct scsi_mode_page_header_sp *)page_header;
6424
6425			if (lun->mode_pages.index[i].subpage ==
6426			    sph->subpage) {
6427				page_index = &lun->mode_pages.index[i];
6428				page_len = scsi_2btoul(sph->page_length);
6429				break;
6430			}
6431		}
6432	}
6433
6434	/*
6435	 * If we couldn't find the page, or if we don't have a mode select
6436	 * handler for it, send back an error to the user.
6437	 */
6438	if ((page_index == NULL)
6439	 || (page_index->select_handler == NULL)) {
6440		ctl_set_invalid_field(ctsio,
6441				      /*sks_valid*/ 1,
6442				      /*command*/ 0,
6443				      /*field*/ *len_used,
6444				      /*bit_valid*/ 0,
6445				      /*bit*/ 0);
6446		free(ctsio->kern_data_ptr, M_CTL);
6447		ctl_done((union ctl_io *)ctsio);
6448		return (CTL_RETVAL_COMPLETE);
6449	}
6450
6451	if (page_index->page_code & SMPH_SPF) {
6452		page_len_offset = 2;
6453		page_len_size = 2;
6454	} else {
6455		page_len_size = 1;
6456		page_len_offset = 1;
6457	}
6458
6459	/*
6460	 * If the length the initiator gives us isn't the one we specify in
6461	 * the mode page header, or if they didn't specify enough data in
6462	 * the CDB to avoid truncating this page, kick out the request.
6463	 */
6464	if ((page_len != (page_index->page_len - page_len_offset -
6465			  page_len_size))
6466	 || (*len_left < page_index->page_len)) {
6467
6468
6469		ctl_set_invalid_field(ctsio,
6470				      /*sks_valid*/ 1,
6471				      /*command*/ 0,
6472				      /*field*/ *len_used + page_len_offset,
6473				      /*bit_valid*/ 0,
6474				      /*bit*/ 0);
6475		free(ctsio->kern_data_ptr, M_CTL);
6476		ctl_done((union ctl_io *)ctsio);
6477		return (CTL_RETVAL_COMPLETE);
6478	}
6479
6480	/*
6481	 * Run through the mode page, checking to make sure that the bits
6482	 * the user changed are actually legal for him to change.
6483	 */
6484	for (i = 0; i < page_index->page_len; i++) {
6485		uint8_t *user_byte, *change_mask, *current_byte;
6486		int bad_bit;
6487		int j;
6488
6489		user_byte = (uint8_t *)page_header + i;
6490		change_mask = page_index->page_data +
6491			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6492		current_byte = page_index->page_data +
6493			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6494
6495		/*
6496		 * Check to see whether the user set any bits in this byte
6497		 * that he is not allowed to set.
6498		 */
6499		if ((*user_byte & ~(*change_mask)) ==
6500		    (*current_byte & ~(*change_mask)))
6501			continue;
6502
6503		/*
6504		 * Go through bit by bit to determine which one is illegal.
6505		 */
6506		bad_bit = 0;
6507		for (j = 7; j >= 0; j--) {
6508			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6509			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6510				bad_bit = i;
6511				break;
6512			}
6513		}
6514		ctl_set_invalid_field(ctsio,
6515				      /*sks_valid*/ 1,
6516				      /*command*/ 0,
6517				      /*field*/ *len_used + i,
6518				      /*bit_valid*/ 1,
6519				      /*bit*/ bad_bit);
6520		free(ctsio->kern_data_ptr, M_CTL);
6521		ctl_done((union ctl_io *)ctsio);
6522		return (CTL_RETVAL_COMPLETE);
6523	}
6524
6525	/*
6526	 * Decrement these before we call the page handler, since we may
6527	 * end up getting called back one way or another before the handler
6528	 * returns to this context.
6529	 */
6530	*len_left -= page_index->page_len;
6531	*len_used += page_index->page_len;
6532
6533	retval = page_index->select_handler(ctsio, page_index,
6534					    (uint8_t *)page_header);
6535
6536	/*
6537	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6538	 * wait until this queued command completes to finish processing
6539	 * the mode page.  If it returns anything other than
6540	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6541	 * already set the sense information, freed the data pointer, and
6542	 * completed the io for us.
6543	 */
6544	if (retval != CTL_RETVAL_COMPLETE)
6545		goto bailout_no_done;
6546
6547	/*
6548	 * If the initiator sent us more than one page, parse the next one.
6549	 */
6550	if (*len_left > 0)
6551		goto do_next_page;
6552
6553	ctl_set_success(ctsio);
6554	free(ctsio->kern_data_ptr, M_CTL);
6555	ctl_done((union ctl_io *)ctsio);
6556
6557bailout_no_done:
6558
6559	return (CTL_RETVAL_COMPLETE);
6560
6561}
6562
6563int
6564ctl_mode_select(struct ctl_scsiio *ctsio)
6565{
6566	int param_len, pf, sp;
6567	int header_size, bd_len;
6568	int len_left, len_used;
6569	struct ctl_page_index *page_index;
6570	struct ctl_lun *lun;
6571	int control_dev, page_len;
6572	union ctl_modepage_info *modepage_info;
6573	int retval;
6574
6575	pf = 0;
6576	sp = 0;
6577	page_len = 0;
6578	len_used = 0;
6579	len_left = 0;
6580	retval = 0;
6581	bd_len = 0;
6582	page_index = NULL;
6583
6584	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6585
6586	if (lun->be_lun->lun_type != T_DIRECT)
6587		control_dev = 1;
6588	else
6589		control_dev = 0;
6590
6591	switch (ctsio->cdb[0]) {
6592	case MODE_SELECT_6: {
6593		struct scsi_mode_select_6 *cdb;
6594
6595		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6596
6597		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6598		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6599
6600		param_len = cdb->length;
6601		header_size = sizeof(struct scsi_mode_header_6);
6602		break;
6603	}
6604	case MODE_SELECT_10: {
6605		struct scsi_mode_select_10 *cdb;
6606
6607		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6608
6609		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6610		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6611
6612		param_len = scsi_2btoul(cdb->length);
6613		header_size = sizeof(struct scsi_mode_header_10);
6614		break;
6615	}
6616	default:
6617		ctl_set_invalid_opcode(ctsio);
6618		ctl_done((union ctl_io *)ctsio);
6619		return (CTL_RETVAL_COMPLETE);
6620		break; /* NOTREACHED */
6621	}
6622
6623	/*
6624	 * From SPC-3:
6625	 * "A parameter list length of zero indicates that the Data-Out Buffer
6626	 * shall be empty. This condition shall not be considered as an error."
6627	 */
6628	if (param_len == 0) {
6629		ctl_set_success(ctsio);
6630		ctl_done((union ctl_io *)ctsio);
6631		return (CTL_RETVAL_COMPLETE);
6632	}
6633
6634	/*
6635	 * Since we'll hit this the first time through, prior to
6636	 * allocation, we don't need to free a data buffer here.
6637	 */
6638	if (param_len < header_size) {
6639		ctl_set_param_len_error(ctsio);
6640		ctl_done((union ctl_io *)ctsio);
6641		return (CTL_RETVAL_COMPLETE);
6642	}
6643
6644	/*
6645	 * Allocate the data buffer and grab the user's data.  In theory,
6646	 * we shouldn't have to sanity check the parameter list length here
6647	 * because the maximum size is 64K.  We should be able to malloc
6648	 * that much without too many problems.
6649	 */
6650	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6651		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6652		ctsio->kern_data_len = param_len;
6653		ctsio->kern_total_len = param_len;
6654		ctsio->kern_data_resid = 0;
6655		ctsio->kern_rel_offset = 0;
6656		ctsio->kern_sg_entries = 0;
6657		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6658		ctsio->be_move_done = ctl_config_move_done;
6659		ctl_datamove((union ctl_io *)ctsio);
6660
6661		return (CTL_RETVAL_COMPLETE);
6662	}
6663
6664	switch (ctsio->cdb[0]) {
6665	case MODE_SELECT_6: {
6666		struct scsi_mode_header_6 *mh6;
6667
6668		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6669		bd_len = mh6->blk_desc_len;
6670		break;
6671	}
6672	case MODE_SELECT_10: {
6673		struct scsi_mode_header_10 *mh10;
6674
6675		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6676		bd_len = scsi_2btoul(mh10->blk_desc_len);
6677		break;
6678	}
6679	default:
6680		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6681		break;
6682	}
6683
6684	if (param_len < (header_size + bd_len)) {
6685		free(ctsio->kern_data_ptr, M_CTL);
6686		ctl_set_param_len_error(ctsio);
6687		ctl_done((union ctl_io *)ctsio);
6688		return (CTL_RETVAL_COMPLETE);
6689	}
6690
6691	/*
6692	 * Set the IO_CONT flag, so that if this I/O gets passed to
6693	 * ctl_config_write_done(), it'll get passed back to
6694	 * ctl_do_mode_select() for further processing, or completion if
6695	 * we're all done.
6696	 */
6697	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6698	ctsio->io_cont = ctl_do_mode_select;
6699
6700	modepage_info = (union ctl_modepage_info *)
6701		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6702
6703	memset(modepage_info, 0, sizeof(*modepage_info));
6704
6705	len_left = param_len - header_size - bd_len;
6706	len_used = header_size + bd_len;
6707
6708	modepage_info->header.len_left = len_left;
6709	modepage_info->header.len_used = len_used;
6710
6711	return (ctl_do_mode_select((union ctl_io *)ctsio));
6712}
6713
6714int
6715ctl_mode_sense(struct ctl_scsiio *ctsio)
6716{
6717	struct ctl_lun *lun;
6718	int pc, page_code, dbd, llba, subpage;
6719	int alloc_len, page_len, header_len, total_len;
6720	struct scsi_mode_block_descr *block_desc;
6721	struct ctl_page_index *page_index;
6722	int control_dev;
6723
6724	dbd = 0;
6725	llba = 0;
6726	block_desc = NULL;
6727	page_index = NULL;
6728
6729	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6730
6731	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6732
6733	if (lun->be_lun->lun_type != T_DIRECT)
6734		control_dev = 1;
6735	else
6736		control_dev = 0;
6737
6738	if (lun->flags & CTL_LUN_PR_RESERVED) {
6739		uint32_t residx;
6740
6741		/*
6742		 * XXX KDM need a lock here.
6743		 */
6744		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
6745		if ((lun->res_type == SPR_TYPE_EX_AC
6746		  && residx != lun->pr_res_idx)
6747		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
6748		   || lun->res_type == SPR_TYPE_EX_AC_AR)
6749		  && !lun->per_res[residx].registered)) {
6750			ctl_set_reservation_conflict(ctsio);
6751			ctl_done((union ctl_io *)ctsio);
6752			return (CTL_RETVAL_COMPLETE);
6753		}
6754	}
6755
6756	switch (ctsio->cdb[0]) {
6757	case MODE_SENSE_6: {
6758		struct scsi_mode_sense_6 *cdb;
6759
6760		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6761
6762		header_len = sizeof(struct scsi_mode_hdr_6);
6763		if (cdb->byte2 & SMS_DBD)
6764			dbd = 1;
6765		else
6766			header_len += sizeof(struct scsi_mode_block_descr);
6767
6768		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6769		page_code = cdb->page & SMS_PAGE_CODE;
6770		subpage = cdb->subpage;
6771		alloc_len = cdb->length;
6772		break;
6773	}
6774	case MODE_SENSE_10: {
6775		struct scsi_mode_sense_10 *cdb;
6776
6777		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6778
6779		header_len = sizeof(struct scsi_mode_hdr_10);
6780
6781		if (cdb->byte2 & SMS_DBD)
6782			dbd = 1;
6783		else
6784			header_len += sizeof(struct scsi_mode_block_descr);
6785		if (cdb->byte2 & SMS10_LLBAA)
6786			llba = 1;
6787		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6788		page_code = cdb->page & SMS_PAGE_CODE;
6789		subpage = cdb->subpage;
6790		alloc_len = scsi_2btoul(cdb->length);
6791		break;
6792	}
6793	default:
6794		ctl_set_invalid_opcode(ctsio);
6795		ctl_done((union ctl_io *)ctsio);
6796		return (CTL_RETVAL_COMPLETE);
6797		break; /* NOTREACHED */
6798	}
6799
6800	/*
6801	 * We have to make a first pass through to calculate the size of
6802	 * the pages that match the user's query.  Then we allocate enough
6803	 * memory to hold it, and actually copy the data into the buffer.
6804	 */
6805	switch (page_code) {
6806	case SMS_ALL_PAGES_PAGE: {
6807		int i;
6808
6809		page_len = 0;
6810
6811		/*
6812		 * At the moment, values other than 0 and 0xff here are
6813		 * reserved according to SPC-3.
6814		 */
6815		if ((subpage != SMS_SUBPAGE_PAGE_0)
6816		 && (subpage != SMS_SUBPAGE_ALL)) {
6817			ctl_set_invalid_field(ctsio,
6818					      /*sks_valid*/ 1,
6819					      /*command*/ 1,
6820					      /*field*/ 3,
6821					      /*bit_valid*/ 0,
6822					      /*bit*/ 0);
6823			ctl_done((union ctl_io *)ctsio);
6824			return (CTL_RETVAL_COMPLETE);
6825		}
6826
6827		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6828			if ((control_dev != 0)
6829			 && (lun->mode_pages.index[i].page_flags &
6830			     CTL_PAGE_FLAG_DISK_ONLY))
6831				continue;
6832
6833			/*
6834			 * We don't use this subpage if the user didn't
6835			 * request all subpages.
6836			 */
6837			if ((lun->mode_pages.index[i].subpage != 0)
6838			 && (subpage == SMS_SUBPAGE_PAGE_0))
6839				continue;
6840
6841#if 0
6842			printf("found page %#x len %d\n",
6843			       lun->mode_pages.index[i].page_code &
6844			       SMPH_PC_MASK,
6845			       lun->mode_pages.index[i].page_len);
6846#endif
6847			page_len += lun->mode_pages.index[i].page_len;
6848		}
6849		break;
6850	}
6851	default: {
6852		int i;
6853
6854		page_len = 0;
6855
6856		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6857			/* Look for the right page code */
6858			if ((lun->mode_pages.index[i].page_code &
6859			     SMPH_PC_MASK) != page_code)
6860				continue;
6861
6862			/* Look for the right subpage or the subpage wildcard*/
6863			if ((lun->mode_pages.index[i].subpage != subpage)
6864			 && (subpage != SMS_SUBPAGE_ALL))
6865				continue;
6866
6867			/* Make sure the page is supported for this dev type */
6868			if ((control_dev != 0)
6869			 && (lun->mode_pages.index[i].page_flags &
6870			     CTL_PAGE_FLAG_DISK_ONLY))
6871				continue;
6872
6873#if 0
6874			printf("found page %#x len %d\n",
6875			       lun->mode_pages.index[i].page_code &
6876			       SMPH_PC_MASK,
6877			       lun->mode_pages.index[i].page_len);
6878#endif
6879
6880			page_len += lun->mode_pages.index[i].page_len;
6881		}
6882
6883		if (page_len == 0) {
6884			ctl_set_invalid_field(ctsio,
6885					      /*sks_valid*/ 1,
6886					      /*command*/ 1,
6887					      /*field*/ 2,
6888					      /*bit_valid*/ 1,
6889					      /*bit*/ 5);
6890			ctl_done((union ctl_io *)ctsio);
6891			return (CTL_RETVAL_COMPLETE);
6892		}
6893		break;
6894	}
6895	}
6896
6897	total_len = header_len + page_len;
6898#if 0
6899	printf("header_len = %d, page_len = %d, total_len = %d\n",
6900	       header_len, page_len, total_len);
6901#endif
6902
6903	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6904	ctsio->kern_sg_entries = 0;
6905	ctsio->kern_data_resid = 0;
6906	ctsio->kern_rel_offset = 0;
6907	if (total_len < alloc_len) {
6908		ctsio->residual = alloc_len - total_len;
6909		ctsio->kern_data_len = total_len;
6910		ctsio->kern_total_len = total_len;
6911	} else {
6912		ctsio->residual = 0;
6913		ctsio->kern_data_len = alloc_len;
6914		ctsio->kern_total_len = alloc_len;
6915	}
6916
6917	switch (ctsio->cdb[0]) {
6918	case MODE_SENSE_6: {
6919		struct scsi_mode_hdr_6 *header;
6920
6921		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6922
6923		header->datalen = ctl_min(total_len - 1, 254);
6924
6925		if (dbd)
6926			header->block_descr_len = 0;
6927		else
6928			header->block_descr_len =
6929				sizeof(struct scsi_mode_block_descr);
6930		block_desc = (struct scsi_mode_block_descr *)&header[1];
6931		break;
6932	}
6933	case MODE_SENSE_10: {
6934		struct scsi_mode_hdr_10 *header;
6935		int datalen;
6936
6937		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6938
6939		datalen = ctl_min(total_len - 2, 65533);
6940		scsi_ulto2b(datalen, header->datalen);
6941		if (dbd)
6942			scsi_ulto2b(0, header->block_descr_len);
6943		else
6944			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6945				    header->block_descr_len);
6946		block_desc = (struct scsi_mode_block_descr *)&header[1];
6947		break;
6948	}
6949	default:
6950		panic("invalid CDB type %#x", ctsio->cdb[0]);
6951		break; /* NOTREACHED */
6952	}
6953
6954	/*
6955	 * If we've got a disk, use its blocksize in the block
6956	 * descriptor.  Otherwise, just set it to 0.
6957	 */
6958	if (dbd == 0) {
6959		if (control_dev != 0)
6960			scsi_ulto3b(lun->be_lun->blocksize,
6961				    block_desc->block_len);
6962		else
6963			scsi_ulto3b(0, block_desc->block_len);
6964	}
6965
6966	switch (page_code) {
6967	case SMS_ALL_PAGES_PAGE: {
6968		int i, data_used;
6969
6970		data_used = header_len;
6971		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6972			struct ctl_page_index *page_index;
6973
6974			page_index = &lun->mode_pages.index[i];
6975
6976			if ((control_dev != 0)
6977			 && (page_index->page_flags &
6978			    CTL_PAGE_FLAG_DISK_ONLY))
6979				continue;
6980
6981			/*
6982			 * We don't use this subpage if the user didn't
6983			 * request all subpages.  We already checked (above)
6984			 * to make sure the user only specified a subpage
6985			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6986			 */
6987			if ((page_index->subpage != 0)
6988			 && (subpage == SMS_SUBPAGE_PAGE_0))
6989				continue;
6990
6991			/*
6992			 * Call the handler, if it exists, to update the
6993			 * page to the latest values.
6994			 */
6995			if (page_index->sense_handler != NULL)
6996				page_index->sense_handler(ctsio, page_index,pc);
6997
6998			memcpy(ctsio->kern_data_ptr + data_used,
6999			       page_index->page_data +
7000			       (page_index->page_len * pc),
7001			       page_index->page_len);
7002			data_used += page_index->page_len;
7003		}
7004		break;
7005	}
7006	default: {
7007		int i, data_used;
7008
7009		data_used = header_len;
7010
7011		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
7012			struct ctl_page_index *page_index;
7013
7014			page_index = &lun->mode_pages.index[i];
7015
7016			/* Look for the right page code */
7017			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
7018				continue;
7019
7020			/* Look for the right subpage or the subpage wildcard*/
7021			if ((page_index->subpage != subpage)
7022			 && (subpage != SMS_SUBPAGE_ALL))
7023				continue;
7024
7025			/* Make sure the page is supported for this dev type */
7026			if ((control_dev != 0)
7027			 && (page_index->page_flags &
7028			     CTL_PAGE_FLAG_DISK_ONLY))
7029				continue;
7030
7031			/*
7032			 * Call the handler, if it exists, to update the
7033			 * page to the latest values.
7034			 */
7035			if (page_index->sense_handler != NULL)
7036				page_index->sense_handler(ctsio, page_index,pc);
7037
7038			memcpy(ctsio->kern_data_ptr + data_used,
7039			       page_index->page_data +
7040			       (page_index->page_len * pc),
7041			       page_index->page_len);
7042			data_used += page_index->page_len;
7043		}
7044		break;
7045	}
7046	}
7047
7048	ctsio->scsi_status = SCSI_STATUS_OK;
7049
7050	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7051	ctsio->be_move_done = ctl_config_move_done;
7052	ctl_datamove((union ctl_io *)ctsio);
7053
7054	return (CTL_RETVAL_COMPLETE);
7055}
7056
7057int
7058ctl_read_capacity(struct ctl_scsiio *ctsio)
7059{
7060	struct scsi_read_capacity *cdb;
7061	struct scsi_read_capacity_data *data;
7062	struct ctl_lun *lun;
7063	uint32_t lba;
7064
7065	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7066
7067	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7068
7069	lba = scsi_4btoul(cdb->addr);
7070	if (((cdb->pmi & SRC_PMI) == 0)
7071	 && (lba != 0)) {
7072		ctl_set_invalid_field(/*ctsio*/ ctsio,
7073				      /*sks_valid*/ 1,
7074				      /*command*/ 1,
7075				      /*field*/ 2,
7076				      /*bit_valid*/ 0,
7077				      /*bit*/ 0);
7078		ctl_done((union ctl_io *)ctsio);
7079		return (CTL_RETVAL_COMPLETE);
7080	}
7081
7082	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7083
7084	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7085	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7086	ctsio->residual = 0;
7087	ctsio->kern_data_len = sizeof(*data);
7088	ctsio->kern_total_len = sizeof(*data);
7089	ctsio->kern_data_resid = 0;
7090	ctsio->kern_rel_offset = 0;
7091	ctsio->kern_sg_entries = 0;
7092
7093	/*
7094	 * If the maximum LBA is greater than 0xfffffffe, the user must
7095	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7096	 * serivce action set.
7097	 */
7098	if (lun->be_lun->maxlba > 0xfffffffe)
7099		scsi_ulto4b(0xffffffff, data->addr);
7100	else
7101		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7102
7103	/*
7104	 * XXX KDM this may not be 512 bytes...
7105	 */
7106	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7107
7108	ctsio->scsi_status = SCSI_STATUS_OK;
7109
7110	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7111	ctsio->be_move_done = ctl_config_move_done;
7112	ctl_datamove((union ctl_io *)ctsio);
7113
7114	return (CTL_RETVAL_COMPLETE);
7115}
7116
7117int
7118ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7119{
7120	struct scsi_read_capacity_16 *cdb;
7121	struct scsi_read_capacity_data_long *data;
7122	struct ctl_lun *lun;
7123	uint64_t lba;
7124	uint32_t alloc_len;
7125
7126	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7127
7128	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7129
7130	alloc_len = scsi_4btoul(cdb->alloc_len);
7131	lba = scsi_8btou64(cdb->addr);
7132
7133	if ((cdb->reladr & SRC16_PMI)
7134	 && (lba != 0)) {
7135		ctl_set_invalid_field(/*ctsio*/ ctsio,
7136				      /*sks_valid*/ 1,
7137				      /*command*/ 1,
7138				      /*field*/ 2,
7139				      /*bit_valid*/ 0,
7140				      /*bit*/ 0);
7141		ctl_done((union ctl_io *)ctsio);
7142		return (CTL_RETVAL_COMPLETE);
7143	}
7144
7145	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7146
7147	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7148	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7149
7150	if (sizeof(*data) < alloc_len) {
7151		ctsio->residual = alloc_len - sizeof(*data);
7152		ctsio->kern_data_len = sizeof(*data);
7153		ctsio->kern_total_len = sizeof(*data);
7154	} else {
7155		ctsio->residual = 0;
7156		ctsio->kern_data_len = alloc_len;
7157		ctsio->kern_total_len = alloc_len;
7158	}
7159	ctsio->kern_data_resid = 0;
7160	ctsio->kern_rel_offset = 0;
7161	ctsio->kern_sg_entries = 0;
7162
7163	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7164	/* XXX KDM this may not be 512 bytes... */
7165	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7166	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7167	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7168	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7169		data->lalba_lbp[0] |= SRC16_LBPME;
7170
7171	ctsio->scsi_status = SCSI_STATUS_OK;
7172
7173	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7174	ctsio->be_move_done = ctl_config_move_done;
7175	ctl_datamove((union ctl_io *)ctsio);
7176
7177	return (CTL_RETVAL_COMPLETE);
7178}
7179
7180int
7181ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7182{
7183	struct scsi_maintenance_in *cdb;
7184	int retval;
7185	int alloc_len, ext, total_len = 0, g, p, pc, pg;
7186	int num_target_port_groups, num_target_ports, single;
7187	struct ctl_lun *lun;
7188	struct ctl_softc *softc;
7189	struct ctl_port *port;
7190	struct scsi_target_group_data *rtg_ptr;
7191	struct scsi_target_group_data_extended *rtg_ext_ptr;
7192	struct scsi_target_port_group_descriptor *tpg_desc;
7193
7194	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7195
7196	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7197	softc = control_softc;
7198	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7199
7200	retval = CTL_RETVAL_COMPLETE;
7201
7202	switch (cdb->byte2 & STG_PDF_MASK) {
7203	case STG_PDF_LENGTH:
7204		ext = 0;
7205		break;
7206	case STG_PDF_EXTENDED:
7207		ext = 1;
7208		break;
7209	default:
7210		ctl_set_invalid_field(/*ctsio*/ ctsio,
7211				      /*sks_valid*/ 1,
7212				      /*command*/ 1,
7213				      /*field*/ 2,
7214				      /*bit_valid*/ 1,
7215				      /*bit*/ 5);
7216		ctl_done((union ctl_io *)ctsio);
7217		return(retval);
7218	}
7219
7220	single = ctl_is_single;
7221	if (single)
7222		num_target_port_groups = 1;
7223	else
7224		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7225	num_target_ports = 0;
7226	mtx_lock(&softc->ctl_lock);
7227	STAILQ_FOREACH(port, &softc->port_list, links) {
7228		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7229			continue;
7230		if (ctl_map_lun_back(port->targ_port, lun->lun) >= CTL_MAX_LUNS)
7231			continue;
7232		num_target_ports++;
7233	}
7234	mtx_unlock(&softc->ctl_lock);
7235
7236	if (ext)
7237		total_len = sizeof(struct scsi_target_group_data_extended);
7238	else
7239		total_len = sizeof(struct scsi_target_group_data);
7240	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7241		num_target_port_groups +
7242	    sizeof(struct scsi_target_port_descriptor) *
7243		num_target_ports * num_target_port_groups;
7244
7245	alloc_len = scsi_4btoul(cdb->length);
7246
7247	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7248
7249	ctsio->kern_sg_entries = 0;
7250
7251	if (total_len < alloc_len) {
7252		ctsio->residual = alloc_len - total_len;
7253		ctsio->kern_data_len = total_len;
7254		ctsio->kern_total_len = total_len;
7255	} else {
7256		ctsio->residual = 0;
7257		ctsio->kern_data_len = alloc_len;
7258		ctsio->kern_total_len = alloc_len;
7259	}
7260	ctsio->kern_data_resid = 0;
7261	ctsio->kern_rel_offset = 0;
7262
7263	if (ext) {
7264		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7265		    ctsio->kern_data_ptr;
7266		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7267		rtg_ext_ptr->format_type = 0x10;
7268		rtg_ext_ptr->implicit_transition_time = 0;
7269		tpg_desc = &rtg_ext_ptr->groups[0];
7270	} else {
7271		rtg_ptr = (struct scsi_target_group_data *)
7272		    ctsio->kern_data_ptr;
7273		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7274		tpg_desc = &rtg_ptr->groups[0];
7275	}
7276
7277	pg = ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS;
7278	mtx_lock(&softc->ctl_lock);
7279	for (g = 0; g < num_target_port_groups; g++) {
7280		if (g == pg)
7281			tpg_desc->pref_state = TPG_PRIMARY |
7282			    TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7283		else
7284			tpg_desc->pref_state =
7285			    TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7286		tpg_desc->support = TPG_AO_SUP;
7287		if (!single)
7288			tpg_desc->support |= TPG_AN_SUP;
7289		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7290		tpg_desc->status = TPG_IMPLICIT;
7291		pc = 0;
7292		STAILQ_FOREACH(port, &softc->port_list, links) {
7293			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7294				continue;
7295			if (ctl_map_lun_back(port->targ_port, lun->lun) >=
7296			    CTL_MAX_LUNS)
7297				continue;
7298			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
7299			scsi_ulto2b(p, tpg_desc->descriptors[pc].
7300			    relative_target_port_identifier);
7301			pc++;
7302		}
7303		tpg_desc->target_port_count = pc;
7304		tpg_desc = (struct scsi_target_port_group_descriptor *)
7305		    &tpg_desc->descriptors[pc];
7306	}
7307	mtx_unlock(&softc->ctl_lock);
7308
7309	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7310	ctsio->be_move_done = ctl_config_move_done;
7311
7312	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7313			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7314			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7315			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7316			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7317
7318	ctl_datamove((union ctl_io *)ctsio);
7319	return(retval);
7320}
7321
7322int
7323ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7324{
7325	struct ctl_lun *lun;
7326	struct scsi_report_supported_opcodes *cdb;
7327	const struct ctl_cmd_entry *entry, *sentry;
7328	struct scsi_report_supported_opcodes_all *all;
7329	struct scsi_report_supported_opcodes_descr *descr;
7330	struct scsi_report_supported_opcodes_one *one;
7331	int retval;
7332	int alloc_len, total_len;
7333	int opcode, service_action, i, j, num;
7334
7335	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7336
7337	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7338	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7339
7340	retval = CTL_RETVAL_COMPLETE;
7341
7342	opcode = cdb->requested_opcode;
7343	service_action = scsi_2btoul(cdb->requested_service_action);
7344	switch (cdb->options & RSO_OPTIONS_MASK) {
7345	case RSO_OPTIONS_ALL:
7346		num = 0;
7347		for (i = 0; i < 256; i++) {
7348			entry = &ctl_cmd_table[i];
7349			if (entry->flags & CTL_CMD_FLAG_SA5) {
7350				for (j = 0; j < 32; j++) {
7351					sentry = &((const struct ctl_cmd_entry *)
7352					    entry->execute)[j];
7353					if (ctl_cmd_applicable(
7354					    lun->be_lun->lun_type, sentry))
7355						num++;
7356				}
7357			} else {
7358				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7359				    entry))
7360					num++;
7361			}
7362		}
7363		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7364		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7365		break;
7366	case RSO_OPTIONS_OC:
7367		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7368			ctl_set_invalid_field(/*ctsio*/ ctsio,
7369					      /*sks_valid*/ 1,
7370					      /*command*/ 1,
7371					      /*field*/ 2,
7372					      /*bit_valid*/ 1,
7373					      /*bit*/ 2);
7374			ctl_done((union ctl_io *)ctsio);
7375			return (CTL_RETVAL_COMPLETE);
7376		}
7377		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7378		break;
7379	case RSO_OPTIONS_OC_SA:
7380		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7381		    service_action >= 32) {
7382			ctl_set_invalid_field(/*ctsio*/ ctsio,
7383					      /*sks_valid*/ 1,
7384					      /*command*/ 1,
7385					      /*field*/ 2,
7386					      /*bit_valid*/ 1,
7387					      /*bit*/ 2);
7388			ctl_done((union ctl_io *)ctsio);
7389			return (CTL_RETVAL_COMPLETE);
7390		}
7391		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7392		break;
7393	default:
7394		ctl_set_invalid_field(/*ctsio*/ ctsio,
7395				      /*sks_valid*/ 1,
7396				      /*command*/ 1,
7397				      /*field*/ 2,
7398				      /*bit_valid*/ 1,
7399				      /*bit*/ 2);
7400		ctl_done((union ctl_io *)ctsio);
7401		return (CTL_RETVAL_COMPLETE);
7402	}
7403
7404	alloc_len = scsi_4btoul(cdb->length);
7405
7406	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7407
7408	ctsio->kern_sg_entries = 0;
7409
7410	if (total_len < alloc_len) {
7411		ctsio->residual = alloc_len - total_len;
7412		ctsio->kern_data_len = total_len;
7413		ctsio->kern_total_len = total_len;
7414	} else {
7415		ctsio->residual = 0;
7416		ctsio->kern_data_len = alloc_len;
7417		ctsio->kern_total_len = alloc_len;
7418	}
7419	ctsio->kern_data_resid = 0;
7420	ctsio->kern_rel_offset = 0;
7421
7422	switch (cdb->options & RSO_OPTIONS_MASK) {
7423	case RSO_OPTIONS_ALL:
7424		all = (struct scsi_report_supported_opcodes_all *)
7425		    ctsio->kern_data_ptr;
7426		num = 0;
7427		for (i = 0; i < 256; i++) {
7428			entry = &ctl_cmd_table[i];
7429			if (entry->flags & CTL_CMD_FLAG_SA5) {
7430				for (j = 0; j < 32; j++) {
7431					sentry = &((const struct ctl_cmd_entry *)
7432					    entry->execute)[j];
7433					if (!ctl_cmd_applicable(
7434					    lun->be_lun->lun_type, sentry))
7435						continue;
7436					descr = &all->descr[num++];
7437					descr->opcode = i;
7438					scsi_ulto2b(j, descr->service_action);
7439					descr->flags = RSO_SERVACTV;
7440					scsi_ulto2b(sentry->length,
7441					    descr->cdb_length);
7442				}
7443			} else {
7444				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7445				    entry))
7446					continue;
7447				descr = &all->descr[num++];
7448				descr->opcode = i;
7449				scsi_ulto2b(0, descr->service_action);
7450				descr->flags = 0;
7451				scsi_ulto2b(entry->length, descr->cdb_length);
7452			}
7453		}
7454		scsi_ulto4b(
7455		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7456		    all->length);
7457		break;
7458	case RSO_OPTIONS_OC:
7459		one = (struct scsi_report_supported_opcodes_one *)
7460		    ctsio->kern_data_ptr;
7461		entry = &ctl_cmd_table[opcode];
7462		goto fill_one;
7463	case RSO_OPTIONS_OC_SA:
7464		one = (struct scsi_report_supported_opcodes_one *)
7465		    ctsio->kern_data_ptr;
7466		entry = &ctl_cmd_table[opcode];
7467		entry = &((const struct ctl_cmd_entry *)
7468		    entry->execute)[service_action];
7469fill_one:
7470		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7471			one->support = 3;
7472			scsi_ulto2b(entry->length, one->cdb_length);
7473			one->cdb_usage[0] = opcode;
7474			memcpy(&one->cdb_usage[1], entry->usage,
7475			    entry->length - 1);
7476		} else
7477			one->support = 1;
7478		break;
7479	}
7480
7481	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7482	ctsio->be_move_done = ctl_config_move_done;
7483
7484	ctl_datamove((union ctl_io *)ctsio);
7485	return(retval);
7486}
7487
7488int
7489ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7490{
7491	struct ctl_lun *lun;
7492	struct scsi_report_supported_tmf *cdb;
7493	struct scsi_report_supported_tmf_data *data;
7494	int retval;
7495	int alloc_len, total_len;
7496
7497	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7498
7499	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7500	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7501
7502	retval = CTL_RETVAL_COMPLETE;
7503
7504	total_len = sizeof(struct scsi_report_supported_tmf_data);
7505	alloc_len = scsi_4btoul(cdb->length);
7506
7507	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7508
7509	ctsio->kern_sg_entries = 0;
7510
7511	if (total_len < alloc_len) {
7512		ctsio->residual = alloc_len - total_len;
7513		ctsio->kern_data_len = total_len;
7514		ctsio->kern_total_len = total_len;
7515	} else {
7516		ctsio->residual = 0;
7517		ctsio->kern_data_len = alloc_len;
7518		ctsio->kern_total_len = alloc_len;
7519	}
7520	ctsio->kern_data_resid = 0;
7521	ctsio->kern_rel_offset = 0;
7522
7523	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7524	data->byte1 |= RST_ATS | RST_ATSS | RST_LURS | RST_TRS;
7525	data->byte2 |= RST_ITNRS;
7526
7527	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7528	ctsio->be_move_done = ctl_config_move_done;
7529
7530	ctl_datamove((union ctl_io *)ctsio);
7531	return (retval);
7532}
7533
7534int
7535ctl_report_timestamp(struct ctl_scsiio *ctsio)
7536{
7537	struct ctl_lun *lun;
7538	struct scsi_report_timestamp *cdb;
7539	struct scsi_report_timestamp_data *data;
7540	struct timeval tv;
7541	int64_t timestamp;
7542	int retval;
7543	int alloc_len, total_len;
7544
7545	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7546
7547	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7548	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7549
7550	retval = CTL_RETVAL_COMPLETE;
7551
7552	total_len = sizeof(struct scsi_report_timestamp_data);
7553	alloc_len = scsi_4btoul(cdb->length);
7554
7555	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7556
7557	ctsio->kern_sg_entries = 0;
7558
7559	if (total_len < alloc_len) {
7560		ctsio->residual = alloc_len - total_len;
7561		ctsio->kern_data_len = total_len;
7562		ctsio->kern_total_len = total_len;
7563	} else {
7564		ctsio->residual = 0;
7565		ctsio->kern_data_len = alloc_len;
7566		ctsio->kern_total_len = alloc_len;
7567	}
7568	ctsio->kern_data_resid = 0;
7569	ctsio->kern_rel_offset = 0;
7570
7571	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7572	scsi_ulto2b(sizeof(*data) - 2, data->length);
7573	data->origin = RTS_ORIG_OUTSIDE;
7574	getmicrotime(&tv);
7575	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7576	scsi_ulto4b(timestamp >> 16, data->timestamp);
7577	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7578
7579	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7580	ctsio->be_move_done = ctl_config_move_done;
7581
7582	ctl_datamove((union ctl_io *)ctsio);
7583	return (retval);
7584}
7585
7586int
7587ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7588{
7589	struct scsi_per_res_in *cdb;
7590	int alloc_len, total_len = 0;
7591	/* struct scsi_per_res_in_rsrv in_data; */
7592	struct ctl_lun *lun;
7593	struct ctl_softc *softc;
7594
7595	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7596
7597	softc = control_softc;
7598
7599	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7600
7601	alloc_len = scsi_2btoul(cdb->length);
7602
7603	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7604
7605retry:
7606	mtx_lock(&lun->lun_lock);
7607	switch (cdb->action) {
7608	case SPRI_RK: /* read keys */
7609		total_len = sizeof(struct scsi_per_res_in_keys) +
7610			lun->pr_key_count *
7611			sizeof(struct scsi_per_res_key);
7612		break;
7613	case SPRI_RR: /* read reservation */
7614		if (lun->flags & CTL_LUN_PR_RESERVED)
7615			total_len = sizeof(struct scsi_per_res_in_rsrv);
7616		else
7617			total_len = sizeof(struct scsi_per_res_in_header);
7618		break;
7619	case SPRI_RC: /* report capabilities */
7620		total_len = sizeof(struct scsi_per_res_cap);
7621		break;
7622	default:
7623		panic("Invalid PR type %x", cdb->action);
7624	}
7625	mtx_unlock(&lun->lun_lock);
7626
7627	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7628
7629	if (total_len < alloc_len) {
7630		ctsio->residual = alloc_len - total_len;
7631		ctsio->kern_data_len = total_len;
7632		ctsio->kern_total_len = total_len;
7633	} else {
7634		ctsio->residual = 0;
7635		ctsio->kern_data_len = alloc_len;
7636		ctsio->kern_total_len = alloc_len;
7637	}
7638
7639	ctsio->kern_data_resid = 0;
7640	ctsio->kern_rel_offset = 0;
7641	ctsio->kern_sg_entries = 0;
7642
7643	mtx_lock(&lun->lun_lock);
7644	switch (cdb->action) {
7645	case SPRI_RK: { // read keys
7646        struct scsi_per_res_in_keys *res_keys;
7647		int i, key_count;
7648
7649		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7650
7651		/*
7652		 * We had to drop the lock to allocate our buffer, which
7653		 * leaves time for someone to come in with another
7654		 * persistent reservation.  (That is unlikely, though,
7655		 * since this should be the only persistent reservation
7656		 * command active right now.)
7657		 */
7658		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7659		    (lun->pr_key_count *
7660		     sizeof(struct scsi_per_res_key)))){
7661			mtx_unlock(&lun->lun_lock);
7662			free(ctsio->kern_data_ptr, M_CTL);
7663			printf("%s: reservation length changed, retrying\n",
7664			       __func__);
7665			goto retry;
7666		}
7667
7668		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7669
7670		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7671			     lun->pr_key_count, res_keys->header.length);
7672
7673		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7674			if (!lun->per_res[i].registered)
7675				continue;
7676
7677			/*
7678			 * We used lun->pr_key_count to calculate the
7679			 * size to allocate.  If it turns out the number of
7680			 * initiators with the registered flag set is
7681			 * larger than that (i.e. they haven't been kept in
7682			 * sync), we've got a problem.
7683			 */
7684			if (key_count >= lun->pr_key_count) {
7685#ifdef NEEDTOPORT
7686				csevent_log(CSC_CTL | CSC_SHELF_SW |
7687					    CTL_PR_ERROR,
7688					    csevent_LogType_Fault,
7689					    csevent_AlertLevel_Yellow,
7690					    csevent_FRU_ShelfController,
7691					    csevent_FRU_Firmware,
7692				        csevent_FRU_Unknown,
7693					    "registered keys %d >= key "
7694					    "count %d", key_count,
7695					    lun->pr_key_count);
7696#endif
7697				key_count++;
7698				continue;
7699			}
7700			memcpy(res_keys->keys[key_count].key,
7701			       lun->per_res[i].res_key.key,
7702			       ctl_min(sizeof(res_keys->keys[key_count].key),
7703			       sizeof(lun->per_res[i].res_key)));
7704			key_count++;
7705		}
7706		break;
7707	}
7708	case SPRI_RR: { // read reservation
7709		struct scsi_per_res_in_rsrv *res;
7710		int tmp_len, header_only;
7711
7712		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7713
7714		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7715
7716		if (lun->flags & CTL_LUN_PR_RESERVED)
7717		{
7718			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7719			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7720				    res->header.length);
7721			header_only = 0;
7722		} else {
7723			tmp_len = sizeof(struct scsi_per_res_in_header);
7724			scsi_ulto4b(0, res->header.length);
7725			header_only = 1;
7726		}
7727
7728		/*
7729		 * We had to drop the lock to allocate our buffer, which
7730		 * leaves time for someone to come in with another
7731		 * persistent reservation.  (That is unlikely, though,
7732		 * since this should be the only persistent reservation
7733		 * command active right now.)
7734		 */
7735		if (tmp_len != total_len) {
7736			mtx_unlock(&lun->lun_lock);
7737			free(ctsio->kern_data_ptr, M_CTL);
7738			printf("%s: reservation status changed, retrying\n",
7739			       __func__);
7740			goto retry;
7741		}
7742
7743		/*
7744		 * No reservation held, so we're done.
7745		 */
7746		if (header_only != 0)
7747			break;
7748
7749		/*
7750		 * If the registration is an All Registrants type, the key
7751		 * is 0, since it doesn't really matter.
7752		 */
7753		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7754			memcpy(res->data.reservation,
7755			       &lun->per_res[lun->pr_res_idx].res_key,
7756			       sizeof(struct scsi_per_res_key));
7757		}
7758		res->data.scopetype = lun->res_type;
7759		break;
7760	}
7761	case SPRI_RC:     //report capabilities
7762	{
7763		struct scsi_per_res_cap *res_cap;
7764		uint16_t type_mask;
7765
7766		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7767		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7768		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_3;
7769		type_mask = SPRI_TM_WR_EX_AR |
7770			    SPRI_TM_EX_AC_RO |
7771			    SPRI_TM_WR_EX_RO |
7772			    SPRI_TM_EX_AC |
7773			    SPRI_TM_WR_EX |
7774			    SPRI_TM_EX_AC_AR;
7775		scsi_ulto2b(type_mask, res_cap->type_mask);
7776		break;
7777	}
7778	case SPRI_RS: //read full status
7779	default:
7780		/*
7781		 * This is a bug, because we just checked for this above,
7782		 * and should have returned an error.
7783		 */
7784		panic("Invalid PR type %x", cdb->action);
7785		break; /* NOTREACHED */
7786	}
7787	mtx_unlock(&lun->lun_lock);
7788
7789	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7790	ctsio->be_move_done = ctl_config_move_done;
7791
7792	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7793			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7794			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7795			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7796			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7797
7798	ctl_datamove((union ctl_io *)ctsio);
7799
7800	return (CTL_RETVAL_COMPLETE);
7801}
7802
7803/*
7804 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7805 * it should return.
7806 */
7807static int
7808ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7809		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7810		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7811		struct scsi_per_res_out_parms* param)
7812{
7813	union ctl_ha_msg persis_io;
7814	int retval, i;
7815	int isc_retval;
7816
7817	retval = 0;
7818
7819	mtx_lock(&lun->lun_lock);
7820	if (sa_res_key == 0) {
7821		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7822			/* validate scope and type */
7823			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7824			     SPR_LU_SCOPE) {
7825				mtx_unlock(&lun->lun_lock);
7826				ctl_set_invalid_field(/*ctsio*/ ctsio,
7827						      /*sks_valid*/ 1,
7828						      /*command*/ 1,
7829						      /*field*/ 2,
7830						      /*bit_valid*/ 1,
7831						      /*bit*/ 4);
7832				ctl_done((union ctl_io *)ctsio);
7833				return (1);
7834			}
7835
7836		        if (type>8 || type==2 || type==4 || type==0) {
7837				mtx_unlock(&lun->lun_lock);
7838				ctl_set_invalid_field(/*ctsio*/ ctsio,
7839       	           				      /*sks_valid*/ 1,
7840						      /*command*/ 1,
7841						      /*field*/ 2,
7842						      /*bit_valid*/ 1,
7843						      /*bit*/ 0);
7844				ctl_done((union ctl_io *)ctsio);
7845				return (1);
7846		        }
7847
7848			/* temporarily unregister this nexus */
7849			lun->per_res[residx].registered = 0;
7850
7851			/*
7852			 * Unregister everybody else and build UA for
7853			 * them
7854			 */
7855			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7856				if (lun->per_res[i].registered == 0)
7857					continue;
7858
7859				if (!persis_offset
7860				 && i <CTL_MAX_INITIATORS)
7861					lun->pending_sense[i].ua_pending |=
7862						CTL_UA_REG_PREEMPT;
7863				else if (persis_offset
7864				      && i >= persis_offset)
7865					lun->pending_sense[i-persis_offset
7866						].ua_pending |=
7867						CTL_UA_REG_PREEMPT;
7868				lun->per_res[i].registered = 0;
7869				memset(&lun->per_res[i].res_key, 0,
7870				       sizeof(struct scsi_per_res_key));
7871			}
7872			lun->per_res[residx].registered = 1;
7873			lun->pr_key_count = 1;
7874			lun->res_type = type;
7875			if (lun->res_type != SPR_TYPE_WR_EX_AR
7876			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7877				lun->pr_res_idx = residx;
7878
7879			/* send msg to other side */
7880			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7881			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7882			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7883			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7884			persis_io.pr.pr_info.res_type = type;
7885			memcpy(persis_io.pr.pr_info.sa_res_key,
7886			       param->serv_act_res_key,
7887			       sizeof(param->serv_act_res_key));
7888			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7889			     &persis_io, sizeof(persis_io), 0)) >
7890			     CTL_HA_STATUS_SUCCESS) {
7891				printf("CTL:Persis Out error returned "
7892				       "from ctl_ha_msg_send %d\n",
7893				       isc_retval);
7894			}
7895		} else {
7896			/* not all registrants */
7897			mtx_unlock(&lun->lun_lock);
7898			free(ctsio->kern_data_ptr, M_CTL);
7899			ctl_set_invalid_field(ctsio,
7900					      /*sks_valid*/ 1,
7901					      /*command*/ 0,
7902					      /*field*/ 8,
7903					      /*bit_valid*/ 0,
7904					      /*bit*/ 0);
7905			ctl_done((union ctl_io *)ctsio);
7906			return (1);
7907		}
7908	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7909		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7910		int found = 0;
7911
7912		if (res_key == sa_res_key) {
7913			/* special case */
7914			/*
7915			 * The spec implies this is not good but doesn't
7916			 * say what to do. There are two choices either
7917			 * generate a res conflict or check condition
7918			 * with illegal field in parameter data. Since
7919			 * that is what is done when the sa_res_key is
7920			 * zero I'll take that approach since this has
7921			 * to do with the sa_res_key.
7922			 */
7923			mtx_unlock(&lun->lun_lock);
7924			free(ctsio->kern_data_ptr, M_CTL);
7925			ctl_set_invalid_field(ctsio,
7926					      /*sks_valid*/ 1,
7927					      /*command*/ 0,
7928					      /*field*/ 8,
7929					      /*bit_valid*/ 0,
7930					      /*bit*/ 0);
7931			ctl_done((union ctl_io *)ctsio);
7932			return (1);
7933		}
7934
7935		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7936			if (lun->per_res[i].registered
7937			 && memcmp(param->serv_act_res_key,
7938			    lun->per_res[i].res_key.key,
7939			    sizeof(struct scsi_per_res_key)) != 0)
7940				continue;
7941
7942			found = 1;
7943			lun->per_res[i].registered = 0;
7944			memset(&lun->per_res[i].res_key, 0,
7945			       sizeof(struct scsi_per_res_key));
7946			lun->pr_key_count--;
7947
7948			if (!persis_offset
7949			 && i < CTL_MAX_INITIATORS)
7950				lun->pending_sense[i].ua_pending |=
7951					CTL_UA_REG_PREEMPT;
7952			else if (persis_offset
7953			      && i >= persis_offset)
7954				lun->pending_sense[i-persis_offset].ua_pending|=
7955					CTL_UA_REG_PREEMPT;
7956		}
7957		if (!found) {
7958			mtx_unlock(&lun->lun_lock);
7959			free(ctsio->kern_data_ptr, M_CTL);
7960			ctl_set_reservation_conflict(ctsio);
7961			ctl_done((union ctl_io *)ctsio);
7962			return (CTL_RETVAL_COMPLETE);
7963		}
7964		/* send msg to other side */
7965		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7966		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7967		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7968		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7969		persis_io.pr.pr_info.res_type = type;
7970		memcpy(persis_io.pr.pr_info.sa_res_key,
7971		       param->serv_act_res_key,
7972		       sizeof(param->serv_act_res_key));
7973		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7974		     &persis_io, sizeof(persis_io), 0)) >
7975		     CTL_HA_STATUS_SUCCESS) {
7976			printf("CTL:Persis Out error returned from "
7977			       "ctl_ha_msg_send %d\n", isc_retval);
7978		}
7979	} else {
7980		/* Reserved but not all registrants */
7981		/* sa_res_key is res holder */
7982		if (memcmp(param->serv_act_res_key,
7983                   lun->per_res[lun->pr_res_idx].res_key.key,
7984                   sizeof(struct scsi_per_res_key)) == 0) {
7985			/* validate scope and type */
7986			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7987			     SPR_LU_SCOPE) {
7988				mtx_unlock(&lun->lun_lock);
7989				ctl_set_invalid_field(/*ctsio*/ ctsio,
7990						      /*sks_valid*/ 1,
7991						      /*command*/ 1,
7992						      /*field*/ 2,
7993						      /*bit_valid*/ 1,
7994						      /*bit*/ 4);
7995				ctl_done((union ctl_io *)ctsio);
7996				return (1);
7997			}
7998
7999			if (type>8 || type==2 || type==4 || type==0) {
8000				mtx_unlock(&lun->lun_lock);
8001				ctl_set_invalid_field(/*ctsio*/ ctsio,
8002						      /*sks_valid*/ 1,
8003						      /*command*/ 1,
8004						      /*field*/ 2,
8005						      /*bit_valid*/ 1,
8006						      /*bit*/ 0);
8007				ctl_done((union ctl_io *)ctsio);
8008				return (1);
8009			}
8010
8011			/*
8012			 * Do the following:
8013			 * if sa_res_key != res_key remove all
8014			 * registrants w/sa_res_key and generate UA
8015			 * for these registrants(Registrations
8016			 * Preempted) if it wasn't an exclusive
8017			 * reservation generate UA(Reservations
8018			 * Preempted) for all other registered nexuses
8019			 * if the type has changed. Establish the new
8020			 * reservation and holder. If res_key and
8021			 * sa_res_key are the same do the above
8022			 * except don't unregister the res holder.
8023			 */
8024
8025			/*
8026			 * Temporarily unregister so it won't get
8027			 * removed or UA generated
8028			 */
8029			lun->per_res[residx].registered = 0;
8030			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8031				if (lun->per_res[i].registered == 0)
8032					continue;
8033
8034				if (memcmp(param->serv_act_res_key,
8035				    lun->per_res[i].res_key.key,
8036				    sizeof(struct scsi_per_res_key)) == 0) {
8037					lun->per_res[i].registered = 0;
8038					memset(&lun->per_res[i].res_key,
8039					       0,
8040					       sizeof(struct scsi_per_res_key));
8041					lun->pr_key_count--;
8042
8043					if (!persis_offset
8044					 && i < CTL_MAX_INITIATORS)
8045						lun->pending_sense[i
8046							].ua_pending |=
8047							CTL_UA_REG_PREEMPT;
8048					else if (persis_offset
8049					      && i >= persis_offset)
8050						lun->pending_sense[
8051						  i-persis_offset].ua_pending |=
8052						  CTL_UA_REG_PREEMPT;
8053				} else if (type != lun->res_type
8054					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8055					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8056						if (!persis_offset
8057						 && i < CTL_MAX_INITIATORS)
8058							lun->pending_sense[i
8059							].ua_pending |=
8060							CTL_UA_RES_RELEASE;
8061						else if (persis_offset
8062						      && i >= persis_offset)
8063							lun->pending_sense[
8064							i-persis_offset
8065							].ua_pending |=
8066							CTL_UA_RES_RELEASE;
8067				}
8068			}
8069			lun->per_res[residx].registered = 1;
8070			lun->res_type = type;
8071			if (lun->res_type != SPR_TYPE_WR_EX_AR
8072			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8073				lun->pr_res_idx = residx;
8074			else
8075				lun->pr_res_idx =
8076					CTL_PR_ALL_REGISTRANTS;
8077
8078			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8079			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8080			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8081			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8082			persis_io.pr.pr_info.res_type = type;
8083			memcpy(persis_io.pr.pr_info.sa_res_key,
8084			       param->serv_act_res_key,
8085			       sizeof(param->serv_act_res_key));
8086			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8087			     &persis_io, sizeof(persis_io), 0)) >
8088			     CTL_HA_STATUS_SUCCESS) {
8089				printf("CTL:Persis Out error returned "
8090				       "from ctl_ha_msg_send %d\n",
8091				       isc_retval);
8092			}
8093		} else {
8094			/*
8095			 * sa_res_key is not the res holder just
8096			 * remove registrants
8097			 */
8098			int found=0;
8099
8100			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8101				if (memcmp(param->serv_act_res_key,
8102				    lun->per_res[i].res_key.key,
8103				    sizeof(struct scsi_per_res_key)) != 0)
8104					continue;
8105
8106				found = 1;
8107				lun->per_res[i].registered = 0;
8108				memset(&lun->per_res[i].res_key, 0,
8109				       sizeof(struct scsi_per_res_key));
8110				lun->pr_key_count--;
8111
8112				if (!persis_offset
8113				 && i < CTL_MAX_INITIATORS)
8114					lun->pending_sense[i].ua_pending |=
8115						CTL_UA_REG_PREEMPT;
8116				else if (persis_offset
8117				      && i >= persis_offset)
8118					lun->pending_sense[
8119						i-persis_offset].ua_pending |=
8120						CTL_UA_REG_PREEMPT;
8121			}
8122
8123			if (!found) {
8124				mtx_unlock(&lun->lun_lock);
8125				free(ctsio->kern_data_ptr, M_CTL);
8126				ctl_set_reservation_conflict(ctsio);
8127				ctl_done((union ctl_io *)ctsio);
8128		        	return (1);
8129			}
8130			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8131			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8132			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8133			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8134			persis_io.pr.pr_info.res_type = type;
8135			memcpy(persis_io.pr.pr_info.sa_res_key,
8136			       param->serv_act_res_key,
8137			       sizeof(param->serv_act_res_key));
8138			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8139			     &persis_io, sizeof(persis_io), 0)) >
8140			     CTL_HA_STATUS_SUCCESS) {
8141				printf("CTL:Persis Out error returned "
8142				       "from ctl_ha_msg_send %d\n",
8143				isc_retval);
8144			}
8145		}
8146	}
8147
8148	lun->PRGeneration++;
8149	mtx_unlock(&lun->lun_lock);
8150
8151	return (retval);
8152}
8153
8154static void
8155ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8156{
8157	int i;
8158
8159	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8160	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8161	 || memcmp(&lun->per_res[lun->pr_res_idx].res_key,
8162		   msg->pr.pr_info.sa_res_key,
8163		   sizeof(struct scsi_per_res_key)) != 0) {
8164		uint64_t sa_res_key;
8165		sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8166
8167		if (sa_res_key == 0) {
8168			/* temporarily unregister this nexus */
8169			lun->per_res[msg->pr.pr_info.residx].registered = 0;
8170
8171			/*
8172			 * Unregister everybody else and build UA for
8173			 * them
8174			 */
8175			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8176				if (lun->per_res[i].registered == 0)
8177					continue;
8178
8179				if (!persis_offset
8180				 && i < CTL_MAX_INITIATORS)
8181					lun->pending_sense[i].ua_pending |=
8182						CTL_UA_REG_PREEMPT;
8183				else if (persis_offset && i >= persis_offset)
8184					lun->pending_sense[i -
8185						persis_offset].ua_pending |=
8186						CTL_UA_REG_PREEMPT;
8187				lun->per_res[i].registered = 0;
8188				memset(&lun->per_res[i].res_key, 0,
8189				       sizeof(struct scsi_per_res_key));
8190			}
8191
8192			lun->per_res[msg->pr.pr_info.residx].registered = 1;
8193			lun->pr_key_count = 1;
8194			lun->res_type = msg->pr.pr_info.res_type;
8195			if (lun->res_type != SPR_TYPE_WR_EX_AR
8196			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8197				lun->pr_res_idx = msg->pr.pr_info.residx;
8198		} else {
8199		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8200				if (memcmp(msg->pr.pr_info.sa_res_key,
8201		                   lun->per_res[i].res_key.key,
8202		                   sizeof(struct scsi_per_res_key)) != 0)
8203					continue;
8204
8205				lun->per_res[i].registered = 0;
8206				memset(&lun->per_res[i].res_key, 0,
8207				       sizeof(struct scsi_per_res_key));
8208				lun->pr_key_count--;
8209
8210				if (!persis_offset
8211				 && i < persis_offset)
8212					lun->pending_sense[i].ua_pending |=
8213						CTL_UA_REG_PREEMPT;
8214				else if (persis_offset
8215				      && i >= persis_offset)
8216					lun->pending_sense[i -
8217						persis_offset].ua_pending |=
8218						CTL_UA_REG_PREEMPT;
8219			}
8220		}
8221	} else {
8222		/*
8223		 * Temporarily unregister so it won't get removed
8224		 * or UA generated
8225		 */
8226		lun->per_res[msg->pr.pr_info.residx].registered = 0;
8227		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8228			if (lun->per_res[i].registered == 0)
8229				continue;
8230
8231			if (memcmp(msg->pr.pr_info.sa_res_key,
8232	                   lun->per_res[i].res_key.key,
8233	                   sizeof(struct scsi_per_res_key)) == 0) {
8234				lun->per_res[i].registered = 0;
8235				memset(&lun->per_res[i].res_key, 0,
8236				       sizeof(struct scsi_per_res_key));
8237				lun->pr_key_count--;
8238				if (!persis_offset
8239				 && i < CTL_MAX_INITIATORS)
8240					lun->pending_sense[i].ua_pending |=
8241						CTL_UA_REG_PREEMPT;
8242				else if (persis_offset
8243				      && i >= persis_offset)
8244					lun->pending_sense[i -
8245						persis_offset].ua_pending |=
8246						CTL_UA_REG_PREEMPT;
8247			} else if (msg->pr.pr_info.res_type != lun->res_type
8248				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8249				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8250					if (!persis_offset
8251					 && i < persis_offset)
8252						lun->pending_sense[i
8253							].ua_pending |=
8254							CTL_UA_RES_RELEASE;
8255					else if (persis_offset
8256					      && i >= persis_offset)
8257					lun->pending_sense[i -
8258						persis_offset].ua_pending |=
8259						CTL_UA_RES_RELEASE;
8260			}
8261		}
8262		lun->per_res[msg->pr.pr_info.residx].registered = 1;
8263		lun->res_type = msg->pr.pr_info.res_type;
8264		if (lun->res_type != SPR_TYPE_WR_EX_AR
8265		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8266			lun->pr_res_idx = msg->pr.pr_info.residx;
8267		else
8268			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8269	}
8270	lun->PRGeneration++;
8271
8272}
8273
8274
8275int
8276ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8277{
8278	int retval;
8279	int isc_retval;
8280	u_int32_t param_len;
8281	struct scsi_per_res_out *cdb;
8282	struct ctl_lun *lun;
8283	struct scsi_per_res_out_parms* param;
8284	struct ctl_softc *softc;
8285	uint32_t residx;
8286	uint64_t res_key, sa_res_key;
8287	uint8_t type;
8288	union ctl_ha_msg persis_io;
8289	int    i;
8290
8291	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8292
8293	retval = CTL_RETVAL_COMPLETE;
8294
8295	softc = control_softc;
8296
8297	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8298	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8299
8300	/*
8301	 * We only support whole-LUN scope.  The scope & type are ignored for
8302	 * register, register and ignore existing key and clear.
8303	 * We sometimes ignore scope and type on preempts too!!
8304	 * Verify reservation type here as well.
8305	 */
8306	type = cdb->scope_type & SPR_TYPE_MASK;
8307	if ((cdb->action == SPRO_RESERVE)
8308	 || (cdb->action == SPRO_RELEASE)) {
8309		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8310			ctl_set_invalid_field(/*ctsio*/ ctsio,
8311					      /*sks_valid*/ 1,
8312					      /*command*/ 1,
8313					      /*field*/ 2,
8314					      /*bit_valid*/ 1,
8315					      /*bit*/ 4);
8316			ctl_done((union ctl_io *)ctsio);
8317			return (CTL_RETVAL_COMPLETE);
8318		}
8319
8320		if (type>8 || type==2 || type==4 || type==0) {
8321			ctl_set_invalid_field(/*ctsio*/ ctsio,
8322					      /*sks_valid*/ 1,
8323					      /*command*/ 1,
8324					      /*field*/ 2,
8325					      /*bit_valid*/ 1,
8326					      /*bit*/ 0);
8327			ctl_done((union ctl_io *)ctsio);
8328			return (CTL_RETVAL_COMPLETE);
8329		}
8330	}
8331
8332	param_len = scsi_4btoul(cdb->length);
8333
8334	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8335		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8336		ctsio->kern_data_len = param_len;
8337		ctsio->kern_total_len = param_len;
8338		ctsio->kern_data_resid = 0;
8339		ctsio->kern_rel_offset = 0;
8340		ctsio->kern_sg_entries = 0;
8341		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8342		ctsio->be_move_done = ctl_config_move_done;
8343		ctl_datamove((union ctl_io *)ctsio);
8344
8345		return (CTL_RETVAL_COMPLETE);
8346	}
8347
8348	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8349
8350	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8351	res_key = scsi_8btou64(param->res_key.key);
8352	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8353
8354	/*
8355	 * Validate the reservation key here except for SPRO_REG_IGNO
8356	 * This must be done for all other service actions
8357	 */
8358	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8359		mtx_lock(&lun->lun_lock);
8360		if (lun->per_res[residx].registered) {
8361		    if (memcmp(param->res_key.key,
8362			       lun->per_res[residx].res_key.key,
8363			       ctl_min(sizeof(param->res_key),
8364			       sizeof(lun->per_res[residx].res_key))) != 0) {
8365				/*
8366				 * The current key passed in doesn't match
8367				 * the one the initiator previously
8368				 * registered.
8369				 */
8370				mtx_unlock(&lun->lun_lock);
8371				free(ctsio->kern_data_ptr, M_CTL);
8372				ctl_set_reservation_conflict(ctsio);
8373				ctl_done((union ctl_io *)ctsio);
8374				return (CTL_RETVAL_COMPLETE);
8375			}
8376		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8377			/*
8378			 * We are not registered
8379			 */
8380			mtx_unlock(&lun->lun_lock);
8381			free(ctsio->kern_data_ptr, M_CTL);
8382			ctl_set_reservation_conflict(ctsio);
8383			ctl_done((union ctl_io *)ctsio);
8384			return (CTL_RETVAL_COMPLETE);
8385		} else if (res_key != 0) {
8386			/*
8387			 * We are not registered and trying to register but
8388			 * the register key isn't zero.
8389			 */
8390			mtx_unlock(&lun->lun_lock);
8391			free(ctsio->kern_data_ptr, M_CTL);
8392			ctl_set_reservation_conflict(ctsio);
8393			ctl_done((union ctl_io *)ctsio);
8394			return (CTL_RETVAL_COMPLETE);
8395		}
8396		mtx_unlock(&lun->lun_lock);
8397	}
8398
8399	switch (cdb->action & SPRO_ACTION_MASK) {
8400	case SPRO_REGISTER:
8401	case SPRO_REG_IGNO: {
8402
8403#if 0
8404		printf("Registration received\n");
8405#endif
8406
8407		/*
8408		 * We don't support any of these options, as we report in
8409		 * the read capabilities request (see
8410		 * ctl_persistent_reserve_in(), above).
8411		 */
8412		if ((param->flags & SPR_SPEC_I_PT)
8413		 || (param->flags & SPR_ALL_TG_PT)
8414		 || (param->flags & SPR_APTPL)) {
8415			int bit_ptr;
8416
8417			if (param->flags & SPR_APTPL)
8418				bit_ptr = 0;
8419			else if (param->flags & SPR_ALL_TG_PT)
8420				bit_ptr = 2;
8421			else /* SPR_SPEC_I_PT */
8422				bit_ptr = 3;
8423
8424			free(ctsio->kern_data_ptr, M_CTL);
8425			ctl_set_invalid_field(ctsio,
8426					      /*sks_valid*/ 1,
8427					      /*command*/ 0,
8428					      /*field*/ 20,
8429					      /*bit_valid*/ 1,
8430					      /*bit*/ bit_ptr);
8431			ctl_done((union ctl_io *)ctsio);
8432			return (CTL_RETVAL_COMPLETE);
8433		}
8434
8435		mtx_lock(&lun->lun_lock);
8436
8437		/*
8438		 * The initiator wants to clear the
8439		 * key/unregister.
8440		 */
8441		if (sa_res_key == 0) {
8442			if ((res_key == 0
8443			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8444			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8445			  && !lun->per_res[residx].registered)) {
8446				mtx_unlock(&lun->lun_lock);
8447				goto done;
8448			}
8449
8450			lun->per_res[residx].registered = 0;
8451			memset(&lun->per_res[residx].res_key,
8452			       0, sizeof(lun->per_res[residx].res_key));
8453			lun->pr_key_count--;
8454
8455			if (residx == lun->pr_res_idx) {
8456				lun->flags &= ~CTL_LUN_PR_RESERVED;
8457				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8458
8459				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8460				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8461				 && lun->pr_key_count) {
8462					/*
8463					 * If the reservation is a registrants
8464					 * only type we need to generate a UA
8465					 * for other registered inits.  The
8466					 * sense code should be RESERVATIONS
8467					 * RELEASED
8468					 */
8469
8470					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8471						if (lun->per_res[
8472						    i+persis_offset].registered
8473						    == 0)
8474							continue;
8475						lun->pending_sense[i
8476							].ua_pending |=
8477							CTL_UA_RES_RELEASE;
8478					}
8479				}
8480				lun->res_type = 0;
8481			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8482				if (lun->pr_key_count==0) {
8483					lun->flags &= ~CTL_LUN_PR_RESERVED;
8484					lun->res_type = 0;
8485					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8486				}
8487			}
8488			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8489			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8490			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8491			persis_io.pr.pr_info.residx = residx;
8492			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8493			     &persis_io, sizeof(persis_io), 0 )) >
8494			     CTL_HA_STATUS_SUCCESS) {
8495				printf("CTL:Persis Out error returned from "
8496				       "ctl_ha_msg_send %d\n", isc_retval);
8497			}
8498		} else /* sa_res_key != 0 */ {
8499
8500			/*
8501			 * If we aren't registered currently then increment
8502			 * the key count and set the registered flag.
8503			 */
8504			if (!lun->per_res[residx].registered) {
8505				lun->pr_key_count++;
8506				lun->per_res[residx].registered = 1;
8507			}
8508
8509			memcpy(&lun->per_res[residx].res_key,
8510			       param->serv_act_res_key,
8511			       ctl_min(sizeof(param->serv_act_res_key),
8512			       sizeof(lun->per_res[residx].res_key)));
8513
8514			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8515			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8516			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8517			persis_io.pr.pr_info.residx = residx;
8518			memcpy(persis_io.pr.pr_info.sa_res_key,
8519			       param->serv_act_res_key,
8520			       sizeof(param->serv_act_res_key));
8521			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8522			     &persis_io, sizeof(persis_io), 0)) >
8523			     CTL_HA_STATUS_SUCCESS) {
8524				printf("CTL:Persis Out error returned from "
8525				       "ctl_ha_msg_send %d\n", isc_retval);
8526			}
8527		}
8528		lun->PRGeneration++;
8529		mtx_unlock(&lun->lun_lock);
8530
8531		break;
8532	}
8533	case SPRO_RESERVE:
8534#if 0
8535                printf("Reserve executed type %d\n", type);
8536#endif
8537		mtx_lock(&lun->lun_lock);
8538		if (lun->flags & CTL_LUN_PR_RESERVED) {
8539			/*
8540			 * if this isn't the reservation holder and it's
8541			 * not a "all registrants" type or if the type is
8542			 * different then we have a conflict
8543			 */
8544			if ((lun->pr_res_idx != residx
8545			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8546			 || lun->res_type != type) {
8547				mtx_unlock(&lun->lun_lock);
8548				free(ctsio->kern_data_ptr, M_CTL);
8549				ctl_set_reservation_conflict(ctsio);
8550				ctl_done((union ctl_io *)ctsio);
8551				return (CTL_RETVAL_COMPLETE);
8552			}
8553			mtx_unlock(&lun->lun_lock);
8554		} else /* create a reservation */ {
8555			/*
8556			 * If it's not an "all registrants" type record
8557			 * reservation holder
8558			 */
8559			if (type != SPR_TYPE_WR_EX_AR
8560			 && type != SPR_TYPE_EX_AC_AR)
8561				lun->pr_res_idx = residx; /* Res holder */
8562			else
8563				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8564
8565			lun->flags |= CTL_LUN_PR_RESERVED;
8566			lun->res_type = type;
8567
8568			mtx_unlock(&lun->lun_lock);
8569
8570			/* send msg to other side */
8571			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8572			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8573			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8574			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8575			persis_io.pr.pr_info.res_type = type;
8576			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8577			     &persis_io, sizeof(persis_io), 0)) >
8578			     CTL_HA_STATUS_SUCCESS) {
8579				printf("CTL:Persis Out error returned from "
8580				       "ctl_ha_msg_send %d\n", isc_retval);
8581			}
8582		}
8583		break;
8584
8585	case SPRO_RELEASE:
8586		mtx_lock(&lun->lun_lock);
8587		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8588			/* No reservation exists return good status */
8589			mtx_unlock(&lun->lun_lock);
8590			goto done;
8591		}
8592		/*
8593		 * Is this nexus a reservation holder?
8594		 */
8595		if (lun->pr_res_idx != residx
8596		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8597			/*
8598			 * not a res holder return good status but
8599			 * do nothing
8600			 */
8601			mtx_unlock(&lun->lun_lock);
8602			goto done;
8603		}
8604
8605		if (lun->res_type != type) {
8606			mtx_unlock(&lun->lun_lock);
8607			free(ctsio->kern_data_ptr, M_CTL);
8608			ctl_set_illegal_pr_release(ctsio);
8609			ctl_done((union ctl_io *)ctsio);
8610			return (CTL_RETVAL_COMPLETE);
8611		}
8612
8613		/* okay to release */
8614		lun->flags &= ~CTL_LUN_PR_RESERVED;
8615		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8616		lun->res_type = 0;
8617
8618		/*
8619		 * if this isn't an exclusive access
8620		 * res generate UA for all other
8621		 * registrants.
8622		 */
8623		if (type != SPR_TYPE_EX_AC
8624		 && type != SPR_TYPE_WR_EX) {
8625			/*
8626			 * temporarily unregister so we don't generate UA
8627			 */
8628			lun->per_res[residx].registered = 0;
8629
8630			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8631				if (lun->per_res[i+persis_offset].registered
8632				    == 0)
8633					continue;
8634				lun->pending_sense[i].ua_pending |=
8635					CTL_UA_RES_RELEASE;
8636			}
8637
8638			lun->per_res[residx].registered = 1;
8639		}
8640		mtx_unlock(&lun->lun_lock);
8641		/* Send msg to other side */
8642		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8643		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8644		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8645		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8646		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8647			printf("CTL:Persis Out error returned from "
8648			       "ctl_ha_msg_send %d\n", isc_retval);
8649		}
8650		break;
8651
8652	case SPRO_CLEAR:
8653		/* send msg to other side */
8654
8655		mtx_lock(&lun->lun_lock);
8656		lun->flags &= ~CTL_LUN_PR_RESERVED;
8657		lun->res_type = 0;
8658		lun->pr_key_count = 0;
8659		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8660
8661
8662		memset(&lun->per_res[residx].res_key,
8663		       0, sizeof(lun->per_res[residx].res_key));
8664		lun->per_res[residx].registered = 0;
8665
8666		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8667			if (lun->per_res[i].registered) {
8668				if (!persis_offset && i < CTL_MAX_INITIATORS)
8669					lun->pending_sense[i].ua_pending |=
8670						CTL_UA_RES_PREEMPT;
8671				else if (persis_offset && i >= persis_offset)
8672					lun->pending_sense[i-persis_offset
8673					    ].ua_pending |= CTL_UA_RES_PREEMPT;
8674
8675				memset(&lun->per_res[i].res_key,
8676				       0, sizeof(struct scsi_per_res_key));
8677				lun->per_res[i].registered = 0;
8678			}
8679		lun->PRGeneration++;
8680		mtx_unlock(&lun->lun_lock);
8681		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8682		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8683		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8684		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8685		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8686			printf("CTL:Persis Out error returned from "
8687			       "ctl_ha_msg_send %d\n", isc_retval);
8688		}
8689		break;
8690
8691	case SPRO_PREEMPT: {
8692		int nretval;
8693
8694		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8695					  residx, ctsio, cdb, param);
8696		if (nretval != 0)
8697			return (CTL_RETVAL_COMPLETE);
8698		break;
8699	}
8700	default:
8701		panic("Invalid PR type %x", cdb->action);
8702	}
8703
8704done:
8705	free(ctsio->kern_data_ptr, M_CTL);
8706	ctl_set_success(ctsio);
8707	ctl_done((union ctl_io *)ctsio);
8708
8709	return (retval);
8710}
8711
8712/*
8713 * This routine is for handling a message from the other SC pertaining to
8714 * persistent reserve out. All the error checking will have been done
8715 * so only perorming the action need be done here to keep the two
8716 * in sync.
8717 */
8718static void
8719ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8720{
8721	struct ctl_lun *lun;
8722	struct ctl_softc *softc;
8723	int i;
8724	uint32_t targ_lun;
8725
8726	softc = control_softc;
8727
8728	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8729	lun = softc->ctl_luns[targ_lun];
8730	mtx_lock(&lun->lun_lock);
8731	switch(msg->pr.pr_info.action) {
8732	case CTL_PR_REG_KEY:
8733		if (!lun->per_res[msg->pr.pr_info.residx].registered) {
8734			lun->per_res[msg->pr.pr_info.residx].registered = 1;
8735			lun->pr_key_count++;
8736		}
8737		lun->PRGeneration++;
8738		memcpy(&lun->per_res[msg->pr.pr_info.residx].res_key,
8739		       msg->pr.pr_info.sa_res_key,
8740		       sizeof(struct scsi_per_res_key));
8741		break;
8742
8743	case CTL_PR_UNREG_KEY:
8744		lun->per_res[msg->pr.pr_info.residx].registered = 0;
8745		memset(&lun->per_res[msg->pr.pr_info.residx].res_key,
8746		       0, sizeof(struct scsi_per_res_key));
8747		lun->pr_key_count--;
8748
8749		/* XXX Need to see if the reservation has been released */
8750		/* if so do we need to generate UA? */
8751		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8752			lun->flags &= ~CTL_LUN_PR_RESERVED;
8753			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8754
8755			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8756			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8757			 && lun->pr_key_count) {
8758				/*
8759				 * If the reservation is a registrants
8760				 * only type we need to generate a UA
8761				 * for other registered inits.  The
8762				 * sense code should be RESERVATIONS
8763				 * RELEASED
8764				 */
8765
8766				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8767					if (lun->per_res[i+
8768					    persis_offset].registered == 0)
8769						continue;
8770
8771					lun->pending_sense[i
8772						].ua_pending |=
8773						CTL_UA_RES_RELEASE;
8774				}
8775			}
8776			lun->res_type = 0;
8777		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8778			if (lun->pr_key_count==0) {
8779				lun->flags &= ~CTL_LUN_PR_RESERVED;
8780				lun->res_type = 0;
8781				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8782			}
8783		}
8784		lun->PRGeneration++;
8785		break;
8786
8787	case CTL_PR_RESERVE:
8788		lun->flags |= CTL_LUN_PR_RESERVED;
8789		lun->res_type = msg->pr.pr_info.res_type;
8790		lun->pr_res_idx = msg->pr.pr_info.residx;
8791
8792		break;
8793
8794	case CTL_PR_RELEASE:
8795		/*
8796		 * if this isn't an exclusive access res generate UA for all
8797		 * other registrants.
8798		 */
8799		if (lun->res_type != SPR_TYPE_EX_AC
8800		 && lun->res_type != SPR_TYPE_WR_EX) {
8801			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8802				if (lun->per_res[i+persis_offset].registered)
8803					lun->pending_sense[i].ua_pending |=
8804						CTL_UA_RES_RELEASE;
8805		}
8806
8807		lun->flags &= ~CTL_LUN_PR_RESERVED;
8808		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8809		lun->res_type = 0;
8810		break;
8811
8812	case CTL_PR_PREEMPT:
8813		ctl_pro_preempt_other(lun, msg);
8814		break;
8815	case CTL_PR_CLEAR:
8816		lun->flags &= ~CTL_LUN_PR_RESERVED;
8817		lun->res_type = 0;
8818		lun->pr_key_count = 0;
8819		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8820
8821		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8822			if (lun->per_res[i].registered == 0)
8823				continue;
8824			if (!persis_offset
8825			 && i < CTL_MAX_INITIATORS)
8826				lun->pending_sense[i].ua_pending |=
8827					CTL_UA_RES_PREEMPT;
8828			else if (persis_offset
8829			      && i >= persis_offset)
8830   				lun->pending_sense[i-persis_offset].ua_pending|=
8831					CTL_UA_RES_PREEMPT;
8832			memset(&lun->per_res[i].res_key, 0,
8833			       sizeof(struct scsi_per_res_key));
8834			lun->per_res[i].registered = 0;
8835		}
8836		lun->PRGeneration++;
8837		break;
8838	}
8839
8840	mtx_unlock(&lun->lun_lock);
8841}
8842
8843int
8844ctl_read_write(struct ctl_scsiio *ctsio)
8845{
8846	struct ctl_lun *lun;
8847	struct ctl_lba_len_flags *lbalen;
8848	uint64_t lba;
8849	uint32_t num_blocks;
8850	int fua, dpo;
8851	int retval;
8852	int isread;
8853
8854	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8855
8856	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8857
8858	fua = 0;
8859	dpo = 0;
8860
8861	retval = CTL_RETVAL_COMPLETE;
8862
8863	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8864	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8865	if (lun->flags & CTL_LUN_PR_RESERVED && isread) {
8866		uint32_t residx;
8867
8868		/*
8869		 * XXX KDM need a lock here.
8870		 */
8871		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8872		if ((lun->res_type == SPR_TYPE_EX_AC
8873		  && residx != lun->pr_res_idx)
8874		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
8875		   || lun->res_type == SPR_TYPE_EX_AC_AR)
8876		  && !lun->per_res[residx].registered)) {
8877			ctl_set_reservation_conflict(ctsio);
8878			ctl_done((union ctl_io *)ctsio);
8879			return (CTL_RETVAL_COMPLETE);
8880	        }
8881	}
8882
8883	switch (ctsio->cdb[0]) {
8884	case READ_6:
8885	case WRITE_6: {
8886		struct scsi_rw_6 *cdb;
8887
8888		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8889
8890		lba = scsi_3btoul(cdb->addr);
8891		/* only 5 bits are valid in the most significant address byte */
8892		lba &= 0x1fffff;
8893		num_blocks = cdb->length;
8894		/*
8895		 * This is correct according to SBC-2.
8896		 */
8897		if (num_blocks == 0)
8898			num_blocks = 256;
8899		break;
8900	}
8901	case READ_10:
8902	case WRITE_10: {
8903		struct scsi_rw_10 *cdb;
8904
8905		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8906
8907		if (cdb->byte2 & SRW10_FUA)
8908			fua = 1;
8909		if (cdb->byte2 & SRW10_DPO)
8910			dpo = 1;
8911
8912		lba = scsi_4btoul(cdb->addr);
8913		num_blocks = scsi_2btoul(cdb->length);
8914		break;
8915	}
8916	case WRITE_VERIFY_10: {
8917		struct scsi_write_verify_10 *cdb;
8918
8919		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8920
8921		/*
8922		 * XXX KDM we should do actual write verify support at some
8923		 * point.  This is obviously fake, we're just translating
8924		 * things to a write.  So we don't even bother checking the
8925		 * BYTCHK field, since we don't do any verification.  If
8926		 * the user asks for it, we'll just pretend we did it.
8927		 */
8928		if (cdb->byte2 & SWV_DPO)
8929			dpo = 1;
8930
8931		lba = scsi_4btoul(cdb->addr);
8932		num_blocks = scsi_2btoul(cdb->length);
8933		break;
8934	}
8935	case READ_12:
8936	case WRITE_12: {
8937		struct scsi_rw_12 *cdb;
8938
8939		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8940
8941		if (cdb->byte2 & SRW12_FUA)
8942			fua = 1;
8943		if (cdb->byte2 & SRW12_DPO)
8944			dpo = 1;
8945		lba = scsi_4btoul(cdb->addr);
8946		num_blocks = scsi_4btoul(cdb->length);
8947		break;
8948	}
8949	case WRITE_VERIFY_12: {
8950		struct scsi_write_verify_12 *cdb;
8951
8952		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8953
8954		if (cdb->byte2 & SWV_DPO)
8955			dpo = 1;
8956
8957		lba = scsi_4btoul(cdb->addr);
8958		num_blocks = scsi_4btoul(cdb->length);
8959
8960		break;
8961	}
8962	case READ_16:
8963	case WRITE_16: {
8964		struct scsi_rw_16 *cdb;
8965
8966		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8967
8968		if (cdb->byte2 & SRW12_FUA)
8969			fua = 1;
8970		if (cdb->byte2 & SRW12_DPO)
8971			dpo = 1;
8972
8973		lba = scsi_8btou64(cdb->addr);
8974		num_blocks = scsi_4btoul(cdb->length);
8975		break;
8976	}
8977	case WRITE_VERIFY_16: {
8978		struct scsi_write_verify_16 *cdb;
8979
8980		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8981
8982		if (cdb->byte2 & SWV_DPO)
8983			dpo = 1;
8984
8985		lba = scsi_8btou64(cdb->addr);
8986		num_blocks = scsi_4btoul(cdb->length);
8987		break;
8988	}
8989	default:
8990		/*
8991		 * We got a command we don't support.  This shouldn't
8992		 * happen, commands should be filtered out above us.
8993		 */
8994		ctl_set_invalid_opcode(ctsio);
8995		ctl_done((union ctl_io *)ctsio);
8996
8997		return (CTL_RETVAL_COMPLETE);
8998		break; /* NOTREACHED */
8999	}
9000
9001	/*
9002	 * XXX KDM what do we do with the DPO and FUA bits?  FUA might be
9003	 * interesting for us, but if RAIDCore is in write-back mode,
9004	 * getting it to do write-through for a particular transaction may
9005	 * not be possible.
9006	 */
9007
9008	/*
9009	 * The first check is to make sure we're in bounds, the second
9010	 * check is to catch wrap-around problems.  If the lba + num blocks
9011	 * is less than the lba, then we've wrapped around and the block
9012	 * range is invalid anyway.
9013	 */
9014	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9015	 || ((lba + num_blocks) < lba)) {
9016		ctl_set_lba_out_of_range(ctsio);
9017		ctl_done((union ctl_io *)ctsio);
9018		return (CTL_RETVAL_COMPLETE);
9019	}
9020
9021	/*
9022	 * According to SBC-3, a transfer length of 0 is not an error.
9023	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9024	 * translates to 256 blocks for those commands.
9025	 */
9026	if (num_blocks == 0) {
9027		ctl_set_success(ctsio);
9028		ctl_done((union ctl_io *)ctsio);
9029		return (CTL_RETVAL_COMPLETE);
9030	}
9031
9032	lbalen = (struct ctl_lba_len_flags *)
9033	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9034	lbalen->lba = lba;
9035	lbalen->len = num_blocks;
9036	lbalen->flags = isread ? CTL_LLF_READ : CTL_LLF_WRITE;
9037
9038	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9039	ctsio->kern_rel_offset = 0;
9040
9041	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9042
9043	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9044
9045	return (retval);
9046}
9047
9048static int
9049ctl_cnw_cont(union ctl_io *io)
9050{
9051	struct ctl_scsiio *ctsio;
9052	struct ctl_lun *lun;
9053	struct ctl_lba_len_flags *lbalen;
9054	int retval;
9055
9056	ctsio = &io->scsiio;
9057	ctsio->io_hdr.status = CTL_STATUS_NONE;
9058	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9059	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9060	lbalen = (struct ctl_lba_len_flags *)
9061	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9062	lbalen->flags = CTL_LLF_WRITE;
9063
9064	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9065	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9066	return (retval);
9067}
9068
9069int
9070ctl_cnw(struct ctl_scsiio *ctsio)
9071{
9072	struct ctl_lun *lun;
9073	struct ctl_lba_len_flags *lbalen;
9074	uint64_t lba;
9075	uint32_t num_blocks;
9076	int fua, dpo;
9077	int retval;
9078
9079	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9080
9081	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9082
9083	fua = 0;
9084	dpo = 0;
9085
9086	retval = CTL_RETVAL_COMPLETE;
9087
9088	switch (ctsio->cdb[0]) {
9089	case COMPARE_AND_WRITE: {
9090		struct scsi_compare_and_write *cdb;
9091
9092		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9093
9094		if (cdb->byte2 & SRW10_FUA)
9095			fua = 1;
9096		if (cdb->byte2 & SRW10_DPO)
9097			dpo = 1;
9098		lba = scsi_8btou64(cdb->addr);
9099		num_blocks = cdb->length;
9100		break;
9101	}
9102	default:
9103		/*
9104		 * We got a command we don't support.  This shouldn't
9105		 * happen, commands should be filtered out above us.
9106		 */
9107		ctl_set_invalid_opcode(ctsio);
9108		ctl_done((union ctl_io *)ctsio);
9109
9110		return (CTL_RETVAL_COMPLETE);
9111		break; /* NOTREACHED */
9112	}
9113
9114	/*
9115	 * XXX KDM what do we do with the DPO and FUA bits?  FUA might be
9116	 * interesting for us, but if RAIDCore is in write-back mode,
9117	 * getting it to do write-through for a particular transaction may
9118	 * not be possible.
9119	 */
9120
9121	/*
9122	 * The first check is to make sure we're in bounds, the second
9123	 * check is to catch wrap-around problems.  If the lba + num blocks
9124	 * is less than the lba, then we've wrapped around and the block
9125	 * range is invalid anyway.
9126	 */
9127	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9128	 || ((lba + num_blocks) < lba)) {
9129		ctl_set_lba_out_of_range(ctsio);
9130		ctl_done((union ctl_io *)ctsio);
9131		return (CTL_RETVAL_COMPLETE);
9132	}
9133
9134	/*
9135	 * According to SBC-3, a transfer length of 0 is not an error.
9136	 */
9137	if (num_blocks == 0) {
9138		ctl_set_success(ctsio);
9139		ctl_done((union ctl_io *)ctsio);
9140		return (CTL_RETVAL_COMPLETE);
9141	}
9142
9143	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9144	ctsio->kern_rel_offset = 0;
9145
9146	/*
9147	 * Set the IO_CONT flag, so that if this I/O gets passed to
9148	 * ctl_data_submit_done(), it'll get passed back to
9149	 * ctl_ctl_cnw_cont() for further processing.
9150	 */
9151	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9152	ctsio->io_cont = ctl_cnw_cont;
9153
9154	lbalen = (struct ctl_lba_len_flags *)
9155	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9156	lbalen->lba = lba;
9157	lbalen->len = num_blocks;
9158	lbalen->flags = CTL_LLF_COMPARE;
9159
9160	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9161	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9162	return (retval);
9163}
9164
9165int
9166ctl_verify(struct ctl_scsiio *ctsio)
9167{
9168	struct ctl_lun *lun;
9169	struct ctl_lba_len_flags *lbalen;
9170	uint64_t lba;
9171	uint32_t num_blocks;
9172	int bytchk, dpo;
9173	int retval;
9174
9175	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9176
9177	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9178
9179	bytchk = 0;
9180	dpo = 0;
9181	retval = CTL_RETVAL_COMPLETE;
9182
9183	switch (ctsio->cdb[0]) {
9184	case VERIFY_10: {
9185		struct scsi_verify_10 *cdb;
9186
9187		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9188		if (cdb->byte2 & SVFY_BYTCHK)
9189			bytchk = 1;
9190		if (cdb->byte2 & SVFY_DPO)
9191			dpo = 1;
9192		lba = scsi_4btoul(cdb->addr);
9193		num_blocks = scsi_2btoul(cdb->length);
9194		break;
9195	}
9196	case VERIFY_12: {
9197		struct scsi_verify_12 *cdb;
9198
9199		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9200		if (cdb->byte2 & SVFY_BYTCHK)
9201			bytchk = 1;
9202		if (cdb->byte2 & SVFY_DPO)
9203			dpo = 1;
9204		lba = scsi_4btoul(cdb->addr);
9205		num_blocks = scsi_4btoul(cdb->length);
9206		break;
9207	}
9208	case VERIFY_16: {
9209		struct scsi_rw_16 *cdb;
9210
9211		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9212		if (cdb->byte2 & SVFY_BYTCHK)
9213			bytchk = 1;
9214		if (cdb->byte2 & SVFY_DPO)
9215			dpo = 1;
9216		lba = scsi_8btou64(cdb->addr);
9217		num_blocks = scsi_4btoul(cdb->length);
9218		break;
9219	}
9220	default:
9221		/*
9222		 * We got a command we don't support.  This shouldn't
9223		 * happen, commands should be filtered out above us.
9224		 */
9225		ctl_set_invalid_opcode(ctsio);
9226		ctl_done((union ctl_io *)ctsio);
9227		return (CTL_RETVAL_COMPLETE);
9228	}
9229
9230	/*
9231	 * The first check is to make sure we're in bounds, the second
9232	 * check is to catch wrap-around problems.  If the lba + num blocks
9233	 * is less than the lba, then we've wrapped around and the block
9234	 * range is invalid anyway.
9235	 */
9236	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9237	 || ((lba + num_blocks) < lba)) {
9238		ctl_set_lba_out_of_range(ctsio);
9239		ctl_done((union ctl_io *)ctsio);
9240		return (CTL_RETVAL_COMPLETE);
9241	}
9242
9243	/*
9244	 * According to SBC-3, a transfer length of 0 is not an error.
9245	 */
9246	if (num_blocks == 0) {
9247		ctl_set_success(ctsio);
9248		ctl_done((union ctl_io *)ctsio);
9249		return (CTL_RETVAL_COMPLETE);
9250	}
9251
9252	lbalen = (struct ctl_lba_len_flags *)
9253	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9254	lbalen->lba = lba;
9255	lbalen->len = num_blocks;
9256	if (bytchk) {
9257		lbalen->flags = CTL_LLF_COMPARE;
9258		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9259	} else {
9260		lbalen->flags = CTL_LLF_VERIFY;
9261		ctsio->kern_total_len = 0;
9262	}
9263	ctsio->kern_rel_offset = 0;
9264
9265	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9266	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9267	return (retval);
9268}
9269
9270int
9271ctl_report_luns(struct ctl_scsiio *ctsio)
9272{
9273	struct scsi_report_luns *cdb;
9274	struct scsi_report_luns_data *lun_data;
9275	struct ctl_lun *lun, *request_lun;
9276	int num_luns, retval;
9277	uint32_t alloc_len, lun_datalen;
9278	int num_filled, well_known;
9279	uint32_t initidx, targ_lun_id, lun_id;
9280
9281	retval = CTL_RETVAL_COMPLETE;
9282	well_known = 0;
9283
9284	cdb = (struct scsi_report_luns *)ctsio->cdb;
9285
9286	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9287
9288	mtx_lock(&control_softc->ctl_lock);
9289	num_luns = control_softc->num_luns;
9290	mtx_unlock(&control_softc->ctl_lock);
9291
9292	switch (cdb->select_report) {
9293	case RPL_REPORT_DEFAULT:
9294	case RPL_REPORT_ALL:
9295		break;
9296	case RPL_REPORT_WELLKNOWN:
9297		well_known = 1;
9298		num_luns = 0;
9299		break;
9300	default:
9301		ctl_set_invalid_field(ctsio,
9302				      /*sks_valid*/ 1,
9303				      /*command*/ 1,
9304				      /*field*/ 2,
9305				      /*bit_valid*/ 0,
9306				      /*bit*/ 0);
9307		ctl_done((union ctl_io *)ctsio);
9308		return (retval);
9309		break; /* NOTREACHED */
9310	}
9311
9312	alloc_len = scsi_4btoul(cdb->length);
9313	/*
9314	 * The initiator has to allocate at least 16 bytes for this request,
9315	 * so he can at least get the header and the first LUN.  Otherwise
9316	 * we reject the request (per SPC-3 rev 14, section 6.21).
9317	 */
9318	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9319	    sizeof(struct scsi_report_luns_lundata))) {
9320		ctl_set_invalid_field(ctsio,
9321				      /*sks_valid*/ 1,
9322				      /*command*/ 1,
9323				      /*field*/ 6,
9324				      /*bit_valid*/ 0,
9325				      /*bit*/ 0);
9326		ctl_done((union ctl_io *)ctsio);
9327		return (retval);
9328	}
9329
9330	request_lun = (struct ctl_lun *)
9331		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9332
9333	lun_datalen = sizeof(*lun_data) +
9334		(num_luns * sizeof(struct scsi_report_luns_lundata));
9335
9336	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9337	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9338	ctsio->kern_sg_entries = 0;
9339
9340	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9341
9342	mtx_lock(&control_softc->ctl_lock);
9343	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9344		lun_id = ctl_map_lun(ctsio->io_hdr.nexus.targ_port, targ_lun_id);
9345		if (lun_id >= CTL_MAX_LUNS)
9346			continue;
9347		lun = control_softc->ctl_luns[lun_id];
9348		if (lun == NULL)
9349			continue;
9350
9351		if (targ_lun_id <= 0xff) {
9352			/*
9353			 * Peripheral addressing method, bus number 0.
9354			 */
9355			lun_data->luns[num_filled].lundata[0] =
9356				RPL_LUNDATA_ATYP_PERIPH;
9357			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9358			num_filled++;
9359		} else if (targ_lun_id <= 0x3fff) {
9360			/*
9361			 * Flat addressing method.
9362			 */
9363			lun_data->luns[num_filled].lundata[0] =
9364				RPL_LUNDATA_ATYP_FLAT |
9365				(targ_lun_id & RPL_LUNDATA_FLAT_LUN_MASK);
9366#ifdef OLDCTLHEADERS
9367				(SRLD_ADDR_FLAT << SRLD_ADDR_SHIFT) |
9368				(targ_lun_id & SRLD_BUS_LUN_MASK);
9369#endif
9370			lun_data->luns[num_filled].lundata[1] =
9371#ifdef OLDCTLHEADERS
9372				targ_lun_id >> SRLD_BUS_LUN_BITS;
9373#endif
9374				targ_lun_id >> RPL_LUNDATA_FLAT_LUN_BITS;
9375			num_filled++;
9376		} else {
9377			printf("ctl_report_luns: bogus LUN number %jd, "
9378			       "skipping\n", (intmax_t)targ_lun_id);
9379		}
9380		/*
9381		 * According to SPC-3, rev 14 section 6.21:
9382		 *
9383		 * "The execution of a REPORT LUNS command to any valid and
9384		 * installed logical unit shall clear the REPORTED LUNS DATA
9385		 * HAS CHANGED unit attention condition for all logical
9386		 * units of that target with respect to the requesting
9387		 * initiator. A valid and installed logical unit is one
9388		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9389		 * INQUIRY data (see 6.4.2)."
9390		 *
9391		 * If request_lun is NULL, the LUN this report luns command
9392		 * was issued to is either disabled or doesn't exist. In that
9393		 * case, we shouldn't clear any pending lun change unit
9394		 * attention.
9395		 */
9396		if (request_lun != NULL) {
9397			mtx_lock(&lun->lun_lock);
9398			lun->pending_sense[initidx].ua_pending &=
9399				~CTL_UA_LUN_CHANGE;
9400			mtx_unlock(&lun->lun_lock);
9401		}
9402	}
9403	mtx_unlock(&control_softc->ctl_lock);
9404
9405	/*
9406	 * It's quite possible that we've returned fewer LUNs than we allocated
9407	 * space for.  Trim it.
9408	 */
9409	lun_datalen = sizeof(*lun_data) +
9410		(num_filled * sizeof(struct scsi_report_luns_lundata));
9411
9412	if (lun_datalen < alloc_len) {
9413		ctsio->residual = alloc_len - lun_datalen;
9414		ctsio->kern_data_len = lun_datalen;
9415		ctsio->kern_total_len = lun_datalen;
9416	} else {
9417		ctsio->residual = 0;
9418		ctsio->kern_data_len = alloc_len;
9419		ctsio->kern_total_len = alloc_len;
9420	}
9421	ctsio->kern_data_resid = 0;
9422	ctsio->kern_rel_offset = 0;
9423	ctsio->kern_sg_entries = 0;
9424
9425	/*
9426	 * We set this to the actual data length, regardless of how much
9427	 * space we actually have to return results.  If the user looks at
9428	 * this value, he'll know whether or not he allocated enough space
9429	 * and reissue the command if necessary.  We don't support well
9430	 * known logical units, so if the user asks for that, return none.
9431	 */
9432	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9433
9434	/*
9435	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9436	 * this request.
9437	 */
9438	ctsio->scsi_status = SCSI_STATUS_OK;
9439
9440	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9441	ctsio->be_move_done = ctl_config_move_done;
9442	ctl_datamove((union ctl_io *)ctsio);
9443
9444	return (retval);
9445}
9446
9447int
9448ctl_request_sense(struct ctl_scsiio *ctsio)
9449{
9450	struct scsi_request_sense *cdb;
9451	struct scsi_sense_data *sense_ptr;
9452	struct ctl_lun *lun;
9453	uint32_t initidx;
9454	int have_error;
9455	scsi_sense_data_type sense_format;
9456
9457	cdb = (struct scsi_request_sense *)ctsio->cdb;
9458
9459	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9460
9461	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9462
9463	/*
9464	 * Determine which sense format the user wants.
9465	 */
9466	if (cdb->byte2 & SRS_DESC)
9467		sense_format = SSD_TYPE_DESC;
9468	else
9469		sense_format = SSD_TYPE_FIXED;
9470
9471	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9472	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9473	ctsio->kern_sg_entries = 0;
9474
9475	/*
9476	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9477	 * larger than the largest allowed value for the length field in the
9478	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9479	 */
9480	ctsio->residual = 0;
9481	ctsio->kern_data_len = cdb->length;
9482	ctsio->kern_total_len = cdb->length;
9483
9484	ctsio->kern_data_resid = 0;
9485	ctsio->kern_rel_offset = 0;
9486	ctsio->kern_sg_entries = 0;
9487
9488	/*
9489	 * If we don't have a LUN, we don't have any pending sense.
9490	 */
9491	if (lun == NULL)
9492		goto no_sense;
9493
9494	have_error = 0;
9495	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9496	/*
9497	 * Check for pending sense, and then for pending unit attentions.
9498	 * Pending sense gets returned first, then pending unit attentions.
9499	 */
9500	mtx_lock(&lun->lun_lock);
9501	if (ctl_is_set(lun->have_ca, initidx)) {
9502		scsi_sense_data_type stored_format;
9503
9504		/*
9505		 * Check to see which sense format was used for the stored
9506		 * sense data.
9507		 */
9508		stored_format = scsi_sense_type(
9509		    &lun->pending_sense[initidx].sense);
9510
9511		/*
9512		 * If the user requested a different sense format than the
9513		 * one we stored, then we need to convert it to the other
9514		 * format.  If we're going from descriptor to fixed format
9515		 * sense data, we may lose things in translation, depending
9516		 * on what options were used.
9517		 *
9518		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9519		 * for some reason we'll just copy it out as-is.
9520		 */
9521		if ((stored_format == SSD_TYPE_FIXED)
9522		 && (sense_format == SSD_TYPE_DESC))
9523			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9524			    &lun->pending_sense[initidx].sense,
9525			    (struct scsi_sense_data_desc *)sense_ptr);
9526		else if ((stored_format == SSD_TYPE_DESC)
9527		      && (sense_format == SSD_TYPE_FIXED))
9528			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9529			    &lun->pending_sense[initidx].sense,
9530			    (struct scsi_sense_data_fixed *)sense_ptr);
9531		else
9532			memcpy(sense_ptr, &lun->pending_sense[initidx].sense,
9533			       ctl_min(sizeof(*sense_ptr),
9534			       sizeof(lun->pending_sense[initidx].sense)));
9535
9536		ctl_clear_mask(lun->have_ca, initidx);
9537		have_error = 1;
9538	} else if (lun->pending_sense[initidx].ua_pending != CTL_UA_NONE) {
9539		ctl_ua_type ua_type;
9540
9541		ua_type = ctl_build_ua(lun->pending_sense[initidx].ua_pending,
9542				       sense_ptr, sense_format);
9543		if (ua_type != CTL_UA_NONE) {
9544			have_error = 1;
9545			/* We're reporting this UA, so clear it */
9546			lun->pending_sense[initidx].ua_pending &= ~ua_type;
9547		}
9548	}
9549	mtx_unlock(&lun->lun_lock);
9550
9551	/*
9552	 * We already have a pending error, return it.
9553	 */
9554	if (have_error != 0) {
9555		/*
9556		 * We report the SCSI status as OK, since the status of the
9557		 * request sense command itself is OK.
9558		 */
9559		ctsio->scsi_status = SCSI_STATUS_OK;
9560
9561		/*
9562		 * We report 0 for the sense length, because we aren't doing
9563		 * autosense in this case.  We're reporting sense as
9564		 * parameter data.
9565		 */
9566		ctsio->sense_len = 0;
9567		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9568		ctsio->be_move_done = ctl_config_move_done;
9569		ctl_datamove((union ctl_io *)ctsio);
9570
9571		return (CTL_RETVAL_COMPLETE);
9572	}
9573
9574no_sense:
9575
9576	/*
9577	 * No sense information to report, so we report that everything is
9578	 * okay.
9579	 */
9580	ctl_set_sense_data(sense_ptr,
9581			   lun,
9582			   sense_format,
9583			   /*current_error*/ 1,
9584			   /*sense_key*/ SSD_KEY_NO_SENSE,
9585			   /*asc*/ 0x00,
9586			   /*ascq*/ 0x00,
9587			   SSD_ELEM_NONE);
9588
9589	ctsio->scsi_status = SCSI_STATUS_OK;
9590
9591	/*
9592	 * We report 0 for the sense length, because we aren't doing
9593	 * autosense in this case.  We're reporting sense as parameter data.
9594	 */
9595	ctsio->sense_len = 0;
9596	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9597	ctsio->be_move_done = ctl_config_move_done;
9598	ctl_datamove((union ctl_io *)ctsio);
9599
9600	return (CTL_RETVAL_COMPLETE);
9601}
9602
9603int
9604ctl_tur(struct ctl_scsiio *ctsio)
9605{
9606	struct ctl_lun *lun;
9607
9608	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9609
9610	CTL_DEBUG_PRINT(("ctl_tur\n"));
9611
9612	if (lun == NULL)
9613		return (EINVAL);
9614
9615	ctsio->scsi_status = SCSI_STATUS_OK;
9616	ctsio->io_hdr.status = CTL_SUCCESS;
9617
9618	ctl_done((union ctl_io *)ctsio);
9619
9620	return (CTL_RETVAL_COMPLETE);
9621}
9622
9623#ifdef notyet
9624static int
9625ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9626{
9627
9628}
9629#endif
9630
9631static int
9632ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9633{
9634	struct scsi_vpd_supported_pages *pages;
9635	int sup_page_size;
9636	struct ctl_lun *lun;
9637
9638	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9639
9640	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9641	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9642	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9643	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9644	ctsio->kern_sg_entries = 0;
9645
9646	if (sup_page_size < alloc_len) {
9647		ctsio->residual = alloc_len - sup_page_size;
9648		ctsio->kern_data_len = sup_page_size;
9649		ctsio->kern_total_len = sup_page_size;
9650	} else {
9651		ctsio->residual = 0;
9652		ctsio->kern_data_len = alloc_len;
9653		ctsio->kern_total_len = alloc_len;
9654	}
9655	ctsio->kern_data_resid = 0;
9656	ctsio->kern_rel_offset = 0;
9657	ctsio->kern_sg_entries = 0;
9658
9659	/*
9660	 * The control device is always connected.  The disk device, on the
9661	 * other hand, may not be online all the time.  Need to change this
9662	 * to figure out whether the disk device is actually online or not.
9663	 */
9664	if (lun != NULL)
9665		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9666				lun->be_lun->lun_type;
9667	else
9668		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9669
9670	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
9671	/* Supported VPD pages */
9672	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
9673	/* Serial Number */
9674	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
9675	/* Device Identification */
9676	pages->page_list[2] = SVPD_DEVICE_ID;
9677	/* SCSI Ports */
9678	pages->page_list[3] = SVPD_SCSI_PORTS;
9679	/* Block limits */
9680	pages->page_list[4] = SVPD_BLOCK_LIMITS;
9681	/* Logical Block Provisioning */
9682	pages->page_list[5] = SVPD_LBP;
9683
9684	ctsio->scsi_status = SCSI_STATUS_OK;
9685
9686	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9687	ctsio->be_move_done = ctl_config_move_done;
9688	ctl_datamove((union ctl_io *)ctsio);
9689
9690	return (CTL_RETVAL_COMPLETE);
9691}
9692
9693static int
9694ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9695{
9696	struct scsi_vpd_unit_serial_number *sn_ptr;
9697	struct ctl_lun *lun;
9698
9699	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9700
9701	ctsio->kern_data_ptr = malloc(sizeof(*sn_ptr), M_CTL, M_WAITOK | M_ZERO);
9702	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9703	ctsio->kern_sg_entries = 0;
9704
9705	if (sizeof(*sn_ptr) < alloc_len) {
9706		ctsio->residual = alloc_len - sizeof(*sn_ptr);
9707		ctsio->kern_data_len = sizeof(*sn_ptr);
9708		ctsio->kern_total_len = sizeof(*sn_ptr);
9709	} else {
9710		ctsio->residual = 0;
9711		ctsio->kern_data_len = alloc_len;
9712		ctsio->kern_total_len = alloc_len;
9713	}
9714	ctsio->kern_data_resid = 0;
9715	ctsio->kern_rel_offset = 0;
9716	ctsio->kern_sg_entries = 0;
9717
9718	/*
9719	 * The control device is always connected.  The disk device, on the
9720	 * other hand, may not be online all the time.  Need to change this
9721	 * to figure out whether the disk device is actually online or not.
9722	 */
9723	if (lun != NULL)
9724		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9725				  lun->be_lun->lun_type;
9726	else
9727		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9728
9729	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9730	sn_ptr->length = ctl_min(sizeof(*sn_ptr) - 4, CTL_SN_LEN);
9731	/*
9732	 * If we don't have a LUN, we just leave the serial number as
9733	 * all spaces.
9734	 */
9735	memset(sn_ptr->serial_num, 0x20, sizeof(sn_ptr->serial_num));
9736	if (lun != NULL) {
9737		strncpy((char *)sn_ptr->serial_num,
9738			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9739	}
9740	ctsio->scsi_status = SCSI_STATUS_OK;
9741
9742	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9743	ctsio->be_move_done = ctl_config_move_done;
9744	ctl_datamove((union ctl_io *)ctsio);
9745
9746	return (CTL_RETVAL_COMPLETE);
9747}
9748
9749
9750static int
9751ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9752{
9753	struct scsi_vpd_device_id *devid_ptr;
9754	struct scsi_vpd_id_descriptor *desc;
9755	struct ctl_softc *ctl_softc;
9756	struct ctl_lun *lun;
9757	struct ctl_port *port;
9758	int data_len;
9759	uint8_t proto;
9760
9761	ctl_softc = control_softc;
9762
9763	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9764	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9765
9766	data_len = sizeof(struct scsi_vpd_device_id) +
9767	    sizeof(struct scsi_vpd_id_descriptor) +
9768		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9769	    sizeof(struct scsi_vpd_id_descriptor) +
9770		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9771	if (lun && lun->lun_devid)
9772		data_len += lun->lun_devid->len;
9773	if (port->port_devid)
9774		data_len += port->port_devid->len;
9775	if (port->target_devid)
9776		data_len += port->target_devid->len;
9777
9778	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9779	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9780	ctsio->kern_sg_entries = 0;
9781
9782	if (data_len < alloc_len) {
9783		ctsio->residual = alloc_len - data_len;
9784		ctsio->kern_data_len = data_len;
9785		ctsio->kern_total_len = data_len;
9786	} else {
9787		ctsio->residual = 0;
9788		ctsio->kern_data_len = alloc_len;
9789		ctsio->kern_total_len = alloc_len;
9790	}
9791	ctsio->kern_data_resid = 0;
9792	ctsio->kern_rel_offset = 0;
9793	ctsio->kern_sg_entries = 0;
9794
9795	/*
9796	 * The control device is always connected.  The disk device, on the
9797	 * other hand, may not be online all the time.
9798	 */
9799	if (lun != NULL)
9800		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9801				     lun->be_lun->lun_type;
9802	else
9803		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9804	devid_ptr->page_code = SVPD_DEVICE_ID;
9805	scsi_ulto2b(data_len - 4, devid_ptr->length);
9806
9807	if (port->port_type == CTL_PORT_FC)
9808		proto = SCSI_PROTO_FC << 4;
9809	else if (port->port_type == CTL_PORT_ISCSI)
9810		proto = SCSI_PROTO_ISCSI << 4;
9811	else
9812		proto = SCSI_PROTO_SPI << 4;
9813	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9814
9815	/*
9816	 * We're using a LUN association here.  i.e., this device ID is a
9817	 * per-LUN identifier.
9818	 */
9819	if (lun && lun->lun_devid) {
9820		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9821		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9822		    lun->lun_devid->len);
9823	}
9824
9825	/*
9826	 * This is for the WWPN which is a port association.
9827	 */
9828	if (port->port_devid) {
9829		memcpy(desc, port->port_devid->data, port->port_devid->len);
9830		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9831		    port->port_devid->len);
9832	}
9833
9834	/*
9835	 * This is for the Relative Target Port(type 4h) identifier
9836	 */
9837	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9838	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9839	    SVPD_ID_TYPE_RELTARG;
9840	desc->length = 4;
9841	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9842	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9843	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9844
9845	/*
9846	 * This is for the Target Port Group(type 5h) identifier
9847	 */
9848	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9849	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9850	    SVPD_ID_TYPE_TPORTGRP;
9851	desc->length = 4;
9852	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
9853	    &desc->identifier[2]);
9854	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9855	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9856
9857	/*
9858	 * This is for the Target identifier
9859	 */
9860	if (port->target_devid) {
9861		memcpy(desc, port->target_devid->data, port->target_devid->len);
9862	}
9863
9864	ctsio->scsi_status = SCSI_STATUS_OK;
9865	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9866	ctsio->be_move_done = ctl_config_move_done;
9867	ctl_datamove((union ctl_io *)ctsio);
9868
9869	return (CTL_RETVAL_COMPLETE);
9870}
9871
9872static int
9873ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9874{
9875	struct ctl_softc *softc = control_softc;
9876	struct scsi_vpd_scsi_ports *sp;
9877	struct scsi_vpd_port_designation *pd;
9878	struct scsi_vpd_port_designation_cont *pdc;
9879	struct ctl_lun *lun;
9880	struct ctl_port *port;
9881	int data_len, num_target_ports, id_len, g, pg, p;
9882	int num_target_port_groups, single;
9883
9884	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9885
9886	single = ctl_is_single;
9887	if (single)
9888		num_target_port_groups = 1;
9889	else
9890		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
9891	num_target_ports = 0;
9892	id_len = 0;
9893	mtx_lock(&softc->ctl_lock);
9894	STAILQ_FOREACH(port, &softc->port_list, links) {
9895		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9896			continue;
9897		if (ctl_map_lun_back(port->targ_port, lun->lun) >=
9898		    CTL_MAX_LUNS)
9899			continue;
9900		num_target_ports++;
9901		if (port->port_devid)
9902			id_len += port->port_devid->len;
9903	}
9904	mtx_unlock(&softc->ctl_lock);
9905
9906	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
9907	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9908	     sizeof(struct scsi_vpd_port_designation_cont)) + id_len;
9909	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9910	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9911	ctsio->kern_sg_entries = 0;
9912
9913	if (data_len < alloc_len) {
9914		ctsio->residual = alloc_len - data_len;
9915		ctsio->kern_data_len = data_len;
9916		ctsio->kern_total_len = data_len;
9917	} else {
9918		ctsio->residual = 0;
9919		ctsio->kern_data_len = alloc_len;
9920		ctsio->kern_total_len = alloc_len;
9921	}
9922	ctsio->kern_data_resid = 0;
9923	ctsio->kern_rel_offset = 0;
9924	ctsio->kern_sg_entries = 0;
9925
9926	/*
9927	 * The control device is always connected.  The disk device, on the
9928	 * other hand, may not be online all the time.  Need to change this
9929	 * to figure out whether the disk device is actually online or not.
9930	 */
9931	if (lun != NULL)
9932		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9933				  lun->be_lun->lun_type;
9934	else
9935		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9936
9937	sp->page_code = SVPD_SCSI_PORTS;
9938	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9939	    sp->page_length);
9940	pd = &sp->design[0];
9941
9942	mtx_lock(&softc->ctl_lock);
9943	if (softc->flags & CTL_FLAG_MASTER_SHELF)
9944		pg = 0;
9945	else
9946		pg = 1;
9947	for (g = 0; g < num_target_port_groups; g++) {
9948		STAILQ_FOREACH(port, &softc->port_list, links) {
9949			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9950				continue;
9951			if (ctl_map_lun_back(port->targ_port, lun->lun) >=
9952			    CTL_MAX_LUNS)
9953				continue;
9954			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
9955			scsi_ulto2b(p, pd->relative_port_id);
9956			scsi_ulto2b(0, pd->initiator_transportid_length);
9957			pdc = (struct scsi_vpd_port_designation_cont *)
9958			    &pd->initiator_transportid[0];
9959			if (port->port_devid && g == pg) {
9960				id_len = port->port_devid->len;
9961				scsi_ulto2b(port->port_devid->len,
9962				    pdc->target_port_descriptors_length);
9963				memcpy(pdc->target_port_descriptors,
9964				    port->port_devid->data, port->port_devid->len);
9965			} else {
9966				id_len = 0;
9967				scsi_ulto2b(0, pdc->target_port_descriptors_length);
9968			}
9969			pd = (struct scsi_vpd_port_designation *)
9970			    ((uint8_t *)pdc->target_port_descriptors + id_len);
9971		}
9972	}
9973	mtx_unlock(&softc->ctl_lock);
9974
9975	ctsio->scsi_status = SCSI_STATUS_OK;
9976	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9977	ctsio->be_move_done = ctl_config_move_done;
9978	ctl_datamove((union ctl_io *)ctsio);
9979
9980	return (CTL_RETVAL_COMPLETE);
9981}
9982
9983static int
9984ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9985{
9986	struct scsi_vpd_block_limits *bl_ptr;
9987	struct ctl_lun *lun;
9988	int bs;
9989
9990	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9991	bs = lun->be_lun->blocksize;
9992
9993	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9994	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9995	ctsio->kern_sg_entries = 0;
9996
9997	if (sizeof(*bl_ptr) < alloc_len) {
9998		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9999		ctsio->kern_data_len = sizeof(*bl_ptr);
10000		ctsio->kern_total_len = sizeof(*bl_ptr);
10001	} else {
10002		ctsio->residual = 0;
10003		ctsio->kern_data_len = alloc_len;
10004		ctsio->kern_total_len = alloc_len;
10005	}
10006	ctsio->kern_data_resid = 0;
10007	ctsio->kern_rel_offset = 0;
10008	ctsio->kern_sg_entries = 0;
10009
10010	/*
10011	 * The control device is always connected.  The disk device, on the
10012	 * other hand, may not be online all the time.  Need to change this
10013	 * to figure out whether the disk device is actually online or not.
10014	 */
10015	if (lun != NULL)
10016		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10017				  lun->be_lun->lun_type;
10018	else
10019		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10020
10021	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10022	scsi_ulto2b(sizeof(*bl_ptr), bl_ptr->page_length);
10023	bl_ptr->max_cmp_write_len = 0xff;
10024	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10025	scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
10026	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10027		scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10028		scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10029	}
10030	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10031
10032	ctsio->scsi_status = SCSI_STATUS_OK;
10033	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10034	ctsio->be_move_done = ctl_config_move_done;
10035	ctl_datamove((union ctl_io *)ctsio);
10036
10037	return (CTL_RETVAL_COMPLETE);
10038}
10039
10040static int
10041ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10042{
10043	struct scsi_vpd_logical_block_prov *lbp_ptr;
10044	struct ctl_lun *lun;
10045	int bs;
10046
10047	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10048	bs = lun->be_lun->blocksize;
10049
10050	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10051	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10052	ctsio->kern_sg_entries = 0;
10053
10054	if (sizeof(*lbp_ptr) < alloc_len) {
10055		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10056		ctsio->kern_data_len = sizeof(*lbp_ptr);
10057		ctsio->kern_total_len = sizeof(*lbp_ptr);
10058	} else {
10059		ctsio->residual = 0;
10060		ctsio->kern_data_len = alloc_len;
10061		ctsio->kern_total_len = alloc_len;
10062	}
10063	ctsio->kern_data_resid = 0;
10064	ctsio->kern_rel_offset = 0;
10065	ctsio->kern_sg_entries = 0;
10066
10067	/*
10068	 * The control device is always connected.  The disk device, on the
10069	 * other hand, may not be online all the time.  Need to change this
10070	 * to figure out whether the disk device is actually online or not.
10071	 */
10072	if (lun != NULL)
10073		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10074				  lun->be_lun->lun_type;
10075	else
10076		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10077
10078	lbp_ptr->page_code = SVPD_LBP;
10079	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
10080		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 | SVPD_LBP_WS10;
10081
10082	ctsio->scsi_status = SCSI_STATUS_OK;
10083	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10084	ctsio->be_move_done = ctl_config_move_done;
10085	ctl_datamove((union ctl_io *)ctsio);
10086
10087	return (CTL_RETVAL_COMPLETE);
10088}
10089
10090static int
10091ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10092{
10093	struct scsi_inquiry *cdb;
10094	struct ctl_lun *lun;
10095	int alloc_len, retval;
10096
10097	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10098	cdb = (struct scsi_inquiry *)ctsio->cdb;
10099
10100	retval = CTL_RETVAL_COMPLETE;
10101
10102	alloc_len = scsi_2btoul(cdb->length);
10103
10104	switch (cdb->page_code) {
10105	case SVPD_SUPPORTED_PAGES:
10106		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10107		break;
10108	case SVPD_UNIT_SERIAL_NUMBER:
10109		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10110		break;
10111	case SVPD_DEVICE_ID:
10112		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10113		break;
10114	case SVPD_SCSI_PORTS:
10115		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10116		break;
10117	case SVPD_BLOCK_LIMITS:
10118		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10119		break;
10120	case SVPD_LBP:
10121		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10122		break;
10123	default:
10124		ctl_set_invalid_field(ctsio,
10125				      /*sks_valid*/ 1,
10126				      /*command*/ 1,
10127				      /*field*/ 2,
10128				      /*bit_valid*/ 0,
10129				      /*bit*/ 0);
10130		ctl_done((union ctl_io *)ctsio);
10131		retval = CTL_RETVAL_COMPLETE;
10132		break;
10133	}
10134
10135	return (retval);
10136}
10137
10138static int
10139ctl_inquiry_std(struct ctl_scsiio *ctsio)
10140{
10141	struct scsi_inquiry_data *inq_ptr;
10142	struct scsi_inquiry *cdb;
10143	struct ctl_softc *ctl_softc;
10144	struct ctl_lun *lun;
10145	char *val;
10146	uint32_t alloc_len;
10147	int is_fc;
10148
10149	ctl_softc = control_softc;
10150
10151	/*
10152	 * Figure out whether we're talking to a Fibre Channel port or not.
10153	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10154	 * SCSI front ends.
10155	 */
10156	if (ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type !=
10157	    CTL_PORT_FC)
10158		is_fc = 0;
10159	else
10160		is_fc = 1;
10161
10162	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10163	cdb = (struct scsi_inquiry *)ctsio->cdb;
10164	alloc_len = scsi_2btoul(cdb->length);
10165
10166	/*
10167	 * We malloc the full inquiry data size here and fill it
10168	 * in.  If the user only asks for less, we'll give him
10169	 * that much.
10170	 */
10171	ctsio->kern_data_ptr = malloc(sizeof(*inq_ptr), M_CTL, M_WAITOK | M_ZERO);
10172	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10173	ctsio->kern_sg_entries = 0;
10174	ctsio->kern_data_resid = 0;
10175	ctsio->kern_rel_offset = 0;
10176
10177	if (sizeof(*inq_ptr) < alloc_len) {
10178		ctsio->residual = alloc_len - sizeof(*inq_ptr);
10179		ctsio->kern_data_len = sizeof(*inq_ptr);
10180		ctsio->kern_total_len = sizeof(*inq_ptr);
10181	} else {
10182		ctsio->residual = 0;
10183		ctsio->kern_data_len = alloc_len;
10184		ctsio->kern_total_len = alloc_len;
10185	}
10186
10187	/*
10188	 * If we have a LUN configured, report it as connected.  Otherwise,
10189	 * report that it is offline or no device is supported, depending
10190	 * on the value of inquiry_pq_no_lun.
10191	 *
10192	 * According to the spec (SPC-4 r34), the peripheral qualifier
10193	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10194	 *
10195	 * "A peripheral device having the specified peripheral device type
10196	 * is not connected to this logical unit. However, the device
10197	 * server is capable of supporting the specified peripheral device
10198	 * type on this logical unit."
10199	 *
10200	 * According to the same spec, the peripheral qualifier
10201	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10202	 *
10203	 * "The device server is not capable of supporting a peripheral
10204	 * device on this logical unit. For this peripheral qualifier the
10205	 * peripheral device type shall be set to 1Fh. All other peripheral
10206	 * device type values are reserved for this peripheral qualifier."
10207	 *
10208	 * Given the text, it would seem that we probably want to report that
10209	 * the LUN is offline here.  There is no LUN connected, but we can
10210	 * support a LUN at the given LUN number.
10211	 *
10212	 * In the real world, though, it sounds like things are a little
10213	 * different:
10214	 *
10215	 * - Linux, when presented with a LUN with the offline peripheral
10216	 *   qualifier, will create an sg driver instance for it.  So when
10217	 *   you attach it to CTL, you wind up with a ton of sg driver
10218	 *   instances.  (One for every LUN that Linux bothered to probe.)
10219	 *   Linux does this despite the fact that it issues a REPORT LUNs
10220	 *   to LUN 0 to get the inventory of supported LUNs.
10221	 *
10222	 * - There is other anecdotal evidence (from Emulex folks) about
10223	 *   arrays that use the offline peripheral qualifier for LUNs that
10224	 *   are on the "passive" path in an active/passive array.
10225	 *
10226	 * So the solution is provide a hopefully reasonable default
10227	 * (return bad/no LUN) and allow the user to change the behavior
10228	 * with a tunable/sysctl variable.
10229	 */
10230	if (lun != NULL)
10231		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10232				  lun->be_lun->lun_type;
10233	else if (ctl_softc->inquiry_pq_no_lun == 0)
10234		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10235	else
10236		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10237
10238	/* RMB in byte 2 is 0 */
10239	inq_ptr->version = SCSI_REV_SPC3;
10240
10241	/*
10242	 * According to SAM-3, even if a device only supports a single
10243	 * level of LUN addressing, it should still set the HISUP bit:
10244	 *
10245	 * 4.9.1 Logical unit numbers overview
10246	 *
10247	 * All logical unit number formats described in this standard are
10248	 * hierarchical in structure even when only a single level in that
10249	 * hierarchy is used. The HISUP bit shall be set to one in the
10250	 * standard INQUIRY data (see SPC-2) when any logical unit number
10251	 * format described in this standard is used.  Non-hierarchical
10252	 * formats are outside the scope of this standard.
10253	 *
10254	 * Therefore we set the HiSup bit here.
10255	 *
10256	 * The reponse format is 2, per SPC-3.
10257	 */
10258	inq_ptr->response_format = SID_HiSup | 2;
10259
10260	inq_ptr->additional_length = sizeof(*inq_ptr) - 4;
10261	CTL_DEBUG_PRINT(("additional_length = %d\n",
10262			 inq_ptr->additional_length));
10263
10264	inq_ptr->spc3_flags = SPC3_SID_TPGS_IMPLICIT;
10265	/* 16 bit addressing */
10266	if (is_fc == 0)
10267		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10268	/* XXX set the SID_MultiP bit here if we're actually going to
10269	   respond on multiple ports */
10270	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10271
10272	/* 16 bit data bus, synchronous transfers */
10273	/* XXX these flags don't apply for FC */
10274	if (is_fc == 0)
10275		inq_ptr->flags = SID_WBus16 | SID_Sync;
10276	/*
10277	 * XXX KDM do we want to support tagged queueing on the control
10278	 * device at all?
10279	 */
10280	if ((lun == NULL)
10281	 || (lun->be_lun->lun_type != T_PROCESSOR))
10282		inq_ptr->flags |= SID_CmdQue;
10283	/*
10284	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10285	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10286	 * name and 4 bytes for the revision.
10287	 */
10288	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10289	    "vendor")) == NULL) {
10290		strcpy(inq_ptr->vendor, CTL_VENDOR);
10291	} else {
10292		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10293		strncpy(inq_ptr->vendor, val,
10294		    min(sizeof(inq_ptr->vendor), strlen(val)));
10295	}
10296	if (lun == NULL) {
10297		strcpy(inq_ptr->product, CTL_DIRECT_PRODUCT);
10298	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10299		switch (lun->be_lun->lun_type) {
10300		case T_DIRECT:
10301			strcpy(inq_ptr->product, CTL_DIRECT_PRODUCT);
10302			break;
10303		case T_PROCESSOR:
10304			strcpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT);
10305			break;
10306		default:
10307			strcpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT);
10308			break;
10309		}
10310	} else {
10311		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10312		strncpy(inq_ptr->product, val,
10313		    min(sizeof(inq_ptr->product), strlen(val)));
10314	}
10315
10316	/*
10317	 * XXX make this a macro somewhere so it automatically gets
10318	 * incremented when we make changes.
10319	 */
10320	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10321	    "revision")) == NULL) {
10322		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10323	} else {
10324		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10325		strncpy(inq_ptr->revision, val,
10326		    min(sizeof(inq_ptr->revision), strlen(val)));
10327	}
10328
10329	/*
10330	 * For parallel SCSI, we support double transition and single
10331	 * transition clocking.  We also support QAS (Quick Arbitration
10332	 * and Selection) and Information Unit transfers on both the
10333	 * control and array devices.
10334	 */
10335	if (is_fc == 0)
10336		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10337				    SID_SPI_IUS;
10338
10339	/* SAM-3 */
10340	scsi_ulto2b(0x0060, inq_ptr->version1);
10341	/* SPC-3 (no version claimed) XXX should we claim a version? */
10342	scsi_ulto2b(0x0300, inq_ptr->version2);
10343	if (is_fc) {
10344		/* FCP-2 ANSI INCITS.350:2003 */
10345		scsi_ulto2b(0x0917, inq_ptr->version3);
10346	} else {
10347		/* SPI-4 ANSI INCITS.362:200x */
10348		scsi_ulto2b(0x0B56, inq_ptr->version3);
10349	}
10350
10351	if (lun == NULL) {
10352		/* SBC-2 (no version claimed) XXX should we claim a version? */
10353		scsi_ulto2b(0x0320, inq_ptr->version4);
10354	} else {
10355		switch (lun->be_lun->lun_type) {
10356		case T_DIRECT:
10357			/*
10358			 * SBC-2 (no version claimed) XXX should we claim a
10359			 * version?
10360			 */
10361			scsi_ulto2b(0x0320, inq_ptr->version4);
10362			break;
10363		case T_PROCESSOR:
10364		default:
10365			break;
10366		}
10367	}
10368
10369	ctsio->scsi_status = SCSI_STATUS_OK;
10370	if (ctsio->kern_data_len > 0) {
10371		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10372		ctsio->be_move_done = ctl_config_move_done;
10373		ctl_datamove((union ctl_io *)ctsio);
10374	} else {
10375		ctsio->io_hdr.status = CTL_SUCCESS;
10376		ctl_done((union ctl_io *)ctsio);
10377	}
10378
10379	return (CTL_RETVAL_COMPLETE);
10380}
10381
10382int
10383ctl_inquiry(struct ctl_scsiio *ctsio)
10384{
10385	struct scsi_inquiry *cdb;
10386	int retval;
10387
10388	cdb = (struct scsi_inquiry *)ctsio->cdb;
10389
10390	retval = 0;
10391
10392	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10393
10394	/*
10395	 * Right now, we don't support the CmdDt inquiry information.
10396	 * This would be nice to support in the future.  When we do
10397	 * support it, we should change this test so that it checks to make
10398	 * sure SI_EVPD and SI_CMDDT aren't both set at the same time.
10399	 */
10400#ifdef notyet
10401	if (((cdb->byte2 & SI_EVPD)
10402	 && (cdb->byte2 & SI_CMDDT)))
10403#endif
10404	if (cdb->byte2 & SI_CMDDT) {
10405		/*
10406		 * Point to the SI_CMDDT bit.  We might change this
10407		 * when we support SI_CMDDT, but since both bits would be
10408		 * "wrong", this should probably just stay as-is then.
10409		 */
10410		ctl_set_invalid_field(ctsio,
10411				      /*sks_valid*/ 1,
10412				      /*command*/ 1,
10413				      /*field*/ 1,
10414				      /*bit_valid*/ 1,
10415				      /*bit*/ 1);
10416		ctl_done((union ctl_io *)ctsio);
10417		return (CTL_RETVAL_COMPLETE);
10418	}
10419	if (cdb->byte2 & SI_EVPD)
10420		retval = ctl_inquiry_evpd(ctsio);
10421#ifdef notyet
10422	else if (cdb->byte2 & SI_CMDDT)
10423		retval = ctl_inquiry_cmddt(ctsio);
10424#endif
10425	else
10426		retval = ctl_inquiry_std(ctsio);
10427
10428	return (retval);
10429}
10430
10431/*
10432 * For known CDB types, parse the LBA and length.
10433 */
10434static int
10435ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint32_t *len)
10436{
10437	if (io->io_hdr.io_type != CTL_IO_SCSI)
10438		return (1);
10439
10440	switch (io->scsiio.cdb[0]) {
10441	case COMPARE_AND_WRITE: {
10442		struct scsi_compare_and_write *cdb;
10443
10444		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10445
10446		*lba = scsi_8btou64(cdb->addr);
10447		*len = cdb->length;
10448		break;
10449	}
10450	case READ_6:
10451	case WRITE_6: {
10452		struct scsi_rw_6 *cdb;
10453
10454		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10455
10456		*lba = scsi_3btoul(cdb->addr);
10457		/* only 5 bits are valid in the most significant address byte */
10458		*lba &= 0x1fffff;
10459		*len = cdb->length;
10460		break;
10461	}
10462	case READ_10:
10463	case WRITE_10: {
10464		struct scsi_rw_10 *cdb;
10465
10466		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10467
10468		*lba = scsi_4btoul(cdb->addr);
10469		*len = scsi_2btoul(cdb->length);
10470		break;
10471	}
10472	case WRITE_VERIFY_10: {
10473		struct scsi_write_verify_10 *cdb;
10474
10475		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10476
10477		*lba = scsi_4btoul(cdb->addr);
10478		*len = scsi_2btoul(cdb->length);
10479		break;
10480	}
10481	case READ_12:
10482	case WRITE_12: {
10483		struct scsi_rw_12 *cdb;
10484
10485		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10486
10487		*lba = scsi_4btoul(cdb->addr);
10488		*len = scsi_4btoul(cdb->length);
10489		break;
10490	}
10491	case WRITE_VERIFY_12: {
10492		struct scsi_write_verify_12 *cdb;
10493
10494		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10495
10496		*lba = scsi_4btoul(cdb->addr);
10497		*len = scsi_4btoul(cdb->length);
10498		break;
10499	}
10500	case READ_16:
10501	case WRITE_16: {
10502		struct scsi_rw_16 *cdb;
10503
10504		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10505
10506		*lba = scsi_8btou64(cdb->addr);
10507		*len = scsi_4btoul(cdb->length);
10508		break;
10509	}
10510	case WRITE_VERIFY_16: {
10511		struct scsi_write_verify_16 *cdb;
10512
10513		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10514
10515
10516		*lba = scsi_8btou64(cdb->addr);
10517		*len = scsi_4btoul(cdb->length);
10518		break;
10519	}
10520	case WRITE_SAME_10: {
10521		struct scsi_write_same_10 *cdb;
10522
10523		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10524
10525		*lba = scsi_4btoul(cdb->addr);
10526		*len = scsi_2btoul(cdb->length);
10527		break;
10528	}
10529	case WRITE_SAME_16: {
10530		struct scsi_write_same_16 *cdb;
10531
10532		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10533
10534		*lba = scsi_8btou64(cdb->addr);
10535		*len = scsi_4btoul(cdb->length);
10536		break;
10537	}
10538	case VERIFY_10: {
10539		struct scsi_verify_10 *cdb;
10540
10541		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10542
10543		*lba = scsi_4btoul(cdb->addr);
10544		*len = scsi_2btoul(cdb->length);
10545		break;
10546	}
10547	case VERIFY_12: {
10548		struct scsi_verify_12 *cdb;
10549
10550		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10551
10552		*lba = scsi_4btoul(cdb->addr);
10553		*len = scsi_4btoul(cdb->length);
10554		break;
10555	}
10556	case VERIFY_16: {
10557		struct scsi_verify_16 *cdb;
10558
10559		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10560
10561		*lba = scsi_8btou64(cdb->addr);
10562		*len = scsi_4btoul(cdb->length);
10563		break;
10564	}
10565	default:
10566		return (1);
10567		break; /* NOTREACHED */
10568	}
10569
10570	return (0);
10571}
10572
10573static ctl_action
10574ctl_extent_check_lba(uint64_t lba1, uint32_t len1, uint64_t lba2, uint32_t len2)
10575{
10576	uint64_t endlba1, endlba2;
10577
10578	endlba1 = lba1 + len1 - 1;
10579	endlba2 = lba2 + len2 - 1;
10580
10581	if ((endlba1 < lba2)
10582	 || (endlba2 < lba1))
10583		return (CTL_ACTION_PASS);
10584	else
10585		return (CTL_ACTION_BLOCK);
10586}
10587
10588static ctl_action
10589ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
10590{
10591	uint64_t lba1, lba2;
10592	uint32_t len1, len2;
10593	int retval;
10594
10595	retval = ctl_get_lba_len(io1, &lba1, &len1);
10596	if (retval != 0)
10597		return (CTL_ACTION_ERROR);
10598
10599	retval = ctl_get_lba_len(io2, &lba2, &len2);
10600	if (retval != 0)
10601		return (CTL_ACTION_ERROR);
10602
10603	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
10604}
10605
10606static ctl_action
10607ctl_check_for_blockage(union ctl_io *pending_io, union ctl_io *ooa_io)
10608{
10609	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10610	ctl_serialize_action *serialize_row;
10611
10612	/*
10613	 * The initiator attempted multiple untagged commands at the same
10614	 * time.  Can't do that.
10615	 */
10616	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10617	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10618	 && ((pending_io->io_hdr.nexus.targ_port ==
10619	      ooa_io->io_hdr.nexus.targ_port)
10620	  && (pending_io->io_hdr.nexus.initid.id ==
10621	      ooa_io->io_hdr.nexus.initid.id))
10622	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10623		return (CTL_ACTION_OVERLAP);
10624
10625	/*
10626	 * The initiator attempted to send multiple tagged commands with
10627	 * the same ID.  (It's fine if different initiators have the same
10628	 * tag ID.)
10629	 *
10630	 * Even if all of those conditions are true, we don't kill the I/O
10631	 * if the command ahead of us has been aborted.  We won't end up
10632	 * sending it to the FETD, and it's perfectly legal to resend a
10633	 * command with the same tag number as long as the previous
10634	 * instance of this tag number has been aborted somehow.
10635	 */
10636	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10637	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10638	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10639	 && ((pending_io->io_hdr.nexus.targ_port ==
10640	      ooa_io->io_hdr.nexus.targ_port)
10641	  && (pending_io->io_hdr.nexus.initid.id ==
10642	      ooa_io->io_hdr.nexus.initid.id))
10643	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10644		return (CTL_ACTION_OVERLAP_TAG);
10645
10646	/*
10647	 * If we get a head of queue tag, SAM-3 says that we should
10648	 * immediately execute it.
10649	 *
10650	 * What happens if this command would normally block for some other
10651	 * reason?  e.g. a request sense with a head of queue tag
10652	 * immediately after a write.  Normally that would block, but this
10653	 * will result in its getting executed immediately...
10654	 *
10655	 * We currently return "pass" instead of "skip", so we'll end up
10656	 * going through the rest of the queue to check for overlapped tags.
10657	 *
10658	 * XXX KDM check for other types of blockage first??
10659	 */
10660	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10661		return (CTL_ACTION_PASS);
10662
10663	/*
10664	 * Ordered tags have to block until all items ahead of them
10665	 * have completed.  If we get called with an ordered tag, we always
10666	 * block, if something else is ahead of us in the queue.
10667	 */
10668	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10669		return (CTL_ACTION_BLOCK);
10670
10671	/*
10672	 * Simple tags get blocked until all head of queue and ordered tags
10673	 * ahead of them have completed.  I'm lumping untagged commands in
10674	 * with simple tags here.  XXX KDM is that the right thing to do?
10675	 */
10676	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10677	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10678	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10679	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10680		return (CTL_ACTION_BLOCK);
10681
10682	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio);
10683	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio);
10684
10685	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10686
10687	switch (serialize_row[pending_entry->seridx]) {
10688	case CTL_SER_BLOCK:
10689		return (CTL_ACTION_BLOCK);
10690		break; /* NOTREACHED */
10691	case CTL_SER_EXTENT:
10692		return (ctl_extent_check(pending_io, ooa_io));
10693		break; /* NOTREACHED */
10694	case CTL_SER_PASS:
10695		return (CTL_ACTION_PASS);
10696		break; /* NOTREACHED */
10697	case CTL_SER_SKIP:
10698		return (CTL_ACTION_SKIP);
10699		break;
10700	default:
10701		panic("invalid serialization value %d",
10702		      serialize_row[pending_entry->seridx]);
10703		break; /* NOTREACHED */
10704	}
10705
10706	return (CTL_ACTION_ERROR);
10707}
10708
10709/*
10710 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10711 * Assumptions:
10712 * - pending_io is generally either incoming, or on the blocked queue
10713 * - starting I/O is the I/O we want to start the check with.
10714 */
10715static ctl_action
10716ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10717	      union ctl_io *starting_io)
10718{
10719	union ctl_io *ooa_io;
10720	ctl_action action;
10721
10722	mtx_assert(&lun->lun_lock, MA_OWNED);
10723
10724	/*
10725	 * Run back along the OOA queue, starting with the current
10726	 * blocked I/O and going through every I/O before it on the
10727	 * queue.  If starting_io is NULL, we'll just end up returning
10728	 * CTL_ACTION_PASS.
10729	 */
10730	for (ooa_io = starting_io; ooa_io != NULL;
10731	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10732	     ooa_links)){
10733
10734		/*
10735		 * This routine just checks to see whether
10736		 * cur_blocked is blocked by ooa_io, which is ahead
10737		 * of it in the queue.  It doesn't queue/dequeue
10738		 * cur_blocked.
10739		 */
10740		action = ctl_check_for_blockage(pending_io, ooa_io);
10741		switch (action) {
10742		case CTL_ACTION_BLOCK:
10743		case CTL_ACTION_OVERLAP:
10744		case CTL_ACTION_OVERLAP_TAG:
10745		case CTL_ACTION_SKIP:
10746		case CTL_ACTION_ERROR:
10747			return (action);
10748			break; /* NOTREACHED */
10749		case CTL_ACTION_PASS:
10750			break;
10751		default:
10752			panic("invalid action %d", action);
10753			break;  /* NOTREACHED */
10754		}
10755	}
10756
10757	return (CTL_ACTION_PASS);
10758}
10759
10760/*
10761 * Assumptions:
10762 * - An I/O has just completed, and has been removed from the per-LUN OOA
10763 *   queue, so some items on the blocked queue may now be unblocked.
10764 */
10765static int
10766ctl_check_blocked(struct ctl_lun *lun)
10767{
10768	union ctl_io *cur_blocked, *next_blocked;
10769
10770	mtx_assert(&lun->lun_lock, MA_OWNED);
10771
10772	/*
10773	 * Run forward from the head of the blocked queue, checking each
10774	 * entry against the I/Os prior to it on the OOA queue to see if
10775	 * there is still any blockage.
10776	 *
10777	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10778	 * with our removing a variable on it while it is traversing the
10779	 * list.
10780	 */
10781	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10782	     cur_blocked != NULL; cur_blocked = next_blocked) {
10783		union ctl_io *prev_ooa;
10784		ctl_action action;
10785
10786		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10787							  blocked_links);
10788
10789		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10790						      ctl_ooaq, ooa_links);
10791
10792		/*
10793		 * If cur_blocked happens to be the first item in the OOA
10794		 * queue now, prev_ooa will be NULL, and the action
10795		 * returned will just be CTL_ACTION_PASS.
10796		 */
10797		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10798
10799		switch (action) {
10800		case CTL_ACTION_BLOCK:
10801			/* Nothing to do here, still blocked */
10802			break;
10803		case CTL_ACTION_OVERLAP:
10804		case CTL_ACTION_OVERLAP_TAG:
10805			/*
10806			 * This shouldn't happen!  In theory we've already
10807			 * checked this command for overlap...
10808			 */
10809			break;
10810		case CTL_ACTION_PASS:
10811		case CTL_ACTION_SKIP: {
10812			struct ctl_softc *softc;
10813			const struct ctl_cmd_entry *entry;
10814			uint32_t initidx;
10815			int isc_retval;
10816
10817			/*
10818			 * The skip case shouldn't happen, this transaction
10819			 * should have never made it onto the blocked queue.
10820			 */
10821			/*
10822			 * This I/O is no longer blocked, we can remove it
10823			 * from the blocked queue.  Since this is a TAILQ
10824			 * (doubly linked list), we can do O(1) removals
10825			 * from any place on the list.
10826			 */
10827			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10828				     blocked_links);
10829			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10830
10831			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
10832				/*
10833				 * Need to send IO back to original side to
10834				 * run
10835				 */
10836				union ctl_ha_msg msg_info;
10837
10838				msg_info.hdr.original_sc =
10839					cur_blocked->io_hdr.original_sc;
10840				msg_info.hdr.serializing_sc = cur_blocked;
10841				msg_info.hdr.msg_type = CTL_MSG_R2R;
10842				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
10843				     &msg_info, sizeof(msg_info), 0)) >
10844				     CTL_HA_STATUS_SUCCESS) {
10845					printf("CTL:Check Blocked error from "
10846					       "ctl_ha_msg_send %d\n",
10847					       isc_retval);
10848				}
10849				break;
10850			}
10851			entry = ctl_get_cmd_entry(&cur_blocked->scsiio);
10852			softc = control_softc;
10853
10854			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
10855
10856			/*
10857			 * Check this I/O for LUN state changes that may
10858			 * have happened while this command was blocked.
10859			 * The LUN state may have been changed by a command
10860			 * ahead of us in the queue, so we need to re-check
10861			 * for any states that can be caused by SCSI
10862			 * commands.
10863			 */
10864			if (ctl_scsiio_lun_check(softc, lun, entry,
10865						 &cur_blocked->scsiio) == 0) {
10866				cur_blocked->io_hdr.flags |=
10867				                      CTL_FLAG_IS_WAS_ON_RTR;
10868				ctl_enqueue_rtr(cur_blocked);
10869			} else
10870				ctl_done(cur_blocked);
10871			break;
10872		}
10873		default:
10874			/*
10875			 * This probably shouldn't happen -- we shouldn't
10876			 * get CTL_ACTION_ERROR, or anything else.
10877			 */
10878			break;
10879		}
10880	}
10881
10882	return (CTL_RETVAL_COMPLETE);
10883}
10884
10885/*
10886 * This routine (with one exception) checks LUN flags that can be set by
10887 * commands ahead of us in the OOA queue.  These flags have to be checked
10888 * when a command initially comes in, and when we pull a command off the
10889 * blocked queue and are preparing to execute it.  The reason we have to
10890 * check these flags for commands on the blocked queue is that the LUN
10891 * state may have been changed by a command ahead of us while we're on the
10892 * blocked queue.
10893 *
10894 * Ordering is somewhat important with these checks, so please pay
10895 * careful attention to the placement of any new checks.
10896 */
10897static int
10898ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
10899    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10900{
10901	int retval;
10902
10903	retval = 0;
10904
10905	mtx_assert(&lun->lun_lock, MA_OWNED);
10906
10907	/*
10908	 * If this shelf is a secondary shelf controller, we have to reject
10909	 * any media access commands.
10910	 */
10911#if 0
10912	/* No longer needed for HA */
10913	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
10914	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
10915		ctl_set_lun_standby(ctsio);
10916		retval = 1;
10917		goto bailout;
10918	}
10919#endif
10920
10921	/*
10922	 * Check for a reservation conflict.  If this command isn't allowed
10923	 * even on reserved LUNs, and if this initiator isn't the one who
10924	 * reserved us, reject the command with a reservation conflict.
10925	 */
10926	if ((lun->flags & CTL_LUN_RESERVED)
10927	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10928		if ((ctsio->io_hdr.nexus.initid.id != lun->rsv_nexus.initid.id)
10929		 || (ctsio->io_hdr.nexus.targ_port != lun->rsv_nexus.targ_port)
10930		 || (ctsio->io_hdr.nexus.targ_target.id !=
10931		     lun->rsv_nexus.targ_target.id)) {
10932			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
10933			ctsio->io_hdr.status = CTL_SCSI_ERROR;
10934			retval = 1;
10935			goto bailout;
10936		}
10937	}
10938
10939	if ( (lun->flags & CTL_LUN_PR_RESERVED)
10940	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV) == 0)) {
10941		uint32_t residx;
10942
10943		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
10944		/*
10945		 * if we aren't registered or it's a res holder type
10946		 * reservation and this isn't the res holder then set a
10947		 * conflict.
10948		 * NOTE: Commands which might be allowed on write exclusive
10949		 * type reservations are checked in the particular command
10950		 * for a conflict. Read and SSU are the only ones.
10951		 */
10952		if (!lun->per_res[residx].registered
10953		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10954			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
10955			ctsio->io_hdr.status = CTL_SCSI_ERROR;
10956			retval = 1;
10957			goto bailout;
10958		}
10959
10960	}
10961
10962	if ((lun->flags & CTL_LUN_OFFLINE)
10963	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
10964		ctl_set_lun_not_ready(ctsio);
10965		retval = 1;
10966		goto bailout;
10967	}
10968
10969	/*
10970	 * If the LUN is stopped, see if this particular command is allowed
10971	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
10972	 */
10973	if ((lun->flags & CTL_LUN_STOPPED)
10974	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10975		/* "Logical unit not ready, initializing cmd. required" */
10976		ctl_set_lun_stopped(ctsio);
10977		retval = 1;
10978		goto bailout;
10979	}
10980
10981	if ((lun->flags & CTL_LUN_INOPERABLE)
10982	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10983		/* "Medium format corrupted" */
10984		ctl_set_medium_format_corrupted(ctsio);
10985		retval = 1;
10986		goto bailout;
10987	}
10988
10989bailout:
10990	return (retval);
10991
10992}
10993
10994static void
10995ctl_failover_io(union ctl_io *io, int have_lock)
10996{
10997	ctl_set_busy(&io->scsiio);
10998	ctl_done(io);
10999}
11000
11001static void
11002ctl_failover(void)
11003{
11004	struct ctl_lun *lun;
11005	struct ctl_softc *ctl_softc;
11006	union ctl_io *next_io, *pending_io;
11007	union ctl_io *io;
11008	int lun_idx;
11009	int i;
11010
11011	ctl_softc = control_softc;
11012
11013	mtx_lock(&ctl_softc->ctl_lock);
11014	/*
11015	 * Remove any cmds from the other SC from the rtr queue.  These
11016	 * will obviously only be for LUNs for which we're the primary.
11017	 * We can't send status or get/send data for these commands.
11018	 * Since they haven't been executed yet, we can just remove them.
11019	 * We'll either abort them or delete them below, depending on
11020	 * which HA mode we're in.
11021	 */
11022#ifdef notyet
11023	mtx_lock(&ctl_softc->queue_lock);
11024	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
11025	     io != NULL; io = next_io) {
11026		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
11027		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11028			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
11029				      ctl_io_hdr, links);
11030	}
11031	mtx_unlock(&ctl_softc->queue_lock);
11032#endif
11033
11034	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
11035		lun = ctl_softc->ctl_luns[lun_idx];
11036		if (lun==NULL)
11037			continue;
11038
11039		/*
11040		 * Processor LUNs are primary on both sides.
11041		 * XXX will this always be true?
11042		 */
11043		if (lun->be_lun->lun_type == T_PROCESSOR)
11044			continue;
11045
11046		if ((lun->flags & CTL_LUN_PRIMARY_SC)
11047		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11048			printf("FAILOVER: primary lun %d\n", lun_idx);
11049		        /*
11050			 * Remove all commands from the other SC. First from the
11051			 * blocked queue then from the ooa queue. Once we have
11052			 * removed them. Call ctl_check_blocked to see if there
11053			 * is anything that can run.
11054			 */
11055			for (io = (union ctl_io *)TAILQ_FIRST(
11056			     &lun->blocked_queue); io != NULL; io = next_io) {
11057
11058		        	next_io = (union ctl_io *)TAILQ_NEXT(
11059				    &io->io_hdr, blocked_links);
11060
11061				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11062					TAILQ_REMOVE(&lun->blocked_queue,
11063						     &io->io_hdr,blocked_links);
11064					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11065					TAILQ_REMOVE(&lun->ooa_queue,
11066						     &io->io_hdr, ooa_links);
11067
11068					ctl_free_io(io);
11069				}
11070			}
11071
11072			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11073	     		     io != NULL; io = next_io) {
11074
11075		        	next_io = (union ctl_io *)TAILQ_NEXT(
11076				    &io->io_hdr, ooa_links);
11077
11078				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11079
11080					TAILQ_REMOVE(&lun->ooa_queue,
11081						&io->io_hdr,
11082					     	ooa_links);
11083
11084					ctl_free_io(io);
11085				}
11086			}
11087			ctl_check_blocked(lun);
11088		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
11089			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11090
11091			printf("FAILOVER: primary lun %d\n", lun_idx);
11092			/*
11093			 * Abort all commands from the other SC.  We can't
11094			 * send status back for them now.  These should get
11095			 * cleaned up when they are completed or come out
11096			 * for a datamove operation.
11097			 */
11098			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11099	     		     io != NULL; io = next_io) {
11100		        	next_io = (union ctl_io *)TAILQ_NEXT(
11101					&io->io_hdr, ooa_links);
11102
11103				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11104					io->io_hdr.flags |= CTL_FLAG_ABORT;
11105			}
11106		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11107			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11108
11109			printf("FAILOVER: secondary lun %d\n", lun_idx);
11110
11111			lun->flags |= CTL_LUN_PRIMARY_SC;
11112
11113			/*
11114			 * We send all I/O that was sent to this controller
11115			 * and redirected to the other side back with
11116			 * busy status, and have the initiator retry it.
11117			 * Figuring out how much data has been transferred,
11118			 * etc. and picking up where we left off would be
11119			 * very tricky.
11120			 *
11121			 * XXX KDM need to remove I/O from the blocked
11122			 * queue as well!
11123			 */
11124			for (pending_io = (union ctl_io *)TAILQ_FIRST(
11125			     &lun->ooa_queue); pending_io != NULL;
11126			     pending_io = next_io) {
11127
11128				next_io =  (union ctl_io *)TAILQ_NEXT(
11129					&pending_io->io_hdr, ooa_links);
11130
11131				pending_io->io_hdr.flags &=
11132					~CTL_FLAG_SENT_2OTHER_SC;
11133
11134				if (pending_io->io_hdr.flags &
11135				    CTL_FLAG_IO_ACTIVE) {
11136					pending_io->io_hdr.flags |=
11137						CTL_FLAG_FAILOVER;
11138				} else {
11139					ctl_set_busy(&pending_io->scsiio);
11140					ctl_done(pending_io);
11141				}
11142			}
11143
11144			/*
11145			 * Build Unit Attention
11146			 */
11147			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11148				lun->pending_sense[i].ua_pending |=
11149				                     CTL_UA_ASYM_ACC_CHANGE;
11150			}
11151		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11152			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11153			printf("FAILOVER: secondary lun %d\n", lun_idx);
11154			/*
11155			 * if the first io on the OOA is not on the RtR queue
11156			 * add it.
11157			 */
11158			lun->flags |= CTL_LUN_PRIMARY_SC;
11159
11160			pending_io = (union ctl_io *)TAILQ_FIRST(
11161			    &lun->ooa_queue);
11162			if (pending_io==NULL) {
11163				printf("Nothing on OOA queue\n");
11164				continue;
11165			}
11166
11167			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11168			if ((pending_io->io_hdr.flags &
11169			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11170				pending_io->io_hdr.flags |=
11171				    CTL_FLAG_IS_WAS_ON_RTR;
11172				ctl_enqueue_rtr(pending_io);
11173			}
11174#if 0
11175			else
11176			{
11177				printf("Tag 0x%04x is running\n",
11178				      pending_io->scsiio.tag_num);
11179			}
11180#endif
11181
11182			next_io = (union ctl_io *)TAILQ_NEXT(
11183			    &pending_io->io_hdr, ooa_links);
11184			for (pending_io=next_io; pending_io != NULL;
11185			     pending_io = next_io) {
11186				pending_io->io_hdr.flags &=
11187				    ~CTL_FLAG_SENT_2OTHER_SC;
11188				next_io = (union ctl_io *)TAILQ_NEXT(
11189					&pending_io->io_hdr, ooa_links);
11190				if (pending_io->io_hdr.flags &
11191				    CTL_FLAG_IS_WAS_ON_RTR) {
11192#if 0
11193				        printf("Tag 0x%04x is running\n",
11194				      		pending_io->scsiio.tag_num);
11195#endif
11196					continue;
11197				}
11198
11199				switch (ctl_check_ooa(lun, pending_io,
11200			            (union ctl_io *)TAILQ_PREV(
11201				    &pending_io->io_hdr, ctl_ooaq,
11202				    ooa_links))) {
11203
11204				case CTL_ACTION_BLOCK:
11205					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11206							  &pending_io->io_hdr,
11207							  blocked_links);
11208					pending_io->io_hdr.flags |=
11209					    CTL_FLAG_BLOCKED;
11210					break;
11211				case CTL_ACTION_PASS:
11212				case CTL_ACTION_SKIP:
11213					pending_io->io_hdr.flags |=
11214					    CTL_FLAG_IS_WAS_ON_RTR;
11215					ctl_enqueue_rtr(pending_io);
11216					break;
11217				case CTL_ACTION_OVERLAP:
11218					ctl_set_overlapped_cmd(
11219					    (struct ctl_scsiio *)pending_io);
11220					ctl_done(pending_io);
11221					break;
11222				case CTL_ACTION_OVERLAP_TAG:
11223					ctl_set_overlapped_tag(
11224					    (struct ctl_scsiio *)pending_io,
11225					    pending_io->scsiio.tag_num & 0xff);
11226					ctl_done(pending_io);
11227					break;
11228				case CTL_ACTION_ERROR:
11229				default:
11230					ctl_set_internal_failure(
11231						(struct ctl_scsiio *)pending_io,
11232						0,  // sks_valid
11233						0); //retry count
11234					ctl_done(pending_io);
11235					break;
11236				}
11237			}
11238
11239			/*
11240			 * Build Unit Attention
11241			 */
11242			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11243				lun->pending_sense[i].ua_pending |=
11244				                     CTL_UA_ASYM_ACC_CHANGE;
11245			}
11246		} else {
11247			panic("Unhandled HA mode failover, LUN flags = %#x, "
11248			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
11249		}
11250	}
11251	ctl_pause_rtr = 0;
11252	mtx_unlock(&ctl_softc->ctl_lock);
11253}
11254
11255static int
11256ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
11257{
11258	struct ctl_lun *lun;
11259	const struct ctl_cmd_entry *entry;
11260	uint32_t initidx, targ_lun;
11261	int retval;
11262
11263	retval = 0;
11264
11265	lun = NULL;
11266
11267	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11268	if ((targ_lun < CTL_MAX_LUNS)
11269	 && (ctl_softc->ctl_luns[targ_lun] != NULL)) {
11270		lun = ctl_softc->ctl_luns[targ_lun];
11271		/*
11272		 * If the LUN is invalid, pretend that it doesn't exist.
11273		 * It will go away as soon as all pending I/O has been
11274		 * completed.
11275		 */
11276		if (lun->flags & CTL_LUN_DISABLED) {
11277			lun = NULL;
11278		} else {
11279			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11280			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11281				lun->be_lun;
11282			if (lun->be_lun->lun_type == T_PROCESSOR) {
11283				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11284			}
11285
11286			/*
11287			 * Every I/O goes into the OOA queue for a
11288			 * particular LUN, and stays there until completion.
11289			 */
11290			mtx_lock(&lun->lun_lock);
11291			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11292			    ooa_links);
11293		}
11294	} else {
11295		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11296		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11297	}
11298
11299	/* Get command entry and return error if it is unsuppotyed. */
11300	entry = ctl_validate_command(ctsio);
11301	if (entry == NULL) {
11302		if (lun)
11303			mtx_unlock(&lun->lun_lock);
11304		return (retval);
11305	}
11306
11307	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11308	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11309
11310	/*
11311	 * Check to see whether we can send this command to LUNs that don't
11312	 * exist.  This should pretty much only be the case for inquiry
11313	 * and request sense.  Further checks, below, really require having
11314	 * a LUN, so we can't really check the command anymore.  Just put
11315	 * it on the rtr queue.
11316	 */
11317	if (lun == NULL) {
11318		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11319			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11320			ctl_enqueue_rtr((union ctl_io *)ctsio);
11321			return (retval);
11322		}
11323
11324		ctl_set_unsupported_lun(ctsio);
11325		ctl_done((union ctl_io *)ctsio);
11326		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11327		return (retval);
11328	} else {
11329		/*
11330		 * Make sure we support this particular command on this LUN.
11331		 * e.g., we don't support writes to the control LUN.
11332		 */
11333		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11334			mtx_unlock(&lun->lun_lock);
11335			ctl_set_invalid_opcode(ctsio);
11336			ctl_done((union ctl_io *)ctsio);
11337			return (retval);
11338		}
11339	}
11340
11341	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11342
11343	/*
11344	 * If we've got a request sense, it'll clear the contingent
11345	 * allegiance condition.  Otherwise, if we have a CA condition for
11346	 * this initiator, clear it, because it sent down a command other
11347	 * than request sense.
11348	 */
11349	if ((ctsio->cdb[0] != REQUEST_SENSE)
11350	 && (ctl_is_set(lun->have_ca, initidx)))
11351		ctl_clear_mask(lun->have_ca, initidx);
11352
11353	/*
11354	 * If the command has this flag set, it handles its own unit
11355	 * attention reporting, we shouldn't do anything.  Otherwise we
11356	 * check for any pending unit attentions, and send them back to the
11357	 * initiator.  We only do this when a command initially comes in,
11358	 * not when we pull it off the blocked queue.
11359	 *
11360	 * According to SAM-3, section 5.3.2, the order that things get
11361	 * presented back to the host is basically unit attentions caused
11362	 * by some sort of reset event, busy status, reservation conflicts
11363	 * or task set full, and finally any other status.
11364	 *
11365	 * One issue here is that some of the unit attentions we report
11366	 * don't fall into the "reset" category (e.g. "reported luns data
11367	 * has changed").  So reporting it here, before the reservation
11368	 * check, may be technically wrong.  I guess the only thing to do
11369	 * would be to check for and report the reset events here, and then
11370	 * check for the other unit attention types after we check for a
11371	 * reservation conflict.
11372	 *
11373	 * XXX KDM need to fix this
11374	 */
11375	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11376		ctl_ua_type ua_type;
11377
11378		ua_type = lun->pending_sense[initidx].ua_pending;
11379		if (ua_type != CTL_UA_NONE) {
11380			scsi_sense_data_type sense_format;
11381
11382			if (lun != NULL)
11383				sense_format = (lun->flags &
11384				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
11385				    SSD_TYPE_FIXED;
11386			else
11387				sense_format = SSD_TYPE_FIXED;
11388
11389			ua_type = ctl_build_ua(ua_type, &ctsio->sense_data,
11390					       sense_format);
11391			if (ua_type != CTL_UA_NONE) {
11392				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11393				ctsio->io_hdr.status = CTL_SCSI_ERROR |
11394						       CTL_AUTOSENSE;
11395				ctsio->sense_len = SSD_FULL_SIZE;
11396				lun->pending_sense[initidx].ua_pending &=
11397					~ua_type;
11398				mtx_unlock(&lun->lun_lock);
11399				ctl_done((union ctl_io *)ctsio);
11400				return (retval);
11401			}
11402		}
11403	}
11404
11405
11406	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
11407		mtx_unlock(&lun->lun_lock);
11408		ctl_done((union ctl_io *)ctsio);
11409		return (retval);
11410	}
11411
11412	/*
11413	 * XXX CHD this is where we want to send IO to other side if
11414	 * this LUN is secondary on this SC. We will need to make a copy
11415	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11416	 * the copy we send as FROM_OTHER.
11417	 * We also need to stuff the address of the original IO so we can
11418	 * find it easily. Something similar will need be done on the other
11419	 * side so when we are done we can find the copy.
11420	 */
11421	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11422		union ctl_ha_msg msg_info;
11423		int isc_retval;
11424
11425		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11426
11427		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11428		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11429#if 0
11430		printf("1. ctsio %p\n", ctsio);
11431#endif
11432		msg_info.hdr.serializing_sc = NULL;
11433		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11434		msg_info.scsi.tag_num = ctsio->tag_num;
11435		msg_info.scsi.tag_type = ctsio->tag_type;
11436		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11437
11438		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11439
11440		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11441		    (void *)&msg_info, sizeof(msg_info), 0)) >
11442		    CTL_HA_STATUS_SUCCESS) {
11443			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11444			       isc_retval);
11445			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11446		} else {
11447#if 0
11448			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11449#endif
11450		}
11451
11452		/*
11453		 * XXX KDM this I/O is off the incoming queue, but hasn't
11454		 * been inserted on any other queue.  We may need to come
11455		 * up with a holding queue while we wait for serialization
11456		 * so that we have an idea of what we're waiting for from
11457		 * the other side.
11458		 */
11459		mtx_unlock(&lun->lun_lock);
11460		return (retval);
11461	}
11462
11463	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11464			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11465			      ctl_ooaq, ooa_links))) {
11466	case CTL_ACTION_BLOCK:
11467		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11468		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11469				  blocked_links);
11470		mtx_unlock(&lun->lun_lock);
11471		return (retval);
11472	case CTL_ACTION_PASS:
11473	case CTL_ACTION_SKIP:
11474		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11475		mtx_unlock(&lun->lun_lock);
11476		ctl_enqueue_rtr((union ctl_io *)ctsio);
11477		break;
11478	case CTL_ACTION_OVERLAP:
11479		mtx_unlock(&lun->lun_lock);
11480		ctl_set_overlapped_cmd(ctsio);
11481		ctl_done((union ctl_io *)ctsio);
11482		break;
11483	case CTL_ACTION_OVERLAP_TAG:
11484		mtx_unlock(&lun->lun_lock);
11485		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11486		ctl_done((union ctl_io *)ctsio);
11487		break;
11488	case CTL_ACTION_ERROR:
11489	default:
11490		mtx_unlock(&lun->lun_lock);
11491		ctl_set_internal_failure(ctsio,
11492					 /*sks_valid*/ 0,
11493					 /*retry_count*/ 0);
11494		ctl_done((union ctl_io *)ctsio);
11495		break;
11496	}
11497	return (retval);
11498}
11499
11500const struct ctl_cmd_entry *
11501ctl_get_cmd_entry(struct ctl_scsiio *ctsio)
11502{
11503	const struct ctl_cmd_entry *entry;
11504	int service_action;
11505
11506	entry = &ctl_cmd_table[ctsio->cdb[0]];
11507	if (entry->flags & CTL_CMD_FLAG_SA5) {
11508		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11509		entry = &((const struct ctl_cmd_entry *)
11510		    entry->execute)[service_action];
11511	}
11512	return (entry);
11513}
11514
11515const struct ctl_cmd_entry *
11516ctl_validate_command(struct ctl_scsiio *ctsio)
11517{
11518	const struct ctl_cmd_entry *entry;
11519	int i;
11520	uint8_t diff;
11521
11522	entry = ctl_get_cmd_entry(ctsio);
11523	if (entry->execute == NULL) {
11524		ctl_set_invalid_opcode(ctsio);
11525		ctl_done((union ctl_io *)ctsio);
11526		return (NULL);
11527	}
11528	KASSERT(entry->length > 0,
11529	    ("Not defined length for command 0x%02x/0x%02x",
11530	     ctsio->cdb[0], ctsio->cdb[1]));
11531	for (i = 1; i < entry->length; i++) {
11532		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11533		if (diff == 0)
11534			continue;
11535		ctl_set_invalid_field(ctsio,
11536				      /*sks_valid*/ 1,
11537				      /*command*/ 1,
11538				      /*field*/ i,
11539				      /*bit_valid*/ 1,
11540				      /*bit*/ fls(diff) - 1);
11541		ctl_done((union ctl_io *)ctsio);
11542		return (NULL);
11543	}
11544	return (entry);
11545}
11546
11547static int
11548ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11549{
11550
11551	switch (lun_type) {
11552	case T_PROCESSOR:
11553		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11554		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11555			return (0);
11556		break;
11557	case T_DIRECT:
11558		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11559		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11560			return (0);
11561		break;
11562	default:
11563		return (0);
11564	}
11565	return (1);
11566}
11567
11568static int
11569ctl_scsiio(struct ctl_scsiio *ctsio)
11570{
11571	int retval;
11572	const struct ctl_cmd_entry *entry;
11573
11574	retval = CTL_RETVAL_COMPLETE;
11575
11576	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11577
11578	entry = ctl_get_cmd_entry(ctsio);
11579
11580	/*
11581	 * If this I/O has been aborted, just send it straight to
11582	 * ctl_done() without executing it.
11583	 */
11584	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11585		ctl_done((union ctl_io *)ctsio);
11586		goto bailout;
11587	}
11588
11589	/*
11590	 * All the checks should have been handled by ctl_scsiio_precheck().
11591	 * We should be clear now to just execute the I/O.
11592	 */
11593	retval = entry->execute(ctsio);
11594
11595bailout:
11596	return (retval);
11597}
11598
11599/*
11600 * Since we only implement one target right now, a bus reset simply resets
11601 * our single target.
11602 */
11603static int
11604ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
11605{
11606	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
11607}
11608
11609static int
11610ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
11611		 ctl_ua_type ua_type)
11612{
11613	struct ctl_lun *lun;
11614	int retval;
11615
11616	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11617		union ctl_ha_msg msg_info;
11618
11619		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11620		msg_info.hdr.nexus = io->io_hdr.nexus;
11621		if (ua_type==CTL_UA_TARG_RESET)
11622			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11623		else
11624			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11625		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11626		msg_info.hdr.original_sc = NULL;
11627		msg_info.hdr.serializing_sc = NULL;
11628		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11629		    (void *)&msg_info, sizeof(msg_info), 0)) {
11630		}
11631	}
11632	retval = 0;
11633
11634	mtx_lock(&ctl_softc->ctl_lock);
11635	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
11636		retval += ctl_lun_reset(lun, io, ua_type);
11637	mtx_unlock(&ctl_softc->ctl_lock);
11638
11639	return (retval);
11640}
11641
11642/*
11643 * The LUN should always be set.  The I/O is optional, and is used to
11644 * distinguish between I/Os sent by this initiator, and by other
11645 * initiators.  We set unit attention for initiators other than this one.
11646 * SAM-3 is vague on this point.  It does say that a unit attention should
11647 * be established for other initiators when a LUN is reset (see section
11648 * 5.7.3), but it doesn't specifically say that the unit attention should
11649 * be established for this particular initiator when a LUN is reset.  Here
11650 * is the relevant text, from SAM-3 rev 8:
11651 *
11652 * 5.7.2 When a SCSI initiator port aborts its own tasks
11653 *
11654 * When a SCSI initiator port causes its own task(s) to be aborted, no
11655 * notification that the task(s) have been aborted shall be returned to
11656 * the SCSI initiator port other than the completion response for the
11657 * command or task management function action that caused the task(s) to
11658 * be aborted and notification(s) associated with related effects of the
11659 * action (e.g., a reset unit attention condition).
11660 *
11661 * XXX KDM for now, we're setting unit attention for all initiators.
11662 */
11663static int
11664ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11665{
11666	union ctl_io *xio;
11667#if 0
11668	uint32_t initindex;
11669#endif
11670	int i;
11671
11672	mtx_lock(&lun->lun_lock);
11673	/*
11674	 * Run through the OOA queue and abort each I/O.
11675	 */
11676#if 0
11677	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11678#endif
11679	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11680	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11681		xio->io_hdr.flags |= CTL_FLAG_ABORT;
11682	}
11683
11684	/*
11685	 * This version sets unit attention for every
11686	 */
11687#if 0
11688	initindex = ctl_get_initindex(&io->io_hdr.nexus);
11689	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11690		if (initindex == i)
11691			continue;
11692		lun->pending_sense[i].ua_pending |= ua_type;
11693	}
11694#endif
11695
11696	/*
11697	 * A reset (any kind, really) clears reservations established with
11698	 * RESERVE/RELEASE.  It does not clear reservations established
11699	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11700	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11701	 * reservations made with the RESERVE/RELEASE commands, because
11702	 * those commands are obsolete in SPC-3.
11703	 */
11704	lun->flags &= ~CTL_LUN_RESERVED;
11705
11706	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11707		ctl_clear_mask(lun->have_ca, i);
11708		lun->pending_sense[i].ua_pending |= ua_type;
11709	}
11710	mtx_lock(&lun->lun_lock);
11711
11712	return (0);
11713}
11714
11715static int
11716ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11717    int other_sc)
11718{
11719	union ctl_io *xio;
11720	int found;
11721
11722	mtx_assert(&lun->lun_lock, MA_OWNED);
11723
11724	/*
11725	 * Run through the OOA queue and attempt to find the given I/O.
11726	 * The target port, initiator ID, tag type and tag number have to
11727	 * match the values that we got from the initiator.  If we have an
11728	 * untagged command to abort, simply abort the first untagged command
11729	 * we come to.  We only allow one untagged command at a time of course.
11730	 */
11731	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11732	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11733
11734		if ((targ_port == xio->io_hdr.nexus.targ_port) &&
11735		    (init_id == xio->io_hdr.nexus.initid.id)) {
11736			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11737			found = 1;
11738			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11739				union ctl_ha_msg msg_info;
11740
11741				msg_info.hdr.nexus = xio->io_hdr.nexus;
11742				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11743				msg_info.task.tag_num = xio->scsiio.tag_num;
11744				msg_info.task.tag_type = xio->scsiio.tag_type;
11745				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11746				msg_info.hdr.original_sc = NULL;
11747				msg_info.hdr.serializing_sc = NULL;
11748				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11749				    (void *)&msg_info, sizeof(msg_info), 0);
11750			}
11751		}
11752	}
11753	return (found);
11754}
11755
11756static int
11757ctl_abort_task_set(union ctl_io *io)
11758{
11759	struct ctl_softc *softc = control_softc;
11760	struct ctl_lun *lun;
11761	uint32_t targ_lun;
11762
11763	/*
11764	 * Look up the LUN.
11765	 */
11766	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11767	mtx_lock(&softc->ctl_lock);
11768	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
11769		lun = softc->ctl_luns[targ_lun];
11770	else {
11771		mtx_unlock(&softc->ctl_lock);
11772		return (1);
11773	}
11774
11775	mtx_lock(&lun->lun_lock);
11776	mtx_unlock(&softc->ctl_lock);
11777	ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11778	    io->io_hdr.nexus.initid.id,
11779	    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11780	mtx_unlock(&lun->lun_lock);
11781	return (0);
11782}
11783
11784static int
11785ctl_i_t_nexus_reset(union ctl_io *io)
11786{
11787	struct ctl_softc *softc = control_softc;
11788	struct ctl_lun *lun;
11789	uint32_t initindex;
11790
11791	initindex = ctl_get_initindex(&io->io_hdr.nexus);
11792	mtx_lock(&softc->ctl_lock);
11793	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11794		mtx_lock(&lun->lun_lock);
11795		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11796		    io->io_hdr.nexus.initid.id,
11797		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11798		ctl_clear_mask(lun->have_ca, initindex);
11799		lun->pending_sense[initindex].ua_pending |= CTL_UA_I_T_NEXUS_LOSS;
11800		mtx_unlock(&lun->lun_lock);
11801	}
11802	mtx_unlock(&softc->ctl_lock);
11803	return (0);
11804}
11805
11806static int
11807ctl_abort_task(union ctl_io *io)
11808{
11809	union ctl_io *xio;
11810	struct ctl_lun *lun;
11811	struct ctl_softc *ctl_softc;
11812#if 0
11813	struct sbuf sb;
11814	char printbuf[128];
11815#endif
11816	int found;
11817	uint32_t targ_lun;
11818
11819	ctl_softc = control_softc;
11820	found = 0;
11821
11822	/*
11823	 * Look up the LUN.
11824	 */
11825	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11826	mtx_lock(&ctl_softc->ctl_lock);
11827	if ((targ_lun < CTL_MAX_LUNS)
11828	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
11829		lun = ctl_softc->ctl_luns[targ_lun];
11830	else {
11831		mtx_unlock(&ctl_softc->ctl_lock);
11832		goto bailout;
11833	}
11834
11835#if 0
11836	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11837	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11838#endif
11839
11840	mtx_lock(&lun->lun_lock);
11841	mtx_unlock(&ctl_softc->ctl_lock);
11842	/*
11843	 * Run through the OOA queue and attempt to find the given I/O.
11844	 * The target port, initiator ID, tag type and tag number have to
11845	 * match the values that we got from the initiator.  If we have an
11846	 * untagged command to abort, simply abort the first untagged command
11847	 * we come to.  We only allow one untagged command at a time of course.
11848	 */
11849#if 0
11850	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11851#endif
11852	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11853	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11854#if 0
11855		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11856
11857		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11858			    lun->lun, xio->scsiio.tag_num,
11859			    xio->scsiio.tag_type,
11860			    (xio->io_hdr.blocked_links.tqe_prev
11861			    == NULL) ? "" : " BLOCKED",
11862			    (xio->io_hdr.flags &
11863			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11864			    (xio->io_hdr.flags &
11865			    CTL_FLAG_ABORT) ? " ABORT" : "",
11866			    (xio->io_hdr.flags &
11867			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11868		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11869		sbuf_finish(&sb);
11870		printf("%s\n", sbuf_data(&sb));
11871#endif
11872
11873		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
11874		 && (xio->io_hdr.nexus.initid.id ==
11875		     io->io_hdr.nexus.initid.id)) {
11876			/*
11877			 * If the abort says that the task is untagged, the
11878			 * task in the queue must be untagged.  Otherwise,
11879			 * we just check to see whether the tag numbers
11880			 * match.  This is because the QLogic firmware
11881			 * doesn't pass back the tag type in an abort
11882			 * request.
11883			 */
11884#if 0
11885			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11886			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11887			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
11888#endif
11889			/*
11890			 * XXX KDM we've got problems with FC, because it
11891			 * doesn't send down a tag type with aborts.  So we
11892			 * can only really go by the tag number...
11893			 * This may cause problems with parallel SCSI.
11894			 * Need to figure that out!!
11895			 */
11896			if (xio->scsiio.tag_num == io->taskio.tag_num) {
11897				xio->io_hdr.flags |= CTL_FLAG_ABORT;
11898				found = 1;
11899				if ((io->io_hdr.flags &
11900				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
11901				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11902					union ctl_ha_msg msg_info;
11903
11904					io->io_hdr.flags |=
11905					                CTL_FLAG_SENT_2OTHER_SC;
11906					msg_info.hdr.nexus = io->io_hdr.nexus;
11907					msg_info.task.task_action =
11908						CTL_TASK_ABORT_TASK;
11909					msg_info.task.tag_num =
11910						io->taskio.tag_num;
11911					msg_info.task.tag_type =
11912						io->taskio.tag_type;
11913					msg_info.hdr.msg_type =
11914						CTL_MSG_MANAGE_TASKS;
11915					msg_info.hdr.original_sc = NULL;
11916					msg_info.hdr.serializing_sc = NULL;
11917#if 0
11918					printf("Sent Abort to other side\n");
11919#endif
11920					if (CTL_HA_STATUS_SUCCESS !=
11921					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11922		    				(void *)&msg_info,
11923						sizeof(msg_info), 0)) {
11924					}
11925				}
11926#if 0
11927				printf("ctl_abort_task: found I/O to abort\n");
11928#endif
11929				break;
11930			}
11931		}
11932	}
11933	mtx_unlock(&lun->lun_lock);
11934
11935bailout:
11936
11937	if (found == 0) {
11938		/*
11939		 * This isn't really an error.  It's entirely possible for
11940		 * the abort and command completion to cross on the wire.
11941		 * This is more of an informative/diagnostic error.
11942		 */
11943#if 0
11944		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11945		       "%d:%d:%d:%d tag %d type %d\n",
11946		       io->io_hdr.nexus.initid.id,
11947		       io->io_hdr.nexus.targ_port,
11948		       io->io_hdr.nexus.targ_target.id,
11949		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11950		       io->taskio.tag_type);
11951#endif
11952		return (1);
11953	} else
11954		return (0);
11955}
11956
11957/*
11958 * This routine cannot block!  It must be callable from an interrupt
11959 * handler as well as from the work thread.
11960 */
11961static void
11962ctl_run_task(union ctl_io *io)
11963{
11964	struct ctl_softc *ctl_softc;
11965	int retval;
11966	const char *task_desc;
11967
11968	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11969
11970	ctl_softc = control_softc;
11971	retval = 0;
11972
11973	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11974	    ("ctl_run_task: Unextected io_type %d\n",
11975	     io->io_hdr.io_type));
11976
11977	task_desc = ctl_scsi_task_string(&io->taskio);
11978	if (task_desc != NULL) {
11979#ifdef NEEDTOPORT
11980		csevent_log(CSC_CTL | CSC_SHELF_SW |
11981			    CTL_TASK_REPORT,
11982			    csevent_LogType_Trace,
11983			    csevent_Severity_Information,
11984			    csevent_AlertLevel_Green,
11985			    csevent_FRU_Firmware,
11986			    csevent_FRU_Unknown,
11987			    "CTL: received task: %s",task_desc);
11988#endif
11989	} else {
11990#ifdef NEEDTOPORT
11991		csevent_log(CSC_CTL | CSC_SHELF_SW |
11992			    CTL_TASK_REPORT,
11993			    csevent_LogType_Trace,
11994			    csevent_Severity_Information,
11995			    csevent_AlertLevel_Green,
11996			    csevent_FRU_Firmware,
11997			    csevent_FRU_Unknown,
11998			    "CTL: received unknown task "
11999			    "type: %d (%#x)",
12000			    io->taskio.task_action,
12001			    io->taskio.task_action);
12002#endif
12003	}
12004	switch (io->taskio.task_action) {
12005	case CTL_TASK_ABORT_TASK:
12006		retval = ctl_abort_task(io);
12007		break;
12008	case CTL_TASK_ABORT_TASK_SET:
12009		retval = ctl_abort_task_set(io);
12010		break;
12011	case CTL_TASK_CLEAR_ACA:
12012		break;
12013	case CTL_TASK_CLEAR_TASK_SET:
12014		break;
12015	case CTL_TASK_I_T_NEXUS_RESET:
12016		retval = ctl_i_t_nexus_reset(io);
12017		break;
12018	case CTL_TASK_LUN_RESET: {
12019		struct ctl_lun *lun;
12020		uint32_t targ_lun;
12021		int retval;
12022
12023		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12024		mtx_lock(&ctl_softc->ctl_lock);
12025		if ((targ_lun < CTL_MAX_LUNS)
12026		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12027			lun = ctl_softc->ctl_luns[targ_lun];
12028		else {
12029			mtx_unlock(&ctl_softc->ctl_lock);
12030			retval = 1;
12031			break;
12032		}
12033
12034		if (!(io->io_hdr.flags &
12035		    CTL_FLAG_FROM_OTHER_SC)) {
12036			union ctl_ha_msg msg_info;
12037
12038			io->io_hdr.flags |=
12039				CTL_FLAG_SENT_2OTHER_SC;
12040			msg_info.hdr.msg_type =
12041				CTL_MSG_MANAGE_TASKS;
12042			msg_info.hdr.nexus = io->io_hdr.nexus;
12043			msg_info.task.task_action =
12044				CTL_TASK_LUN_RESET;
12045			msg_info.hdr.original_sc = NULL;
12046			msg_info.hdr.serializing_sc = NULL;
12047			if (CTL_HA_STATUS_SUCCESS !=
12048			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12049			    (void *)&msg_info,
12050			    sizeof(msg_info), 0)) {
12051			}
12052		}
12053
12054		retval = ctl_lun_reset(lun, io,
12055				       CTL_UA_LUN_RESET);
12056		mtx_unlock(&ctl_softc->ctl_lock);
12057		break;
12058	}
12059	case CTL_TASK_TARGET_RESET:
12060		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
12061		break;
12062	case CTL_TASK_BUS_RESET:
12063		retval = ctl_bus_reset(ctl_softc, io);
12064		break;
12065	case CTL_TASK_PORT_LOGIN:
12066		break;
12067	case CTL_TASK_PORT_LOGOUT:
12068		break;
12069	default:
12070		printf("ctl_run_task: got unknown task management event %d\n",
12071		       io->taskio.task_action);
12072		break;
12073	}
12074	if (retval == 0)
12075		io->io_hdr.status = CTL_SUCCESS;
12076	else
12077		io->io_hdr.status = CTL_ERROR;
12078
12079	/*
12080	 * This will queue this I/O to the done queue, but the
12081	 * work thread won't be able to process it until we
12082	 * return and the lock is released.
12083	 */
12084	ctl_done(io);
12085}
12086
12087/*
12088 * For HA operation.  Handle commands that come in from the other
12089 * controller.
12090 */
12091static void
12092ctl_handle_isc(union ctl_io *io)
12093{
12094	int free_io;
12095	struct ctl_lun *lun;
12096	struct ctl_softc *ctl_softc;
12097	uint32_t targ_lun;
12098
12099	ctl_softc = control_softc;
12100
12101	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12102	lun = ctl_softc->ctl_luns[targ_lun];
12103
12104	switch (io->io_hdr.msg_type) {
12105	case CTL_MSG_SERIALIZE:
12106		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12107		break;
12108	case CTL_MSG_R2R: {
12109		const struct ctl_cmd_entry *entry;
12110
12111		/*
12112		 * This is only used in SER_ONLY mode.
12113		 */
12114		free_io = 0;
12115		entry = ctl_get_cmd_entry(&io->scsiio);
12116		mtx_lock(&lun->lun_lock);
12117		if (ctl_scsiio_lun_check(ctl_softc, lun,
12118		    entry, (struct ctl_scsiio *)io) != 0) {
12119			mtx_unlock(&lun->lun_lock);
12120			ctl_done(io);
12121			break;
12122		}
12123		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12124		mtx_unlock(&lun->lun_lock);
12125		ctl_enqueue_rtr(io);
12126		break;
12127	}
12128	case CTL_MSG_FINISH_IO:
12129		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
12130			free_io = 0;
12131			ctl_done(io);
12132		} else {
12133			free_io = 1;
12134			mtx_lock(&lun->lun_lock);
12135			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12136				     ooa_links);
12137			ctl_check_blocked(lun);
12138			mtx_unlock(&lun->lun_lock);
12139		}
12140		break;
12141	case CTL_MSG_PERS_ACTION:
12142		ctl_hndl_per_res_out_on_other_sc(
12143			(union ctl_ha_msg *)&io->presio.pr_msg);
12144		free_io = 1;
12145		break;
12146	case CTL_MSG_BAD_JUJU:
12147		free_io = 0;
12148		ctl_done(io);
12149		break;
12150	case CTL_MSG_DATAMOVE:
12151		/* Only used in XFER mode */
12152		free_io = 0;
12153		ctl_datamove_remote(io);
12154		break;
12155	case CTL_MSG_DATAMOVE_DONE:
12156		/* Only used in XFER mode */
12157		free_io = 0;
12158		io->scsiio.be_move_done(io);
12159		break;
12160	default:
12161		free_io = 1;
12162		printf("%s: Invalid message type %d\n",
12163		       __func__, io->io_hdr.msg_type);
12164		break;
12165	}
12166	if (free_io)
12167		ctl_free_io(io);
12168
12169}
12170
12171
12172/*
12173 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12174 * there is no match.
12175 */
12176static ctl_lun_error_pattern
12177ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12178{
12179	const struct ctl_cmd_entry *entry;
12180	ctl_lun_error_pattern filtered_pattern, pattern;
12181
12182	pattern = desc->error_pattern;
12183
12184	/*
12185	 * XXX KDM we need more data passed into this function to match a
12186	 * custom pattern, and we actually need to implement custom pattern
12187	 * matching.
12188	 */
12189	if (pattern & CTL_LUN_PAT_CMD)
12190		return (CTL_LUN_PAT_CMD);
12191
12192	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12193		return (CTL_LUN_PAT_ANY);
12194
12195	entry = ctl_get_cmd_entry(ctsio);
12196
12197	filtered_pattern = entry->pattern & pattern;
12198
12199	/*
12200	 * If the user requested specific flags in the pattern (e.g.
12201	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12202	 * flags.
12203	 *
12204	 * If the user did not specify any flags, it doesn't matter whether
12205	 * or not the command supports the flags.
12206	 */
12207	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12208	     (pattern & ~CTL_LUN_PAT_MASK))
12209		return (CTL_LUN_PAT_NONE);
12210
12211	/*
12212	 * If the user asked for a range check, see if the requested LBA
12213	 * range overlaps with this command's LBA range.
12214	 */
12215	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12216		uint64_t lba1;
12217		uint32_t len1;
12218		ctl_action action;
12219		int retval;
12220
12221		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12222		if (retval != 0)
12223			return (CTL_LUN_PAT_NONE);
12224
12225		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12226					      desc->lba_range.len);
12227		/*
12228		 * A "pass" means that the LBA ranges don't overlap, so
12229		 * this doesn't match the user's range criteria.
12230		 */
12231		if (action == CTL_ACTION_PASS)
12232			return (CTL_LUN_PAT_NONE);
12233	}
12234
12235	return (filtered_pattern);
12236}
12237
12238static void
12239ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12240{
12241	struct ctl_error_desc *desc, *desc2;
12242
12243	mtx_assert(&lun->lun_lock, MA_OWNED);
12244
12245	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12246		ctl_lun_error_pattern pattern;
12247		/*
12248		 * Check to see whether this particular command matches
12249		 * the pattern in the descriptor.
12250		 */
12251		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12252		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12253			continue;
12254
12255		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12256		case CTL_LUN_INJ_ABORTED:
12257			ctl_set_aborted(&io->scsiio);
12258			break;
12259		case CTL_LUN_INJ_MEDIUM_ERR:
12260			ctl_set_medium_error(&io->scsiio);
12261			break;
12262		case CTL_LUN_INJ_UA:
12263			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12264			 * OCCURRED */
12265			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12266			break;
12267		case CTL_LUN_INJ_CUSTOM:
12268			/*
12269			 * We're assuming the user knows what he is doing.
12270			 * Just copy the sense information without doing
12271			 * checks.
12272			 */
12273			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12274			      ctl_min(sizeof(desc->custom_sense),
12275				      sizeof(io->scsiio.sense_data)));
12276			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12277			io->scsiio.sense_len = SSD_FULL_SIZE;
12278			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12279			break;
12280		case CTL_LUN_INJ_NONE:
12281		default:
12282			/*
12283			 * If this is an error injection type we don't know
12284			 * about, clear the continuous flag (if it is set)
12285			 * so it will get deleted below.
12286			 */
12287			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12288			break;
12289		}
12290		/*
12291		 * By default, each error injection action is a one-shot
12292		 */
12293		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12294			continue;
12295
12296		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12297
12298		free(desc, M_CTL);
12299	}
12300}
12301
12302#ifdef CTL_IO_DELAY
12303static void
12304ctl_datamove_timer_wakeup(void *arg)
12305{
12306	union ctl_io *io;
12307
12308	io = (union ctl_io *)arg;
12309
12310	ctl_datamove(io);
12311}
12312#endif /* CTL_IO_DELAY */
12313
12314void
12315ctl_datamove(union ctl_io *io)
12316{
12317	void (*fe_datamove)(union ctl_io *io);
12318
12319	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12320
12321	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12322
12323#ifdef CTL_TIME_IO
12324	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12325		char str[256];
12326		char path_str[64];
12327		struct sbuf sb;
12328
12329		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12330		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12331
12332		sbuf_cat(&sb, path_str);
12333		switch (io->io_hdr.io_type) {
12334		case CTL_IO_SCSI:
12335			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12336			sbuf_printf(&sb, "\n");
12337			sbuf_cat(&sb, path_str);
12338			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12339				    io->scsiio.tag_num, io->scsiio.tag_type);
12340			break;
12341		case CTL_IO_TASK:
12342			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12343				    "Tag Type: %d\n", io->taskio.task_action,
12344				    io->taskio.tag_num, io->taskio.tag_type);
12345			break;
12346		default:
12347			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12348			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12349			break;
12350		}
12351		sbuf_cat(&sb, path_str);
12352		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12353			    (intmax_t)time_uptime - io->io_hdr.start_time);
12354		sbuf_finish(&sb);
12355		printf("%s", sbuf_data(&sb));
12356	}
12357#endif /* CTL_TIME_IO */
12358
12359#ifdef CTL_IO_DELAY
12360	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12361		struct ctl_lun *lun;
12362
12363		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12364
12365		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12366	} else {
12367		struct ctl_lun *lun;
12368
12369		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12370		if ((lun != NULL)
12371		 && (lun->delay_info.datamove_delay > 0)) {
12372			struct callout *callout;
12373
12374			callout = (struct callout *)&io->io_hdr.timer_bytes;
12375			callout_init(callout, /*mpsafe*/ 1);
12376			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12377			callout_reset(callout,
12378				      lun->delay_info.datamove_delay * hz,
12379				      ctl_datamove_timer_wakeup, io);
12380			if (lun->delay_info.datamove_type ==
12381			    CTL_DELAY_TYPE_ONESHOT)
12382				lun->delay_info.datamove_delay = 0;
12383			return;
12384		}
12385	}
12386#endif
12387
12388	/*
12389	 * This command has been aborted.  Set the port status, so we fail
12390	 * the data move.
12391	 */
12392	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12393		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12394		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12395		       io->io_hdr.nexus.targ_port,
12396		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12397		       io->io_hdr.nexus.targ_lun);
12398		io->io_hdr.status = CTL_CMD_ABORTED;
12399		io->io_hdr.port_status = 31337;
12400		/*
12401		 * Note that the backend, in this case, will get the
12402		 * callback in its context.  In other cases it may get
12403		 * called in the frontend's interrupt thread context.
12404		 */
12405		io->scsiio.be_move_done(io);
12406		return;
12407	}
12408
12409	/*
12410	 * If we're in XFER mode and this I/O is from the other shelf
12411	 * controller, we need to send the DMA to the other side to
12412	 * actually transfer the data to/from the host.  In serialize only
12413	 * mode the transfer happens below CTL and ctl_datamove() is only
12414	 * called on the machine that originally received the I/O.
12415	 */
12416	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12417	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12418		union ctl_ha_msg msg;
12419		uint32_t sg_entries_sent;
12420		int do_sg_copy;
12421		int i;
12422
12423		memset(&msg, 0, sizeof(msg));
12424		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12425		msg.hdr.original_sc = io->io_hdr.original_sc;
12426		msg.hdr.serializing_sc = io;
12427		msg.hdr.nexus = io->io_hdr.nexus;
12428		msg.dt.flags = io->io_hdr.flags;
12429		/*
12430		 * We convert everything into a S/G list here.  We can't
12431		 * pass by reference, only by value between controllers.
12432		 * So we can't pass a pointer to the S/G list, only as many
12433		 * S/G entries as we can fit in here.  If it's possible for
12434		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12435		 * then we need to break this up into multiple transfers.
12436		 */
12437		if (io->scsiio.kern_sg_entries == 0) {
12438			msg.dt.kern_sg_entries = 1;
12439			/*
12440			 * If this is in cached memory, flush the cache
12441			 * before we send the DMA request to the other
12442			 * controller.  We want to do this in either the
12443			 * read or the write case.  The read case is
12444			 * straightforward.  In the write case, we want to
12445			 * make sure nothing is in the local cache that
12446			 * could overwrite the DMAed data.
12447			 */
12448			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12449				/*
12450				 * XXX KDM use bus_dmamap_sync() here.
12451				 */
12452			}
12453
12454			/*
12455			 * Convert to a physical address if this is a
12456			 * virtual address.
12457			 */
12458			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12459				msg.dt.sg_list[0].addr =
12460					io->scsiio.kern_data_ptr;
12461			} else {
12462				/*
12463				 * XXX KDM use busdma here!
12464				 */
12465#if 0
12466				msg.dt.sg_list[0].addr = (void *)
12467					vtophys(io->scsiio.kern_data_ptr);
12468#endif
12469			}
12470
12471			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12472			do_sg_copy = 0;
12473		} else {
12474			struct ctl_sg_entry *sgl;
12475
12476			do_sg_copy = 1;
12477			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12478			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12479			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12480				/*
12481				 * XXX KDM use bus_dmamap_sync() here.
12482				 */
12483			}
12484		}
12485
12486		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12487		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12488		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12489		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12490		msg.dt.sg_sequence = 0;
12491
12492		/*
12493		 * Loop until we've sent all of the S/G entries.  On the
12494		 * other end, we'll recompose these S/G entries into one
12495		 * contiguous list before passing it to the
12496		 */
12497		for (sg_entries_sent = 0; sg_entries_sent <
12498		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12499			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
12500				sizeof(msg.dt.sg_list[0])),
12501				msg.dt.kern_sg_entries - sg_entries_sent);
12502
12503			if (do_sg_copy != 0) {
12504				struct ctl_sg_entry *sgl;
12505				int j;
12506
12507				sgl = (struct ctl_sg_entry *)
12508					io->scsiio.kern_data_ptr;
12509				/*
12510				 * If this is in cached memory, flush the cache
12511				 * before we send the DMA request to the other
12512				 * controller.  We want to do this in either
12513				 * the * read or the write case.  The read
12514				 * case is straightforward.  In the write
12515				 * case, we want to make sure nothing is
12516				 * in the local cache that could overwrite
12517				 * the DMAed data.
12518				 */
12519
12520				for (i = sg_entries_sent, j = 0;
12521				     i < msg.dt.cur_sg_entries; i++, j++) {
12522					if ((io->io_hdr.flags &
12523					     CTL_FLAG_NO_DATASYNC) == 0) {
12524						/*
12525						 * XXX KDM use bus_dmamap_sync()
12526						 */
12527					}
12528					if ((io->io_hdr.flags &
12529					     CTL_FLAG_BUS_ADDR) == 0) {
12530						/*
12531						 * XXX KDM use busdma.
12532						 */
12533#if 0
12534						msg.dt.sg_list[j].addr =(void *)
12535						       vtophys(sgl[i].addr);
12536#endif
12537					} else {
12538						msg.dt.sg_list[j].addr =
12539							sgl[i].addr;
12540					}
12541					msg.dt.sg_list[j].len = sgl[i].len;
12542				}
12543			}
12544
12545			sg_entries_sent += msg.dt.cur_sg_entries;
12546			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12547				msg.dt.sg_last = 1;
12548			else
12549				msg.dt.sg_last = 0;
12550
12551			/*
12552			 * XXX KDM drop and reacquire the lock here?
12553			 */
12554			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12555			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12556				/*
12557				 * XXX do something here.
12558				 */
12559			}
12560
12561			msg.dt.sent_sg_entries = sg_entries_sent;
12562		}
12563		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12564		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12565			ctl_failover_io(io, /*have_lock*/ 0);
12566
12567	} else {
12568
12569		/*
12570		 * Lookup the fe_datamove() function for this particular
12571		 * front end.
12572		 */
12573		fe_datamove =
12574		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12575
12576		fe_datamove(io);
12577	}
12578}
12579
12580static void
12581ctl_send_datamove_done(union ctl_io *io, int have_lock)
12582{
12583	union ctl_ha_msg msg;
12584	int isc_status;
12585
12586	memset(&msg, 0, sizeof(msg));
12587
12588	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12589	msg.hdr.original_sc = io;
12590	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12591	msg.hdr.nexus = io->io_hdr.nexus;
12592	msg.hdr.status = io->io_hdr.status;
12593	msg.scsi.tag_num = io->scsiio.tag_num;
12594	msg.scsi.tag_type = io->scsiio.tag_type;
12595	msg.scsi.scsi_status = io->scsiio.scsi_status;
12596	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12597	       sizeof(io->scsiio.sense_data));
12598	msg.scsi.sense_len = io->scsiio.sense_len;
12599	msg.scsi.sense_residual = io->scsiio.sense_residual;
12600	msg.scsi.fetd_status = io->io_hdr.port_status;
12601	msg.scsi.residual = io->scsiio.residual;
12602	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12603
12604	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12605		ctl_failover_io(io, /*have_lock*/ have_lock);
12606		return;
12607	}
12608
12609	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12610	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12611		/* XXX do something if this fails */
12612	}
12613
12614}
12615
12616/*
12617 * The DMA to the remote side is done, now we need to tell the other side
12618 * we're done so it can continue with its data movement.
12619 */
12620static void
12621ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12622{
12623	union ctl_io *io;
12624
12625	io = rq->context;
12626
12627	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12628		printf("%s: ISC DMA write failed with error %d", __func__,
12629		       rq->ret);
12630		ctl_set_internal_failure(&io->scsiio,
12631					 /*sks_valid*/ 1,
12632					 /*retry_count*/ rq->ret);
12633	}
12634
12635	ctl_dt_req_free(rq);
12636
12637	/*
12638	 * In this case, we had to malloc the memory locally.  Free it.
12639	 */
12640	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12641		int i;
12642		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12643			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12644	}
12645	/*
12646	 * The data is in local and remote memory, so now we need to send
12647	 * status (good or back) back to the other side.
12648	 */
12649	ctl_send_datamove_done(io, /*have_lock*/ 0);
12650}
12651
12652/*
12653 * We've moved the data from the host/controller into local memory.  Now we
12654 * need to push it over to the remote controller's memory.
12655 */
12656static int
12657ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12658{
12659	int retval;
12660
12661	retval = 0;
12662
12663	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12664					  ctl_datamove_remote_write_cb);
12665
12666	return (retval);
12667}
12668
12669static void
12670ctl_datamove_remote_write(union ctl_io *io)
12671{
12672	int retval;
12673	void (*fe_datamove)(union ctl_io *io);
12674
12675	/*
12676	 * - Get the data from the host/HBA into local memory.
12677	 * - DMA memory from the local controller to the remote controller.
12678	 * - Send status back to the remote controller.
12679	 */
12680
12681	retval = ctl_datamove_remote_sgl_setup(io);
12682	if (retval != 0)
12683		return;
12684
12685	/* Switch the pointer over so the FETD knows what to do */
12686	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12687
12688	/*
12689	 * Use a custom move done callback, since we need to send completion
12690	 * back to the other controller, not to the backend on this side.
12691	 */
12692	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12693
12694	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12695
12696	fe_datamove(io);
12697
12698	return;
12699
12700}
12701
12702static int
12703ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12704{
12705#if 0
12706	char str[256];
12707	char path_str[64];
12708	struct sbuf sb;
12709#endif
12710
12711	/*
12712	 * In this case, we had to malloc the memory locally.  Free it.
12713	 */
12714	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12715		int i;
12716		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12717			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12718	}
12719
12720#if 0
12721	scsi_path_string(io, path_str, sizeof(path_str));
12722	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12723	sbuf_cat(&sb, path_str);
12724	scsi_command_string(&io->scsiio, NULL, &sb);
12725	sbuf_printf(&sb, "\n");
12726	sbuf_cat(&sb, path_str);
12727	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12728		    io->scsiio.tag_num, io->scsiio.tag_type);
12729	sbuf_cat(&sb, path_str);
12730	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12731		    io->io_hdr.flags, io->io_hdr.status);
12732	sbuf_finish(&sb);
12733	printk("%s", sbuf_data(&sb));
12734#endif
12735
12736
12737	/*
12738	 * The read is done, now we need to send status (good or bad) back
12739	 * to the other side.
12740	 */
12741	ctl_send_datamove_done(io, /*have_lock*/ 0);
12742
12743	return (0);
12744}
12745
12746static void
12747ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12748{
12749	union ctl_io *io;
12750	void (*fe_datamove)(union ctl_io *io);
12751
12752	io = rq->context;
12753
12754	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12755		printf("%s: ISC DMA read failed with error %d", __func__,
12756		       rq->ret);
12757		ctl_set_internal_failure(&io->scsiio,
12758					 /*sks_valid*/ 1,
12759					 /*retry_count*/ rq->ret);
12760	}
12761
12762	ctl_dt_req_free(rq);
12763
12764	/* Switch the pointer over so the FETD knows what to do */
12765	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12766
12767	/*
12768	 * Use a custom move done callback, since we need to send completion
12769	 * back to the other controller, not to the backend on this side.
12770	 */
12771	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12772
12773	/* XXX KDM add checks like the ones in ctl_datamove? */
12774
12775	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12776
12777	fe_datamove(io);
12778}
12779
12780static int
12781ctl_datamove_remote_sgl_setup(union ctl_io *io)
12782{
12783	struct ctl_sg_entry *local_sglist, *remote_sglist;
12784	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
12785	struct ctl_softc *softc;
12786	int retval;
12787	int i;
12788
12789	retval = 0;
12790	softc = control_softc;
12791
12792	local_sglist = io->io_hdr.local_sglist;
12793	local_dma_sglist = io->io_hdr.local_dma_sglist;
12794	remote_sglist = io->io_hdr.remote_sglist;
12795	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12796
12797	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
12798		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
12799			local_sglist[i].len = remote_sglist[i].len;
12800
12801			/*
12802			 * XXX Detect the situation where the RS-level I/O
12803			 * redirector on the other side has already read the
12804			 * data off of the AOR RS on this side, and
12805			 * transferred it to remote (mirror) memory on the
12806			 * other side.  Since we already have the data in
12807			 * memory here, we just need to use it.
12808			 *
12809			 * XXX KDM this can probably be removed once we
12810			 * get the cache device code in and take the
12811			 * current AOR implementation out.
12812			 */
12813#ifdef NEEDTOPORT
12814			if ((remote_sglist[i].addr >=
12815			     (void *)vtophys(softc->mirr->addr))
12816			 && (remote_sglist[i].addr <
12817			     ((void *)vtophys(softc->mirr->addr) +
12818			     CacheMirrorOffset))) {
12819				local_sglist[i].addr = remote_sglist[i].addr -
12820					CacheMirrorOffset;
12821				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12822				     CTL_FLAG_DATA_IN)
12823					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
12824			} else {
12825				local_sglist[i].addr = remote_sglist[i].addr +
12826					CacheMirrorOffset;
12827			}
12828#endif
12829#if 0
12830			printf("%s: local %p, remote %p, len %d\n",
12831			       __func__, local_sglist[i].addr,
12832			       remote_sglist[i].addr, local_sglist[i].len);
12833#endif
12834		}
12835	} else {
12836		uint32_t len_to_go;
12837
12838		/*
12839		 * In this case, we don't have automatically allocated
12840		 * memory for this I/O on this controller.  This typically
12841		 * happens with internal CTL I/O -- e.g. inquiry, mode
12842		 * sense, etc.  Anything coming from RAIDCore will have
12843		 * a mirror area available.
12844		 */
12845		len_to_go = io->scsiio.kern_data_len;
12846
12847		/*
12848		 * Clear the no datasync flag, we have to use malloced
12849		 * buffers.
12850		 */
12851		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
12852
12853		/*
12854		 * The difficult thing here is that the size of the various
12855		 * S/G segments may be different than the size from the
12856		 * remote controller.  That'll make it harder when DMAing
12857		 * the data back to the other side.
12858		 */
12859		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
12860		     sizeof(io->io_hdr.remote_sglist[0])) &&
12861		     (len_to_go > 0); i++) {
12862			local_sglist[i].len = ctl_min(len_to_go, 131072);
12863			CTL_SIZE_8B(local_dma_sglist[i].len,
12864				    local_sglist[i].len);
12865			local_sglist[i].addr =
12866				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
12867
12868			local_dma_sglist[i].addr = local_sglist[i].addr;
12869
12870			if (local_sglist[i].addr == NULL) {
12871				int j;
12872
12873				printf("malloc failed for %zd bytes!",
12874				       local_dma_sglist[i].len);
12875				for (j = 0; j < i; j++) {
12876					free(local_sglist[j].addr, M_CTL);
12877				}
12878				ctl_set_internal_failure(&io->scsiio,
12879							 /*sks_valid*/ 1,
12880							 /*retry_count*/ 4857);
12881				retval = 1;
12882				goto bailout_error;
12883
12884			}
12885			/* XXX KDM do we need a sync here? */
12886
12887			len_to_go -= local_sglist[i].len;
12888		}
12889		/*
12890		 * Reset the number of S/G entries accordingly.  The
12891		 * original number of S/G entries is available in
12892		 * rem_sg_entries.
12893		 */
12894		io->scsiio.kern_sg_entries = i;
12895
12896#if 0
12897		printf("%s: kern_sg_entries = %d\n", __func__,
12898		       io->scsiio.kern_sg_entries);
12899		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12900			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
12901			       local_sglist[i].addr, local_sglist[i].len,
12902			       local_dma_sglist[i].len);
12903#endif
12904	}
12905
12906
12907	return (retval);
12908
12909bailout_error:
12910
12911	ctl_send_datamove_done(io, /*have_lock*/ 0);
12912
12913	return (retval);
12914}
12915
12916static int
12917ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12918			 ctl_ha_dt_cb callback)
12919{
12920	struct ctl_ha_dt_req *rq;
12921	struct ctl_sg_entry *remote_sglist, *local_sglist;
12922	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
12923	uint32_t local_used, remote_used, total_used;
12924	int retval;
12925	int i, j;
12926
12927	retval = 0;
12928
12929	rq = ctl_dt_req_alloc();
12930
12931	/*
12932	 * If we failed to allocate the request, and if the DMA didn't fail
12933	 * anyway, set busy status.  This is just a resource allocation
12934	 * failure.
12935	 */
12936	if ((rq == NULL)
12937	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
12938		ctl_set_busy(&io->scsiio);
12939
12940	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
12941
12942		if (rq != NULL)
12943			ctl_dt_req_free(rq);
12944
12945		/*
12946		 * The data move failed.  We need to return status back
12947		 * to the other controller.  No point in trying to DMA
12948		 * data to the remote controller.
12949		 */
12950
12951		ctl_send_datamove_done(io, /*have_lock*/ 0);
12952
12953		retval = 1;
12954
12955		goto bailout;
12956	}
12957
12958	local_sglist = io->io_hdr.local_sglist;
12959	local_dma_sglist = io->io_hdr.local_dma_sglist;
12960	remote_sglist = io->io_hdr.remote_sglist;
12961	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12962	local_used = 0;
12963	remote_used = 0;
12964	total_used = 0;
12965
12966	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
12967		rq->ret = CTL_HA_STATUS_SUCCESS;
12968		rq->context = io;
12969		callback(rq);
12970		goto bailout;
12971	}
12972
12973	/*
12974	 * Pull/push the data over the wire from/to the other controller.
12975	 * This takes into account the possibility that the local and
12976	 * remote sglists may not be identical in terms of the size of
12977	 * the elements and the number of elements.
12978	 *
12979	 * One fundamental assumption here is that the length allocated for
12980	 * both the local and remote sglists is identical.  Otherwise, we've
12981	 * essentially got a coding error of some sort.
12982	 */
12983	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12984		int isc_ret;
12985		uint32_t cur_len, dma_length;
12986		uint8_t *tmp_ptr;
12987
12988		rq->id = CTL_HA_DATA_CTL;
12989		rq->command = command;
12990		rq->context = io;
12991
12992		/*
12993		 * Both pointers should be aligned.  But it is possible
12994		 * that the allocation length is not.  They should both
12995		 * also have enough slack left over at the end, though,
12996		 * to round up to the next 8 byte boundary.
12997		 */
12998		cur_len = ctl_min(local_sglist[i].len - local_used,
12999				  remote_sglist[j].len - remote_used);
13000
13001		/*
13002		 * In this case, we have a size issue and need to decrease
13003		 * the size, except in the case where we actually have less
13004		 * than 8 bytes left.  In that case, we need to increase
13005		 * the DMA length to get the last bit.
13006		 */
13007		if ((cur_len & 0x7) != 0) {
13008			if (cur_len > 0x7) {
13009				cur_len = cur_len - (cur_len & 0x7);
13010				dma_length = cur_len;
13011			} else {
13012				CTL_SIZE_8B(dma_length, cur_len);
13013			}
13014
13015		} else
13016			dma_length = cur_len;
13017
13018		/*
13019		 * If we had to allocate memory for this I/O, instead of using
13020		 * the non-cached mirror memory, we'll need to flush the cache
13021		 * before trying to DMA to the other controller.
13022		 *
13023		 * We could end up doing this multiple times for the same
13024		 * segment if we have a larger local segment than remote
13025		 * segment.  That shouldn't be an issue.
13026		 */
13027		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13028			/*
13029			 * XXX KDM use bus_dmamap_sync() here.
13030			 */
13031		}
13032
13033		rq->size = dma_length;
13034
13035		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13036		tmp_ptr += local_used;
13037
13038		/* Use physical addresses when talking to ISC hardware */
13039		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13040			/* XXX KDM use busdma */
13041#if 0
13042			rq->local = vtophys(tmp_ptr);
13043#endif
13044		} else
13045			rq->local = tmp_ptr;
13046
13047		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13048		tmp_ptr += remote_used;
13049		rq->remote = tmp_ptr;
13050
13051		rq->callback = NULL;
13052
13053		local_used += cur_len;
13054		if (local_used >= local_sglist[i].len) {
13055			i++;
13056			local_used = 0;
13057		}
13058
13059		remote_used += cur_len;
13060		if (remote_used >= remote_sglist[j].len) {
13061			j++;
13062			remote_used = 0;
13063		}
13064		total_used += cur_len;
13065
13066		if (total_used >= io->scsiio.kern_data_len)
13067			rq->callback = callback;
13068
13069		if ((rq->size & 0x7) != 0) {
13070			printf("%s: warning: size %d is not on 8b boundary\n",
13071			       __func__, rq->size);
13072		}
13073		if (((uintptr_t)rq->local & 0x7) != 0) {
13074			printf("%s: warning: local %p not on 8b boundary\n",
13075			       __func__, rq->local);
13076		}
13077		if (((uintptr_t)rq->remote & 0x7) != 0) {
13078			printf("%s: warning: remote %p not on 8b boundary\n",
13079			       __func__, rq->local);
13080		}
13081#if 0
13082		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
13083		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13084		       rq->local, rq->remote, rq->size);
13085#endif
13086
13087		isc_ret = ctl_dt_single(rq);
13088		if (isc_ret == CTL_HA_STATUS_WAIT)
13089			continue;
13090
13091		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
13092			rq->ret = CTL_HA_STATUS_SUCCESS;
13093		} else {
13094			rq->ret = isc_ret;
13095		}
13096		callback(rq);
13097		goto bailout;
13098	}
13099
13100bailout:
13101	return (retval);
13102
13103}
13104
13105static void
13106ctl_datamove_remote_read(union ctl_io *io)
13107{
13108	int retval;
13109	int i;
13110
13111	/*
13112	 * This will send an error to the other controller in the case of a
13113	 * failure.
13114	 */
13115	retval = ctl_datamove_remote_sgl_setup(io);
13116	if (retval != 0)
13117		return;
13118
13119	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13120					  ctl_datamove_remote_read_cb);
13121	if ((retval != 0)
13122	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
13123		/*
13124		 * Make sure we free memory if there was an error..  The
13125		 * ctl_datamove_remote_xfer() function will send the
13126		 * datamove done message, or call the callback with an
13127		 * error if there is a problem.
13128		 */
13129		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13130			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13131	}
13132
13133	return;
13134}
13135
13136/*
13137 * Process a datamove request from the other controller.  This is used for
13138 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13139 * first.  Once that is complete, the data gets DMAed into the remote
13140 * controller's memory.  For reads, we DMA from the remote controller's
13141 * memory into our memory first, and then move it out to the FETD.
13142 */
13143static void
13144ctl_datamove_remote(union ctl_io *io)
13145{
13146	struct ctl_softc *softc;
13147
13148	softc = control_softc;
13149
13150	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13151
13152	/*
13153	 * Note that we look for an aborted I/O here, but don't do some of
13154	 * the other checks that ctl_datamove() normally does.  We don't
13155	 * need to run the task queue, because this I/O is on the ISC
13156	 * queue, which is executed by the work thread after the task queue.
13157	 * We don't need to run the datamove delay code, since that should
13158	 * have been done if need be on the other controller.
13159	 */
13160	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13161
13162		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13163		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13164		       io->io_hdr.nexus.targ_port,
13165		       io->io_hdr.nexus.targ_target.id,
13166		       io->io_hdr.nexus.targ_lun);
13167		io->io_hdr.status = CTL_CMD_ABORTED;
13168		io->io_hdr.port_status = 31338;
13169
13170		ctl_send_datamove_done(io, /*have_lock*/ 0);
13171
13172		return;
13173	}
13174
13175	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13176		ctl_datamove_remote_write(io);
13177	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13178		ctl_datamove_remote_read(io);
13179	} else {
13180		union ctl_ha_msg msg;
13181		struct scsi_sense_data *sense;
13182		uint8_t sks[3];
13183		int retry_count;
13184
13185		memset(&msg, 0, sizeof(msg));
13186
13187		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13188		msg.hdr.status = CTL_SCSI_ERROR;
13189		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13190
13191		retry_count = 4243;
13192
13193		sense = &msg.scsi.sense_data;
13194		sks[0] = SSD_SCS_VALID;
13195		sks[1] = (retry_count >> 8) & 0xff;
13196		sks[2] = retry_count & 0xff;
13197
13198		/* "Internal target failure" */
13199		scsi_set_sense_data(sense,
13200				    /*sense_format*/ SSD_TYPE_NONE,
13201				    /*current_error*/ 1,
13202				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13203				    /*asc*/ 0x44,
13204				    /*ascq*/ 0x00,
13205				    /*type*/ SSD_ELEM_SKS,
13206				    /*size*/ sizeof(sks),
13207				    /*data*/ sks,
13208				    SSD_ELEM_NONE);
13209
13210		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13211		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13212			ctl_failover_io(io, /*have_lock*/ 1);
13213			return;
13214		}
13215
13216		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13217		    CTL_HA_STATUS_SUCCESS) {
13218			/* XXX KDM what to do if this fails? */
13219		}
13220		return;
13221	}
13222
13223}
13224
13225static int
13226ctl_process_done(union ctl_io *io)
13227{
13228	struct ctl_lun *lun;
13229	struct ctl_softc *ctl_softc;
13230	void (*fe_done)(union ctl_io *io);
13231	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13232
13233	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13234
13235	fe_done =
13236	    control_softc->ctl_ports[targ_port]->fe_done;
13237
13238#ifdef CTL_TIME_IO
13239	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13240		char str[256];
13241		char path_str[64];
13242		struct sbuf sb;
13243
13244		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13245		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13246
13247		sbuf_cat(&sb, path_str);
13248		switch (io->io_hdr.io_type) {
13249		case CTL_IO_SCSI:
13250			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13251			sbuf_printf(&sb, "\n");
13252			sbuf_cat(&sb, path_str);
13253			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13254				    io->scsiio.tag_num, io->scsiio.tag_type);
13255			break;
13256		case CTL_IO_TASK:
13257			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13258				    "Tag Type: %d\n", io->taskio.task_action,
13259				    io->taskio.tag_num, io->taskio.tag_type);
13260			break;
13261		default:
13262			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13263			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13264			break;
13265		}
13266		sbuf_cat(&sb, path_str);
13267		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13268			    (intmax_t)time_uptime - io->io_hdr.start_time);
13269		sbuf_finish(&sb);
13270		printf("%s", sbuf_data(&sb));
13271	}
13272#endif /* CTL_TIME_IO */
13273
13274	switch (io->io_hdr.io_type) {
13275	case CTL_IO_SCSI:
13276		break;
13277	case CTL_IO_TASK:
13278		if (bootverbose || verbose > 0)
13279			ctl_io_error_print(io, NULL);
13280		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13281			ctl_free_io(io);
13282		else
13283			fe_done(io);
13284		return (CTL_RETVAL_COMPLETE);
13285		break;
13286	default:
13287		printf("ctl_process_done: invalid io type %d\n",
13288		       io->io_hdr.io_type);
13289		panic("ctl_process_done: invalid io type %d\n",
13290		      io->io_hdr.io_type);
13291		break; /* NOTREACHED */
13292	}
13293
13294	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13295	if (lun == NULL) {
13296		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13297				 io->io_hdr.nexus.targ_mapped_lun));
13298		fe_done(io);
13299		goto bailout;
13300	}
13301	ctl_softc = lun->ctl_softc;
13302
13303	mtx_lock(&lun->lun_lock);
13304
13305	/*
13306	 * Check to see if we have any errors to inject here.  We only
13307	 * inject errors for commands that don't already have errors set.
13308	 */
13309	if ((STAILQ_FIRST(&lun->error_list) != NULL)
13310	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
13311		ctl_inject_error(lun, io);
13312
13313	/*
13314	 * XXX KDM how do we treat commands that aren't completed
13315	 * successfully?
13316	 *
13317	 * XXX KDM should we also track I/O latency?
13318	 */
13319	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13320	    io->io_hdr.io_type == CTL_IO_SCSI) {
13321#ifdef CTL_TIME_IO
13322		struct bintime cur_bt;
13323#endif
13324		int type;
13325
13326		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13327		    CTL_FLAG_DATA_IN)
13328			type = CTL_STATS_READ;
13329		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13330		    CTL_FLAG_DATA_OUT)
13331			type = CTL_STATS_WRITE;
13332		else
13333			type = CTL_STATS_NO_IO;
13334
13335		lun->stats.ports[targ_port].bytes[type] +=
13336		    io->scsiio.kern_total_len;
13337		lun->stats.ports[targ_port].operations[type]++;
13338#ifdef CTL_TIME_IO
13339		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13340		   &io->io_hdr.dma_bt);
13341		lun->stats.ports[targ_port].num_dmas[type] +=
13342		    io->io_hdr.num_dmas;
13343		getbintime(&cur_bt);
13344		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13345		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13346#endif
13347	}
13348
13349	/*
13350	 * Remove this from the OOA queue.
13351	 */
13352	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13353
13354	/*
13355	 * Run through the blocked queue on this LUN and see if anything
13356	 * has become unblocked, now that this transaction is done.
13357	 */
13358	ctl_check_blocked(lun);
13359
13360	/*
13361	 * If the LUN has been invalidated, free it if there is nothing
13362	 * left on its OOA queue.
13363	 */
13364	if ((lun->flags & CTL_LUN_INVALID)
13365	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13366		mtx_unlock(&lun->lun_lock);
13367		mtx_lock(&ctl_softc->ctl_lock);
13368		ctl_free_lun(lun);
13369		mtx_unlock(&ctl_softc->ctl_lock);
13370	} else
13371		mtx_unlock(&lun->lun_lock);
13372
13373	/*
13374	 * If this command has been aborted, make sure we set the status
13375	 * properly.  The FETD is responsible for freeing the I/O and doing
13376	 * whatever it needs to do to clean up its state.
13377	 */
13378	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13379		io->io_hdr.status = CTL_CMD_ABORTED;
13380
13381	/*
13382	 * We print out status for every task management command.  For SCSI
13383	 * commands, we filter out any unit attention errors; they happen
13384	 * on every boot, and would clutter up the log.  Note:  task
13385	 * management commands aren't printed here, they are printed above,
13386	 * since they should never even make it down here.
13387	 */
13388	switch (io->io_hdr.io_type) {
13389	case CTL_IO_SCSI: {
13390		int error_code, sense_key, asc, ascq;
13391
13392		sense_key = 0;
13393
13394		if (((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR)
13395		 && (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
13396			/*
13397			 * Since this is just for printing, no need to
13398			 * show errors here.
13399			 */
13400			scsi_extract_sense_len(&io->scsiio.sense_data,
13401					       io->scsiio.sense_len,
13402					       &error_code,
13403					       &sense_key,
13404					       &asc,
13405					       &ascq,
13406					       /*show_errors*/ 0);
13407		}
13408
13409		if (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
13410		 && (((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SCSI_ERROR)
13411		  || (io->scsiio.scsi_status != SCSI_STATUS_CHECK_COND)
13412		  || (sense_key != SSD_KEY_UNIT_ATTENTION))) {
13413
13414			if ((time_uptime - ctl_softc->last_print_jiffies) <= 0){
13415				ctl_softc->skipped_prints++;
13416			} else {
13417				uint32_t skipped_prints;
13418
13419				skipped_prints = ctl_softc->skipped_prints;
13420
13421				ctl_softc->skipped_prints = 0;
13422				ctl_softc->last_print_jiffies = time_uptime;
13423
13424				if (skipped_prints > 0) {
13425#ifdef NEEDTOPORT
13426					csevent_log(CSC_CTL | CSC_SHELF_SW |
13427					    CTL_ERROR_REPORT,
13428					    csevent_LogType_Trace,
13429					    csevent_Severity_Information,
13430					    csevent_AlertLevel_Green,
13431					    csevent_FRU_Firmware,
13432					    csevent_FRU_Unknown,
13433					    "High CTL error volume, %d prints "
13434					    "skipped", skipped_prints);
13435#endif
13436				}
13437				if (bootverbose || verbose > 0)
13438					ctl_io_error_print(io, NULL);
13439			}
13440		}
13441		break;
13442	}
13443	case CTL_IO_TASK:
13444		if (bootverbose || verbose > 0)
13445			ctl_io_error_print(io, NULL);
13446		break;
13447	default:
13448		break;
13449	}
13450
13451	/*
13452	 * Tell the FETD or the other shelf controller we're done with this
13453	 * command.  Note that only SCSI commands get to this point.  Task
13454	 * management commands are completed above.
13455	 *
13456	 * We only send status to the other controller if we're in XFER
13457	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13458	 * received the I/O (from CTL's perspective), and so the status is
13459	 * generated there.
13460	 *
13461	 * XXX KDM if we hold the lock here, we could cause a deadlock
13462	 * if the frontend comes back in in this context to queue
13463	 * something.
13464	 */
13465	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
13466	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13467		union ctl_ha_msg msg;
13468
13469		memset(&msg, 0, sizeof(msg));
13470		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13471		msg.hdr.original_sc = io->io_hdr.original_sc;
13472		msg.hdr.nexus = io->io_hdr.nexus;
13473		msg.hdr.status = io->io_hdr.status;
13474		msg.scsi.scsi_status = io->scsiio.scsi_status;
13475		msg.scsi.tag_num = io->scsiio.tag_num;
13476		msg.scsi.tag_type = io->scsiio.tag_type;
13477		msg.scsi.sense_len = io->scsiio.sense_len;
13478		msg.scsi.sense_residual = io->scsiio.sense_residual;
13479		msg.scsi.residual = io->scsiio.residual;
13480		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13481		       sizeof(io->scsiio.sense_data));
13482		/*
13483		 * We copy this whether or not this is an I/O-related
13484		 * command.  Otherwise, we'd have to go and check to see
13485		 * whether it's a read/write command, and it really isn't
13486		 * worth it.
13487		 */
13488		memcpy(&msg.scsi.lbalen,
13489		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13490		       sizeof(msg.scsi.lbalen));
13491
13492		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13493				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13494			/* XXX do something here */
13495		}
13496
13497		ctl_free_io(io);
13498	} else
13499		fe_done(io);
13500
13501bailout:
13502
13503	return (CTL_RETVAL_COMPLETE);
13504}
13505
13506/*
13507 * Front end should call this if it doesn't do autosense.  When the request
13508 * sense comes back in from the initiator, we'll dequeue this and send it.
13509 */
13510int
13511ctl_queue_sense(union ctl_io *io)
13512{
13513	struct ctl_lun *lun;
13514	struct ctl_softc *ctl_softc;
13515	uint32_t initidx, targ_lun;
13516
13517	ctl_softc = control_softc;
13518
13519	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13520
13521	/*
13522	 * LUN lookup will likely move to the ctl_work_thread() once we
13523	 * have our new queueing infrastructure (that doesn't put things on
13524	 * a per-LUN queue initially).  That is so that we can handle
13525	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13526	 * can't deal with that right now.
13527	 */
13528	mtx_lock(&ctl_softc->ctl_lock);
13529
13530	/*
13531	 * If we don't have a LUN for this, just toss the sense
13532	 * information.
13533	 */
13534	targ_lun = io->io_hdr.nexus.targ_lun;
13535	targ_lun = ctl_map_lun(io->io_hdr.nexus.targ_port, targ_lun);
13536	if ((targ_lun < CTL_MAX_LUNS)
13537	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
13538		lun = ctl_softc->ctl_luns[targ_lun];
13539	else
13540		goto bailout;
13541
13542	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13543
13544	mtx_lock(&lun->lun_lock);
13545	/*
13546	 * Already have CA set for this LUN...toss the sense information.
13547	 */
13548	if (ctl_is_set(lun->have_ca, initidx)) {
13549		mtx_unlock(&lun->lun_lock);
13550		goto bailout;
13551	}
13552
13553	memcpy(&lun->pending_sense[initidx].sense, &io->scsiio.sense_data,
13554	       ctl_min(sizeof(lun->pending_sense[initidx].sense),
13555	       sizeof(io->scsiio.sense_data)));
13556	ctl_set_mask(lun->have_ca, initidx);
13557	mtx_unlock(&lun->lun_lock);
13558
13559bailout:
13560	mtx_unlock(&ctl_softc->ctl_lock);
13561
13562	ctl_free_io(io);
13563
13564	return (CTL_RETVAL_COMPLETE);
13565}
13566
13567/*
13568 * Primary command inlet from frontend ports.  All SCSI and task I/O
13569 * requests must go through this function.
13570 */
13571int
13572ctl_queue(union ctl_io *io)
13573{
13574	struct ctl_softc *ctl_softc;
13575
13576	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13577
13578	ctl_softc = control_softc;
13579
13580#ifdef CTL_TIME_IO
13581	io->io_hdr.start_time = time_uptime;
13582	getbintime(&io->io_hdr.start_bt);
13583#endif /* CTL_TIME_IO */
13584
13585	/* Map FE-specific LUN ID into global one. */
13586	io->io_hdr.nexus.targ_mapped_lun =
13587	    ctl_map_lun(io->io_hdr.nexus.targ_port, io->io_hdr.nexus.targ_lun);
13588
13589	switch (io->io_hdr.io_type) {
13590	case CTL_IO_SCSI:
13591		ctl_enqueue_incoming(io);
13592		break;
13593	case CTL_IO_TASK:
13594		ctl_run_task(io);
13595		break;
13596	default:
13597		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13598		return (EINVAL);
13599	}
13600
13601	return (CTL_RETVAL_COMPLETE);
13602}
13603
13604#ifdef CTL_IO_DELAY
13605static void
13606ctl_done_timer_wakeup(void *arg)
13607{
13608	union ctl_io *io;
13609
13610	io = (union ctl_io *)arg;
13611	ctl_done(io);
13612}
13613#endif /* CTL_IO_DELAY */
13614
13615void
13616ctl_done(union ctl_io *io)
13617{
13618	struct ctl_softc *ctl_softc;
13619
13620	ctl_softc = control_softc;
13621
13622	/*
13623	 * Enable this to catch duplicate completion issues.
13624	 */
13625#if 0
13626	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13627		printf("%s: type %d msg %d cdb %x iptl: "
13628		       "%d:%d:%d:%d tag 0x%04x "
13629		       "flag %#x status %x\n",
13630			__func__,
13631			io->io_hdr.io_type,
13632			io->io_hdr.msg_type,
13633			io->scsiio.cdb[0],
13634			io->io_hdr.nexus.initid.id,
13635			io->io_hdr.nexus.targ_port,
13636			io->io_hdr.nexus.targ_target.id,
13637			io->io_hdr.nexus.targ_lun,
13638			(io->io_hdr.io_type ==
13639			CTL_IO_TASK) ?
13640			io->taskio.tag_num :
13641			io->scsiio.tag_num,
13642		        io->io_hdr.flags,
13643			io->io_hdr.status);
13644	} else
13645		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13646#endif
13647
13648	/*
13649	 * This is an internal copy of an I/O, and should not go through
13650	 * the normal done processing logic.
13651	 */
13652	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13653		return;
13654
13655	/*
13656	 * We need to send a msg to the serializing shelf to finish the IO
13657	 * as well.  We don't send a finish message to the other shelf if
13658	 * this is a task management command.  Task management commands
13659	 * aren't serialized in the OOA queue, but rather just executed on
13660	 * both shelf controllers for commands that originated on that
13661	 * controller.
13662	 */
13663	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13664	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13665		union ctl_ha_msg msg_io;
13666
13667		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13668		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13669		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13670		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13671		}
13672		/* continue on to finish IO */
13673	}
13674#ifdef CTL_IO_DELAY
13675	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13676		struct ctl_lun *lun;
13677
13678		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13679
13680		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13681	} else {
13682		struct ctl_lun *lun;
13683
13684		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13685
13686		if ((lun != NULL)
13687		 && (lun->delay_info.done_delay > 0)) {
13688			struct callout *callout;
13689
13690			callout = (struct callout *)&io->io_hdr.timer_bytes;
13691			callout_init(callout, /*mpsafe*/ 1);
13692			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13693			callout_reset(callout,
13694				      lun->delay_info.done_delay * hz,
13695				      ctl_done_timer_wakeup, io);
13696			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13697				lun->delay_info.done_delay = 0;
13698			return;
13699		}
13700	}
13701#endif /* CTL_IO_DELAY */
13702
13703	ctl_enqueue_done(io);
13704}
13705
13706int
13707ctl_isc(struct ctl_scsiio *ctsio)
13708{
13709	struct ctl_lun *lun;
13710	int retval;
13711
13712	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13713
13714	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13715
13716	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13717
13718	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13719
13720	return (retval);
13721}
13722
13723
13724static void
13725ctl_work_thread(void *arg)
13726{
13727	struct ctl_thread *thr = (struct ctl_thread *)arg;
13728	struct ctl_softc *softc = thr->ctl_softc;
13729	union ctl_io *io;
13730	int retval;
13731
13732	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13733
13734	for (;;) {
13735		retval = 0;
13736
13737		/*
13738		 * We handle the queues in this order:
13739		 * - ISC
13740		 * - done queue (to free up resources, unblock other commands)
13741		 * - RtR queue
13742		 * - incoming queue
13743		 *
13744		 * If those queues are empty, we break out of the loop and
13745		 * go to sleep.
13746		 */
13747		mtx_lock(&thr->queue_lock);
13748		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13749		if (io != NULL) {
13750			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13751			mtx_unlock(&thr->queue_lock);
13752			ctl_handle_isc(io);
13753			continue;
13754		}
13755		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13756		if (io != NULL) {
13757			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13758			/* clear any blocked commands, call fe_done */
13759			mtx_unlock(&thr->queue_lock);
13760			retval = ctl_process_done(io);
13761			continue;
13762		}
13763		if (!ctl_pause_rtr) {
13764			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13765			if (io != NULL) {
13766				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13767				mtx_unlock(&thr->queue_lock);
13768				retval = ctl_scsiio(&io->scsiio);
13769				if (retval != CTL_RETVAL_COMPLETE)
13770					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13771				continue;
13772			}
13773		}
13774		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13775		if (io != NULL) {
13776			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13777			mtx_unlock(&thr->queue_lock);
13778			ctl_scsiio_precheck(softc, &io->scsiio);
13779			continue;
13780		}
13781
13782		/* Sleep until we have something to do. */
13783		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13784	}
13785}
13786
13787static void
13788ctl_lun_thread(void *arg)
13789{
13790	struct ctl_softc *softc = (struct ctl_softc *)arg;
13791	struct ctl_be_lun *be_lun;
13792	int retval;
13793
13794	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13795
13796	for (;;) {
13797		retval = 0;
13798		mtx_lock(&softc->ctl_lock);
13799		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13800		if (be_lun != NULL) {
13801			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13802			mtx_unlock(&softc->ctl_lock);
13803			ctl_create_lun(be_lun);
13804			continue;
13805		}
13806
13807		/* Sleep until we have something to do. */
13808		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13809		    PDROP | PRIBIO, "-", 0);
13810	}
13811}
13812
13813static void
13814ctl_enqueue_incoming(union ctl_io *io)
13815{
13816	struct ctl_softc *softc = control_softc;
13817	struct ctl_thread *thr;
13818
13819	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13820	mtx_lock(&thr->queue_lock);
13821	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13822	mtx_unlock(&thr->queue_lock);
13823	wakeup(thr);
13824}
13825
13826static void
13827ctl_enqueue_rtr(union ctl_io *io)
13828{
13829	struct ctl_softc *softc = control_softc;
13830	struct ctl_thread *thr;
13831
13832	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13833	mtx_lock(&thr->queue_lock);
13834	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13835	mtx_unlock(&thr->queue_lock);
13836	wakeup(thr);
13837}
13838
13839static void
13840ctl_enqueue_done(union ctl_io *io)
13841{
13842	struct ctl_softc *softc = control_softc;
13843	struct ctl_thread *thr;
13844
13845	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13846	mtx_lock(&thr->queue_lock);
13847	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13848	mtx_unlock(&thr->queue_lock);
13849	wakeup(thr);
13850}
13851
13852static void
13853ctl_enqueue_isc(union ctl_io *io)
13854{
13855	struct ctl_softc *softc = control_softc;
13856	struct ctl_thread *thr;
13857
13858	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13859	mtx_lock(&thr->queue_lock);
13860	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13861	mtx_unlock(&thr->queue_lock);
13862	wakeup(thr);
13863}
13864
13865/* Initialization and failover */
13866
13867void
13868ctl_init_isc_msg(void)
13869{
13870	printf("CTL: Still calling this thing\n");
13871}
13872
13873/*
13874 * Init component
13875 * 	Initializes component into configuration defined by bootMode
13876 *	(see hasc-sv.c)
13877 *  	returns hasc_Status:
13878 * 		OK
13879 *		ERROR - fatal error
13880 */
13881static ctl_ha_comp_status
13882ctl_isc_init(struct ctl_ha_component *c)
13883{
13884	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13885
13886	c->status = ret;
13887	return ret;
13888}
13889
13890/* Start component
13891 * 	Starts component in state requested. If component starts successfully,
13892 *	it must set its own state to the requestrd state
13893 *	When requested state is HASC_STATE_HA, the component may refine it
13894 * 	by adding _SLAVE or _MASTER flags.
13895 *	Currently allowed state transitions are:
13896 *	UNKNOWN->HA		- initial startup
13897 *	UNKNOWN->SINGLE - initial startup when no parter detected
13898 *	HA->SINGLE		- failover
13899 * returns ctl_ha_comp_status:
13900 * 		OK	- component successfully started in requested state
13901 *		FAILED  - could not start the requested state, failover may
13902 * 			  be possible
13903 *		ERROR	- fatal error detected, no future startup possible
13904 */
13905static ctl_ha_comp_status
13906ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
13907{
13908	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13909
13910	printf("%s: go\n", __func__);
13911
13912	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
13913	if (c->state == CTL_HA_STATE_UNKNOWN ) {
13914		ctl_is_single = 0;
13915		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
13916		    != CTL_HA_STATUS_SUCCESS) {
13917			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
13918			ret = CTL_HA_COMP_STATUS_ERROR;
13919		}
13920	} else if (CTL_HA_STATE_IS_HA(c->state)
13921		&& CTL_HA_STATE_IS_SINGLE(state)){
13922		// HA->SINGLE transition
13923	        ctl_failover();
13924		ctl_is_single = 1;
13925	} else {
13926		printf("ctl_isc_start:Invalid state transition %X->%X\n",
13927		       c->state, state);
13928		ret = CTL_HA_COMP_STATUS_ERROR;
13929	}
13930	if (CTL_HA_STATE_IS_SINGLE(state))
13931		ctl_is_single = 1;
13932
13933	c->state = state;
13934	c->status = ret;
13935	return ret;
13936}
13937
13938/*
13939 * Quiesce component
13940 * The component must clear any error conditions (set status to OK) and
13941 * prepare itself to another Start call
13942 * returns ctl_ha_comp_status:
13943 * 	OK
13944 *	ERROR
13945 */
13946static ctl_ha_comp_status
13947ctl_isc_quiesce(struct ctl_ha_component *c)
13948{
13949	int ret = CTL_HA_COMP_STATUS_OK;
13950
13951	ctl_pause_rtr = 1;
13952	c->status = ret;
13953	return ret;
13954}
13955
13956struct ctl_ha_component ctl_ha_component_ctlisc =
13957{
13958	.name = "CTL ISC",
13959	.state = CTL_HA_STATE_UNKNOWN,
13960	.init = ctl_isc_init,
13961	.start = ctl_isc_start,
13962	.quiesce = ctl_isc_quiesce
13963};
13964
13965/*
13966 *  vim: ts=8
13967 */
13968