ctl.c revision 273693 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 273693 2014-10-26 15:28:07Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/ctype.h>
50#include <sys/kernel.h>
51#include <sys/types.h>
52#include <sys/kthread.h>
53#include <sys/bio.h>
54#include <sys/fcntl.h>
55#include <sys/lock.h>
56#include <sys/module.h>
57#include <sys/mutex.h>
58#include <sys/condvar.h>
59#include <sys/malloc.h>
60#include <sys/conf.h>
61#include <sys/ioccom.h>
62#include <sys/queue.h>
63#include <sys/sbuf.h>
64#include <sys/smp.h>
65#include <sys/endian.h>
66#include <sys/sysctl.h>
67
68#include <cam/cam.h>
69#include <cam/scsi/scsi_all.h>
70#include <cam/scsi/scsi_da.h>
71#include <cam/ctl/ctl_io.h>
72#include <cam/ctl/ctl.h>
73#include <cam/ctl/ctl_frontend.h>
74#include <cam/ctl/ctl_frontend_internal.h>
75#include <cam/ctl/ctl_util.h>
76#include <cam/ctl/ctl_backend.h>
77#include <cam/ctl/ctl_ioctl.h>
78#include <cam/ctl/ctl_ha.h>
79#include <cam/ctl/ctl_private.h>
80#include <cam/ctl/ctl_debug.h>
81#include <cam/ctl/ctl_scsi_all.h>
82#include <cam/ctl/ctl_error.h>
83
84struct ctl_softc *control_softc = NULL;
85
86/*
87 * Size and alignment macros needed for Copan-specific HA hardware.  These
88 * can go away when the HA code is re-written, and uses busdma for any
89 * hardware.
90 */
91#define	CTL_ALIGN_8B(target, source, type)				\
92	if (((uint32_t)source & 0x7) != 0)				\
93		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
94	else								\
95		target = (type)source;
96
97#define	CTL_SIZE_8B(target, size)					\
98	if ((size & 0x7) != 0)						\
99		target = size + (0x8 - (size & 0x7));			\
100	else								\
101		target = size;
102
103#define CTL_ALIGN_8B_MARGIN	16
104
105/*
106 * Template mode pages.
107 */
108
109/*
110 * Note that these are default values only.  The actual values will be
111 * filled in when the user does a mode sense.
112 */
113static struct copan_debugconf_subpage debugconf_page_default = {
114	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
115	DBGCNF_SUBPAGE_CODE,		/* subpage */
116	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
117	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
118	DBGCNF_VERSION,			/* page_version */
119	{CTL_TIME_IO_DEFAULT_SECS>>8,
120	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
121};
122
123static struct copan_debugconf_subpage debugconf_page_changeable = {
124	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
125	DBGCNF_SUBPAGE_CODE,		/* subpage */
126	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
127	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
128	0,				/* page_version */
129	{0xff,0xff},			/* ctl_time_io_secs */
130};
131
132static struct scsi_da_rw_recovery_page rw_er_page_default = {
133	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
134	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
135	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
136	/*read_retry_count*/0,
137	/*correction_span*/0,
138	/*head_offset_count*/0,
139	/*data_strobe_offset_cnt*/0,
140	/*byte8*/0,
141	/*write_retry_count*/0,
142	/*reserved2*/0,
143	/*recovery_time_limit*/{0, 0},
144};
145
146static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
147	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
148	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
149	/*byte3*/0,
150	/*read_retry_count*/0,
151	/*correction_span*/0,
152	/*head_offset_count*/0,
153	/*data_strobe_offset_cnt*/0,
154	/*byte8*/0,
155	/*write_retry_count*/0,
156	/*reserved2*/0,
157	/*recovery_time_limit*/{0, 0},
158};
159
160static struct scsi_format_page format_page_default = {
161	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
162	/*page_length*/sizeof(struct scsi_format_page) - 2,
163	/*tracks_per_zone*/ {0, 0},
164	/*alt_sectors_per_zone*/ {0, 0},
165	/*alt_tracks_per_zone*/ {0, 0},
166	/*alt_tracks_per_lun*/ {0, 0},
167	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
168			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
169	/*bytes_per_sector*/ {0, 0},
170	/*interleave*/ {0, 0},
171	/*track_skew*/ {0, 0},
172	/*cylinder_skew*/ {0, 0},
173	/*flags*/ SFP_HSEC,
174	/*reserved*/ {0, 0, 0}
175};
176
177static struct scsi_format_page format_page_changeable = {
178	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
179	/*page_length*/sizeof(struct scsi_format_page) - 2,
180	/*tracks_per_zone*/ {0, 0},
181	/*alt_sectors_per_zone*/ {0, 0},
182	/*alt_tracks_per_zone*/ {0, 0},
183	/*alt_tracks_per_lun*/ {0, 0},
184	/*sectors_per_track*/ {0, 0},
185	/*bytes_per_sector*/ {0, 0},
186	/*interleave*/ {0, 0},
187	/*track_skew*/ {0, 0},
188	/*cylinder_skew*/ {0, 0},
189	/*flags*/ 0,
190	/*reserved*/ {0, 0, 0}
191};
192
193static struct scsi_rigid_disk_page rigid_disk_page_default = {
194	/*page_code*/SMS_RIGID_DISK_PAGE,
195	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
196	/*cylinders*/ {0, 0, 0},
197	/*heads*/ CTL_DEFAULT_HEADS,
198	/*start_write_precomp*/ {0, 0, 0},
199	/*start_reduced_current*/ {0, 0, 0},
200	/*step_rate*/ {0, 0},
201	/*landing_zone_cylinder*/ {0, 0, 0},
202	/*rpl*/ SRDP_RPL_DISABLED,
203	/*rotational_offset*/ 0,
204	/*reserved1*/ 0,
205	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
206			   CTL_DEFAULT_ROTATION_RATE & 0xff},
207	/*reserved2*/ {0, 0}
208};
209
210static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
211	/*page_code*/SMS_RIGID_DISK_PAGE,
212	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
213	/*cylinders*/ {0, 0, 0},
214	/*heads*/ 0,
215	/*start_write_precomp*/ {0, 0, 0},
216	/*start_reduced_current*/ {0, 0, 0},
217	/*step_rate*/ {0, 0},
218	/*landing_zone_cylinder*/ {0, 0, 0},
219	/*rpl*/ 0,
220	/*rotational_offset*/ 0,
221	/*reserved1*/ 0,
222	/*rotation_rate*/ {0, 0},
223	/*reserved2*/ {0, 0}
224};
225
226static struct scsi_caching_page caching_page_default = {
227	/*page_code*/SMS_CACHING_PAGE,
228	/*page_length*/sizeof(struct scsi_caching_page) - 2,
229	/*flags1*/ SCP_DISC | SCP_WCE,
230	/*ret_priority*/ 0,
231	/*disable_pf_transfer_len*/ {0xff, 0xff},
232	/*min_prefetch*/ {0, 0},
233	/*max_prefetch*/ {0xff, 0xff},
234	/*max_pf_ceiling*/ {0xff, 0xff},
235	/*flags2*/ 0,
236	/*cache_segments*/ 0,
237	/*cache_seg_size*/ {0, 0},
238	/*reserved*/ 0,
239	/*non_cache_seg_size*/ {0, 0, 0}
240};
241
242static struct scsi_caching_page caching_page_changeable = {
243	/*page_code*/SMS_CACHING_PAGE,
244	/*page_length*/sizeof(struct scsi_caching_page) - 2,
245	/*flags1*/ SCP_WCE | SCP_RCD,
246	/*ret_priority*/ 0,
247	/*disable_pf_transfer_len*/ {0, 0},
248	/*min_prefetch*/ {0, 0},
249	/*max_prefetch*/ {0, 0},
250	/*max_pf_ceiling*/ {0, 0},
251	/*flags2*/ 0,
252	/*cache_segments*/ 0,
253	/*cache_seg_size*/ {0, 0},
254	/*reserved*/ 0,
255	/*non_cache_seg_size*/ {0, 0, 0}
256};
257
258static struct scsi_control_page control_page_default = {
259	/*page_code*/SMS_CONTROL_MODE_PAGE,
260	/*page_length*/sizeof(struct scsi_control_page) - 2,
261	/*rlec*/0,
262	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
263	/*eca_and_aen*/0,
264	/*flags4*/SCP_TAS,
265	/*aen_holdoff_period*/{0, 0},
266	/*busy_timeout_period*/{0, 0},
267	/*extended_selftest_completion_time*/{0, 0}
268};
269
270static struct scsi_control_page control_page_changeable = {
271	/*page_code*/SMS_CONTROL_MODE_PAGE,
272	/*page_length*/sizeof(struct scsi_control_page) - 2,
273	/*rlec*/SCP_DSENSE,
274	/*queue_flags*/SCP_QUEUE_ALG_MASK,
275	/*eca_and_aen*/SCP_SWP,
276	/*flags4*/0,
277	/*aen_holdoff_period*/{0, 0},
278	/*busy_timeout_period*/{0, 0},
279	/*extended_selftest_completion_time*/{0, 0}
280};
281
282static struct scsi_info_exceptions_page ie_page_default = {
283	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
284	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
285	/*info_flags*/SIEP_FLAGS_DEXCPT,
286	/*mrie*/0,
287	/*interval_timer*/{0, 0, 0, 0},
288	/*report_count*/{0, 0, 0, 0}
289};
290
291static struct scsi_info_exceptions_page ie_page_changeable = {
292	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
293	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
294	/*info_flags*/0,
295	/*mrie*/0,
296	/*interval_timer*/{0, 0, 0, 0},
297	/*report_count*/{0, 0, 0, 0}
298};
299
300static struct scsi_logical_block_provisioning_page lbp_page_default = {
301	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
302	/*subpage_code*/0x02,
303	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
304	/*flags*/0,
305	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
306	/*descr*/{}
307};
308
309static struct scsi_logical_block_provisioning_page lbp_page_changeable = {
310	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
311	/*subpage_code*/0x02,
312	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
313	/*flags*/0,
314	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
315	/*descr*/{}
316};
317
318/*
319 * XXX KDM move these into the softc.
320 */
321static int rcv_sync_msg;
322static int persis_offset;
323static uint8_t ctl_pause_rtr;
324static int     ctl_is_single = 1;
325
326SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
327static int worker_threads = -1;
328SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
329    &worker_threads, 1, "Number of worker threads");
330static int ctl_debug = CTL_DEBUG_NONE;
331SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
332    &ctl_debug, 0, "Enabled debug flags");
333
334/*
335 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
336 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
337 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
338 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
339 */
340#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
341
342static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
343				  int param);
344static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
345static int ctl_init(void);
346void ctl_shutdown(void);
347static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
348static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
349static void ctl_ioctl_online(void *arg);
350static void ctl_ioctl_offline(void *arg);
351static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
352static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
353static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
354static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
355static int ctl_ioctl_submit_wait(union ctl_io *io);
356static void ctl_ioctl_datamove(union ctl_io *io);
357static void ctl_ioctl_done(union ctl_io *io);
358static void ctl_ioctl_hard_startstop_callback(void *arg,
359					      struct cfi_metatask *metatask);
360static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
361static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
362			      struct ctl_ooa *ooa_hdr,
363			      struct ctl_ooa_entry *kern_entries);
364static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
365		     struct thread *td);
366static uint32_t ctl_map_lun(int port_num, uint32_t lun);
367static uint32_t ctl_map_lun_back(int port_num, uint32_t lun);
368#ifdef unused
369static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
370				   uint32_t targ_target, uint32_t targ_lun,
371				   int can_wait);
372static void ctl_kfree_io(union ctl_io *io);
373#endif /* unused */
374static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
375			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
376static int ctl_free_lun(struct ctl_lun *lun);
377static void ctl_create_lun(struct ctl_be_lun *be_lun);
378/**
379static void ctl_failover_change_pages(struct ctl_softc *softc,
380				      struct ctl_scsiio *ctsio, int master);
381**/
382
383static int ctl_do_mode_select(union ctl_io *io);
384static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
385			   uint64_t res_key, uint64_t sa_res_key,
386			   uint8_t type, uint32_t residx,
387			   struct ctl_scsiio *ctsio,
388			   struct scsi_per_res_out *cdb,
389			   struct scsi_per_res_out_parms* param);
390static void ctl_pro_preempt_other(struct ctl_lun *lun,
391				  union ctl_ha_msg *msg);
392static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
393static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
394static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
395static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
396static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
397static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
398static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
399					 int alloc_len);
400static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
401					 int alloc_len);
402static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
403static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
404static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
405static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
406static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
407static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
408static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
409    union ctl_io *pending_io, union ctl_io *ooa_io);
410static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
411				union ctl_io *starting_io);
412static int ctl_check_blocked(struct ctl_lun *lun);
413static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
414				struct ctl_lun *lun,
415				const struct ctl_cmd_entry *entry,
416				struct ctl_scsiio *ctsio);
417//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
418static void ctl_failover(void);
419static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
420			       struct ctl_scsiio *ctsio);
421static int ctl_scsiio(struct ctl_scsiio *ctsio);
422
423static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
424static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
425			    ctl_ua_type ua_type);
426static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
427			 ctl_ua_type ua_type);
428static int ctl_abort_task(union ctl_io *io);
429static int ctl_abort_task_set(union ctl_io *io);
430static int ctl_i_t_nexus_reset(union ctl_io *io);
431static void ctl_run_task(union ctl_io *io);
432#ifdef CTL_IO_DELAY
433static void ctl_datamove_timer_wakeup(void *arg);
434static void ctl_done_timer_wakeup(void *arg);
435#endif /* CTL_IO_DELAY */
436
437static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
438static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
439static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
440static void ctl_datamove_remote_write(union ctl_io *io);
441static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
442static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
443static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
444static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
445				    ctl_ha_dt_cb callback);
446static void ctl_datamove_remote_read(union ctl_io *io);
447static void ctl_datamove_remote(union ctl_io *io);
448static int ctl_process_done(union ctl_io *io);
449static void ctl_lun_thread(void *arg);
450static void ctl_work_thread(void *arg);
451static void ctl_enqueue_incoming(union ctl_io *io);
452static void ctl_enqueue_rtr(union ctl_io *io);
453static void ctl_enqueue_done(union ctl_io *io);
454static void ctl_enqueue_isc(union ctl_io *io);
455static const struct ctl_cmd_entry *
456    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
457static const struct ctl_cmd_entry *
458    ctl_validate_command(struct ctl_scsiio *ctsio);
459static int ctl_cmd_applicable(uint8_t lun_type,
460    const struct ctl_cmd_entry *entry);
461
462/*
463 * Load the serialization table.  This isn't very pretty, but is probably
464 * the easiest way to do it.
465 */
466#include "ctl_ser_table.c"
467
468/*
469 * We only need to define open, close and ioctl routines for this driver.
470 */
471static struct cdevsw ctl_cdevsw = {
472	.d_version =	D_VERSION,
473	.d_flags =	0,
474	.d_open =	ctl_open,
475	.d_close =	ctl_close,
476	.d_ioctl =	ctl_ioctl,
477	.d_name =	"ctl",
478};
479
480
481MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
482MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
483
484static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
485
486static moduledata_t ctl_moduledata = {
487	"ctl",
488	ctl_module_event_handler,
489	NULL
490};
491
492DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
493MODULE_VERSION(ctl, 1);
494
495static struct ctl_frontend ioctl_frontend =
496{
497	.name = "ioctl",
498};
499
500static void
501ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
502			    union ctl_ha_msg *msg_info)
503{
504	struct ctl_scsiio *ctsio;
505
506	if (msg_info->hdr.original_sc == NULL) {
507		printf("%s: original_sc == NULL!\n", __func__);
508		/* XXX KDM now what? */
509		return;
510	}
511
512	ctsio = &msg_info->hdr.original_sc->scsiio;
513	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
514	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
515	ctsio->io_hdr.status = msg_info->hdr.status;
516	ctsio->scsi_status = msg_info->scsi.scsi_status;
517	ctsio->sense_len = msg_info->scsi.sense_len;
518	ctsio->sense_residual = msg_info->scsi.sense_residual;
519	ctsio->residual = msg_info->scsi.residual;
520	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
521	       sizeof(ctsio->sense_data));
522	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
523	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
524	ctl_enqueue_isc((union ctl_io *)ctsio);
525}
526
527static void
528ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
529				union ctl_ha_msg *msg_info)
530{
531	struct ctl_scsiio *ctsio;
532
533	if (msg_info->hdr.serializing_sc == NULL) {
534		printf("%s: serializing_sc == NULL!\n", __func__);
535		/* XXX KDM now what? */
536		return;
537	}
538
539	ctsio = &msg_info->hdr.serializing_sc->scsiio;
540#if 0
541	/*
542	 * Attempt to catch the situation where an I/O has
543	 * been freed, and we're using it again.
544	 */
545	if (ctsio->io_hdr.io_type == 0xff) {
546		union ctl_io *tmp_io;
547		tmp_io = (union ctl_io *)ctsio;
548		printf("%s: %p use after free!\n", __func__,
549		       ctsio);
550		printf("%s: type %d msg %d cdb %x iptl: "
551		       "%d:%d:%d:%d tag 0x%04x "
552		       "flag %#x status %x\n",
553			__func__,
554			tmp_io->io_hdr.io_type,
555			tmp_io->io_hdr.msg_type,
556			tmp_io->scsiio.cdb[0],
557			tmp_io->io_hdr.nexus.initid.id,
558			tmp_io->io_hdr.nexus.targ_port,
559			tmp_io->io_hdr.nexus.targ_target.id,
560			tmp_io->io_hdr.nexus.targ_lun,
561			(tmp_io->io_hdr.io_type ==
562			CTL_IO_TASK) ?
563			tmp_io->taskio.tag_num :
564			tmp_io->scsiio.tag_num,
565		        tmp_io->io_hdr.flags,
566			tmp_io->io_hdr.status);
567	}
568#endif
569	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
570	ctl_enqueue_isc((union ctl_io *)ctsio);
571}
572
573/*
574 * ISC (Inter Shelf Communication) event handler.  Events from the HA
575 * subsystem come in here.
576 */
577static void
578ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
579{
580	struct ctl_softc *ctl_softc;
581	union ctl_io *io;
582	struct ctl_prio *presio;
583	ctl_ha_status isc_status;
584
585	ctl_softc = control_softc;
586	io = NULL;
587
588
589#if 0
590	printf("CTL: Isc Msg event %d\n", event);
591#endif
592	if (event == CTL_HA_EVT_MSG_RECV) {
593		union ctl_ha_msg msg_info;
594
595		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
596					     sizeof(msg_info), /*wait*/ 0);
597#if 0
598		printf("CTL: msg_type %d\n", msg_info.msg_type);
599#endif
600		if (isc_status != 0) {
601			printf("Error receiving message, status = %d\n",
602			       isc_status);
603			return;
604		}
605
606		switch (msg_info.hdr.msg_type) {
607		case CTL_MSG_SERIALIZE:
608#if 0
609			printf("Serialize\n");
610#endif
611			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
612			if (io == NULL) {
613				printf("ctl_isc_event_handler: can't allocate "
614				       "ctl_io!\n");
615				/* Bad Juju */
616				/* Need to set busy and send msg back */
617				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
618				msg_info.hdr.status = CTL_SCSI_ERROR;
619				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
620				msg_info.scsi.sense_len = 0;
621			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
622				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
623				}
624				goto bailout;
625			}
626			ctl_zero_io(io);
627			// populate ctsio from msg_info
628			io->io_hdr.io_type = CTL_IO_SCSI;
629			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
630			io->io_hdr.original_sc = msg_info.hdr.original_sc;
631#if 0
632			printf("pOrig %x\n", (int)msg_info.original_sc);
633#endif
634			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
635					    CTL_FLAG_IO_ACTIVE;
636			/*
637			 * If we're in serialization-only mode, we don't
638			 * want to go through full done processing.  Thus
639			 * the COPY flag.
640			 *
641			 * XXX KDM add another flag that is more specific.
642			 */
643			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
644				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
645			io->io_hdr.nexus = msg_info.hdr.nexus;
646#if 0
647			printf("targ %d, port %d, iid %d, lun %d\n",
648			       io->io_hdr.nexus.targ_target.id,
649			       io->io_hdr.nexus.targ_port,
650			       io->io_hdr.nexus.initid.id,
651			       io->io_hdr.nexus.targ_lun);
652#endif
653			io->scsiio.tag_num = msg_info.scsi.tag_num;
654			io->scsiio.tag_type = msg_info.scsi.tag_type;
655			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
656			       CTL_MAX_CDBLEN);
657			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
658				const struct ctl_cmd_entry *entry;
659
660				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
661				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
662				io->io_hdr.flags |=
663					entry->flags & CTL_FLAG_DATA_MASK;
664			}
665			ctl_enqueue_isc(io);
666			break;
667
668		/* Performed on the Originating SC, XFER mode only */
669		case CTL_MSG_DATAMOVE: {
670			struct ctl_sg_entry *sgl;
671			int i, j;
672
673			io = msg_info.hdr.original_sc;
674			if (io == NULL) {
675				printf("%s: original_sc == NULL!\n", __func__);
676				/* XXX KDM do something here */
677				break;
678			}
679			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
680			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
681			/*
682			 * Keep track of this, we need to send it back over
683			 * when the datamove is complete.
684			 */
685			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
686
687			if (msg_info.dt.sg_sequence == 0) {
688				/*
689				 * XXX KDM we use the preallocated S/G list
690				 * here, but we'll need to change this to
691				 * dynamic allocation if we need larger S/G
692				 * lists.
693				 */
694				if (msg_info.dt.kern_sg_entries >
695				    sizeof(io->io_hdr.remote_sglist) /
696				    sizeof(io->io_hdr.remote_sglist[0])) {
697					printf("%s: number of S/G entries "
698					    "needed %u > allocated num %zd\n",
699					    __func__,
700					    msg_info.dt.kern_sg_entries,
701					    sizeof(io->io_hdr.remote_sglist)/
702					    sizeof(io->io_hdr.remote_sglist[0]));
703
704					/*
705					 * XXX KDM send a message back to
706					 * the other side to shut down the
707					 * DMA.  The error will come back
708					 * through via the normal channel.
709					 */
710					break;
711				}
712				sgl = io->io_hdr.remote_sglist;
713				memset(sgl, 0,
714				       sizeof(io->io_hdr.remote_sglist));
715
716				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
717
718				io->scsiio.kern_sg_entries =
719					msg_info.dt.kern_sg_entries;
720				io->scsiio.rem_sg_entries =
721					msg_info.dt.kern_sg_entries;
722				io->scsiio.kern_data_len =
723					msg_info.dt.kern_data_len;
724				io->scsiio.kern_total_len =
725					msg_info.dt.kern_total_len;
726				io->scsiio.kern_data_resid =
727					msg_info.dt.kern_data_resid;
728				io->scsiio.kern_rel_offset =
729					msg_info.dt.kern_rel_offset;
730				/*
731				 * Clear out per-DMA flags.
732				 */
733				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
734				/*
735				 * Add per-DMA flags that are set for this
736				 * particular DMA request.
737				 */
738				io->io_hdr.flags |= msg_info.dt.flags &
739						    CTL_FLAG_RDMA_MASK;
740			} else
741				sgl = (struct ctl_sg_entry *)
742					io->scsiio.kern_data_ptr;
743
744			for (i = msg_info.dt.sent_sg_entries, j = 0;
745			     i < (msg_info.dt.sent_sg_entries +
746			     msg_info.dt.cur_sg_entries); i++, j++) {
747				sgl[i].addr = msg_info.dt.sg_list[j].addr;
748				sgl[i].len = msg_info.dt.sg_list[j].len;
749
750#if 0
751				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
752				       __func__,
753				       msg_info.dt.sg_list[j].addr,
754				       msg_info.dt.sg_list[j].len,
755				       sgl[i].addr, sgl[i].len, j, i);
756#endif
757			}
758#if 0
759			memcpy(&sgl[msg_info.dt.sent_sg_entries],
760			       msg_info.dt.sg_list,
761			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
762#endif
763
764			/*
765			 * If this is the last piece of the I/O, we've got
766			 * the full S/G list.  Queue processing in the thread.
767			 * Otherwise wait for the next piece.
768			 */
769			if (msg_info.dt.sg_last != 0)
770				ctl_enqueue_isc(io);
771			break;
772		}
773		/* Performed on the Serializing (primary) SC, XFER mode only */
774		case CTL_MSG_DATAMOVE_DONE: {
775			if (msg_info.hdr.serializing_sc == NULL) {
776				printf("%s: serializing_sc == NULL!\n",
777				       __func__);
778				/* XXX KDM now what? */
779				break;
780			}
781			/*
782			 * We grab the sense information here in case
783			 * there was a failure, so we can return status
784			 * back to the initiator.
785			 */
786			io = msg_info.hdr.serializing_sc;
787			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
788			io->io_hdr.status = msg_info.hdr.status;
789			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
790			io->scsiio.sense_len = msg_info.scsi.sense_len;
791			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
792			io->io_hdr.port_status = msg_info.scsi.fetd_status;
793			io->scsiio.residual = msg_info.scsi.residual;
794			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
795			       sizeof(io->scsiio.sense_data));
796			ctl_enqueue_isc(io);
797			break;
798		}
799
800		/* Preformed on Originating SC, SER_ONLY mode */
801		case CTL_MSG_R2R:
802			io = msg_info.hdr.original_sc;
803			if (io == NULL) {
804				printf("%s: Major Bummer\n", __func__);
805				return;
806			} else {
807#if 0
808				printf("pOrig %x\n",(int) ctsio);
809#endif
810			}
811			io->io_hdr.msg_type = CTL_MSG_R2R;
812			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
813			ctl_enqueue_isc(io);
814			break;
815
816		/*
817		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
818		 * mode.
819		 * Performed on the Originating (i.e. secondary) SC in XFER
820		 * mode
821		 */
822		case CTL_MSG_FINISH_IO:
823			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
824				ctl_isc_handler_finish_xfer(ctl_softc,
825							    &msg_info);
826			else
827				ctl_isc_handler_finish_ser_only(ctl_softc,
828								&msg_info);
829			break;
830
831		/* Preformed on Originating SC */
832		case CTL_MSG_BAD_JUJU:
833			io = msg_info.hdr.original_sc;
834			if (io == NULL) {
835				printf("%s: Bad JUJU!, original_sc is NULL!\n",
836				       __func__);
837				break;
838			}
839			ctl_copy_sense_data(&msg_info, io);
840			/*
841			 * IO should have already been cleaned up on other
842			 * SC so clear this flag so we won't send a message
843			 * back to finish the IO there.
844			 */
845			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
846			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
847
848			/* io = msg_info.hdr.serializing_sc; */
849			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
850			ctl_enqueue_isc(io);
851			break;
852
853		/* Handle resets sent from the other side */
854		case CTL_MSG_MANAGE_TASKS: {
855			struct ctl_taskio *taskio;
856			taskio = (struct ctl_taskio *)ctl_alloc_io(
857				(void *)ctl_softc->othersc_pool);
858			if (taskio == NULL) {
859				printf("ctl_isc_event_handler: can't allocate "
860				       "ctl_io!\n");
861				/* Bad Juju */
862				/* should I just call the proper reset func
863				   here??? */
864				goto bailout;
865			}
866			ctl_zero_io((union ctl_io *)taskio);
867			taskio->io_hdr.io_type = CTL_IO_TASK;
868			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
869			taskio->io_hdr.nexus = msg_info.hdr.nexus;
870			taskio->task_action = msg_info.task.task_action;
871			taskio->tag_num = msg_info.task.tag_num;
872			taskio->tag_type = msg_info.task.tag_type;
873#ifdef CTL_TIME_IO
874			taskio->io_hdr.start_time = time_uptime;
875			getbintime(&taskio->io_hdr.start_bt);
876#if 0
877			cs_prof_gettime(&taskio->io_hdr.start_ticks);
878#endif
879#endif /* CTL_TIME_IO */
880			ctl_run_task((union ctl_io *)taskio);
881			break;
882		}
883		/* Persistent Reserve action which needs attention */
884		case CTL_MSG_PERS_ACTION:
885			presio = (struct ctl_prio *)ctl_alloc_io(
886				(void *)ctl_softc->othersc_pool);
887			if (presio == NULL) {
888				printf("ctl_isc_event_handler: can't allocate "
889				       "ctl_io!\n");
890				/* Bad Juju */
891				/* Need to set busy and send msg back */
892				goto bailout;
893			}
894			ctl_zero_io((union ctl_io *)presio);
895			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
896			presio->pr_msg = msg_info.pr;
897			ctl_enqueue_isc((union ctl_io *)presio);
898			break;
899		case CTL_MSG_SYNC_FE:
900			rcv_sync_msg = 1;
901			break;
902		default:
903		        printf("How did I get here?\n");
904		}
905	} else if (event == CTL_HA_EVT_MSG_SENT) {
906		if (param != CTL_HA_STATUS_SUCCESS) {
907			printf("Bad status from ctl_ha_msg_send status %d\n",
908			       param);
909		}
910		return;
911	} else if (event == CTL_HA_EVT_DISCONNECT) {
912		printf("CTL: Got a disconnect from Isc\n");
913		return;
914	} else {
915		printf("ctl_isc_event_handler: Unknown event %d\n", event);
916		return;
917	}
918
919bailout:
920	return;
921}
922
923static void
924ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
925{
926	struct scsi_sense_data *sense;
927
928	sense = &dest->scsiio.sense_data;
929	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
930	dest->scsiio.scsi_status = src->scsi.scsi_status;
931	dest->scsiio.sense_len = src->scsi.sense_len;
932	dest->io_hdr.status = src->hdr.status;
933}
934
935static int
936ctl_init(void)
937{
938	struct ctl_softc *softc;
939	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
940	struct ctl_port *port;
941        uint8_t sc_id =0;
942	int i, error, retval;
943	//int isc_retval;
944
945	retval = 0;
946	ctl_pause_rtr = 0;
947        rcv_sync_msg = 0;
948
949	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
950			       M_WAITOK | M_ZERO);
951	softc = control_softc;
952
953	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
954			      "cam/ctl");
955
956	softc->dev->si_drv1 = softc;
957
958	/*
959	 * By default, return a "bad LUN" peripheral qualifier for unknown
960	 * LUNs.  The user can override this default using the tunable or
961	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
962	 */
963	softc->inquiry_pq_no_lun = 1;
964	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
965			  &softc->inquiry_pq_no_lun);
966	sysctl_ctx_init(&softc->sysctl_ctx);
967	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
968		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
969		CTLFLAG_RD, 0, "CAM Target Layer");
970
971	if (softc->sysctl_tree == NULL) {
972		printf("%s: unable to allocate sysctl tree\n", __func__);
973		destroy_dev(softc->dev);
974		free(control_softc, M_DEVBUF);
975		control_softc = NULL;
976		return (ENOMEM);
977	}
978
979	SYSCTL_ADD_INT(&softc->sysctl_ctx,
980		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
981		       "inquiry_pq_no_lun", CTLFLAG_RW,
982		       &softc->inquiry_pq_no_lun, 0,
983		       "Report no lun possible for invalid LUNs");
984
985	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
986	mtx_init(&softc->pool_lock, "CTL pool mutex", NULL, MTX_DEF);
987	softc->open_count = 0;
988
989	/*
990	 * Default to actually sending a SYNCHRONIZE CACHE command down to
991	 * the drive.
992	 */
993	softc->flags = CTL_FLAG_REAL_SYNC;
994
995	/*
996	 * In Copan's HA scheme, the "master" and "slave" roles are
997	 * figured out through the slot the controller is in.  Although it
998	 * is an active/active system, someone has to be in charge.
999 	 */
1000#ifdef NEEDTOPORT
1001        scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
1002#endif
1003
1004        if (sc_id == 0) {
1005		softc->flags |= CTL_FLAG_MASTER_SHELF;
1006		persis_offset = 0;
1007	} else
1008		persis_offset = CTL_MAX_INITIATORS;
1009
1010	/*
1011	 * XXX KDM need to figure out where we want to get our target ID
1012	 * and WWID.  Is it different on each port?
1013	 */
1014	softc->target.id = 0;
1015	softc->target.wwid[0] = 0x12345678;
1016	softc->target.wwid[1] = 0x87654321;
1017	STAILQ_INIT(&softc->lun_list);
1018	STAILQ_INIT(&softc->pending_lun_queue);
1019	STAILQ_INIT(&softc->fe_list);
1020	STAILQ_INIT(&softc->port_list);
1021	STAILQ_INIT(&softc->be_list);
1022	STAILQ_INIT(&softc->io_pools);
1023	ctl_tpc_init(softc);
1024
1025	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1026			    &internal_pool)!= 0){
1027		printf("ctl: can't allocate %d entry internal pool, "
1028		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1029		return (ENOMEM);
1030	}
1031
1032	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1033			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1034		printf("ctl: can't allocate %d entry emergency pool, "
1035		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1036		ctl_pool_free(internal_pool);
1037		return (ENOMEM);
1038	}
1039
1040	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1041	                    &other_pool) != 0)
1042	{
1043		printf("ctl: can't allocate %d entry other SC pool, "
1044		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1045		ctl_pool_free(internal_pool);
1046		ctl_pool_free(emergency_pool);
1047		return (ENOMEM);
1048	}
1049
1050	softc->internal_pool = internal_pool;
1051	softc->emergency_pool = emergency_pool;
1052	softc->othersc_pool = other_pool;
1053
1054	if (worker_threads <= 0)
1055		worker_threads = max(1, mp_ncpus / 4);
1056	if (worker_threads > CTL_MAX_THREADS)
1057		worker_threads = CTL_MAX_THREADS;
1058
1059	for (i = 0; i < worker_threads; i++) {
1060		struct ctl_thread *thr = &softc->threads[i];
1061
1062		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1063		thr->ctl_softc = softc;
1064		STAILQ_INIT(&thr->incoming_queue);
1065		STAILQ_INIT(&thr->rtr_queue);
1066		STAILQ_INIT(&thr->done_queue);
1067		STAILQ_INIT(&thr->isc_queue);
1068
1069		error = kproc_kthread_add(ctl_work_thread, thr,
1070		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1071		if (error != 0) {
1072			printf("error creating CTL work thread!\n");
1073			ctl_pool_free(internal_pool);
1074			ctl_pool_free(emergency_pool);
1075			ctl_pool_free(other_pool);
1076			return (error);
1077		}
1078	}
1079	error = kproc_kthread_add(ctl_lun_thread, softc,
1080	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1081	if (error != 0) {
1082		printf("error creating CTL lun thread!\n");
1083		ctl_pool_free(internal_pool);
1084		ctl_pool_free(emergency_pool);
1085		ctl_pool_free(other_pool);
1086		return (error);
1087	}
1088	if (bootverbose)
1089		printf("ctl: CAM Target Layer loaded\n");
1090
1091	/*
1092	 * Initialize the ioctl front end.
1093	 */
1094	ctl_frontend_register(&ioctl_frontend);
1095	port = &softc->ioctl_info.port;
1096	port->frontend = &ioctl_frontend;
1097	sprintf(softc->ioctl_info.port_name, "ioctl");
1098	port->port_type = CTL_PORT_IOCTL;
1099	port->num_requested_ctl_io = 100;
1100	port->port_name = softc->ioctl_info.port_name;
1101	port->port_online = ctl_ioctl_online;
1102	port->port_offline = ctl_ioctl_offline;
1103	port->onoff_arg = &softc->ioctl_info;
1104	port->lun_enable = ctl_ioctl_lun_enable;
1105	port->lun_disable = ctl_ioctl_lun_disable;
1106	port->targ_lun_arg = &softc->ioctl_info;
1107	port->fe_datamove = ctl_ioctl_datamove;
1108	port->fe_done = ctl_ioctl_done;
1109	port->max_targets = 15;
1110	port->max_target_id = 15;
1111
1112	if (ctl_port_register(&softc->ioctl_info.port,
1113	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1114		printf("ctl: ioctl front end registration failed, will "
1115		       "continue anyway\n");
1116	}
1117
1118#ifdef CTL_IO_DELAY
1119	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1120		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1121		       sizeof(struct callout), CTL_TIMER_BYTES);
1122		return (EINVAL);
1123	}
1124#endif /* CTL_IO_DELAY */
1125
1126	return (0);
1127}
1128
1129void
1130ctl_shutdown(void)
1131{
1132	struct ctl_softc *softc;
1133	struct ctl_lun *lun, *next_lun;
1134	struct ctl_io_pool *pool;
1135
1136	softc = (struct ctl_softc *)control_softc;
1137
1138	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1139		printf("ctl: ioctl front end deregistration failed\n");
1140
1141	mtx_lock(&softc->ctl_lock);
1142
1143	/*
1144	 * Free up each LUN.
1145	 */
1146	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1147		next_lun = STAILQ_NEXT(lun, links);
1148		ctl_free_lun(lun);
1149	}
1150
1151	mtx_unlock(&softc->ctl_lock);
1152
1153	ctl_frontend_deregister(&ioctl_frontend);
1154
1155	/*
1156	 * This will rip the rug out from under any FETDs or anyone else
1157	 * that has a pool allocated.  Since we increment our module
1158	 * refcount any time someone outside the main CTL module allocates
1159	 * a pool, we shouldn't have any problems here.  The user won't be
1160	 * able to unload the CTL module until client modules have
1161	 * successfully unloaded.
1162	 */
1163	while ((pool = STAILQ_FIRST(&softc->io_pools)) != NULL)
1164		ctl_pool_free(pool);
1165
1166#if 0
1167	ctl_shutdown_thread(softc->work_thread);
1168	mtx_destroy(&softc->queue_lock);
1169#endif
1170
1171	ctl_tpc_shutdown(softc);
1172	mtx_destroy(&softc->pool_lock);
1173	mtx_destroy(&softc->ctl_lock);
1174
1175	destroy_dev(softc->dev);
1176
1177	sysctl_ctx_free(&softc->sysctl_ctx);
1178
1179	free(control_softc, M_DEVBUF);
1180	control_softc = NULL;
1181
1182	if (bootverbose)
1183		printf("ctl: CAM Target Layer unloaded\n");
1184}
1185
1186static int
1187ctl_module_event_handler(module_t mod, int what, void *arg)
1188{
1189
1190	switch (what) {
1191	case MOD_LOAD:
1192		return (ctl_init());
1193	case MOD_UNLOAD:
1194		return (EBUSY);
1195	default:
1196		return (EOPNOTSUPP);
1197	}
1198}
1199
1200/*
1201 * XXX KDM should we do some access checks here?  Bump a reference count to
1202 * prevent a CTL module from being unloaded while someone has it open?
1203 */
1204static int
1205ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1206{
1207	return (0);
1208}
1209
1210static int
1211ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1212{
1213	return (0);
1214}
1215
1216int
1217ctl_port_enable(ctl_port_type port_type)
1218{
1219	struct ctl_softc *softc;
1220	struct ctl_port *port;
1221
1222	if (ctl_is_single == 0) {
1223		union ctl_ha_msg msg_info;
1224		int isc_retval;
1225
1226#if 0
1227		printf("%s: HA mode, synchronizing frontend enable\n",
1228		        __func__);
1229#endif
1230		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1231	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1232		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1233			printf("Sync msg send error retval %d\n", isc_retval);
1234		}
1235		if (!rcv_sync_msg) {
1236			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1237			        sizeof(msg_info), 1);
1238		}
1239#if 0
1240        	printf("CTL:Frontend Enable\n");
1241	} else {
1242		printf("%s: single mode, skipping frontend synchronization\n",
1243		        __func__);
1244#endif
1245	}
1246
1247	softc = control_softc;
1248
1249	STAILQ_FOREACH(port, &softc->port_list, links) {
1250		if (port_type & port->port_type)
1251		{
1252#if 0
1253			printf("port %d\n", port->targ_port);
1254#endif
1255			ctl_port_online(port);
1256		}
1257	}
1258
1259	return (0);
1260}
1261
1262int
1263ctl_port_disable(ctl_port_type port_type)
1264{
1265	struct ctl_softc *softc;
1266	struct ctl_port *port;
1267
1268	softc = control_softc;
1269
1270	STAILQ_FOREACH(port, &softc->port_list, links) {
1271		if (port_type & port->port_type)
1272			ctl_port_offline(port);
1273	}
1274
1275	return (0);
1276}
1277
1278/*
1279 * Returns 0 for success, 1 for failure.
1280 * Currently the only failure mode is if there aren't enough entries
1281 * allocated.  So, in case of a failure, look at num_entries_dropped,
1282 * reallocate and try again.
1283 */
1284int
1285ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1286	      int *num_entries_filled, int *num_entries_dropped,
1287	      ctl_port_type port_type, int no_virtual)
1288{
1289	struct ctl_softc *softc;
1290	struct ctl_port *port;
1291	int entries_dropped, entries_filled;
1292	int retval;
1293	int i;
1294
1295	softc = control_softc;
1296
1297	retval = 0;
1298	entries_filled = 0;
1299	entries_dropped = 0;
1300
1301	i = 0;
1302	mtx_lock(&softc->ctl_lock);
1303	STAILQ_FOREACH(port, &softc->port_list, links) {
1304		struct ctl_port_entry *entry;
1305
1306		if ((port->port_type & port_type) == 0)
1307			continue;
1308
1309		if ((no_virtual != 0)
1310		 && (port->virtual_port != 0))
1311			continue;
1312
1313		if (entries_filled >= num_entries_alloced) {
1314			entries_dropped++;
1315			continue;
1316		}
1317		entry = &entries[i];
1318
1319		entry->port_type = port->port_type;
1320		strlcpy(entry->port_name, port->port_name,
1321			sizeof(entry->port_name));
1322		entry->physical_port = port->physical_port;
1323		entry->virtual_port = port->virtual_port;
1324		entry->wwnn = port->wwnn;
1325		entry->wwpn = port->wwpn;
1326
1327		i++;
1328		entries_filled++;
1329	}
1330
1331	mtx_unlock(&softc->ctl_lock);
1332
1333	if (entries_dropped > 0)
1334		retval = 1;
1335
1336	*num_entries_dropped = entries_dropped;
1337	*num_entries_filled = entries_filled;
1338
1339	return (retval);
1340}
1341
1342static void
1343ctl_ioctl_online(void *arg)
1344{
1345	struct ctl_ioctl_info *ioctl_info;
1346
1347	ioctl_info = (struct ctl_ioctl_info *)arg;
1348
1349	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1350}
1351
1352static void
1353ctl_ioctl_offline(void *arg)
1354{
1355	struct ctl_ioctl_info *ioctl_info;
1356
1357	ioctl_info = (struct ctl_ioctl_info *)arg;
1358
1359	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1360}
1361
1362/*
1363 * Remove an initiator by port number and initiator ID.
1364 * Returns 0 for success, -1 for failure.
1365 */
1366int
1367ctl_remove_initiator(struct ctl_port *port, int iid)
1368{
1369	struct ctl_softc *softc = control_softc;
1370
1371	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1372
1373	if (iid > CTL_MAX_INIT_PER_PORT) {
1374		printf("%s: initiator ID %u > maximun %u!\n",
1375		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1376		return (-1);
1377	}
1378
1379	mtx_lock(&softc->ctl_lock);
1380	port->wwpn_iid[iid].in_use--;
1381	port->wwpn_iid[iid].last_use = time_uptime;
1382	mtx_unlock(&softc->ctl_lock);
1383
1384	return (0);
1385}
1386
1387/*
1388 * Add an initiator to the initiator map.
1389 * Returns iid for success, < 0 for failure.
1390 */
1391int
1392ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1393{
1394	struct ctl_softc *softc = control_softc;
1395	time_t best_time;
1396	int i, best;
1397
1398	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1399
1400	if (iid >= CTL_MAX_INIT_PER_PORT) {
1401		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1402		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1403		free(name, M_CTL);
1404		return (-1);
1405	}
1406
1407	mtx_lock(&softc->ctl_lock);
1408
1409	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1410		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1411			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1412				iid = i;
1413				break;
1414			}
1415			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1416			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1417				iid = i;
1418				break;
1419			}
1420		}
1421	}
1422
1423	if (iid < 0) {
1424		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1425			if (port->wwpn_iid[i].in_use == 0 &&
1426			    port->wwpn_iid[i].wwpn == 0 &&
1427			    port->wwpn_iid[i].name == NULL) {
1428				iid = i;
1429				break;
1430			}
1431		}
1432	}
1433
1434	if (iid < 0) {
1435		best = -1;
1436		best_time = INT32_MAX;
1437		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1438			if (port->wwpn_iid[i].in_use == 0) {
1439				if (port->wwpn_iid[i].last_use < best_time) {
1440					best = i;
1441					best_time = port->wwpn_iid[i].last_use;
1442				}
1443			}
1444		}
1445		iid = best;
1446	}
1447
1448	if (iid < 0) {
1449		mtx_unlock(&softc->ctl_lock);
1450		free(name, M_CTL);
1451		return (-2);
1452	}
1453
1454	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1455		/*
1456		 * This is not an error yet.
1457		 */
1458		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1459#if 0
1460			printf("%s: port %d iid %u WWPN %#jx arrived"
1461			    " again\n", __func__, port->targ_port,
1462			    iid, (uintmax_t)wwpn);
1463#endif
1464			goto take;
1465		}
1466		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1467		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1468#if 0
1469			printf("%s: port %d iid %u name '%s' arrived"
1470			    " again\n", __func__, port->targ_port,
1471			    iid, name);
1472#endif
1473			goto take;
1474		}
1475
1476		/*
1477		 * This is an error, but what do we do about it?  The
1478		 * driver is telling us we have a new WWPN for this
1479		 * initiator ID, so we pretty much need to use it.
1480		 */
1481		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1482		    " but WWPN %#jx '%s' is still at that address\n",
1483		    __func__, port->targ_port, iid, wwpn, name,
1484		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1485		    port->wwpn_iid[iid].name);
1486
1487		/*
1488		 * XXX KDM clear have_ca and ua_pending on each LUN for
1489		 * this initiator.
1490		 */
1491	}
1492take:
1493	free(port->wwpn_iid[iid].name, M_CTL);
1494	port->wwpn_iid[iid].name = name;
1495	port->wwpn_iid[iid].wwpn = wwpn;
1496	port->wwpn_iid[iid].in_use++;
1497	mtx_unlock(&softc->ctl_lock);
1498
1499	return (iid);
1500}
1501
1502static int
1503ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1504{
1505	int len;
1506
1507	switch (port->port_type) {
1508	case CTL_PORT_FC:
1509	{
1510		struct scsi_transportid_fcp *id =
1511		    (struct scsi_transportid_fcp *)buf;
1512		if (port->wwpn_iid[iid].wwpn == 0)
1513			return (0);
1514		memset(id, 0, sizeof(*id));
1515		id->format_protocol = SCSI_PROTO_FC;
1516		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1517		return (sizeof(*id));
1518	}
1519	case CTL_PORT_ISCSI:
1520	{
1521		struct scsi_transportid_iscsi_port *id =
1522		    (struct scsi_transportid_iscsi_port *)buf;
1523		if (port->wwpn_iid[iid].name == NULL)
1524			return (0);
1525		memset(id, 0, 256);
1526		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1527		    SCSI_PROTO_ISCSI;
1528		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1529		len = roundup2(min(len, 252), 4);
1530		scsi_ulto2b(len, id->additional_length);
1531		return (sizeof(*id) + len);
1532	}
1533	case CTL_PORT_SAS:
1534	{
1535		struct scsi_transportid_sas *id =
1536		    (struct scsi_transportid_sas *)buf;
1537		if (port->wwpn_iid[iid].wwpn == 0)
1538			return (0);
1539		memset(id, 0, sizeof(*id));
1540		id->format_protocol = SCSI_PROTO_SAS;
1541		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1542		return (sizeof(*id));
1543	}
1544	default:
1545	{
1546		struct scsi_transportid_spi *id =
1547		    (struct scsi_transportid_spi *)buf;
1548		memset(id, 0, sizeof(*id));
1549		id->format_protocol = SCSI_PROTO_SPI;
1550		scsi_ulto2b(iid, id->scsi_addr);
1551		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1552		return (sizeof(*id));
1553	}
1554	}
1555}
1556
1557static int
1558ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1559{
1560	return (0);
1561}
1562
1563static int
1564ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1565{
1566	return (0);
1567}
1568
1569/*
1570 * Data movement routine for the CTL ioctl frontend port.
1571 */
1572static int
1573ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1574{
1575	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1576	struct ctl_sg_entry ext_entry, kern_entry;
1577	int ext_sglen, ext_sg_entries, kern_sg_entries;
1578	int ext_sg_start, ext_offset;
1579	int len_to_copy, len_copied;
1580	int kern_watermark, ext_watermark;
1581	int ext_sglist_malloced;
1582	int i, j;
1583
1584	ext_sglist_malloced = 0;
1585	ext_sg_start = 0;
1586	ext_offset = 0;
1587
1588	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1589
1590	/*
1591	 * If this flag is set, fake the data transfer.
1592	 */
1593	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1594		ctsio->ext_data_filled = ctsio->ext_data_len;
1595		goto bailout;
1596	}
1597
1598	/*
1599	 * To simplify things here, if we have a single buffer, stick it in
1600	 * a S/G entry and just make it a single entry S/G list.
1601	 */
1602	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1603		int len_seen;
1604
1605		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1606
1607		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1608							   M_WAITOK);
1609		ext_sglist_malloced = 1;
1610		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1611				   ext_sglen) != 0) {
1612			ctl_set_internal_failure(ctsio,
1613						 /*sks_valid*/ 0,
1614						 /*retry_count*/ 0);
1615			goto bailout;
1616		}
1617		ext_sg_entries = ctsio->ext_sg_entries;
1618		len_seen = 0;
1619		for (i = 0; i < ext_sg_entries; i++) {
1620			if ((len_seen + ext_sglist[i].len) >=
1621			     ctsio->ext_data_filled) {
1622				ext_sg_start = i;
1623				ext_offset = ctsio->ext_data_filled - len_seen;
1624				break;
1625			}
1626			len_seen += ext_sglist[i].len;
1627		}
1628	} else {
1629		ext_sglist = &ext_entry;
1630		ext_sglist->addr = ctsio->ext_data_ptr;
1631		ext_sglist->len = ctsio->ext_data_len;
1632		ext_sg_entries = 1;
1633		ext_sg_start = 0;
1634		ext_offset = ctsio->ext_data_filled;
1635	}
1636
1637	if (ctsio->kern_sg_entries > 0) {
1638		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1639		kern_sg_entries = ctsio->kern_sg_entries;
1640	} else {
1641		kern_sglist = &kern_entry;
1642		kern_sglist->addr = ctsio->kern_data_ptr;
1643		kern_sglist->len = ctsio->kern_data_len;
1644		kern_sg_entries = 1;
1645	}
1646
1647
1648	kern_watermark = 0;
1649	ext_watermark = ext_offset;
1650	len_copied = 0;
1651	for (i = ext_sg_start, j = 0;
1652	     i < ext_sg_entries && j < kern_sg_entries;) {
1653		uint8_t *ext_ptr, *kern_ptr;
1654
1655		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1656				      kern_sglist[j].len - kern_watermark);
1657
1658		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1659		ext_ptr = ext_ptr + ext_watermark;
1660		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1661			/*
1662			 * XXX KDM fix this!
1663			 */
1664			panic("need to implement bus address support");
1665#if 0
1666			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1667#endif
1668		} else
1669			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1670		kern_ptr = kern_ptr + kern_watermark;
1671
1672		kern_watermark += len_to_copy;
1673		ext_watermark += len_to_copy;
1674
1675		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1676		     CTL_FLAG_DATA_IN) {
1677			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1678					 "bytes to user\n", len_to_copy));
1679			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1680					 "to %p\n", kern_ptr, ext_ptr));
1681			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1682				ctl_set_internal_failure(ctsio,
1683							 /*sks_valid*/ 0,
1684							 /*retry_count*/ 0);
1685				goto bailout;
1686			}
1687		} else {
1688			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1689					 "bytes from user\n", len_to_copy));
1690			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1691					 "to %p\n", ext_ptr, kern_ptr));
1692			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1693				ctl_set_internal_failure(ctsio,
1694							 /*sks_valid*/ 0,
1695							 /*retry_count*/0);
1696				goto bailout;
1697			}
1698		}
1699
1700		len_copied += len_to_copy;
1701
1702		if (ext_sglist[i].len == ext_watermark) {
1703			i++;
1704			ext_watermark = 0;
1705		}
1706
1707		if (kern_sglist[j].len == kern_watermark) {
1708			j++;
1709			kern_watermark = 0;
1710		}
1711	}
1712
1713	ctsio->ext_data_filled += len_copied;
1714
1715	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1716			 "kern_sg_entries: %d\n", ext_sg_entries,
1717			 kern_sg_entries));
1718	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1719			 "kern_data_len = %d\n", ctsio->ext_data_len,
1720			 ctsio->kern_data_len));
1721
1722
1723	/* XXX KDM set residual?? */
1724bailout:
1725
1726	if (ext_sglist_malloced != 0)
1727		free(ext_sglist, M_CTL);
1728
1729	return (CTL_RETVAL_COMPLETE);
1730}
1731
1732/*
1733 * Serialize a command that went down the "wrong" side, and so was sent to
1734 * this controller for execution.  The logic is a little different than the
1735 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1736 * sent back to the other side, but in the success case, we execute the
1737 * command on this side (XFER mode) or tell the other side to execute it
1738 * (SER_ONLY mode).
1739 */
1740static int
1741ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1742{
1743	struct ctl_softc *ctl_softc;
1744	union ctl_ha_msg msg_info;
1745	struct ctl_lun *lun;
1746	int retval = 0;
1747	uint32_t targ_lun;
1748
1749	ctl_softc = control_softc;
1750
1751	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1752	lun = ctl_softc->ctl_luns[targ_lun];
1753	if (lun==NULL)
1754	{
1755		/*
1756		 * Why isn't LUN defined? The other side wouldn't
1757		 * send a cmd if the LUN is undefined.
1758		 */
1759		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1760
1761		/* "Logical unit not supported" */
1762		ctl_set_sense_data(&msg_info.scsi.sense_data,
1763				   lun,
1764				   /*sense_format*/SSD_TYPE_NONE,
1765				   /*current_error*/ 1,
1766				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1767				   /*asc*/ 0x25,
1768				   /*ascq*/ 0x00,
1769				   SSD_ELEM_NONE);
1770
1771		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1772		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1773		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1774		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1775		msg_info.hdr.serializing_sc = NULL;
1776		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1777	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1778				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1779		}
1780		return(1);
1781
1782	}
1783
1784	mtx_lock(&lun->lun_lock);
1785    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1786
1787	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1788		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1789		 ooa_links))) {
1790	case CTL_ACTION_BLOCK:
1791		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1792		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1793				  blocked_links);
1794		break;
1795	case CTL_ACTION_PASS:
1796	case CTL_ACTION_SKIP:
1797		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1798			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1799			ctl_enqueue_rtr((union ctl_io *)ctsio);
1800		} else {
1801
1802			/* send msg back to other side */
1803			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1804			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1805			msg_info.hdr.msg_type = CTL_MSG_R2R;
1806#if 0
1807			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1808#endif
1809		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1810			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1811			}
1812		}
1813		break;
1814	case CTL_ACTION_OVERLAP:
1815		/* OVERLAPPED COMMANDS ATTEMPTED */
1816		ctl_set_sense_data(&msg_info.scsi.sense_data,
1817				   lun,
1818				   /*sense_format*/SSD_TYPE_NONE,
1819				   /*current_error*/ 1,
1820				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1821				   /*asc*/ 0x4E,
1822				   /*ascq*/ 0x00,
1823				   SSD_ELEM_NONE);
1824
1825		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1826		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1827		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1828		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1829		msg_info.hdr.serializing_sc = NULL;
1830		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1831#if 0
1832		printf("BAD JUJU:Major Bummer Overlap\n");
1833#endif
1834		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1835		retval = 1;
1836		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1837		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1838		}
1839		break;
1840	case CTL_ACTION_OVERLAP_TAG:
1841		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1842		ctl_set_sense_data(&msg_info.scsi.sense_data,
1843				   lun,
1844				   /*sense_format*/SSD_TYPE_NONE,
1845				   /*current_error*/ 1,
1846				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1847				   /*asc*/ 0x4D,
1848				   /*ascq*/ ctsio->tag_num & 0xff,
1849				   SSD_ELEM_NONE);
1850
1851		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1852		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1853		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1854		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1855		msg_info.hdr.serializing_sc = NULL;
1856		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1857#if 0
1858		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1859#endif
1860		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1861		retval = 1;
1862		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1863		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1864		}
1865		break;
1866	case CTL_ACTION_ERROR:
1867	default:
1868		/* "Internal target failure" */
1869		ctl_set_sense_data(&msg_info.scsi.sense_data,
1870				   lun,
1871				   /*sense_format*/SSD_TYPE_NONE,
1872				   /*current_error*/ 1,
1873				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1874				   /*asc*/ 0x44,
1875				   /*ascq*/ 0x00,
1876				   SSD_ELEM_NONE);
1877
1878		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1879		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1880		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1881		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1882		msg_info.hdr.serializing_sc = NULL;
1883		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1884#if 0
1885		printf("BAD JUJU:Major Bummer HW Error\n");
1886#endif
1887		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1888		retval = 1;
1889		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1890		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1891		}
1892		break;
1893	}
1894	mtx_unlock(&lun->lun_lock);
1895	return (retval);
1896}
1897
1898static int
1899ctl_ioctl_submit_wait(union ctl_io *io)
1900{
1901	struct ctl_fe_ioctl_params params;
1902	ctl_fe_ioctl_state last_state;
1903	int done, retval;
1904
1905	retval = 0;
1906
1907	bzero(&params, sizeof(params));
1908
1909	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1910	cv_init(&params.sem, "ctlioccv");
1911	params.state = CTL_IOCTL_INPROG;
1912	last_state = params.state;
1913
1914	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1915
1916	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1917
1918	/* This shouldn't happen */
1919	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1920		return (retval);
1921
1922	done = 0;
1923
1924	do {
1925		mtx_lock(&params.ioctl_mtx);
1926		/*
1927		 * Check the state here, and don't sleep if the state has
1928		 * already changed (i.e. wakeup has already occured, but we
1929		 * weren't waiting yet).
1930		 */
1931		if (params.state == last_state) {
1932			/* XXX KDM cv_wait_sig instead? */
1933			cv_wait(&params.sem, &params.ioctl_mtx);
1934		}
1935		last_state = params.state;
1936
1937		switch (params.state) {
1938		case CTL_IOCTL_INPROG:
1939			/* Why did we wake up? */
1940			/* XXX KDM error here? */
1941			mtx_unlock(&params.ioctl_mtx);
1942			break;
1943		case CTL_IOCTL_DATAMOVE:
1944			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
1945
1946			/*
1947			 * change last_state back to INPROG to avoid
1948			 * deadlock on subsequent data moves.
1949			 */
1950			params.state = last_state = CTL_IOCTL_INPROG;
1951
1952			mtx_unlock(&params.ioctl_mtx);
1953			ctl_ioctl_do_datamove(&io->scsiio);
1954			/*
1955			 * Note that in some cases, most notably writes,
1956			 * this will queue the I/O and call us back later.
1957			 * In other cases, generally reads, this routine
1958			 * will immediately call back and wake us up,
1959			 * probably using our own context.
1960			 */
1961			io->scsiio.be_move_done(io);
1962			break;
1963		case CTL_IOCTL_DONE:
1964			mtx_unlock(&params.ioctl_mtx);
1965			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
1966			done = 1;
1967			break;
1968		default:
1969			mtx_unlock(&params.ioctl_mtx);
1970			/* XXX KDM error here? */
1971			break;
1972		}
1973	} while (done == 0);
1974
1975	mtx_destroy(&params.ioctl_mtx);
1976	cv_destroy(&params.sem);
1977
1978	return (CTL_RETVAL_COMPLETE);
1979}
1980
1981static void
1982ctl_ioctl_datamove(union ctl_io *io)
1983{
1984	struct ctl_fe_ioctl_params *params;
1985
1986	params = (struct ctl_fe_ioctl_params *)
1987		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1988
1989	mtx_lock(&params->ioctl_mtx);
1990	params->state = CTL_IOCTL_DATAMOVE;
1991	cv_broadcast(&params->sem);
1992	mtx_unlock(&params->ioctl_mtx);
1993}
1994
1995static void
1996ctl_ioctl_done(union ctl_io *io)
1997{
1998	struct ctl_fe_ioctl_params *params;
1999
2000	params = (struct ctl_fe_ioctl_params *)
2001		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2002
2003	mtx_lock(&params->ioctl_mtx);
2004	params->state = CTL_IOCTL_DONE;
2005	cv_broadcast(&params->sem);
2006	mtx_unlock(&params->ioctl_mtx);
2007}
2008
2009static void
2010ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
2011{
2012	struct ctl_fe_ioctl_startstop_info *sd_info;
2013
2014	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
2015
2016	sd_info->hs_info.status = metatask->status;
2017	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
2018	sd_info->hs_info.luns_complete =
2019		metatask->taskinfo.startstop.luns_complete;
2020	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
2021
2022	cv_broadcast(&sd_info->sem);
2023}
2024
2025static void
2026ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
2027{
2028	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
2029
2030	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
2031
2032	mtx_lock(fe_bbr_info->lock);
2033	fe_bbr_info->bbr_info->status = metatask->status;
2034	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2035	fe_bbr_info->wakeup_done = 1;
2036	mtx_unlock(fe_bbr_info->lock);
2037
2038	cv_broadcast(&fe_bbr_info->sem);
2039}
2040
2041/*
2042 * Returns 0 for success, errno for failure.
2043 */
2044static int
2045ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2046		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2047{
2048	union ctl_io *io;
2049	int retval;
2050
2051	retval = 0;
2052
2053	mtx_lock(&lun->lun_lock);
2054	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2055	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2056	     ooa_links)) {
2057		struct ctl_ooa_entry *entry;
2058
2059		/*
2060		 * If we've got more than we can fit, just count the
2061		 * remaining entries.
2062		 */
2063		if (*cur_fill_num >= ooa_hdr->alloc_num)
2064			continue;
2065
2066		entry = &kern_entries[*cur_fill_num];
2067
2068		entry->tag_num = io->scsiio.tag_num;
2069		entry->lun_num = lun->lun;
2070#ifdef CTL_TIME_IO
2071		entry->start_bt = io->io_hdr.start_bt;
2072#endif
2073		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2074		entry->cdb_len = io->scsiio.cdb_len;
2075		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2076			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2077
2078		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2079			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2080
2081		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2082			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2083
2084		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2085			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2086
2087		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2088			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2089	}
2090	mtx_unlock(&lun->lun_lock);
2091
2092	return (retval);
2093}
2094
2095static void *
2096ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2097		 size_t error_str_len)
2098{
2099	void *kptr;
2100
2101	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2102
2103	if (copyin(user_addr, kptr, len) != 0) {
2104		snprintf(error_str, error_str_len, "Error copying %d bytes "
2105			 "from user address %p to kernel address %p", len,
2106			 user_addr, kptr);
2107		free(kptr, M_CTL);
2108		return (NULL);
2109	}
2110
2111	return (kptr);
2112}
2113
2114static void
2115ctl_free_args(int num_args, struct ctl_be_arg *args)
2116{
2117	int i;
2118
2119	if (args == NULL)
2120		return;
2121
2122	for (i = 0; i < num_args; i++) {
2123		free(args[i].kname, M_CTL);
2124		free(args[i].kvalue, M_CTL);
2125	}
2126
2127	free(args, M_CTL);
2128}
2129
2130static struct ctl_be_arg *
2131ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2132		char *error_str, size_t error_str_len)
2133{
2134	struct ctl_be_arg *args;
2135	int i;
2136
2137	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2138				error_str, error_str_len);
2139
2140	if (args == NULL)
2141		goto bailout;
2142
2143	for (i = 0; i < num_args; i++) {
2144		args[i].kname = NULL;
2145		args[i].kvalue = NULL;
2146	}
2147
2148	for (i = 0; i < num_args; i++) {
2149		uint8_t *tmpptr;
2150
2151		args[i].kname = ctl_copyin_alloc(args[i].name,
2152			args[i].namelen, error_str, error_str_len);
2153		if (args[i].kname == NULL)
2154			goto bailout;
2155
2156		if (args[i].kname[args[i].namelen - 1] != '\0') {
2157			snprintf(error_str, error_str_len, "Argument %d "
2158				 "name is not NUL-terminated", i);
2159			goto bailout;
2160		}
2161
2162		if (args[i].flags & CTL_BEARG_RD) {
2163			tmpptr = ctl_copyin_alloc(args[i].value,
2164				args[i].vallen, error_str, error_str_len);
2165			if (tmpptr == NULL)
2166				goto bailout;
2167			if ((args[i].flags & CTL_BEARG_ASCII)
2168			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2169				snprintf(error_str, error_str_len, "Argument "
2170				    "%d value is not NUL-terminated", i);
2171				goto bailout;
2172			}
2173			args[i].kvalue = tmpptr;
2174		} else {
2175			args[i].kvalue = malloc(args[i].vallen,
2176			    M_CTL, M_WAITOK | M_ZERO);
2177		}
2178	}
2179
2180	return (args);
2181bailout:
2182
2183	ctl_free_args(num_args, args);
2184
2185	return (NULL);
2186}
2187
2188static void
2189ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2190{
2191	int i;
2192
2193	for (i = 0; i < num_args; i++) {
2194		if (args[i].flags & CTL_BEARG_WR)
2195			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2196	}
2197}
2198
2199/*
2200 * Escape characters that are illegal or not recommended in XML.
2201 */
2202int
2203ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2204{
2205	char *end = str + size;
2206	int retval;
2207
2208	retval = 0;
2209
2210	for (; *str && str < end; str++) {
2211		switch (*str) {
2212		case '&':
2213			retval = sbuf_printf(sb, "&amp;");
2214			break;
2215		case '>':
2216			retval = sbuf_printf(sb, "&gt;");
2217			break;
2218		case '<':
2219			retval = sbuf_printf(sb, "&lt;");
2220			break;
2221		default:
2222			retval = sbuf_putc(sb, *str);
2223			break;
2224		}
2225
2226		if (retval != 0)
2227			break;
2228
2229	}
2230
2231	return (retval);
2232}
2233
2234static void
2235ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2236{
2237	struct scsi_vpd_id_descriptor *desc;
2238	int i;
2239
2240	if (id == NULL || id->len < 4)
2241		return;
2242	desc = (struct scsi_vpd_id_descriptor *)id->data;
2243	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2244	case SVPD_ID_TYPE_T10:
2245		sbuf_printf(sb, "t10.");
2246		break;
2247	case SVPD_ID_TYPE_EUI64:
2248		sbuf_printf(sb, "eui.");
2249		break;
2250	case SVPD_ID_TYPE_NAA:
2251		sbuf_printf(sb, "naa.");
2252		break;
2253	case SVPD_ID_TYPE_SCSI_NAME:
2254		break;
2255	}
2256	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2257	case SVPD_ID_CODESET_BINARY:
2258		for (i = 0; i < desc->length; i++)
2259			sbuf_printf(sb, "%02x", desc->identifier[i]);
2260		break;
2261	case SVPD_ID_CODESET_ASCII:
2262		sbuf_printf(sb, "%.*s", (int)desc->length,
2263		    (char *)desc->identifier);
2264		break;
2265	case SVPD_ID_CODESET_UTF8:
2266		sbuf_printf(sb, "%s", (char *)desc->identifier);
2267		break;
2268	}
2269}
2270
2271static int
2272ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2273	  struct thread *td)
2274{
2275	struct ctl_softc *softc;
2276	int retval;
2277
2278	softc = control_softc;
2279
2280	retval = 0;
2281
2282	switch (cmd) {
2283	case CTL_IO: {
2284		union ctl_io *io;
2285		void *pool_tmp;
2286
2287		/*
2288		 * If we haven't been "enabled", don't allow any SCSI I/O
2289		 * to this FETD.
2290		 */
2291		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2292			retval = EPERM;
2293			break;
2294		}
2295
2296		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2297		if (io == NULL) {
2298			printf("ctl_ioctl: can't allocate ctl_io!\n");
2299			retval = ENOSPC;
2300			break;
2301		}
2302
2303		/*
2304		 * Need to save the pool reference so it doesn't get
2305		 * spammed by the user's ctl_io.
2306		 */
2307		pool_tmp = io->io_hdr.pool;
2308
2309		memcpy(io, (void *)addr, sizeof(*io));
2310
2311		io->io_hdr.pool = pool_tmp;
2312		/*
2313		 * No status yet, so make sure the status is set properly.
2314		 */
2315		io->io_hdr.status = CTL_STATUS_NONE;
2316
2317		/*
2318		 * The user sets the initiator ID, target and LUN IDs.
2319		 */
2320		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2321		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2322		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2323		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2324			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2325
2326		retval = ctl_ioctl_submit_wait(io);
2327
2328		if (retval != 0) {
2329			ctl_free_io(io);
2330			break;
2331		}
2332
2333		memcpy((void *)addr, io, sizeof(*io));
2334
2335		/* return this to our pool */
2336		ctl_free_io(io);
2337
2338		break;
2339	}
2340	case CTL_ENABLE_PORT:
2341	case CTL_DISABLE_PORT:
2342	case CTL_SET_PORT_WWNS: {
2343		struct ctl_port *port;
2344		struct ctl_port_entry *entry;
2345
2346		entry = (struct ctl_port_entry *)addr;
2347
2348		mtx_lock(&softc->ctl_lock);
2349		STAILQ_FOREACH(port, &softc->port_list, links) {
2350			int action, done;
2351
2352			action = 0;
2353			done = 0;
2354
2355			if ((entry->port_type == CTL_PORT_NONE)
2356			 && (entry->targ_port == port->targ_port)) {
2357				/*
2358				 * If the user only wants to enable or
2359				 * disable or set WWNs on a specific port,
2360				 * do the operation and we're done.
2361				 */
2362				action = 1;
2363				done = 1;
2364			} else if (entry->port_type & port->port_type) {
2365				/*
2366				 * Compare the user's type mask with the
2367				 * particular frontend type to see if we
2368				 * have a match.
2369				 */
2370				action = 1;
2371				done = 0;
2372
2373				/*
2374				 * Make sure the user isn't trying to set
2375				 * WWNs on multiple ports at the same time.
2376				 */
2377				if (cmd == CTL_SET_PORT_WWNS) {
2378					printf("%s: Can't set WWNs on "
2379					       "multiple ports\n", __func__);
2380					retval = EINVAL;
2381					break;
2382				}
2383			}
2384			if (action != 0) {
2385				/*
2386				 * XXX KDM we have to drop the lock here,
2387				 * because the online/offline operations
2388				 * can potentially block.  We need to
2389				 * reference count the frontends so they
2390				 * can't go away,
2391				 */
2392				mtx_unlock(&softc->ctl_lock);
2393
2394				if (cmd == CTL_ENABLE_PORT) {
2395					struct ctl_lun *lun;
2396
2397					STAILQ_FOREACH(lun, &softc->lun_list,
2398						       links) {
2399						port->lun_enable(port->targ_lun_arg,
2400						    lun->target,
2401						    lun->lun);
2402					}
2403
2404					ctl_port_online(port);
2405				} else if (cmd == CTL_DISABLE_PORT) {
2406					struct ctl_lun *lun;
2407
2408					ctl_port_offline(port);
2409
2410					STAILQ_FOREACH(lun, &softc->lun_list,
2411						       links) {
2412						port->lun_disable(
2413						    port->targ_lun_arg,
2414						    lun->target,
2415						    lun->lun);
2416					}
2417				}
2418
2419				mtx_lock(&softc->ctl_lock);
2420
2421				if (cmd == CTL_SET_PORT_WWNS)
2422					ctl_port_set_wwns(port,
2423					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2424					    1 : 0, entry->wwnn,
2425					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2426					    1 : 0, entry->wwpn);
2427			}
2428			if (done != 0)
2429				break;
2430		}
2431		mtx_unlock(&softc->ctl_lock);
2432		break;
2433	}
2434	case CTL_GET_PORT_LIST: {
2435		struct ctl_port *port;
2436		struct ctl_port_list *list;
2437		int i;
2438
2439		list = (struct ctl_port_list *)addr;
2440
2441		if (list->alloc_len != (list->alloc_num *
2442		    sizeof(struct ctl_port_entry))) {
2443			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2444			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2445			       "%zu\n", __func__, list->alloc_len,
2446			       list->alloc_num, sizeof(struct ctl_port_entry));
2447			retval = EINVAL;
2448			break;
2449		}
2450		list->fill_len = 0;
2451		list->fill_num = 0;
2452		list->dropped_num = 0;
2453		i = 0;
2454		mtx_lock(&softc->ctl_lock);
2455		STAILQ_FOREACH(port, &softc->port_list, links) {
2456			struct ctl_port_entry entry, *list_entry;
2457
2458			if (list->fill_num >= list->alloc_num) {
2459				list->dropped_num++;
2460				continue;
2461			}
2462
2463			entry.port_type = port->port_type;
2464			strlcpy(entry.port_name, port->port_name,
2465				sizeof(entry.port_name));
2466			entry.targ_port = port->targ_port;
2467			entry.physical_port = port->physical_port;
2468			entry.virtual_port = port->virtual_port;
2469			entry.wwnn = port->wwnn;
2470			entry.wwpn = port->wwpn;
2471			if (port->status & CTL_PORT_STATUS_ONLINE)
2472				entry.online = 1;
2473			else
2474				entry.online = 0;
2475
2476			list_entry = &list->entries[i];
2477
2478			retval = copyout(&entry, list_entry, sizeof(entry));
2479			if (retval != 0) {
2480				printf("%s: CTL_GET_PORT_LIST: copyout "
2481				       "returned %d\n", __func__, retval);
2482				break;
2483			}
2484			i++;
2485			list->fill_num++;
2486			list->fill_len += sizeof(entry);
2487		}
2488		mtx_unlock(&softc->ctl_lock);
2489
2490		/*
2491		 * If this is non-zero, we had a copyout fault, so there's
2492		 * probably no point in attempting to set the status inside
2493		 * the structure.
2494		 */
2495		if (retval != 0)
2496			break;
2497
2498		if (list->dropped_num > 0)
2499			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2500		else
2501			list->status = CTL_PORT_LIST_OK;
2502		break;
2503	}
2504	case CTL_DUMP_OOA: {
2505		struct ctl_lun *lun;
2506		union ctl_io *io;
2507		char printbuf[128];
2508		struct sbuf sb;
2509
2510		mtx_lock(&softc->ctl_lock);
2511		printf("Dumping OOA queues:\n");
2512		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2513			mtx_lock(&lun->lun_lock);
2514			for (io = (union ctl_io *)TAILQ_FIRST(
2515			     &lun->ooa_queue); io != NULL;
2516			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2517			     ooa_links)) {
2518				sbuf_new(&sb, printbuf, sizeof(printbuf),
2519					 SBUF_FIXEDLEN);
2520				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2521					    (intmax_t)lun->lun,
2522					    io->scsiio.tag_num,
2523					    (io->io_hdr.flags &
2524					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2525					    (io->io_hdr.flags &
2526					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2527					    (io->io_hdr.flags &
2528					    CTL_FLAG_ABORT) ? " ABORT" : "",
2529			                    (io->io_hdr.flags &
2530		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2531				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2532				sbuf_finish(&sb);
2533				printf("%s\n", sbuf_data(&sb));
2534			}
2535			mtx_unlock(&lun->lun_lock);
2536		}
2537		printf("OOA queues dump done\n");
2538		mtx_unlock(&softc->ctl_lock);
2539		break;
2540	}
2541	case CTL_GET_OOA: {
2542		struct ctl_lun *lun;
2543		struct ctl_ooa *ooa_hdr;
2544		struct ctl_ooa_entry *entries;
2545		uint32_t cur_fill_num;
2546
2547		ooa_hdr = (struct ctl_ooa *)addr;
2548
2549		if ((ooa_hdr->alloc_len == 0)
2550		 || (ooa_hdr->alloc_num == 0)) {
2551			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2552			       "must be non-zero\n", __func__,
2553			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2554			retval = EINVAL;
2555			break;
2556		}
2557
2558		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2559		    sizeof(struct ctl_ooa_entry))) {
2560			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2561			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2562			       __func__, ooa_hdr->alloc_len,
2563			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2564			retval = EINVAL;
2565			break;
2566		}
2567
2568		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2569		if (entries == NULL) {
2570			printf("%s: could not allocate %d bytes for OOA "
2571			       "dump\n", __func__, ooa_hdr->alloc_len);
2572			retval = ENOMEM;
2573			break;
2574		}
2575
2576		mtx_lock(&softc->ctl_lock);
2577		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2578		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2579		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2580			mtx_unlock(&softc->ctl_lock);
2581			free(entries, M_CTL);
2582			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2583			       __func__, (uintmax_t)ooa_hdr->lun_num);
2584			retval = EINVAL;
2585			break;
2586		}
2587
2588		cur_fill_num = 0;
2589
2590		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2591			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2592				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2593					ooa_hdr, entries);
2594				if (retval != 0)
2595					break;
2596			}
2597			if (retval != 0) {
2598				mtx_unlock(&softc->ctl_lock);
2599				free(entries, M_CTL);
2600				break;
2601			}
2602		} else {
2603			lun = softc->ctl_luns[ooa_hdr->lun_num];
2604
2605			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2606						    entries);
2607		}
2608		mtx_unlock(&softc->ctl_lock);
2609
2610		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2611		ooa_hdr->fill_len = ooa_hdr->fill_num *
2612			sizeof(struct ctl_ooa_entry);
2613		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2614		if (retval != 0) {
2615			printf("%s: error copying out %d bytes for OOA dump\n",
2616			       __func__, ooa_hdr->fill_len);
2617		}
2618
2619		getbintime(&ooa_hdr->cur_bt);
2620
2621		if (cur_fill_num > ooa_hdr->alloc_num) {
2622			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2623			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2624		} else {
2625			ooa_hdr->dropped_num = 0;
2626			ooa_hdr->status = CTL_OOA_OK;
2627		}
2628
2629		free(entries, M_CTL);
2630		break;
2631	}
2632	case CTL_CHECK_OOA: {
2633		union ctl_io *io;
2634		struct ctl_lun *lun;
2635		struct ctl_ooa_info *ooa_info;
2636
2637
2638		ooa_info = (struct ctl_ooa_info *)addr;
2639
2640		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2641			ooa_info->status = CTL_OOA_INVALID_LUN;
2642			break;
2643		}
2644		mtx_lock(&softc->ctl_lock);
2645		lun = softc->ctl_luns[ooa_info->lun_id];
2646		if (lun == NULL) {
2647			mtx_unlock(&softc->ctl_lock);
2648			ooa_info->status = CTL_OOA_INVALID_LUN;
2649			break;
2650		}
2651		mtx_lock(&lun->lun_lock);
2652		mtx_unlock(&softc->ctl_lock);
2653		ooa_info->num_entries = 0;
2654		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2655		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2656		     &io->io_hdr, ooa_links)) {
2657			ooa_info->num_entries++;
2658		}
2659		mtx_unlock(&lun->lun_lock);
2660
2661		ooa_info->status = CTL_OOA_SUCCESS;
2662
2663		break;
2664	}
2665	case CTL_HARD_START:
2666	case CTL_HARD_STOP: {
2667		struct ctl_fe_ioctl_startstop_info ss_info;
2668		struct cfi_metatask *metatask;
2669		struct mtx hs_mtx;
2670
2671		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2672
2673		cv_init(&ss_info.sem, "hard start/stop cv" );
2674
2675		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2676		if (metatask == NULL) {
2677			retval = ENOMEM;
2678			mtx_destroy(&hs_mtx);
2679			break;
2680		}
2681
2682		if (cmd == CTL_HARD_START)
2683			metatask->tasktype = CFI_TASK_STARTUP;
2684		else
2685			metatask->tasktype = CFI_TASK_SHUTDOWN;
2686
2687		metatask->callback = ctl_ioctl_hard_startstop_callback;
2688		metatask->callback_arg = &ss_info;
2689
2690		cfi_action(metatask);
2691
2692		/* Wait for the callback */
2693		mtx_lock(&hs_mtx);
2694		cv_wait_sig(&ss_info.sem, &hs_mtx);
2695		mtx_unlock(&hs_mtx);
2696
2697		/*
2698		 * All information has been copied from the metatask by the
2699		 * time cv_broadcast() is called, so we free the metatask here.
2700		 */
2701		cfi_free_metatask(metatask);
2702
2703		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2704
2705		mtx_destroy(&hs_mtx);
2706		break;
2707	}
2708	case CTL_BBRREAD: {
2709		struct ctl_bbrread_info *bbr_info;
2710		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2711		struct mtx bbr_mtx;
2712		struct cfi_metatask *metatask;
2713
2714		bbr_info = (struct ctl_bbrread_info *)addr;
2715
2716		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2717
2718		bzero(&bbr_mtx, sizeof(bbr_mtx));
2719		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2720
2721		fe_bbr_info.bbr_info = bbr_info;
2722		fe_bbr_info.lock = &bbr_mtx;
2723
2724		cv_init(&fe_bbr_info.sem, "BBR read cv");
2725		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2726
2727		if (metatask == NULL) {
2728			mtx_destroy(&bbr_mtx);
2729			cv_destroy(&fe_bbr_info.sem);
2730			retval = ENOMEM;
2731			break;
2732		}
2733		metatask->tasktype = CFI_TASK_BBRREAD;
2734		metatask->callback = ctl_ioctl_bbrread_callback;
2735		metatask->callback_arg = &fe_bbr_info;
2736		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2737		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2738		metatask->taskinfo.bbrread.len = bbr_info->len;
2739
2740		cfi_action(metatask);
2741
2742		mtx_lock(&bbr_mtx);
2743		while (fe_bbr_info.wakeup_done == 0)
2744			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2745		mtx_unlock(&bbr_mtx);
2746
2747		bbr_info->status = metatask->status;
2748		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2749		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2750		memcpy(&bbr_info->sense_data,
2751		       &metatask->taskinfo.bbrread.sense_data,
2752		       ctl_min(sizeof(bbr_info->sense_data),
2753			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2754
2755		cfi_free_metatask(metatask);
2756
2757		mtx_destroy(&bbr_mtx);
2758		cv_destroy(&fe_bbr_info.sem);
2759
2760		break;
2761	}
2762	case CTL_DELAY_IO: {
2763		struct ctl_io_delay_info *delay_info;
2764#ifdef CTL_IO_DELAY
2765		struct ctl_lun *lun;
2766#endif /* CTL_IO_DELAY */
2767
2768		delay_info = (struct ctl_io_delay_info *)addr;
2769
2770#ifdef CTL_IO_DELAY
2771		mtx_lock(&softc->ctl_lock);
2772
2773		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2774		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2775			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2776		} else {
2777			lun = softc->ctl_luns[delay_info->lun_id];
2778			mtx_lock(&lun->lun_lock);
2779
2780			delay_info->status = CTL_DELAY_STATUS_OK;
2781
2782			switch (delay_info->delay_type) {
2783			case CTL_DELAY_TYPE_CONT:
2784				break;
2785			case CTL_DELAY_TYPE_ONESHOT:
2786				break;
2787			default:
2788				delay_info->status =
2789					CTL_DELAY_STATUS_INVALID_TYPE;
2790				break;
2791			}
2792
2793			switch (delay_info->delay_loc) {
2794			case CTL_DELAY_LOC_DATAMOVE:
2795				lun->delay_info.datamove_type =
2796					delay_info->delay_type;
2797				lun->delay_info.datamove_delay =
2798					delay_info->delay_secs;
2799				break;
2800			case CTL_DELAY_LOC_DONE:
2801				lun->delay_info.done_type =
2802					delay_info->delay_type;
2803				lun->delay_info.done_delay =
2804					delay_info->delay_secs;
2805				break;
2806			default:
2807				delay_info->status =
2808					CTL_DELAY_STATUS_INVALID_LOC;
2809				break;
2810			}
2811			mtx_unlock(&lun->lun_lock);
2812		}
2813
2814		mtx_unlock(&softc->ctl_lock);
2815#else
2816		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2817#endif /* CTL_IO_DELAY */
2818		break;
2819	}
2820	case CTL_REALSYNC_SET: {
2821		int *syncstate;
2822
2823		syncstate = (int *)addr;
2824
2825		mtx_lock(&softc->ctl_lock);
2826		switch (*syncstate) {
2827		case 0:
2828			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2829			break;
2830		case 1:
2831			softc->flags |= CTL_FLAG_REAL_SYNC;
2832			break;
2833		default:
2834			retval = EINVAL;
2835			break;
2836		}
2837		mtx_unlock(&softc->ctl_lock);
2838		break;
2839	}
2840	case CTL_REALSYNC_GET: {
2841		int *syncstate;
2842
2843		syncstate = (int*)addr;
2844
2845		mtx_lock(&softc->ctl_lock);
2846		if (softc->flags & CTL_FLAG_REAL_SYNC)
2847			*syncstate = 1;
2848		else
2849			*syncstate = 0;
2850		mtx_unlock(&softc->ctl_lock);
2851
2852		break;
2853	}
2854	case CTL_SETSYNC:
2855	case CTL_GETSYNC: {
2856		struct ctl_sync_info *sync_info;
2857		struct ctl_lun *lun;
2858
2859		sync_info = (struct ctl_sync_info *)addr;
2860
2861		mtx_lock(&softc->ctl_lock);
2862		lun = softc->ctl_luns[sync_info->lun_id];
2863		if (lun == NULL) {
2864			mtx_unlock(&softc->ctl_lock);
2865			sync_info->status = CTL_GS_SYNC_NO_LUN;
2866		}
2867		/*
2868		 * Get or set the sync interval.  We're not bounds checking
2869		 * in the set case, hopefully the user won't do something
2870		 * silly.
2871		 */
2872		mtx_lock(&lun->lun_lock);
2873		mtx_unlock(&softc->ctl_lock);
2874		if (cmd == CTL_GETSYNC)
2875			sync_info->sync_interval = lun->sync_interval;
2876		else
2877			lun->sync_interval = sync_info->sync_interval;
2878		mtx_unlock(&lun->lun_lock);
2879
2880		sync_info->status = CTL_GS_SYNC_OK;
2881
2882		break;
2883	}
2884	case CTL_GETSTATS: {
2885		struct ctl_stats *stats;
2886		struct ctl_lun *lun;
2887		int i;
2888
2889		stats = (struct ctl_stats *)addr;
2890
2891		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2892		     stats->alloc_len) {
2893			stats->status = CTL_SS_NEED_MORE_SPACE;
2894			stats->num_luns = softc->num_luns;
2895			break;
2896		}
2897		/*
2898		 * XXX KDM no locking here.  If the LUN list changes,
2899		 * things can blow up.
2900		 */
2901		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2902		     i++, lun = STAILQ_NEXT(lun, links)) {
2903			retval = copyout(&lun->stats, &stats->lun_stats[i],
2904					 sizeof(lun->stats));
2905			if (retval != 0)
2906				break;
2907		}
2908		stats->num_luns = softc->num_luns;
2909		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2910				 softc->num_luns;
2911		stats->status = CTL_SS_OK;
2912#ifdef CTL_TIME_IO
2913		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2914#else
2915		stats->flags = CTL_STATS_FLAG_NONE;
2916#endif
2917		getnanouptime(&stats->timestamp);
2918		break;
2919	}
2920	case CTL_ERROR_INJECT: {
2921		struct ctl_error_desc *err_desc, *new_err_desc;
2922		struct ctl_lun *lun;
2923
2924		err_desc = (struct ctl_error_desc *)addr;
2925
2926		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2927				      M_WAITOK | M_ZERO);
2928		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2929
2930		mtx_lock(&softc->ctl_lock);
2931		lun = softc->ctl_luns[err_desc->lun_id];
2932		if (lun == NULL) {
2933			mtx_unlock(&softc->ctl_lock);
2934			free(new_err_desc, M_CTL);
2935			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2936			       __func__, (uintmax_t)err_desc->lun_id);
2937			retval = EINVAL;
2938			break;
2939		}
2940		mtx_lock(&lun->lun_lock);
2941		mtx_unlock(&softc->ctl_lock);
2942
2943		/*
2944		 * We could do some checking here to verify the validity
2945		 * of the request, but given the complexity of error
2946		 * injection requests, the checking logic would be fairly
2947		 * complex.
2948		 *
2949		 * For now, if the request is invalid, it just won't get
2950		 * executed and might get deleted.
2951		 */
2952		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2953
2954		/*
2955		 * XXX KDM check to make sure the serial number is unique,
2956		 * in case we somehow manage to wrap.  That shouldn't
2957		 * happen for a very long time, but it's the right thing to
2958		 * do.
2959		 */
2960		new_err_desc->serial = lun->error_serial;
2961		err_desc->serial = lun->error_serial;
2962		lun->error_serial++;
2963
2964		mtx_unlock(&lun->lun_lock);
2965		break;
2966	}
2967	case CTL_ERROR_INJECT_DELETE: {
2968		struct ctl_error_desc *delete_desc, *desc, *desc2;
2969		struct ctl_lun *lun;
2970		int delete_done;
2971
2972		delete_desc = (struct ctl_error_desc *)addr;
2973		delete_done = 0;
2974
2975		mtx_lock(&softc->ctl_lock);
2976		lun = softc->ctl_luns[delete_desc->lun_id];
2977		if (lun == NULL) {
2978			mtx_unlock(&softc->ctl_lock);
2979			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2980			       __func__, (uintmax_t)delete_desc->lun_id);
2981			retval = EINVAL;
2982			break;
2983		}
2984		mtx_lock(&lun->lun_lock);
2985		mtx_unlock(&softc->ctl_lock);
2986		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2987			if (desc->serial != delete_desc->serial)
2988				continue;
2989
2990			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2991				      links);
2992			free(desc, M_CTL);
2993			delete_done = 1;
2994		}
2995		mtx_unlock(&lun->lun_lock);
2996		if (delete_done == 0) {
2997			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2998			       "error serial %ju on LUN %u\n", __func__,
2999			       delete_desc->serial, delete_desc->lun_id);
3000			retval = EINVAL;
3001			break;
3002		}
3003		break;
3004	}
3005	case CTL_DUMP_STRUCTS: {
3006		int i, j, k, idx;
3007		struct ctl_port *port;
3008		struct ctl_frontend *fe;
3009
3010		mtx_lock(&softc->ctl_lock);
3011		printf("CTL Persistent Reservation information start:\n");
3012		for (i = 0; i < CTL_MAX_LUNS; i++) {
3013			struct ctl_lun *lun;
3014
3015			lun = softc->ctl_luns[i];
3016
3017			if ((lun == NULL)
3018			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3019				continue;
3020
3021			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
3022				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3023					idx = j * CTL_MAX_INIT_PER_PORT + k;
3024					if (lun->pr_keys[idx] == 0)
3025						continue;
3026					printf("  LUN %d port %d iid %d key "
3027					       "%#jx\n", i, j, k,
3028					       (uintmax_t)lun->pr_keys[idx]);
3029				}
3030			}
3031		}
3032		printf("CTL Persistent Reservation information end\n");
3033		printf("CTL Ports:\n");
3034		STAILQ_FOREACH(port, &softc->port_list, links) {
3035			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3036			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3037			       port->frontend->name, port->port_type,
3038			       port->physical_port, port->virtual_port,
3039			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3040			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3041				if (port->wwpn_iid[j].in_use == 0 &&
3042				    port->wwpn_iid[j].wwpn == 0 &&
3043				    port->wwpn_iid[j].name == NULL)
3044					continue;
3045
3046				printf("    iid %u use %d WWPN %#jx '%s'\n",
3047				    j, port->wwpn_iid[j].in_use,
3048				    (uintmax_t)port->wwpn_iid[j].wwpn,
3049				    port->wwpn_iid[j].name);
3050			}
3051		}
3052		printf("CTL Port information end\n");
3053		mtx_unlock(&softc->ctl_lock);
3054		/*
3055		 * XXX KDM calling this without a lock.  We'd likely want
3056		 * to drop the lock before calling the frontend's dump
3057		 * routine anyway.
3058		 */
3059		printf("CTL Frontends:\n");
3060		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3061			printf("  Frontend '%s'\n", fe->name);
3062			if (fe->fe_dump != NULL)
3063				fe->fe_dump();
3064		}
3065		printf("CTL Frontend information end\n");
3066		break;
3067	}
3068	case CTL_LUN_REQ: {
3069		struct ctl_lun_req *lun_req;
3070		struct ctl_backend_driver *backend;
3071
3072		lun_req = (struct ctl_lun_req *)addr;
3073
3074		backend = ctl_backend_find(lun_req->backend);
3075		if (backend == NULL) {
3076			lun_req->status = CTL_LUN_ERROR;
3077			snprintf(lun_req->error_str,
3078				 sizeof(lun_req->error_str),
3079				 "Backend \"%s\" not found.",
3080				 lun_req->backend);
3081			break;
3082		}
3083		if (lun_req->num_be_args > 0) {
3084			lun_req->kern_be_args = ctl_copyin_args(
3085				lun_req->num_be_args,
3086				lun_req->be_args,
3087				lun_req->error_str,
3088				sizeof(lun_req->error_str));
3089			if (lun_req->kern_be_args == NULL) {
3090				lun_req->status = CTL_LUN_ERROR;
3091				break;
3092			}
3093		}
3094
3095		retval = backend->ioctl(dev, cmd, addr, flag, td);
3096
3097		if (lun_req->num_be_args > 0) {
3098			ctl_copyout_args(lun_req->num_be_args,
3099				      lun_req->kern_be_args);
3100			ctl_free_args(lun_req->num_be_args,
3101				      lun_req->kern_be_args);
3102		}
3103		break;
3104	}
3105	case CTL_LUN_LIST: {
3106		struct sbuf *sb;
3107		struct ctl_lun *lun;
3108		struct ctl_lun_list *list;
3109		struct ctl_option *opt;
3110
3111		list = (struct ctl_lun_list *)addr;
3112
3113		/*
3114		 * Allocate a fixed length sbuf here, based on the length
3115		 * of the user's buffer.  We could allocate an auto-extending
3116		 * buffer, and then tell the user how much larger our
3117		 * amount of data is than his buffer, but that presents
3118		 * some problems:
3119		 *
3120		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3121		 *     we can't hold a lock while calling them with an
3122		 *     auto-extending buffer.
3123 		 *
3124		 * 2.  There is not currently a LUN reference counting
3125		 *     mechanism, outside of outstanding transactions on
3126		 *     the LUN's OOA queue.  So a LUN could go away on us
3127		 *     while we're getting the LUN number, backend-specific
3128		 *     information, etc.  Thus, given the way things
3129		 *     currently work, we need to hold the CTL lock while
3130		 *     grabbing LUN information.
3131		 *
3132		 * So, from the user's standpoint, the best thing to do is
3133		 * allocate what he thinks is a reasonable buffer length,
3134		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3135		 * double the buffer length and try again.  (And repeat
3136		 * that until he succeeds.)
3137		 */
3138		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3139		if (sb == NULL) {
3140			list->status = CTL_LUN_LIST_ERROR;
3141			snprintf(list->error_str, sizeof(list->error_str),
3142				 "Unable to allocate %d bytes for LUN list",
3143				 list->alloc_len);
3144			break;
3145		}
3146
3147		sbuf_printf(sb, "<ctllunlist>\n");
3148
3149		mtx_lock(&softc->ctl_lock);
3150		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3151			mtx_lock(&lun->lun_lock);
3152			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3153					     (uintmax_t)lun->lun);
3154
3155			/*
3156			 * Bail out as soon as we see that we've overfilled
3157			 * the buffer.
3158			 */
3159			if (retval != 0)
3160				break;
3161
3162			retval = sbuf_printf(sb, "\t<backend_type>%s"
3163					     "</backend_type>\n",
3164					     (lun->backend == NULL) ?  "none" :
3165					     lun->backend->name);
3166
3167			if (retval != 0)
3168				break;
3169
3170			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3171					     lun->be_lun->lun_type);
3172
3173			if (retval != 0)
3174				break;
3175
3176			if (lun->backend == NULL) {
3177				retval = sbuf_printf(sb, "</lun>\n");
3178				if (retval != 0)
3179					break;
3180				continue;
3181			}
3182
3183			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3184					     (lun->be_lun->maxlba > 0) ?
3185					     lun->be_lun->maxlba + 1 : 0);
3186
3187			if (retval != 0)
3188				break;
3189
3190			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3191					     lun->be_lun->blocksize);
3192
3193			if (retval != 0)
3194				break;
3195
3196			retval = sbuf_printf(sb, "\t<serial_number>");
3197
3198			if (retval != 0)
3199				break;
3200
3201			retval = ctl_sbuf_printf_esc(sb,
3202			    lun->be_lun->serial_num,
3203			    sizeof(lun->be_lun->serial_num));
3204
3205			if (retval != 0)
3206				break;
3207
3208			retval = sbuf_printf(sb, "</serial_number>\n");
3209
3210			if (retval != 0)
3211				break;
3212
3213			retval = sbuf_printf(sb, "\t<device_id>");
3214
3215			if (retval != 0)
3216				break;
3217
3218			retval = ctl_sbuf_printf_esc(sb,
3219			    lun->be_lun->device_id,
3220			    sizeof(lun->be_lun->device_id));
3221
3222			if (retval != 0)
3223				break;
3224
3225			retval = sbuf_printf(sb, "</device_id>\n");
3226
3227			if (retval != 0)
3228				break;
3229
3230			if (lun->backend->lun_info != NULL) {
3231				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3232				if (retval != 0)
3233					break;
3234			}
3235			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3236				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3237				    opt->name, opt->value, opt->name);
3238				if (retval != 0)
3239					break;
3240			}
3241
3242			retval = sbuf_printf(sb, "</lun>\n");
3243
3244			if (retval != 0)
3245				break;
3246			mtx_unlock(&lun->lun_lock);
3247		}
3248		if (lun != NULL)
3249			mtx_unlock(&lun->lun_lock);
3250		mtx_unlock(&softc->ctl_lock);
3251
3252		if ((retval != 0)
3253		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3254			retval = 0;
3255			sbuf_delete(sb);
3256			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3257			snprintf(list->error_str, sizeof(list->error_str),
3258				 "Out of space, %d bytes is too small",
3259				 list->alloc_len);
3260			break;
3261		}
3262
3263		sbuf_finish(sb);
3264
3265		retval = copyout(sbuf_data(sb), list->lun_xml,
3266				 sbuf_len(sb) + 1);
3267
3268		list->fill_len = sbuf_len(sb) + 1;
3269		list->status = CTL_LUN_LIST_OK;
3270		sbuf_delete(sb);
3271		break;
3272	}
3273	case CTL_ISCSI: {
3274		struct ctl_iscsi *ci;
3275		struct ctl_frontend *fe;
3276
3277		ci = (struct ctl_iscsi *)addr;
3278
3279		fe = ctl_frontend_find("iscsi");
3280		if (fe == NULL) {
3281			ci->status = CTL_ISCSI_ERROR;
3282			snprintf(ci->error_str, sizeof(ci->error_str),
3283			    "Frontend \"iscsi\" not found.");
3284			break;
3285		}
3286
3287		retval = fe->ioctl(dev, cmd, addr, flag, td);
3288		break;
3289	}
3290	case CTL_PORT_REQ: {
3291		struct ctl_req *req;
3292		struct ctl_frontend *fe;
3293
3294		req = (struct ctl_req *)addr;
3295
3296		fe = ctl_frontend_find(req->driver);
3297		if (fe == NULL) {
3298			req->status = CTL_LUN_ERROR;
3299			snprintf(req->error_str, sizeof(req->error_str),
3300			    "Frontend \"%s\" not found.", req->driver);
3301			break;
3302		}
3303		if (req->num_args > 0) {
3304			req->kern_args = ctl_copyin_args(req->num_args,
3305			    req->args, req->error_str, sizeof(req->error_str));
3306			if (req->kern_args == NULL) {
3307				req->status = CTL_LUN_ERROR;
3308				break;
3309			}
3310		}
3311
3312		retval = fe->ioctl(dev, cmd, addr, flag, td);
3313
3314		if (req->num_args > 0) {
3315			ctl_copyout_args(req->num_args, req->kern_args);
3316			ctl_free_args(req->num_args, req->kern_args);
3317		}
3318		break;
3319	}
3320	case CTL_PORT_LIST: {
3321		struct sbuf *sb;
3322		struct ctl_port *port;
3323		struct ctl_lun_list *list;
3324		struct ctl_option *opt;
3325		int j;
3326
3327		list = (struct ctl_lun_list *)addr;
3328
3329		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3330		if (sb == NULL) {
3331			list->status = CTL_LUN_LIST_ERROR;
3332			snprintf(list->error_str, sizeof(list->error_str),
3333				 "Unable to allocate %d bytes for LUN list",
3334				 list->alloc_len);
3335			break;
3336		}
3337
3338		sbuf_printf(sb, "<ctlportlist>\n");
3339
3340		mtx_lock(&softc->ctl_lock);
3341		STAILQ_FOREACH(port, &softc->port_list, links) {
3342			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3343					     (uintmax_t)port->targ_port);
3344
3345			/*
3346			 * Bail out as soon as we see that we've overfilled
3347			 * the buffer.
3348			 */
3349			if (retval != 0)
3350				break;
3351
3352			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3353			    "</frontend_type>\n", port->frontend->name);
3354			if (retval != 0)
3355				break;
3356
3357			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3358					     port->port_type);
3359			if (retval != 0)
3360				break;
3361
3362			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3363			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3364			if (retval != 0)
3365				break;
3366
3367			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3368			    port->port_name);
3369			if (retval != 0)
3370				break;
3371
3372			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3373			    port->physical_port);
3374			if (retval != 0)
3375				break;
3376
3377			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3378			    port->virtual_port);
3379			if (retval != 0)
3380				break;
3381
3382			if (port->target_devid != NULL) {
3383				sbuf_printf(sb, "\t<target>");
3384				ctl_id_sbuf(port->target_devid, sb);
3385				sbuf_printf(sb, "</target>\n");
3386			}
3387
3388			if (port->port_devid != NULL) {
3389				sbuf_printf(sb, "\t<port>");
3390				ctl_id_sbuf(port->port_devid, sb);
3391				sbuf_printf(sb, "</port>\n");
3392			}
3393
3394			if (port->port_info != NULL) {
3395				retval = port->port_info(port->onoff_arg, sb);
3396				if (retval != 0)
3397					break;
3398			}
3399			STAILQ_FOREACH(opt, &port->options, links) {
3400				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3401				    opt->name, opt->value, opt->name);
3402				if (retval != 0)
3403					break;
3404			}
3405
3406			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3407				if (port->wwpn_iid[j].in_use == 0 ||
3408				    (port->wwpn_iid[j].wwpn == 0 &&
3409				     port->wwpn_iid[j].name == NULL))
3410					continue;
3411
3412				if (port->wwpn_iid[j].name != NULL)
3413					retval = sbuf_printf(sb,
3414					    "\t<initiator>%u %s</initiator>\n",
3415					    j, port->wwpn_iid[j].name);
3416				else
3417					retval = sbuf_printf(sb,
3418					    "\t<initiator>%u naa.%08jx</initiator>\n",
3419					    j, port->wwpn_iid[j].wwpn);
3420				if (retval != 0)
3421					break;
3422			}
3423			if (retval != 0)
3424				break;
3425
3426			retval = sbuf_printf(sb, "</targ_port>\n");
3427			if (retval != 0)
3428				break;
3429		}
3430		mtx_unlock(&softc->ctl_lock);
3431
3432		if ((retval != 0)
3433		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3434			retval = 0;
3435			sbuf_delete(sb);
3436			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3437			snprintf(list->error_str, sizeof(list->error_str),
3438				 "Out of space, %d bytes is too small",
3439				 list->alloc_len);
3440			break;
3441		}
3442
3443		sbuf_finish(sb);
3444
3445		retval = copyout(sbuf_data(sb), list->lun_xml,
3446				 sbuf_len(sb) + 1);
3447
3448		list->fill_len = sbuf_len(sb) + 1;
3449		list->status = CTL_LUN_LIST_OK;
3450		sbuf_delete(sb);
3451		break;
3452	}
3453	default: {
3454		/* XXX KDM should we fix this? */
3455#if 0
3456		struct ctl_backend_driver *backend;
3457		unsigned int type;
3458		int found;
3459
3460		found = 0;
3461
3462		/*
3463		 * We encode the backend type as the ioctl type for backend
3464		 * ioctls.  So parse it out here, and then search for a
3465		 * backend of this type.
3466		 */
3467		type = _IOC_TYPE(cmd);
3468
3469		STAILQ_FOREACH(backend, &softc->be_list, links) {
3470			if (backend->type == type) {
3471				found = 1;
3472				break;
3473			}
3474		}
3475		if (found == 0) {
3476			printf("ctl: unknown ioctl command %#lx or backend "
3477			       "%d\n", cmd, type);
3478			retval = EINVAL;
3479			break;
3480		}
3481		retval = backend->ioctl(dev, cmd, addr, flag, td);
3482#endif
3483		retval = ENOTTY;
3484		break;
3485	}
3486	}
3487	return (retval);
3488}
3489
3490uint32_t
3491ctl_get_initindex(struct ctl_nexus *nexus)
3492{
3493	if (nexus->targ_port < CTL_MAX_PORTS)
3494		return (nexus->initid.id +
3495			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3496	else
3497		return (nexus->initid.id +
3498		       ((nexus->targ_port - CTL_MAX_PORTS) *
3499			CTL_MAX_INIT_PER_PORT));
3500}
3501
3502uint32_t
3503ctl_get_resindex(struct ctl_nexus *nexus)
3504{
3505	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3506}
3507
3508uint32_t
3509ctl_port_idx(int port_num)
3510{
3511	if (port_num < CTL_MAX_PORTS)
3512		return(port_num);
3513	else
3514		return(port_num - CTL_MAX_PORTS);
3515}
3516
3517static uint32_t
3518ctl_map_lun(int port_num, uint32_t lun_id)
3519{
3520	struct ctl_port *port;
3521
3522	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3523	if (port == NULL)
3524		return (UINT32_MAX);
3525	if (port->lun_map == NULL)
3526		return (lun_id);
3527	return (port->lun_map(port->targ_lun_arg, lun_id));
3528}
3529
3530static uint32_t
3531ctl_map_lun_back(int port_num, uint32_t lun_id)
3532{
3533	struct ctl_port *port;
3534	uint32_t i;
3535
3536	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3537	if (port->lun_map == NULL)
3538		return (lun_id);
3539	for (i = 0; i < CTL_MAX_LUNS; i++) {
3540		if (port->lun_map(port->targ_lun_arg, i) == lun_id)
3541			return (i);
3542	}
3543	return (UINT32_MAX);
3544}
3545
3546/*
3547 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3548 * that are a power of 2.
3549 */
3550int
3551ctl_ffz(uint32_t *mask, uint32_t size)
3552{
3553	uint32_t num_chunks, num_pieces;
3554	int i, j;
3555
3556	num_chunks = (size >> 5);
3557	if (num_chunks == 0)
3558		num_chunks++;
3559	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3560
3561	for (i = 0; i < num_chunks; i++) {
3562		for (j = 0; j < num_pieces; j++) {
3563			if ((mask[i] & (1 << j)) == 0)
3564				return ((i << 5) + j);
3565		}
3566	}
3567
3568	return (-1);
3569}
3570
3571int
3572ctl_set_mask(uint32_t *mask, uint32_t bit)
3573{
3574	uint32_t chunk, piece;
3575
3576	chunk = bit >> 5;
3577	piece = bit % (sizeof(uint32_t) * 8);
3578
3579	if ((mask[chunk] & (1 << piece)) != 0)
3580		return (-1);
3581	else
3582		mask[chunk] |= (1 << piece);
3583
3584	return (0);
3585}
3586
3587int
3588ctl_clear_mask(uint32_t *mask, uint32_t bit)
3589{
3590	uint32_t chunk, piece;
3591
3592	chunk = bit >> 5;
3593	piece = bit % (sizeof(uint32_t) * 8);
3594
3595	if ((mask[chunk] & (1 << piece)) == 0)
3596		return (-1);
3597	else
3598		mask[chunk] &= ~(1 << piece);
3599
3600	return (0);
3601}
3602
3603int
3604ctl_is_set(uint32_t *mask, uint32_t bit)
3605{
3606	uint32_t chunk, piece;
3607
3608	chunk = bit >> 5;
3609	piece = bit % (sizeof(uint32_t) * 8);
3610
3611	if ((mask[chunk] & (1 << piece)) == 0)
3612		return (0);
3613	else
3614		return (1);
3615}
3616
3617#ifdef unused
3618/*
3619 * The bus, target and lun are optional, they can be filled in later.
3620 * can_wait is used to determine whether we can wait on the malloc or not.
3621 */
3622union ctl_io*
3623ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3624	      uint32_t targ_lun, int can_wait)
3625{
3626	union ctl_io *io;
3627
3628	if (can_wait)
3629		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3630	else
3631		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3632
3633	if (io != NULL) {
3634		io->io_hdr.io_type = io_type;
3635		io->io_hdr.targ_port = targ_port;
3636		/*
3637		 * XXX KDM this needs to change/go away.  We need to move
3638		 * to a preallocated pool of ctl_scsiio structures.
3639		 */
3640		io->io_hdr.nexus.targ_target.id = targ_target;
3641		io->io_hdr.nexus.targ_lun = targ_lun;
3642	}
3643
3644	return (io);
3645}
3646
3647void
3648ctl_kfree_io(union ctl_io *io)
3649{
3650	free(io, M_CTL);
3651}
3652#endif /* unused */
3653
3654/*
3655 * ctl_softc, pool_type, total_ctl_io are passed in.
3656 * npool is passed out.
3657 */
3658int
3659ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3660		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3661{
3662	uint32_t i;
3663	union ctl_io *cur_io, *next_io;
3664	struct ctl_io_pool *pool;
3665	int retval;
3666
3667	retval = 0;
3668
3669	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3670					    M_NOWAIT | M_ZERO);
3671	if (pool == NULL) {
3672		retval = ENOMEM;
3673		goto bailout;
3674	}
3675
3676	pool->type = pool_type;
3677	pool->ctl_softc = ctl_softc;
3678
3679	mtx_lock(&ctl_softc->pool_lock);
3680	pool->id = ctl_softc->cur_pool_id++;
3681	mtx_unlock(&ctl_softc->pool_lock);
3682
3683	pool->flags = CTL_POOL_FLAG_NONE;
3684	pool->refcount = 1;		/* Reference for validity. */
3685	STAILQ_INIT(&pool->free_queue);
3686
3687	/*
3688	 * XXX KDM other options here:
3689	 * - allocate a page at a time
3690	 * - allocate one big chunk of memory.
3691	 * Page allocation might work well, but would take a little more
3692	 * tracking.
3693	 */
3694	for (i = 0; i < total_ctl_io; i++) {
3695		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTLIO,
3696						M_NOWAIT);
3697		if (cur_io == NULL) {
3698			retval = ENOMEM;
3699			break;
3700		}
3701		cur_io->io_hdr.pool = pool;
3702		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3703		pool->total_ctl_io++;
3704		pool->free_ctl_io++;
3705	}
3706
3707	if (retval != 0) {
3708		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3709		     cur_io != NULL; cur_io = next_io) {
3710			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3711							      links);
3712			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3713				      ctl_io_hdr, links);
3714			free(cur_io, M_CTLIO);
3715		}
3716
3717		free(pool, M_CTL);
3718		goto bailout;
3719	}
3720	mtx_lock(&ctl_softc->pool_lock);
3721	ctl_softc->num_pools++;
3722	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3723	/*
3724	 * Increment our usage count if this is an external consumer, so we
3725	 * can't get unloaded until the external consumer (most likely a
3726	 * FETD) unloads and frees his pool.
3727	 *
3728	 * XXX KDM will this increment the caller's module use count, or
3729	 * mine?
3730	 */
3731#if 0
3732	if ((pool_type != CTL_POOL_EMERGENCY)
3733	 && (pool_type != CTL_POOL_INTERNAL)
3734	 && (pool_type != CTL_POOL_4OTHERSC))
3735		MOD_INC_USE_COUNT;
3736#endif
3737
3738	mtx_unlock(&ctl_softc->pool_lock);
3739
3740	*npool = pool;
3741
3742bailout:
3743
3744	return (retval);
3745}
3746
3747static int
3748ctl_pool_acquire(struct ctl_io_pool *pool)
3749{
3750
3751	mtx_assert(&pool->ctl_softc->pool_lock, MA_OWNED);
3752
3753	if (pool->flags & CTL_POOL_FLAG_INVALID)
3754		return (EINVAL);
3755
3756	pool->refcount++;
3757
3758	return (0);
3759}
3760
3761static void
3762ctl_pool_release(struct ctl_io_pool *pool)
3763{
3764	struct ctl_softc *ctl_softc = pool->ctl_softc;
3765	union ctl_io *io;
3766
3767	mtx_assert(&ctl_softc->pool_lock, MA_OWNED);
3768
3769	if (--pool->refcount != 0)
3770		return;
3771
3772	while ((io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue)) != NULL) {
3773		STAILQ_REMOVE(&pool->free_queue, &io->io_hdr, ctl_io_hdr,
3774			      links);
3775		free(io, M_CTLIO);
3776	}
3777
3778	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3779	ctl_softc->num_pools--;
3780
3781	/*
3782	 * XXX KDM will this decrement the caller's usage count or mine?
3783	 */
3784#if 0
3785	if ((pool->type != CTL_POOL_EMERGENCY)
3786	 && (pool->type != CTL_POOL_INTERNAL)
3787	 && (pool->type != CTL_POOL_4OTHERSC))
3788		MOD_DEC_USE_COUNT;
3789#endif
3790
3791	free(pool, M_CTL);
3792}
3793
3794void
3795ctl_pool_free(struct ctl_io_pool *pool)
3796{
3797	struct ctl_softc *ctl_softc;
3798
3799	if (pool == NULL)
3800		return;
3801
3802	ctl_softc = pool->ctl_softc;
3803	mtx_lock(&ctl_softc->pool_lock);
3804	pool->flags |= CTL_POOL_FLAG_INVALID;
3805	ctl_pool_release(pool);
3806	mtx_unlock(&ctl_softc->pool_lock);
3807}
3808
3809/*
3810 * This routine does not block (except for spinlocks of course).
3811 * It tries to allocate a ctl_io union from the caller's pool as quickly as
3812 * possible.
3813 */
3814union ctl_io *
3815ctl_alloc_io(void *pool_ref)
3816{
3817	union ctl_io *io;
3818	struct ctl_softc *ctl_softc;
3819	struct ctl_io_pool *pool, *npool;
3820	struct ctl_io_pool *emergency_pool;
3821
3822	pool = (struct ctl_io_pool *)pool_ref;
3823
3824	if (pool == NULL) {
3825		printf("%s: pool is NULL\n", __func__);
3826		return (NULL);
3827	}
3828
3829	emergency_pool = NULL;
3830
3831	ctl_softc = pool->ctl_softc;
3832
3833	mtx_lock(&ctl_softc->pool_lock);
3834	/*
3835	 * First, try to get the io structure from the user's pool.
3836	 */
3837	if (ctl_pool_acquire(pool) == 0) {
3838		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3839		if (io != NULL) {
3840			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3841			pool->total_allocated++;
3842			pool->free_ctl_io--;
3843			mtx_unlock(&ctl_softc->pool_lock);
3844			return (io);
3845		} else
3846			ctl_pool_release(pool);
3847	}
3848	/*
3849	 * If he doesn't have any io structures left, search for an
3850	 * emergency pool and grab one from there.
3851	 */
3852	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3853		if (npool->type != CTL_POOL_EMERGENCY)
3854			continue;
3855
3856		if (ctl_pool_acquire(npool) != 0)
3857			continue;
3858
3859		emergency_pool = npool;
3860
3861		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3862		if (io != NULL) {
3863			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3864			npool->total_allocated++;
3865			npool->free_ctl_io--;
3866			mtx_unlock(&ctl_softc->pool_lock);
3867			return (io);
3868		} else
3869			ctl_pool_release(npool);
3870	}
3871
3872	/* Drop the spinlock before we malloc */
3873	mtx_unlock(&ctl_softc->pool_lock);
3874
3875	/*
3876	 * The emergency pool (if it exists) didn't have one, so try an
3877	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3878	 */
3879	io = (union ctl_io *)malloc(sizeof(*io), M_CTLIO, M_NOWAIT);
3880	if (io != NULL) {
3881		/*
3882		 * If the emergency pool exists but is empty, add this
3883		 * ctl_io to its list when it gets freed.
3884		 */
3885		if (emergency_pool != NULL) {
3886			mtx_lock(&ctl_softc->pool_lock);
3887			if (ctl_pool_acquire(emergency_pool) == 0) {
3888				io->io_hdr.pool = emergency_pool;
3889				emergency_pool->total_ctl_io++;
3890				/*
3891				 * Need to bump this, otherwise
3892				 * total_allocated and total_freed won't
3893				 * match when we no longer have anything
3894				 * outstanding.
3895				 */
3896				emergency_pool->total_allocated++;
3897			}
3898			mtx_unlock(&ctl_softc->pool_lock);
3899		} else
3900			io->io_hdr.pool = NULL;
3901	}
3902
3903	return (io);
3904}
3905
3906void
3907ctl_free_io(union ctl_io *io)
3908{
3909	if (io == NULL)
3910		return;
3911
3912	/*
3913	 * If this ctl_io has a pool, return it to that pool.
3914	 */
3915	if (io->io_hdr.pool != NULL) {
3916		struct ctl_io_pool *pool;
3917
3918		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3919		mtx_lock(&pool->ctl_softc->pool_lock);
3920		io->io_hdr.io_type = 0xff;
3921		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3922		pool->total_freed++;
3923		pool->free_ctl_io++;
3924		ctl_pool_release(pool);
3925		mtx_unlock(&pool->ctl_softc->pool_lock);
3926	} else {
3927		/*
3928		 * Otherwise, just free it.  We probably malloced it and
3929		 * the emergency pool wasn't available.
3930		 */
3931		free(io, M_CTLIO);
3932	}
3933
3934}
3935
3936void
3937ctl_zero_io(union ctl_io *io)
3938{
3939	void *pool_ref;
3940
3941	if (io == NULL)
3942		return;
3943
3944	/*
3945	 * May need to preserve linked list pointers at some point too.
3946	 */
3947	pool_ref = io->io_hdr.pool;
3948
3949	memset(io, 0, sizeof(*io));
3950
3951	io->io_hdr.pool = pool_ref;
3952}
3953
3954/*
3955 * This routine is currently used for internal copies of ctl_ios that need
3956 * to persist for some reason after we've already returned status to the
3957 * FETD.  (Thus the flag set.)
3958 *
3959 * XXX XXX
3960 * Note that this makes a blind copy of all fields in the ctl_io, except
3961 * for the pool reference.  This includes any memory that has been
3962 * allocated!  That memory will no longer be valid after done has been
3963 * called, so this would be VERY DANGEROUS for command that actually does
3964 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3965 * start and stop commands, which don't transfer any data, so this is not a
3966 * problem.  If it is used for anything else, the caller would also need to
3967 * allocate data buffer space and this routine would need to be modified to
3968 * copy the data buffer(s) as well.
3969 */
3970void
3971ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3972{
3973	void *pool_ref;
3974
3975	if ((src == NULL)
3976	 || (dest == NULL))
3977		return;
3978
3979	/*
3980	 * May need to preserve linked list pointers at some point too.
3981	 */
3982	pool_ref = dest->io_hdr.pool;
3983
3984	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
3985
3986	dest->io_hdr.pool = pool_ref;
3987	/*
3988	 * We need to know that this is an internal copy, and doesn't need
3989	 * to get passed back to the FETD that allocated it.
3990	 */
3991	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3992}
3993
3994/*
3995 * This routine could be used in the future to load default and/or saved
3996 * mode page parameters for a particuar lun.
3997 */
3998static int
3999ctl_init_page_index(struct ctl_lun *lun)
4000{
4001	int i;
4002	struct ctl_page_index *page_index;
4003	const char *value;
4004
4005	memcpy(&lun->mode_pages.index, page_index_template,
4006	       sizeof(page_index_template));
4007
4008	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4009
4010		page_index = &lun->mode_pages.index[i];
4011		/*
4012		 * If this is a disk-only mode page, there's no point in
4013		 * setting it up.  For some pages, we have to have some
4014		 * basic information about the disk in order to calculate the
4015		 * mode page data.
4016		 */
4017		if ((lun->be_lun->lun_type != T_DIRECT)
4018		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4019			continue;
4020
4021		switch (page_index->page_code & SMPH_PC_MASK) {
4022		case SMS_RW_ERROR_RECOVERY_PAGE: {
4023			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4024				panic("subpage is incorrect!");
4025			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4026			       &rw_er_page_default,
4027			       sizeof(rw_er_page_default));
4028			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4029			       &rw_er_page_changeable,
4030			       sizeof(rw_er_page_changeable));
4031			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4032			       &rw_er_page_default,
4033			       sizeof(rw_er_page_default));
4034			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4035			       &rw_er_page_default,
4036			       sizeof(rw_er_page_default));
4037			page_index->page_data =
4038				(uint8_t *)lun->mode_pages.rw_er_page;
4039			break;
4040		}
4041		case SMS_FORMAT_DEVICE_PAGE: {
4042			struct scsi_format_page *format_page;
4043
4044			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4045				panic("subpage is incorrect!");
4046
4047			/*
4048			 * Sectors per track are set above.  Bytes per
4049			 * sector need to be set here on a per-LUN basis.
4050			 */
4051			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4052			       &format_page_default,
4053			       sizeof(format_page_default));
4054			memcpy(&lun->mode_pages.format_page[
4055			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4056			       sizeof(format_page_changeable));
4057			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4058			       &format_page_default,
4059			       sizeof(format_page_default));
4060			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4061			       &format_page_default,
4062			       sizeof(format_page_default));
4063
4064			format_page = &lun->mode_pages.format_page[
4065				CTL_PAGE_CURRENT];
4066			scsi_ulto2b(lun->be_lun->blocksize,
4067				    format_page->bytes_per_sector);
4068
4069			format_page = &lun->mode_pages.format_page[
4070				CTL_PAGE_DEFAULT];
4071			scsi_ulto2b(lun->be_lun->blocksize,
4072				    format_page->bytes_per_sector);
4073
4074			format_page = &lun->mode_pages.format_page[
4075				CTL_PAGE_SAVED];
4076			scsi_ulto2b(lun->be_lun->blocksize,
4077				    format_page->bytes_per_sector);
4078
4079			page_index->page_data =
4080				(uint8_t *)lun->mode_pages.format_page;
4081			break;
4082		}
4083		case SMS_RIGID_DISK_PAGE: {
4084			struct scsi_rigid_disk_page *rigid_disk_page;
4085			uint32_t sectors_per_cylinder;
4086			uint64_t cylinders;
4087#ifndef	__XSCALE__
4088			int shift;
4089#endif /* !__XSCALE__ */
4090
4091			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4092				panic("invalid subpage value %d",
4093				      page_index->subpage);
4094
4095			/*
4096			 * Rotation rate and sectors per track are set
4097			 * above.  We calculate the cylinders here based on
4098			 * capacity.  Due to the number of heads and
4099			 * sectors per track we're using, smaller arrays
4100			 * may turn out to have 0 cylinders.  Linux and
4101			 * FreeBSD don't pay attention to these mode pages
4102			 * to figure out capacity, but Solaris does.  It
4103			 * seems to deal with 0 cylinders just fine, and
4104			 * works out a fake geometry based on the capacity.
4105			 */
4106			memcpy(&lun->mode_pages.rigid_disk_page[
4107			       CTL_PAGE_CURRENT], &rigid_disk_page_default,
4108			       sizeof(rigid_disk_page_default));
4109			memcpy(&lun->mode_pages.rigid_disk_page[
4110			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4111			       sizeof(rigid_disk_page_changeable));
4112			memcpy(&lun->mode_pages.rigid_disk_page[
4113			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4114			       sizeof(rigid_disk_page_default));
4115			memcpy(&lun->mode_pages.rigid_disk_page[
4116			       CTL_PAGE_SAVED], &rigid_disk_page_default,
4117			       sizeof(rigid_disk_page_default));
4118
4119			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4120				CTL_DEFAULT_HEADS;
4121
4122			/*
4123			 * The divide method here will be more accurate,
4124			 * probably, but results in floating point being
4125			 * used in the kernel on i386 (__udivdi3()).  On the
4126			 * XScale, though, __udivdi3() is implemented in
4127			 * software.
4128			 *
4129			 * The shift method for cylinder calculation is
4130			 * accurate if sectors_per_cylinder is a power of
4131			 * 2.  Otherwise it might be slightly off -- you
4132			 * might have a bit of a truncation problem.
4133			 */
4134#ifdef	__XSCALE__
4135			cylinders = (lun->be_lun->maxlba + 1) /
4136				sectors_per_cylinder;
4137#else
4138			for (shift = 31; shift > 0; shift--) {
4139				if (sectors_per_cylinder & (1 << shift))
4140					break;
4141			}
4142			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4143#endif
4144
4145			/*
4146			 * We've basically got 3 bytes, or 24 bits for the
4147			 * cylinder size in the mode page.  If we're over,
4148			 * just round down to 2^24.
4149			 */
4150			if (cylinders > 0xffffff)
4151				cylinders = 0xffffff;
4152
4153			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4154				CTL_PAGE_CURRENT];
4155			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4156
4157			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4158				CTL_PAGE_DEFAULT];
4159			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4160
4161			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4162				CTL_PAGE_SAVED];
4163			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4164
4165			page_index->page_data =
4166				(uint8_t *)lun->mode_pages.rigid_disk_page;
4167			break;
4168		}
4169		case SMS_CACHING_PAGE: {
4170			struct scsi_caching_page *caching_page;
4171
4172			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4173				panic("invalid subpage value %d",
4174				      page_index->subpage);
4175			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4176			       &caching_page_default,
4177			       sizeof(caching_page_default));
4178			memcpy(&lun->mode_pages.caching_page[
4179			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4180			       sizeof(caching_page_changeable));
4181			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4182			       &caching_page_default,
4183			       sizeof(caching_page_default));
4184			caching_page = &lun->mode_pages.caching_page[
4185			    CTL_PAGE_SAVED];
4186			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4187			if (value != NULL && strcmp(value, "off") == 0)
4188				caching_page->flags1 &= ~SCP_WCE;
4189			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4190			if (value != NULL && strcmp(value, "off") == 0)
4191				caching_page->flags1 |= SCP_RCD;
4192			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4193			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4194			       sizeof(caching_page_default));
4195			page_index->page_data =
4196				(uint8_t *)lun->mode_pages.caching_page;
4197			break;
4198		}
4199		case SMS_CONTROL_MODE_PAGE: {
4200			struct scsi_control_page *control_page;
4201
4202			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4203				panic("invalid subpage value %d",
4204				      page_index->subpage);
4205
4206			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4207			       &control_page_default,
4208			       sizeof(control_page_default));
4209			memcpy(&lun->mode_pages.control_page[
4210			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4211			       sizeof(control_page_changeable));
4212			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4213			       &control_page_default,
4214			       sizeof(control_page_default));
4215			control_page = &lun->mode_pages.control_page[
4216			    CTL_PAGE_SAVED];
4217			value = ctl_get_opt(&lun->be_lun->options, "reordering");
4218			if (value != NULL && strcmp(value, "unrestricted") == 0) {
4219				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
4220				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
4221			}
4222			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4223			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
4224			       sizeof(control_page_default));
4225			page_index->page_data =
4226				(uint8_t *)lun->mode_pages.control_page;
4227			break;
4228
4229		}
4230		case SMS_INFO_EXCEPTIONS_PAGE: {
4231			switch (page_index->subpage) {
4232			case SMS_SUBPAGE_PAGE_0:
4233				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4234				       &ie_page_default,
4235				       sizeof(ie_page_default));
4236				memcpy(&lun->mode_pages.ie_page[
4237				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4238				       sizeof(ie_page_changeable));
4239				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4240				       &ie_page_default,
4241				       sizeof(ie_page_default));
4242				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4243				       &ie_page_default,
4244				       sizeof(ie_page_default));
4245				page_index->page_data =
4246					(uint8_t *)lun->mode_pages.ie_page;
4247				break;
4248			case 0x02:
4249				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4250				       &lbp_page_default,
4251				       sizeof(lbp_page_default));
4252				memcpy(&lun->mode_pages.lbp_page[
4253				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4254				       sizeof(lbp_page_changeable));
4255				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4256				       &lbp_page_default,
4257				       sizeof(lbp_page_default));
4258				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4259				       &lbp_page_default,
4260				       sizeof(lbp_page_default));
4261				page_index->page_data =
4262					(uint8_t *)lun->mode_pages.lbp_page;
4263			}
4264			break;
4265		}
4266		case SMS_VENDOR_SPECIFIC_PAGE:{
4267			switch (page_index->subpage) {
4268			case DBGCNF_SUBPAGE_CODE: {
4269				struct copan_debugconf_subpage *current_page,
4270							       *saved_page;
4271
4272				memcpy(&lun->mode_pages.debugconf_subpage[
4273				       CTL_PAGE_CURRENT],
4274				       &debugconf_page_default,
4275				       sizeof(debugconf_page_default));
4276				memcpy(&lun->mode_pages.debugconf_subpage[
4277				       CTL_PAGE_CHANGEABLE],
4278				       &debugconf_page_changeable,
4279				       sizeof(debugconf_page_changeable));
4280				memcpy(&lun->mode_pages.debugconf_subpage[
4281				       CTL_PAGE_DEFAULT],
4282				       &debugconf_page_default,
4283				       sizeof(debugconf_page_default));
4284				memcpy(&lun->mode_pages.debugconf_subpage[
4285				       CTL_PAGE_SAVED],
4286				       &debugconf_page_default,
4287				       sizeof(debugconf_page_default));
4288				page_index->page_data =
4289					(uint8_t *)lun->mode_pages.debugconf_subpage;
4290
4291				current_page = (struct copan_debugconf_subpage *)
4292					(page_index->page_data +
4293					 (page_index->page_len *
4294					  CTL_PAGE_CURRENT));
4295				saved_page = (struct copan_debugconf_subpage *)
4296					(page_index->page_data +
4297					 (page_index->page_len *
4298					  CTL_PAGE_SAVED));
4299				break;
4300			}
4301			default:
4302				panic("invalid subpage value %d",
4303				      page_index->subpage);
4304				break;
4305			}
4306   			break;
4307		}
4308		default:
4309			panic("invalid page value %d",
4310			      page_index->page_code & SMPH_PC_MASK);
4311			break;
4312    	}
4313	}
4314
4315	return (CTL_RETVAL_COMPLETE);
4316}
4317
4318static int
4319ctl_init_log_page_index(struct ctl_lun *lun)
4320{
4321	struct ctl_page_index *page_index;
4322	int i, j, prev;
4323
4324	memcpy(&lun->log_pages.index, log_page_index_template,
4325	       sizeof(log_page_index_template));
4326
4327	prev = -1;
4328	for (i = 0, j = 0; i < CTL_NUM_LOG_PAGES; i++) {
4329
4330		page_index = &lun->log_pages.index[i];
4331		/*
4332		 * If this is a disk-only mode page, there's no point in
4333		 * setting it up.  For some pages, we have to have some
4334		 * basic information about the disk in order to calculate the
4335		 * mode page data.
4336		 */
4337		if ((lun->be_lun->lun_type != T_DIRECT)
4338		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4339			continue;
4340
4341		if (page_index->page_code != prev) {
4342			lun->log_pages.pages_page[j] = page_index->page_code;
4343			prev = page_index->page_code;
4344			j++;
4345		}
4346		lun->log_pages.subpages_page[i*2] = page_index->page_code;
4347		lun->log_pages.subpages_page[i*2+1] = page_index->subpage;
4348	}
4349	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4350	lun->log_pages.index[0].page_len = j;
4351	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4352	lun->log_pages.index[1].page_len = i * 2;
4353
4354	return (CTL_RETVAL_COMPLETE);
4355}
4356
4357static int
4358hex2bin(const char *str, uint8_t *buf, int buf_size)
4359{
4360	int i;
4361	u_char c;
4362
4363	memset(buf, 0, buf_size);
4364	while (isspace(str[0]))
4365		str++;
4366	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4367		str += 2;
4368	buf_size *= 2;
4369	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4370		c = str[i];
4371		if (isdigit(c))
4372			c -= '0';
4373		else if (isalpha(c))
4374			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4375		else
4376			break;
4377		if (c >= 16)
4378			break;
4379		if ((i & 1) == 0)
4380			buf[i / 2] |= (c << 4);
4381		else
4382			buf[i / 2] |= c;
4383	}
4384	return ((i + 1) / 2);
4385}
4386
4387/*
4388 * LUN allocation.
4389 *
4390 * Requirements:
4391 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4392 *   wants us to allocate the LUN and he can block.
4393 * - ctl_softc is always set
4394 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4395 *
4396 * Returns 0 for success, non-zero (errno) for failure.
4397 */
4398static int
4399ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4400	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4401{
4402	struct ctl_lun *nlun, *lun;
4403	struct ctl_port *port;
4404	struct scsi_vpd_id_descriptor *desc;
4405	struct scsi_vpd_id_t10 *t10id;
4406	const char *eui, *naa, *scsiname, *vendor, *value;
4407	int lun_number, i, lun_malloced;
4408	int devidlen, idlen1, idlen2 = 0, len;
4409
4410	if (be_lun == NULL)
4411		return (EINVAL);
4412
4413	/*
4414	 * We currently only support Direct Access or Processor LUN types.
4415	 */
4416	switch (be_lun->lun_type) {
4417	case T_DIRECT:
4418		break;
4419	case T_PROCESSOR:
4420		break;
4421	case T_SEQUENTIAL:
4422	case T_CHANGER:
4423	default:
4424		be_lun->lun_config_status(be_lun->be_lun,
4425					  CTL_LUN_CONFIG_FAILURE);
4426		break;
4427	}
4428	if (ctl_lun == NULL) {
4429		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4430		lun_malloced = 1;
4431	} else {
4432		lun_malloced = 0;
4433		lun = ctl_lun;
4434	}
4435
4436	memset(lun, 0, sizeof(*lun));
4437	if (lun_malloced)
4438		lun->flags = CTL_LUN_MALLOCED;
4439
4440	/* Generate LUN ID. */
4441	devidlen = max(CTL_DEVID_MIN_LEN,
4442	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4443	idlen1 = sizeof(*t10id) + devidlen;
4444	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4445	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4446	if (scsiname != NULL) {
4447		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4448		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4449	}
4450	eui = ctl_get_opt(&be_lun->options, "eui");
4451	if (eui != NULL) {
4452		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4453	}
4454	naa = ctl_get_opt(&be_lun->options, "naa");
4455	if (naa != NULL) {
4456		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4457	}
4458	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4459	    M_CTL, M_WAITOK | M_ZERO);
4460	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4461	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4462	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4463	desc->length = idlen1;
4464	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4465	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4466	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4467		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4468	} else {
4469		strncpy(t10id->vendor, vendor,
4470		    min(sizeof(t10id->vendor), strlen(vendor)));
4471	}
4472	strncpy((char *)t10id->vendor_spec_id,
4473	    (char *)be_lun->device_id, devidlen);
4474	if (scsiname != NULL) {
4475		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4476		    desc->length);
4477		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4478		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4479		    SVPD_ID_TYPE_SCSI_NAME;
4480		desc->length = idlen2;
4481		strlcpy(desc->identifier, scsiname, idlen2);
4482	}
4483	if (eui != NULL) {
4484		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4485		    desc->length);
4486		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4487		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4488		    SVPD_ID_TYPE_EUI64;
4489		desc->length = hex2bin(eui, desc->identifier, 16);
4490		desc->length = desc->length > 12 ? 16 :
4491		    (desc->length > 8 ? 12 : 8);
4492		len -= 16 - desc->length;
4493	}
4494	if (naa != NULL) {
4495		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4496		    desc->length);
4497		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4498		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4499		    SVPD_ID_TYPE_NAA;
4500		desc->length = hex2bin(naa, desc->identifier, 16);
4501		desc->length = desc->length > 8 ? 16 : 8;
4502		len -= 16 - desc->length;
4503	}
4504	lun->lun_devid->len = len;
4505
4506	mtx_lock(&ctl_softc->ctl_lock);
4507	/*
4508	 * See if the caller requested a particular LUN number.  If so, see
4509	 * if it is available.  Otherwise, allocate the first available LUN.
4510	 */
4511	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4512		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4513		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4514			mtx_unlock(&ctl_softc->ctl_lock);
4515			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4516				printf("ctl: requested LUN ID %d is higher "
4517				       "than CTL_MAX_LUNS - 1 (%d)\n",
4518				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4519			} else {
4520				/*
4521				 * XXX KDM return an error, or just assign
4522				 * another LUN ID in this case??
4523				 */
4524				printf("ctl: requested LUN ID %d is already "
4525				       "in use\n", be_lun->req_lun_id);
4526			}
4527			if (lun->flags & CTL_LUN_MALLOCED)
4528				free(lun, M_CTL);
4529			be_lun->lun_config_status(be_lun->be_lun,
4530						  CTL_LUN_CONFIG_FAILURE);
4531			return (ENOSPC);
4532		}
4533		lun_number = be_lun->req_lun_id;
4534	} else {
4535		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4536		if (lun_number == -1) {
4537			mtx_unlock(&ctl_softc->ctl_lock);
4538			printf("ctl: can't allocate LUN on target %ju, out of "
4539			       "LUNs\n", (uintmax_t)target_id.id);
4540			if (lun->flags & CTL_LUN_MALLOCED)
4541				free(lun, M_CTL);
4542			be_lun->lun_config_status(be_lun->be_lun,
4543						  CTL_LUN_CONFIG_FAILURE);
4544			return (ENOSPC);
4545		}
4546	}
4547	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4548
4549	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4550	lun->target = target_id;
4551	lun->lun = lun_number;
4552	lun->be_lun = be_lun;
4553	/*
4554	 * The processor LUN is always enabled.  Disk LUNs come on line
4555	 * disabled, and must be enabled by the backend.
4556	 */
4557	lun->flags |= CTL_LUN_DISABLED;
4558	lun->backend = be_lun->be;
4559	be_lun->ctl_lun = lun;
4560	be_lun->lun_id = lun_number;
4561	atomic_add_int(&be_lun->be->num_luns, 1);
4562	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4563		lun->flags |= CTL_LUN_OFFLINE;
4564
4565	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4566		lun->flags |= CTL_LUN_STOPPED;
4567
4568	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4569		lun->flags |= CTL_LUN_INOPERABLE;
4570
4571	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4572		lun->flags |= CTL_LUN_PRIMARY_SC;
4573
4574	value = ctl_get_opt(&be_lun->options, "readonly");
4575	if (value != NULL && strcmp(value, "on") == 0)
4576		lun->flags |= CTL_LUN_READONLY;
4577
4578	lun->ctl_softc = ctl_softc;
4579	TAILQ_INIT(&lun->ooa_queue);
4580	TAILQ_INIT(&lun->blocked_queue);
4581	STAILQ_INIT(&lun->error_list);
4582	ctl_tpc_lun_init(lun);
4583
4584	/*
4585	 * Initialize the mode and log page index.
4586	 */
4587	ctl_init_page_index(lun);
4588	ctl_init_log_page_index(lun);
4589
4590	/*
4591	 * Set the poweron UA for all initiators on this LUN only.
4592	 */
4593	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4594		lun->pending_ua[i] = CTL_UA_POWERON;
4595
4596	/*
4597	 * Now, before we insert this lun on the lun list, set the lun
4598	 * inventory changed UA for all other luns.
4599	 */
4600	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4601		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4602			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4603		}
4604	}
4605
4606	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4607
4608	ctl_softc->ctl_luns[lun_number] = lun;
4609
4610	ctl_softc->num_luns++;
4611
4612	/* Setup statistics gathering */
4613	lun->stats.device_type = be_lun->lun_type;
4614	lun->stats.lun_number = lun_number;
4615	if (lun->stats.device_type == T_DIRECT)
4616		lun->stats.blocksize = be_lun->blocksize;
4617	else
4618		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4619	for (i = 0;i < CTL_MAX_PORTS;i++)
4620		lun->stats.ports[i].targ_port = i;
4621
4622	mtx_unlock(&ctl_softc->ctl_lock);
4623
4624	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4625
4626	/*
4627	 * Run through each registered FETD and bring it online if it isn't
4628	 * already.  Enable the target ID if it hasn't been enabled, and
4629	 * enable this particular LUN.
4630	 */
4631	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4632		int retval;
4633
4634		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4635		if (retval != 0) {
4636			printf("ctl_alloc_lun: FETD %s port %d returned error "
4637			       "%d for lun_enable on target %ju lun %d\n",
4638			       port->port_name, port->targ_port, retval,
4639			       (uintmax_t)target_id.id, lun_number);
4640		} else
4641			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4642	}
4643	return (0);
4644}
4645
4646/*
4647 * Delete a LUN.
4648 * Assumptions:
4649 * - LUN has already been marked invalid and any pending I/O has been taken
4650 *   care of.
4651 */
4652static int
4653ctl_free_lun(struct ctl_lun *lun)
4654{
4655	struct ctl_softc *softc;
4656#if 0
4657	struct ctl_port *port;
4658#endif
4659	struct ctl_lun *nlun;
4660	int i;
4661
4662	softc = lun->ctl_softc;
4663
4664	mtx_assert(&softc->ctl_lock, MA_OWNED);
4665
4666	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4667
4668	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4669
4670	softc->ctl_luns[lun->lun] = NULL;
4671
4672	if (!TAILQ_EMPTY(&lun->ooa_queue))
4673		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4674
4675	softc->num_luns--;
4676
4677	/*
4678	 * XXX KDM this scheme only works for a single target/multiple LUN
4679	 * setup.  It needs to be revamped for a multiple target scheme.
4680	 *
4681	 * XXX KDM this results in port->lun_disable() getting called twice,
4682	 * once when ctl_disable_lun() is called, and a second time here.
4683	 * We really need to re-think the LUN disable semantics.  There
4684	 * should probably be several steps/levels to LUN removal:
4685	 *  - disable
4686	 *  - invalidate
4687	 *  - free
4688 	 *
4689	 * Right now we only have a disable method when communicating to
4690	 * the front end ports, at least for individual LUNs.
4691	 */
4692#if 0
4693	STAILQ_FOREACH(port, &softc->port_list, links) {
4694		int retval;
4695
4696		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4697					 lun->lun);
4698		if (retval != 0) {
4699			printf("ctl_free_lun: FETD %s port %d returned error "
4700			       "%d for lun_disable on target %ju lun %jd\n",
4701			       port->port_name, port->targ_port, retval,
4702			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4703		}
4704
4705		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4706			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4707
4708			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4709			if (retval != 0) {
4710				printf("ctl_free_lun: FETD %s port %d "
4711				       "returned error %d for targ_disable on "
4712				       "target %ju\n", port->port_name,
4713				       port->targ_port, retval,
4714				       (uintmax_t)lun->target.id);
4715			} else
4716				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4717
4718			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4719				continue;
4720
4721#if 0
4722			port->port_offline(port->onoff_arg);
4723			port->status &= ~CTL_PORT_STATUS_ONLINE;
4724#endif
4725		}
4726	}
4727#endif
4728
4729	/*
4730	 * Tell the backend to free resources, if this LUN has a backend.
4731	 */
4732	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4733	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4734
4735	ctl_tpc_lun_shutdown(lun);
4736	mtx_destroy(&lun->lun_lock);
4737	free(lun->lun_devid, M_CTL);
4738	if (lun->flags & CTL_LUN_MALLOCED)
4739		free(lun, M_CTL);
4740
4741	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4742		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4743			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4744		}
4745	}
4746
4747	return (0);
4748}
4749
4750static void
4751ctl_create_lun(struct ctl_be_lun *be_lun)
4752{
4753	struct ctl_softc *ctl_softc;
4754
4755	ctl_softc = control_softc;
4756
4757	/*
4758	 * ctl_alloc_lun() should handle all potential failure cases.
4759	 */
4760	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4761}
4762
4763int
4764ctl_add_lun(struct ctl_be_lun *be_lun)
4765{
4766	struct ctl_softc *ctl_softc = control_softc;
4767
4768	mtx_lock(&ctl_softc->ctl_lock);
4769	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4770	mtx_unlock(&ctl_softc->ctl_lock);
4771	wakeup(&ctl_softc->pending_lun_queue);
4772
4773	return (0);
4774}
4775
4776int
4777ctl_enable_lun(struct ctl_be_lun *be_lun)
4778{
4779	struct ctl_softc *ctl_softc;
4780	struct ctl_port *port, *nport;
4781	struct ctl_lun *lun;
4782	int retval;
4783
4784	ctl_softc = control_softc;
4785
4786	lun = (struct ctl_lun *)be_lun->ctl_lun;
4787
4788	mtx_lock(&ctl_softc->ctl_lock);
4789	mtx_lock(&lun->lun_lock);
4790	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4791		/*
4792		 * eh?  Why did we get called if the LUN is already
4793		 * enabled?
4794		 */
4795		mtx_unlock(&lun->lun_lock);
4796		mtx_unlock(&ctl_softc->ctl_lock);
4797		return (0);
4798	}
4799	lun->flags &= ~CTL_LUN_DISABLED;
4800	mtx_unlock(&lun->lun_lock);
4801
4802	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
4803		nport = STAILQ_NEXT(port, links);
4804
4805		/*
4806		 * Drop the lock while we call the FETD's enable routine.
4807		 * This can lead to a callback into CTL (at least in the
4808		 * case of the internal initiator frontend.
4809		 */
4810		mtx_unlock(&ctl_softc->ctl_lock);
4811		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4812		mtx_lock(&ctl_softc->ctl_lock);
4813		if (retval != 0) {
4814			printf("%s: FETD %s port %d returned error "
4815			       "%d for lun_enable on target %ju lun %jd\n",
4816			       __func__, port->port_name, port->targ_port, retval,
4817			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4818		}
4819#if 0
4820		 else {
4821            /* NOTE:  TODO:  why does lun enable affect port status? */
4822			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4823		}
4824#endif
4825	}
4826
4827	mtx_unlock(&ctl_softc->ctl_lock);
4828
4829	return (0);
4830}
4831
4832int
4833ctl_disable_lun(struct ctl_be_lun *be_lun)
4834{
4835	struct ctl_softc *ctl_softc;
4836	struct ctl_port *port;
4837	struct ctl_lun *lun;
4838	int retval;
4839
4840	ctl_softc = control_softc;
4841
4842	lun = (struct ctl_lun *)be_lun->ctl_lun;
4843
4844	mtx_lock(&ctl_softc->ctl_lock);
4845	mtx_lock(&lun->lun_lock);
4846	if (lun->flags & CTL_LUN_DISABLED) {
4847		mtx_unlock(&lun->lun_lock);
4848		mtx_unlock(&ctl_softc->ctl_lock);
4849		return (0);
4850	}
4851	lun->flags |= CTL_LUN_DISABLED;
4852	mtx_unlock(&lun->lun_lock);
4853
4854	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4855		mtx_unlock(&ctl_softc->ctl_lock);
4856		/*
4857		 * Drop the lock before we call the frontend's disable
4858		 * routine, to avoid lock order reversals.
4859		 *
4860		 * XXX KDM what happens if the frontend list changes while
4861		 * we're traversing it?  It's unlikely, but should be handled.
4862		 */
4863		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4864					 lun->lun);
4865		mtx_lock(&ctl_softc->ctl_lock);
4866		if (retval != 0) {
4867			printf("ctl_alloc_lun: FETD %s port %d returned error "
4868			       "%d for lun_disable on target %ju lun %jd\n",
4869			       port->port_name, port->targ_port, retval,
4870			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4871		}
4872	}
4873
4874	mtx_unlock(&ctl_softc->ctl_lock);
4875
4876	return (0);
4877}
4878
4879int
4880ctl_start_lun(struct ctl_be_lun *be_lun)
4881{
4882	struct ctl_softc *ctl_softc;
4883	struct ctl_lun *lun;
4884
4885	ctl_softc = control_softc;
4886
4887	lun = (struct ctl_lun *)be_lun->ctl_lun;
4888
4889	mtx_lock(&lun->lun_lock);
4890	lun->flags &= ~CTL_LUN_STOPPED;
4891	mtx_unlock(&lun->lun_lock);
4892
4893	return (0);
4894}
4895
4896int
4897ctl_stop_lun(struct ctl_be_lun *be_lun)
4898{
4899	struct ctl_softc *ctl_softc;
4900	struct ctl_lun *lun;
4901
4902	ctl_softc = control_softc;
4903
4904	lun = (struct ctl_lun *)be_lun->ctl_lun;
4905
4906	mtx_lock(&lun->lun_lock);
4907	lun->flags |= CTL_LUN_STOPPED;
4908	mtx_unlock(&lun->lun_lock);
4909
4910	return (0);
4911}
4912
4913int
4914ctl_lun_offline(struct ctl_be_lun *be_lun)
4915{
4916	struct ctl_softc *ctl_softc;
4917	struct ctl_lun *lun;
4918
4919	ctl_softc = control_softc;
4920
4921	lun = (struct ctl_lun *)be_lun->ctl_lun;
4922
4923	mtx_lock(&lun->lun_lock);
4924	lun->flags |= CTL_LUN_OFFLINE;
4925	mtx_unlock(&lun->lun_lock);
4926
4927	return (0);
4928}
4929
4930int
4931ctl_lun_online(struct ctl_be_lun *be_lun)
4932{
4933	struct ctl_softc *ctl_softc;
4934	struct ctl_lun *lun;
4935
4936	ctl_softc = control_softc;
4937
4938	lun = (struct ctl_lun *)be_lun->ctl_lun;
4939
4940	mtx_lock(&lun->lun_lock);
4941	lun->flags &= ~CTL_LUN_OFFLINE;
4942	mtx_unlock(&lun->lun_lock);
4943
4944	return (0);
4945}
4946
4947int
4948ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4949{
4950	struct ctl_softc *ctl_softc;
4951	struct ctl_lun *lun;
4952
4953	ctl_softc = control_softc;
4954
4955	lun = (struct ctl_lun *)be_lun->ctl_lun;
4956
4957	mtx_lock(&lun->lun_lock);
4958
4959	/*
4960	 * The LUN needs to be disabled before it can be marked invalid.
4961	 */
4962	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4963		mtx_unlock(&lun->lun_lock);
4964		return (-1);
4965	}
4966	/*
4967	 * Mark the LUN invalid.
4968	 */
4969	lun->flags |= CTL_LUN_INVALID;
4970
4971	/*
4972	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4973	 * If we have something in the OOA queue, we'll free it when the
4974	 * last I/O completes.
4975	 */
4976	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4977		mtx_unlock(&lun->lun_lock);
4978		mtx_lock(&ctl_softc->ctl_lock);
4979		ctl_free_lun(lun);
4980		mtx_unlock(&ctl_softc->ctl_lock);
4981	} else
4982		mtx_unlock(&lun->lun_lock);
4983
4984	return (0);
4985}
4986
4987int
4988ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4989{
4990	struct ctl_softc *ctl_softc;
4991	struct ctl_lun *lun;
4992
4993	ctl_softc = control_softc;
4994	lun = (struct ctl_lun *)be_lun->ctl_lun;
4995
4996	mtx_lock(&lun->lun_lock);
4997	lun->flags |= CTL_LUN_INOPERABLE;
4998	mtx_unlock(&lun->lun_lock);
4999
5000	return (0);
5001}
5002
5003int
5004ctl_lun_operable(struct ctl_be_lun *be_lun)
5005{
5006	struct ctl_softc *ctl_softc;
5007	struct ctl_lun *lun;
5008
5009	ctl_softc = control_softc;
5010	lun = (struct ctl_lun *)be_lun->ctl_lun;
5011
5012	mtx_lock(&lun->lun_lock);
5013	lun->flags &= ~CTL_LUN_INOPERABLE;
5014	mtx_unlock(&lun->lun_lock);
5015
5016	return (0);
5017}
5018
5019void
5020ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5021{
5022	struct ctl_lun *lun;
5023	struct ctl_softc *softc;
5024	int i;
5025
5026	softc = control_softc;
5027
5028	lun = (struct ctl_lun *)be_lun->ctl_lun;
5029
5030	mtx_lock(&lun->lun_lock);
5031
5032	for (i = 0; i < CTL_MAX_INITIATORS; i++)
5033		lun->pending_ua[i] |= CTL_UA_CAPACITY_CHANGED;
5034
5035	mtx_unlock(&lun->lun_lock);
5036}
5037
5038/*
5039 * Backend "memory move is complete" callback for requests that never
5040 * make it down to say RAIDCore's configuration code.
5041 */
5042int
5043ctl_config_move_done(union ctl_io *io)
5044{
5045	int retval;
5046
5047	retval = CTL_RETVAL_COMPLETE;
5048
5049
5050	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5051	/*
5052	 * XXX KDM this shouldn't happen, but what if it does?
5053	 */
5054	if (io->io_hdr.io_type != CTL_IO_SCSI)
5055		panic("I/O type isn't CTL_IO_SCSI!");
5056
5057	if ((io->io_hdr.port_status == 0)
5058	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5059	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
5060		io->io_hdr.status = CTL_SUCCESS;
5061	else if ((io->io_hdr.port_status != 0)
5062	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5063	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
5064		/*
5065		 * For hardware error sense keys, the sense key
5066		 * specific value is defined to be a retry count,
5067		 * but we use it to pass back an internal FETD
5068		 * error code.  XXX KDM  Hopefully the FETD is only
5069		 * using 16 bits for an error code, since that's
5070		 * all the space we have in the sks field.
5071		 */
5072		ctl_set_internal_failure(&io->scsiio,
5073					 /*sks_valid*/ 1,
5074					 /*retry_count*/
5075					 io->io_hdr.port_status);
5076		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5077			free(io->scsiio.kern_data_ptr, M_CTL);
5078		ctl_done(io);
5079		goto bailout;
5080	}
5081
5082	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
5083	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
5084	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5085		/*
5086		 * XXX KDM just assuming a single pointer here, and not a
5087		 * S/G list.  If we start using S/G lists for config data,
5088		 * we'll need to know how to clean them up here as well.
5089		 */
5090		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5091			free(io->scsiio.kern_data_ptr, M_CTL);
5092		/* Hopefully the user has already set the status... */
5093		ctl_done(io);
5094	} else {
5095		/*
5096		 * XXX KDM now we need to continue data movement.  Some
5097		 * options:
5098		 * - call ctl_scsiio() again?  We don't do this for data
5099		 *   writes, because for those at least we know ahead of
5100		 *   time where the write will go and how long it is.  For
5101		 *   config writes, though, that information is largely
5102		 *   contained within the write itself, thus we need to
5103		 *   parse out the data again.
5104		 *
5105		 * - Call some other function once the data is in?
5106		 */
5107		if (ctl_debug & CTL_DEBUG_CDB_DATA)
5108			ctl_data_print(io);
5109
5110		/*
5111		 * XXX KDM call ctl_scsiio() again for now, and check flag
5112		 * bits to see whether we're allocated or not.
5113		 */
5114		retval = ctl_scsiio(&io->scsiio);
5115	}
5116bailout:
5117	return (retval);
5118}
5119
5120/*
5121 * This gets called by a backend driver when it is done with a
5122 * data_submit method.
5123 */
5124void
5125ctl_data_submit_done(union ctl_io *io)
5126{
5127	/*
5128	 * If the IO_CONT flag is set, we need to call the supplied
5129	 * function to continue processing the I/O, instead of completing
5130	 * the I/O just yet.
5131	 *
5132	 * If there is an error, though, we don't want to keep processing.
5133	 * Instead, just send status back to the initiator.
5134	 */
5135	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5136	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5137	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5138	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5139		io->scsiio.io_cont(io);
5140		return;
5141	}
5142	ctl_done(io);
5143}
5144
5145/*
5146 * This gets called by a backend driver when it is done with a
5147 * configuration write.
5148 */
5149void
5150ctl_config_write_done(union ctl_io *io)
5151{
5152	uint8_t *buf;
5153
5154	/*
5155	 * If the IO_CONT flag is set, we need to call the supplied
5156	 * function to continue processing the I/O, instead of completing
5157	 * the I/O just yet.
5158	 *
5159	 * If there is an error, though, we don't want to keep processing.
5160	 * Instead, just send status back to the initiator.
5161	 */
5162	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5163	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5164	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5165	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5166		io->scsiio.io_cont(io);
5167		return;
5168	}
5169	/*
5170	 * Since a configuration write can be done for commands that actually
5171	 * have data allocated, like write buffer, and commands that have
5172	 * no data, like start/stop unit, we need to check here.
5173	 */
5174	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5175		buf = io->scsiio.kern_data_ptr;
5176	else
5177		buf = NULL;
5178	ctl_done(io);
5179	if (buf)
5180		free(buf, M_CTL);
5181}
5182
5183/*
5184 * SCSI release command.
5185 */
5186int
5187ctl_scsi_release(struct ctl_scsiio *ctsio)
5188{
5189	int length, longid, thirdparty_id, resv_id;
5190	struct ctl_softc *ctl_softc;
5191	struct ctl_lun *lun;
5192	uint32_t residx;
5193
5194	length = 0;
5195	resv_id = 0;
5196
5197	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5198
5199	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5200	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5201	ctl_softc = control_softc;
5202
5203	switch (ctsio->cdb[0]) {
5204	case RELEASE_10: {
5205		struct scsi_release_10 *cdb;
5206
5207		cdb = (struct scsi_release_10 *)ctsio->cdb;
5208
5209		if (cdb->byte2 & SR10_LONGID)
5210			longid = 1;
5211		else
5212			thirdparty_id = cdb->thirdparty_id;
5213
5214		resv_id = cdb->resv_id;
5215		length = scsi_2btoul(cdb->length);
5216		break;
5217	}
5218	}
5219
5220
5221	/*
5222	 * XXX KDM right now, we only support LUN reservation.  We don't
5223	 * support 3rd party reservations, or extent reservations, which
5224	 * might actually need the parameter list.  If we've gotten this
5225	 * far, we've got a LUN reservation.  Anything else got kicked out
5226	 * above.  So, according to SPC, ignore the length.
5227	 */
5228	length = 0;
5229
5230	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5231	 && (length > 0)) {
5232		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5233		ctsio->kern_data_len = length;
5234		ctsio->kern_total_len = length;
5235		ctsio->kern_data_resid = 0;
5236		ctsio->kern_rel_offset = 0;
5237		ctsio->kern_sg_entries = 0;
5238		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5239		ctsio->be_move_done = ctl_config_move_done;
5240		ctl_datamove((union ctl_io *)ctsio);
5241
5242		return (CTL_RETVAL_COMPLETE);
5243	}
5244
5245	if (length > 0)
5246		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5247
5248	mtx_lock(&lun->lun_lock);
5249
5250	/*
5251	 * According to SPC, it is not an error for an intiator to attempt
5252	 * to release a reservation on a LUN that isn't reserved, or that
5253	 * is reserved by another initiator.  The reservation can only be
5254	 * released, though, by the initiator who made it or by one of
5255	 * several reset type events.
5256	 */
5257	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5258			lun->flags &= ~CTL_LUN_RESERVED;
5259
5260	mtx_unlock(&lun->lun_lock);
5261
5262	ctsio->scsi_status = SCSI_STATUS_OK;
5263	ctsio->io_hdr.status = CTL_SUCCESS;
5264
5265	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5266		free(ctsio->kern_data_ptr, M_CTL);
5267		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5268	}
5269
5270	ctl_done((union ctl_io *)ctsio);
5271	return (CTL_RETVAL_COMPLETE);
5272}
5273
5274int
5275ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5276{
5277	int extent, thirdparty, longid;
5278	int resv_id, length;
5279	uint64_t thirdparty_id;
5280	struct ctl_softc *ctl_softc;
5281	struct ctl_lun *lun;
5282	uint32_t residx;
5283
5284	extent = 0;
5285	thirdparty = 0;
5286	longid = 0;
5287	resv_id = 0;
5288	length = 0;
5289	thirdparty_id = 0;
5290
5291	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5292
5293	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5294	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5295	ctl_softc = control_softc;
5296
5297	switch (ctsio->cdb[0]) {
5298	case RESERVE_10: {
5299		struct scsi_reserve_10 *cdb;
5300
5301		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5302
5303		if (cdb->byte2 & SR10_LONGID)
5304			longid = 1;
5305		else
5306			thirdparty_id = cdb->thirdparty_id;
5307
5308		resv_id = cdb->resv_id;
5309		length = scsi_2btoul(cdb->length);
5310		break;
5311	}
5312	}
5313
5314	/*
5315	 * XXX KDM right now, we only support LUN reservation.  We don't
5316	 * support 3rd party reservations, or extent reservations, which
5317	 * might actually need the parameter list.  If we've gotten this
5318	 * far, we've got a LUN reservation.  Anything else got kicked out
5319	 * above.  So, according to SPC, ignore the length.
5320	 */
5321	length = 0;
5322
5323	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5324	 && (length > 0)) {
5325		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5326		ctsio->kern_data_len = length;
5327		ctsio->kern_total_len = length;
5328		ctsio->kern_data_resid = 0;
5329		ctsio->kern_rel_offset = 0;
5330		ctsio->kern_sg_entries = 0;
5331		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5332		ctsio->be_move_done = ctl_config_move_done;
5333		ctl_datamove((union ctl_io *)ctsio);
5334
5335		return (CTL_RETVAL_COMPLETE);
5336	}
5337
5338	if (length > 0)
5339		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5340
5341	mtx_lock(&lun->lun_lock);
5342	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5343		ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
5344		ctsio->io_hdr.status = CTL_SCSI_ERROR;
5345		goto bailout;
5346	}
5347
5348	lun->flags |= CTL_LUN_RESERVED;
5349	lun->res_idx = residx;
5350
5351	ctsio->scsi_status = SCSI_STATUS_OK;
5352	ctsio->io_hdr.status = CTL_SUCCESS;
5353
5354bailout:
5355	mtx_unlock(&lun->lun_lock);
5356
5357	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5358		free(ctsio->kern_data_ptr, M_CTL);
5359		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5360	}
5361
5362	ctl_done((union ctl_io *)ctsio);
5363	return (CTL_RETVAL_COMPLETE);
5364}
5365
5366int
5367ctl_start_stop(struct ctl_scsiio *ctsio)
5368{
5369	struct scsi_start_stop_unit *cdb;
5370	struct ctl_lun *lun;
5371	struct ctl_softc *ctl_softc;
5372	int retval;
5373
5374	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5375
5376	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5377	ctl_softc = control_softc;
5378	retval = 0;
5379
5380	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5381
5382	/*
5383	 * XXX KDM
5384	 * We don't support the immediate bit on a stop unit.  In order to
5385	 * do that, we would need to code up a way to know that a stop is
5386	 * pending, and hold off any new commands until it completes, one
5387	 * way or another.  Then we could accept or reject those commands
5388	 * depending on its status.  We would almost need to do the reverse
5389	 * of what we do below for an immediate start -- return the copy of
5390	 * the ctl_io to the FETD with status to send to the host (and to
5391	 * free the copy!) and then free the original I/O once the stop
5392	 * actually completes.  That way, the OOA queue mechanism can work
5393	 * to block commands that shouldn't proceed.  Another alternative
5394	 * would be to put the copy in the queue in place of the original,
5395	 * and return the original back to the caller.  That could be
5396	 * slightly safer..
5397	 */
5398	if ((cdb->byte2 & SSS_IMMED)
5399	 && ((cdb->how & SSS_START) == 0)) {
5400		ctl_set_invalid_field(ctsio,
5401				      /*sks_valid*/ 1,
5402				      /*command*/ 1,
5403				      /*field*/ 1,
5404				      /*bit_valid*/ 1,
5405				      /*bit*/ 0);
5406		ctl_done((union ctl_io *)ctsio);
5407		return (CTL_RETVAL_COMPLETE);
5408	}
5409
5410	if ((lun->flags & CTL_LUN_PR_RESERVED)
5411	 && ((cdb->how & SSS_START)==0)) {
5412		uint32_t residx;
5413
5414		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5415		if (lun->pr_keys[residx] == 0
5416		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5417
5418			ctl_set_reservation_conflict(ctsio);
5419			ctl_done((union ctl_io *)ctsio);
5420			return (CTL_RETVAL_COMPLETE);
5421		}
5422	}
5423
5424	/*
5425	 * If there is no backend on this device, we can't start or stop
5426	 * it.  In theory we shouldn't get any start/stop commands in the
5427	 * first place at this level if the LUN doesn't have a backend.
5428	 * That should get stopped by the command decode code.
5429	 */
5430	if (lun->backend == NULL) {
5431		ctl_set_invalid_opcode(ctsio);
5432		ctl_done((union ctl_io *)ctsio);
5433		return (CTL_RETVAL_COMPLETE);
5434	}
5435
5436	/*
5437	 * XXX KDM Copan-specific offline behavior.
5438	 * Figure out a reasonable way to port this?
5439	 */
5440#ifdef NEEDTOPORT
5441	mtx_lock(&lun->lun_lock);
5442
5443	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5444	 && (lun->flags & CTL_LUN_OFFLINE)) {
5445		/*
5446		 * If the LUN is offline, and the on/offline bit isn't set,
5447		 * reject the start or stop.  Otherwise, let it through.
5448		 */
5449		mtx_unlock(&lun->lun_lock);
5450		ctl_set_lun_not_ready(ctsio);
5451		ctl_done((union ctl_io *)ctsio);
5452	} else {
5453		mtx_unlock(&lun->lun_lock);
5454#endif /* NEEDTOPORT */
5455		/*
5456		 * This could be a start or a stop when we're online,
5457		 * or a stop/offline or start/online.  A start or stop when
5458		 * we're offline is covered in the case above.
5459		 */
5460		/*
5461		 * In the non-immediate case, we send the request to
5462		 * the backend and return status to the user when
5463		 * it is done.
5464		 *
5465		 * In the immediate case, we allocate a new ctl_io
5466		 * to hold a copy of the request, and send that to
5467		 * the backend.  We then set good status on the
5468		 * user's request and return it immediately.
5469		 */
5470		if (cdb->byte2 & SSS_IMMED) {
5471			union ctl_io *new_io;
5472
5473			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5474			if (new_io == NULL) {
5475				ctl_set_busy(ctsio);
5476				ctl_done((union ctl_io *)ctsio);
5477			} else {
5478				ctl_copy_io((union ctl_io *)ctsio,
5479					    new_io);
5480				retval = lun->backend->config_write(new_io);
5481				ctl_set_success(ctsio);
5482				ctl_done((union ctl_io *)ctsio);
5483			}
5484		} else {
5485			retval = lun->backend->config_write(
5486				(union ctl_io *)ctsio);
5487		}
5488#ifdef NEEDTOPORT
5489	}
5490#endif
5491	return (retval);
5492}
5493
5494/*
5495 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5496 * we don't really do anything with the LBA and length fields if the user
5497 * passes them in.  Instead we'll just flush out the cache for the entire
5498 * LUN.
5499 */
5500int
5501ctl_sync_cache(struct ctl_scsiio *ctsio)
5502{
5503	struct ctl_lun *lun;
5504	struct ctl_softc *ctl_softc;
5505	uint64_t starting_lba;
5506	uint32_t block_count;
5507	int retval;
5508
5509	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5510
5511	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5512	ctl_softc = control_softc;
5513	retval = 0;
5514
5515	switch (ctsio->cdb[0]) {
5516	case SYNCHRONIZE_CACHE: {
5517		struct scsi_sync_cache *cdb;
5518		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5519
5520		starting_lba = scsi_4btoul(cdb->begin_lba);
5521		block_count = scsi_2btoul(cdb->lb_count);
5522		break;
5523	}
5524	case SYNCHRONIZE_CACHE_16: {
5525		struct scsi_sync_cache_16 *cdb;
5526		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5527
5528		starting_lba = scsi_8btou64(cdb->begin_lba);
5529		block_count = scsi_4btoul(cdb->lb_count);
5530		break;
5531	}
5532	default:
5533		ctl_set_invalid_opcode(ctsio);
5534		ctl_done((union ctl_io *)ctsio);
5535		goto bailout;
5536		break; /* NOTREACHED */
5537	}
5538
5539	/*
5540	 * We check the LBA and length, but don't do anything with them.
5541	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5542	 * get flushed.  This check will just help satisfy anyone who wants
5543	 * to see an error for an out of range LBA.
5544	 */
5545	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5546		ctl_set_lba_out_of_range(ctsio);
5547		ctl_done((union ctl_io *)ctsio);
5548		goto bailout;
5549	}
5550
5551	/*
5552	 * If this LUN has no backend, we can't flush the cache anyway.
5553	 */
5554	if (lun->backend == NULL) {
5555		ctl_set_invalid_opcode(ctsio);
5556		ctl_done((union ctl_io *)ctsio);
5557		goto bailout;
5558	}
5559
5560	/*
5561	 * Check to see whether we're configured to send the SYNCHRONIZE
5562	 * CACHE command directly to the back end.
5563	 */
5564	mtx_lock(&lun->lun_lock);
5565	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5566	 && (++(lun->sync_count) >= lun->sync_interval)) {
5567		lun->sync_count = 0;
5568		mtx_unlock(&lun->lun_lock);
5569		retval = lun->backend->config_write((union ctl_io *)ctsio);
5570	} else {
5571		mtx_unlock(&lun->lun_lock);
5572		ctl_set_success(ctsio);
5573		ctl_done((union ctl_io *)ctsio);
5574	}
5575
5576bailout:
5577
5578	return (retval);
5579}
5580
5581int
5582ctl_format(struct ctl_scsiio *ctsio)
5583{
5584	struct scsi_format *cdb;
5585	struct ctl_lun *lun;
5586	struct ctl_softc *ctl_softc;
5587	int length, defect_list_len;
5588
5589	CTL_DEBUG_PRINT(("ctl_format\n"));
5590
5591	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5592	ctl_softc = control_softc;
5593
5594	cdb = (struct scsi_format *)ctsio->cdb;
5595
5596	length = 0;
5597	if (cdb->byte2 & SF_FMTDATA) {
5598		if (cdb->byte2 & SF_LONGLIST)
5599			length = sizeof(struct scsi_format_header_long);
5600		else
5601			length = sizeof(struct scsi_format_header_short);
5602	}
5603
5604	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5605	 && (length > 0)) {
5606		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5607		ctsio->kern_data_len = length;
5608		ctsio->kern_total_len = length;
5609		ctsio->kern_data_resid = 0;
5610		ctsio->kern_rel_offset = 0;
5611		ctsio->kern_sg_entries = 0;
5612		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5613		ctsio->be_move_done = ctl_config_move_done;
5614		ctl_datamove((union ctl_io *)ctsio);
5615
5616		return (CTL_RETVAL_COMPLETE);
5617	}
5618
5619	defect_list_len = 0;
5620
5621	if (cdb->byte2 & SF_FMTDATA) {
5622		if (cdb->byte2 & SF_LONGLIST) {
5623			struct scsi_format_header_long *header;
5624
5625			header = (struct scsi_format_header_long *)
5626				ctsio->kern_data_ptr;
5627
5628			defect_list_len = scsi_4btoul(header->defect_list_len);
5629			if (defect_list_len != 0) {
5630				ctl_set_invalid_field(ctsio,
5631						      /*sks_valid*/ 1,
5632						      /*command*/ 0,
5633						      /*field*/ 2,
5634						      /*bit_valid*/ 0,
5635						      /*bit*/ 0);
5636				goto bailout;
5637			}
5638		} else {
5639			struct scsi_format_header_short *header;
5640
5641			header = (struct scsi_format_header_short *)
5642				ctsio->kern_data_ptr;
5643
5644			defect_list_len = scsi_2btoul(header->defect_list_len);
5645			if (defect_list_len != 0) {
5646				ctl_set_invalid_field(ctsio,
5647						      /*sks_valid*/ 1,
5648						      /*command*/ 0,
5649						      /*field*/ 2,
5650						      /*bit_valid*/ 0,
5651						      /*bit*/ 0);
5652				goto bailout;
5653			}
5654		}
5655	}
5656
5657	/*
5658	 * The format command will clear out the "Medium format corrupted"
5659	 * status if set by the configuration code.  That status is really
5660	 * just a way to notify the host that we have lost the media, and
5661	 * get them to issue a command that will basically make them think
5662	 * they're blowing away the media.
5663	 */
5664	mtx_lock(&lun->lun_lock);
5665	lun->flags &= ~CTL_LUN_INOPERABLE;
5666	mtx_unlock(&lun->lun_lock);
5667
5668	ctsio->scsi_status = SCSI_STATUS_OK;
5669	ctsio->io_hdr.status = CTL_SUCCESS;
5670bailout:
5671
5672	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5673		free(ctsio->kern_data_ptr, M_CTL);
5674		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5675	}
5676
5677	ctl_done((union ctl_io *)ctsio);
5678	return (CTL_RETVAL_COMPLETE);
5679}
5680
5681int
5682ctl_read_buffer(struct ctl_scsiio *ctsio)
5683{
5684	struct scsi_read_buffer *cdb;
5685	struct ctl_lun *lun;
5686	int buffer_offset, len;
5687	static uint8_t descr[4];
5688	static uint8_t echo_descr[4] = { 0 };
5689
5690	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5691
5692	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5693	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5694
5695	if (lun->flags & CTL_LUN_PR_RESERVED) {
5696		uint32_t residx;
5697
5698		/*
5699		 * XXX KDM need a lock here.
5700		 */
5701		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5702		if ((lun->res_type == SPR_TYPE_EX_AC
5703		  && residx != lun->pr_res_idx)
5704		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
5705		   || lun->res_type == SPR_TYPE_EX_AC_AR)
5706		  && lun->pr_keys[residx] == 0)) {
5707			ctl_set_reservation_conflict(ctsio);
5708			ctl_done((union ctl_io *)ctsio);
5709			return (CTL_RETVAL_COMPLETE);
5710	        }
5711	}
5712
5713	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5714	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5715	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5716		ctl_set_invalid_field(ctsio,
5717				      /*sks_valid*/ 1,
5718				      /*command*/ 1,
5719				      /*field*/ 1,
5720				      /*bit_valid*/ 1,
5721				      /*bit*/ 4);
5722		ctl_done((union ctl_io *)ctsio);
5723		return (CTL_RETVAL_COMPLETE);
5724	}
5725
5726	len = scsi_3btoul(cdb->length);
5727	buffer_offset = scsi_3btoul(cdb->offset);
5728
5729	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5730		ctl_set_invalid_field(ctsio,
5731				      /*sks_valid*/ 1,
5732				      /*command*/ 1,
5733				      /*field*/ 6,
5734				      /*bit_valid*/ 0,
5735				      /*bit*/ 0);
5736		ctl_done((union ctl_io *)ctsio);
5737		return (CTL_RETVAL_COMPLETE);
5738	}
5739
5740	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5741		descr[0] = 0;
5742		scsi_ulto3b(sizeof(lun->write_buffer), &descr[1]);
5743		ctsio->kern_data_ptr = descr;
5744		len = min(len, sizeof(descr));
5745	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5746		ctsio->kern_data_ptr = echo_descr;
5747		len = min(len, sizeof(echo_descr));
5748	} else
5749		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5750	ctsio->kern_data_len = len;
5751	ctsio->kern_total_len = len;
5752	ctsio->kern_data_resid = 0;
5753	ctsio->kern_rel_offset = 0;
5754	ctsio->kern_sg_entries = 0;
5755	ctsio->be_move_done = ctl_config_move_done;
5756	ctl_datamove((union ctl_io *)ctsio);
5757
5758	return (CTL_RETVAL_COMPLETE);
5759}
5760
5761int
5762ctl_write_buffer(struct ctl_scsiio *ctsio)
5763{
5764	struct scsi_write_buffer *cdb;
5765	struct ctl_lun *lun;
5766	int buffer_offset, len;
5767
5768	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5769
5770	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5771	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5772
5773	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5774		ctl_set_invalid_field(ctsio,
5775				      /*sks_valid*/ 1,
5776				      /*command*/ 1,
5777				      /*field*/ 1,
5778				      /*bit_valid*/ 1,
5779				      /*bit*/ 4);
5780		ctl_done((union ctl_io *)ctsio);
5781		return (CTL_RETVAL_COMPLETE);
5782	}
5783
5784	len = scsi_3btoul(cdb->length);
5785	buffer_offset = scsi_3btoul(cdb->offset);
5786
5787	if (buffer_offset + len > sizeof(lun->write_buffer)) {
5788		ctl_set_invalid_field(ctsio,
5789				      /*sks_valid*/ 1,
5790				      /*command*/ 1,
5791				      /*field*/ 6,
5792				      /*bit_valid*/ 0,
5793				      /*bit*/ 0);
5794		ctl_done((union ctl_io *)ctsio);
5795		return (CTL_RETVAL_COMPLETE);
5796	}
5797
5798	/*
5799	 * If we've got a kernel request that hasn't been malloced yet,
5800	 * malloc it and tell the caller the data buffer is here.
5801	 */
5802	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5803		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5804		ctsio->kern_data_len = len;
5805		ctsio->kern_total_len = len;
5806		ctsio->kern_data_resid = 0;
5807		ctsio->kern_rel_offset = 0;
5808		ctsio->kern_sg_entries = 0;
5809		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5810		ctsio->be_move_done = ctl_config_move_done;
5811		ctl_datamove((union ctl_io *)ctsio);
5812
5813		return (CTL_RETVAL_COMPLETE);
5814	}
5815
5816	ctl_done((union ctl_io *)ctsio);
5817
5818	return (CTL_RETVAL_COMPLETE);
5819}
5820
5821int
5822ctl_write_same(struct ctl_scsiio *ctsio)
5823{
5824	struct ctl_lun *lun;
5825	struct ctl_lba_len_flags *lbalen;
5826	uint64_t lba;
5827	uint32_t num_blocks;
5828	int len, retval;
5829	uint8_t byte2;
5830
5831	retval = CTL_RETVAL_COMPLETE;
5832
5833	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5834
5835	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5836
5837	switch (ctsio->cdb[0]) {
5838	case WRITE_SAME_10: {
5839		struct scsi_write_same_10 *cdb;
5840
5841		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5842
5843		lba = scsi_4btoul(cdb->addr);
5844		num_blocks = scsi_2btoul(cdb->length);
5845		byte2 = cdb->byte2;
5846		break;
5847	}
5848	case WRITE_SAME_16: {
5849		struct scsi_write_same_16 *cdb;
5850
5851		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5852
5853		lba = scsi_8btou64(cdb->addr);
5854		num_blocks = scsi_4btoul(cdb->length);
5855		byte2 = cdb->byte2;
5856		break;
5857	}
5858	default:
5859		/*
5860		 * We got a command we don't support.  This shouldn't
5861		 * happen, commands should be filtered out above us.
5862		 */
5863		ctl_set_invalid_opcode(ctsio);
5864		ctl_done((union ctl_io *)ctsio);
5865
5866		return (CTL_RETVAL_COMPLETE);
5867		break; /* NOTREACHED */
5868	}
5869
5870	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5871	if ((byte2 & SWS_UNMAP) == 0 &&
5872	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5873		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5874		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5875		ctl_done((union ctl_io *)ctsio);
5876		return (CTL_RETVAL_COMPLETE);
5877	}
5878
5879	/*
5880	 * The first check is to make sure we're in bounds, the second
5881	 * check is to catch wrap-around problems.  If the lba + num blocks
5882	 * is less than the lba, then we've wrapped around and the block
5883	 * range is invalid anyway.
5884	 */
5885	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5886	 || ((lba + num_blocks) < lba)) {
5887		ctl_set_lba_out_of_range(ctsio);
5888		ctl_done((union ctl_io *)ctsio);
5889		return (CTL_RETVAL_COMPLETE);
5890	}
5891
5892	/* Zero number of blocks means "to the last logical block" */
5893	if (num_blocks == 0) {
5894		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5895			ctl_set_invalid_field(ctsio,
5896					      /*sks_valid*/ 0,
5897					      /*command*/ 1,
5898					      /*field*/ 0,
5899					      /*bit_valid*/ 0,
5900					      /*bit*/ 0);
5901			ctl_done((union ctl_io *)ctsio);
5902			return (CTL_RETVAL_COMPLETE);
5903		}
5904		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5905	}
5906
5907	len = lun->be_lun->blocksize;
5908
5909	/*
5910	 * If we've got a kernel request that hasn't been malloced yet,
5911	 * malloc it and tell the caller the data buffer is here.
5912	 */
5913	if ((byte2 & SWS_NDOB) == 0 &&
5914	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5915		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5916		ctsio->kern_data_len = len;
5917		ctsio->kern_total_len = len;
5918		ctsio->kern_data_resid = 0;
5919		ctsio->kern_rel_offset = 0;
5920		ctsio->kern_sg_entries = 0;
5921		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5922		ctsio->be_move_done = ctl_config_move_done;
5923		ctl_datamove((union ctl_io *)ctsio);
5924
5925		return (CTL_RETVAL_COMPLETE);
5926	}
5927
5928	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5929	lbalen->lba = lba;
5930	lbalen->len = num_blocks;
5931	lbalen->flags = byte2;
5932	retval = lun->backend->config_write((union ctl_io *)ctsio);
5933
5934	return (retval);
5935}
5936
5937int
5938ctl_unmap(struct ctl_scsiio *ctsio)
5939{
5940	struct ctl_lun *lun;
5941	struct scsi_unmap *cdb;
5942	struct ctl_ptr_len_flags *ptrlen;
5943	struct scsi_unmap_header *hdr;
5944	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5945	uint64_t lba;
5946	uint32_t num_blocks;
5947	int len, retval;
5948	uint8_t byte2;
5949
5950	retval = CTL_RETVAL_COMPLETE;
5951
5952	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5953
5954	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5955	cdb = (struct scsi_unmap *)ctsio->cdb;
5956
5957	len = scsi_2btoul(cdb->length);
5958	byte2 = cdb->byte2;
5959
5960	/*
5961	 * If we've got a kernel request that hasn't been malloced yet,
5962	 * malloc it and tell the caller the data buffer is here.
5963	 */
5964	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5965		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5966		ctsio->kern_data_len = len;
5967		ctsio->kern_total_len = len;
5968		ctsio->kern_data_resid = 0;
5969		ctsio->kern_rel_offset = 0;
5970		ctsio->kern_sg_entries = 0;
5971		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5972		ctsio->be_move_done = ctl_config_move_done;
5973		ctl_datamove((union ctl_io *)ctsio);
5974
5975		return (CTL_RETVAL_COMPLETE);
5976	}
5977
5978	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5979	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5980	if (len < sizeof (*hdr) ||
5981	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5982	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5983	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5984		ctl_set_invalid_field(ctsio,
5985				      /*sks_valid*/ 0,
5986				      /*command*/ 0,
5987				      /*field*/ 0,
5988				      /*bit_valid*/ 0,
5989				      /*bit*/ 0);
5990		ctl_done((union ctl_io *)ctsio);
5991		return (CTL_RETVAL_COMPLETE);
5992	}
5993	len = scsi_2btoul(hdr->desc_length);
5994	buf = (struct scsi_unmap_desc *)(hdr + 1);
5995	end = buf + len / sizeof(*buf);
5996
5997	endnz = buf;
5998	for (range = buf; range < end; range++) {
5999		lba = scsi_8btou64(range->lba);
6000		num_blocks = scsi_4btoul(range->length);
6001		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6002		 || ((lba + num_blocks) < lba)) {
6003			ctl_set_lba_out_of_range(ctsio);
6004			ctl_done((union ctl_io *)ctsio);
6005			return (CTL_RETVAL_COMPLETE);
6006		}
6007		if (num_blocks != 0)
6008			endnz = range + 1;
6009	}
6010
6011	/*
6012	 * Block backend can not handle zero last range.
6013	 * Filter it out and return if there is nothing left.
6014	 */
6015	len = (uint8_t *)endnz - (uint8_t *)buf;
6016	if (len == 0) {
6017		ctl_set_success(ctsio);
6018		ctl_done((union ctl_io *)ctsio);
6019		return (CTL_RETVAL_COMPLETE);
6020	}
6021
6022	mtx_lock(&lun->lun_lock);
6023	ptrlen = (struct ctl_ptr_len_flags *)
6024	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6025	ptrlen->ptr = (void *)buf;
6026	ptrlen->len = len;
6027	ptrlen->flags = byte2;
6028	ctl_check_blocked(lun);
6029	mtx_unlock(&lun->lun_lock);
6030
6031	retval = lun->backend->config_write((union ctl_io *)ctsio);
6032	return (retval);
6033}
6034
6035/*
6036 * Note that this function currently doesn't actually do anything inside
6037 * CTL to enforce things if the DQue bit is turned on.
6038 *
6039 * Also note that this function can't be used in the default case, because
6040 * the DQue bit isn't set in the changeable mask for the control mode page
6041 * anyway.  This is just here as an example for how to implement a page
6042 * handler, and a placeholder in case we want to allow the user to turn
6043 * tagged queueing on and off.
6044 *
6045 * The D_SENSE bit handling is functional, however, and will turn
6046 * descriptor sense on and off for a given LUN.
6047 */
6048int
6049ctl_control_page_handler(struct ctl_scsiio *ctsio,
6050			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6051{
6052	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6053	struct ctl_lun *lun;
6054	struct ctl_softc *softc;
6055	int set_ua;
6056	uint32_t initidx;
6057
6058	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6059	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6060	set_ua = 0;
6061
6062	user_cp = (struct scsi_control_page *)page_ptr;
6063	current_cp = (struct scsi_control_page *)
6064		(page_index->page_data + (page_index->page_len *
6065		CTL_PAGE_CURRENT));
6066	saved_cp = (struct scsi_control_page *)
6067		(page_index->page_data + (page_index->page_len *
6068		CTL_PAGE_SAVED));
6069
6070	softc = control_softc;
6071
6072	mtx_lock(&lun->lun_lock);
6073	if (((current_cp->rlec & SCP_DSENSE) == 0)
6074	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6075		/*
6076		 * Descriptor sense is currently turned off and the user
6077		 * wants to turn it on.
6078		 */
6079		current_cp->rlec |= SCP_DSENSE;
6080		saved_cp->rlec |= SCP_DSENSE;
6081		lun->flags |= CTL_LUN_SENSE_DESC;
6082		set_ua = 1;
6083	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6084		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6085		/*
6086		 * Descriptor sense is currently turned on, and the user
6087		 * wants to turn it off.
6088		 */
6089		current_cp->rlec &= ~SCP_DSENSE;
6090		saved_cp->rlec &= ~SCP_DSENSE;
6091		lun->flags &= ~CTL_LUN_SENSE_DESC;
6092		set_ua = 1;
6093	}
6094	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6095	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6096		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6097		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6098		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6099		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6100		set_ua = 1;
6101	}
6102	if ((current_cp->eca_and_aen & SCP_SWP) !=
6103	    (user_cp->eca_and_aen & SCP_SWP)) {
6104		current_cp->eca_and_aen &= ~SCP_SWP;
6105		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6106		saved_cp->eca_and_aen &= ~SCP_SWP;
6107		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6108		set_ua = 1;
6109	}
6110	if (set_ua != 0) {
6111		int i;
6112		/*
6113		 * Let other initiators know that the mode
6114		 * parameters for this LUN have changed.
6115		 */
6116		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6117			if (i == initidx)
6118				continue;
6119
6120			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6121		}
6122	}
6123	mtx_unlock(&lun->lun_lock);
6124
6125	return (0);
6126}
6127
6128int
6129ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6130		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6131{
6132	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6133	struct ctl_lun *lun;
6134	int set_ua;
6135	uint32_t initidx;
6136
6137	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6138	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6139	set_ua = 0;
6140
6141	user_cp = (struct scsi_caching_page *)page_ptr;
6142	current_cp = (struct scsi_caching_page *)
6143		(page_index->page_data + (page_index->page_len *
6144		CTL_PAGE_CURRENT));
6145	saved_cp = (struct scsi_caching_page *)
6146		(page_index->page_data + (page_index->page_len *
6147		CTL_PAGE_SAVED));
6148
6149	mtx_lock(&lun->lun_lock);
6150	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6151	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6152		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6153		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6154		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6155		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6156		set_ua = 1;
6157	}
6158	if (set_ua != 0) {
6159		int i;
6160		/*
6161		 * Let other initiators know that the mode
6162		 * parameters for this LUN have changed.
6163		 */
6164		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6165			if (i == initidx)
6166				continue;
6167
6168			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6169		}
6170	}
6171	mtx_unlock(&lun->lun_lock);
6172
6173	return (0);
6174}
6175
6176int
6177ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6178				struct ctl_page_index *page_index,
6179				uint8_t *page_ptr)
6180{
6181	uint8_t *c;
6182	int i;
6183
6184	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6185	ctl_time_io_secs =
6186		(c[0] << 8) |
6187		(c[1] << 0) |
6188		0;
6189	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6190	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6191	printf("page data:");
6192	for (i=0; i<8; i++)
6193		printf(" %.2x",page_ptr[i]);
6194	printf("\n");
6195	return (0);
6196}
6197
6198int
6199ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6200			       struct ctl_page_index *page_index,
6201			       int pc)
6202{
6203	struct copan_debugconf_subpage *page;
6204
6205	page = (struct copan_debugconf_subpage *)page_index->page_data +
6206		(page_index->page_len * pc);
6207
6208	switch (pc) {
6209	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6210	case SMS_PAGE_CTRL_DEFAULT >> 6:
6211	case SMS_PAGE_CTRL_SAVED >> 6:
6212		/*
6213		 * We don't update the changable or default bits for this page.
6214		 */
6215		break;
6216	case SMS_PAGE_CTRL_CURRENT >> 6:
6217		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6218		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6219		break;
6220	default:
6221#ifdef NEEDTOPORT
6222		EPRINT(0, "Invalid PC %d!!", pc);
6223#endif /* NEEDTOPORT */
6224		break;
6225	}
6226	return (0);
6227}
6228
6229
6230static int
6231ctl_do_mode_select(union ctl_io *io)
6232{
6233	struct scsi_mode_page_header *page_header;
6234	struct ctl_page_index *page_index;
6235	struct ctl_scsiio *ctsio;
6236	int control_dev, page_len;
6237	int page_len_offset, page_len_size;
6238	union ctl_modepage_info *modepage_info;
6239	struct ctl_lun *lun;
6240	int *len_left, *len_used;
6241	int retval, i;
6242
6243	ctsio = &io->scsiio;
6244	page_index = NULL;
6245	page_len = 0;
6246	retval = CTL_RETVAL_COMPLETE;
6247
6248	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6249
6250	if (lun->be_lun->lun_type != T_DIRECT)
6251		control_dev = 1;
6252	else
6253		control_dev = 0;
6254
6255	modepage_info = (union ctl_modepage_info *)
6256		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6257	len_left = &modepage_info->header.len_left;
6258	len_used = &modepage_info->header.len_used;
6259
6260do_next_page:
6261
6262	page_header = (struct scsi_mode_page_header *)
6263		(ctsio->kern_data_ptr + *len_used);
6264
6265	if (*len_left == 0) {
6266		free(ctsio->kern_data_ptr, M_CTL);
6267		ctl_set_success(ctsio);
6268		ctl_done((union ctl_io *)ctsio);
6269		return (CTL_RETVAL_COMPLETE);
6270	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6271
6272		free(ctsio->kern_data_ptr, M_CTL);
6273		ctl_set_param_len_error(ctsio);
6274		ctl_done((union ctl_io *)ctsio);
6275		return (CTL_RETVAL_COMPLETE);
6276
6277	} else if ((page_header->page_code & SMPH_SPF)
6278		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6279
6280		free(ctsio->kern_data_ptr, M_CTL);
6281		ctl_set_param_len_error(ctsio);
6282		ctl_done((union ctl_io *)ctsio);
6283		return (CTL_RETVAL_COMPLETE);
6284	}
6285
6286
6287	/*
6288	 * XXX KDM should we do something with the block descriptor?
6289	 */
6290	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6291
6292		if ((control_dev != 0)
6293		 && (lun->mode_pages.index[i].page_flags &
6294		     CTL_PAGE_FLAG_DISK_ONLY))
6295			continue;
6296
6297		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6298		    (page_header->page_code & SMPH_PC_MASK))
6299			continue;
6300
6301		/*
6302		 * If neither page has a subpage code, then we've got a
6303		 * match.
6304		 */
6305		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6306		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6307			page_index = &lun->mode_pages.index[i];
6308			page_len = page_header->page_length;
6309			break;
6310		}
6311
6312		/*
6313		 * If both pages have subpages, then the subpage numbers
6314		 * have to match.
6315		 */
6316		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6317		  && (page_header->page_code & SMPH_SPF)) {
6318			struct scsi_mode_page_header_sp *sph;
6319
6320			sph = (struct scsi_mode_page_header_sp *)page_header;
6321
6322			if (lun->mode_pages.index[i].subpage ==
6323			    sph->subpage) {
6324				page_index = &lun->mode_pages.index[i];
6325				page_len = scsi_2btoul(sph->page_length);
6326				break;
6327			}
6328		}
6329	}
6330
6331	/*
6332	 * If we couldn't find the page, or if we don't have a mode select
6333	 * handler for it, send back an error to the user.
6334	 */
6335	if ((page_index == NULL)
6336	 || (page_index->select_handler == NULL)) {
6337		ctl_set_invalid_field(ctsio,
6338				      /*sks_valid*/ 1,
6339				      /*command*/ 0,
6340				      /*field*/ *len_used,
6341				      /*bit_valid*/ 0,
6342				      /*bit*/ 0);
6343		free(ctsio->kern_data_ptr, M_CTL);
6344		ctl_done((union ctl_io *)ctsio);
6345		return (CTL_RETVAL_COMPLETE);
6346	}
6347
6348	if (page_index->page_code & SMPH_SPF) {
6349		page_len_offset = 2;
6350		page_len_size = 2;
6351	} else {
6352		page_len_size = 1;
6353		page_len_offset = 1;
6354	}
6355
6356	/*
6357	 * If the length the initiator gives us isn't the one we specify in
6358	 * the mode page header, or if they didn't specify enough data in
6359	 * the CDB to avoid truncating this page, kick out the request.
6360	 */
6361	if ((page_len != (page_index->page_len - page_len_offset -
6362			  page_len_size))
6363	 || (*len_left < page_index->page_len)) {
6364
6365
6366		ctl_set_invalid_field(ctsio,
6367				      /*sks_valid*/ 1,
6368				      /*command*/ 0,
6369				      /*field*/ *len_used + page_len_offset,
6370				      /*bit_valid*/ 0,
6371				      /*bit*/ 0);
6372		free(ctsio->kern_data_ptr, M_CTL);
6373		ctl_done((union ctl_io *)ctsio);
6374		return (CTL_RETVAL_COMPLETE);
6375	}
6376
6377	/*
6378	 * Run through the mode page, checking to make sure that the bits
6379	 * the user changed are actually legal for him to change.
6380	 */
6381	for (i = 0; i < page_index->page_len; i++) {
6382		uint8_t *user_byte, *change_mask, *current_byte;
6383		int bad_bit;
6384		int j;
6385
6386		user_byte = (uint8_t *)page_header + i;
6387		change_mask = page_index->page_data +
6388			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6389		current_byte = page_index->page_data +
6390			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6391
6392		/*
6393		 * Check to see whether the user set any bits in this byte
6394		 * that he is not allowed to set.
6395		 */
6396		if ((*user_byte & ~(*change_mask)) ==
6397		    (*current_byte & ~(*change_mask)))
6398			continue;
6399
6400		/*
6401		 * Go through bit by bit to determine which one is illegal.
6402		 */
6403		bad_bit = 0;
6404		for (j = 7; j >= 0; j--) {
6405			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6406			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6407				bad_bit = i;
6408				break;
6409			}
6410		}
6411		ctl_set_invalid_field(ctsio,
6412				      /*sks_valid*/ 1,
6413				      /*command*/ 0,
6414				      /*field*/ *len_used + i,
6415				      /*bit_valid*/ 1,
6416				      /*bit*/ bad_bit);
6417		free(ctsio->kern_data_ptr, M_CTL);
6418		ctl_done((union ctl_io *)ctsio);
6419		return (CTL_RETVAL_COMPLETE);
6420	}
6421
6422	/*
6423	 * Decrement these before we call the page handler, since we may
6424	 * end up getting called back one way or another before the handler
6425	 * returns to this context.
6426	 */
6427	*len_left -= page_index->page_len;
6428	*len_used += page_index->page_len;
6429
6430	retval = page_index->select_handler(ctsio, page_index,
6431					    (uint8_t *)page_header);
6432
6433	/*
6434	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6435	 * wait until this queued command completes to finish processing
6436	 * the mode page.  If it returns anything other than
6437	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6438	 * already set the sense information, freed the data pointer, and
6439	 * completed the io for us.
6440	 */
6441	if (retval != CTL_RETVAL_COMPLETE)
6442		goto bailout_no_done;
6443
6444	/*
6445	 * If the initiator sent us more than one page, parse the next one.
6446	 */
6447	if (*len_left > 0)
6448		goto do_next_page;
6449
6450	ctl_set_success(ctsio);
6451	free(ctsio->kern_data_ptr, M_CTL);
6452	ctl_done((union ctl_io *)ctsio);
6453
6454bailout_no_done:
6455
6456	return (CTL_RETVAL_COMPLETE);
6457
6458}
6459
6460int
6461ctl_mode_select(struct ctl_scsiio *ctsio)
6462{
6463	int param_len, pf, sp;
6464	int header_size, bd_len;
6465	int len_left, len_used;
6466	struct ctl_page_index *page_index;
6467	struct ctl_lun *lun;
6468	int control_dev, page_len;
6469	union ctl_modepage_info *modepage_info;
6470	int retval;
6471
6472	pf = 0;
6473	sp = 0;
6474	page_len = 0;
6475	len_used = 0;
6476	len_left = 0;
6477	retval = 0;
6478	bd_len = 0;
6479	page_index = NULL;
6480
6481	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6482
6483	if (lun->be_lun->lun_type != T_DIRECT)
6484		control_dev = 1;
6485	else
6486		control_dev = 0;
6487
6488	switch (ctsio->cdb[0]) {
6489	case MODE_SELECT_6: {
6490		struct scsi_mode_select_6 *cdb;
6491
6492		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6493
6494		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6495		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6496
6497		param_len = cdb->length;
6498		header_size = sizeof(struct scsi_mode_header_6);
6499		break;
6500	}
6501	case MODE_SELECT_10: {
6502		struct scsi_mode_select_10 *cdb;
6503
6504		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6505
6506		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6507		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6508
6509		param_len = scsi_2btoul(cdb->length);
6510		header_size = sizeof(struct scsi_mode_header_10);
6511		break;
6512	}
6513	default:
6514		ctl_set_invalid_opcode(ctsio);
6515		ctl_done((union ctl_io *)ctsio);
6516		return (CTL_RETVAL_COMPLETE);
6517		break; /* NOTREACHED */
6518	}
6519
6520	/*
6521	 * From SPC-3:
6522	 * "A parameter list length of zero indicates that the Data-Out Buffer
6523	 * shall be empty. This condition shall not be considered as an error."
6524	 */
6525	if (param_len == 0) {
6526		ctl_set_success(ctsio);
6527		ctl_done((union ctl_io *)ctsio);
6528		return (CTL_RETVAL_COMPLETE);
6529	}
6530
6531	/*
6532	 * Since we'll hit this the first time through, prior to
6533	 * allocation, we don't need to free a data buffer here.
6534	 */
6535	if (param_len < header_size) {
6536		ctl_set_param_len_error(ctsio);
6537		ctl_done((union ctl_io *)ctsio);
6538		return (CTL_RETVAL_COMPLETE);
6539	}
6540
6541	/*
6542	 * Allocate the data buffer and grab the user's data.  In theory,
6543	 * we shouldn't have to sanity check the parameter list length here
6544	 * because the maximum size is 64K.  We should be able to malloc
6545	 * that much without too many problems.
6546	 */
6547	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6548		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6549		ctsio->kern_data_len = param_len;
6550		ctsio->kern_total_len = param_len;
6551		ctsio->kern_data_resid = 0;
6552		ctsio->kern_rel_offset = 0;
6553		ctsio->kern_sg_entries = 0;
6554		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6555		ctsio->be_move_done = ctl_config_move_done;
6556		ctl_datamove((union ctl_io *)ctsio);
6557
6558		return (CTL_RETVAL_COMPLETE);
6559	}
6560
6561	switch (ctsio->cdb[0]) {
6562	case MODE_SELECT_6: {
6563		struct scsi_mode_header_6 *mh6;
6564
6565		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6566		bd_len = mh6->blk_desc_len;
6567		break;
6568	}
6569	case MODE_SELECT_10: {
6570		struct scsi_mode_header_10 *mh10;
6571
6572		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6573		bd_len = scsi_2btoul(mh10->blk_desc_len);
6574		break;
6575	}
6576	default:
6577		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6578		break;
6579	}
6580
6581	if (param_len < (header_size + bd_len)) {
6582		free(ctsio->kern_data_ptr, M_CTL);
6583		ctl_set_param_len_error(ctsio);
6584		ctl_done((union ctl_io *)ctsio);
6585		return (CTL_RETVAL_COMPLETE);
6586	}
6587
6588	/*
6589	 * Set the IO_CONT flag, so that if this I/O gets passed to
6590	 * ctl_config_write_done(), it'll get passed back to
6591	 * ctl_do_mode_select() for further processing, or completion if
6592	 * we're all done.
6593	 */
6594	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6595	ctsio->io_cont = ctl_do_mode_select;
6596
6597	modepage_info = (union ctl_modepage_info *)
6598		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6599
6600	memset(modepage_info, 0, sizeof(*modepage_info));
6601
6602	len_left = param_len - header_size - bd_len;
6603	len_used = header_size + bd_len;
6604
6605	modepage_info->header.len_left = len_left;
6606	modepage_info->header.len_used = len_used;
6607
6608	return (ctl_do_mode_select((union ctl_io *)ctsio));
6609}
6610
6611int
6612ctl_mode_sense(struct ctl_scsiio *ctsio)
6613{
6614	struct ctl_lun *lun;
6615	int pc, page_code, dbd, llba, subpage;
6616	int alloc_len, page_len, header_len, total_len;
6617	struct scsi_mode_block_descr *block_desc;
6618	struct ctl_page_index *page_index;
6619	int control_dev;
6620
6621	dbd = 0;
6622	llba = 0;
6623	block_desc = NULL;
6624	page_index = NULL;
6625
6626	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6627
6628	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6629
6630	if (lun->be_lun->lun_type != T_DIRECT)
6631		control_dev = 1;
6632	else
6633		control_dev = 0;
6634
6635	if (lun->flags & CTL_LUN_PR_RESERVED) {
6636		uint32_t residx;
6637
6638		/*
6639		 * XXX KDM need a lock here.
6640		 */
6641		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
6642		if ((lun->res_type == SPR_TYPE_EX_AC
6643		  && residx != lun->pr_res_idx)
6644		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
6645		   || lun->res_type == SPR_TYPE_EX_AC_AR)
6646		  && lun->pr_keys[residx] == 0)) {
6647			ctl_set_reservation_conflict(ctsio);
6648			ctl_done((union ctl_io *)ctsio);
6649			return (CTL_RETVAL_COMPLETE);
6650		}
6651	}
6652
6653	switch (ctsio->cdb[0]) {
6654	case MODE_SENSE_6: {
6655		struct scsi_mode_sense_6 *cdb;
6656
6657		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6658
6659		header_len = sizeof(struct scsi_mode_hdr_6);
6660		if (cdb->byte2 & SMS_DBD)
6661			dbd = 1;
6662		else
6663			header_len += sizeof(struct scsi_mode_block_descr);
6664
6665		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6666		page_code = cdb->page & SMS_PAGE_CODE;
6667		subpage = cdb->subpage;
6668		alloc_len = cdb->length;
6669		break;
6670	}
6671	case MODE_SENSE_10: {
6672		struct scsi_mode_sense_10 *cdb;
6673
6674		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6675
6676		header_len = sizeof(struct scsi_mode_hdr_10);
6677
6678		if (cdb->byte2 & SMS_DBD)
6679			dbd = 1;
6680		else
6681			header_len += sizeof(struct scsi_mode_block_descr);
6682		if (cdb->byte2 & SMS10_LLBAA)
6683			llba = 1;
6684		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6685		page_code = cdb->page & SMS_PAGE_CODE;
6686		subpage = cdb->subpage;
6687		alloc_len = scsi_2btoul(cdb->length);
6688		break;
6689	}
6690	default:
6691		ctl_set_invalid_opcode(ctsio);
6692		ctl_done((union ctl_io *)ctsio);
6693		return (CTL_RETVAL_COMPLETE);
6694		break; /* NOTREACHED */
6695	}
6696
6697	/*
6698	 * We have to make a first pass through to calculate the size of
6699	 * the pages that match the user's query.  Then we allocate enough
6700	 * memory to hold it, and actually copy the data into the buffer.
6701	 */
6702	switch (page_code) {
6703	case SMS_ALL_PAGES_PAGE: {
6704		int i;
6705
6706		page_len = 0;
6707
6708		/*
6709		 * At the moment, values other than 0 and 0xff here are
6710		 * reserved according to SPC-3.
6711		 */
6712		if ((subpage != SMS_SUBPAGE_PAGE_0)
6713		 && (subpage != SMS_SUBPAGE_ALL)) {
6714			ctl_set_invalid_field(ctsio,
6715					      /*sks_valid*/ 1,
6716					      /*command*/ 1,
6717					      /*field*/ 3,
6718					      /*bit_valid*/ 0,
6719					      /*bit*/ 0);
6720			ctl_done((union ctl_io *)ctsio);
6721			return (CTL_RETVAL_COMPLETE);
6722		}
6723
6724		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6725			if ((control_dev != 0)
6726			 && (lun->mode_pages.index[i].page_flags &
6727			     CTL_PAGE_FLAG_DISK_ONLY))
6728				continue;
6729
6730			/*
6731			 * We don't use this subpage if the user didn't
6732			 * request all subpages.
6733			 */
6734			if ((lun->mode_pages.index[i].subpage != 0)
6735			 && (subpage == SMS_SUBPAGE_PAGE_0))
6736				continue;
6737
6738#if 0
6739			printf("found page %#x len %d\n",
6740			       lun->mode_pages.index[i].page_code &
6741			       SMPH_PC_MASK,
6742			       lun->mode_pages.index[i].page_len);
6743#endif
6744			page_len += lun->mode_pages.index[i].page_len;
6745		}
6746		break;
6747	}
6748	default: {
6749		int i;
6750
6751		page_len = 0;
6752
6753		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6754			/* Look for the right page code */
6755			if ((lun->mode_pages.index[i].page_code &
6756			     SMPH_PC_MASK) != page_code)
6757				continue;
6758
6759			/* Look for the right subpage or the subpage wildcard*/
6760			if ((lun->mode_pages.index[i].subpage != subpage)
6761			 && (subpage != SMS_SUBPAGE_ALL))
6762				continue;
6763
6764			/* Make sure the page is supported for this dev type */
6765			if ((control_dev != 0)
6766			 && (lun->mode_pages.index[i].page_flags &
6767			     CTL_PAGE_FLAG_DISK_ONLY))
6768				continue;
6769
6770#if 0
6771			printf("found page %#x len %d\n",
6772			       lun->mode_pages.index[i].page_code &
6773			       SMPH_PC_MASK,
6774			       lun->mode_pages.index[i].page_len);
6775#endif
6776
6777			page_len += lun->mode_pages.index[i].page_len;
6778		}
6779
6780		if (page_len == 0) {
6781			ctl_set_invalid_field(ctsio,
6782					      /*sks_valid*/ 1,
6783					      /*command*/ 1,
6784					      /*field*/ 2,
6785					      /*bit_valid*/ 1,
6786					      /*bit*/ 5);
6787			ctl_done((union ctl_io *)ctsio);
6788			return (CTL_RETVAL_COMPLETE);
6789		}
6790		break;
6791	}
6792	}
6793
6794	total_len = header_len + page_len;
6795#if 0
6796	printf("header_len = %d, page_len = %d, total_len = %d\n",
6797	       header_len, page_len, total_len);
6798#endif
6799
6800	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6801	ctsio->kern_sg_entries = 0;
6802	ctsio->kern_data_resid = 0;
6803	ctsio->kern_rel_offset = 0;
6804	if (total_len < alloc_len) {
6805		ctsio->residual = alloc_len - total_len;
6806		ctsio->kern_data_len = total_len;
6807		ctsio->kern_total_len = total_len;
6808	} else {
6809		ctsio->residual = 0;
6810		ctsio->kern_data_len = alloc_len;
6811		ctsio->kern_total_len = alloc_len;
6812	}
6813
6814	switch (ctsio->cdb[0]) {
6815	case MODE_SENSE_6: {
6816		struct scsi_mode_hdr_6 *header;
6817
6818		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6819
6820		header->datalen = ctl_min(total_len - 1, 254);
6821		if (control_dev == 0) {
6822			header->dev_specific = 0x10; /* DPOFUA */
6823			if ((lun->flags & CTL_LUN_READONLY) ||
6824			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6825			    .eca_and_aen & SCP_SWP) != 0)
6826				    header->dev_specific |= 0x80; /* WP */
6827		}
6828		if (dbd)
6829			header->block_descr_len = 0;
6830		else
6831			header->block_descr_len =
6832				sizeof(struct scsi_mode_block_descr);
6833		block_desc = (struct scsi_mode_block_descr *)&header[1];
6834		break;
6835	}
6836	case MODE_SENSE_10: {
6837		struct scsi_mode_hdr_10 *header;
6838		int datalen;
6839
6840		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6841
6842		datalen = ctl_min(total_len - 2, 65533);
6843		scsi_ulto2b(datalen, header->datalen);
6844		if (control_dev == 0) {
6845			header->dev_specific = 0x10; /* DPOFUA */
6846			if ((lun->flags & CTL_LUN_READONLY) ||
6847			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6848			    .eca_and_aen & SCP_SWP) != 0)
6849				    header->dev_specific |= 0x80; /* WP */
6850		}
6851		if (dbd)
6852			scsi_ulto2b(0, header->block_descr_len);
6853		else
6854			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6855				    header->block_descr_len);
6856		block_desc = (struct scsi_mode_block_descr *)&header[1];
6857		break;
6858	}
6859	default:
6860		panic("invalid CDB type %#x", ctsio->cdb[0]);
6861		break; /* NOTREACHED */
6862	}
6863
6864	/*
6865	 * If we've got a disk, use its blocksize in the block
6866	 * descriptor.  Otherwise, just set it to 0.
6867	 */
6868	if (dbd == 0) {
6869		if (control_dev == 0)
6870			scsi_ulto3b(lun->be_lun->blocksize,
6871				    block_desc->block_len);
6872		else
6873			scsi_ulto3b(0, block_desc->block_len);
6874	}
6875
6876	switch (page_code) {
6877	case SMS_ALL_PAGES_PAGE: {
6878		int i, data_used;
6879
6880		data_used = header_len;
6881		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6882			struct ctl_page_index *page_index;
6883
6884			page_index = &lun->mode_pages.index[i];
6885
6886			if ((control_dev != 0)
6887			 && (page_index->page_flags &
6888			    CTL_PAGE_FLAG_DISK_ONLY))
6889				continue;
6890
6891			/*
6892			 * We don't use this subpage if the user didn't
6893			 * request all subpages.  We already checked (above)
6894			 * to make sure the user only specified a subpage
6895			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6896			 */
6897			if ((page_index->subpage != 0)
6898			 && (subpage == SMS_SUBPAGE_PAGE_0))
6899				continue;
6900
6901			/*
6902			 * Call the handler, if it exists, to update the
6903			 * page to the latest values.
6904			 */
6905			if (page_index->sense_handler != NULL)
6906				page_index->sense_handler(ctsio, page_index,pc);
6907
6908			memcpy(ctsio->kern_data_ptr + data_used,
6909			       page_index->page_data +
6910			       (page_index->page_len * pc),
6911			       page_index->page_len);
6912			data_used += page_index->page_len;
6913		}
6914		break;
6915	}
6916	default: {
6917		int i, data_used;
6918
6919		data_used = header_len;
6920
6921		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6922			struct ctl_page_index *page_index;
6923
6924			page_index = &lun->mode_pages.index[i];
6925
6926			/* Look for the right page code */
6927			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6928				continue;
6929
6930			/* Look for the right subpage or the subpage wildcard*/
6931			if ((page_index->subpage != subpage)
6932			 && (subpage != SMS_SUBPAGE_ALL))
6933				continue;
6934
6935			/* Make sure the page is supported for this dev type */
6936			if ((control_dev != 0)
6937			 && (page_index->page_flags &
6938			     CTL_PAGE_FLAG_DISK_ONLY))
6939				continue;
6940
6941			/*
6942			 * Call the handler, if it exists, to update the
6943			 * page to the latest values.
6944			 */
6945			if (page_index->sense_handler != NULL)
6946				page_index->sense_handler(ctsio, page_index,pc);
6947
6948			memcpy(ctsio->kern_data_ptr + data_used,
6949			       page_index->page_data +
6950			       (page_index->page_len * pc),
6951			       page_index->page_len);
6952			data_used += page_index->page_len;
6953		}
6954		break;
6955	}
6956	}
6957
6958	ctsio->scsi_status = SCSI_STATUS_OK;
6959
6960	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6961	ctsio->be_move_done = ctl_config_move_done;
6962	ctl_datamove((union ctl_io *)ctsio);
6963
6964	return (CTL_RETVAL_COMPLETE);
6965}
6966
6967int
6968ctl_log_sense(struct ctl_scsiio *ctsio)
6969{
6970	struct ctl_lun *lun;
6971	int i, pc, page_code, subpage;
6972	int alloc_len, total_len;
6973	struct ctl_page_index *page_index;
6974	struct scsi_log_sense *cdb;
6975	struct scsi_log_header *header;
6976
6977	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6978
6979	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6980	cdb = (struct scsi_log_sense *)ctsio->cdb;
6981	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6982	page_code = cdb->page & SLS_PAGE_CODE;
6983	subpage = cdb->subpage;
6984	alloc_len = scsi_2btoul(cdb->length);
6985
6986	page_index = NULL;
6987	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6988		page_index = &lun->log_pages.index[i];
6989
6990		/* Look for the right page code */
6991		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6992			continue;
6993
6994		/* Look for the right subpage or the subpage wildcard*/
6995		if (page_index->subpage != subpage)
6996			continue;
6997
6998		break;
6999	}
7000	if (i >= CTL_NUM_LOG_PAGES) {
7001		ctl_set_invalid_field(ctsio,
7002				      /*sks_valid*/ 1,
7003				      /*command*/ 1,
7004				      /*field*/ 2,
7005				      /*bit_valid*/ 0,
7006				      /*bit*/ 0);
7007		ctl_done((union ctl_io *)ctsio);
7008		return (CTL_RETVAL_COMPLETE);
7009	}
7010
7011	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7012
7013	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7014	ctsio->kern_sg_entries = 0;
7015	ctsio->kern_data_resid = 0;
7016	ctsio->kern_rel_offset = 0;
7017	if (total_len < alloc_len) {
7018		ctsio->residual = alloc_len - total_len;
7019		ctsio->kern_data_len = total_len;
7020		ctsio->kern_total_len = total_len;
7021	} else {
7022		ctsio->residual = 0;
7023		ctsio->kern_data_len = alloc_len;
7024		ctsio->kern_total_len = alloc_len;
7025	}
7026
7027	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7028	header->page = page_index->page_code;
7029	if (page_index->subpage) {
7030		header->page |= SL_SPF;
7031		header->subpage = page_index->subpage;
7032	}
7033	scsi_ulto2b(page_index->page_len, header->datalen);
7034
7035	/*
7036	 * Call the handler, if it exists, to update the
7037	 * page to the latest values.
7038	 */
7039	if (page_index->sense_handler != NULL)
7040		page_index->sense_handler(ctsio, page_index, pc);
7041
7042	memcpy(header + 1, page_index->page_data, page_index->page_len);
7043
7044	ctsio->scsi_status = SCSI_STATUS_OK;
7045	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7046	ctsio->be_move_done = ctl_config_move_done;
7047	ctl_datamove((union ctl_io *)ctsio);
7048
7049	return (CTL_RETVAL_COMPLETE);
7050}
7051
7052int
7053ctl_read_capacity(struct ctl_scsiio *ctsio)
7054{
7055	struct scsi_read_capacity *cdb;
7056	struct scsi_read_capacity_data *data;
7057	struct ctl_lun *lun;
7058	uint32_t lba;
7059
7060	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7061
7062	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7063
7064	lba = scsi_4btoul(cdb->addr);
7065	if (((cdb->pmi & SRC_PMI) == 0)
7066	 && (lba != 0)) {
7067		ctl_set_invalid_field(/*ctsio*/ ctsio,
7068				      /*sks_valid*/ 1,
7069				      /*command*/ 1,
7070				      /*field*/ 2,
7071				      /*bit_valid*/ 0,
7072				      /*bit*/ 0);
7073		ctl_done((union ctl_io *)ctsio);
7074		return (CTL_RETVAL_COMPLETE);
7075	}
7076
7077	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7078
7079	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7080	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7081	ctsio->residual = 0;
7082	ctsio->kern_data_len = sizeof(*data);
7083	ctsio->kern_total_len = sizeof(*data);
7084	ctsio->kern_data_resid = 0;
7085	ctsio->kern_rel_offset = 0;
7086	ctsio->kern_sg_entries = 0;
7087
7088	/*
7089	 * If the maximum LBA is greater than 0xfffffffe, the user must
7090	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7091	 * serivce action set.
7092	 */
7093	if (lun->be_lun->maxlba > 0xfffffffe)
7094		scsi_ulto4b(0xffffffff, data->addr);
7095	else
7096		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7097
7098	/*
7099	 * XXX KDM this may not be 512 bytes...
7100	 */
7101	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7102
7103	ctsio->scsi_status = SCSI_STATUS_OK;
7104
7105	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7106	ctsio->be_move_done = ctl_config_move_done;
7107	ctl_datamove((union ctl_io *)ctsio);
7108
7109	return (CTL_RETVAL_COMPLETE);
7110}
7111
7112int
7113ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7114{
7115	struct scsi_read_capacity_16 *cdb;
7116	struct scsi_read_capacity_data_long *data;
7117	struct ctl_lun *lun;
7118	uint64_t lba;
7119	uint32_t alloc_len;
7120
7121	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7122
7123	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7124
7125	alloc_len = scsi_4btoul(cdb->alloc_len);
7126	lba = scsi_8btou64(cdb->addr);
7127
7128	if ((cdb->reladr & SRC16_PMI)
7129	 && (lba != 0)) {
7130		ctl_set_invalid_field(/*ctsio*/ ctsio,
7131				      /*sks_valid*/ 1,
7132				      /*command*/ 1,
7133				      /*field*/ 2,
7134				      /*bit_valid*/ 0,
7135				      /*bit*/ 0);
7136		ctl_done((union ctl_io *)ctsio);
7137		return (CTL_RETVAL_COMPLETE);
7138	}
7139
7140	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7141
7142	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7143	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7144
7145	if (sizeof(*data) < alloc_len) {
7146		ctsio->residual = alloc_len - sizeof(*data);
7147		ctsio->kern_data_len = sizeof(*data);
7148		ctsio->kern_total_len = sizeof(*data);
7149	} else {
7150		ctsio->residual = 0;
7151		ctsio->kern_data_len = alloc_len;
7152		ctsio->kern_total_len = alloc_len;
7153	}
7154	ctsio->kern_data_resid = 0;
7155	ctsio->kern_rel_offset = 0;
7156	ctsio->kern_sg_entries = 0;
7157
7158	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7159	/* XXX KDM this may not be 512 bytes... */
7160	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7161	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7162	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7163	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7164		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7165
7166	ctsio->scsi_status = SCSI_STATUS_OK;
7167
7168	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7169	ctsio->be_move_done = ctl_config_move_done;
7170	ctl_datamove((union ctl_io *)ctsio);
7171
7172	return (CTL_RETVAL_COMPLETE);
7173}
7174
7175int
7176ctl_read_defect(struct ctl_scsiio *ctsio)
7177{
7178	struct scsi_read_defect_data_10 *ccb10;
7179	struct scsi_read_defect_data_12 *ccb12;
7180	struct scsi_read_defect_data_hdr_10 *data10;
7181	struct scsi_read_defect_data_hdr_12 *data12;
7182	struct ctl_lun *lun;
7183	uint32_t alloc_len, data_len;
7184	uint8_t format;
7185
7186	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7187
7188	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7189	if (lun->flags & CTL_LUN_PR_RESERVED) {
7190		uint32_t residx;
7191
7192		/*
7193		 * XXX KDM need a lock here.
7194		 */
7195		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
7196		if ((lun->res_type == SPR_TYPE_EX_AC
7197		  && residx != lun->pr_res_idx)
7198		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
7199		   || lun->res_type == SPR_TYPE_EX_AC_AR)
7200		  && lun->pr_keys[residx] == 0)) {
7201			ctl_set_reservation_conflict(ctsio);
7202			ctl_done((union ctl_io *)ctsio);
7203			return (CTL_RETVAL_COMPLETE);
7204	        }
7205	}
7206
7207	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7208		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7209		format = ccb10->format;
7210		alloc_len = scsi_2btoul(ccb10->alloc_length);
7211		data_len = sizeof(*data10);
7212	} else {
7213		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7214		format = ccb12->format;
7215		alloc_len = scsi_4btoul(ccb12->alloc_length);
7216		data_len = sizeof(*data12);
7217	}
7218	if (alloc_len == 0) {
7219		ctl_set_success(ctsio);
7220		ctl_done((union ctl_io *)ctsio);
7221		return (CTL_RETVAL_COMPLETE);
7222	}
7223
7224	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7225	if (data_len < alloc_len) {
7226		ctsio->residual = alloc_len - data_len;
7227		ctsio->kern_data_len = data_len;
7228		ctsio->kern_total_len = data_len;
7229	} else {
7230		ctsio->residual = 0;
7231		ctsio->kern_data_len = alloc_len;
7232		ctsio->kern_total_len = alloc_len;
7233	}
7234	ctsio->kern_data_resid = 0;
7235	ctsio->kern_rel_offset = 0;
7236	ctsio->kern_sg_entries = 0;
7237
7238	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7239		data10 = (struct scsi_read_defect_data_hdr_10 *)
7240		    ctsio->kern_data_ptr;
7241		data10->format = format;
7242		scsi_ulto2b(0, data10->length);
7243	} else {
7244		data12 = (struct scsi_read_defect_data_hdr_12 *)
7245		    ctsio->kern_data_ptr;
7246		data12->format = format;
7247		scsi_ulto2b(0, data12->generation);
7248		scsi_ulto4b(0, data12->length);
7249	}
7250
7251	ctsio->scsi_status = SCSI_STATUS_OK;
7252	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7253	ctsio->be_move_done = ctl_config_move_done;
7254	ctl_datamove((union ctl_io *)ctsio);
7255	return (CTL_RETVAL_COMPLETE);
7256}
7257
7258int
7259ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7260{
7261	struct scsi_maintenance_in *cdb;
7262	int retval;
7263	int alloc_len, ext, total_len = 0, g, p, pc, pg;
7264	int num_target_port_groups, num_target_ports, single;
7265	struct ctl_lun *lun;
7266	struct ctl_softc *softc;
7267	struct ctl_port *port;
7268	struct scsi_target_group_data *rtg_ptr;
7269	struct scsi_target_group_data_extended *rtg_ext_ptr;
7270	struct scsi_target_port_group_descriptor *tpg_desc;
7271
7272	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7273
7274	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7275	softc = control_softc;
7276	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7277
7278	retval = CTL_RETVAL_COMPLETE;
7279
7280	switch (cdb->byte2 & STG_PDF_MASK) {
7281	case STG_PDF_LENGTH:
7282		ext = 0;
7283		break;
7284	case STG_PDF_EXTENDED:
7285		ext = 1;
7286		break;
7287	default:
7288		ctl_set_invalid_field(/*ctsio*/ ctsio,
7289				      /*sks_valid*/ 1,
7290				      /*command*/ 1,
7291				      /*field*/ 2,
7292				      /*bit_valid*/ 1,
7293				      /*bit*/ 5);
7294		ctl_done((union ctl_io *)ctsio);
7295		return(retval);
7296	}
7297
7298	single = ctl_is_single;
7299	if (single)
7300		num_target_port_groups = 1;
7301	else
7302		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7303	num_target_ports = 0;
7304	mtx_lock(&softc->ctl_lock);
7305	STAILQ_FOREACH(port, &softc->port_list, links) {
7306		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7307			continue;
7308		if (ctl_map_lun_back(port->targ_port, lun->lun) >= CTL_MAX_LUNS)
7309			continue;
7310		num_target_ports++;
7311	}
7312	mtx_unlock(&softc->ctl_lock);
7313
7314	if (ext)
7315		total_len = sizeof(struct scsi_target_group_data_extended);
7316	else
7317		total_len = sizeof(struct scsi_target_group_data);
7318	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7319		num_target_port_groups +
7320	    sizeof(struct scsi_target_port_descriptor) *
7321		num_target_ports * num_target_port_groups;
7322
7323	alloc_len = scsi_4btoul(cdb->length);
7324
7325	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7326
7327	ctsio->kern_sg_entries = 0;
7328
7329	if (total_len < alloc_len) {
7330		ctsio->residual = alloc_len - total_len;
7331		ctsio->kern_data_len = total_len;
7332		ctsio->kern_total_len = total_len;
7333	} else {
7334		ctsio->residual = 0;
7335		ctsio->kern_data_len = alloc_len;
7336		ctsio->kern_total_len = alloc_len;
7337	}
7338	ctsio->kern_data_resid = 0;
7339	ctsio->kern_rel_offset = 0;
7340
7341	if (ext) {
7342		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7343		    ctsio->kern_data_ptr;
7344		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7345		rtg_ext_ptr->format_type = 0x10;
7346		rtg_ext_ptr->implicit_transition_time = 0;
7347		tpg_desc = &rtg_ext_ptr->groups[0];
7348	} else {
7349		rtg_ptr = (struct scsi_target_group_data *)
7350		    ctsio->kern_data_ptr;
7351		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7352		tpg_desc = &rtg_ptr->groups[0];
7353	}
7354
7355	pg = ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS;
7356	mtx_lock(&softc->ctl_lock);
7357	for (g = 0; g < num_target_port_groups; g++) {
7358		if (g == pg)
7359			tpg_desc->pref_state = TPG_PRIMARY |
7360			    TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7361		else
7362			tpg_desc->pref_state =
7363			    TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7364		tpg_desc->support = TPG_AO_SUP;
7365		if (!single)
7366			tpg_desc->support |= TPG_AN_SUP;
7367		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7368		tpg_desc->status = TPG_IMPLICIT;
7369		pc = 0;
7370		STAILQ_FOREACH(port, &softc->port_list, links) {
7371			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7372				continue;
7373			if (ctl_map_lun_back(port->targ_port, lun->lun) >=
7374			    CTL_MAX_LUNS)
7375				continue;
7376			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
7377			scsi_ulto2b(p, tpg_desc->descriptors[pc].
7378			    relative_target_port_identifier);
7379			pc++;
7380		}
7381		tpg_desc->target_port_count = pc;
7382		tpg_desc = (struct scsi_target_port_group_descriptor *)
7383		    &tpg_desc->descriptors[pc];
7384	}
7385	mtx_unlock(&softc->ctl_lock);
7386
7387	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7388	ctsio->be_move_done = ctl_config_move_done;
7389
7390	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7391			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7392			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7393			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7394			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7395
7396	ctl_datamove((union ctl_io *)ctsio);
7397	return(retval);
7398}
7399
7400int
7401ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7402{
7403	struct ctl_lun *lun;
7404	struct scsi_report_supported_opcodes *cdb;
7405	const struct ctl_cmd_entry *entry, *sentry;
7406	struct scsi_report_supported_opcodes_all *all;
7407	struct scsi_report_supported_opcodes_descr *descr;
7408	struct scsi_report_supported_opcodes_one *one;
7409	int retval;
7410	int alloc_len, total_len;
7411	int opcode, service_action, i, j, num;
7412
7413	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7414
7415	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7416	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7417
7418	retval = CTL_RETVAL_COMPLETE;
7419
7420	opcode = cdb->requested_opcode;
7421	service_action = scsi_2btoul(cdb->requested_service_action);
7422	switch (cdb->options & RSO_OPTIONS_MASK) {
7423	case RSO_OPTIONS_ALL:
7424		num = 0;
7425		for (i = 0; i < 256; i++) {
7426			entry = &ctl_cmd_table[i];
7427			if (entry->flags & CTL_CMD_FLAG_SA5) {
7428				for (j = 0; j < 32; j++) {
7429					sentry = &((const struct ctl_cmd_entry *)
7430					    entry->execute)[j];
7431					if (ctl_cmd_applicable(
7432					    lun->be_lun->lun_type, sentry))
7433						num++;
7434				}
7435			} else {
7436				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7437				    entry))
7438					num++;
7439			}
7440		}
7441		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7442		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7443		break;
7444	case RSO_OPTIONS_OC:
7445		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7446			ctl_set_invalid_field(/*ctsio*/ ctsio,
7447					      /*sks_valid*/ 1,
7448					      /*command*/ 1,
7449					      /*field*/ 2,
7450					      /*bit_valid*/ 1,
7451					      /*bit*/ 2);
7452			ctl_done((union ctl_io *)ctsio);
7453			return (CTL_RETVAL_COMPLETE);
7454		}
7455		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7456		break;
7457	case RSO_OPTIONS_OC_SA:
7458		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7459		    service_action >= 32) {
7460			ctl_set_invalid_field(/*ctsio*/ ctsio,
7461					      /*sks_valid*/ 1,
7462					      /*command*/ 1,
7463					      /*field*/ 2,
7464					      /*bit_valid*/ 1,
7465					      /*bit*/ 2);
7466			ctl_done((union ctl_io *)ctsio);
7467			return (CTL_RETVAL_COMPLETE);
7468		}
7469		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7470		break;
7471	default:
7472		ctl_set_invalid_field(/*ctsio*/ ctsio,
7473				      /*sks_valid*/ 1,
7474				      /*command*/ 1,
7475				      /*field*/ 2,
7476				      /*bit_valid*/ 1,
7477				      /*bit*/ 2);
7478		ctl_done((union ctl_io *)ctsio);
7479		return (CTL_RETVAL_COMPLETE);
7480	}
7481
7482	alloc_len = scsi_4btoul(cdb->length);
7483
7484	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7485
7486	ctsio->kern_sg_entries = 0;
7487
7488	if (total_len < alloc_len) {
7489		ctsio->residual = alloc_len - total_len;
7490		ctsio->kern_data_len = total_len;
7491		ctsio->kern_total_len = total_len;
7492	} else {
7493		ctsio->residual = 0;
7494		ctsio->kern_data_len = alloc_len;
7495		ctsio->kern_total_len = alloc_len;
7496	}
7497	ctsio->kern_data_resid = 0;
7498	ctsio->kern_rel_offset = 0;
7499
7500	switch (cdb->options & RSO_OPTIONS_MASK) {
7501	case RSO_OPTIONS_ALL:
7502		all = (struct scsi_report_supported_opcodes_all *)
7503		    ctsio->kern_data_ptr;
7504		num = 0;
7505		for (i = 0; i < 256; i++) {
7506			entry = &ctl_cmd_table[i];
7507			if (entry->flags & CTL_CMD_FLAG_SA5) {
7508				for (j = 0; j < 32; j++) {
7509					sentry = &((const struct ctl_cmd_entry *)
7510					    entry->execute)[j];
7511					if (!ctl_cmd_applicable(
7512					    lun->be_lun->lun_type, sentry))
7513						continue;
7514					descr = &all->descr[num++];
7515					descr->opcode = i;
7516					scsi_ulto2b(j, descr->service_action);
7517					descr->flags = RSO_SERVACTV;
7518					scsi_ulto2b(sentry->length,
7519					    descr->cdb_length);
7520				}
7521			} else {
7522				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7523				    entry))
7524					continue;
7525				descr = &all->descr[num++];
7526				descr->opcode = i;
7527				scsi_ulto2b(0, descr->service_action);
7528				descr->flags = 0;
7529				scsi_ulto2b(entry->length, descr->cdb_length);
7530			}
7531		}
7532		scsi_ulto4b(
7533		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7534		    all->length);
7535		break;
7536	case RSO_OPTIONS_OC:
7537		one = (struct scsi_report_supported_opcodes_one *)
7538		    ctsio->kern_data_ptr;
7539		entry = &ctl_cmd_table[opcode];
7540		goto fill_one;
7541	case RSO_OPTIONS_OC_SA:
7542		one = (struct scsi_report_supported_opcodes_one *)
7543		    ctsio->kern_data_ptr;
7544		entry = &ctl_cmd_table[opcode];
7545		entry = &((const struct ctl_cmd_entry *)
7546		    entry->execute)[service_action];
7547fill_one:
7548		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7549			one->support = 3;
7550			scsi_ulto2b(entry->length, one->cdb_length);
7551			one->cdb_usage[0] = opcode;
7552			memcpy(&one->cdb_usage[1], entry->usage,
7553			    entry->length - 1);
7554		} else
7555			one->support = 1;
7556		break;
7557	}
7558
7559	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7560	ctsio->be_move_done = ctl_config_move_done;
7561
7562	ctl_datamove((union ctl_io *)ctsio);
7563	return(retval);
7564}
7565
7566int
7567ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7568{
7569	struct ctl_lun *lun;
7570	struct scsi_report_supported_tmf *cdb;
7571	struct scsi_report_supported_tmf_data *data;
7572	int retval;
7573	int alloc_len, total_len;
7574
7575	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7576
7577	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7578	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7579
7580	retval = CTL_RETVAL_COMPLETE;
7581
7582	total_len = sizeof(struct scsi_report_supported_tmf_data);
7583	alloc_len = scsi_4btoul(cdb->length);
7584
7585	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7586
7587	ctsio->kern_sg_entries = 0;
7588
7589	if (total_len < alloc_len) {
7590		ctsio->residual = alloc_len - total_len;
7591		ctsio->kern_data_len = total_len;
7592		ctsio->kern_total_len = total_len;
7593	} else {
7594		ctsio->residual = 0;
7595		ctsio->kern_data_len = alloc_len;
7596		ctsio->kern_total_len = alloc_len;
7597	}
7598	ctsio->kern_data_resid = 0;
7599	ctsio->kern_rel_offset = 0;
7600
7601	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7602	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7603	data->byte2 |= RST_ITNRS;
7604
7605	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7606	ctsio->be_move_done = ctl_config_move_done;
7607
7608	ctl_datamove((union ctl_io *)ctsio);
7609	return (retval);
7610}
7611
7612int
7613ctl_report_timestamp(struct ctl_scsiio *ctsio)
7614{
7615	struct ctl_lun *lun;
7616	struct scsi_report_timestamp *cdb;
7617	struct scsi_report_timestamp_data *data;
7618	struct timeval tv;
7619	int64_t timestamp;
7620	int retval;
7621	int alloc_len, total_len;
7622
7623	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7624
7625	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7626	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7627
7628	retval = CTL_RETVAL_COMPLETE;
7629
7630	total_len = sizeof(struct scsi_report_timestamp_data);
7631	alloc_len = scsi_4btoul(cdb->length);
7632
7633	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7634
7635	ctsio->kern_sg_entries = 0;
7636
7637	if (total_len < alloc_len) {
7638		ctsio->residual = alloc_len - total_len;
7639		ctsio->kern_data_len = total_len;
7640		ctsio->kern_total_len = total_len;
7641	} else {
7642		ctsio->residual = 0;
7643		ctsio->kern_data_len = alloc_len;
7644		ctsio->kern_total_len = alloc_len;
7645	}
7646	ctsio->kern_data_resid = 0;
7647	ctsio->kern_rel_offset = 0;
7648
7649	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7650	scsi_ulto2b(sizeof(*data) - 2, data->length);
7651	data->origin = RTS_ORIG_OUTSIDE;
7652	getmicrotime(&tv);
7653	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7654	scsi_ulto4b(timestamp >> 16, data->timestamp);
7655	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7656
7657	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7658	ctsio->be_move_done = ctl_config_move_done;
7659
7660	ctl_datamove((union ctl_io *)ctsio);
7661	return (retval);
7662}
7663
7664int
7665ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7666{
7667	struct scsi_per_res_in *cdb;
7668	int alloc_len, total_len = 0;
7669	/* struct scsi_per_res_in_rsrv in_data; */
7670	struct ctl_lun *lun;
7671	struct ctl_softc *softc;
7672
7673	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7674
7675	softc = control_softc;
7676
7677	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7678
7679	alloc_len = scsi_2btoul(cdb->length);
7680
7681	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7682
7683retry:
7684	mtx_lock(&lun->lun_lock);
7685	switch (cdb->action) {
7686	case SPRI_RK: /* read keys */
7687		total_len = sizeof(struct scsi_per_res_in_keys) +
7688			lun->pr_key_count *
7689			sizeof(struct scsi_per_res_key);
7690		break;
7691	case SPRI_RR: /* read reservation */
7692		if (lun->flags & CTL_LUN_PR_RESERVED)
7693			total_len = sizeof(struct scsi_per_res_in_rsrv);
7694		else
7695			total_len = sizeof(struct scsi_per_res_in_header);
7696		break;
7697	case SPRI_RC: /* report capabilities */
7698		total_len = sizeof(struct scsi_per_res_cap);
7699		break;
7700	case SPRI_RS: /* read full status */
7701		total_len = sizeof(struct scsi_per_res_in_header) +
7702		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7703		    lun->pr_key_count;
7704		break;
7705	default:
7706		panic("Invalid PR type %x", cdb->action);
7707	}
7708	mtx_unlock(&lun->lun_lock);
7709
7710	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7711
7712	if (total_len < alloc_len) {
7713		ctsio->residual = alloc_len - total_len;
7714		ctsio->kern_data_len = total_len;
7715		ctsio->kern_total_len = total_len;
7716	} else {
7717		ctsio->residual = 0;
7718		ctsio->kern_data_len = alloc_len;
7719		ctsio->kern_total_len = alloc_len;
7720	}
7721
7722	ctsio->kern_data_resid = 0;
7723	ctsio->kern_rel_offset = 0;
7724	ctsio->kern_sg_entries = 0;
7725
7726	mtx_lock(&lun->lun_lock);
7727	switch (cdb->action) {
7728	case SPRI_RK: { // read keys
7729        struct scsi_per_res_in_keys *res_keys;
7730		int i, key_count;
7731
7732		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7733
7734		/*
7735		 * We had to drop the lock to allocate our buffer, which
7736		 * leaves time for someone to come in with another
7737		 * persistent reservation.  (That is unlikely, though,
7738		 * since this should be the only persistent reservation
7739		 * command active right now.)
7740		 */
7741		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7742		    (lun->pr_key_count *
7743		     sizeof(struct scsi_per_res_key)))){
7744			mtx_unlock(&lun->lun_lock);
7745			free(ctsio->kern_data_ptr, M_CTL);
7746			printf("%s: reservation length changed, retrying\n",
7747			       __func__);
7748			goto retry;
7749		}
7750
7751		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7752
7753		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7754			     lun->pr_key_count, res_keys->header.length);
7755
7756		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7757			if (lun->pr_keys[i] == 0)
7758				continue;
7759
7760			/*
7761			 * We used lun->pr_key_count to calculate the
7762			 * size to allocate.  If it turns out the number of
7763			 * initiators with the registered flag set is
7764			 * larger than that (i.e. they haven't been kept in
7765			 * sync), we've got a problem.
7766			 */
7767			if (key_count >= lun->pr_key_count) {
7768#ifdef NEEDTOPORT
7769				csevent_log(CSC_CTL | CSC_SHELF_SW |
7770					    CTL_PR_ERROR,
7771					    csevent_LogType_Fault,
7772					    csevent_AlertLevel_Yellow,
7773					    csevent_FRU_ShelfController,
7774					    csevent_FRU_Firmware,
7775				        csevent_FRU_Unknown,
7776					    "registered keys %d >= key "
7777					    "count %d", key_count,
7778					    lun->pr_key_count);
7779#endif
7780				key_count++;
7781				continue;
7782			}
7783			scsi_u64to8b(lun->pr_keys[i],
7784			    res_keys->keys[key_count].key);
7785			key_count++;
7786		}
7787		break;
7788	}
7789	case SPRI_RR: { // read reservation
7790		struct scsi_per_res_in_rsrv *res;
7791		int tmp_len, header_only;
7792
7793		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7794
7795		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7796
7797		if (lun->flags & CTL_LUN_PR_RESERVED)
7798		{
7799			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7800			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7801				    res->header.length);
7802			header_only = 0;
7803		} else {
7804			tmp_len = sizeof(struct scsi_per_res_in_header);
7805			scsi_ulto4b(0, res->header.length);
7806			header_only = 1;
7807		}
7808
7809		/*
7810		 * We had to drop the lock to allocate our buffer, which
7811		 * leaves time for someone to come in with another
7812		 * persistent reservation.  (That is unlikely, though,
7813		 * since this should be the only persistent reservation
7814		 * command active right now.)
7815		 */
7816		if (tmp_len != total_len) {
7817			mtx_unlock(&lun->lun_lock);
7818			free(ctsio->kern_data_ptr, M_CTL);
7819			printf("%s: reservation status changed, retrying\n",
7820			       __func__);
7821			goto retry;
7822		}
7823
7824		/*
7825		 * No reservation held, so we're done.
7826		 */
7827		if (header_only != 0)
7828			break;
7829
7830		/*
7831		 * If the registration is an All Registrants type, the key
7832		 * is 0, since it doesn't really matter.
7833		 */
7834		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7835			scsi_u64to8b(lun->pr_keys[lun->pr_res_idx],
7836			    res->data.reservation);
7837		}
7838		res->data.scopetype = lun->res_type;
7839		break;
7840	}
7841	case SPRI_RC:     //report capabilities
7842	{
7843		struct scsi_per_res_cap *res_cap;
7844		uint16_t type_mask;
7845
7846		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7847		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7848		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7849		type_mask = SPRI_TM_WR_EX_AR |
7850			    SPRI_TM_EX_AC_RO |
7851			    SPRI_TM_WR_EX_RO |
7852			    SPRI_TM_EX_AC |
7853			    SPRI_TM_WR_EX |
7854			    SPRI_TM_EX_AC_AR;
7855		scsi_ulto2b(type_mask, res_cap->type_mask);
7856		break;
7857	}
7858	case SPRI_RS: { // read full status
7859		struct scsi_per_res_in_full *res_status;
7860		struct scsi_per_res_in_full_desc *res_desc;
7861		struct ctl_port *port;
7862		int i, len;
7863
7864		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7865
7866		/*
7867		 * We had to drop the lock to allocate our buffer, which
7868		 * leaves time for someone to come in with another
7869		 * persistent reservation.  (That is unlikely, though,
7870		 * since this should be the only persistent reservation
7871		 * command active right now.)
7872		 */
7873		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7874		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7875		     lun->pr_key_count)){
7876			mtx_unlock(&lun->lun_lock);
7877			free(ctsio->kern_data_ptr, M_CTL);
7878			printf("%s: reservation length changed, retrying\n",
7879			       __func__);
7880			goto retry;
7881		}
7882
7883		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7884
7885		res_desc = &res_status->desc[0];
7886		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7887			if (lun->pr_keys[i] == 0)
7888				continue;
7889
7890			scsi_u64to8b(lun->pr_keys[i], res_desc->res_key.key);
7891			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7892			    (lun->pr_res_idx == i ||
7893			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7894				res_desc->flags = SPRI_FULL_R_HOLDER;
7895				res_desc->scopetype = lun->res_type;
7896			}
7897			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7898			    res_desc->rel_trgt_port_id);
7899			len = 0;
7900			port = softc->ctl_ports[
7901			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
7902			if (port != NULL)
7903				len = ctl_create_iid(port,
7904				    i % CTL_MAX_INIT_PER_PORT,
7905				    res_desc->transport_id);
7906			scsi_ulto4b(len, res_desc->additional_length);
7907			res_desc = (struct scsi_per_res_in_full_desc *)
7908			    &res_desc->transport_id[len];
7909		}
7910		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7911		    res_status->header.length);
7912		break;
7913	}
7914	default:
7915		/*
7916		 * This is a bug, because we just checked for this above,
7917		 * and should have returned an error.
7918		 */
7919		panic("Invalid PR type %x", cdb->action);
7920		break; /* NOTREACHED */
7921	}
7922	mtx_unlock(&lun->lun_lock);
7923
7924	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7925	ctsio->be_move_done = ctl_config_move_done;
7926
7927	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7928			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7929			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7930			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7931			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7932
7933	ctl_datamove((union ctl_io *)ctsio);
7934
7935	return (CTL_RETVAL_COMPLETE);
7936}
7937
7938/*
7939 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7940 * it should return.
7941 */
7942static int
7943ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7944		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7945		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7946		struct scsi_per_res_out_parms* param)
7947{
7948	union ctl_ha_msg persis_io;
7949	int retval, i;
7950	int isc_retval;
7951
7952	retval = 0;
7953
7954	mtx_lock(&lun->lun_lock);
7955	if (sa_res_key == 0) {
7956		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7957			/* validate scope and type */
7958			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7959			     SPR_LU_SCOPE) {
7960				mtx_unlock(&lun->lun_lock);
7961				ctl_set_invalid_field(/*ctsio*/ ctsio,
7962						      /*sks_valid*/ 1,
7963						      /*command*/ 1,
7964						      /*field*/ 2,
7965						      /*bit_valid*/ 1,
7966						      /*bit*/ 4);
7967				ctl_done((union ctl_io *)ctsio);
7968				return (1);
7969			}
7970
7971		        if (type>8 || type==2 || type==4 || type==0) {
7972				mtx_unlock(&lun->lun_lock);
7973				ctl_set_invalid_field(/*ctsio*/ ctsio,
7974       	           				      /*sks_valid*/ 1,
7975						      /*command*/ 1,
7976						      /*field*/ 2,
7977						      /*bit_valid*/ 1,
7978						      /*bit*/ 0);
7979				ctl_done((union ctl_io *)ctsio);
7980				return (1);
7981		        }
7982
7983			/*
7984			 * Unregister everybody else and build UA for
7985			 * them
7986			 */
7987			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7988				if (i == residx || lun->pr_keys[i] == 0)
7989					continue;
7990
7991				if (!persis_offset
7992				 && i <CTL_MAX_INITIATORS)
7993					lun->pending_ua[i] |=
7994						CTL_UA_REG_PREEMPT;
7995				else if (persis_offset
7996				      && i >= persis_offset)
7997					lun->pending_ua[i-persis_offset] |=
7998						CTL_UA_REG_PREEMPT;
7999				lun->pr_keys[i] = 0;
8000			}
8001			lun->pr_key_count = 1;
8002			lun->res_type = type;
8003			if (lun->res_type != SPR_TYPE_WR_EX_AR
8004			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8005				lun->pr_res_idx = residx;
8006
8007			/* send msg to other side */
8008			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8009			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8010			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8011			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8012			persis_io.pr.pr_info.res_type = type;
8013			memcpy(persis_io.pr.pr_info.sa_res_key,
8014			       param->serv_act_res_key,
8015			       sizeof(param->serv_act_res_key));
8016			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8017			     &persis_io, sizeof(persis_io), 0)) >
8018			     CTL_HA_STATUS_SUCCESS) {
8019				printf("CTL:Persis Out error returned "
8020				       "from ctl_ha_msg_send %d\n",
8021				       isc_retval);
8022			}
8023		} else {
8024			/* not all registrants */
8025			mtx_unlock(&lun->lun_lock);
8026			free(ctsio->kern_data_ptr, M_CTL);
8027			ctl_set_invalid_field(ctsio,
8028					      /*sks_valid*/ 1,
8029					      /*command*/ 0,
8030					      /*field*/ 8,
8031					      /*bit_valid*/ 0,
8032					      /*bit*/ 0);
8033			ctl_done((union ctl_io *)ctsio);
8034			return (1);
8035		}
8036	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8037		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8038		int found = 0;
8039
8040		if (res_key == sa_res_key) {
8041			/* special case */
8042			/*
8043			 * The spec implies this is not good but doesn't
8044			 * say what to do. There are two choices either
8045			 * generate a res conflict or check condition
8046			 * with illegal field in parameter data. Since
8047			 * that is what is done when the sa_res_key is
8048			 * zero I'll take that approach since this has
8049			 * to do with the sa_res_key.
8050			 */
8051			mtx_unlock(&lun->lun_lock);
8052			free(ctsio->kern_data_ptr, M_CTL);
8053			ctl_set_invalid_field(ctsio,
8054					      /*sks_valid*/ 1,
8055					      /*command*/ 0,
8056					      /*field*/ 8,
8057					      /*bit_valid*/ 0,
8058					      /*bit*/ 0);
8059			ctl_done((union ctl_io *)ctsio);
8060			return (1);
8061		}
8062
8063		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8064			if (lun->pr_keys[i] != sa_res_key)
8065				continue;
8066
8067			found = 1;
8068			lun->pr_keys[i] = 0;
8069			lun->pr_key_count--;
8070
8071			if (!persis_offset && i < CTL_MAX_INITIATORS)
8072				lun->pending_ua[i] |= CTL_UA_REG_PREEMPT;
8073			else if (persis_offset && i >= persis_offset)
8074				lun->pending_ua[i-persis_offset] |=
8075					CTL_UA_REG_PREEMPT;
8076		}
8077		if (!found) {
8078			mtx_unlock(&lun->lun_lock);
8079			free(ctsio->kern_data_ptr, M_CTL);
8080			ctl_set_reservation_conflict(ctsio);
8081			ctl_done((union ctl_io *)ctsio);
8082			return (CTL_RETVAL_COMPLETE);
8083		}
8084		/* send msg to other side */
8085		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8086		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8087		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8088		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8089		persis_io.pr.pr_info.res_type = type;
8090		memcpy(persis_io.pr.pr_info.sa_res_key,
8091		       param->serv_act_res_key,
8092		       sizeof(param->serv_act_res_key));
8093		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8094		     &persis_io, sizeof(persis_io), 0)) >
8095		     CTL_HA_STATUS_SUCCESS) {
8096			printf("CTL:Persis Out error returned from "
8097			       "ctl_ha_msg_send %d\n", isc_retval);
8098		}
8099	} else {
8100		/* Reserved but not all registrants */
8101		/* sa_res_key is res holder */
8102		if (sa_res_key == lun->pr_keys[lun->pr_res_idx]) {
8103			/* validate scope and type */
8104			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8105			     SPR_LU_SCOPE) {
8106				mtx_unlock(&lun->lun_lock);
8107				ctl_set_invalid_field(/*ctsio*/ ctsio,
8108						      /*sks_valid*/ 1,
8109						      /*command*/ 1,
8110						      /*field*/ 2,
8111						      /*bit_valid*/ 1,
8112						      /*bit*/ 4);
8113				ctl_done((union ctl_io *)ctsio);
8114				return (1);
8115			}
8116
8117			if (type>8 || type==2 || type==4 || type==0) {
8118				mtx_unlock(&lun->lun_lock);
8119				ctl_set_invalid_field(/*ctsio*/ ctsio,
8120						      /*sks_valid*/ 1,
8121						      /*command*/ 1,
8122						      /*field*/ 2,
8123						      /*bit_valid*/ 1,
8124						      /*bit*/ 0);
8125				ctl_done((union ctl_io *)ctsio);
8126				return (1);
8127			}
8128
8129			/*
8130			 * Do the following:
8131			 * if sa_res_key != res_key remove all
8132			 * registrants w/sa_res_key and generate UA
8133			 * for these registrants(Registrations
8134			 * Preempted) if it wasn't an exclusive
8135			 * reservation generate UA(Reservations
8136			 * Preempted) for all other registered nexuses
8137			 * if the type has changed. Establish the new
8138			 * reservation and holder. If res_key and
8139			 * sa_res_key are the same do the above
8140			 * except don't unregister the res holder.
8141			 */
8142
8143			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8144				if (i == residx || lun->pr_keys[i] == 0)
8145					continue;
8146
8147				if (sa_res_key == lun->pr_keys[i]) {
8148					lun->pr_keys[i] = 0;
8149					lun->pr_key_count--;
8150
8151					if (!persis_offset
8152					 && i < CTL_MAX_INITIATORS)
8153						lun->pending_ua[i] |=
8154							CTL_UA_REG_PREEMPT;
8155					else if (persis_offset
8156					      && i >= persis_offset)
8157						lun->pending_ua[i-persis_offset] |=
8158						  CTL_UA_REG_PREEMPT;
8159				} else if (type != lun->res_type
8160					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8161					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8162						if (!persis_offset
8163						 && i < CTL_MAX_INITIATORS)
8164							lun->pending_ua[i] |=
8165							CTL_UA_RES_RELEASE;
8166						else if (persis_offset
8167						      && i >= persis_offset)
8168							lun->pending_ua[
8169							i-persis_offset] |=
8170							CTL_UA_RES_RELEASE;
8171				}
8172			}
8173			lun->res_type = type;
8174			if (lun->res_type != SPR_TYPE_WR_EX_AR
8175			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8176				lun->pr_res_idx = residx;
8177			else
8178				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8179
8180			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8181			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8182			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8183			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8184			persis_io.pr.pr_info.res_type = type;
8185			memcpy(persis_io.pr.pr_info.sa_res_key,
8186			       param->serv_act_res_key,
8187			       sizeof(param->serv_act_res_key));
8188			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8189			     &persis_io, sizeof(persis_io), 0)) >
8190			     CTL_HA_STATUS_SUCCESS) {
8191				printf("CTL:Persis Out error returned "
8192				       "from ctl_ha_msg_send %d\n",
8193				       isc_retval);
8194			}
8195		} else {
8196			/*
8197			 * sa_res_key is not the res holder just
8198			 * remove registrants
8199			 */
8200			int found=0;
8201
8202			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8203				if (sa_res_key != lun->pr_keys[i])
8204					continue;
8205
8206				found = 1;
8207				lun->pr_keys[i] = 0;
8208				lun->pr_key_count--;
8209
8210				if (!persis_offset
8211				 && i < CTL_MAX_INITIATORS)
8212					lun->pending_ua[i] |=
8213						CTL_UA_REG_PREEMPT;
8214				else if (persis_offset
8215				      && i >= persis_offset)
8216					lun->pending_ua[i-persis_offset] |=
8217						CTL_UA_REG_PREEMPT;
8218			}
8219
8220			if (!found) {
8221				mtx_unlock(&lun->lun_lock);
8222				free(ctsio->kern_data_ptr, M_CTL);
8223				ctl_set_reservation_conflict(ctsio);
8224				ctl_done((union ctl_io *)ctsio);
8225		        	return (1);
8226			}
8227			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8228			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8229			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8230			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8231			persis_io.pr.pr_info.res_type = type;
8232			memcpy(persis_io.pr.pr_info.sa_res_key,
8233			       param->serv_act_res_key,
8234			       sizeof(param->serv_act_res_key));
8235			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8236			     &persis_io, sizeof(persis_io), 0)) >
8237			     CTL_HA_STATUS_SUCCESS) {
8238				printf("CTL:Persis Out error returned "
8239				       "from ctl_ha_msg_send %d\n",
8240				isc_retval);
8241			}
8242		}
8243	}
8244
8245	lun->PRGeneration++;
8246	mtx_unlock(&lun->lun_lock);
8247
8248	return (retval);
8249}
8250
8251static void
8252ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8253{
8254	uint64_t sa_res_key;
8255	int i;
8256
8257	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8258
8259	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8260	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8261	 || sa_res_key != lun->pr_keys[lun->pr_res_idx]) {
8262		if (sa_res_key == 0) {
8263			/*
8264			 * Unregister everybody else and build UA for
8265			 * them
8266			 */
8267			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8268				if (i == msg->pr.pr_info.residx ||
8269				    lun->pr_keys[i] == 0)
8270					continue;
8271
8272				if (!persis_offset
8273				 && i < CTL_MAX_INITIATORS)
8274					lun->pending_ua[i] |=
8275						CTL_UA_REG_PREEMPT;
8276				else if (persis_offset && i >= persis_offset)
8277					lun->pending_ua[i - persis_offset] |=
8278						CTL_UA_REG_PREEMPT;
8279				lun->pr_keys[i] = 0;
8280			}
8281
8282			lun->pr_key_count = 1;
8283			lun->res_type = msg->pr.pr_info.res_type;
8284			if (lun->res_type != SPR_TYPE_WR_EX_AR
8285			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8286				lun->pr_res_idx = msg->pr.pr_info.residx;
8287		} else {
8288		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8289				if (sa_res_key == lun->pr_keys[i])
8290					continue;
8291
8292				lun->pr_keys[i] = 0;
8293				lun->pr_key_count--;
8294
8295				if (!persis_offset
8296				 && i < persis_offset)
8297					lun->pending_ua[i] |=
8298						CTL_UA_REG_PREEMPT;
8299				else if (persis_offset
8300				      && i >= persis_offset)
8301					lun->pending_ua[i - persis_offset] |=
8302						CTL_UA_REG_PREEMPT;
8303			}
8304		}
8305	} else {
8306		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8307			if (i == msg->pr.pr_info.residx ||
8308			    lun->pr_keys[i] == 0)
8309				continue;
8310
8311			if (sa_res_key == lun->pr_keys[i]) {
8312				lun->pr_keys[i] = 0;
8313				lun->pr_key_count--;
8314				if (!persis_offset
8315				 && i < CTL_MAX_INITIATORS)
8316					lun->pending_ua[i] |=
8317						CTL_UA_REG_PREEMPT;
8318				else if (persis_offset
8319				      && i >= persis_offset)
8320					lun->pending_ua[i - persis_offset] |=
8321						CTL_UA_REG_PREEMPT;
8322			} else if (msg->pr.pr_info.res_type != lun->res_type
8323				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8324				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8325					if (!persis_offset
8326					 && i < persis_offset)
8327						lun->pending_ua[i] |=
8328							CTL_UA_RES_RELEASE;
8329					else if (persis_offset
8330					      && i >= persis_offset)
8331					lun->pending_ua[i - persis_offset] |=
8332						CTL_UA_RES_RELEASE;
8333			}
8334		}
8335		lun->res_type = msg->pr.pr_info.res_type;
8336		if (lun->res_type != SPR_TYPE_WR_EX_AR
8337		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8338			lun->pr_res_idx = msg->pr.pr_info.residx;
8339		else
8340			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8341	}
8342	lun->PRGeneration++;
8343
8344}
8345
8346
8347int
8348ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8349{
8350	int retval;
8351	int isc_retval;
8352	u_int32_t param_len;
8353	struct scsi_per_res_out *cdb;
8354	struct ctl_lun *lun;
8355	struct scsi_per_res_out_parms* param;
8356	struct ctl_softc *softc;
8357	uint32_t residx;
8358	uint64_t res_key, sa_res_key;
8359	uint8_t type;
8360	union ctl_ha_msg persis_io;
8361	int    i;
8362
8363	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8364
8365	retval = CTL_RETVAL_COMPLETE;
8366
8367	softc = control_softc;
8368
8369	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8370	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8371
8372	/*
8373	 * We only support whole-LUN scope.  The scope & type are ignored for
8374	 * register, register and ignore existing key and clear.
8375	 * We sometimes ignore scope and type on preempts too!!
8376	 * Verify reservation type here as well.
8377	 */
8378	type = cdb->scope_type & SPR_TYPE_MASK;
8379	if ((cdb->action == SPRO_RESERVE)
8380	 || (cdb->action == SPRO_RELEASE)) {
8381		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8382			ctl_set_invalid_field(/*ctsio*/ ctsio,
8383					      /*sks_valid*/ 1,
8384					      /*command*/ 1,
8385					      /*field*/ 2,
8386					      /*bit_valid*/ 1,
8387					      /*bit*/ 4);
8388			ctl_done((union ctl_io *)ctsio);
8389			return (CTL_RETVAL_COMPLETE);
8390		}
8391
8392		if (type>8 || type==2 || type==4 || type==0) {
8393			ctl_set_invalid_field(/*ctsio*/ ctsio,
8394					      /*sks_valid*/ 1,
8395					      /*command*/ 1,
8396					      /*field*/ 2,
8397					      /*bit_valid*/ 1,
8398					      /*bit*/ 0);
8399			ctl_done((union ctl_io *)ctsio);
8400			return (CTL_RETVAL_COMPLETE);
8401		}
8402	}
8403
8404	param_len = scsi_4btoul(cdb->length);
8405
8406	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8407		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8408		ctsio->kern_data_len = param_len;
8409		ctsio->kern_total_len = param_len;
8410		ctsio->kern_data_resid = 0;
8411		ctsio->kern_rel_offset = 0;
8412		ctsio->kern_sg_entries = 0;
8413		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8414		ctsio->be_move_done = ctl_config_move_done;
8415		ctl_datamove((union ctl_io *)ctsio);
8416
8417		return (CTL_RETVAL_COMPLETE);
8418	}
8419
8420	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8421
8422	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8423	res_key = scsi_8btou64(param->res_key.key);
8424	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8425
8426	/*
8427	 * Validate the reservation key here except for SPRO_REG_IGNO
8428	 * This must be done for all other service actions
8429	 */
8430	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8431		mtx_lock(&lun->lun_lock);
8432		if (lun->pr_keys[residx] != 0) {
8433		    if (res_key != lun->pr_keys[residx]) {
8434				/*
8435				 * The current key passed in doesn't match
8436				 * the one the initiator previously
8437				 * registered.
8438				 */
8439				mtx_unlock(&lun->lun_lock);
8440				free(ctsio->kern_data_ptr, M_CTL);
8441				ctl_set_reservation_conflict(ctsio);
8442				ctl_done((union ctl_io *)ctsio);
8443				return (CTL_RETVAL_COMPLETE);
8444			}
8445		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8446			/*
8447			 * We are not registered
8448			 */
8449			mtx_unlock(&lun->lun_lock);
8450			free(ctsio->kern_data_ptr, M_CTL);
8451			ctl_set_reservation_conflict(ctsio);
8452			ctl_done((union ctl_io *)ctsio);
8453			return (CTL_RETVAL_COMPLETE);
8454		} else if (res_key != 0) {
8455			/*
8456			 * We are not registered and trying to register but
8457			 * the register key isn't zero.
8458			 */
8459			mtx_unlock(&lun->lun_lock);
8460			free(ctsio->kern_data_ptr, M_CTL);
8461			ctl_set_reservation_conflict(ctsio);
8462			ctl_done((union ctl_io *)ctsio);
8463			return (CTL_RETVAL_COMPLETE);
8464		}
8465		mtx_unlock(&lun->lun_lock);
8466	}
8467
8468	switch (cdb->action & SPRO_ACTION_MASK) {
8469	case SPRO_REGISTER:
8470	case SPRO_REG_IGNO: {
8471
8472#if 0
8473		printf("Registration received\n");
8474#endif
8475
8476		/*
8477		 * We don't support any of these options, as we report in
8478		 * the read capabilities request (see
8479		 * ctl_persistent_reserve_in(), above).
8480		 */
8481		if ((param->flags & SPR_SPEC_I_PT)
8482		 || (param->flags & SPR_ALL_TG_PT)
8483		 || (param->flags & SPR_APTPL)) {
8484			int bit_ptr;
8485
8486			if (param->flags & SPR_APTPL)
8487				bit_ptr = 0;
8488			else if (param->flags & SPR_ALL_TG_PT)
8489				bit_ptr = 2;
8490			else /* SPR_SPEC_I_PT */
8491				bit_ptr = 3;
8492
8493			free(ctsio->kern_data_ptr, M_CTL);
8494			ctl_set_invalid_field(ctsio,
8495					      /*sks_valid*/ 1,
8496					      /*command*/ 0,
8497					      /*field*/ 20,
8498					      /*bit_valid*/ 1,
8499					      /*bit*/ bit_ptr);
8500			ctl_done((union ctl_io *)ctsio);
8501			return (CTL_RETVAL_COMPLETE);
8502		}
8503
8504		mtx_lock(&lun->lun_lock);
8505
8506		/*
8507		 * The initiator wants to clear the
8508		 * key/unregister.
8509		 */
8510		if (sa_res_key == 0) {
8511			if ((res_key == 0
8512			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8513			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8514			  && lun->pr_keys[residx] == 0)) {
8515				mtx_unlock(&lun->lun_lock);
8516				goto done;
8517			}
8518
8519			lun->pr_keys[residx] = 0;
8520			lun->pr_key_count--;
8521
8522			if (residx == lun->pr_res_idx) {
8523				lun->flags &= ~CTL_LUN_PR_RESERVED;
8524				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8525
8526				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8527				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8528				 && lun->pr_key_count) {
8529					/*
8530					 * If the reservation is a registrants
8531					 * only type we need to generate a UA
8532					 * for other registered inits.  The
8533					 * sense code should be RESERVATIONS
8534					 * RELEASED
8535					 */
8536
8537					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8538						if (lun->pr_keys[
8539						    i + persis_offset] == 0)
8540							continue;
8541						lun->pending_ua[i] |=
8542							CTL_UA_RES_RELEASE;
8543					}
8544				}
8545				lun->res_type = 0;
8546			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8547				if (lun->pr_key_count==0) {
8548					lun->flags &= ~CTL_LUN_PR_RESERVED;
8549					lun->res_type = 0;
8550					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8551				}
8552			}
8553			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8554			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8555			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8556			persis_io.pr.pr_info.residx = residx;
8557			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8558			     &persis_io, sizeof(persis_io), 0 )) >
8559			     CTL_HA_STATUS_SUCCESS) {
8560				printf("CTL:Persis Out error returned from "
8561				       "ctl_ha_msg_send %d\n", isc_retval);
8562			}
8563		} else /* sa_res_key != 0 */ {
8564
8565			/*
8566			 * If we aren't registered currently then increment
8567			 * the key count and set the registered flag.
8568			 */
8569			if (lun->pr_keys[residx] == 0)
8570				lun->pr_key_count++;
8571			lun->pr_keys[residx] = sa_res_key;
8572
8573			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8574			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8575			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8576			persis_io.pr.pr_info.residx = residx;
8577			memcpy(persis_io.pr.pr_info.sa_res_key,
8578			       param->serv_act_res_key,
8579			       sizeof(param->serv_act_res_key));
8580			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8581			     &persis_io, sizeof(persis_io), 0)) >
8582			     CTL_HA_STATUS_SUCCESS) {
8583				printf("CTL:Persis Out error returned from "
8584				       "ctl_ha_msg_send %d\n", isc_retval);
8585			}
8586		}
8587		lun->PRGeneration++;
8588		mtx_unlock(&lun->lun_lock);
8589
8590		break;
8591	}
8592	case SPRO_RESERVE:
8593#if 0
8594                printf("Reserve executed type %d\n", type);
8595#endif
8596		mtx_lock(&lun->lun_lock);
8597		if (lun->flags & CTL_LUN_PR_RESERVED) {
8598			/*
8599			 * if this isn't the reservation holder and it's
8600			 * not a "all registrants" type or if the type is
8601			 * different then we have a conflict
8602			 */
8603			if ((lun->pr_res_idx != residx
8604			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8605			 || lun->res_type != type) {
8606				mtx_unlock(&lun->lun_lock);
8607				free(ctsio->kern_data_ptr, M_CTL);
8608				ctl_set_reservation_conflict(ctsio);
8609				ctl_done((union ctl_io *)ctsio);
8610				return (CTL_RETVAL_COMPLETE);
8611			}
8612			mtx_unlock(&lun->lun_lock);
8613		} else /* create a reservation */ {
8614			/*
8615			 * If it's not an "all registrants" type record
8616			 * reservation holder
8617			 */
8618			if (type != SPR_TYPE_WR_EX_AR
8619			 && type != SPR_TYPE_EX_AC_AR)
8620				lun->pr_res_idx = residx; /* Res holder */
8621			else
8622				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8623
8624			lun->flags |= CTL_LUN_PR_RESERVED;
8625			lun->res_type = type;
8626
8627			mtx_unlock(&lun->lun_lock);
8628
8629			/* send msg to other side */
8630			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8631			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8632			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8633			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8634			persis_io.pr.pr_info.res_type = type;
8635			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8636			     &persis_io, sizeof(persis_io), 0)) >
8637			     CTL_HA_STATUS_SUCCESS) {
8638				printf("CTL:Persis Out error returned from "
8639				       "ctl_ha_msg_send %d\n", isc_retval);
8640			}
8641		}
8642		break;
8643
8644	case SPRO_RELEASE:
8645		mtx_lock(&lun->lun_lock);
8646		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8647			/* No reservation exists return good status */
8648			mtx_unlock(&lun->lun_lock);
8649			goto done;
8650		}
8651		/*
8652		 * Is this nexus a reservation holder?
8653		 */
8654		if (lun->pr_res_idx != residx
8655		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8656			/*
8657			 * not a res holder return good status but
8658			 * do nothing
8659			 */
8660			mtx_unlock(&lun->lun_lock);
8661			goto done;
8662		}
8663
8664		if (lun->res_type != type) {
8665			mtx_unlock(&lun->lun_lock);
8666			free(ctsio->kern_data_ptr, M_CTL);
8667			ctl_set_illegal_pr_release(ctsio);
8668			ctl_done((union ctl_io *)ctsio);
8669			return (CTL_RETVAL_COMPLETE);
8670		}
8671
8672		/* okay to release */
8673		lun->flags &= ~CTL_LUN_PR_RESERVED;
8674		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8675		lun->res_type = 0;
8676
8677		/*
8678		 * if this isn't an exclusive access
8679		 * res generate UA for all other
8680		 * registrants.
8681		 */
8682		if (type != SPR_TYPE_EX_AC
8683		 && type != SPR_TYPE_WR_EX) {
8684			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8685				if (i == residx ||
8686				    lun->pr_keys[i + persis_offset] == 0)
8687					continue;
8688				lun->pending_ua[i] |= CTL_UA_RES_RELEASE;
8689			}
8690		}
8691		mtx_unlock(&lun->lun_lock);
8692		/* Send msg to other side */
8693		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8694		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8695		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8696		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8697		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8698			printf("CTL:Persis Out error returned from "
8699			       "ctl_ha_msg_send %d\n", isc_retval);
8700		}
8701		break;
8702
8703	case SPRO_CLEAR:
8704		/* send msg to other side */
8705
8706		mtx_lock(&lun->lun_lock);
8707		lun->flags &= ~CTL_LUN_PR_RESERVED;
8708		lun->res_type = 0;
8709		lun->pr_key_count = 0;
8710		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8711
8712		lun->pr_keys[residx] = 0;
8713
8714		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8715			if (lun->pr_keys[i] != 0) {
8716				if (!persis_offset && i < CTL_MAX_INITIATORS)
8717					lun->pending_ua[i] |=
8718						CTL_UA_RES_PREEMPT;
8719				else if (persis_offset && i >= persis_offset)
8720					lun->pending_ua[i-persis_offset] |=
8721					    CTL_UA_RES_PREEMPT;
8722
8723				lun->pr_keys[i] = 0;
8724			}
8725		lun->PRGeneration++;
8726		mtx_unlock(&lun->lun_lock);
8727		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8728		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8729		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8730		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8731		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8732			printf("CTL:Persis Out error returned from "
8733			       "ctl_ha_msg_send %d\n", isc_retval);
8734		}
8735		break;
8736
8737	case SPRO_PREEMPT: {
8738		int nretval;
8739
8740		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8741					  residx, ctsio, cdb, param);
8742		if (nretval != 0)
8743			return (CTL_RETVAL_COMPLETE);
8744		break;
8745	}
8746	default:
8747		panic("Invalid PR type %x", cdb->action);
8748	}
8749
8750done:
8751	free(ctsio->kern_data_ptr, M_CTL);
8752	ctl_set_success(ctsio);
8753	ctl_done((union ctl_io *)ctsio);
8754
8755	return (retval);
8756}
8757
8758/*
8759 * This routine is for handling a message from the other SC pertaining to
8760 * persistent reserve out. All the error checking will have been done
8761 * so only perorming the action need be done here to keep the two
8762 * in sync.
8763 */
8764static void
8765ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8766{
8767	struct ctl_lun *lun;
8768	struct ctl_softc *softc;
8769	int i;
8770	uint32_t targ_lun;
8771
8772	softc = control_softc;
8773
8774	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8775	lun = softc->ctl_luns[targ_lun];
8776	mtx_lock(&lun->lun_lock);
8777	switch(msg->pr.pr_info.action) {
8778	case CTL_PR_REG_KEY:
8779		if (lun->pr_keys[msg->pr.pr_info.residx] == 0)
8780			lun->pr_key_count++;
8781		lun->pr_keys[msg->pr.pr_info.residx] =
8782		    scsi_8btou64(msg->pr.pr_info.sa_res_key);
8783		lun->PRGeneration++;
8784		break;
8785
8786	case CTL_PR_UNREG_KEY:
8787		lun->pr_keys[msg->pr.pr_info.residx] = 0;
8788		lun->pr_key_count--;
8789
8790		/* XXX Need to see if the reservation has been released */
8791		/* if so do we need to generate UA? */
8792		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8793			lun->flags &= ~CTL_LUN_PR_RESERVED;
8794			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8795
8796			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8797			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8798			 && lun->pr_key_count) {
8799				/*
8800				 * If the reservation is a registrants
8801				 * only type we need to generate a UA
8802				 * for other registered inits.  The
8803				 * sense code should be RESERVATIONS
8804				 * RELEASED
8805				 */
8806
8807				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8808					if (lun->pr_keys[i+
8809					    persis_offset] == 0)
8810						continue;
8811
8812					lun->pending_ua[i] |=
8813						CTL_UA_RES_RELEASE;
8814				}
8815			}
8816			lun->res_type = 0;
8817		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8818			if (lun->pr_key_count==0) {
8819				lun->flags &= ~CTL_LUN_PR_RESERVED;
8820				lun->res_type = 0;
8821				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8822			}
8823		}
8824		lun->PRGeneration++;
8825		break;
8826
8827	case CTL_PR_RESERVE:
8828		lun->flags |= CTL_LUN_PR_RESERVED;
8829		lun->res_type = msg->pr.pr_info.res_type;
8830		lun->pr_res_idx = msg->pr.pr_info.residx;
8831
8832		break;
8833
8834	case CTL_PR_RELEASE:
8835		/*
8836		 * if this isn't an exclusive access res generate UA for all
8837		 * other registrants.
8838		 */
8839		if (lun->res_type != SPR_TYPE_EX_AC
8840		 && lun->res_type != SPR_TYPE_WR_EX) {
8841			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8842				if (lun->pr_keys[i+persis_offset] != 0)
8843					lun->pending_ua[i] |=
8844						CTL_UA_RES_RELEASE;
8845		}
8846
8847		lun->flags &= ~CTL_LUN_PR_RESERVED;
8848		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8849		lun->res_type = 0;
8850		break;
8851
8852	case CTL_PR_PREEMPT:
8853		ctl_pro_preempt_other(lun, msg);
8854		break;
8855	case CTL_PR_CLEAR:
8856		lun->flags &= ~CTL_LUN_PR_RESERVED;
8857		lun->res_type = 0;
8858		lun->pr_key_count = 0;
8859		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8860
8861		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8862			if (lun->pr_keys[i] == 0)
8863				continue;
8864			if (!persis_offset
8865			 && i < CTL_MAX_INITIATORS)
8866				lun->pending_ua[i] |= CTL_UA_RES_PREEMPT;
8867			else if (persis_offset
8868			      && i >= persis_offset)
8869				lun->pending_ua[i-persis_offset] |=
8870					CTL_UA_RES_PREEMPT;
8871			lun->pr_keys[i] = 0;
8872		}
8873		lun->PRGeneration++;
8874		break;
8875	}
8876
8877	mtx_unlock(&lun->lun_lock);
8878}
8879
8880int
8881ctl_read_write(struct ctl_scsiio *ctsio)
8882{
8883	struct ctl_lun *lun;
8884	struct ctl_lba_len_flags *lbalen;
8885	uint64_t lba;
8886	uint32_t num_blocks;
8887	int flags, retval;
8888	int isread;
8889
8890	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8891
8892	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8893
8894	flags = 0;
8895	retval = CTL_RETVAL_COMPLETE;
8896
8897	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8898	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8899	if (lun->flags & CTL_LUN_PR_RESERVED && isread) {
8900		uint32_t residx;
8901
8902		/*
8903		 * XXX KDM need a lock here.
8904		 */
8905		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8906		if ((lun->res_type == SPR_TYPE_EX_AC
8907		  && residx != lun->pr_res_idx)
8908		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
8909		   || lun->res_type == SPR_TYPE_EX_AC_AR)
8910		  && lun->pr_keys[residx] == 0)) {
8911			ctl_set_reservation_conflict(ctsio);
8912			ctl_done((union ctl_io *)ctsio);
8913			return (CTL_RETVAL_COMPLETE);
8914	        }
8915	}
8916
8917	switch (ctsio->cdb[0]) {
8918	case READ_6:
8919	case WRITE_6: {
8920		struct scsi_rw_6 *cdb;
8921
8922		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8923
8924		lba = scsi_3btoul(cdb->addr);
8925		/* only 5 bits are valid in the most significant address byte */
8926		lba &= 0x1fffff;
8927		num_blocks = cdb->length;
8928		/*
8929		 * This is correct according to SBC-2.
8930		 */
8931		if (num_blocks == 0)
8932			num_blocks = 256;
8933		break;
8934	}
8935	case READ_10:
8936	case WRITE_10: {
8937		struct scsi_rw_10 *cdb;
8938
8939		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8940		if (cdb->byte2 & SRW10_FUA)
8941			flags |= CTL_LLF_FUA;
8942		if (cdb->byte2 & SRW10_DPO)
8943			flags |= CTL_LLF_DPO;
8944		lba = scsi_4btoul(cdb->addr);
8945		num_blocks = scsi_2btoul(cdb->length);
8946		break;
8947	}
8948	case WRITE_VERIFY_10: {
8949		struct scsi_write_verify_10 *cdb;
8950
8951		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8952		flags |= CTL_LLF_FUA;
8953		if (cdb->byte2 & SWV_DPO)
8954			flags |= CTL_LLF_DPO;
8955		lba = scsi_4btoul(cdb->addr);
8956		num_blocks = scsi_2btoul(cdb->length);
8957		break;
8958	}
8959	case READ_12:
8960	case WRITE_12: {
8961		struct scsi_rw_12 *cdb;
8962
8963		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8964		if (cdb->byte2 & SRW12_FUA)
8965			flags |= CTL_LLF_FUA;
8966		if (cdb->byte2 & SRW12_DPO)
8967			flags |= CTL_LLF_DPO;
8968		lba = scsi_4btoul(cdb->addr);
8969		num_blocks = scsi_4btoul(cdb->length);
8970		break;
8971	}
8972	case WRITE_VERIFY_12: {
8973		struct scsi_write_verify_12 *cdb;
8974
8975		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8976		flags |= CTL_LLF_FUA;
8977		if (cdb->byte2 & SWV_DPO)
8978			flags |= CTL_LLF_DPO;
8979		lba = scsi_4btoul(cdb->addr);
8980		num_blocks = scsi_4btoul(cdb->length);
8981		break;
8982	}
8983	case READ_16:
8984	case WRITE_16: {
8985		struct scsi_rw_16 *cdb;
8986
8987		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8988		if (cdb->byte2 & SRW12_FUA)
8989			flags |= CTL_LLF_FUA;
8990		if (cdb->byte2 & SRW12_DPO)
8991			flags |= CTL_LLF_DPO;
8992		lba = scsi_8btou64(cdb->addr);
8993		num_blocks = scsi_4btoul(cdb->length);
8994		break;
8995	}
8996	case WRITE_ATOMIC_16: {
8997		struct scsi_rw_16 *cdb;
8998
8999		if (lun->be_lun->atomicblock == 0) {
9000			ctl_set_invalid_opcode(ctsio);
9001			ctl_done((union ctl_io *)ctsio);
9002			return (CTL_RETVAL_COMPLETE);
9003		}
9004
9005		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9006		if (cdb->byte2 & SRW12_FUA)
9007			flags |= CTL_LLF_FUA;
9008		if (cdb->byte2 & SRW12_DPO)
9009			flags |= CTL_LLF_DPO;
9010		lba = scsi_8btou64(cdb->addr);
9011		num_blocks = scsi_4btoul(cdb->length);
9012		if (num_blocks > lun->be_lun->atomicblock) {
9013			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
9014			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
9015			    /*bit*/ 0);
9016			ctl_done((union ctl_io *)ctsio);
9017			return (CTL_RETVAL_COMPLETE);
9018		}
9019		break;
9020	}
9021	case WRITE_VERIFY_16: {
9022		struct scsi_write_verify_16 *cdb;
9023
9024		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
9025		flags |= CTL_LLF_FUA;
9026		if (cdb->byte2 & SWV_DPO)
9027			flags |= CTL_LLF_DPO;
9028		lba = scsi_8btou64(cdb->addr);
9029		num_blocks = scsi_4btoul(cdb->length);
9030		break;
9031	}
9032	default:
9033		/*
9034		 * We got a command we don't support.  This shouldn't
9035		 * happen, commands should be filtered out above us.
9036		 */
9037		ctl_set_invalid_opcode(ctsio);
9038		ctl_done((union ctl_io *)ctsio);
9039
9040		return (CTL_RETVAL_COMPLETE);
9041		break; /* NOTREACHED */
9042	}
9043
9044	/*
9045	 * The first check is to make sure we're in bounds, the second
9046	 * check is to catch wrap-around problems.  If the lba + num blocks
9047	 * is less than the lba, then we've wrapped around and the block
9048	 * range is invalid anyway.
9049	 */
9050	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9051	 || ((lba + num_blocks) < lba)) {
9052		ctl_set_lba_out_of_range(ctsio);
9053		ctl_done((union ctl_io *)ctsio);
9054		return (CTL_RETVAL_COMPLETE);
9055	}
9056
9057	/*
9058	 * According to SBC-3, a transfer length of 0 is not an error.
9059	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9060	 * translates to 256 blocks for those commands.
9061	 */
9062	if (num_blocks == 0) {
9063		ctl_set_success(ctsio);
9064		ctl_done((union ctl_io *)ctsio);
9065		return (CTL_RETVAL_COMPLETE);
9066	}
9067
9068	/* Set FUA and/or DPO if caches are disabled. */
9069	if (isread) {
9070		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9071		    SCP_RCD) != 0)
9072			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9073	} else {
9074		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9075		    SCP_WCE) == 0)
9076			flags |= CTL_LLF_FUA;
9077	}
9078
9079	lbalen = (struct ctl_lba_len_flags *)
9080	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9081	lbalen->lba = lba;
9082	lbalen->len = num_blocks;
9083	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9084
9085	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9086	ctsio->kern_rel_offset = 0;
9087
9088	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9089
9090	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9091
9092	return (retval);
9093}
9094
9095static int
9096ctl_cnw_cont(union ctl_io *io)
9097{
9098	struct ctl_scsiio *ctsio;
9099	struct ctl_lun *lun;
9100	struct ctl_lba_len_flags *lbalen;
9101	int retval;
9102
9103	ctsio = &io->scsiio;
9104	ctsio->io_hdr.status = CTL_STATUS_NONE;
9105	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9106	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9107	lbalen = (struct ctl_lba_len_flags *)
9108	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9109	lbalen->flags &= ~CTL_LLF_COMPARE;
9110	lbalen->flags |= CTL_LLF_WRITE;
9111
9112	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9113	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9114	return (retval);
9115}
9116
9117int
9118ctl_cnw(struct ctl_scsiio *ctsio)
9119{
9120	struct ctl_lun *lun;
9121	struct ctl_lba_len_flags *lbalen;
9122	uint64_t lba;
9123	uint32_t num_blocks;
9124	int flags, retval;
9125
9126	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9127
9128	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9129
9130	flags = 0;
9131	retval = CTL_RETVAL_COMPLETE;
9132
9133	switch (ctsio->cdb[0]) {
9134	case COMPARE_AND_WRITE: {
9135		struct scsi_compare_and_write *cdb;
9136
9137		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9138		if (cdb->byte2 & SRW10_FUA)
9139			flags |= CTL_LLF_FUA;
9140		if (cdb->byte2 & SRW10_DPO)
9141			flags |= CTL_LLF_DPO;
9142		lba = scsi_8btou64(cdb->addr);
9143		num_blocks = cdb->length;
9144		break;
9145	}
9146	default:
9147		/*
9148		 * We got a command we don't support.  This shouldn't
9149		 * happen, commands should be filtered out above us.
9150		 */
9151		ctl_set_invalid_opcode(ctsio);
9152		ctl_done((union ctl_io *)ctsio);
9153
9154		return (CTL_RETVAL_COMPLETE);
9155		break; /* NOTREACHED */
9156	}
9157
9158	/*
9159	 * The first check is to make sure we're in bounds, the second
9160	 * check is to catch wrap-around problems.  If the lba + num blocks
9161	 * is less than the lba, then we've wrapped around and the block
9162	 * range is invalid anyway.
9163	 */
9164	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9165	 || ((lba + num_blocks) < lba)) {
9166		ctl_set_lba_out_of_range(ctsio);
9167		ctl_done((union ctl_io *)ctsio);
9168		return (CTL_RETVAL_COMPLETE);
9169	}
9170
9171	/*
9172	 * According to SBC-3, a transfer length of 0 is not an error.
9173	 */
9174	if (num_blocks == 0) {
9175		ctl_set_success(ctsio);
9176		ctl_done((union ctl_io *)ctsio);
9177		return (CTL_RETVAL_COMPLETE);
9178	}
9179
9180	/* Set FUA if write cache is disabled. */
9181	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9182	    SCP_WCE) == 0)
9183		flags |= CTL_LLF_FUA;
9184
9185	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9186	ctsio->kern_rel_offset = 0;
9187
9188	/*
9189	 * Set the IO_CONT flag, so that if this I/O gets passed to
9190	 * ctl_data_submit_done(), it'll get passed back to
9191	 * ctl_ctl_cnw_cont() for further processing.
9192	 */
9193	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9194	ctsio->io_cont = ctl_cnw_cont;
9195
9196	lbalen = (struct ctl_lba_len_flags *)
9197	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9198	lbalen->lba = lba;
9199	lbalen->len = num_blocks;
9200	lbalen->flags = CTL_LLF_COMPARE | flags;
9201
9202	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9203	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9204	return (retval);
9205}
9206
9207int
9208ctl_verify(struct ctl_scsiio *ctsio)
9209{
9210	struct ctl_lun *lun;
9211	struct ctl_lba_len_flags *lbalen;
9212	uint64_t lba;
9213	uint32_t num_blocks;
9214	int bytchk, flags;
9215	int retval;
9216
9217	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9218
9219	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9220
9221	bytchk = 0;
9222	flags = CTL_LLF_FUA;
9223	retval = CTL_RETVAL_COMPLETE;
9224
9225	switch (ctsio->cdb[0]) {
9226	case VERIFY_10: {
9227		struct scsi_verify_10 *cdb;
9228
9229		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9230		if (cdb->byte2 & SVFY_BYTCHK)
9231			bytchk = 1;
9232		if (cdb->byte2 & SVFY_DPO)
9233			flags |= CTL_LLF_DPO;
9234		lba = scsi_4btoul(cdb->addr);
9235		num_blocks = scsi_2btoul(cdb->length);
9236		break;
9237	}
9238	case VERIFY_12: {
9239		struct scsi_verify_12 *cdb;
9240
9241		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9242		if (cdb->byte2 & SVFY_BYTCHK)
9243			bytchk = 1;
9244		if (cdb->byte2 & SVFY_DPO)
9245			flags |= CTL_LLF_DPO;
9246		lba = scsi_4btoul(cdb->addr);
9247		num_blocks = scsi_4btoul(cdb->length);
9248		break;
9249	}
9250	case VERIFY_16: {
9251		struct scsi_rw_16 *cdb;
9252
9253		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9254		if (cdb->byte2 & SVFY_BYTCHK)
9255			bytchk = 1;
9256		if (cdb->byte2 & SVFY_DPO)
9257			flags |= CTL_LLF_DPO;
9258		lba = scsi_8btou64(cdb->addr);
9259		num_blocks = scsi_4btoul(cdb->length);
9260		break;
9261	}
9262	default:
9263		/*
9264		 * We got a command we don't support.  This shouldn't
9265		 * happen, commands should be filtered out above us.
9266		 */
9267		ctl_set_invalid_opcode(ctsio);
9268		ctl_done((union ctl_io *)ctsio);
9269		return (CTL_RETVAL_COMPLETE);
9270	}
9271
9272	/*
9273	 * The first check is to make sure we're in bounds, the second
9274	 * check is to catch wrap-around problems.  If the lba + num blocks
9275	 * is less than the lba, then we've wrapped around and the block
9276	 * range is invalid anyway.
9277	 */
9278	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9279	 || ((lba + num_blocks) < lba)) {
9280		ctl_set_lba_out_of_range(ctsio);
9281		ctl_done((union ctl_io *)ctsio);
9282		return (CTL_RETVAL_COMPLETE);
9283	}
9284
9285	/*
9286	 * According to SBC-3, a transfer length of 0 is not an error.
9287	 */
9288	if (num_blocks == 0) {
9289		ctl_set_success(ctsio);
9290		ctl_done((union ctl_io *)ctsio);
9291		return (CTL_RETVAL_COMPLETE);
9292	}
9293
9294	lbalen = (struct ctl_lba_len_flags *)
9295	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9296	lbalen->lba = lba;
9297	lbalen->len = num_blocks;
9298	if (bytchk) {
9299		lbalen->flags = CTL_LLF_COMPARE | flags;
9300		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9301	} else {
9302		lbalen->flags = CTL_LLF_VERIFY | flags;
9303		ctsio->kern_total_len = 0;
9304	}
9305	ctsio->kern_rel_offset = 0;
9306
9307	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9308	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9309	return (retval);
9310}
9311
9312int
9313ctl_report_luns(struct ctl_scsiio *ctsio)
9314{
9315	struct scsi_report_luns *cdb;
9316	struct scsi_report_luns_data *lun_data;
9317	struct ctl_lun *lun, *request_lun;
9318	int num_luns, retval;
9319	uint32_t alloc_len, lun_datalen;
9320	int num_filled, well_known;
9321	uint32_t initidx, targ_lun_id, lun_id;
9322
9323	retval = CTL_RETVAL_COMPLETE;
9324	well_known = 0;
9325
9326	cdb = (struct scsi_report_luns *)ctsio->cdb;
9327
9328	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9329
9330	mtx_lock(&control_softc->ctl_lock);
9331	num_luns = control_softc->num_luns;
9332	mtx_unlock(&control_softc->ctl_lock);
9333
9334	switch (cdb->select_report) {
9335	case RPL_REPORT_DEFAULT:
9336	case RPL_REPORT_ALL:
9337		break;
9338	case RPL_REPORT_WELLKNOWN:
9339		well_known = 1;
9340		num_luns = 0;
9341		break;
9342	default:
9343		ctl_set_invalid_field(ctsio,
9344				      /*sks_valid*/ 1,
9345				      /*command*/ 1,
9346				      /*field*/ 2,
9347				      /*bit_valid*/ 0,
9348				      /*bit*/ 0);
9349		ctl_done((union ctl_io *)ctsio);
9350		return (retval);
9351		break; /* NOTREACHED */
9352	}
9353
9354	alloc_len = scsi_4btoul(cdb->length);
9355	/*
9356	 * The initiator has to allocate at least 16 bytes for this request,
9357	 * so he can at least get the header and the first LUN.  Otherwise
9358	 * we reject the request (per SPC-3 rev 14, section 6.21).
9359	 */
9360	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9361	    sizeof(struct scsi_report_luns_lundata))) {
9362		ctl_set_invalid_field(ctsio,
9363				      /*sks_valid*/ 1,
9364				      /*command*/ 1,
9365				      /*field*/ 6,
9366				      /*bit_valid*/ 0,
9367				      /*bit*/ 0);
9368		ctl_done((union ctl_io *)ctsio);
9369		return (retval);
9370	}
9371
9372	request_lun = (struct ctl_lun *)
9373		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9374
9375	lun_datalen = sizeof(*lun_data) +
9376		(num_luns * sizeof(struct scsi_report_luns_lundata));
9377
9378	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9379	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9380	ctsio->kern_sg_entries = 0;
9381
9382	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9383
9384	mtx_lock(&control_softc->ctl_lock);
9385	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9386		lun_id = ctl_map_lun(ctsio->io_hdr.nexus.targ_port, targ_lun_id);
9387		if (lun_id >= CTL_MAX_LUNS)
9388			continue;
9389		lun = control_softc->ctl_luns[lun_id];
9390		if (lun == NULL)
9391			continue;
9392
9393		if (targ_lun_id <= 0xff) {
9394			/*
9395			 * Peripheral addressing method, bus number 0.
9396			 */
9397			lun_data->luns[num_filled].lundata[0] =
9398				RPL_LUNDATA_ATYP_PERIPH;
9399			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9400			num_filled++;
9401		} else if (targ_lun_id <= 0x3fff) {
9402			/*
9403			 * Flat addressing method.
9404			 */
9405			lun_data->luns[num_filled].lundata[0] =
9406				RPL_LUNDATA_ATYP_FLAT |
9407				(targ_lun_id & RPL_LUNDATA_FLAT_LUN_MASK);
9408#ifdef OLDCTLHEADERS
9409				(SRLD_ADDR_FLAT << SRLD_ADDR_SHIFT) |
9410				(targ_lun_id & SRLD_BUS_LUN_MASK);
9411#endif
9412			lun_data->luns[num_filled].lundata[1] =
9413#ifdef OLDCTLHEADERS
9414				targ_lun_id >> SRLD_BUS_LUN_BITS;
9415#endif
9416				targ_lun_id >> RPL_LUNDATA_FLAT_LUN_BITS;
9417			num_filled++;
9418		} else {
9419			printf("ctl_report_luns: bogus LUN number %jd, "
9420			       "skipping\n", (intmax_t)targ_lun_id);
9421		}
9422		/*
9423		 * According to SPC-3, rev 14 section 6.21:
9424		 *
9425		 * "The execution of a REPORT LUNS command to any valid and
9426		 * installed logical unit shall clear the REPORTED LUNS DATA
9427		 * HAS CHANGED unit attention condition for all logical
9428		 * units of that target with respect to the requesting
9429		 * initiator. A valid and installed logical unit is one
9430		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9431		 * INQUIRY data (see 6.4.2)."
9432		 *
9433		 * If request_lun is NULL, the LUN this report luns command
9434		 * was issued to is either disabled or doesn't exist. In that
9435		 * case, we shouldn't clear any pending lun change unit
9436		 * attention.
9437		 */
9438		if (request_lun != NULL) {
9439			mtx_lock(&lun->lun_lock);
9440			lun->pending_ua[initidx] &= ~CTL_UA_LUN_CHANGE;
9441			mtx_unlock(&lun->lun_lock);
9442		}
9443	}
9444	mtx_unlock(&control_softc->ctl_lock);
9445
9446	/*
9447	 * It's quite possible that we've returned fewer LUNs than we allocated
9448	 * space for.  Trim it.
9449	 */
9450	lun_datalen = sizeof(*lun_data) +
9451		(num_filled * sizeof(struct scsi_report_luns_lundata));
9452
9453	if (lun_datalen < alloc_len) {
9454		ctsio->residual = alloc_len - lun_datalen;
9455		ctsio->kern_data_len = lun_datalen;
9456		ctsio->kern_total_len = lun_datalen;
9457	} else {
9458		ctsio->residual = 0;
9459		ctsio->kern_data_len = alloc_len;
9460		ctsio->kern_total_len = alloc_len;
9461	}
9462	ctsio->kern_data_resid = 0;
9463	ctsio->kern_rel_offset = 0;
9464	ctsio->kern_sg_entries = 0;
9465
9466	/*
9467	 * We set this to the actual data length, regardless of how much
9468	 * space we actually have to return results.  If the user looks at
9469	 * this value, he'll know whether or not he allocated enough space
9470	 * and reissue the command if necessary.  We don't support well
9471	 * known logical units, so if the user asks for that, return none.
9472	 */
9473	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9474
9475	/*
9476	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9477	 * this request.
9478	 */
9479	ctsio->scsi_status = SCSI_STATUS_OK;
9480
9481	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9482	ctsio->be_move_done = ctl_config_move_done;
9483	ctl_datamove((union ctl_io *)ctsio);
9484
9485	return (retval);
9486}
9487
9488int
9489ctl_request_sense(struct ctl_scsiio *ctsio)
9490{
9491	struct scsi_request_sense *cdb;
9492	struct scsi_sense_data *sense_ptr;
9493	struct ctl_lun *lun;
9494	uint32_t initidx;
9495	int have_error;
9496	scsi_sense_data_type sense_format;
9497
9498	cdb = (struct scsi_request_sense *)ctsio->cdb;
9499
9500	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9501
9502	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9503
9504	/*
9505	 * Determine which sense format the user wants.
9506	 */
9507	if (cdb->byte2 & SRS_DESC)
9508		sense_format = SSD_TYPE_DESC;
9509	else
9510		sense_format = SSD_TYPE_FIXED;
9511
9512	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9513	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9514	ctsio->kern_sg_entries = 0;
9515
9516	/*
9517	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9518	 * larger than the largest allowed value for the length field in the
9519	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9520	 */
9521	ctsio->residual = 0;
9522	ctsio->kern_data_len = cdb->length;
9523	ctsio->kern_total_len = cdb->length;
9524
9525	ctsio->kern_data_resid = 0;
9526	ctsio->kern_rel_offset = 0;
9527	ctsio->kern_sg_entries = 0;
9528
9529	/*
9530	 * If we don't have a LUN, we don't have any pending sense.
9531	 */
9532	if (lun == NULL)
9533		goto no_sense;
9534
9535	have_error = 0;
9536	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9537	/*
9538	 * Check for pending sense, and then for pending unit attentions.
9539	 * Pending sense gets returned first, then pending unit attentions.
9540	 */
9541	mtx_lock(&lun->lun_lock);
9542#ifdef CTL_WITH_CA
9543	if (ctl_is_set(lun->have_ca, initidx)) {
9544		scsi_sense_data_type stored_format;
9545
9546		/*
9547		 * Check to see which sense format was used for the stored
9548		 * sense data.
9549		 */
9550		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9551
9552		/*
9553		 * If the user requested a different sense format than the
9554		 * one we stored, then we need to convert it to the other
9555		 * format.  If we're going from descriptor to fixed format
9556		 * sense data, we may lose things in translation, depending
9557		 * on what options were used.
9558		 *
9559		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9560		 * for some reason we'll just copy it out as-is.
9561		 */
9562		if ((stored_format == SSD_TYPE_FIXED)
9563		 && (sense_format == SSD_TYPE_DESC))
9564			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9565			    &lun->pending_sense[initidx],
9566			    (struct scsi_sense_data_desc *)sense_ptr);
9567		else if ((stored_format == SSD_TYPE_DESC)
9568		      && (sense_format == SSD_TYPE_FIXED))
9569			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9570			    &lun->pending_sense[initidx],
9571			    (struct scsi_sense_data_fixed *)sense_ptr);
9572		else
9573			memcpy(sense_ptr, &lun->pending_sense[initidx],
9574			       ctl_min(sizeof(*sense_ptr),
9575			       sizeof(lun->pending_sense[initidx])));
9576
9577		ctl_clear_mask(lun->have_ca, initidx);
9578		have_error = 1;
9579	} else
9580#endif
9581	if (lun->pending_ua[initidx] != CTL_UA_NONE) {
9582		ctl_ua_type ua_type;
9583
9584		ua_type = ctl_build_ua(&lun->pending_ua[initidx],
9585				       sense_ptr, sense_format);
9586		if (ua_type != CTL_UA_NONE)
9587			have_error = 1;
9588	}
9589	mtx_unlock(&lun->lun_lock);
9590
9591	/*
9592	 * We already have a pending error, return it.
9593	 */
9594	if (have_error != 0) {
9595		/*
9596		 * We report the SCSI status as OK, since the status of the
9597		 * request sense command itself is OK.
9598		 */
9599		ctsio->scsi_status = SCSI_STATUS_OK;
9600
9601		/*
9602		 * We report 0 for the sense length, because we aren't doing
9603		 * autosense in this case.  We're reporting sense as
9604		 * parameter data.
9605		 */
9606		ctsio->sense_len = 0;
9607		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9608		ctsio->be_move_done = ctl_config_move_done;
9609		ctl_datamove((union ctl_io *)ctsio);
9610
9611		return (CTL_RETVAL_COMPLETE);
9612	}
9613
9614no_sense:
9615
9616	/*
9617	 * No sense information to report, so we report that everything is
9618	 * okay.
9619	 */
9620	ctl_set_sense_data(sense_ptr,
9621			   lun,
9622			   sense_format,
9623			   /*current_error*/ 1,
9624			   /*sense_key*/ SSD_KEY_NO_SENSE,
9625			   /*asc*/ 0x00,
9626			   /*ascq*/ 0x00,
9627			   SSD_ELEM_NONE);
9628
9629	ctsio->scsi_status = SCSI_STATUS_OK;
9630
9631	/*
9632	 * We report 0 for the sense length, because we aren't doing
9633	 * autosense in this case.  We're reporting sense as parameter data.
9634	 */
9635	ctsio->sense_len = 0;
9636	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9637	ctsio->be_move_done = ctl_config_move_done;
9638	ctl_datamove((union ctl_io *)ctsio);
9639
9640	return (CTL_RETVAL_COMPLETE);
9641}
9642
9643int
9644ctl_tur(struct ctl_scsiio *ctsio)
9645{
9646	struct ctl_lun *lun;
9647
9648	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9649
9650	CTL_DEBUG_PRINT(("ctl_tur\n"));
9651
9652	if (lun == NULL)
9653		return (EINVAL);
9654
9655	ctsio->scsi_status = SCSI_STATUS_OK;
9656	ctsio->io_hdr.status = CTL_SUCCESS;
9657
9658	ctl_done((union ctl_io *)ctsio);
9659
9660	return (CTL_RETVAL_COMPLETE);
9661}
9662
9663#ifdef notyet
9664static int
9665ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9666{
9667
9668}
9669#endif
9670
9671static int
9672ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9673{
9674	struct scsi_vpd_supported_pages *pages;
9675	int sup_page_size;
9676	struct ctl_lun *lun;
9677
9678	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9679
9680	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9681	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9682	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9683	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9684	ctsio->kern_sg_entries = 0;
9685
9686	if (sup_page_size < alloc_len) {
9687		ctsio->residual = alloc_len - sup_page_size;
9688		ctsio->kern_data_len = sup_page_size;
9689		ctsio->kern_total_len = sup_page_size;
9690	} else {
9691		ctsio->residual = 0;
9692		ctsio->kern_data_len = alloc_len;
9693		ctsio->kern_total_len = alloc_len;
9694	}
9695	ctsio->kern_data_resid = 0;
9696	ctsio->kern_rel_offset = 0;
9697	ctsio->kern_sg_entries = 0;
9698
9699	/*
9700	 * The control device is always connected.  The disk device, on the
9701	 * other hand, may not be online all the time.  Need to change this
9702	 * to figure out whether the disk device is actually online or not.
9703	 */
9704	if (lun != NULL)
9705		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9706				lun->be_lun->lun_type;
9707	else
9708		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9709
9710	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
9711	/* Supported VPD pages */
9712	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
9713	/* Serial Number */
9714	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
9715	/* Device Identification */
9716	pages->page_list[2] = SVPD_DEVICE_ID;
9717	/* Extended INQUIRY Data */
9718	pages->page_list[3] = SVPD_EXTENDED_INQUIRY_DATA;
9719	/* Mode Page Policy */
9720	pages->page_list[4] = SVPD_MODE_PAGE_POLICY;
9721	/* SCSI Ports */
9722	pages->page_list[5] = SVPD_SCSI_PORTS;
9723	/* Third-party Copy */
9724	pages->page_list[6] = SVPD_SCSI_TPC;
9725	/* Block limits */
9726	pages->page_list[7] = SVPD_BLOCK_LIMITS;
9727	/* Block Device Characteristics */
9728	pages->page_list[8] = SVPD_BDC;
9729	/* Logical Block Provisioning */
9730	pages->page_list[9] = SVPD_LBP;
9731
9732	ctsio->scsi_status = SCSI_STATUS_OK;
9733
9734	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9735	ctsio->be_move_done = ctl_config_move_done;
9736	ctl_datamove((union ctl_io *)ctsio);
9737
9738	return (CTL_RETVAL_COMPLETE);
9739}
9740
9741static int
9742ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9743{
9744	struct scsi_vpd_unit_serial_number *sn_ptr;
9745	struct ctl_lun *lun;
9746	int data_len;
9747
9748	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9749
9750	data_len = 4 + CTL_SN_LEN;
9751	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9752	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9753	if (data_len < alloc_len) {
9754		ctsio->residual = alloc_len - data_len;
9755		ctsio->kern_data_len = data_len;
9756		ctsio->kern_total_len = data_len;
9757	} else {
9758		ctsio->residual = 0;
9759		ctsio->kern_data_len = alloc_len;
9760		ctsio->kern_total_len = alloc_len;
9761	}
9762	ctsio->kern_data_resid = 0;
9763	ctsio->kern_rel_offset = 0;
9764	ctsio->kern_sg_entries = 0;
9765
9766	/*
9767	 * The control device is always connected.  The disk device, on the
9768	 * other hand, may not be online all the time.  Need to change this
9769	 * to figure out whether the disk device is actually online or not.
9770	 */
9771	if (lun != NULL)
9772		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9773				  lun->be_lun->lun_type;
9774	else
9775		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9776
9777	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9778	sn_ptr->length = CTL_SN_LEN;
9779	/*
9780	 * If we don't have a LUN, we just leave the serial number as
9781	 * all spaces.
9782	 */
9783	if (lun != NULL) {
9784		strncpy((char *)sn_ptr->serial_num,
9785			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9786	} else
9787		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9788	ctsio->scsi_status = SCSI_STATUS_OK;
9789
9790	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9791	ctsio->be_move_done = ctl_config_move_done;
9792	ctl_datamove((union ctl_io *)ctsio);
9793
9794	return (CTL_RETVAL_COMPLETE);
9795}
9796
9797
9798static int
9799ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9800{
9801	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9802	struct ctl_lun *lun;
9803	int data_len;
9804
9805	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9806
9807	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9808	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9809	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9810	ctsio->kern_sg_entries = 0;
9811
9812	if (data_len < alloc_len) {
9813		ctsio->residual = alloc_len - data_len;
9814		ctsio->kern_data_len = data_len;
9815		ctsio->kern_total_len = data_len;
9816	} else {
9817		ctsio->residual = 0;
9818		ctsio->kern_data_len = alloc_len;
9819		ctsio->kern_total_len = alloc_len;
9820	}
9821	ctsio->kern_data_resid = 0;
9822	ctsio->kern_rel_offset = 0;
9823	ctsio->kern_sg_entries = 0;
9824
9825	/*
9826	 * The control device is always connected.  The disk device, on the
9827	 * other hand, may not be online all the time.
9828	 */
9829	if (lun != NULL)
9830		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9831				     lun->be_lun->lun_type;
9832	else
9833		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9834	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9835	eid_ptr->page_length = data_len - 4;
9836	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9837	eid_ptr->flags3 = SVPD_EID_V_SUP;
9838
9839	ctsio->scsi_status = SCSI_STATUS_OK;
9840	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9841	ctsio->be_move_done = ctl_config_move_done;
9842	ctl_datamove((union ctl_io *)ctsio);
9843
9844	return (CTL_RETVAL_COMPLETE);
9845}
9846
9847static int
9848ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9849{
9850	struct scsi_vpd_mode_page_policy *mpp_ptr;
9851	struct ctl_lun *lun;
9852	int data_len;
9853
9854	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9855
9856	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9857	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9858
9859	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9860	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9861	ctsio->kern_sg_entries = 0;
9862
9863	if (data_len < alloc_len) {
9864		ctsio->residual = alloc_len - data_len;
9865		ctsio->kern_data_len = data_len;
9866		ctsio->kern_total_len = data_len;
9867	} else {
9868		ctsio->residual = 0;
9869		ctsio->kern_data_len = alloc_len;
9870		ctsio->kern_total_len = alloc_len;
9871	}
9872	ctsio->kern_data_resid = 0;
9873	ctsio->kern_rel_offset = 0;
9874	ctsio->kern_sg_entries = 0;
9875
9876	/*
9877	 * The control device is always connected.  The disk device, on the
9878	 * other hand, may not be online all the time.
9879	 */
9880	if (lun != NULL)
9881		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9882				     lun->be_lun->lun_type;
9883	else
9884		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9885	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9886	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9887	mpp_ptr->descr[0].page_code = 0x3f;
9888	mpp_ptr->descr[0].subpage_code = 0xff;
9889	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9890
9891	ctsio->scsi_status = SCSI_STATUS_OK;
9892	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9893	ctsio->be_move_done = ctl_config_move_done;
9894	ctl_datamove((union ctl_io *)ctsio);
9895
9896	return (CTL_RETVAL_COMPLETE);
9897}
9898
9899static int
9900ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9901{
9902	struct scsi_vpd_device_id *devid_ptr;
9903	struct scsi_vpd_id_descriptor *desc;
9904	struct ctl_softc *ctl_softc;
9905	struct ctl_lun *lun;
9906	struct ctl_port *port;
9907	int data_len;
9908	uint8_t proto;
9909
9910	ctl_softc = control_softc;
9911
9912	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9913	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9914
9915	data_len = sizeof(struct scsi_vpd_device_id) +
9916	    sizeof(struct scsi_vpd_id_descriptor) +
9917		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9918	    sizeof(struct scsi_vpd_id_descriptor) +
9919		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9920	if (lun && lun->lun_devid)
9921		data_len += lun->lun_devid->len;
9922	if (port->port_devid)
9923		data_len += port->port_devid->len;
9924	if (port->target_devid)
9925		data_len += port->target_devid->len;
9926
9927	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9928	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9929	ctsio->kern_sg_entries = 0;
9930
9931	if (data_len < alloc_len) {
9932		ctsio->residual = alloc_len - data_len;
9933		ctsio->kern_data_len = data_len;
9934		ctsio->kern_total_len = data_len;
9935	} else {
9936		ctsio->residual = 0;
9937		ctsio->kern_data_len = alloc_len;
9938		ctsio->kern_total_len = alloc_len;
9939	}
9940	ctsio->kern_data_resid = 0;
9941	ctsio->kern_rel_offset = 0;
9942	ctsio->kern_sg_entries = 0;
9943
9944	/*
9945	 * The control device is always connected.  The disk device, on the
9946	 * other hand, may not be online all the time.
9947	 */
9948	if (lun != NULL)
9949		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9950				     lun->be_lun->lun_type;
9951	else
9952		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9953	devid_ptr->page_code = SVPD_DEVICE_ID;
9954	scsi_ulto2b(data_len - 4, devid_ptr->length);
9955
9956	if (port->port_type == CTL_PORT_FC)
9957		proto = SCSI_PROTO_FC << 4;
9958	else if (port->port_type == CTL_PORT_ISCSI)
9959		proto = SCSI_PROTO_ISCSI << 4;
9960	else
9961		proto = SCSI_PROTO_SPI << 4;
9962	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9963
9964	/*
9965	 * We're using a LUN association here.  i.e., this device ID is a
9966	 * per-LUN identifier.
9967	 */
9968	if (lun && lun->lun_devid) {
9969		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9970		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9971		    lun->lun_devid->len);
9972	}
9973
9974	/*
9975	 * This is for the WWPN which is a port association.
9976	 */
9977	if (port->port_devid) {
9978		memcpy(desc, port->port_devid->data, port->port_devid->len);
9979		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9980		    port->port_devid->len);
9981	}
9982
9983	/*
9984	 * This is for the Relative Target Port(type 4h) identifier
9985	 */
9986	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9987	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9988	    SVPD_ID_TYPE_RELTARG;
9989	desc->length = 4;
9990	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9991	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9992	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9993
9994	/*
9995	 * This is for the Target Port Group(type 5h) identifier
9996	 */
9997	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9998	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9999	    SVPD_ID_TYPE_TPORTGRP;
10000	desc->length = 4;
10001	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
10002	    &desc->identifier[2]);
10003	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10004	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
10005
10006	/*
10007	 * This is for the Target identifier
10008	 */
10009	if (port->target_devid) {
10010		memcpy(desc, port->target_devid->data, port->target_devid->len);
10011	}
10012
10013	ctsio->scsi_status = SCSI_STATUS_OK;
10014	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10015	ctsio->be_move_done = ctl_config_move_done;
10016	ctl_datamove((union ctl_io *)ctsio);
10017
10018	return (CTL_RETVAL_COMPLETE);
10019}
10020
10021static int
10022ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
10023{
10024	struct ctl_softc *softc = control_softc;
10025	struct scsi_vpd_scsi_ports *sp;
10026	struct scsi_vpd_port_designation *pd;
10027	struct scsi_vpd_port_designation_cont *pdc;
10028	struct ctl_lun *lun;
10029	struct ctl_port *port;
10030	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
10031	int num_target_port_groups, single;
10032
10033	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10034
10035	single = ctl_is_single;
10036	if (single)
10037		num_target_port_groups = 1;
10038	else
10039		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
10040	num_target_ports = 0;
10041	iid_len = 0;
10042	id_len = 0;
10043	mtx_lock(&softc->ctl_lock);
10044	STAILQ_FOREACH(port, &softc->port_list, links) {
10045		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10046			continue;
10047		if (lun != NULL &&
10048		    ctl_map_lun_back(port->targ_port, lun->lun) >=
10049		    CTL_MAX_LUNS)
10050			continue;
10051		num_target_ports++;
10052		if (port->init_devid)
10053			iid_len += port->init_devid->len;
10054		if (port->port_devid)
10055			id_len += port->port_devid->len;
10056	}
10057	mtx_unlock(&softc->ctl_lock);
10058
10059	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
10060	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10061	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10062	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10063	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10064	ctsio->kern_sg_entries = 0;
10065
10066	if (data_len < alloc_len) {
10067		ctsio->residual = alloc_len - data_len;
10068		ctsio->kern_data_len = data_len;
10069		ctsio->kern_total_len = data_len;
10070	} else {
10071		ctsio->residual = 0;
10072		ctsio->kern_data_len = alloc_len;
10073		ctsio->kern_total_len = alloc_len;
10074	}
10075	ctsio->kern_data_resid = 0;
10076	ctsio->kern_rel_offset = 0;
10077	ctsio->kern_sg_entries = 0;
10078
10079	/*
10080	 * The control device is always connected.  The disk device, on the
10081	 * other hand, may not be online all the time.  Need to change this
10082	 * to figure out whether the disk device is actually online or not.
10083	 */
10084	if (lun != NULL)
10085		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10086				  lun->be_lun->lun_type;
10087	else
10088		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10089
10090	sp->page_code = SVPD_SCSI_PORTS;
10091	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10092	    sp->page_length);
10093	pd = &sp->design[0];
10094
10095	mtx_lock(&softc->ctl_lock);
10096	if (softc->flags & CTL_FLAG_MASTER_SHELF)
10097		pg = 0;
10098	else
10099		pg = 1;
10100	for (g = 0; g < num_target_port_groups; g++) {
10101		STAILQ_FOREACH(port, &softc->port_list, links) {
10102			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10103				continue;
10104			if (lun != NULL &&
10105			    ctl_map_lun_back(port->targ_port, lun->lun) >=
10106			    CTL_MAX_LUNS)
10107				continue;
10108			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
10109			scsi_ulto2b(p, pd->relative_port_id);
10110			if (port->init_devid && g == pg) {
10111				iid_len = port->init_devid->len;
10112				memcpy(pd->initiator_transportid,
10113				    port->init_devid->data, port->init_devid->len);
10114			} else
10115				iid_len = 0;
10116			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10117			pdc = (struct scsi_vpd_port_designation_cont *)
10118			    (&pd->initiator_transportid[iid_len]);
10119			if (port->port_devid && g == pg) {
10120				id_len = port->port_devid->len;
10121				memcpy(pdc->target_port_descriptors,
10122				    port->port_devid->data, port->port_devid->len);
10123			} else
10124				id_len = 0;
10125			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10126			pd = (struct scsi_vpd_port_designation *)
10127			    ((uint8_t *)pdc->target_port_descriptors + id_len);
10128		}
10129	}
10130	mtx_unlock(&softc->ctl_lock);
10131
10132	ctsio->scsi_status = SCSI_STATUS_OK;
10133	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10134	ctsio->be_move_done = ctl_config_move_done;
10135	ctl_datamove((union ctl_io *)ctsio);
10136
10137	return (CTL_RETVAL_COMPLETE);
10138}
10139
10140static int
10141ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10142{
10143	struct scsi_vpd_block_limits *bl_ptr;
10144	struct ctl_lun *lun;
10145	int bs;
10146
10147	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10148
10149	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10150	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10151	ctsio->kern_sg_entries = 0;
10152
10153	if (sizeof(*bl_ptr) < alloc_len) {
10154		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10155		ctsio->kern_data_len = sizeof(*bl_ptr);
10156		ctsio->kern_total_len = sizeof(*bl_ptr);
10157	} else {
10158		ctsio->residual = 0;
10159		ctsio->kern_data_len = alloc_len;
10160		ctsio->kern_total_len = alloc_len;
10161	}
10162	ctsio->kern_data_resid = 0;
10163	ctsio->kern_rel_offset = 0;
10164	ctsio->kern_sg_entries = 0;
10165
10166	/*
10167	 * The control device is always connected.  The disk device, on the
10168	 * other hand, may not be online all the time.  Need to change this
10169	 * to figure out whether the disk device is actually online or not.
10170	 */
10171	if (lun != NULL)
10172		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10173				  lun->be_lun->lun_type;
10174	else
10175		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10176
10177	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10178	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10179	bl_ptr->max_cmp_write_len = 0xff;
10180	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10181	if (lun != NULL) {
10182		bs = lun->be_lun->blocksize;
10183		scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
10184		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10185			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10186			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10187			if (lun->be_lun->pblockexp != 0) {
10188				scsi_ulto4b((1 << lun->be_lun->pblockexp),
10189				    bl_ptr->opt_unmap_grain);
10190				scsi_ulto4b(0x80000000 | lun->be_lun->pblockoff,
10191				    bl_ptr->unmap_grain_align);
10192			}
10193		}
10194		scsi_ulto4b(lun->be_lun->atomicblock,
10195		    bl_ptr->max_atomic_transfer_length);
10196		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10197		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10198	}
10199	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10200
10201	ctsio->scsi_status = SCSI_STATUS_OK;
10202	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10203	ctsio->be_move_done = ctl_config_move_done;
10204	ctl_datamove((union ctl_io *)ctsio);
10205
10206	return (CTL_RETVAL_COMPLETE);
10207}
10208
10209static int
10210ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10211{
10212	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10213	struct ctl_lun *lun;
10214	const char *value;
10215	u_int i;
10216
10217	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10218
10219	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10220	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10221	ctsio->kern_sg_entries = 0;
10222
10223	if (sizeof(*bdc_ptr) < alloc_len) {
10224		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10225		ctsio->kern_data_len = sizeof(*bdc_ptr);
10226		ctsio->kern_total_len = sizeof(*bdc_ptr);
10227	} else {
10228		ctsio->residual = 0;
10229		ctsio->kern_data_len = alloc_len;
10230		ctsio->kern_total_len = alloc_len;
10231	}
10232	ctsio->kern_data_resid = 0;
10233	ctsio->kern_rel_offset = 0;
10234	ctsio->kern_sg_entries = 0;
10235
10236	/*
10237	 * The control device is always connected.  The disk device, on the
10238	 * other hand, may not be online all the time.  Need to change this
10239	 * to figure out whether the disk device is actually online or not.
10240	 */
10241	if (lun != NULL)
10242		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10243				  lun->be_lun->lun_type;
10244	else
10245		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10246	bdc_ptr->page_code = SVPD_BDC;
10247	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10248	if (lun != NULL &&
10249	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10250		i = strtol(value, NULL, 0);
10251	else
10252		i = SVPD_NON_ROTATING;
10253	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10254	if (lun != NULL &&
10255	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10256		i = strtol(value, NULL, 0);
10257	else
10258		i = 0;
10259	bdc_ptr->wab_wac_ff = (i & 0x0f);
10260	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10261
10262	ctsio->scsi_status = SCSI_STATUS_OK;
10263	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10264	ctsio->be_move_done = ctl_config_move_done;
10265	ctl_datamove((union ctl_io *)ctsio);
10266
10267	return (CTL_RETVAL_COMPLETE);
10268}
10269
10270static int
10271ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10272{
10273	struct scsi_vpd_logical_block_prov *lbp_ptr;
10274	struct ctl_lun *lun;
10275
10276	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10277
10278	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10279	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10280	ctsio->kern_sg_entries = 0;
10281
10282	if (sizeof(*lbp_ptr) < alloc_len) {
10283		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10284		ctsio->kern_data_len = sizeof(*lbp_ptr);
10285		ctsio->kern_total_len = sizeof(*lbp_ptr);
10286	} else {
10287		ctsio->residual = 0;
10288		ctsio->kern_data_len = alloc_len;
10289		ctsio->kern_total_len = alloc_len;
10290	}
10291	ctsio->kern_data_resid = 0;
10292	ctsio->kern_rel_offset = 0;
10293	ctsio->kern_sg_entries = 0;
10294
10295	/*
10296	 * The control device is always connected.  The disk device, on the
10297	 * other hand, may not be online all the time.  Need to change this
10298	 * to figure out whether the disk device is actually online or not.
10299	 */
10300	if (lun != NULL)
10301		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10302				  lun->be_lun->lun_type;
10303	else
10304		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10305
10306	lbp_ptr->page_code = SVPD_LBP;
10307	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10308	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10309		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10310		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10311		lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
10312	}
10313
10314	ctsio->scsi_status = SCSI_STATUS_OK;
10315	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10316	ctsio->be_move_done = ctl_config_move_done;
10317	ctl_datamove((union ctl_io *)ctsio);
10318
10319	return (CTL_RETVAL_COMPLETE);
10320}
10321
10322static int
10323ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10324{
10325	struct scsi_inquiry *cdb;
10326	struct ctl_lun *lun;
10327	int alloc_len, retval;
10328
10329	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10330	cdb = (struct scsi_inquiry *)ctsio->cdb;
10331
10332	retval = CTL_RETVAL_COMPLETE;
10333
10334	alloc_len = scsi_2btoul(cdb->length);
10335
10336	switch (cdb->page_code) {
10337	case SVPD_SUPPORTED_PAGES:
10338		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10339		break;
10340	case SVPD_UNIT_SERIAL_NUMBER:
10341		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10342		break;
10343	case SVPD_DEVICE_ID:
10344		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10345		break;
10346	case SVPD_EXTENDED_INQUIRY_DATA:
10347		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10348		break;
10349	case SVPD_MODE_PAGE_POLICY:
10350		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10351		break;
10352	case SVPD_SCSI_PORTS:
10353		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10354		break;
10355	case SVPD_SCSI_TPC:
10356		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10357		break;
10358	case SVPD_BLOCK_LIMITS:
10359		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10360		break;
10361	case SVPD_BDC:
10362		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10363		break;
10364	case SVPD_LBP:
10365		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10366		break;
10367	default:
10368		ctl_set_invalid_field(ctsio,
10369				      /*sks_valid*/ 1,
10370				      /*command*/ 1,
10371				      /*field*/ 2,
10372				      /*bit_valid*/ 0,
10373				      /*bit*/ 0);
10374		ctl_done((union ctl_io *)ctsio);
10375		retval = CTL_RETVAL_COMPLETE;
10376		break;
10377	}
10378
10379	return (retval);
10380}
10381
10382static int
10383ctl_inquiry_std(struct ctl_scsiio *ctsio)
10384{
10385	struct scsi_inquiry_data *inq_ptr;
10386	struct scsi_inquiry *cdb;
10387	struct ctl_softc *ctl_softc;
10388	struct ctl_lun *lun;
10389	char *val;
10390	uint32_t alloc_len, data_len;
10391	ctl_port_type port_type;
10392
10393	ctl_softc = control_softc;
10394
10395	/*
10396	 * Figure out whether we're talking to a Fibre Channel port or not.
10397	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10398	 * SCSI front ends.
10399	 */
10400	port_type = ctl_softc->ctl_ports[
10401	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
10402	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10403		port_type = CTL_PORT_SCSI;
10404
10405	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10406	cdb = (struct scsi_inquiry *)ctsio->cdb;
10407	alloc_len = scsi_2btoul(cdb->length);
10408
10409	/*
10410	 * We malloc the full inquiry data size here and fill it
10411	 * in.  If the user only asks for less, we'll give him
10412	 * that much.
10413	 */
10414	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10415	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10416	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10417	ctsio->kern_sg_entries = 0;
10418	ctsio->kern_data_resid = 0;
10419	ctsio->kern_rel_offset = 0;
10420
10421	if (data_len < alloc_len) {
10422		ctsio->residual = alloc_len - data_len;
10423		ctsio->kern_data_len = data_len;
10424		ctsio->kern_total_len = data_len;
10425	} else {
10426		ctsio->residual = 0;
10427		ctsio->kern_data_len = alloc_len;
10428		ctsio->kern_total_len = alloc_len;
10429	}
10430
10431	/*
10432	 * If we have a LUN configured, report it as connected.  Otherwise,
10433	 * report that it is offline or no device is supported, depending
10434	 * on the value of inquiry_pq_no_lun.
10435	 *
10436	 * According to the spec (SPC-4 r34), the peripheral qualifier
10437	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10438	 *
10439	 * "A peripheral device having the specified peripheral device type
10440	 * is not connected to this logical unit. However, the device
10441	 * server is capable of supporting the specified peripheral device
10442	 * type on this logical unit."
10443	 *
10444	 * According to the same spec, the peripheral qualifier
10445	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10446	 *
10447	 * "The device server is not capable of supporting a peripheral
10448	 * device on this logical unit. For this peripheral qualifier the
10449	 * peripheral device type shall be set to 1Fh. All other peripheral
10450	 * device type values are reserved for this peripheral qualifier."
10451	 *
10452	 * Given the text, it would seem that we probably want to report that
10453	 * the LUN is offline here.  There is no LUN connected, but we can
10454	 * support a LUN at the given LUN number.
10455	 *
10456	 * In the real world, though, it sounds like things are a little
10457	 * different:
10458	 *
10459	 * - Linux, when presented with a LUN with the offline peripheral
10460	 *   qualifier, will create an sg driver instance for it.  So when
10461	 *   you attach it to CTL, you wind up with a ton of sg driver
10462	 *   instances.  (One for every LUN that Linux bothered to probe.)
10463	 *   Linux does this despite the fact that it issues a REPORT LUNs
10464	 *   to LUN 0 to get the inventory of supported LUNs.
10465	 *
10466	 * - There is other anecdotal evidence (from Emulex folks) about
10467	 *   arrays that use the offline peripheral qualifier for LUNs that
10468	 *   are on the "passive" path in an active/passive array.
10469	 *
10470	 * So the solution is provide a hopefully reasonable default
10471	 * (return bad/no LUN) and allow the user to change the behavior
10472	 * with a tunable/sysctl variable.
10473	 */
10474	if (lun != NULL)
10475		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10476				  lun->be_lun->lun_type;
10477	else if (ctl_softc->inquiry_pq_no_lun == 0)
10478		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10479	else
10480		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10481
10482	/* RMB in byte 2 is 0 */
10483	inq_ptr->version = SCSI_REV_SPC4;
10484
10485	/*
10486	 * According to SAM-3, even if a device only supports a single
10487	 * level of LUN addressing, it should still set the HISUP bit:
10488	 *
10489	 * 4.9.1 Logical unit numbers overview
10490	 *
10491	 * All logical unit number formats described in this standard are
10492	 * hierarchical in structure even when only a single level in that
10493	 * hierarchy is used. The HISUP bit shall be set to one in the
10494	 * standard INQUIRY data (see SPC-2) when any logical unit number
10495	 * format described in this standard is used.  Non-hierarchical
10496	 * formats are outside the scope of this standard.
10497	 *
10498	 * Therefore we set the HiSup bit here.
10499	 *
10500	 * The reponse format is 2, per SPC-3.
10501	 */
10502	inq_ptr->response_format = SID_HiSup | 2;
10503
10504	inq_ptr->additional_length = data_len -
10505	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10506	CTL_DEBUG_PRINT(("additional_length = %d\n",
10507			 inq_ptr->additional_length));
10508
10509	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10510	/* 16 bit addressing */
10511	if (port_type == CTL_PORT_SCSI)
10512		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10513	/* XXX set the SID_MultiP bit here if we're actually going to
10514	   respond on multiple ports */
10515	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10516
10517	/* 16 bit data bus, synchronous transfers */
10518	if (port_type == CTL_PORT_SCSI)
10519		inq_ptr->flags = SID_WBus16 | SID_Sync;
10520	/*
10521	 * XXX KDM do we want to support tagged queueing on the control
10522	 * device at all?
10523	 */
10524	if ((lun == NULL)
10525	 || (lun->be_lun->lun_type != T_PROCESSOR))
10526		inq_ptr->flags |= SID_CmdQue;
10527	/*
10528	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10529	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10530	 * name and 4 bytes for the revision.
10531	 */
10532	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10533	    "vendor")) == NULL) {
10534		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10535	} else {
10536		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10537		strncpy(inq_ptr->vendor, val,
10538		    min(sizeof(inq_ptr->vendor), strlen(val)));
10539	}
10540	if (lun == NULL) {
10541		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10542		    sizeof(inq_ptr->product));
10543	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10544		switch (lun->be_lun->lun_type) {
10545		case T_DIRECT:
10546			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10547			    sizeof(inq_ptr->product));
10548			break;
10549		case T_PROCESSOR:
10550			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10551			    sizeof(inq_ptr->product));
10552			break;
10553		default:
10554			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10555			    sizeof(inq_ptr->product));
10556			break;
10557		}
10558	} else {
10559		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10560		strncpy(inq_ptr->product, val,
10561		    min(sizeof(inq_ptr->product), strlen(val)));
10562	}
10563
10564	/*
10565	 * XXX make this a macro somewhere so it automatically gets
10566	 * incremented when we make changes.
10567	 */
10568	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10569	    "revision")) == NULL) {
10570		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10571	} else {
10572		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10573		strncpy(inq_ptr->revision, val,
10574		    min(sizeof(inq_ptr->revision), strlen(val)));
10575	}
10576
10577	/*
10578	 * For parallel SCSI, we support double transition and single
10579	 * transition clocking.  We also support QAS (Quick Arbitration
10580	 * and Selection) and Information Unit transfers on both the
10581	 * control and array devices.
10582	 */
10583	if (port_type == CTL_PORT_SCSI)
10584		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10585				    SID_SPI_IUS;
10586
10587	/* SAM-5 (no version claimed) */
10588	scsi_ulto2b(0x00A0, inq_ptr->version1);
10589	/* SPC-4 (no version claimed) */
10590	scsi_ulto2b(0x0460, inq_ptr->version2);
10591	if (port_type == CTL_PORT_FC) {
10592		/* FCP-2 ANSI INCITS.350:2003 */
10593		scsi_ulto2b(0x0917, inq_ptr->version3);
10594	} else if (port_type == CTL_PORT_SCSI) {
10595		/* SPI-4 ANSI INCITS.362:200x */
10596		scsi_ulto2b(0x0B56, inq_ptr->version3);
10597	} else if (port_type == CTL_PORT_ISCSI) {
10598		/* iSCSI (no version claimed) */
10599		scsi_ulto2b(0x0960, inq_ptr->version3);
10600	} else if (port_type == CTL_PORT_SAS) {
10601		/* SAS (no version claimed) */
10602		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10603	}
10604
10605	if (lun == NULL) {
10606		/* SBC-4 (no version claimed) */
10607		scsi_ulto2b(0x0600, inq_ptr->version4);
10608	} else {
10609		switch (lun->be_lun->lun_type) {
10610		case T_DIRECT:
10611			/* SBC-4 (no version claimed) */
10612			scsi_ulto2b(0x0600, inq_ptr->version4);
10613			break;
10614		case T_PROCESSOR:
10615		default:
10616			break;
10617		}
10618	}
10619
10620	ctsio->scsi_status = SCSI_STATUS_OK;
10621	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10622	ctsio->be_move_done = ctl_config_move_done;
10623	ctl_datamove((union ctl_io *)ctsio);
10624	return (CTL_RETVAL_COMPLETE);
10625}
10626
10627int
10628ctl_inquiry(struct ctl_scsiio *ctsio)
10629{
10630	struct scsi_inquiry *cdb;
10631	int retval;
10632
10633	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10634
10635	cdb = (struct scsi_inquiry *)ctsio->cdb;
10636	if (cdb->byte2 & SI_EVPD)
10637		retval = ctl_inquiry_evpd(ctsio);
10638	else if (cdb->page_code == 0)
10639		retval = ctl_inquiry_std(ctsio);
10640	else {
10641		ctl_set_invalid_field(ctsio,
10642				      /*sks_valid*/ 1,
10643				      /*command*/ 1,
10644				      /*field*/ 2,
10645				      /*bit_valid*/ 0,
10646				      /*bit*/ 0);
10647		ctl_done((union ctl_io *)ctsio);
10648		return (CTL_RETVAL_COMPLETE);
10649	}
10650
10651	return (retval);
10652}
10653
10654/*
10655 * For known CDB types, parse the LBA and length.
10656 */
10657static int
10658ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10659{
10660	if (io->io_hdr.io_type != CTL_IO_SCSI)
10661		return (1);
10662
10663	switch (io->scsiio.cdb[0]) {
10664	case COMPARE_AND_WRITE: {
10665		struct scsi_compare_and_write *cdb;
10666
10667		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10668
10669		*lba = scsi_8btou64(cdb->addr);
10670		*len = cdb->length;
10671		break;
10672	}
10673	case READ_6:
10674	case WRITE_6: {
10675		struct scsi_rw_6 *cdb;
10676
10677		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10678
10679		*lba = scsi_3btoul(cdb->addr);
10680		/* only 5 bits are valid in the most significant address byte */
10681		*lba &= 0x1fffff;
10682		*len = cdb->length;
10683		break;
10684	}
10685	case READ_10:
10686	case WRITE_10: {
10687		struct scsi_rw_10 *cdb;
10688
10689		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10690
10691		*lba = scsi_4btoul(cdb->addr);
10692		*len = scsi_2btoul(cdb->length);
10693		break;
10694	}
10695	case WRITE_VERIFY_10: {
10696		struct scsi_write_verify_10 *cdb;
10697
10698		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10699
10700		*lba = scsi_4btoul(cdb->addr);
10701		*len = scsi_2btoul(cdb->length);
10702		break;
10703	}
10704	case READ_12:
10705	case WRITE_12: {
10706		struct scsi_rw_12 *cdb;
10707
10708		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10709
10710		*lba = scsi_4btoul(cdb->addr);
10711		*len = scsi_4btoul(cdb->length);
10712		break;
10713	}
10714	case WRITE_VERIFY_12: {
10715		struct scsi_write_verify_12 *cdb;
10716
10717		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10718
10719		*lba = scsi_4btoul(cdb->addr);
10720		*len = scsi_4btoul(cdb->length);
10721		break;
10722	}
10723	case READ_16:
10724	case WRITE_16:
10725	case WRITE_ATOMIC_16: {
10726		struct scsi_rw_16 *cdb;
10727
10728		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10729
10730		*lba = scsi_8btou64(cdb->addr);
10731		*len = scsi_4btoul(cdb->length);
10732		break;
10733	}
10734	case WRITE_VERIFY_16: {
10735		struct scsi_write_verify_16 *cdb;
10736
10737		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10738
10739		*lba = scsi_8btou64(cdb->addr);
10740		*len = scsi_4btoul(cdb->length);
10741		break;
10742	}
10743	case WRITE_SAME_10: {
10744		struct scsi_write_same_10 *cdb;
10745
10746		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10747
10748		*lba = scsi_4btoul(cdb->addr);
10749		*len = scsi_2btoul(cdb->length);
10750		break;
10751	}
10752	case WRITE_SAME_16: {
10753		struct scsi_write_same_16 *cdb;
10754
10755		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10756
10757		*lba = scsi_8btou64(cdb->addr);
10758		*len = scsi_4btoul(cdb->length);
10759		break;
10760	}
10761	case VERIFY_10: {
10762		struct scsi_verify_10 *cdb;
10763
10764		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10765
10766		*lba = scsi_4btoul(cdb->addr);
10767		*len = scsi_2btoul(cdb->length);
10768		break;
10769	}
10770	case VERIFY_12: {
10771		struct scsi_verify_12 *cdb;
10772
10773		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10774
10775		*lba = scsi_4btoul(cdb->addr);
10776		*len = scsi_4btoul(cdb->length);
10777		break;
10778	}
10779	case VERIFY_16: {
10780		struct scsi_verify_16 *cdb;
10781
10782		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10783
10784		*lba = scsi_8btou64(cdb->addr);
10785		*len = scsi_4btoul(cdb->length);
10786		break;
10787	}
10788	case UNMAP: {
10789		*lba = 0;
10790		*len = UINT64_MAX;
10791		break;
10792	}
10793	default:
10794		return (1);
10795		break; /* NOTREACHED */
10796	}
10797
10798	return (0);
10799}
10800
10801static ctl_action
10802ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2)
10803{
10804	uint64_t endlba1, endlba2;
10805
10806	endlba1 = lba1 + len1 - 1;
10807	endlba2 = lba2 + len2 - 1;
10808
10809	if ((endlba1 < lba2)
10810	 || (endlba2 < lba1))
10811		return (CTL_ACTION_PASS);
10812	else
10813		return (CTL_ACTION_BLOCK);
10814}
10815
10816static int
10817ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10818{
10819	struct ctl_ptr_len_flags *ptrlen;
10820	struct scsi_unmap_desc *buf, *end, *range;
10821	uint64_t lba;
10822	uint32_t len;
10823
10824	/* If not UNMAP -- go other way. */
10825	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10826	    io->scsiio.cdb[0] != UNMAP)
10827		return (CTL_ACTION_ERROR);
10828
10829	/* If UNMAP without data -- block and wait for data. */
10830	ptrlen = (struct ctl_ptr_len_flags *)
10831	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10832	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10833	    ptrlen->ptr == NULL)
10834		return (CTL_ACTION_BLOCK);
10835
10836	/* UNMAP with data -- check for collision. */
10837	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10838	end = buf + ptrlen->len / sizeof(*buf);
10839	for (range = buf; range < end; range++) {
10840		lba = scsi_8btou64(range->lba);
10841		len = scsi_4btoul(range->length);
10842		if ((lba < lba2 + len2) && (lba + len > lba2))
10843			return (CTL_ACTION_BLOCK);
10844	}
10845	return (CTL_ACTION_PASS);
10846}
10847
10848static ctl_action
10849ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
10850{
10851	uint64_t lba1, lba2;
10852	uint64_t len1, len2;
10853	int retval;
10854
10855	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10856		return (CTL_ACTION_ERROR);
10857
10858	retval = ctl_extent_check_unmap(io2, lba1, len1);
10859	if (retval != CTL_ACTION_ERROR)
10860		return (retval);
10861
10862	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10863		return (CTL_ACTION_ERROR);
10864
10865	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
10866}
10867
10868static ctl_action
10869ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10870    union ctl_io *ooa_io)
10871{
10872	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10873	ctl_serialize_action *serialize_row;
10874
10875	/*
10876	 * The initiator attempted multiple untagged commands at the same
10877	 * time.  Can't do that.
10878	 */
10879	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10880	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10881	 && ((pending_io->io_hdr.nexus.targ_port ==
10882	      ooa_io->io_hdr.nexus.targ_port)
10883	  && (pending_io->io_hdr.nexus.initid.id ==
10884	      ooa_io->io_hdr.nexus.initid.id))
10885	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10886		return (CTL_ACTION_OVERLAP);
10887
10888	/*
10889	 * The initiator attempted to send multiple tagged commands with
10890	 * the same ID.  (It's fine if different initiators have the same
10891	 * tag ID.)
10892	 *
10893	 * Even if all of those conditions are true, we don't kill the I/O
10894	 * if the command ahead of us has been aborted.  We won't end up
10895	 * sending it to the FETD, and it's perfectly legal to resend a
10896	 * command with the same tag number as long as the previous
10897	 * instance of this tag number has been aborted somehow.
10898	 */
10899	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10900	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10901	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10902	 && ((pending_io->io_hdr.nexus.targ_port ==
10903	      ooa_io->io_hdr.nexus.targ_port)
10904	  && (pending_io->io_hdr.nexus.initid.id ==
10905	      ooa_io->io_hdr.nexus.initid.id))
10906	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10907		return (CTL_ACTION_OVERLAP_TAG);
10908
10909	/*
10910	 * If we get a head of queue tag, SAM-3 says that we should
10911	 * immediately execute it.
10912	 *
10913	 * What happens if this command would normally block for some other
10914	 * reason?  e.g. a request sense with a head of queue tag
10915	 * immediately after a write.  Normally that would block, but this
10916	 * will result in its getting executed immediately...
10917	 *
10918	 * We currently return "pass" instead of "skip", so we'll end up
10919	 * going through the rest of the queue to check for overlapped tags.
10920	 *
10921	 * XXX KDM check for other types of blockage first??
10922	 */
10923	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10924		return (CTL_ACTION_PASS);
10925
10926	/*
10927	 * Ordered tags have to block until all items ahead of them
10928	 * have completed.  If we get called with an ordered tag, we always
10929	 * block, if something else is ahead of us in the queue.
10930	 */
10931	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10932		return (CTL_ACTION_BLOCK);
10933
10934	/*
10935	 * Simple tags get blocked until all head of queue and ordered tags
10936	 * ahead of them have completed.  I'm lumping untagged commands in
10937	 * with simple tags here.  XXX KDM is that the right thing to do?
10938	 */
10939	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10940	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10941	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10942	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10943		return (CTL_ACTION_BLOCK);
10944
10945	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10946	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10947
10948	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10949
10950	switch (serialize_row[pending_entry->seridx]) {
10951	case CTL_SER_BLOCK:
10952		return (CTL_ACTION_BLOCK);
10953	case CTL_SER_EXTENT:
10954		return (ctl_extent_check(pending_io, ooa_io));
10955	case CTL_SER_EXTENTOPT:
10956		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10957		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10958			return (ctl_extent_check(pending_io, ooa_io));
10959		/* FALLTHROUGH */
10960	case CTL_SER_PASS:
10961		return (CTL_ACTION_PASS);
10962	case CTL_SER_BLOCKOPT:
10963		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10964		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10965			return (CTL_ACTION_BLOCK);
10966		return (CTL_ACTION_PASS);
10967	case CTL_SER_SKIP:
10968		return (CTL_ACTION_SKIP);
10969	default:
10970		panic("invalid serialization value %d",
10971		      serialize_row[pending_entry->seridx]);
10972	}
10973
10974	return (CTL_ACTION_ERROR);
10975}
10976
10977/*
10978 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10979 * Assumptions:
10980 * - pending_io is generally either incoming, or on the blocked queue
10981 * - starting I/O is the I/O we want to start the check with.
10982 */
10983static ctl_action
10984ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10985	      union ctl_io *starting_io)
10986{
10987	union ctl_io *ooa_io;
10988	ctl_action action;
10989
10990	mtx_assert(&lun->lun_lock, MA_OWNED);
10991
10992	/*
10993	 * Run back along the OOA queue, starting with the current
10994	 * blocked I/O and going through every I/O before it on the
10995	 * queue.  If starting_io is NULL, we'll just end up returning
10996	 * CTL_ACTION_PASS.
10997	 */
10998	for (ooa_io = starting_io; ooa_io != NULL;
10999	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11000	     ooa_links)){
11001
11002		/*
11003		 * This routine just checks to see whether
11004		 * cur_blocked is blocked by ooa_io, which is ahead
11005		 * of it in the queue.  It doesn't queue/dequeue
11006		 * cur_blocked.
11007		 */
11008		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11009		switch (action) {
11010		case CTL_ACTION_BLOCK:
11011		case CTL_ACTION_OVERLAP:
11012		case CTL_ACTION_OVERLAP_TAG:
11013		case CTL_ACTION_SKIP:
11014		case CTL_ACTION_ERROR:
11015			return (action);
11016			break; /* NOTREACHED */
11017		case CTL_ACTION_PASS:
11018			break;
11019		default:
11020			panic("invalid action %d", action);
11021			break;  /* NOTREACHED */
11022		}
11023	}
11024
11025	return (CTL_ACTION_PASS);
11026}
11027
11028/*
11029 * Assumptions:
11030 * - An I/O has just completed, and has been removed from the per-LUN OOA
11031 *   queue, so some items on the blocked queue may now be unblocked.
11032 */
11033static int
11034ctl_check_blocked(struct ctl_lun *lun)
11035{
11036	union ctl_io *cur_blocked, *next_blocked;
11037
11038	mtx_assert(&lun->lun_lock, MA_OWNED);
11039
11040	/*
11041	 * Run forward from the head of the blocked queue, checking each
11042	 * entry against the I/Os prior to it on the OOA queue to see if
11043	 * there is still any blockage.
11044	 *
11045	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11046	 * with our removing a variable on it while it is traversing the
11047	 * list.
11048	 */
11049	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11050	     cur_blocked != NULL; cur_blocked = next_blocked) {
11051		union ctl_io *prev_ooa;
11052		ctl_action action;
11053
11054		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11055							  blocked_links);
11056
11057		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11058						      ctl_ooaq, ooa_links);
11059
11060		/*
11061		 * If cur_blocked happens to be the first item in the OOA
11062		 * queue now, prev_ooa will be NULL, and the action
11063		 * returned will just be CTL_ACTION_PASS.
11064		 */
11065		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11066
11067		switch (action) {
11068		case CTL_ACTION_BLOCK:
11069			/* Nothing to do here, still blocked */
11070			break;
11071		case CTL_ACTION_OVERLAP:
11072		case CTL_ACTION_OVERLAP_TAG:
11073			/*
11074			 * This shouldn't happen!  In theory we've already
11075			 * checked this command for overlap...
11076			 */
11077			break;
11078		case CTL_ACTION_PASS:
11079		case CTL_ACTION_SKIP: {
11080			struct ctl_softc *softc;
11081			const struct ctl_cmd_entry *entry;
11082			uint32_t initidx;
11083			int isc_retval;
11084
11085			/*
11086			 * The skip case shouldn't happen, this transaction
11087			 * should have never made it onto the blocked queue.
11088			 */
11089			/*
11090			 * This I/O is no longer blocked, we can remove it
11091			 * from the blocked queue.  Since this is a TAILQ
11092			 * (doubly linked list), we can do O(1) removals
11093			 * from any place on the list.
11094			 */
11095			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11096				     blocked_links);
11097			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11098
11099			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
11100				/*
11101				 * Need to send IO back to original side to
11102				 * run
11103				 */
11104				union ctl_ha_msg msg_info;
11105
11106				msg_info.hdr.original_sc =
11107					cur_blocked->io_hdr.original_sc;
11108				msg_info.hdr.serializing_sc = cur_blocked;
11109				msg_info.hdr.msg_type = CTL_MSG_R2R;
11110				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11111				     &msg_info, sizeof(msg_info), 0)) >
11112				     CTL_HA_STATUS_SUCCESS) {
11113					printf("CTL:Check Blocked error from "
11114					       "ctl_ha_msg_send %d\n",
11115					       isc_retval);
11116				}
11117				break;
11118			}
11119			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11120			softc = control_softc;
11121
11122			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
11123
11124			/*
11125			 * Check this I/O for LUN state changes that may
11126			 * have happened while this command was blocked.
11127			 * The LUN state may have been changed by a command
11128			 * ahead of us in the queue, so we need to re-check
11129			 * for any states that can be caused by SCSI
11130			 * commands.
11131			 */
11132			if (ctl_scsiio_lun_check(softc, lun, entry,
11133						 &cur_blocked->scsiio) == 0) {
11134				cur_blocked->io_hdr.flags |=
11135				                      CTL_FLAG_IS_WAS_ON_RTR;
11136				ctl_enqueue_rtr(cur_blocked);
11137			} else
11138				ctl_done(cur_blocked);
11139			break;
11140		}
11141		default:
11142			/*
11143			 * This probably shouldn't happen -- we shouldn't
11144			 * get CTL_ACTION_ERROR, or anything else.
11145			 */
11146			break;
11147		}
11148	}
11149
11150	return (CTL_RETVAL_COMPLETE);
11151}
11152
11153/*
11154 * This routine (with one exception) checks LUN flags that can be set by
11155 * commands ahead of us in the OOA queue.  These flags have to be checked
11156 * when a command initially comes in, and when we pull a command off the
11157 * blocked queue and are preparing to execute it.  The reason we have to
11158 * check these flags for commands on the blocked queue is that the LUN
11159 * state may have been changed by a command ahead of us while we're on the
11160 * blocked queue.
11161 *
11162 * Ordering is somewhat important with these checks, so please pay
11163 * careful attention to the placement of any new checks.
11164 */
11165static int
11166ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
11167    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11168{
11169	int retval;
11170	uint32_t residx;
11171
11172	retval = 0;
11173
11174	mtx_assert(&lun->lun_lock, MA_OWNED);
11175
11176	/*
11177	 * If this shelf is a secondary shelf controller, we have to reject
11178	 * any media access commands.
11179	 */
11180#if 0
11181	/* No longer needed for HA */
11182	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
11183	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
11184		ctl_set_lun_standby(ctsio);
11185		retval = 1;
11186		goto bailout;
11187	}
11188#endif
11189
11190	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11191		if (lun->flags & CTL_LUN_READONLY) {
11192			ctl_set_sense(ctsio, /*current_error*/ 1,
11193			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11194			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
11195			retval = 1;
11196			goto bailout;
11197		}
11198		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11199		    .eca_and_aen & SCP_SWP) != 0) {
11200			ctl_set_sense(ctsio, /*current_error*/ 1,
11201			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11202			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11203			retval = 1;
11204			goto bailout;
11205		}
11206	}
11207
11208	/*
11209	 * Check for a reservation conflict.  If this command isn't allowed
11210	 * even on reserved LUNs, and if this initiator isn't the one who
11211	 * reserved us, reject the command with a reservation conflict.
11212	 */
11213	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
11214	if ((lun->flags & CTL_LUN_RESERVED)
11215	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11216		if (lun->res_idx != residx) {
11217			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
11218			ctsio->io_hdr.status = CTL_SCSI_ERROR;
11219			retval = 1;
11220			goto bailout;
11221		}
11222	}
11223
11224	if ((lun->flags & CTL_LUN_PR_RESERVED)
11225	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV) == 0)) {
11226		/*
11227		 * if we aren't registered or it's a res holder type
11228		 * reservation and this isn't the res holder then set a
11229		 * conflict.
11230		 * NOTE: Commands which might be allowed on write exclusive
11231		 * type reservations are checked in the particular command
11232		 * for a conflict. Read and SSU are the only ones.
11233		 */
11234		if (lun->pr_keys[residx] == 0
11235		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11236			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
11237			ctsio->io_hdr.status = CTL_SCSI_ERROR;
11238			retval = 1;
11239			goto bailout;
11240		}
11241
11242	}
11243
11244	if ((lun->flags & CTL_LUN_OFFLINE)
11245	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
11246		ctl_set_lun_not_ready(ctsio);
11247		retval = 1;
11248		goto bailout;
11249	}
11250
11251	/*
11252	 * If the LUN is stopped, see if this particular command is allowed
11253	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
11254	 */
11255	if ((lun->flags & CTL_LUN_STOPPED)
11256	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11257		/* "Logical unit not ready, initializing cmd. required" */
11258		ctl_set_lun_stopped(ctsio);
11259		retval = 1;
11260		goto bailout;
11261	}
11262
11263	if ((lun->flags & CTL_LUN_INOPERABLE)
11264	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11265		/* "Medium format corrupted" */
11266		ctl_set_medium_format_corrupted(ctsio);
11267		retval = 1;
11268		goto bailout;
11269	}
11270
11271bailout:
11272	return (retval);
11273
11274}
11275
11276static void
11277ctl_failover_io(union ctl_io *io, int have_lock)
11278{
11279	ctl_set_busy(&io->scsiio);
11280	ctl_done(io);
11281}
11282
11283static void
11284ctl_failover(void)
11285{
11286	struct ctl_lun *lun;
11287	struct ctl_softc *ctl_softc;
11288	union ctl_io *next_io, *pending_io;
11289	union ctl_io *io;
11290	int lun_idx;
11291	int i;
11292
11293	ctl_softc = control_softc;
11294
11295	mtx_lock(&ctl_softc->ctl_lock);
11296	/*
11297	 * Remove any cmds from the other SC from the rtr queue.  These
11298	 * will obviously only be for LUNs for which we're the primary.
11299	 * We can't send status or get/send data for these commands.
11300	 * Since they haven't been executed yet, we can just remove them.
11301	 * We'll either abort them or delete them below, depending on
11302	 * which HA mode we're in.
11303	 */
11304#ifdef notyet
11305	mtx_lock(&ctl_softc->queue_lock);
11306	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
11307	     io != NULL; io = next_io) {
11308		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
11309		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11310			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
11311				      ctl_io_hdr, links);
11312	}
11313	mtx_unlock(&ctl_softc->queue_lock);
11314#endif
11315
11316	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
11317		lun = ctl_softc->ctl_luns[lun_idx];
11318		if (lun==NULL)
11319			continue;
11320
11321		/*
11322		 * Processor LUNs are primary on both sides.
11323		 * XXX will this always be true?
11324		 */
11325		if (lun->be_lun->lun_type == T_PROCESSOR)
11326			continue;
11327
11328		if ((lun->flags & CTL_LUN_PRIMARY_SC)
11329		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11330			printf("FAILOVER: primary lun %d\n", lun_idx);
11331		        /*
11332			 * Remove all commands from the other SC. First from the
11333			 * blocked queue then from the ooa queue. Once we have
11334			 * removed them. Call ctl_check_blocked to see if there
11335			 * is anything that can run.
11336			 */
11337			for (io = (union ctl_io *)TAILQ_FIRST(
11338			     &lun->blocked_queue); io != NULL; io = next_io) {
11339
11340		        	next_io = (union ctl_io *)TAILQ_NEXT(
11341				    &io->io_hdr, blocked_links);
11342
11343				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11344					TAILQ_REMOVE(&lun->blocked_queue,
11345						     &io->io_hdr,blocked_links);
11346					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11347					TAILQ_REMOVE(&lun->ooa_queue,
11348						     &io->io_hdr, ooa_links);
11349
11350					ctl_free_io(io);
11351				}
11352			}
11353
11354			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11355	     		     io != NULL; io = next_io) {
11356
11357		        	next_io = (union ctl_io *)TAILQ_NEXT(
11358				    &io->io_hdr, ooa_links);
11359
11360				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11361
11362					TAILQ_REMOVE(&lun->ooa_queue,
11363						&io->io_hdr,
11364					     	ooa_links);
11365
11366					ctl_free_io(io);
11367				}
11368			}
11369			ctl_check_blocked(lun);
11370		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
11371			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11372
11373			printf("FAILOVER: primary lun %d\n", lun_idx);
11374			/*
11375			 * Abort all commands from the other SC.  We can't
11376			 * send status back for them now.  These should get
11377			 * cleaned up when they are completed or come out
11378			 * for a datamove operation.
11379			 */
11380			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11381	     		     io != NULL; io = next_io) {
11382		        	next_io = (union ctl_io *)TAILQ_NEXT(
11383					&io->io_hdr, ooa_links);
11384
11385				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11386					io->io_hdr.flags |= CTL_FLAG_ABORT;
11387			}
11388		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11389			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11390
11391			printf("FAILOVER: secondary lun %d\n", lun_idx);
11392
11393			lun->flags |= CTL_LUN_PRIMARY_SC;
11394
11395			/*
11396			 * We send all I/O that was sent to this controller
11397			 * and redirected to the other side back with
11398			 * busy status, and have the initiator retry it.
11399			 * Figuring out how much data has been transferred,
11400			 * etc. and picking up where we left off would be
11401			 * very tricky.
11402			 *
11403			 * XXX KDM need to remove I/O from the blocked
11404			 * queue as well!
11405			 */
11406			for (pending_io = (union ctl_io *)TAILQ_FIRST(
11407			     &lun->ooa_queue); pending_io != NULL;
11408			     pending_io = next_io) {
11409
11410				next_io =  (union ctl_io *)TAILQ_NEXT(
11411					&pending_io->io_hdr, ooa_links);
11412
11413				pending_io->io_hdr.flags &=
11414					~CTL_FLAG_SENT_2OTHER_SC;
11415
11416				if (pending_io->io_hdr.flags &
11417				    CTL_FLAG_IO_ACTIVE) {
11418					pending_io->io_hdr.flags |=
11419						CTL_FLAG_FAILOVER;
11420				} else {
11421					ctl_set_busy(&pending_io->scsiio);
11422					ctl_done(pending_io);
11423				}
11424			}
11425
11426			/*
11427			 * Build Unit Attention
11428			 */
11429			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11430				lun->pending_ua[i] |=
11431				                     CTL_UA_ASYM_ACC_CHANGE;
11432			}
11433		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11434			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11435			printf("FAILOVER: secondary lun %d\n", lun_idx);
11436			/*
11437			 * if the first io on the OOA is not on the RtR queue
11438			 * add it.
11439			 */
11440			lun->flags |= CTL_LUN_PRIMARY_SC;
11441
11442			pending_io = (union ctl_io *)TAILQ_FIRST(
11443			    &lun->ooa_queue);
11444			if (pending_io==NULL) {
11445				printf("Nothing on OOA queue\n");
11446				continue;
11447			}
11448
11449			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11450			if ((pending_io->io_hdr.flags &
11451			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11452				pending_io->io_hdr.flags |=
11453				    CTL_FLAG_IS_WAS_ON_RTR;
11454				ctl_enqueue_rtr(pending_io);
11455			}
11456#if 0
11457			else
11458			{
11459				printf("Tag 0x%04x is running\n",
11460				      pending_io->scsiio.tag_num);
11461			}
11462#endif
11463
11464			next_io = (union ctl_io *)TAILQ_NEXT(
11465			    &pending_io->io_hdr, ooa_links);
11466			for (pending_io=next_io; pending_io != NULL;
11467			     pending_io = next_io) {
11468				pending_io->io_hdr.flags &=
11469				    ~CTL_FLAG_SENT_2OTHER_SC;
11470				next_io = (union ctl_io *)TAILQ_NEXT(
11471					&pending_io->io_hdr, ooa_links);
11472				if (pending_io->io_hdr.flags &
11473				    CTL_FLAG_IS_WAS_ON_RTR) {
11474#if 0
11475				        printf("Tag 0x%04x is running\n",
11476				      		pending_io->scsiio.tag_num);
11477#endif
11478					continue;
11479				}
11480
11481				switch (ctl_check_ooa(lun, pending_io,
11482			            (union ctl_io *)TAILQ_PREV(
11483				    &pending_io->io_hdr, ctl_ooaq,
11484				    ooa_links))) {
11485
11486				case CTL_ACTION_BLOCK:
11487					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11488							  &pending_io->io_hdr,
11489							  blocked_links);
11490					pending_io->io_hdr.flags |=
11491					    CTL_FLAG_BLOCKED;
11492					break;
11493				case CTL_ACTION_PASS:
11494				case CTL_ACTION_SKIP:
11495					pending_io->io_hdr.flags |=
11496					    CTL_FLAG_IS_WAS_ON_RTR;
11497					ctl_enqueue_rtr(pending_io);
11498					break;
11499				case CTL_ACTION_OVERLAP:
11500					ctl_set_overlapped_cmd(
11501					    (struct ctl_scsiio *)pending_io);
11502					ctl_done(pending_io);
11503					break;
11504				case CTL_ACTION_OVERLAP_TAG:
11505					ctl_set_overlapped_tag(
11506					    (struct ctl_scsiio *)pending_io,
11507					    pending_io->scsiio.tag_num & 0xff);
11508					ctl_done(pending_io);
11509					break;
11510				case CTL_ACTION_ERROR:
11511				default:
11512					ctl_set_internal_failure(
11513						(struct ctl_scsiio *)pending_io,
11514						0,  // sks_valid
11515						0); //retry count
11516					ctl_done(pending_io);
11517					break;
11518				}
11519			}
11520
11521			/*
11522			 * Build Unit Attention
11523			 */
11524			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11525				lun->pending_ua[i] |=
11526				                     CTL_UA_ASYM_ACC_CHANGE;
11527			}
11528		} else {
11529			panic("Unhandled HA mode failover, LUN flags = %#x, "
11530			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
11531		}
11532	}
11533	ctl_pause_rtr = 0;
11534	mtx_unlock(&ctl_softc->ctl_lock);
11535}
11536
11537static int
11538ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
11539{
11540	struct ctl_lun *lun;
11541	const struct ctl_cmd_entry *entry;
11542	uint32_t initidx, targ_lun;
11543	int retval;
11544
11545	retval = 0;
11546
11547	lun = NULL;
11548
11549	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11550	if ((targ_lun < CTL_MAX_LUNS)
11551	 && (ctl_softc->ctl_luns[targ_lun] != NULL)) {
11552		lun = ctl_softc->ctl_luns[targ_lun];
11553		/*
11554		 * If the LUN is invalid, pretend that it doesn't exist.
11555		 * It will go away as soon as all pending I/O has been
11556		 * completed.
11557		 */
11558		if (lun->flags & CTL_LUN_DISABLED) {
11559			lun = NULL;
11560		} else {
11561			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11562			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11563				lun->be_lun;
11564			if (lun->be_lun->lun_type == T_PROCESSOR) {
11565				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11566			}
11567
11568			/*
11569			 * Every I/O goes into the OOA queue for a
11570			 * particular LUN, and stays there until completion.
11571			 */
11572			mtx_lock(&lun->lun_lock);
11573			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11574			    ooa_links);
11575		}
11576	} else {
11577		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11578		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11579	}
11580
11581	/* Get command entry and return error if it is unsuppotyed. */
11582	entry = ctl_validate_command(ctsio);
11583	if (entry == NULL) {
11584		if (lun)
11585			mtx_unlock(&lun->lun_lock);
11586		return (retval);
11587	}
11588
11589	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11590	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11591
11592	/*
11593	 * Check to see whether we can send this command to LUNs that don't
11594	 * exist.  This should pretty much only be the case for inquiry
11595	 * and request sense.  Further checks, below, really require having
11596	 * a LUN, so we can't really check the command anymore.  Just put
11597	 * it on the rtr queue.
11598	 */
11599	if (lun == NULL) {
11600		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11601			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11602			ctl_enqueue_rtr((union ctl_io *)ctsio);
11603			return (retval);
11604		}
11605
11606		ctl_set_unsupported_lun(ctsio);
11607		ctl_done((union ctl_io *)ctsio);
11608		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11609		return (retval);
11610	} else {
11611		/*
11612		 * Make sure we support this particular command on this LUN.
11613		 * e.g., we don't support writes to the control LUN.
11614		 */
11615		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11616			mtx_unlock(&lun->lun_lock);
11617			ctl_set_invalid_opcode(ctsio);
11618			ctl_done((union ctl_io *)ctsio);
11619			return (retval);
11620		}
11621	}
11622
11623	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11624
11625#ifdef CTL_WITH_CA
11626	/*
11627	 * If we've got a request sense, it'll clear the contingent
11628	 * allegiance condition.  Otherwise, if we have a CA condition for
11629	 * this initiator, clear it, because it sent down a command other
11630	 * than request sense.
11631	 */
11632	if ((ctsio->cdb[0] != REQUEST_SENSE)
11633	 && (ctl_is_set(lun->have_ca, initidx)))
11634		ctl_clear_mask(lun->have_ca, initidx);
11635#endif
11636
11637	/*
11638	 * If the command has this flag set, it handles its own unit
11639	 * attention reporting, we shouldn't do anything.  Otherwise we
11640	 * check for any pending unit attentions, and send them back to the
11641	 * initiator.  We only do this when a command initially comes in,
11642	 * not when we pull it off the blocked queue.
11643	 *
11644	 * According to SAM-3, section 5.3.2, the order that things get
11645	 * presented back to the host is basically unit attentions caused
11646	 * by some sort of reset event, busy status, reservation conflicts
11647	 * or task set full, and finally any other status.
11648	 *
11649	 * One issue here is that some of the unit attentions we report
11650	 * don't fall into the "reset" category (e.g. "reported luns data
11651	 * has changed").  So reporting it here, before the reservation
11652	 * check, may be technically wrong.  I guess the only thing to do
11653	 * would be to check for and report the reset events here, and then
11654	 * check for the other unit attention types after we check for a
11655	 * reservation conflict.
11656	 *
11657	 * XXX KDM need to fix this
11658	 */
11659	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11660		ctl_ua_type ua_type;
11661
11662		if (lun->pending_ua[initidx] != CTL_UA_NONE) {
11663			scsi_sense_data_type sense_format;
11664
11665			if (lun != NULL)
11666				sense_format = (lun->flags &
11667				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
11668				    SSD_TYPE_FIXED;
11669			else
11670				sense_format = SSD_TYPE_FIXED;
11671
11672			ua_type = ctl_build_ua(&lun->pending_ua[initidx],
11673			    &ctsio->sense_data, sense_format);
11674			if (ua_type != CTL_UA_NONE) {
11675				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11676				ctsio->io_hdr.status = CTL_SCSI_ERROR |
11677						       CTL_AUTOSENSE;
11678				ctsio->sense_len = SSD_FULL_SIZE;
11679				mtx_unlock(&lun->lun_lock);
11680				ctl_done((union ctl_io *)ctsio);
11681				return (retval);
11682			}
11683		}
11684	}
11685
11686
11687	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
11688		mtx_unlock(&lun->lun_lock);
11689		ctl_done((union ctl_io *)ctsio);
11690		return (retval);
11691	}
11692
11693	/*
11694	 * XXX CHD this is where we want to send IO to other side if
11695	 * this LUN is secondary on this SC. We will need to make a copy
11696	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11697	 * the copy we send as FROM_OTHER.
11698	 * We also need to stuff the address of the original IO so we can
11699	 * find it easily. Something similar will need be done on the other
11700	 * side so when we are done we can find the copy.
11701	 */
11702	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11703		union ctl_ha_msg msg_info;
11704		int isc_retval;
11705
11706		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11707
11708		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11709		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11710#if 0
11711		printf("1. ctsio %p\n", ctsio);
11712#endif
11713		msg_info.hdr.serializing_sc = NULL;
11714		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11715		msg_info.scsi.tag_num = ctsio->tag_num;
11716		msg_info.scsi.tag_type = ctsio->tag_type;
11717		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11718
11719		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11720
11721		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11722		    (void *)&msg_info, sizeof(msg_info), 0)) >
11723		    CTL_HA_STATUS_SUCCESS) {
11724			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11725			       isc_retval);
11726			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11727		} else {
11728#if 0
11729			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11730#endif
11731		}
11732
11733		/*
11734		 * XXX KDM this I/O is off the incoming queue, but hasn't
11735		 * been inserted on any other queue.  We may need to come
11736		 * up with a holding queue while we wait for serialization
11737		 * so that we have an idea of what we're waiting for from
11738		 * the other side.
11739		 */
11740		mtx_unlock(&lun->lun_lock);
11741		return (retval);
11742	}
11743
11744	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11745			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11746			      ctl_ooaq, ooa_links))) {
11747	case CTL_ACTION_BLOCK:
11748		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11749		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11750				  blocked_links);
11751		mtx_unlock(&lun->lun_lock);
11752		return (retval);
11753	case CTL_ACTION_PASS:
11754	case CTL_ACTION_SKIP:
11755		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11756		mtx_unlock(&lun->lun_lock);
11757		ctl_enqueue_rtr((union ctl_io *)ctsio);
11758		break;
11759	case CTL_ACTION_OVERLAP:
11760		mtx_unlock(&lun->lun_lock);
11761		ctl_set_overlapped_cmd(ctsio);
11762		ctl_done((union ctl_io *)ctsio);
11763		break;
11764	case CTL_ACTION_OVERLAP_TAG:
11765		mtx_unlock(&lun->lun_lock);
11766		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11767		ctl_done((union ctl_io *)ctsio);
11768		break;
11769	case CTL_ACTION_ERROR:
11770	default:
11771		mtx_unlock(&lun->lun_lock);
11772		ctl_set_internal_failure(ctsio,
11773					 /*sks_valid*/ 0,
11774					 /*retry_count*/ 0);
11775		ctl_done((union ctl_io *)ctsio);
11776		break;
11777	}
11778	return (retval);
11779}
11780
11781const struct ctl_cmd_entry *
11782ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11783{
11784	const struct ctl_cmd_entry *entry;
11785	int service_action;
11786
11787	entry = &ctl_cmd_table[ctsio->cdb[0]];
11788	if (sa)
11789		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11790	if (entry->flags & CTL_CMD_FLAG_SA5) {
11791		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11792		entry = &((const struct ctl_cmd_entry *)
11793		    entry->execute)[service_action];
11794	}
11795	return (entry);
11796}
11797
11798const struct ctl_cmd_entry *
11799ctl_validate_command(struct ctl_scsiio *ctsio)
11800{
11801	const struct ctl_cmd_entry *entry;
11802	int i, sa;
11803	uint8_t diff;
11804
11805	entry = ctl_get_cmd_entry(ctsio, &sa);
11806	if (entry->execute == NULL) {
11807		if (sa)
11808			ctl_set_invalid_field(ctsio,
11809					      /*sks_valid*/ 1,
11810					      /*command*/ 1,
11811					      /*field*/ 1,
11812					      /*bit_valid*/ 1,
11813					      /*bit*/ 4);
11814		else
11815			ctl_set_invalid_opcode(ctsio);
11816		ctl_done((union ctl_io *)ctsio);
11817		return (NULL);
11818	}
11819	KASSERT(entry->length > 0,
11820	    ("Not defined length for command 0x%02x/0x%02x",
11821	     ctsio->cdb[0], ctsio->cdb[1]));
11822	for (i = 1; i < entry->length; i++) {
11823		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11824		if (diff == 0)
11825			continue;
11826		ctl_set_invalid_field(ctsio,
11827				      /*sks_valid*/ 1,
11828				      /*command*/ 1,
11829				      /*field*/ i,
11830				      /*bit_valid*/ 1,
11831				      /*bit*/ fls(diff) - 1);
11832		ctl_done((union ctl_io *)ctsio);
11833		return (NULL);
11834	}
11835	return (entry);
11836}
11837
11838static int
11839ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11840{
11841
11842	switch (lun_type) {
11843	case T_PROCESSOR:
11844		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11845		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11846			return (0);
11847		break;
11848	case T_DIRECT:
11849		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11850		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11851			return (0);
11852		break;
11853	default:
11854		return (0);
11855	}
11856	return (1);
11857}
11858
11859static int
11860ctl_scsiio(struct ctl_scsiio *ctsio)
11861{
11862	int retval;
11863	const struct ctl_cmd_entry *entry;
11864
11865	retval = CTL_RETVAL_COMPLETE;
11866
11867	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11868
11869	entry = ctl_get_cmd_entry(ctsio, NULL);
11870
11871	/*
11872	 * If this I/O has been aborted, just send it straight to
11873	 * ctl_done() without executing it.
11874	 */
11875	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11876		ctl_done((union ctl_io *)ctsio);
11877		goto bailout;
11878	}
11879
11880	/*
11881	 * All the checks should have been handled by ctl_scsiio_precheck().
11882	 * We should be clear now to just execute the I/O.
11883	 */
11884	retval = entry->execute(ctsio);
11885
11886bailout:
11887	return (retval);
11888}
11889
11890/*
11891 * Since we only implement one target right now, a bus reset simply resets
11892 * our single target.
11893 */
11894static int
11895ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
11896{
11897	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
11898}
11899
11900static int
11901ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
11902		 ctl_ua_type ua_type)
11903{
11904	struct ctl_lun *lun;
11905	int retval;
11906
11907	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11908		union ctl_ha_msg msg_info;
11909
11910		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11911		msg_info.hdr.nexus = io->io_hdr.nexus;
11912		if (ua_type==CTL_UA_TARG_RESET)
11913			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11914		else
11915			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11916		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11917		msg_info.hdr.original_sc = NULL;
11918		msg_info.hdr.serializing_sc = NULL;
11919		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11920		    (void *)&msg_info, sizeof(msg_info), 0)) {
11921		}
11922	}
11923	retval = 0;
11924
11925	mtx_lock(&ctl_softc->ctl_lock);
11926	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
11927		retval += ctl_lun_reset(lun, io, ua_type);
11928	mtx_unlock(&ctl_softc->ctl_lock);
11929
11930	return (retval);
11931}
11932
11933/*
11934 * The LUN should always be set.  The I/O is optional, and is used to
11935 * distinguish between I/Os sent by this initiator, and by other
11936 * initiators.  We set unit attention for initiators other than this one.
11937 * SAM-3 is vague on this point.  It does say that a unit attention should
11938 * be established for other initiators when a LUN is reset (see section
11939 * 5.7.3), but it doesn't specifically say that the unit attention should
11940 * be established for this particular initiator when a LUN is reset.  Here
11941 * is the relevant text, from SAM-3 rev 8:
11942 *
11943 * 5.7.2 When a SCSI initiator port aborts its own tasks
11944 *
11945 * When a SCSI initiator port causes its own task(s) to be aborted, no
11946 * notification that the task(s) have been aborted shall be returned to
11947 * the SCSI initiator port other than the completion response for the
11948 * command or task management function action that caused the task(s) to
11949 * be aborted and notification(s) associated with related effects of the
11950 * action (e.g., a reset unit attention condition).
11951 *
11952 * XXX KDM for now, we're setting unit attention for all initiators.
11953 */
11954static int
11955ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11956{
11957	union ctl_io *xio;
11958#if 0
11959	uint32_t initindex;
11960#endif
11961	int i;
11962
11963	mtx_lock(&lun->lun_lock);
11964	/*
11965	 * Run through the OOA queue and abort each I/O.
11966	 */
11967#if 0
11968	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11969#endif
11970	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11971	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11972		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11973	}
11974
11975	/*
11976	 * This version sets unit attention for every
11977	 */
11978#if 0
11979	initindex = ctl_get_initindex(&io->io_hdr.nexus);
11980	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11981		if (initindex == i)
11982			continue;
11983		lun->pending_ua[i] |= ua_type;
11984	}
11985#endif
11986
11987	/*
11988	 * A reset (any kind, really) clears reservations established with
11989	 * RESERVE/RELEASE.  It does not clear reservations established
11990	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11991	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11992	 * reservations made with the RESERVE/RELEASE commands, because
11993	 * those commands are obsolete in SPC-3.
11994	 */
11995	lun->flags &= ~CTL_LUN_RESERVED;
11996
11997	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11998#ifdef CTL_WITH_CA
11999		ctl_clear_mask(lun->have_ca, i);
12000#endif
12001		lun->pending_ua[i] |= ua_type;
12002	}
12003	mtx_unlock(&lun->lun_lock);
12004
12005	return (0);
12006}
12007
12008static void
12009ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
12010    int other_sc)
12011{
12012	union ctl_io *xio;
12013
12014	mtx_assert(&lun->lun_lock, MA_OWNED);
12015
12016	/*
12017	 * Run through the OOA queue and attempt to find the given I/O.
12018	 * The target port, initiator ID, tag type and tag number have to
12019	 * match the values that we got from the initiator.  If we have an
12020	 * untagged command to abort, simply abort the first untagged command
12021	 * we come to.  We only allow one untagged command at a time of course.
12022	 */
12023	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12024	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12025
12026		if ((targ_port == UINT32_MAX ||
12027		     targ_port == xio->io_hdr.nexus.targ_port) &&
12028		    (init_id == UINT32_MAX ||
12029		     init_id == xio->io_hdr.nexus.initid.id)) {
12030			if (targ_port != xio->io_hdr.nexus.targ_port ||
12031			    init_id != xio->io_hdr.nexus.initid.id)
12032				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
12033			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12034			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12035				union ctl_ha_msg msg_info;
12036
12037				msg_info.hdr.nexus = xio->io_hdr.nexus;
12038				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12039				msg_info.task.tag_num = xio->scsiio.tag_num;
12040				msg_info.task.tag_type = xio->scsiio.tag_type;
12041				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12042				msg_info.hdr.original_sc = NULL;
12043				msg_info.hdr.serializing_sc = NULL;
12044				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12045				    (void *)&msg_info, sizeof(msg_info), 0);
12046			}
12047		}
12048	}
12049}
12050
12051static int
12052ctl_abort_task_set(union ctl_io *io)
12053{
12054	struct ctl_softc *softc = control_softc;
12055	struct ctl_lun *lun;
12056	uint32_t targ_lun;
12057
12058	/*
12059	 * Look up the LUN.
12060	 */
12061	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12062	mtx_lock(&softc->ctl_lock);
12063	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
12064		lun = softc->ctl_luns[targ_lun];
12065	else {
12066		mtx_unlock(&softc->ctl_lock);
12067		return (1);
12068	}
12069
12070	mtx_lock(&lun->lun_lock);
12071	mtx_unlock(&softc->ctl_lock);
12072	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12073		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12074		    io->io_hdr.nexus.initid.id,
12075		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12076	} else { /* CTL_TASK_CLEAR_TASK_SET */
12077		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12078		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12079	}
12080	mtx_unlock(&lun->lun_lock);
12081	return (0);
12082}
12083
12084static int
12085ctl_i_t_nexus_reset(union ctl_io *io)
12086{
12087	struct ctl_softc *softc = control_softc;
12088	struct ctl_lun *lun;
12089	uint32_t initindex, residx;
12090
12091	initindex = ctl_get_initindex(&io->io_hdr.nexus);
12092	residx = ctl_get_resindex(&io->io_hdr.nexus);
12093	mtx_lock(&softc->ctl_lock);
12094	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12095		mtx_lock(&lun->lun_lock);
12096		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12097		    io->io_hdr.nexus.initid.id,
12098		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12099#ifdef CTL_WITH_CA
12100		ctl_clear_mask(lun->have_ca, initindex);
12101#endif
12102		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
12103			lun->flags &= ~CTL_LUN_RESERVED;
12104		lun->pending_ua[initindex] |= CTL_UA_I_T_NEXUS_LOSS;
12105		mtx_unlock(&lun->lun_lock);
12106	}
12107	mtx_unlock(&softc->ctl_lock);
12108	return (0);
12109}
12110
12111static int
12112ctl_abort_task(union ctl_io *io)
12113{
12114	union ctl_io *xio;
12115	struct ctl_lun *lun;
12116	struct ctl_softc *ctl_softc;
12117#if 0
12118	struct sbuf sb;
12119	char printbuf[128];
12120#endif
12121	int found;
12122	uint32_t targ_lun;
12123
12124	ctl_softc = control_softc;
12125	found = 0;
12126
12127	/*
12128	 * Look up the LUN.
12129	 */
12130	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12131	mtx_lock(&ctl_softc->ctl_lock);
12132	if ((targ_lun < CTL_MAX_LUNS)
12133	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12134		lun = ctl_softc->ctl_luns[targ_lun];
12135	else {
12136		mtx_unlock(&ctl_softc->ctl_lock);
12137		return (1);
12138	}
12139
12140#if 0
12141	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12142	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12143#endif
12144
12145	mtx_lock(&lun->lun_lock);
12146	mtx_unlock(&ctl_softc->ctl_lock);
12147	/*
12148	 * Run through the OOA queue and attempt to find the given I/O.
12149	 * The target port, initiator ID, tag type and tag number have to
12150	 * match the values that we got from the initiator.  If we have an
12151	 * untagged command to abort, simply abort the first untagged command
12152	 * we come to.  We only allow one untagged command at a time of course.
12153	 */
12154#if 0
12155	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
12156#endif
12157	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12158	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12159#if 0
12160		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12161
12162		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12163			    lun->lun, xio->scsiio.tag_num,
12164			    xio->scsiio.tag_type,
12165			    (xio->io_hdr.blocked_links.tqe_prev
12166			    == NULL) ? "" : " BLOCKED",
12167			    (xio->io_hdr.flags &
12168			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12169			    (xio->io_hdr.flags &
12170			    CTL_FLAG_ABORT) ? " ABORT" : "",
12171			    (xio->io_hdr.flags &
12172			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12173		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12174		sbuf_finish(&sb);
12175		printf("%s\n", sbuf_data(&sb));
12176#endif
12177
12178		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
12179		 && (xio->io_hdr.nexus.initid.id ==
12180		     io->io_hdr.nexus.initid.id)) {
12181			/*
12182			 * If the abort says that the task is untagged, the
12183			 * task in the queue must be untagged.  Otherwise,
12184			 * we just check to see whether the tag numbers
12185			 * match.  This is because the QLogic firmware
12186			 * doesn't pass back the tag type in an abort
12187			 * request.
12188			 */
12189#if 0
12190			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12191			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12192			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
12193#endif
12194			/*
12195			 * XXX KDM we've got problems with FC, because it
12196			 * doesn't send down a tag type with aborts.  So we
12197			 * can only really go by the tag number...
12198			 * This may cause problems with parallel SCSI.
12199			 * Need to figure that out!!
12200			 */
12201			if (xio->scsiio.tag_num == io->taskio.tag_num) {
12202				xio->io_hdr.flags |= CTL_FLAG_ABORT;
12203				found = 1;
12204				if ((io->io_hdr.flags &
12205				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
12206				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12207					union ctl_ha_msg msg_info;
12208
12209					io->io_hdr.flags |=
12210					                CTL_FLAG_SENT_2OTHER_SC;
12211					msg_info.hdr.nexus = io->io_hdr.nexus;
12212					msg_info.task.task_action =
12213						CTL_TASK_ABORT_TASK;
12214					msg_info.task.tag_num =
12215						io->taskio.tag_num;
12216					msg_info.task.tag_type =
12217						io->taskio.tag_type;
12218					msg_info.hdr.msg_type =
12219						CTL_MSG_MANAGE_TASKS;
12220					msg_info.hdr.original_sc = NULL;
12221					msg_info.hdr.serializing_sc = NULL;
12222#if 0
12223					printf("Sent Abort to other side\n");
12224#endif
12225					if (CTL_HA_STATUS_SUCCESS !=
12226					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12227		    				(void *)&msg_info,
12228						sizeof(msg_info), 0)) {
12229					}
12230				}
12231#if 0
12232				printf("ctl_abort_task: found I/O to abort\n");
12233#endif
12234				break;
12235			}
12236		}
12237	}
12238	mtx_unlock(&lun->lun_lock);
12239
12240	if (found == 0) {
12241		/*
12242		 * This isn't really an error.  It's entirely possible for
12243		 * the abort and command completion to cross on the wire.
12244		 * This is more of an informative/diagnostic error.
12245		 */
12246#if 0
12247		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12248		       "%d:%d:%d:%d tag %d type %d\n",
12249		       io->io_hdr.nexus.initid.id,
12250		       io->io_hdr.nexus.targ_port,
12251		       io->io_hdr.nexus.targ_target.id,
12252		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12253		       io->taskio.tag_type);
12254#endif
12255	}
12256	return (0);
12257}
12258
12259static void
12260ctl_run_task(union ctl_io *io)
12261{
12262	struct ctl_softc *ctl_softc = control_softc;
12263	int retval = 1;
12264	const char *task_desc;
12265
12266	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12267
12268	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12269	    ("ctl_run_task: Unextected io_type %d\n",
12270	     io->io_hdr.io_type));
12271
12272	task_desc = ctl_scsi_task_string(&io->taskio);
12273	if (task_desc != NULL) {
12274#ifdef NEEDTOPORT
12275		csevent_log(CSC_CTL | CSC_SHELF_SW |
12276			    CTL_TASK_REPORT,
12277			    csevent_LogType_Trace,
12278			    csevent_Severity_Information,
12279			    csevent_AlertLevel_Green,
12280			    csevent_FRU_Firmware,
12281			    csevent_FRU_Unknown,
12282			    "CTL: received task: %s",task_desc);
12283#endif
12284	} else {
12285#ifdef NEEDTOPORT
12286		csevent_log(CSC_CTL | CSC_SHELF_SW |
12287			    CTL_TASK_REPORT,
12288			    csevent_LogType_Trace,
12289			    csevent_Severity_Information,
12290			    csevent_AlertLevel_Green,
12291			    csevent_FRU_Firmware,
12292			    csevent_FRU_Unknown,
12293			    "CTL: received unknown task "
12294			    "type: %d (%#x)",
12295			    io->taskio.task_action,
12296			    io->taskio.task_action);
12297#endif
12298	}
12299	switch (io->taskio.task_action) {
12300	case CTL_TASK_ABORT_TASK:
12301		retval = ctl_abort_task(io);
12302		break;
12303	case CTL_TASK_ABORT_TASK_SET:
12304	case CTL_TASK_CLEAR_TASK_SET:
12305		retval = ctl_abort_task_set(io);
12306		break;
12307	case CTL_TASK_CLEAR_ACA:
12308		break;
12309	case CTL_TASK_I_T_NEXUS_RESET:
12310		retval = ctl_i_t_nexus_reset(io);
12311		break;
12312	case CTL_TASK_LUN_RESET: {
12313		struct ctl_lun *lun;
12314		uint32_t targ_lun;
12315
12316		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12317		mtx_lock(&ctl_softc->ctl_lock);
12318		if ((targ_lun < CTL_MAX_LUNS)
12319		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12320			lun = ctl_softc->ctl_luns[targ_lun];
12321		else {
12322			mtx_unlock(&ctl_softc->ctl_lock);
12323			retval = 1;
12324			break;
12325		}
12326
12327		if (!(io->io_hdr.flags &
12328		    CTL_FLAG_FROM_OTHER_SC)) {
12329			union ctl_ha_msg msg_info;
12330
12331			io->io_hdr.flags |=
12332				CTL_FLAG_SENT_2OTHER_SC;
12333			msg_info.hdr.msg_type =
12334				CTL_MSG_MANAGE_TASKS;
12335			msg_info.hdr.nexus = io->io_hdr.nexus;
12336			msg_info.task.task_action =
12337				CTL_TASK_LUN_RESET;
12338			msg_info.hdr.original_sc = NULL;
12339			msg_info.hdr.serializing_sc = NULL;
12340			if (CTL_HA_STATUS_SUCCESS !=
12341			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12342			    (void *)&msg_info,
12343			    sizeof(msg_info), 0)) {
12344			}
12345		}
12346
12347		retval = ctl_lun_reset(lun, io,
12348				       CTL_UA_LUN_RESET);
12349		mtx_unlock(&ctl_softc->ctl_lock);
12350		break;
12351	}
12352	case CTL_TASK_TARGET_RESET:
12353		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
12354		break;
12355	case CTL_TASK_BUS_RESET:
12356		retval = ctl_bus_reset(ctl_softc, io);
12357		break;
12358	case CTL_TASK_PORT_LOGIN:
12359		break;
12360	case CTL_TASK_PORT_LOGOUT:
12361		break;
12362	default:
12363		printf("ctl_run_task: got unknown task management event %d\n",
12364		       io->taskio.task_action);
12365		break;
12366	}
12367	if (retval == 0)
12368		io->io_hdr.status = CTL_SUCCESS;
12369	else
12370		io->io_hdr.status = CTL_ERROR;
12371	ctl_done(io);
12372}
12373
12374/*
12375 * For HA operation.  Handle commands that come in from the other
12376 * controller.
12377 */
12378static void
12379ctl_handle_isc(union ctl_io *io)
12380{
12381	int free_io;
12382	struct ctl_lun *lun;
12383	struct ctl_softc *ctl_softc;
12384	uint32_t targ_lun;
12385
12386	ctl_softc = control_softc;
12387
12388	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12389	lun = ctl_softc->ctl_luns[targ_lun];
12390
12391	switch (io->io_hdr.msg_type) {
12392	case CTL_MSG_SERIALIZE:
12393		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12394		break;
12395	case CTL_MSG_R2R: {
12396		const struct ctl_cmd_entry *entry;
12397
12398		/*
12399		 * This is only used in SER_ONLY mode.
12400		 */
12401		free_io = 0;
12402		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12403		mtx_lock(&lun->lun_lock);
12404		if (ctl_scsiio_lun_check(ctl_softc, lun,
12405		    entry, (struct ctl_scsiio *)io) != 0) {
12406			mtx_unlock(&lun->lun_lock);
12407			ctl_done(io);
12408			break;
12409		}
12410		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12411		mtx_unlock(&lun->lun_lock);
12412		ctl_enqueue_rtr(io);
12413		break;
12414	}
12415	case CTL_MSG_FINISH_IO:
12416		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
12417			free_io = 0;
12418			ctl_done(io);
12419		} else {
12420			free_io = 1;
12421			mtx_lock(&lun->lun_lock);
12422			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12423				     ooa_links);
12424			ctl_check_blocked(lun);
12425			mtx_unlock(&lun->lun_lock);
12426		}
12427		break;
12428	case CTL_MSG_PERS_ACTION:
12429		ctl_hndl_per_res_out_on_other_sc(
12430			(union ctl_ha_msg *)&io->presio.pr_msg);
12431		free_io = 1;
12432		break;
12433	case CTL_MSG_BAD_JUJU:
12434		free_io = 0;
12435		ctl_done(io);
12436		break;
12437	case CTL_MSG_DATAMOVE:
12438		/* Only used in XFER mode */
12439		free_io = 0;
12440		ctl_datamove_remote(io);
12441		break;
12442	case CTL_MSG_DATAMOVE_DONE:
12443		/* Only used in XFER mode */
12444		free_io = 0;
12445		io->scsiio.be_move_done(io);
12446		break;
12447	default:
12448		free_io = 1;
12449		printf("%s: Invalid message type %d\n",
12450		       __func__, io->io_hdr.msg_type);
12451		break;
12452	}
12453	if (free_io)
12454		ctl_free_io(io);
12455
12456}
12457
12458
12459/*
12460 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12461 * there is no match.
12462 */
12463static ctl_lun_error_pattern
12464ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12465{
12466	const struct ctl_cmd_entry *entry;
12467	ctl_lun_error_pattern filtered_pattern, pattern;
12468
12469	pattern = desc->error_pattern;
12470
12471	/*
12472	 * XXX KDM we need more data passed into this function to match a
12473	 * custom pattern, and we actually need to implement custom pattern
12474	 * matching.
12475	 */
12476	if (pattern & CTL_LUN_PAT_CMD)
12477		return (CTL_LUN_PAT_CMD);
12478
12479	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12480		return (CTL_LUN_PAT_ANY);
12481
12482	entry = ctl_get_cmd_entry(ctsio, NULL);
12483
12484	filtered_pattern = entry->pattern & pattern;
12485
12486	/*
12487	 * If the user requested specific flags in the pattern (e.g.
12488	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12489	 * flags.
12490	 *
12491	 * If the user did not specify any flags, it doesn't matter whether
12492	 * or not the command supports the flags.
12493	 */
12494	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12495	     (pattern & ~CTL_LUN_PAT_MASK))
12496		return (CTL_LUN_PAT_NONE);
12497
12498	/*
12499	 * If the user asked for a range check, see if the requested LBA
12500	 * range overlaps with this command's LBA range.
12501	 */
12502	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12503		uint64_t lba1;
12504		uint64_t len1;
12505		ctl_action action;
12506		int retval;
12507
12508		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12509		if (retval != 0)
12510			return (CTL_LUN_PAT_NONE);
12511
12512		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12513					      desc->lba_range.len);
12514		/*
12515		 * A "pass" means that the LBA ranges don't overlap, so
12516		 * this doesn't match the user's range criteria.
12517		 */
12518		if (action == CTL_ACTION_PASS)
12519			return (CTL_LUN_PAT_NONE);
12520	}
12521
12522	return (filtered_pattern);
12523}
12524
12525static void
12526ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12527{
12528	struct ctl_error_desc *desc, *desc2;
12529
12530	mtx_assert(&lun->lun_lock, MA_OWNED);
12531
12532	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12533		ctl_lun_error_pattern pattern;
12534		/*
12535		 * Check to see whether this particular command matches
12536		 * the pattern in the descriptor.
12537		 */
12538		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12539		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12540			continue;
12541
12542		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12543		case CTL_LUN_INJ_ABORTED:
12544			ctl_set_aborted(&io->scsiio);
12545			break;
12546		case CTL_LUN_INJ_MEDIUM_ERR:
12547			ctl_set_medium_error(&io->scsiio);
12548			break;
12549		case CTL_LUN_INJ_UA:
12550			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12551			 * OCCURRED */
12552			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12553			break;
12554		case CTL_LUN_INJ_CUSTOM:
12555			/*
12556			 * We're assuming the user knows what he is doing.
12557			 * Just copy the sense information without doing
12558			 * checks.
12559			 */
12560			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12561			      ctl_min(sizeof(desc->custom_sense),
12562				      sizeof(io->scsiio.sense_data)));
12563			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12564			io->scsiio.sense_len = SSD_FULL_SIZE;
12565			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12566			break;
12567		case CTL_LUN_INJ_NONE:
12568		default:
12569			/*
12570			 * If this is an error injection type we don't know
12571			 * about, clear the continuous flag (if it is set)
12572			 * so it will get deleted below.
12573			 */
12574			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12575			break;
12576		}
12577		/*
12578		 * By default, each error injection action is a one-shot
12579		 */
12580		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12581			continue;
12582
12583		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12584
12585		free(desc, M_CTL);
12586	}
12587}
12588
12589#ifdef CTL_IO_DELAY
12590static void
12591ctl_datamove_timer_wakeup(void *arg)
12592{
12593	union ctl_io *io;
12594
12595	io = (union ctl_io *)arg;
12596
12597	ctl_datamove(io);
12598}
12599#endif /* CTL_IO_DELAY */
12600
12601void
12602ctl_datamove(union ctl_io *io)
12603{
12604	void (*fe_datamove)(union ctl_io *io);
12605
12606	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12607
12608	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12609
12610#ifdef CTL_TIME_IO
12611	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12612		char str[256];
12613		char path_str[64];
12614		struct sbuf sb;
12615
12616		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12617		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12618
12619		sbuf_cat(&sb, path_str);
12620		switch (io->io_hdr.io_type) {
12621		case CTL_IO_SCSI:
12622			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12623			sbuf_printf(&sb, "\n");
12624			sbuf_cat(&sb, path_str);
12625			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12626				    io->scsiio.tag_num, io->scsiio.tag_type);
12627			break;
12628		case CTL_IO_TASK:
12629			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12630				    "Tag Type: %d\n", io->taskio.task_action,
12631				    io->taskio.tag_num, io->taskio.tag_type);
12632			break;
12633		default:
12634			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12635			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12636			break;
12637		}
12638		sbuf_cat(&sb, path_str);
12639		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12640			    (intmax_t)time_uptime - io->io_hdr.start_time);
12641		sbuf_finish(&sb);
12642		printf("%s", sbuf_data(&sb));
12643	}
12644#endif /* CTL_TIME_IO */
12645
12646#ifdef CTL_IO_DELAY
12647	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12648		struct ctl_lun *lun;
12649
12650		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12651
12652		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12653	} else {
12654		struct ctl_lun *lun;
12655
12656		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12657		if ((lun != NULL)
12658		 && (lun->delay_info.datamove_delay > 0)) {
12659			struct callout *callout;
12660
12661			callout = (struct callout *)&io->io_hdr.timer_bytes;
12662			callout_init(callout, /*mpsafe*/ 1);
12663			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12664			callout_reset(callout,
12665				      lun->delay_info.datamove_delay * hz,
12666				      ctl_datamove_timer_wakeup, io);
12667			if (lun->delay_info.datamove_type ==
12668			    CTL_DELAY_TYPE_ONESHOT)
12669				lun->delay_info.datamove_delay = 0;
12670			return;
12671		}
12672	}
12673#endif
12674
12675	/*
12676	 * This command has been aborted.  Set the port status, so we fail
12677	 * the data move.
12678	 */
12679	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12680		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12681		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12682		       io->io_hdr.nexus.targ_port,
12683		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12684		       io->io_hdr.nexus.targ_lun);
12685		io->io_hdr.port_status = 31337;
12686		/*
12687		 * Note that the backend, in this case, will get the
12688		 * callback in its context.  In other cases it may get
12689		 * called in the frontend's interrupt thread context.
12690		 */
12691		io->scsiio.be_move_done(io);
12692		return;
12693	}
12694
12695	/* Don't confuse frontend with zero length data move. */
12696	if (io->scsiio.kern_data_len == 0) {
12697		io->scsiio.be_move_done(io);
12698		return;
12699	}
12700
12701	/*
12702	 * If we're in XFER mode and this I/O is from the other shelf
12703	 * controller, we need to send the DMA to the other side to
12704	 * actually transfer the data to/from the host.  In serialize only
12705	 * mode the transfer happens below CTL and ctl_datamove() is only
12706	 * called on the machine that originally received the I/O.
12707	 */
12708	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12709	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12710		union ctl_ha_msg msg;
12711		uint32_t sg_entries_sent;
12712		int do_sg_copy;
12713		int i;
12714
12715		memset(&msg, 0, sizeof(msg));
12716		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12717		msg.hdr.original_sc = io->io_hdr.original_sc;
12718		msg.hdr.serializing_sc = io;
12719		msg.hdr.nexus = io->io_hdr.nexus;
12720		msg.dt.flags = io->io_hdr.flags;
12721		/*
12722		 * We convert everything into a S/G list here.  We can't
12723		 * pass by reference, only by value between controllers.
12724		 * So we can't pass a pointer to the S/G list, only as many
12725		 * S/G entries as we can fit in here.  If it's possible for
12726		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12727		 * then we need to break this up into multiple transfers.
12728		 */
12729		if (io->scsiio.kern_sg_entries == 0) {
12730			msg.dt.kern_sg_entries = 1;
12731			/*
12732			 * If this is in cached memory, flush the cache
12733			 * before we send the DMA request to the other
12734			 * controller.  We want to do this in either the
12735			 * read or the write case.  The read case is
12736			 * straightforward.  In the write case, we want to
12737			 * make sure nothing is in the local cache that
12738			 * could overwrite the DMAed data.
12739			 */
12740			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12741				/*
12742				 * XXX KDM use bus_dmamap_sync() here.
12743				 */
12744			}
12745
12746			/*
12747			 * Convert to a physical address if this is a
12748			 * virtual address.
12749			 */
12750			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12751				msg.dt.sg_list[0].addr =
12752					io->scsiio.kern_data_ptr;
12753			} else {
12754				/*
12755				 * XXX KDM use busdma here!
12756				 */
12757#if 0
12758				msg.dt.sg_list[0].addr = (void *)
12759					vtophys(io->scsiio.kern_data_ptr);
12760#endif
12761			}
12762
12763			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12764			do_sg_copy = 0;
12765		} else {
12766			struct ctl_sg_entry *sgl;
12767
12768			do_sg_copy = 1;
12769			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12770			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12771			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12772				/*
12773				 * XXX KDM use bus_dmamap_sync() here.
12774				 */
12775			}
12776		}
12777
12778		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12779		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12780		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12781		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12782		msg.dt.sg_sequence = 0;
12783
12784		/*
12785		 * Loop until we've sent all of the S/G entries.  On the
12786		 * other end, we'll recompose these S/G entries into one
12787		 * contiguous list before passing it to the
12788		 */
12789		for (sg_entries_sent = 0; sg_entries_sent <
12790		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12791			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
12792				sizeof(msg.dt.sg_list[0])),
12793				msg.dt.kern_sg_entries - sg_entries_sent);
12794
12795			if (do_sg_copy != 0) {
12796				struct ctl_sg_entry *sgl;
12797				int j;
12798
12799				sgl = (struct ctl_sg_entry *)
12800					io->scsiio.kern_data_ptr;
12801				/*
12802				 * If this is in cached memory, flush the cache
12803				 * before we send the DMA request to the other
12804				 * controller.  We want to do this in either
12805				 * the * read or the write case.  The read
12806				 * case is straightforward.  In the write
12807				 * case, we want to make sure nothing is
12808				 * in the local cache that could overwrite
12809				 * the DMAed data.
12810				 */
12811
12812				for (i = sg_entries_sent, j = 0;
12813				     i < msg.dt.cur_sg_entries; i++, j++) {
12814					if ((io->io_hdr.flags &
12815					     CTL_FLAG_NO_DATASYNC) == 0) {
12816						/*
12817						 * XXX KDM use bus_dmamap_sync()
12818						 */
12819					}
12820					if ((io->io_hdr.flags &
12821					     CTL_FLAG_BUS_ADDR) == 0) {
12822						/*
12823						 * XXX KDM use busdma.
12824						 */
12825#if 0
12826						msg.dt.sg_list[j].addr =(void *)
12827						       vtophys(sgl[i].addr);
12828#endif
12829					} else {
12830						msg.dt.sg_list[j].addr =
12831							sgl[i].addr;
12832					}
12833					msg.dt.sg_list[j].len = sgl[i].len;
12834				}
12835			}
12836
12837			sg_entries_sent += msg.dt.cur_sg_entries;
12838			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12839				msg.dt.sg_last = 1;
12840			else
12841				msg.dt.sg_last = 0;
12842
12843			/*
12844			 * XXX KDM drop and reacquire the lock here?
12845			 */
12846			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12847			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12848				/*
12849				 * XXX do something here.
12850				 */
12851			}
12852
12853			msg.dt.sent_sg_entries = sg_entries_sent;
12854		}
12855		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12856		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12857			ctl_failover_io(io, /*have_lock*/ 0);
12858
12859	} else {
12860
12861		/*
12862		 * Lookup the fe_datamove() function for this particular
12863		 * front end.
12864		 */
12865		fe_datamove =
12866		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12867
12868		fe_datamove(io);
12869	}
12870}
12871
12872static void
12873ctl_send_datamove_done(union ctl_io *io, int have_lock)
12874{
12875	union ctl_ha_msg msg;
12876	int isc_status;
12877
12878	memset(&msg, 0, sizeof(msg));
12879
12880	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12881	msg.hdr.original_sc = io;
12882	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12883	msg.hdr.nexus = io->io_hdr.nexus;
12884	msg.hdr.status = io->io_hdr.status;
12885	msg.scsi.tag_num = io->scsiio.tag_num;
12886	msg.scsi.tag_type = io->scsiio.tag_type;
12887	msg.scsi.scsi_status = io->scsiio.scsi_status;
12888	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12889	       sizeof(io->scsiio.sense_data));
12890	msg.scsi.sense_len = io->scsiio.sense_len;
12891	msg.scsi.sense_residual = io->scsiio.sense_residual;
12892	msg.scsi.fetd_status = io->io_hdr.port_status;
12893	msg.scsi.residual = io->scsiio.residual;
12894	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12895
12896	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12897		ctl_failover_io(io, /*have_lock*/ have_lock);
12898		return;
12899	}
12900
12901	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12902	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12903		/* XXX do something if this fails */
12904	}
12905
12906}
12907
12908/*
12909 * The DMA to the remote side is done, now we need to tell the other side
12910 * we're done so it can continue with its data movement.
12911 */
12912static void
12913ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12914{
12915	union ctl_io *io;
12916
12917	io = rq->context;
12918
12919	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12920		printf("%s: ISC DMA write failed with error %d", __func__,
12921		       rq->ret);
12922		ctl_set_internal_failure(&io->scsiio,
12923					 /*sks_valid*/ 1,
12924					 /*retry_count*/ rq->ret);
12925	}
12926
12927	ctl_dt_req_free(rq);
12928
12929	/*
12930	 * In this case, we had to malloc the memory locally.  Free it.
12931	 */
12932	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12933		int i;
12934		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12935			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12936	}
12937	/*
12938	 * The data is in local and remote memory, so now we need to send
12939	 * status (good or back) back to the other side.
12940	 */
12941	ctl_send_datamove_done(io, /*have_lock*/ 0);
12942}
12943
12944/*
12945 * We've moved the data from the host/controller into local memory.  Now we
12946 * need to push it over to the remote controller's memory.
12947 */
12948static int
12949ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12950{
12951	int retval;
12952
12953	retval = 0;
12954
12955	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12956					  ctl_datamove_remote_write_cb);
12957
12958	return (retval);
12959}
12960
12961static void
12962ctl_datamove_remote_write(union ctl_io *io)
12963{
12964	int retval;
12965	void (*fe_datamove)(union ctl_io *io);
12966
12967	/*
12968	 * - Get the data from the host/HBA into local memory.
12969	 * - DMA memory from the local controller to the remote controller.
12970	 * - Send status back to the remote controller.
12971	 */
12972
12973	retval = ctl_datamove_remote_sgl_setup(io);
12974	if (retval != 0)
12975		return;
12976
12977	/* Switch the pointer over so the FETD knows what to do */
12978	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12979
12980	/*
12981	 * Use a custom move done callback, since we need to send completion
12982	 * back to the other controller, not to the backend on this side.
12983	 */
12984	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12985
12986	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12987
12988	fe_datamove(io);
12989
12990	return;
12991
12992}
12993
12994static int
12995ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12996{
12997#if 0
12998	char str[256];
12999	char path_str[64];
13000	struct sbuf sb;
13001#endif
13002
13003	/*
13004	 * In this case, we had to malloc the memory locally.  Free it.
13005	 */
13006	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
13007		int i;
13008		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13009			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13010	}
13011
13012#if 0
13013	scsi_path_string(io, path_str, sizeof(path_str));
13014	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13015	sbuf_cat(&sb, path_str);
13016	scsi_command_string(&io->scsiio, NULL, &sb);
13017	sbuf_printf(&sb, "\n");
13018	sbuf_cat(&sb, path_str);
13019	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13020		    io->scsiio.tag_num, io->scsiio.tag_type);
13021	sbuf_cat(&sb, path_str);
13022	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
13023		    io->io_hdr.flags, io->io_hdr.status);
13024	sbuf_finish(&sb);
13025	printk("%s", sbuf_data(&sb));
13026#endif
13027
13028
13029	/*
13030	 * The read is done, now we need to send status (good or bad) back
13031	 * to the other side.
13032	 */
13033	ctl_send_datamove_done(io, /*have_lock*/ 0);
13034
13035	return (0);
13036}
13037
13038static void
13039ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
13040{
13041	union ctl_io *io;
13042	void (*fe_datamove)(union ctl_io *io);
13043
13044	io = rq->context;
13045
13046	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
13047		printf("%s: ISC DMA read failed with error %d", __func__,
13048		       rq->ret);
13049		ctl_set_internal_failure(&io->scsiio,
13050					 /*sks_valid*/ 1,
13051					 /*retry_count*/ rq->ret);
13052	}
13053
13054	ctl_dt_req_free(rq);
13055
13056	/* Switch the pointer over so the FETD knows what to do */
13057	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13058
13059	/*
13060	 * Use a custom move done callback, since we need to send completion
13061	 * back to the other controller, not to the backend on this side.
13062	 */
13063	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
13064
13065	/* XXX KDM add checks like the ones in ctl_datamove? */
13066
13067	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13068
13069	fe_datamove(io);
13070}
13071
13072static int
13073ctl_datamove_remote_sgl_setup(union ctl_io *io)
13074{
13075	struct ctl_sg_entry *local_sglist, *remote_sglist;
13076	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
13077	struct ctl_softc *softc;
13078	int retval;
13079	int i;
13080
13081	retval = 0;
13082	softc = control_softc;
13083
13084	local_sglist = io->io_hdr.local_sglist;
13085	local_dma_sglist = io->io_hdr.local_dma_sglist;
13086	remote_sglist = io->io_hdr.remote_sglist;
13087	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13088
13089	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
13090		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
13091			local_sglist[i].len = remote_sglist[i].len;
13092
13093			/*
13094			 * XXX Detect the situation where the RS-level I/O
13095			 * redirector on the other side has already read the
13096			 * data off of the AOR RS on this side, and
13097			 * transferred it to remote (mirror) memory on the
13098			 * other side.  Since we already have the data in
13099			 * memory here, we just need to use it.
13100			 *
13101			 * XXX KDM this can probably be removed once we
13102			 * get the cache device code in and take the
13103			 * current AOR implementation out.
13104			 */
13105#ifdef NEEDTOPORT
13106			if ((remote_sglist[i].addr >=
13107			     (void *)vtophys(softc->mirr->addr))
13108			 && (remote_sglist[i].addr <
13109			     ((void *)vtophys(softc->mirr->addr) +
13110			     CacheMirrorOffset))) {
13111				local_sglist[i].addr = remote_sglist[i].addr -
13112					CacheMirrorOffset;
13113				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13114				     CTL_FLAG_DATA_IN)
13115					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
13116			} else {
13117				local_sglist[i].addr = remote_sglist[i].addr +
13118					CacheMirrorOffset;
13119			}
13120#endif
13121#if 0
13122			printf("%s: local %p, remote %p, len %d\n",
13123			       __func__, local_sglist[i].addr,
13124			       remote_sglist[i].addr, local_sglist[i].len);
13125#endif
13126		}
13127	} else {
13128		uint32_t len_to_go;
13129
13130		/*
13131		 * In this case, we don't have automatically allocated
13132		 * memory for this I/O on this controller.  This typically
13133		 * happens with internal CTL I/O -- e.g. inquiry, mode
13134		 * sense, etc.  Anything coming from RAIDCore will have
13135		 * a mirror area available.
13136		 */
13137		len_to_go = io->scsiio.kern_data_len;
13138
13139		/*
13140		 * Clear the no datasync flag, we have to use malloced
13141		 * buffers.
13142		 */
13143		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
13144
13145		/*
13146		 * The difficult thing here is that the size of the various
13147		 * S/G segments may be different than the size from the
13148		 * remote controller.  That'll make it harder when DMAing
13149		 * the data back to the other side.
13150		 */
13151		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
13152		     sizeof(io->io_hdr.remote_sglist[0])) &&
13153		     (len_to_go > 0); i++) {
13154			local_sglist[i].len = ctl_min(len_to_go, 131072);
13155			CTL_SIZE_8B(local_dma_sglist[i].len,
13156				    local_sglist[i].len);
13157			local_sglist[i].addr =
13158				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
13159
13160			local_dma_sglist[i].addr = local_sglist[i].addr;
13161
13162			if (local_sglist[i].addr == NULL) {
13163				int j;
13164
13165				printf("malloc failed for %zd bytes!",
13166				       local_dma_sglist[i].len);
13167				for (j = 0; j < i; j++) {
13168					free(local_sglist[j].addr, M_CTL);
13169				}
13170				ctl_set_internal_failure(&io->scsiio,
13171							 /*sks_valid*/ 1,
13172							 /*retry_count*/ 4857);
13173				retval = 1;
13174				goto bailout_error;
13175
13176			}
13177			/* XXX KDM do we need a sync here? */
13178
13179			len_to_go -= local_sglist[i].len;
13180		}
13181		/*
13182		 * Reset the number of S/G entries accordingly.  The
13183		 * original number of S/G entries is available in
13184		 * rem_sg_entries.
13185		 */
13186		io->scsiio.kern_sg_entries = i;
13187
13188#if 0
13189		printf("%s: kern_sg_entries = %d\n", __func__,
13190		       io->scsiio.kern_sg_entries);
13191		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13192			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
13193			       local_sglist[i].addr, local_sglist[i].len,
13194			       local_dma_sglist[i].len);
13195#endif
13196	}
13197
13198
13199	return (retval);
13200
13201bailout_error:
13202
13203	ctl_send_datamove_done(io, /*have_lock*/ 0);
13204
13205	return (retval);
13206}
13207
13208static int
13209ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
13210			 ctl_ha_dt_cb callback)
13211{
13212	struct ctl_ha_dt_req *rq;
13213	struct ctl_sg_entry *remote_sglist, *local_sglist;
13214	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
13215	uint32_t local_used, remote_used, total_used;
13216	int retval;
13217	int i, j;
13218
13219	retval = 0;
13220
13221	rq = ctl_dt_req_alloc();
13222
13223	/*
13224	 * If we failed to allocate the request, and if the DMA didn't fail
13225	 * anyway, set busy status.  This is just a resource allocation
13226	 * failure.
13227	 */
13228	if ((rq == NULL)
13229	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
13230		ctl_set_busy(&io->scsiio);
13231
13232	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
13233
13234		if (rq != NULL)
13235			ctl_dt_req_free(rq);
13236
13237		/*
13238		 * The data move failed.  We need to return status back
13239		 * to the other controller.  No point in trying to DMA
13240		 * data to the remote controller.
13241		 */
13242
13243		ctl_send_datamove_done(io, /*have_lock*/ 0);
13244
13245		retval = 1;
13246
13247		goto bailout;
13248	}
13249
13250	local_sglist = io->io_hdr.local_sglist;
13251	local_dma_sglist = io->io_hdr.local_dma_sglist;
13252	remote_sglist = io->io_hdr.remote_sglist;
13253	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13254	local_used = 0;
13255	remote_used = 0;
13256	total_used = 0;
13257
13258	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
13259		rq->ret = CTL_HA_STATUS_SUCCESS;
13260		rq->context = io;
13261		callback(rq);
13262		goto bailout;
13263	}
13264
13265	/*
13266	 * Pull/push the data over the wire from/to the other controller.
13267	 * This takes into account the possibility that the local and
13268	 * remote sglists may not be identical in terms of the size of
13269	 * the elements and the number of elements.
13270	 *
13271	 * One fundamental assumption here is that the length allocated for
13272	 * both the local and remote sglists is identical.  Otherwise, we've
13273	 * essentially got a coding error of some sort.
13274	 */
13275	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
13276		int isc_ret;
13277		uint32_t cur_len, dma_length;
13278		uint8_t *tmp_ptr;
13279
13280		rq->id = CTL_HA_DATA_CTL;
13281		rq->command = command;
13282		rq->context = io;
13283
13284		/*
13285		 * Both pointers should be aligned.  But it is possible
13286		 * that the allocation length is not.  They should both
13287		 * also have enough slack left over at the end, though,
13288		 * to round up to the next 8 byte boundary.
13289		 */
13290		cur_len = ctl_min(local_sglist[i].len - local_used,
13291				  remote_sglist[j].len - remote_used);
13292
13293		/*
13294		 * In this case, we have a size issue and need to decrease
13295		 * the size, except in the case where we actually have less
13296		 * than 8 bytes left.  In that case, we need to increase
13297		 * the DMA length to get the last bit.
13298		 */
13299		if ((cur_len & 0x7) != 0) {
13300			if (cur_len > 0x7) {
13301				cur_len = cur_len - (cur_len & 0x7);
13302				dma_length = cur_len;
13303			} else {
13304				CTL_SIZE_8B(dma_length, cur_len);
13305			}
13306
13307		} else
13308			dma_length = cur_len;
13309
13310		/*
13311		 * If we had to allocate memory for this I/O, instead of using
13312		 * the non-cached mirror memory, we'll need to flush the cache
13313		 * before trying to DMA to the other controller.
13314		 *
13315		 * We could end up doing this multiple times for the same
13316		 * segment if we have a larger local segment than remote
13317		 * segment.  That shouldn't be an issue.
13318		 */
13319		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13320			/*
13321			 * XXX KDM use bus_dmamap_sync() here.
13322			 */
13323		}
13324
13325		rq->size = dma_length;
13326
13327		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13328		tmp_ptr += local_used;
13329
13330		/* Use physical addresses when talking to ISC hardware */
13331		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13332			/* XXX KDM use busdma */
13333#if 0
13334			rq->local = vtophys(tmp_ptr);
13335#endif
13336		} else
13337			rq->local = tmp_ptr;
13338
13339		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13340		tmp_ptr += remote_used;
13341		rq->remote = tmp_ptr;
13342
13343		rq->callback = NULL;
13344
13345		local_used += cur_len;
13346		if (local_used >= local_sglist[i].len) {
13347			i++;
13348			local_used = 0;
13349		}
13350
13351		remote_used += cur_len;
13352		if (remote_used >= remote_sglist[j].len) {
13353			j++;
13354			remote_used = 0;
13355		}
13356		total_used += cur_len;
13357
13358		if (total_used >= io->scsiio.kern_data_len)
13359			rq->callback = callback;
13360
13361		if ((rq->size & 0x7) != 0) {
13362			printf("%s: warning: size %d is not on 8b boundary\n",
13363			       __func__, rq->size);
13364		}
13365		if (((uintptr_t)rq->local & 0x7) != 0) {
13366			printf("%s: warning: local %p not on 8b boundary\n",
13367			       __func__, rq->local);
13368		}
13369		if (((uintptr_t)rq->remote & 0x7) != 0) {
13370			printf("%s: warning: remote %p not on 8b boundary\n",
13371			       __func__, rq->local);
13372		}
13373#if 0
13374		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
13375		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13376		       rq->local, rq->remote, rq->size);
13377#endif
13378
13379		isc_ret = ctl_dt_single(rq);
13380		if (isc_ret == CTL_HA_STATUS_WAIT)
13381			continue;
13382
13383		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
13384			rq->ret = CTL_HA_STATUS_SUCCESS;
13385		} else {
13386			rq->ret = isc_ret;
13387		}
13388		callback(rq);
13389		goto bailout;
13390	}
13391
13392bailout:
13393	return (retval);
13394
13395}
13396
13397static void
13398ctl_datamove_remote_read(union ctl_io *io)
13399{
13400	int retval;
13401	int i;
13402
13403	/*
13404	 * This will send an error to the other controller in the case of a
13405	 * failure.
13406	 */
13407	retval = ctl_datamove_remote_sgl_setup(io);
13408	if (retval != 0)
13409		return;
13410
13411	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13412					  ctl_datamove_remote_read_cb);
13413	if ((retval != 0)
13414	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
13415		/*
13416		 * Make sure we free memory if there was an error..  The
13417		 * ctl_datamove_remote_xfer() function will send the
13418		 * datamove done message, or call the callback with an
13419		 * error if there is a problem.
13420		 */
13421		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13422			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13423	}
13424
13425	return;
13426}
13427
13428/*
13429 * Process a datamove request from the other controller.  This is used for
13430 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13431 * first.  Once that is complete, the data gets DMAed into the remote
13432 * controller's memory.  For reads, we DMA from the remote controller's
13433 * memory into our memory first, and then move it out to the FETD.
13434 */
13435static void
13436ctl_datamove_remote(union ctl_io *io)
13437{
13438	struct ctl_softc *softc;
13439
13440	softc = control_softc;
13441
13442	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13443
13444	/*
13445	 * Note that we look for an aborted I/O here, but don't do some of
13446	 * the other checks that ctl_datamove() normally does.
13447	 * We don't need to run the datamove delay code, since that should
13448	 * have been done if need be on the other controller.
13449	 */
13450	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13451		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13452		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13453		       io->io_hdr.nexus.targ_port,
13454		       io->io_hdr.nexus.targ_target.id,
13455		       io->io_hdr.nexus.targ_lun);
13456		io->io_hdr.port_status = 31338;
13457		ctl_send_datamove_done(io, /*have_lock*/ 0);
13458		return;
13459	}
13460
13461	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13462		ctl_datamove_remote_write(io);
13463	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13464		ctl_datamove_remote_read(io);
13465	} else {
13466		union ctl_ha_msg msg;
13467		struct scsi_sense_data *sense;
13468		uint8_t sks[3];
13469		int retry_count;
13470
13471		memset(&msg, 0, sizeof(msg));
13472
13473		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13474		msg.hdr.status = CTL_SCSI_ERROR;
13475		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13476
13477		retry_count = 4243;
13478
13479		sense = &msg.scsi.sense_data;
13480		sks[0] = SSD_SCS_VALID;
13481		sks[1] = (retry_count >> 8) & 0xff;
13482		sks[2] = retry_count & 0xff;
13483
13484		/* "Internal target failure" */
13485		scsi_set_sense_data(sense,
13486				    /*sense_format*/ SSD_TYPE_NONE,
13487				    /*current_error*/ 1,
13488				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13489				    /*asc*/ 0x44,
13490				    /*ascq*/ 0x00,
13491				    /*type*/ SSD_ELEM_SKS,
13492				    /*size*/ sizeof(sks),
13493				    /*data*/ sks,
13494				    SSD_ELEM_NONE);
13495
13496		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13497		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13498			ctl_failover_io(io, /*have_lock*/ 1);
13499			return;
13500		}
13501
13502		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13503		    CTL_HA_STATUS_SUCCESS) {
13504			/* XXX KDM what to do if this fails? */
13505		}
13506		return;
13507	}
13508
13509}
13510
13511static int
13512ctl_process_done(union ctl_io *io)
13513{
13514	struct ctl_lun *lun;
13515	struct ctl_softc *ctl_softc;
13516	void (*fe_done)(union ctl_io *io);
13517	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13518
13519	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13520
13521	fe_done =
13522	    control_softc->ctl_ports[targ_port]->fe_done;
13523
13524#ifdef CTL_TIME_IO
13525	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13526		char str[256];
13527		char path_str[64];
13528		struct sbuf sb;
13529
13530		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13531		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13532
13533		sbuf_cat(&sb, path_str);
13534		switch (io->io_hdr.io_type) {
13535		case CTL_IO_SCSI:
13536			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13537			sbuf_printf(&sb, "\n");
13538			sbuf_cat(&sb, path_str);
13539			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13540				    io->scsiio.tag_num, io->scsiio.tag_type);
13541			break;
13542		case CTL_IO_TASK:
13543			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13544				    "Tag Type: %d\n", io->taskio.task_action,
13545				    io->taskio.tag_num, io->taskio.tag_type);
13546			break;
13547		default:
13548			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13549			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13550			break;
13551		}
13552		sbuf_cat(&sb, path_str);
13553		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13554			    (intmax_t)time_uptime - io->io_hdr.start_time);
13555		sbuf_finish(&sb);
13556		printf("%s", sbuf_data(&sb));
13557	}
13558#endif /* CTL_TIME_IO */
13559
13560	switch (io->io_hdr.io_type) {
13561	case CTL_IO_SCSI:
13562		break;
13563	case CTL_IO_TASK:
13564		if (bootverbose || (ctl_debug & CTL_DEBUG_INFO))
13565			ctl_io_error_print(io, NULL);
13566		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13567			ctl_free_io(io);
13568		else
13569			fe_done(io);
13570		return (CTL_RETVAL_COMPLETE);
13571	default:
13572		panic("ctl_process_done: invalid io type %d\n",
13573		      io->io_hdr.io_type);
13574		break; /* NOTREACHED */
13575	}
13576
13577	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13578	if (lun == NULL) {
13579		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13580				 io->io_hdr.nexus.targ_mapped_lun));
13581		fe_done(io);
13582		goto bailout;
13583	}
13584	ctl_softc = lun->ctl_softc;
13585
13586	mtx_lock(&lun->lun_lock);
13587
13588	/*
13589	 * Check to see if we have any errors to inject here.  We only
13590	 * inject errors for commands that don't already have errors set.
13591	 */
13592	if ((STAILQ_FIRST(&lun->error_list) != NULL)
13593	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
13594		ctl_inject_error(lun, io);
13595
13596	/*
13597	 * XXX KDM how do we treat commands that aren't completed
13598	 * successfully?
13599	 *
13600	 * XXX KDM should we also track I/O latency?
13601	 */
13602	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13603	    io->io_hdr.io_type == CTL_IO_SCSI) {
13604#ifdef CTL_TIME_IO
13605		struct bintime cur_bt;
13606#endif
13607		int type;
13608
13609		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13610		    CTL_FLAG_DATA_IN)
13611			type = CTL_STATS_READ;
13612		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13613		    CTL_FLAG_DATA_OUT)
13614			type = CTL_STATS_WRITE;
13615		else
13616			type = CTL_STATS_NO_IO;
13617
13618		lun->stats.ports[targ_port].bytes[type] +=
13619		    io->scsiio.kern_total_len;
13620		lun->stats.ports[targ_port].operations[type]++;
13621#ifdef CTL_TIME_IO
13622		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13623		   &io->io_hdr.dma_bt);
13624		lun->stats.ports[targ_port].num_dmas[type] +=
13625		    io->io_hdr.num_dmas;
13626		getbintime(&cur_bt);
13627		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13628		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13629#endif
13630	}
13631
13632	/*
13633	 * Remove this from the OOA queue.
13634	 */
13635	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13636
13637	/*
13638	 * Run through the blocked queue on this LUN and see if anything
13639	 * has become unblocked, now that this transaction is done.
13640	 */
13641	ctl_check_blocked(lun);
13642
13643	/*
13644	 * If the LUN has been invalidated, free it if there is nothing
13645	 * left on its OOA queue.
13646	 */
13647	if ((lun->flags & CTL_LUN_INVALID)
13648	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13649		mtx_unlock(&lun->lun_lock);
13650		mtx_lock(&ctl_softc->ctl_lock);
13651		ctl_free_lun(lun);
13652		mtx_unlock(&ctl_softc->ctl_lock);
13653	} else
13654		mtx_unlock(&lun->lun_lock);
13655
13656	/*
13657	 * If this command has been aborted, make sure we set the status
13658	 * properly.  The FETD is responsible for freeing the I/O and doing
13659	 * whatever it needs to do to clean up its state.
13660	 */
13661	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13662		ctl_set_task_aborted(&io->scsiio);
13663
13664	/*
13665	 * If enabled, print command error status.
13666	 * We don't print UAs unless debugging was enabled explicitly.
13667	 */
13668	do {
13669		if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)
13670			break;
13671		if (!bootverbose && (ctl_debug & CTL_DEBUG_INFO) == 0)
13672			break;
13673		if ((ctl_debug & CTL_DEBUG_INFO) == 0 &&
13674		    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR) &&
13675		     (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
13676			int error_code, sense_key, asc, ascq;
13677
13678			scsi_extract_sense_len(&io->scsiio.sense_data,
13679			    io->scsiio.sense_len, &error_code, &sense_key,
13680			    &asc, &ascq, /*show_errors*/ 0);
13681			if (sense_key == SSD_KEY_UNIT_ATTENTION)
13682				break;
13683		}
13684
13685		ctl_io_error_print(io, NULL);
13686	} while (0);
13687
13688	/*
13689	 * Tell the FETD or the other shelf controller we're done with this
13690	 * command.  Note that only SCSI commands get to this point.  Task
13691	 * management commands are completed above.
13692	 *
13693	 * We only send status to the other controller if we're in XFER
13694	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13695	 * received the I/O (from CTL's perspective), and so the status is
13696	 * generated there.
13697	 *
13698	 * XXX KDM if we hold the lock here, we could cause a deadlock
13699	 * if the frontend comes back in in this context to queue
13700	 * something.
13701	 */
13702	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
13703	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13704		union ctl_ha_msg msg;
13705
13706		memset(&msg, 0, sizeof(msg));
13707		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13708		msg.hdr.original_sc = io->io_hdr.original_sc;
13709		msg.hdr.nexus = io->io_hdr.nexus;
13710		msg.hdr.status = io->io_hdr.status;
13711		msg.scsi.scsi_status = io->scsiio.scsi_status;
13712		msg.scsi.tag_num = io->scsiio.tag_num;
13713		msg.scsi.tag_type = io->scsiio.tag_type;
13714		msg.scsi.sense_len = io->scsiio.sense_len;
13715		msg.scsi.sense_residual = io->scsiio.sense_residual;
13716		msg.scsi.residual = io->scsiio.residual;
13717		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13718		       sizeof(io->scsiio.sense_data));
13719		/*
13720		 * We copy this whether or not this is an I/O-related
13721		 * command.  Otherwise, we'd have to go and check to see
13722		 * whether it's a read/write command, and it really isn't
13723		 * worth it.
13724		 */
13725		memcpy(&msg.scsi.lbalen,
13726		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13727		       sizeof(msg.scsi.lbalen));
13728
13729		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13730				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13731			/* XXX do something here */
13732		}
13733
13734		ctl_free_io(io);
13735	} else
13736		fe_done(io);
13737
13738bailout:
13739
13740	return (CTL_RETVAL_COMPLETE);
13741}
13742
13743#ifdef CTL_WITH_CA
13744/*
13745 * Front end should call this if it doesn't do autosense.  When the request
13746 * sense comes back in from the initiator, we'll dequeue this and send it.
13747 */
13748int
13749ctl_queue_sense(union ctl_io *io)
13750{
13751	struct ctl_lun *lun;
13752	struct ctl_softc *ctl_softc;
13753	uint32_t initidx, targ_lun;
13754
13755	ctl_softc = control_softc;
13756
13757	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13758
13759	/*
13760	 * LUN lookup will likely move to the ctl_work_thread() once we
13761	 * have our new queueing infrastructure (that doesn't put things on
13762	 * a per-LUN queue initially).  That is so that we can handle
13763	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13764	 * can't deal with that right now.
13765	 */
13766	mtx_lock(&ctl_softc->ctl_lock);
13767
13768	/*
13769	 * If we don't have a LUN for this, just toss the sense
13770	 * information.
13771	 */
13772	targ_lun = io->io_hdr.nexus.targ_lun;
13773	targ_lun = ctl_map_lun(io->io_hdr.nexus.targ_port, targ_lun);
13774	if ((targ_lun < CTL_MAX_LUNS)
13775	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
13776		lun = ctl_softc->ctl_luns[targ_lun];
13777	else
13778		goto bailout;
13779
13780	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13781
13782	mtx_lock(&lun->lun_lock);
13783	/*
13784	 * Already have CA set for this LUN...toss the sense information.
13785	 */
13786	if (ctl_is_set(lun->have_ca, initidx)) {
13787		mtx_unlock(&lun->lun_lock);
13788		goto bailout;
13789	}
13790
13791	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13792	       ctl_min(sizeof(lun->pending_sense[initidx]),
13793	       sizeof(io->scsiio.sense_data)));
13794	ctl_set_mask(lun->have_ca, initidx);
13795	mtx_unlock(&lun->lun_lock);
13796
13797bailout:
13798	mtx_unlock(&ctl_softc->ctl_lock);
13799
13800	ctl_free_io(io);
13801
13802	return (CTL_RETVAL_COMPLETE);
13803}
13804#endif
13805
13806/*
13807 * Primary command inlet from frontend ports.  All SCSI and task I/O
13808 * requests must go through this function.
13809 */
13810int
13811ctl_queue(union ctl_io *io)
13812{
13813	struct ctl_softc *ctl_softc;
13814
13815	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13816
13817	ctl_softc = control_softc;
13818
13819#ifdef CTL_TIME_IO
13820	io->io_hdr.start_time = time_uptime;
13821	getbintime(&io->io_hdr.start_bt);
13822#endif /* CTL_TIME_IO */
13823
13824	/* Map FE-specific LUN ID into global one. */
13825	io->io_hdr.nexus.targ_mapped_lun =
13826	    ctl_map_lun(io->io_hdr.nexus.targ_port, io->io_hdr.nexus.targ_lun);
13827
13828	switch (io->io_hdr.io_type) {
13829	case CTL_IO_SCSI:
13830	case CTL_IO_TASK:
13831		if (ctl_debug & CTL_DEBUG_CDB)
13832			ctl_io_print(io);
13833		ctl_enqueue_incoming(io);
13834		break;
13835	default:
13836		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13837		return (EINVAL);
13838	}
13839
13840	return (CTL_RETVAL_COMPLETE);
13841}
13842
13843#ifdef CTL_IO_DELAY
13844static void
13845ctl_done_timer_wakeup(void *arg)
13846{
13847	union ctl_io *io;
13848
13849	io = (union ctl_io *)arg;
13850	ctl_done(io);
13851}
13852#endif /* CTL_IO_DELAY */
13853
13854void
13855ctl_done(union ctl_io *io)
13856{
13857	struct ctl_softc *ctl_softc;
13858
13859	ctl_softc = control_softc;
13860
13861	/*
13862	 * Enable this to catch duplicate completion issues.
13863	 */
13864#if 0
13865	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13866		printf("%s: type %d msg %d cdb %x iptl: "
13867		       "%d:%d:%d:%d tag 0x%04x "
13868		       "flag %#x status %x\n",
13869			__func__,
13870			io->io_hdr.io_type,
13871			io->io_hdr.msg_type,
13872			io->scsiio.cdb[0],
13873			io->io_hdr.nexus.initid.id,
13874			io->io_hdr.nexus.targ_port,
13875			io->io_hdr.nexus.targ_target.id,
13876			io->io_hdr.nexus.targ_lun,
13877			(io->io_hdr.io_type ==
13878			CTL_IO_TASK) ?
13879			io->taskio.tag_num :
13880			io->scsiio.tag_num,
13881		        io->io_hdr.flags,
13882			io->io_hdr.status);
13883	} else
13884		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13885#endif
13886
13887	/*
13888	 * This is an internal copy of an I/O, and should not go through
13889	 * the normal done processing logic.
13890	 */
13891	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13892		return;
13893
13894	/*
13895	 * We need to send a msg to the serializing shelf to finish the IO
13896	 * as well.  We don't send a finish message to the other shelf if
13897	 * this is a task management command.  Task management commands
13898	 * aren't serialized in the OOA queue, but rather just executed on
13899	 * both shelf controllers for commands that originated on that
13900	 * controller.
13901	 */
13902	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13903	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13904		union ctl_ha_msg msg_io;
13905
13906		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13907		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13908		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13909		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13910		}
13911		/* continue on to finish IO */
13912	}
13913#ifdef CTL_IO_DELAY
13914	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13915		struct ctl_lun *lun;
13916
13917		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13918
13919		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13920	} else {
13921		struct ctl_lun *lun;
13922
13923		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13924
13925		if ((lun != NULL)
13926		 && (lun->delay_info.done_delay > 0)) {
13927			struct callout *callout;
13928
13929			callout = (struct callout *)&io->io_hdr.timer_bytes;
13930			callout_init(callout, /*mpsafe*/ 1);
13931			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13932			callout_reset(callout,
13933				      lun->delay_info.done_delay * hz,
13934				      ctl_done_timer_wakeup, io);
13935			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13936				lun->delay_info.done_delay = 0;
13937			return;
13938		}
13939	}
13940#endif /* CTL_IO_DELAY */
13941
13942	ctl_enqueue_done(io);
13943}
13944
13945int
13946ctl_isc(struct ctl_scsiio *ctsio)
13947{
13948	struct ctl_lun *lun;
13949	int retval;
13950
13951	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13952
13953	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13954
13955	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13956
13957	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13958
13959	return (retval);
13960}
13961
13962
13963static void
13964ctl_work_thread(void *arg)
13965{
13966	struct ctl_thread *thr = (struct ctl_thread *)arg;
13967	struct ctl_softc *softc = thr->ctl_softc;
13968	union ctl_io *io;
13969	int retval;
13970
13971	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13972
13973	for (;;) {
13974		retval = 0;
13975
13976		/*
13977		 * We handle the queues in this order:
13978		 * - ISC
13979		 * - done queue (to free up resources, unblock other commands)
13980		 * - RtR queue
13981		 * - incoming queue
13982		 *
13983		 * If those queues are empty, we break out of the loop and
13984		 * go to sleep.
13985		 */
13986		mtx_lock(&thr->queue_lock);
13987		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13988		if (io != NULL) {
13989			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13990			mtx_unlock(&thr->queue_lock);
13991			ctl_handle_isc(io);
13992			continue;
13993		}
13994		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13995		if (io != NULL) {
13996			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13997			/* clear any blocked commands, call fe_done */
13998			mtx_unlock(&thr->queue_lock);
13999			retval = ctl_process_done(io);
14000			continue;
14001		}
14002		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
14003		if (io != NULL) {
14004			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
14005			mtx_unlock(&thr->queue_lock);
14006			if (io->io_hdr.io_type == CTL_IO_TASK)
14007				ctl_run_task(io);
14008			else
14009				ctl_scsiio_precheck(softc, &io->scsiio);
14010			continue;
14011		}
14012		if (!ctl_pause_rtr) {
14013			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
14014			if (io != NULL) {
14015				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
14016				mtx_unlock(&thr->queue_lock);
14017				retval = ctl_scsiio(&io->scsiio);
14018				if (retval != CTL_RETVAL_COMPLETE)
14019					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
14020				continue;
14021			}
14022		}
14023
14024		/* Sleep until we have something to do. */
14025		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
14026	}
14027}
14028
14029static void
14030ctl_lun_thread(void *arg)
14031{
14032	struct ctl_softc *softc = (struct ctl_softc *)arg;
14033	struct ctl_be_lun *be_lun;
14034	int retval;
14035
14036	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
14037
14038	for (;;) {
14039		retval = 0;
14040		mtx_lock(&softc->ctl_lock);
14041		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
14042		if (be_lun != NULL) {
14043			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
14044			mtx_unlock(&softc->ctl_lock);
14045			ctl_create_lun(be_lun);
14046			continue;
14047		}
14048
14049		/* Sleep until we have something to do. */
14050		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
14051		    PDROP | PRIBIO, "-", 0);
14052	}
14053}
14054
14055static void
14056ctl_enqueue_incoming(union ctl_io *io)
14057{
14058	struct ctl_softc *softc = control_softc;
14059	struct ctl_thread *thr;
14060	u_int idx;
14061
14062	idx = (io->io_hdr.nexus.targ_port * 127 +
14063	       io->io_hdr.nexus.initid.id) % worker_threads;
14064	thr = &softc->threads[idx];
14065	mtx_lock(&thr->queue_lock);
14066	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
14067	mtx_unlock(&thr->queue_lock);
14068	wakeup(thr);
14069}
14070
14071static void
14072ctl_enqueue_rtr(union ctl_io *io)
14073{
14074	struct ctl_softc *softc = control_softc;
14075	struct ctl_thread *thr;
14076
14077	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14078	mtx_lock(&thr->queue_lock);
14079	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
14080	mtx_unlock(&thr->queue_lock);
14081	wakeup(thr);
14082}
14083
14084static void
14085ctl_enqueue_done(union ctl_io *io)
14086{
14087	struct ctl_softc *softc = control_softc;
14088	struct ctl_thread *thr;
14089
14090	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14091	mtx_lock(&thr->queue_lock);
14092	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
14093	mtx_unlock(&thr->queue_lock);
14094	wakeup(thr);
14095}
14096
14097static void
14098ctl_enqueue_isc(union ctl_io *io)
14099{
14100	struct ctl_softc *softc = control_softc;
14101	struct ctl_thread *thr;
14102
14103	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14104	mtx_lock(&thr->queue_lock);
14105	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
14106	mtx_unlock(&thr->queue_lock);
14107	wakeup(thr);
14108}
14109
14110/* Initialization and failover */
14111
14112void
14113ctl_init_isc_msg(void)
14114{
14115	printf("CTL: Still calling this thing\n");
14116}
14117
14118/*
14119 * Init component
14120 * 	Initializes component into configuration defined by bootMode
14121 *	(see hasc-sv.c)
14122 *  	returns hasc_Status:
14123 * 		OK
14124 *		ERROR - fatal error
14125 */
14126static ctl_ha_comp_status
14127ctl_isc_init(struct ctl_ha_component *c)
14128{
14129	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14130
14131	c->status = ret;
14132	return ret;
14133}
14134
14135/* Start component
14136 * 	Starts component in state requested. If component starts successfully,
14137 *	it must set its own state to the requestrd state
14138 *	When requested state is HASC_STATE_HA, the component may refine it
14139 * 	by adding _SLAVE or _MASTER flags.
14140 *	Currently allowed state transitions are:
14141 *	UNKNOWN->HA		- initial startup
14142 *	UNKNOWN->SINGLE - initial startup when no parter detected
14143 *	HA->SINGLE		- failover
14144 * returns ctl_ha_comp_status:
14145 * 		OK	- component successfully started in requested state
14146 *		FAILED  - could not start the requested state, failover may
14147 * 			  be possible
14148 *		ERROR	- fatal error detected, no future startup possible
14149 */
14150static ctl_ha_comp_status
14151ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
14152{
14153	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14154
14155	printf("%s: go\n", __func__);
14156
14157	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
14158	if (c->state == CTL_HA_STATE_UNKNOWN ) {
14159		ctl_is_single = 0;
14160		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
14161		    != CTL_HA_STATUS_SUCCESS) {
14162			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
14163			ret = CTL_HA_COMP_STATUS_ERROR;
14164		}
14165	} else if (CTL_HA_STATE_IS_HA(c->state)
14166		&& CTL_HA_STATE_IS_SINGLE(state)){
14167		// HA->SINGLE transition
14168	        ctl_failover();
14169		ctl_is_single = 1;
14170	} else {
14171		printf("ctl_isc_start:Invalid state transition %X->%X\n",
14172		       c->state, state);
14173		ret = CTL_HA_COMP_STATUS_ERROR;
14174	}
14175	if (CTL_HA_STATE_IS_SINGLE(state))
14176		ctl_is_single = 1;
14177
14178	c->state = state;
14179	c->status = ret;
14180	return ret;
14181}
14182
14183/*
14184 * Quiesce component
14185 * The component must clear any error conditions (set status to OK) and
14186 * prepare itself to another Start call
14187 * returns ctl_ha_comp_status:
14188 * 	OK
14189 *	ERROR
14190 */
14191static ctl_ha_comp_status
14192ctl_isc_quiesce(struct ctl_ha_component *c)
14193{
14194	int ret = CTL_HA_COMP_STATUS_OK;
14195
14196	ctl_pause_rtr = 1;
14197	c->status = ret;
14198	return ret;
14199}
14200
14201struct ctl_ha_component ctl_ha_component_ctlisc =
14202{
14203	.name = "CTL ISC",
14204	.state = CTL_HA_STATE_UNKNOWN,
14205	.init = ctl_isc_init,
14206	.start = ctl_isc_start,
14207	.quiesce = ctl_isc_quiesce
14208};
14209
14210/*
14211 *  vim: ts=8
14212 */
14213