ctl.c revision 273711 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 273711 2014-10-26 23:25:42Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/ctype.h>
50#include <sys/kernel.h>
51#include <sys/types.h>
52#include <sys/kthread.h>
53#include <sys/bio.h>
54#include <sys/fcntl.h>
55#include <sys/lock.h>
56#include <sys/module.h>
57#include <sys/mutex.h>
58#include <sys/condvar.h>
59#include <sys/malloc.h>
60#include <sys/conf.h>
61#include <sys/ioccom.h>
62#include <sys/queue.h>
63#include <sys/sbuf.h>
64#include <sys/smp.h>
65#include <sys/endian.h>
66#include <sys/sysctl.h>
67
68#include <cam/cam.h>
69#include <cam/scsi/scsi_all.h>
70#include <cam/scsi/scsi_da.h>
71#include <cam/ctl/ctl_io.h>
72#include <cam/ctl/ctl.h>
73#include <cam/ctl/ctl_frontend.h>
74#include <cam/ctl/ctl_frontend_internal.h>
75#include <cam/ctl/ctl_util.h>
76#include <cam/ctl/ctl_backend.h>
77#include <cam/ctl/ctl_ioctl.h>
78#include <cam/ctl/ctl_ha.h>
79#include <cam/ctl/ctl_private.h>
80#include <cam/ctl/ctl_debug.h>
81#include <cam/ctl/ctl_scsi_all.h>
82#include <cam/ctl/ctl_error.h>
83
84struct ctl_softc *control_softc = NULL;
85
86/*
87 * Size and alignment macros needed for Copan-specific HA hardware.  These
88 * can go away when the HA code is re-written, and uses busdma for any
89 * hardware.
90 */
91#define	CTL_ALIGN_8B(target, source, type)				\
92	if (((uint32_t)source & 0x7) != 0)				\
93		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
94	else								\
95		target = (type)source;
96
97#define	CTL_SIZE_8B(target, size)					\
98	if ((size & 0x7) != 0)						\
99		target = size + (0x8 - (size & 0x7));			\
100	else								\
101		target = size;
102
103#define CTL_ALIGN_8B_MARGIN	16
104
105/*
106 * Template mode pages.
107 */
108
109/*
110 * Note that these are default values only.  The actual values will be
111 * filled in when the user does a mode sense.
112 */
113static struct copan_debugconf_subpage debugconf_page_default = {
114	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
115	DBGCNF_SUBPAGE_CODE,		/* subpage */
116	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
117	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
118	DBGCNF_VERSION,			/* page_version */
119	{CTL_TIME_IO_DEFAULT_SECS>>8,
120	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
121};
122
123static struct copan_debugconf_subpage debugconf_page_changeable = {
124	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
125	DBGCNF_SUBPAGE_CODE,		/* subpage */
126	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
127	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
128	0,				/* page_version */
129	{0xff,0xff},			/* ctl_time_io_secs */
130};
131
132static struct scsi_da_rw_recovery_page rw_er_page_default = {
133	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
134	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
135	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
136	/*read_retry_count*/0,
137	/*correction_span*/0,
138	/*head_offset_count*/0,
139	/*data_strobe_offset_cnt*/0,
140	/*byte8*/0,
141	/*write_retry_count*/0,
142	/*reserved2*/0,
143	/*recovery_time_limit*/{0, 0},
144};
145
146static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
147	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
148	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
149	/*byte3*/0,
150	/*read_retry_count*/0,
151	/*correction_span*/0,
152	/*head_offset_count*/0,
153	/*data_strobe_offset_cnt*/0,
154	/*byte8*/0,
155	/*write_retry_count*/0,
156	/*reserved2*/0,
157	/*recovery_time_limit*/{0, 0},
158};
159
160static struct scsi_format_page format_page_default = {
161	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
162	/*page_length*/sizeof(struct scsi_format_page) - 2,
163	/*tracks_per_zone*/ {0, 0},
164	/*alt_sectors_per_zone*/ {0, 0},
165	/*alt_tracks_per_zone*/ {0, 0},
166	/*alt_tracks_per_lun*/ {0, 0},
167	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
168			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
169	/*bytes_per_sector*/ {0, 0},
170	/*interleave*/ {0, 0},
171	/*track_skew*/ {0, 0},
172	/*cylinder_skew*/ {0, 0},
173	/*flags*/ SFP_HSEC,
174	/*reserved*/ {0, 0, 0}
175};
176
177static struct scsi_format_page format_page_changeable = {
178	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
179	/*page_length*/sizeof(struct scsi_format_page) - 2,
180	/*tracks_per_zone*/ {0, 0},
181	/*alt_sectors_per_zone*/ {0, 0},
182	/*alt_tracks_per_zone*/ {0, 0},
183	/*alt_tracks_per_lun*/ {0, 0},
184	/*sectors_per_track*/ {0, 0},
185	/*bytes_per_sector*/ {0, 0},
186	/*interleave*/ {0, 0},
187	/*track_skew*/ {0, 0},
188	/*cylinder_skew*/ {0, 0},
189	/*flags*/ 0,
190	/*reserved*/ {0, 0, 0}
191};
192
193static struct scsi_rigid_disk_page rigid_disk_page_default = {
194	/*page_code*/SMS_RIGID_DISK_PAGE,
195	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
196	/*cylinders*/ {0, 0, 0},
197	/*heads*/ CTL_DEFAULT_HEADS,
198	/*start_write_precomp*/ {0, 0, 0},
199	/*start_reduced_current*/ {0, 0, 0},
200	/*step_rate*/ {0, 0},
201	/*landing_zone_cylinder*/ {0, 0, 0},
202	/*rpl*/ SRDP_RPL_DISABLED,
203	/*rotational_offset*/ 0,
204	/*reserved1*/ 0,
205	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
206			   CTL_DEFAULT_ROTATION_RATE & 0xff},
207	/*reserved2*/ {0, 0}
208};
209
210static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
211	/*page_code*/SMS_RIGID_DISK_PAGE,
212	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
213	/*cylinders*/ {0, 0, 0},
214	/*heads*/ 0,
215	/*start_write_precomp*/ {0, 0, 0},
216	/*start_reduced_current*/ {0, 0, 0},
217	/*step_rate*/ {0, 0},
218	/*landing_zone_cylinder*/ {0, 0, 0},
219	/*rpl*/ 0,
220	/*rotational_offset*/ 0,
221	/*reserved1*/ 0,
222	/*rotation_rate*/ {0, 0},
223	/*reserved2*/ {0, 0}
224};
225
226static struct scsi_caching_page caching_page_default = {
227	/*page_code*/SMS_CACHING_PAGE,
228	/*page_length*/sizeof(struct scsi_caching_page) - 2,
229	/*flags1*/ SCP_DISC | SCP_WCE,
230	/*ret_priority*/ 0,
231	/*disable_pf_transfer_len*/ {0xff, 0xff},
232	/*min_prefetch*/ {0, 0},
233	/*max_prefetch*/ {0xff, 0xff},
234	/*max_pf_ceiling*/ {0xff, 0xff},
235	/*flags2*/ 0,
236	/*cache_segments*/ 0,
237	/*cache_seg_size*/ {0, 0},
238	/*reserved*/ 0,
239	/*non_cache_seg_size*/ {0, 0, 0}
240};
241
242static struct scsi_caching_page caching_page_changeable = {
243	/*page_code*/SMS_CACHING_PAGE,
244	/*page_length*/sizeof(struct scsi_caching_page) - 2,
245	/*flags1*/ SCP_WCE | SCP_RCD,
246	/*ret_priority*/ 0,
247	/*disable_pf_transfer_len*/ {0, 0},
248	/*min_prefetch*/ {0, 0},
249	/*max_prefetch*/ {0, 0},
250	/*max_pf_ceiling*/ {0, 0},
251	/*flags2*/ 0,
252	/*cache_segments*/ 0,
253	/*cache_seg_size*/ {0, 0},
254	/*reserved*/ 0,
255	/*non_cache_seg_size*/ {0, 0, 0}
256};
257
258static struct scsi_control_page control_page_default = {
259	/*page_code*/SMS_CONTROL_MODE_PAGE,
260	/*page_length*/sizeof(struct scsi_control_page) - 2,
261	/*rlec*/0,
262	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
263	/*eca_and_aen*/0,
264	/*flags4*/SCP_TAS,
265	/*aen_holdoff_period*/{0, 0},
266	/*busy_timeout_period*/{0, 0},
267	/*extended_selftest_completion_time*/{0, 0}
268};
269
270static struct scsi_control_page control_page_changeable = {
271	/*page_code*/SMS_CONTROL_MODE_PAGE,
272	/*page_length*/sizeof(struct scsi_control_page) - 2,
273	/*rlec*/SCP_DSENSE,
274	/*queue_flags*/SCP_QUEUE_ALG_MASK,
275	/*eca_and_aen*/SCP_SWP,
276	/*flags4*/0,
277	/*aen_holdoff_period*/{0, 0},
278	/*busy_timeout_period*/{0, 0},
279	/*extended_selftest_completion_time*/{0, 0}
280};
281
282static struct scsi_info_exceptions_page ie_page_default = {
283	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
284	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
285	/*info_flags*/SIEP_FLAGS_DEXCPT,
286	/*mrie*/0,
287	/*interval_timer*/{0, 0, 0, 0},
288	/*report_count*/{0, 0, 0, 0}
289};
290
291static struct scsi_info_exceptions_page ie_page_changeable = {
292	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
293	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
294	/*info_flags*/0,
295	/*mrie*/0,
296	/*interval_timer*/{0, 0, 0, 0},
297	/*report_count*/{0, 0, 0, 0}
298};
299
300static struct scsi_logical_block_provisioning_page lbp_page_default = {
301	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
302	/*subpage_code*/0x02,
303	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
304	/*flags*/0,
305	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
306	/*descr*/{}
307};
308
309static struct scsi_logical_block_provisioning_page lbp_page_changeable = {
310	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
311	/*subpage_code*/0x02,
312	/*page_length*/{0, sizeof(struct scsi_logical_block_provisioning_page) - 4},
313	/*flags*/0,
314	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
315	/*descr*/{}
316};
317
318/*
319 * XXX KDM move these into the softc.
320 */
321static int rcv_sync_msg;
322static int persis_offset;
323static uint8_t ctl_pause_rtr;
324static int     ctl_is_single = 1;
325
326SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
327static int worker_threads = -1;
328SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
329    &worker_threads, 1, "Number of worker threads");
330static int ctl_debug = CTL_DEBUG_NONE;
331SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
332    &ctl_debug, 0, "Enabled debug flags");
333
334/*
335 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
336 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
337 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
338 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
339 */
340#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
341
342static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
343				  int param);
344static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
345static int ctl_init(void);
346void ctl_shutdown(void);
347static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
348static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
349static void ctl_ioctl_online(void *arg);
350static void ctl_ioctl_offline(void *arg);
351static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
352static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
353static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
354static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
355static int ctl_ioctl_submit_wait(union ctl_io *io);
356static void ctl_ioctl_datamove(union ctl_io *io);
357static void ctl_ioctl_done(union ctl_io *io);
358static void ctl_ioctl_hard_startstop_callback(void *arg,
359					      struct cfi_metatask *metatask);
360static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
361static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
362			      struct ctl_ooa *ooa_hdr,
363			      struct ctl_ooa_entry *kern_entries);
364static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
365		     struct thread *td);
366static uint32_t ctl_map_lun(int port_num, uint32_t lun);
367static uint32_t ctl_map_lun_back(int port_num, uint32_t lun);
368#ifdef unused
369static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
370				   uint32_t targ_target, uint32_t targ_lun,
371				   int can_wait);
372static void ctl_kfree_io(union ctl_io *io);
373#endif /* unused */
374static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
375			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
376static int ctl_free_lun(struct ctl_lun *lun);
377static void ctl_create_lun(struct ctl_be_lun *be_lun);
378/**
379static void ctl_failover_change_pages(struct ctl_softc *softc,
380				      struct ctl_scsiio *ctsio, int master);
381**/
382
383static int ctl_do_mode_select(union ctl_io *io);
384static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
385			   uint64_t res_key, uint64_t sa_res_key,
386			   uint8_t type, uint32_t residx,
387			   struct ctl_scsiio *ctsio,
388			   struct scsi_per_res_out *cdb,
389			   struct scsi_per_res_out_parms* param);
390static void ctl_pro_preempt_other(struct ctl_lun *lun,
391				  union ctl_ha_msg *msg);
392static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
393static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
394static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
395static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
396static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
397static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
398static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
399					 int alloc_len);
400static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
401					 int alloc_len);
402static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
403static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
404static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
405static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
406static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
407static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
408static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
409    union ctl_io *pending_io, union ctl_io *ooa_io);
410static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
411				union ctl_io *starting_io);
412static int ctl_check_blocked(struct ctl_lun *lun);
413static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
414				struct ctl_lun *lun,
415				const struct ctl_cmd_entry *entry,
416				struct ctl_scsiio *ctsio);
417//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
418static void ctl_failover(void);
419static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
420			       struct ctl_scsiio *ctsio);
421static int ctl_scsiio(struct ctl_scsiio *ctsio);
422
423static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
424static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
425			    ctl_ua_type ua_type);
426static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
427			 ctl_ua_type ua_type);
428static int ctl_abort_task(union ctl_io *io);
429static int ctl_abort_task_set(union ctl_io *io);
430static int ctl_i_t_nexus_reset(union ctl_io *io);
431static void ctl_run_task(union ctl_io *io);
432#ifdef CTL_IO_DELAY
433static void ctl_datamove_timer_wakeup(void *arg);
434static void ctl_done_timer_wakeup(void *arg);
435#endif /* CTL_IO_DELAY */
436
437static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
438static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
439static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
440static void ctl_datamove_remote_write(union ctl_io *io);
441static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
442static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
443static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
444static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
445				    ctl_ha_dt_cb callback);
446static void ctl_datamove_remote_read(union ctl_io *io);
447static void ctl_datamove_remote(union ctl_io *io);
448static int ctl_process_done(union ctl_io *io);
449static void ctl_lun_thread(void *arg);
450static void ctl_work_thread(void *arg);
451static void ctl_enqueue_incoming(union ctl_io *io);
452static void ctl_enqueue_rtr(union ctl_io *io);
453static void ctl_enqueue_done(union ctl_io *io);
454static void ctl_enqueue_isc(union ctl_io *io);
455static const struct ctl_cmd_entry *
456    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
457static const struct ctl_cmd_entry *
458    ctl_validate_command(struct ctl_scsiio *ctsio);
459static int ctl_cmd_applicable(uint8_t lun_type,
460    const struct ctl_cmd_entry *entry);
461
462/*
463 * Load the serialization table.  This isn't very pretty, but is probably
464 * the easiest way to do it.
465 */
466#include "ctl_ser_table.c"
467
468/*
469 * We only need to define open, close and ioctl routines for this driver.
470 */
471static struct cdevsw ctl_cdevsw = {
472	.d_version =	D_VERSION,
473	.d_flags =	0,
474	.d_open =	ctl_open,
475	.d_close =	ctl_close,
476	.d_ioctl =	ctl_ioctl,
477	.d_name =	"ctl",
478};
479
480
481MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
482MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
483
484static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
485
486static moduledata_t ctl_moduledata = {
487	"ctl",
488	ctl_module_event_handler,
489	NULL
490};
491
492DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
493MODULE_VERSION(ctl, 1);
494
495static struct ctl_frontend ioctl_frontend =
496{
497	.name = "ioctl",
498};
499
500static void
501ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
502			    union ctl_ha_msg *msg_info)
503{
504	struct ctl_scsiio *ctsio;
505
506	if (msg_info->hdr.original_sc == NULL) {
507		printf("%s: original_sc == NULL!\n", __func__);
508		/* XXX KDM now what? */
509		return;
510	}
511
512	ctsio = &msg_info->hdr.original_sc->scsiio;
513	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
514	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
515	ctsio->io_hdr.status = msg_info->hdr.status;
516	ctsio->scsi_status = msg_info->scsi.scsi_status;
517	ctsio->sense_len = msg_info->scsi.sense_len;
518	ctsio->sense_residual = msg_info->scsi.sense_residual;
519	ctsio->residual = msg_info->scsi.residual;
520	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
521	       sizeof(ctsio->sense_data));
522	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
523	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
524	ctl_enqueue_isc((union ctl_io *)ctsio);
525}
526
527static void
528ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
529				union ctl_ha_msg *msg_info)
530{
531	struct ctl_scsiio *ctsio;
532
533	if (msg_info->hdr.serializing_sc == NULL) {
534		printf("%s: serializing_sc == NULL!\n", __func__);
535		/* XXX KDM now what? */
536		return;
537	}
538
539	ctsio = &msg_info->hdr.serializing_sc->scsiio;
540#if 0
541	/*
542	 * Attempt to catch the situation where an I/O has
543	 * been freed, and we're using it again.
544	 */
545	if (ctsio->io_hdr.io_type == 0xff) {
546		union ctl_io *tmp_io;
547		tmp_io = (union ctl_io *)ctsio;
548		printf("%s: %p use after free!\n", __func__,
549		       ctsio);
550		printf("%s: type %d msg %d cdb %x iptl: "
551		       "%d:%d:%d:%d tag 0x%04x "
552		       "flag %#x status %x\n",
553			__func__,
554			tmp_io->io_hdr.io_type,
555			tmp_io->io_hdr.msg_type,
556			tmp_io->scsiio.cdb[0],
557			tmp_io->io_hdr.nexus.initid.id,
558			tmp_io->io_hdr.nexus.targ_port,
559			tmp_io->io_hdr.nexus.targ_target.id,
560			tmp_io->io_hdr.nexus.targ_lun,
561			(tmp_io->io_hdr.io_type ==
562			CTL_IO_TASK) ?
563			tmp_io->taskio.tag_num :
564			tmp_io->scsiio.tag_num,
565		        tmp_io->io_hdr.flags,
566			tmp_io->io_hdr.status);
567	}
568#endif
569	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
570	ctl_enqueue_isc((union ctl_io *)ctsio);
571}
572
573/*
574 * ISC (Inter Shelf Communication) event handler.  Events from the HA
575 * subsystem come in here.
576 */
577static void
578ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
579{
580	struct ctl_softc *ctl_softc;
581	union ctl_io *io;
582	struct ctl_prio *presio;
583	ctl_ha_status isc_status;
584
585	ctl_softc = control_softc;
586	io = NULL;
587
588
589#if 0
590	printf("CTL: Isc Msg event %d\n", event);
591#endif
592	if (event == CTL_HA_EVT_MSG_RECV) {
593		union ctl_ha_msg msg_info;
594
595		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
596					     sizeof(msg_info), /*wait*/ 0);
597#if 0
598		printf("CTL: msg_type %d\n", msg_info.msg_type);
599#endif
600		if (isc_status != 0) {
601			printf("Error receiving message, status = %d\n",
602			       isc_status);
603			return;
604		}
605
606		switch (msg_info.hdr.msg_type) {
607		case CTL_MSG_SERIALIZE:
608#if 0
609			printf("Serialize\n");
610#endif
611			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
612			if (io == NULL) {
613				printf("ctl_isc_event_handler: can't allocate "
614				       "ctl_io!\n");
615				/* Bad Juju */
616				/* Need to set busy and send msg back */
617				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
618				msg_info.hdr.status = CTL_SCSI_ERROR;
619				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
620				msg_info.scsi.sense_len = 0;
621			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
622				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
623				}
624				goto bailout;
625			}
626			ctl_zero_io(io);
627			// populate ctsio from msg_info
628			io->io_hdr.io_type = CTL_IO_SCSI;
629			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
630			io->io_hdr.original_sc = msg_info.hdr.original_sc;
631#if 0
632			printf("pOrig %x\n", (int)msg_info.original_sc);
633#endif
634			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
635					    CTL_FLAG_IO_ACTIVE;
636			/*
637			 * If we're in serialization-only mode, we don't
638			 * want to go through full done processing.  Thus
639			 * the COPY flag.
640			 *
641			 * XXX KDM add another flag that is more specific.
642			 */
643			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
644				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
645			io->io_hdr.nexus = msg_info.hdr.nexus;
646#if 0
647			printf("targ %d, port %d, iid %d, lun %d\n",
648			       io->io_hdr.nexus.targ_target.id,
649			       io->io_hdr.nexus.targ_port,
650			       io->io_hdr.nexus.initid.id,
651			       io->io_hdr.nexus.targ_lun);
652#endif
653			io->scsiio.tag_num = msg_info.scsi.tag_num;
654			io->scsiio.tag_type = msg_info.scsi.tag_type;
655			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
656			       CTL_MAX_CDBLEN);
657			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
658				const struct ctl_cmd_entry *entry;
659
660				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
661				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
662				io->io_hdr.flags |=
663					entry->flags & CTL_FLAG_DATA_MASK;
664			}
665			ctl_enqueue_isc(io);
666			break;
667
668		/* Performed on the Originating SC, XFER mode only */
669		case CTL_MSG_DATAMOVE: {
670			struct ctl_sg_entry *sgl;
671			int i, j;
672
673			io = msg_info.hdr.original_sc;
674			if (io == NULL) {
675				printf("%s: original_sc == NULL!\n", __func__);
676				/* XXX KDM do something here */
677				break;
678			}
679			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
680			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
681			/*
682			 * Keep track of this, we need to send it back over
683			 * when the datamove is complete.
684			 */
685			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
686
687			if (msg_info.dt.sg_sequence == 0) {
688				/*
689				 * XXX KDM we use the preallocated S/G list
690				 * here, but we'll need to change this to
691				 * dynamic allocation if we need larger S/G
692				 * lists.
693				 */
694				if (msg_info.dt.kern_sg_entries >
695				    sizeof(io->io_hdr.remote_sglist) /
696				    sizeof(io->io_hdr.remote_sglist[0])) {
697					printf("%s: number of S/G entries "
698					    "needed %u > allocated num %zd\n",
699					    __func__,
700					    msg_info.dt.kern_sg_entries,
701					    sizeof(io->io_hdr.remote_sglist)/
702					    sizeof(io->io_hdr.remote_sglist[0]));
703
704					/*
705					 * XXX KDM send a message back to
706					 * the other side to shut down the
707					 * DMA.  The error will come back
708					 * through via the normal channel.
709					 */
710					break;
711				}
712				sgl = io->io_hdr.remote_sglist;
713				memset(sgl, 0,
714				       sizeof(io->io_hdr.remote_sglist));
715
716				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
717
718				io->scsiio.kern_sg_entries =
719					msg_info.dt.kern_sg_entries;
720				io->scsiio.rem_sg_entries =
721					msg_info.dt.kern_sg_entries;
722				io->scsiio.kern_data_len =
723					msg_info.dt.kern_data_len;
724				io->scsiio.kern_total_len =
725					msg_info.dt.kern_total_len;
726				io->scsiio.kern_data_resid =
727					msg_info.dt.kern_data_resid;
728				io->scsiio.kern_rel_offset =
729					msg_info.dt.kern_rel_offset;
730				/*
731				 * Clear out per-DMA flags.
732				 */
733				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
734				/*
735				 * Add per-DMA flags that are set for this
736				 * particular DMA request.
737				 */
738				io->io_hdr.flags |= msg_info.dt.flags &
739						    CTL_FLAG_RDMA_MASK;
740			} else
741				sgl = (struct ctl_sg_entry *)
742					io->scsiio.kern_data_ptr;
743
744			for (i = msg_info.dt.sent_sg_entries, j = 0;
745			     i < (msg_info.dt.sent_sg_entries +
746			     msg_info.dt.cur_sg_entries); i++, j++) {
747				sgl[i].addr = msg_info.dt.sg_list[j].addr;
748				sgl[i].len = msg_info.dt.sg_list[j].len;
749
750#if 0
751				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
752				       __func__,
753				       msg_info.dt.sg_list[j].addr,
754				       msg_info.dt.sg_list[j].len,
755				       sgl[i].addr, sgl[i].len, j, i);
756#endif
757			}
758#if 0
759			memcpy(&sgl[msg_info.dt.sent_sg_entries],
760			       msg_info.dt.sg_list,
761			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
762#endif
763
764			/*
765			 * If this is the last piece of the I/O, we've got
766			 * the full S/G list.  Queue processing in the thread.
767			 * Otherwise wait for the next piece.
768			 */
769			if (msg_info.dt.sg_last != 0)
770				ctl_enqueue_isc(io);
771			break;
772		}
773		/* Performed on the Serializing (primary) SC, XFER mode only */
774		case CTL_MSG_DATAMOVE_DONE: {
775			if (msg_info.hdr.serializing_sc == NULL) {
776				printf("%s: serializing_sc == NULL!\n",
777				       __func__);
778				/* XXX KDM now what? */
779				break;
780			}
781			/*
782			 * We grab the sense information here in case
783			 * there was a failure, so we can return status
784			 * back to the initiator.
785			 */
786			io = msg_info.hdr.serializing_sc;
787			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
788			io->io_hdr.status = msg_info.hdr.status;
789			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
790			io->scsiio.sense_len = msg_info.scsi.sense_len;
791			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
792			io->io_hdr.port_status = msg_info.scsi.fetd_status;
793			io->scsiio.residual = msg_info.scsi.residual;
794			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
795			       sizeof(io->scsiio.sense_data));
796			ctl_enqueue_isc(io);
797			break;
798		}
799
800		/* Preformed on Originating SC, SER_ONLY mode */
801		case CTL_MSG_R2R:
802			io = msg_info.hdr.original_sc;
803			if (io == NULL) {
804				printf("%s: Major Bummer\n", __func__);
805				return;
806			} else {
807#if 0
808				printf("pOrig %x\n",(int) ctsio);
809#endif
810			}
811			io->io_hdr.msg_type = CTL_MSG_R2R;
812			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
813			ctl_enqueue_isc(io);
814			break;
815
816		/*
817		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
818		 * mode.
819		 * Performed on the Originating (i.e. secondary) SC in XFER
820		 * mode
821		 */
822		case CTL_MSG_FINISH_IO:
823			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
824				ctl_isc_handler_finish_xfer(ctl_softc,
825							    &msg_info);
826			else
827				ctl_isc_handler_finish_ser_only(ctl_softc,
828								&msg_info);
829			break;
830
831		/* Preformed on Originating SC */
832		case CTL_MSG_BAD_JUJU:
833			io = msg_info.hdr.original_sc;
834			if (io == NULL) {
835				printf("%s: Bad JUJU!, original_sc is NULL!\n",
836				       __func__);
837				break;
838			}
839			ctl_copy_sense_data(&msg_info, io);
840			/*
841			 * IO should have already been cleaned up on other
842			 * SC so clear this flag so we won't send a message
843			 * back to finish the IO there.
844			 */
845			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
846			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
847
848			/* io = msg_info.hdr.serializing_sc; */
849			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
850			ctl_enqueue_isc(io);
851			break;
852
853		/* Handle resets sent from the other side */
854		case CTL_MSG_MANAGE_TASKS: {
855			struct ctl_taskio *taskio;
856			taskio = (struct ctl_taskio *)ctl_alloc_io(
857				(void *)ctl_softc->othersc_pool);
858			if (taskio == NULL) {
859				printf("ctl_isc_event_handler: can't allocate "
860				       "ctl_io!\n");
861				/* Bad Juju */
862				/* should I just call the proper reset func
863				   here??? */
864				goto bailout;
865			}
866			ctl_zero_io((union ctl_io *)taskio);
867			taskio->io_hdr.io_type = CTL_IO_TASK;
868			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
869			taskio->io_hdr.nexus = msg_info.hdr.nexus;
870			taskio->task_action = msg_info.task.task_action;
871			taskio->tag_num = msg_info.task.tag_num;
872			taskio->tag_type = msg_info.task.tag_type;
873#ifdef CTL_TIME_IO
874			taskio->io_hdr.start_time = time_uptime;
875			getbintime(&taskio->io_hdr.start_bt);
876#if 0
877			cs_prof_gettime(&taskio->io_hdr.start_ticks);
878#endif
879#endif /* CTL_TIME_IO */
880			ctl_run_task((union ctl_io *)taskio);
881			break;
882		}
883		/* Persistent Reserve action which needs attention */
884		case CTL_MSG_PERS_ACTION:
885			presio = (struct ctl_prio *)ctl_alloc_io(
886				(void *)ctl_softc->othersc_pool);
887			if (presio == NULL) {
888				printf("ctl_isc_event_handler: can't allocate "
889				       "ctl_io!\n");
890				/* Bad Juju */
891				/* Need to set busy and send msg back */
892				goto bailout;
893			}
894			ctl_zero_io((union ctl_io *)presio);
895			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
896			presio->pr_msg = msg_info.pr;
897			ctl_enqueue_isc((union ctl_io *)presio);
898			break;
899		case CTL_MSG_SYNC_FE:
900			rcv_sync_msg = 1;
901			break;
902		default:
903		        printf("How did I get here?\n");
904		}
905	} else if (event == CTL_HA_EVT_MSG_SENT) {
906		if (param != CTL_HA_STATUS_SUCCESS) {
907			printf("Bad status from ctl_ha_msg_send status %d\n",
908			       param);
909		}
910		return;
911	} else if (event == CTL_HA_EVT_DISCONNECT) {
912		printf("CTL: Got a disconnect from Isc\n");
913		return;
914	} else {
915		printf("ctl_isc_event_handler: Unknown event %d\n", event);
916		return;
917	}
918
919bailout:
920	return;
921}
922
923static void
924ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
925{
926	struct scsi_sense_data *sense;
927
928	sense = &dest->scsiio.sense_data;
929	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
930	dest->scsiio.scsi_status = src->scsi.scsi_status;
931	dest->scsiio.sense_len = src->scsi.sense_len;
932	dest->io_hdr.status = src->hdr.status;
933}
934
935static int
936ctl_init(void)
937{
938	struct ctl_softc *softc;
939	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
940	struct ctl_port *port;
941        uint8_t sc_id =0;
942	int i, error, retval;
943	//int isc_retval;
944
945	retval = 0;
946	ctl_pause_rtr = 0;
947        rcv_sync_msg = 0;
948
949	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
950			       M_WAITOK | M_ZERO);
951	softc = control_softc;
952
953	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
954			      "cam/ctl");
955
956	softc->dev->si_drv1 = softc;
957
958	/*
959	 * By default, return a "bad LUN" peripheral qualifier for unknown
960	 * LUNs.  The user can override this default using the tunable or
961	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
962	 */
963	softc->inquiry_pq_no_lun = 1;
964	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
965			  &softc->inquiry_pq_no_lun);
966	sysctl_ctx_init(&softc->sysctl_ctx);
967	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
968		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
969		CTLFLAG_RD, 0, "CAM Target Layer");
970
971	if (softc->sysctl_tree == NULL) {
972		printf("%s: unable to allocate sysctl tree\n", __func__);
973		destroy_dev(softc->dev);
974		free(control_softc, M_DEVBUF);
975		control_softc = NULL;
976		return (ENOMEM);
977	}
978
979	SYSCTL_ADD_INT(&softc->sysctl_ctx,
980		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
981		       "inquiry_pq_no_lun", CTLFLAG_RW,
982		       &softc->inquiry_pq_no_lun, 0,
983		       "Report no lun possible for invalid LUNs");
984
985	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
986	mtx_init(&softc->pool_lock, "CTL pool mutex", NULL, MTX_DEF);
987	softc->open_count = 0;
988
989	/*
990	 * Default to actually sending a SYNCHRONIZE CACHE command down to
991	 * the drive.
992	 */
993	softc->flags = CTL_FLAG_REAL_SYNC;
994
995	/*
996	 * In Copan's HA scheme, the "master" and "slave" roles are
997	 * figured out through the slot the controller is in.  Although it
998	 * is an active/active system, someone has to be in charge.
999 	 */
1000#ifdef NEEDTOPORT
1001        scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
1002#endif
1003
1004        if (sc_id == 0) {
1005		softc->flags |= CTL_FLAG_MASTER_SHELF;
1006		persis_offset = 0;
1007	} else
1008		persis_offset = CTL_MAX_INITIATORS;
1009
1010	/*
1011	 * XXX KDM need to figure out where we want to get our target ID
1012	 * and WWID.  Is it different on each port?
1013	 */
1014	softc->target.id = 0;
1015	softc->target.wwid[0] = 0x12345678;
1016	softc->target.wwid[1] = 0x87654321;
1017	STAILQ_INIT(&softc->lun_list);
1018	STAILQ_INIT(&softc->pending_lun_queue);
1019	STAILQ_INIT(&softc->fe_list);
1020	STAILQ_INIT(&softc->port_list);
1021	STAILQ_INIT(&softc->be_list);
1022	STAILQ_INIT(&softc->io_pools);
1023	ctl_tpc_init(softc);
1024
1025	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1026			    &internal_pool)!= 0){
1027		printf("ctl: can't allocate %d entry internal pool, "
1028		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1029		return (ENOMEM);
1030	}
1031
1032	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1033			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1034		printf("ctl: can't allocate %d entry emergency pool, "
1035		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1036		ctl_pool_free(internal_pool);
1037		return (ENOMEM);
1038	}
1039
1040	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1041	                    &other_pool) != 0)
1042	{
1043		printf("ctl: can't allocate %d entry other SC pool, "
1044		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1045		ctl_pool_free(internal_pool);
1046		ctl_pool_free(emergency_pool);
1047		return (ENOMEM);
1048	}
1049
1050	softc->internal_pool = internal_pool;
1051	softc->emergency_pool = emergency_pool;
1052	softc->othersc_pool = other_pool;
1053
1054	if (worker_threads <= 0)
1055		worker_threads = max(1, mp_ncpus / 4);
1056	if (worker_threads > CTL_MAX_THREADS)
1057		worker_threads = CTL_MAX_THREADS;
1058
1059	for (i = 0; i < worker_threads; i++) {
1060		struct ctl_thread *thr = &softc->threads[i];
1061
1062		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1063		thr->ctl_softc = softc;
1064		STAILQ_INIT(&thr->incoming_queue);
1065		STAILQ_INIT(&thr->rtr_queue);
1066		STAILQ_INIT(&thr->done_queue);
1067		STAILQ_INIT(&thr->isc_queue);
1068
1069		error = kproc_kthread_add(ctl_work_thread, thr,
1070		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1071		if (error != 0) {
1072			printf("error creating CTL work thread!\n");
1073			ctl_pool_free(internal_pool);
1074			ctl_pool_free(emergency_pool);
1075			ctl_pool_free(other_pool);
1076			return (error);
1077		}
1078	}
1079	error = kproc_kthread_add(ctl_lun_thread, softc,
1080	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1081	if (error != 0) {
1082		printf("error creating CTL lun thread!\n");
1083		ctl_pool_free(internal_pool);
1084		ctl_pool_free(emergency_pool);
1085		ctl_pool_free(other_pool);
1086		return (error);
1087	}
1088	if (bootverbose)
1089		printf("ctl: CAM Target Layer loaded\n");
1090
1091	/*
1092	 * Initialize the ioctl front end.
1093	 */
1094	ctl_frontend_register(&ioctl_frontend);
1095	port = &softc->ioctl_info.port;
1096	port->frontend = &ioctl_frontend;
1097	sprintf(softc->ioctl_info.port_name, "ioctl");
1098	port->port_type = CTL_PORT_IOCTL;
1099	port->num_requested_ctl_io = 100;
1100	port->port_name = softc->ioctl_info.port_name;
1101	port->port_online = ctl_ioctl_online;
1102	port->port_offline = ctl_ioctl_offline;
1103	port->onoff_arg = &softc->ioctl_info;
1104	port->lun_enable = ctl_ioctl_lun_enable;
1105	port->lun_disable = ctl_ioctl_lun_disable;
1106	port->targ_lun_arg = &softc->ioctl_info;
1107	port->fe_datamove = ctl_ioctl_datamove;
1108	port->fe_done = ctl_ioctl_done;
1109	port->max_targets = 15;
1110	port->max_target_id = 15;
1111
1112	if (ctl_port_register(&softc->ioctl_info.port,
1113	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1114		printf("ctl: ioctl front end registration failed, will "
1115		       "continue anyway\n");
1116	}
1117
1118#ifdef CTL_IO_DELAY
1119	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1120		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1121		       sizeof(struct callout), CTL_TIMER_BYTES);
1122		return (EINVAL);
1123	}
1124#endif /* CTL_IO_DELAY */
1125
1126	return (0);
1127}
1128
1129void
1130ctl_shutdown(void)
1131{
1132	struct ctl_softc *softc;
1133	struct ctl_lun *lun, *next_lun;
1134	struct ctl_io_pool *pool;
1135
1136	softc = (struct ctl_softc *)control_softc;
1137
1138	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1139		printf("ctl: ioctl front end deregistration failed\n");
1140
1141	mtx_lock(&softc->ctl_lock);
1142
1143	/*
1144	 * Free up each LUN.
1145	 */
1146	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1147		next_lun = STAILQ_NEXT(lun, links);
1148		ctl_free_lun(lun);
1149	}
1150
1151	mtx_unlock(&softc->ctl_lock);
1152
1153	ctl_frontend_deregister(&ioctl_frontend);
1154
1155	/*
1156	 * This will rip the rug out from under any FETDs or anyone else
1157	 * that has a pool allocated.  Since we increment our module
1158	 * refcount any time someone outside the main CTL module allocates
1159	 * a pool, we shouldn't have any problems here.  The user won't be
1160	 * able to unload the CTL module until client modules have
1161	 * successfully unloaded.
1162	 */
1163	while ((pool = STAILQ_FIRST(&softc->io_pools)) != NULL)
1164		ctl_pool_free(pool);
1165
1166#if 0
1167	ctl_shutdown_thread(softc->work_thread);
1168	mtx_destroy(&softc->queue_lock);
1169#endif
1170
1171	ctl_tpc_shutdown(softc);
1172	mtx_destroy(&softc->pool_lock);
1173	mtx_destroy(&softc->ctl_lock);
1174
1175	destroy_dev(softc->dev);
1176
1177	sysctl_ctx_free(&softc->sysctl_ctx);
1178
1179	free(control_softc, M_DEVBUF);
1180	control_softc = NULL;
1181
1182	if (bootverbose)
1183		printf("ctl: CAM Target Layer unloaded\n");
1184}
1185
1186static int
1187ctl_module_event_handler(module_t mod, int what, void *arg)
1188{
1189
1190	switch (what) {
1191	case MOD_LOAD:
1192		return (ctl_init());
1193	case MOD_UNLOAD:
1194		return (EBUSY);
1195	default:
1196		return (EOPNOTSUPP);
1197	}
1198}
1199
1200/*
1201 * XXX KDM should we do some access checks here?  Bump a reference count to
1202 * prevent a CTL module from being unloaded while someone has it open?
1203 */
1204static int
1205ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1206{
1207	return (0);
1208}
1209
1210static int
1211ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1212{
1213	return (0);
1214}
1215
1216int
1217ctl_port_enable(ctl_port_type port_type)
1218{
1219	struct ctl_softc *softc;
1220	struct ctl_port *port;
1221
1222	if (ctl_is_single == 0) {
1223		union ctl_ha_msg msg_info;
1224		int isc_retval;
1225
1226#if 0
1227		printf("%s: HA mode, synchronizing frontend enable\n",
1228		        __func__);
1229#endif
1230		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1231	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1232		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1233			printf("Sync msg send error retval %d\n", isc_retval);
1234		}
1235		if (!rcv_sync_msg) {
1236			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1237			        sizeof(msg_info), 1);
1238		}
1239#if 0
1240        	printf("CTL:Frontend Enable\n");
1241	} else {
1242		printf("%s: single mode, skipping frontend synchronization\n",
1243		        __func__);
1244#endif
1245	}
1246
1247	softc = control_softc;
1248
1249	STAILQ_FOREACH(port, &softc->port_list, links) {
1250		if (port_type & port->port_type)
1251		{
1252#if 0
1253			printf("port %d\n", port->targ_port);
1254#endif
1255			ctl_port_online(port);
1256		}
1257	}
1258
1259	return (0);
1260}
1261
1262int
1263ctl_port_disable(ctl_port_type port_type)
1264{
1265	struct ctl_softc *softc;
1266	struct ctl_port *port;
1267
1268	softc = control_softc;
1269
1270	STAILQ_FOREACH(port, &softc->port_list, links) {
1271		if (port_type & port->port_type)
1272			ctl_port_offline(port);
1273	}
1274
1275	return (0);
1276}
1277
1278/*
1279 * Returns 0 for success, 1 for failure.
1280 * Currently the only failure mode is if there aren't enough entries
1281 * allocated.  So, in case of a failure, look at num_entries_dropped,
1282 * reallocate and try again.
1283 */
1284int
1285ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1286	      int *num_entries_filled, int *num_entries_dropped,
1287	      ctl_port_type port_type, int no_virtual)
1288{
1289	struct ctl_softc *softc;
1290	struct ctl_port *port;
1291	int entries_dropped, entries_filled;
1292	int retval;
1293	int i;
1294
1295	softc = control_softc;
1296
1297	retval = 0;
1298	entries_filled = 0;
1299	entries_dropped = 0;
1300
1301	i = 0;
1302	mtx_lock(&softc->ctl_lock);
1303	STAILQ_FOREACH(port, &softc->port_list, links) {
1304		struct ctl_port_entry *entry;
1305
1306		if ((port->port_type & port_type) == 0)
1307			continue;
1308
1309		if ((no_virtual != 0)
1310		 && (port->virtual_port != 0))
1311			continue;
1312
1313		if (entries_filled >= num_entries_alloced) {
1314			entries_dropped++;
1315			continue;
1316		}
1317		entry = &entries[i];
1318
1319		entry->port_type = port->port_type;
1320		strlcpy(entry->port_name, port->port_name,
1321			sizeof(entry->port_name));
1322		entry->physical_port = port->physical_port;
1323		entry->virtual_port = port->virtual_port;
1324		entry->wwnn = port->wwnn;
1325		entry->wwpn = port->wwpn;
1326
1327		i++;
1328		entries_filled++;
1329	}
1330
1331	mtx_unlock(&softc->ctl_lock);
1332
1333	if (entries_dropped > 0)
1334		retval = 1;
1335
1336	*num_entries_dropped = entries_dropped;
1337	*num_entries_filled = entries_filled;
1338
1339	return (retval);
1340}
1341
1342static void
1343ctl_ioctl_online(void *arg)
1344{
1345	struct ctl_ioctl_info *ioctl_info;
1346
1347	ioctl_info = (struct ctl_ioctl_info *)arg;
1348
1349	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1350}
1351
1352static void
1353ctl_ioctl_offline(void *arg)
1354{
1355	struct ctl_ioctl_info *ioctl_info;
1356
1357	ioctl_info = (struct ctl_ioctl_info *)arg;
1358
1359	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1360}
1361
1362/*
1363 * Remove an initiator by port number and initiator ID.
1364 * Returns 0 for success, -1 for failure.
1365 */
1366int
1367ctl_remove_initiator(struct ctl_port *port, int iid)
1368{
1369	struct ctl_softc *softc = control_softc;
1370
1371	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1372
1373	if (iid > CTL_MAX_INIT_PER_PORT) {
1374		printf("%s: initiator ID %u > maximun %u!\n",
1375		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1376		return (-1);
1377	}
1378
1379	mtx_lock(&softc->ctl_lock);
1380	port->wwpn_iid[iid].in_use--;
1381	port->wwpn_iid[iid].last_use = time_uptime;
1382	mtx_unlock(&softc->ctl_lock);
1383
1384	return (0);
1385}
1386
1387/*
1388 * Add an initiator to the initiator map.
1389 * Returns iid for success, < 0 for failure.
1390 */
1391int
1392ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1393{
1394	struct ctl_softc *softc = control_softc;
1395	time_t best_time;
1396	int i, best;
1397
1398	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1399
1400	if (iid >= CTL_MAX_INIT_PER_PORT) {
1401		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1402		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1403		free(name, M_CTL);
1404		return (-1);
1405	}
1406
1407	mtx_lock(&softc->ctl_lock);
1408
1409	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1410		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1411			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1412				iid = i;
1413				break;
1414			}
1415			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1416			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1417				iid = i;
1418				break;
1419			}
1420		}
1421	}
1422
1423	if (iid < 0) {
1424		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1425			if (port->wwpn_iid[i].in_use == 0 &&
1426			    port->wwpn_iid[i].wwpn == 0 &&
1427			    port->wwpn_iid[i].name == NULL) {
1428				iid = i;
1429				break;
1430			}
1431		}
1432	}
1433
1434	if (iid < 0) {
1435		best = -1;
1436		best_time = INT32_MAX;
1437		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1438			if (port->wwpn_iid[i].in_use == 0) {
1439				if (port->wwpn_iid[i].last_use < best_time) {
1440					best = i;
1441					best_time = port->wwpn_iid[i].last_use;
1442				}
1443			}
1444		}
1445		iid = best;
1446	}
1447
1448	if (iid < 0) {
1449		mtx_unlock(&softc->ctl_lock);
1450		free(name, M_CTL);
1451		return (-2);
1452	}
1453
1454	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1455		/*
1456		 * This is not an error yet.
1457		 */
1458		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1459#if 0
1460			printf("%s: port %d iid %u WWPN %#jx arrived"
1461			    " again\n", __func__, port->targ_port,
1462			    iid, (uintmax_t)wwpn);
1463#endif
1464			goto take;
1465		}
1466		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1467		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1468#if 0
1469			printf("%s: port %d iid %u name '%s' arrived"
1470			    " again\n", __func__, port->targ_port,
1471			    iid, name);
1472#endif
1473			goto take;
1474		}
1475
1476		/*
1477		 * This is an error, but what do we do about it?  The
1478		 * driver is telling us we have a new WWPN for this
1479		 * initiator ID, so we pretty much need to use it.
1480		 */
1481		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1482		    " but WWPN %#jx '%s' is still at that address\n",
1483		    __func__, port->targ_port, iid, wwpn, name,
1484		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1485		    port->wwpn_iid[iid].name);
1486
1487		/*
1488		 * XXX KDM clear have_ca and ua_pending on each LUN for
1489		 * this initiator.
1490		 */
1491	}
1492take:
1493	free(port->wwpn_iid[iid].name, M_CTL);
1494	port->wwpn_iid[iid].name = name;
1495	port->wwpn_iid[iid].wwpn = wwpn;
1496	port->wwpn_iid[iid].in_use++;
1497	mtx_unlock(&softc->ctl_lock);
1498
1499	return (iid);
1500}
1501
1502static int
1503ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1504{
1505	int len;
1506
1507	switch (port->port_type) {
1508	case CTL_PORT_FC:
1509	{
1510		struct scsi_transportid_fcp *id =
1511		    (struct scsi_transportid_fcp *)buf;
1512		if (port->wwpn_iid[iid].wwpn == 0)
1513			return (0);
1514		memset(id, 0, sizeof(*id));
1515		id->format_protocol = SCSI_PROTO_FC;
1516		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1517		return (sizeof(*id));
1518	}
1519	case CTL_PORT_ISCSI:
1520	{
1521		struct scsi_transportid_iscsi_port *id =
1522		    (struct scsi_transportid_iscsi_port *)buf;
1523		if (port->wwpn_iid[iid].name == NULL)
1524			return (0);
1525		memset(id, 0, 256);
1526		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1527		    SCSI_PROTO_ISCSI;
1528		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1529		len = roundup2(min(len, 252), 4);
1530		scsi_ulto2b(len, id->additional_length);
1531		return (sizeof(*id) + len);
1532	}
1533	case CTL_PORT_SAS:
1534	{
1535		struct scsi_transportid_sas *id =
1536		    (struct scsi_transportid_sas *)buf;
1537		if (port->wwpn_iid[iid].wwpn == 0)
1538			return (0);
1539		memset(id, 0, sizeof(*id));
1540		id->format_protocol = SCSI_PROTO_SAS;
1541		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1542		return (sizeof(*id));
1543	}
1544	default:
1545	{
1546		struct scsi_transportid_spi *id =
1547		    (struct scsi_transportid_spi *)buf;
1548		memset(id, 0, sizeof(*id));
1549		id->format_protocol = SCSI_PROTO_SPI;
1550		scsi_ulto2b(iid, id->scsi_addr);
1551		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1552		return (sizeof(*id));
1553	}
1554	}
1555}
1556
1557static int
1558ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1559{
1560	return (0);
1561}
1562
1563static int
1564ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1565{
1566	return (0);
1567}
1568
1569/*
1570 * Data movement routine for the CTL ioctl frontend port.
1571 */
1572static int
1573ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1574{
1575	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1576	struct ctl_sg_entry ext_entry, kern_entry;
1577	int ext_sglen, ext_sg_entries, kern_sg_entries;
1578	int ext_sg_start, ext_offset;
1579	int len_to_copy, len_copied;
1580	int kern_watermark, ext_watermark;
1581	int ext_sglist_malloced;
1582	int i, j;
1583
1584	ext_sglist_malloced = 0;
1585	ext_sg_start = 0;
1586	ext_offset = 0;
1587
1588	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1589
1590	/*
1591	 * If this flag is set, fake the data transfer.
1592	 */
1593	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1594		ctsio->ext_data_filled = ctsio->ext_data_len;
1595		goto bailout;
1596	}
1597
1598	/*
1599	 * To simplify things here, if we have a single buffer, stick it in
1600	 * a S/G entry and just make it a single entry S/G list.
1601	 */
1602	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1603		int len_seen;
1604
1605		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1606
1607		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1608							   M_WAITOK);
1609		ext_sglist_malloced = 1;
1610		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1611				   ext_sglen) != 0) {
1612			ctl_set_internal_failure(ctsio,
1613						 /*sks_valid*/ 0,
1614						 /*retry_count*/ 0);
1615			goto bailout;
1616		}
1617		ext_sg_entries = ctsio->ext_sg_entries;
1618		len_seen = 0;
1619		for (i = 0; i < ext_sg_entries; i++) {
1620			if ((len_seen + ext_sglist[i].len) >=
1621			     ctsio->ext_data_filled) {
1622				ext_sg_start = i;
1623				ext_offset = ctsio->ext_data_filled - len_seen;
1624				break;
1625			}
1626			len_seen += ext_sglist[i].len;
1627		}
1628	} else {
1629		ext_sglist = &ext_entry;
1630		ext_sglist->addr = ctsio->ext_data_ptr;
1631		ext_sglist->len = ctsio->ext_data_len;
1632		ext_sg_entries = 1;
1633		ext_sg_start = 0;
1634		ext_offset = ctsio->ext_data_filled;
1635	}
1636
1637	if (ctsio->kern_sg_entries > 0) {
1638		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1639		kern_sg_entries = ctsio->kern_sg_entries;
1640	} else {
1641		kern_sglist = &kern_entry;
1642		kern_sglist->addr = ctsio->kern_data_ptr;
1643		kern_sglist->len = ctsio->kern_data_len;
1644		kern_sg_entries = 1;
1645	}
1646
1647
1648	kern_watermark = 0;
1649	ext_watermark = ext_offset;
1650	len_copied = 0;
1651	for (i = ext_sg_start, j = 0;
1652	     i < ext_sg_entries && j < kern_sg_entries;) {
1653		uint8_t *ext_ptr, *kern_ptr;
1654
1655		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1656				      kern_sglist[j].len - kern_watermark);
1657
1658		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1659		ext_ptr = ext_ptr + ext_watermark;
1660		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1661			/*
1662			 * XXX KDM fix this!
1663			 */
1664			panic("need to implement bus address support");
1665#if 0
1666			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1667#endif
1668		} else
1669			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1670		kern_ptr = kern_ptr + kern_watermark;
1671
1672		kern_watermark += len_to_copy;
1673		ext_watermark += len_to_copy;
1674
1675		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1676		     CTL_FLAG_DATA_IN) {
1677			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1678					 "bytes to user\n", len_to_copy));
1679			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1680					 "to %p\n", kern_ptr, ext_ptr));
1681			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1682				ctl_set_internal_failure(ctsio,
1683							 /*sks_valid*/ 0,
1684							 /*retry_count*/ 0);
1685				goto bailout;
1686			}
1687		} else {
1688			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1689					 "bytes from user\n", len_to_copy));
1690			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1691					 "to %p\n", ext_ptr, kern_ptr));
1692			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1693				ctl_set_internal_failure(ctsio,
1694							 /*sks_valid*/ 0,
1695							 /*retry_count*/0);
1696				goto bailout;
1697			}
1698		}
1699
1700		len_copied += len_to_copy;
1701
1702		if (ext_sglist[i].len == ext_watermark) {
1703			i++;
1704			ext_watermark = 0;
1705		}
1706
1707		if (kern_sglist[j].len == kern_watermark) {
1708			j++;
1709			kern_watermark = 0;
1710		}
1711	}
1712
1713	ctsio->ext_data_filled += len_copied;
1714
1715	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1716			 "kern_sg_entries: %d\n", ext_sg_entries,
1717			 kern_sg_entries));
1718	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1719			 "kern_data_len = %d\n", ctsio->ext_data_len,
1720			 ctsio->kern_data_len));
1721
1722
1723	/* XXX KDM set residual?? */
1724bailout:
1725
1726	if (ext_sglist_malloced != 0)
1727		free(ext_sglist, M_CTL);
1728
1729	return (CTL_RETVAL_COMPLETE);
1730}
1731
1732/*
1733 * Serialize a command that went down the "wrong" side, and so was sent to
1734 * this controller for execution.  The logic is a little different than the
1735 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1736 * sent back to the other side, but in the success case, we execute the
1737 * command on this side (XFER mode) or tell the other side to execute it
1738 * (SER_ONLY mode).
1739 */
1740static int
1741ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1742{
1743	struct ctl_softc *ctl_softc;
1744	union ctl_ha_msg msg_info;
1745	struct ctl_lun *lun;
1746	int retval = 0;
1747	uint32_t targ_lun;
1748
1749	ctl_softc = control_softc;
1750
1751	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1752	lun = ctl_softc->ctl_luns[targ_lun];
1753	if (lun==NULL)
1754	{
1755		/*
1756		 * Why isn't LUN defined? The other side wouldn't
1757		 * send a cmd if the LUN is undefined.
1758		 */
1759		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1760
1761		/* "Logical unit not supported" */
1762		ctl_set_sense_data(&msg_info.scsi.sense_data,
1763				   lun,
1764				   /*sense_format*/SSD_TYPE_NONE,
1765				   /*current_error*/ 1,
1766				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1767				   /*asc*/ 0x25,
1768				   /*ascq*/ 0x00,
1769				   SSD_ELEM_NONE);
1770
1771		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1772		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1773		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1774		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1775		msg_info.hdr.serializing_sc = NULL;
1776		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1777	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1778				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1779		}
1780		return(1);
1781
1782	}
1783
1784	mtx_lock(&lun->lun_lock);
1785    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1786
1787	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1788		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1789		 ooa_links))) {
1790	case CTL_ACTION_BLOCK:
1791		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1792		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1793				  blocked_links);
1794		break;
1795	case CTL_ACTION_PASS:
1796	case CTL_ACTION_SKIP:
1797		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1798			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1799			ctl_enqueue_rtr((union ctl_io *)ctsio);
1800		} else {
1801
1802			/* send msg back to other side */
1803			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1804			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1805			msg_info.hdr.msg_type = CTL_MSG_R2R;
1806#if 0
1807			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1808#endif
1809		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1810			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1811			}
1812		}
1813		break;
1814	case CTL_ACTION_OVERLAP:
1815		/* OVERLAPPED COMMANDS ATTEMPTED */
1816		ctl_set_sense_data(&msg_info.scsi.sense_data,
1817				   lun,
1818				   /*sense_format*/SSD_TYPE_NONE,
1819				   /*current_error*/ 1,
1820				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1821				   /*asc*/ 0x4E,
1822				   /*ascq*/ 0x00,
1823				   SSD_ELEM_NONE);
1824
1825		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1826		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1827		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1828		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1829		msg_info.hdr.serializing_sc = NULL;
1830		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1831#if 0
1832		printf("BAD JUJU:Major Bummer Overlap\n");
1833#endif
1834		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1835		retval = 1;
1836		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1837		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1838		}
1839		break;
1840	case CTL_ACTION_OVERLAP_TAG:
1841		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1842		ctl_set_sense_data(&msg_info.scsi.sense_data,
1843				   lun,
1844				   /*sense_format*/SSD_TYPE_NONE,
1845				   /*current_error*/ 1,
1846				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1847				   /*asc*/ 0x4D,
1848				   /*ascq*/ ctsio->tag_num & 0xff,
1849				   SSD_ELEM_NONE);
1850
1851		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1852		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1853		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1854		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1855		msg_info.hdr.serializing_sc = NULL;
1856		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1857#if 0
1858		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1859#endif
1860		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1861		retval = 1;
1862		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1863		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1864		}
1865		break;
1866	case CTL_ACTION_ERROR:
1867	default:
1868		/* "Internal target failure" */
1869		ctl_set_sense_data(&msg_info.scsi.sense_data,
1870				   lun,
1871				   /*sense_format*/SSD_TYPE_NONE,
1872				   /*current_error*/ 1,
1873				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1874				   /*asc*/ 0x44,
1875				   /*ascq*/ 0x00,
1876				   SSD_ELEM_NONE);
1877
1878		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1879		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1880		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1881		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1882		msg_info.hdr.serializing_sc = NULL;
1883		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1884#if 0
1885		printf("BAD JUJU:Major Bummer HW Error\n");
1886#endif
1887		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1888		retval = 1;
1889		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1890		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1891		}
1892		break;
1893	}
1894	mtx_unlock(&lun->lun_lock);
1895	return (retval);
1896}
1897
1898static int
1899ctl_ioctl_submit_wait(union ctl_io *io)
1900{
1901	struct ctl_fe_ioctl_params params;
1902	ctl_fe_ioctl_state last_state;
1903	int done, retval;
1904
1905	retval = 0;
1906
1907	bzero(&params, sizeof(params));
1908
1909	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1910	cv_init(&params.sem, "ctlioccv");
1911	params.state = CTL_IOCTL_INPROG;
1912	last_state = params.state;
1913
1914	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1915
1916	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1917
1918	/* This shouldn't happen */
1919	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1920		return (retval);
1921
1922	done = 0;
1923
1924	do {
1925		mtx_lock(&params.ioctl_mtx);
1926		/*
1927		 * Check the state here, and don't sleep if the state has
1928		 * already changed (i.e. wakeup has already occured, but we
1929		 * weren't waiting yet).
1930		 */
1931		if (params.state == last_state) {
1932			/* XXX KDM cv_wait_sig instead? */
1933			cv_wait(&params.sem, &params.ioctl_mtx);
1934		}
1935		last_state = params.state;
1936
1937		switch (params.state) {
1938		case CTL_IOCTL_INPROG:
1939			/* Why did we wake up? */
1940			/* XXX KDM error here? */
1941			mtx_unlock(&params.ioctl_mtx);
1942			break;
1943		case CTL_IOCTL_DATAMOVE:
1944			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
1945
1946			/*
1947			 * change last_state back to INPROG to avoid
1948			 * deadlock on subsequent data moves.
1949			 */
1950			params.state = last_state = CTL_IOCTL_INPROG;
1951
1952			mtx_unlock(&params.ioctl_mtx);
1953			ctl_ioctl_do_datamove(&io->scsiio);
1954			/*
1955			 * Note that in some cases, most notably writes,
1956			 * this will queue the I/O and call us back later.
1957			 * In other cases, generally reads, this routine
1958			 * will immediately call back and wake us up,
1959			 * probably using our own context.
1960			 */
1961			io->scsiio.be_move_done(io);
1962			break;
1963		case CTL_IOCTL_DONE:
1964			mtx_unlock(&params.ioctl_mtx);
1965			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
1966			done = 1;
1967			break;
1968		default:
1969			mtx_unlock(&params.ioctl_mtx);
1970			/* XXX KDM error here? */
1971			break;
1972		}
1973	} while (done == 0);
1974
1975	mtx_destroy(&params.ioctl_mtx);
1976	cv_destroy(&params.sem);
1977
1978	return (CTL_RETVAL_COMPLETE);
1979}
1980
1981static void
1982ctl_ioctl_datamove(union ctl_io *io)
1983{
1984	struct ctl_fe_ioctl_params *params;
1985
1986	params = (struct ctl_fe_ioctl_params *)
1987		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
1988
1989	mtx_lock(&params->ioctl_mtx);
1990	params->state = CTL_IOCTL_DATAMOVE;
1991	cv_broadcast(&params->sem);
1992	mtx_unlock(&params->ioctl_mtx);
1993}
1994
1995static void
1996ctl_ioctl_done(union ctl_io *io)
1997{
1998	struct ctl_fe_ioctl_params *params;
1999
2000	params = (struct ctl_fe_ioctl_params *)
2001		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2002
2003	mtx_lock(&params->ioctl_mtx);
2004	params->state = CTL_IOCTL_DONE;
2005	cv_broadcast(&params->sem);
2006	mtx_unlock(&params->ioctl_mtx);
2007}
2008
2009static void
2010ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
2011{
2012	struct ctl_fe_ioctl_startstop_info *sd_info;
2013
2014	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
2015
2016	sd_info->hs_info.status = metatask->status;
2017	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
2018	sd_info->hs_info.luns_complete =
2019		metatask->taskinfo.startstop.luns_complete;
2020	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
2021
2022	cv_broadcast(&sd_info->sem);
2023}
2024
2025static void
2026ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
2027{
2028	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
2029
2030	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
2031
2032	mtx_lock(fe_bbr_info->lock);
2033	fe_bbr_info->bbr_info->status = metatask->status;
2034	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2035	fe_bbr_info->wakeup_done = 1;
2036	mtx_unlock(fe_bbr_info->lock);
2037
2038	cv_broadcast(&fe_bbr_info->sem);
2039}
2040
2041/*
2042 * Returns 0 for success, errno for failure.
2043 */
2044static int
2045ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2046		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2047{
2048	union ctl_io *io;
2049	int retval;
2050
2051	retval = 0;
2052
2053	mtx_lock(&lun->lun_lock);
2054	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2055	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2056	     ooa_links)) {
2057		struct ctl_ooa_entry *entry;
2058
2059		/*
2060		 * If we've got more than we can fit, just count the
2061		 * remaining entries.
2062		 */
2063		if (*cur_fill_num >= ooa_hdr->alloc_num)
2064			continue;
2065
2066		entry = &kern_entries[*cur_fill_num];
2067
2068		entry->tag_num = io->scsiio.tag_num;
2069		entry->lun_num = lun->lun;
2070#ifdef CTL_TIME_IO
2071		entry->start_bt = io->io_hdr.start_bt;
2072#endif
2073		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2074		entry->cdb_len = io->scsiio.cdb_len;
2075		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2076			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2077
2078		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2079			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2080
2081		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2082			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2083
2084		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2085			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2086
2087		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2088			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2089	}
2090	mtx_unlock(&lun->lun_lock);
2091
2092	return (retval);
2093}
2094
2095static void *
2096ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2097		 size_t error_str_len)
2098{
2099	void *kptr;
2100
2101	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2102
2103	if (copyin(user_addr, kptr, len) != 0) {
2104		snprintf(error_str, error_str_len, "Error copying %d bytes "
2105			 "from user address %p to kernel address %p", len,
2106			 user_addr, kptr);
2107		free(kptr, M_CTL);
2108		return (NULL);
2109	}
2110
2111	return (kptr);
2112}
2113
2114static void
2115ctl_free_args(int num_args, struct ctl_be_arg *args)
2116{
2117	int i;
2118
2119	if (args == NULL)
2120		return;
2121
2122	for (i = 0; i < num_args; i++) {
2123		free(args[i].kname, M_CTL);
2124		free(args[i].kvalue, M_CTL);
2125	}
2126
2127	free(args, M_CTL);
2128}
2129
2130static struct ctl_be_arg *
2131ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2132		char *error_str, size_t error_str_len)
2133{
2134	struct ctl_be_arg *args;
2135	int i;
2136
2137	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2138				error_str, error_str_len);
2139
2140	if (args == NULL)
2141		goto bailout;
2142
2143	for (i = 0; i < num_args; i++) {
2144		args[i].kname = NULL;
2145		args[i].kvalue = NULL;
2146	}
2147
2148	for (i = 0; i < num_args; i++) {
2149		uint8_t *tmpptr;
2150
2151		args[i].kname = ctl_copyin_alloc(args[i].name,
2152			args[i].namelen, error_str, error_str_len);
2153		if (args[i].kname == NULL)
2154			goto bailout;
2155
2156		if (args[i].kname[args[i].namelen - 1] != '\0') {
2157			snprintf(error_str, error_str_len, "Argument %d "
2158				 "name is not NUL-terminated", i);
2159			goto bailout;
2160		}
2161
2162		if (args[i].flags & CTL_BEARG_RD) {
2163			tmpptr = ctl_copyin_alloc(args[i].value,
2164				args[i].vallen, error_str, error_str_len);
2165			if (tmpptr == NULL)
2166				goto bailout;
2167			if ((args[i].flags & CTL_BEARG_ASCII)
2168			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2169				snprintf(error_str, error_str_len, "Argument "
2170				    "%d value is not NUL-terminated", i);
2171				goto bailout;
2172			}
2173			args[i].kvalue = tmpptr;
2174		} else {
2175			args[i].kvalue = malloc(args[i].vallen,
2176			    M_CTL, M_WAITOK | M_ZERO);
2177		}
2178	}
2179
2180	return (args);
2181bailout:
2182
2183	ctl_free_args(num_args, args);
2184
2185	return (NULL);
2186}
2187
2188static void
2189ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2190{
2191	int i;
2192
2193	for (i = 0; i < num_args; i++) {
2194		if (args[i].flags & CTL_BEARG_WR)
2195			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2196	}
2197}
2198
2199/*
2200 * Escape characters that are illegal or not recommended in XML.
2201 */
2202int
2203ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2204{
2205	char *end = str + size;
2206	int retval;
2207
2208	retval = 0;
2209
2210	for (; *str && str < end; str++) {
2211		switch (*str) {
2212		case '&':
2213			retval = sbuf_printf(sb, "&amp;");
2214			break;
2215		case '>':
2216			retval = sbuf_printf(sb, "&gt;");
2217			break;
2218		case '<':
2219			retval = sbuf_printf(sb, "&lt;");
2220			break;
2221		default:
2222			retval = sbuf_putc(sb, *str);
2223			break;
2224		}
2225
2226		if (retval != 0)
2227			break;
2228
2229	}
2230
2231	return (retval);
2232}
2233
2234static void
2235ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2236{
2237	struct scsi_vpd_id_descriptor *desc;
2238	int i;
2239
2240	if (id == NULL || id->len < 4)
2241		return;
2242	desc = (struct scsi_vpd_id_descriptor *)id->data;
2243	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2244	case SVPD_ID_TYPE_T10:
2245		sbuf_printf(sb, "t10.");
2246		break;
2247	case SVPD_ID_TYPE_EUI64:
2248		sbuf_printf(sb, "eui.");
2249		break;
2250	case SVPD_ID_TYPE_NAA:
2251		sbuf_printf(sb, "naa.");
2252		break;
2253	case SVPD_ID_TYPE_SCSI_NAME:
2254		break;
2255	}
2256	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2257	case SVPD_ID_CODESET_BINARY:
2258		for (i = 0; i < desc->length; i++)
2259			sbuf_printf(sb, "%02x", desc->identifier[i]);
2260		break;
2261	case SVPD_ID_CODESET_ASCII:
2262		sbuf_printf(sb, "%.*s", (int)desc->length,
2263		    (char *)desc->identifier);
2264		break;
2265	case SVPD_ID_CODESET_UTF8:
2266		sbuf_printf(sb, "%s", (char *)desc->identifier);
2267		break;
2268	}
2269}
2270
2271static int
2272ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2273	  struct thread *td)
2274{
2275	struct ctl_softc *softc;
2276	int retval;
2277
2278	softc = control_softc;
2279
2280	retval = 0;
2281
2282	switch (cmd) {
2283	case CTL_IO: {
2284		union ctl_io *io;
2285		void *pool_tmp;
2286
2287		/*
2288		 * If we haven't been "enabled", don't allow any SCSI I/O
2289		 * to this FETD.
2290		 */
2291		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2292			retval = EPERM;
2293			break;
2294		}
2295
2296		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2297		if (io == NULL) {
2298			printf("ctl_ioctl: can't allocate ctl_io!\n");
2299			retval = ENOSPC;
2300			break;
2301		}
2302
2303		/*
2304		 * Need to save the pool reference so it doesn't get
2305		 * spammed by the user's ctl_io.
2306		 */
2307		pool_tmp = io->io_hdr.pool;
2308
2309		memcpy(io, (void *)addr, sizeof(*io));
2310
2311		io->io_hdr.pool = pool_tmp;
2312		/*
2313		 * No status yet, so make sure the status is set properly.
2314		 */
2315		io->io_hdr.status = CTL_STATUS_NONE;
2316
2317		/*
2318		 * The user sets the initiator ID, target and LUN IDs.
2319		 */
2320		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2321		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2322		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2323		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2324			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2325
2326		retval = ctl_ioctl_submit_wait(io);
2327
2328		if (retval != 0) {
2329			ctl_free_io(io);
2330			break;
2331		}
2332
2333		memcpy((void *)addr, io, sizeof(*io));
2334
2335		/* return this to our pool */
2336		ctl_free_io(io);
2337
2338		break;
2339	}
2340	case CTL_ENABLE_PORT:
2341	case CTL_DISABLE_PORT:
2342	case CTL_SET_PORT_WWNS: {
2343		struct ctl_port *port;
2344		struct ctl_port_entry *entry;
2345
2346		entry = (struct ctl_port_entry *)addr;
2347
2348		mtx_lock(&softc->ctl_lock);
2349		STAILQ_FOREACH(port, &softc->port_list, links) {
2350			int action, done;
2351
2352			action = 0;
2353			done = 0;
2354
2355			if ((entry->port_type == CTL_PORT_NONE)
2356			 && (entry->targ_port == port->targ_port)) {
2357				/*
2358				 * If the user only wants to enable or
2359				 * disable or set WWNs on a specific port,
2360				 * do the operation and we're done.
2361				 */
2362				action = 1;
2363				done = 1;
2364			} else if (entry->port_type & port->port_type) {
2365				/*
2366				 * Compare the user's type mask with the
2367				 * particular frontend type to see if we
2368				 * have a match.
2369				 */
2370				action = 1;
2371				done = 0;
2372
2373				/*
2374				 * Make sure the user isn't trying to set
2375				 * WWNs on multiple ports at the same time.
2376				 */
2377				if (cmd == CTL_SET_PORT_WWNS) {
2378					printf("%s: Can't set WWNs on "
2379					       "multiple ports\n", __func__);
2380					retval = EINVAL;
2381					break;
2382				}
2383			}
2384			if (action != 0) {
2385				/*
2386				 * XXX KDM we have to drop the lock here,
2387				 * because the online/offline operations
2388				 * can potentially block.  We need to
2389				 * reference count the frontends so they
2390				 * can't go away,
2391				 */
2392				mtx_unlock(&softc->ctl_lock);
2393
2394				if (cmd == CTL_ENABLE_PORT) {
2395					struct ctl_lun *lun;
2396
2397					STAILQ_FOREACH(lun, &softc->lun_list,
2398						       links) {
2399						port->lun_enable(port->targ_lun_arg,
2400						    lun->target,
2401						    lun->lun);
2402					}
2403
2404					ctl_port_online(port);
2405				} else if (cmd == CTL_DISABLE_PORT) {
2406					struct ctl_lun *lun;
2407
2408					ctl_port_offline(port);
2409
2410					STAILQ_FOREACH(lun, &softc->lun_list,
2411						       links) {
2412						port->lun_disable(
2413						    port->targ_lun_arg,
2414						    lun->target,
2415						    lun->lun);
2416					}
2417				}
2418
2419				mtx_lock(&softc->ctl_lock);
2420
2421				if (cmd == CTL_SET_PORT_WWNS)
2422					ctl_port_set_wwns(port,
2423					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2424					    1 : 0, entry->wwnn,
2425					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2426					    1 : 0, entry->wwpn);
2427			}
2428			if (done != 0)
2429				break;
2430		}
2431		mtx_unlock(&softc->ctl_lock);
2432		break;
2433	}
2434	case CTL_GET_PORT_LIST: {
2435		struct ctl_port *port;
2436		struct ctl_port_list *list;
2437		int i;
2438
2439		list = (struct ctl_port_list *)addr;
2440
2441		if (list->alloc_len != (list->alloc_num *
2442		    sizeof(struct ctl_port_entry))) {
2443			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2444			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2445			       "%zu\n", __func__, list->alloc_len,
2446			       list->alloc_num, sizeof(struct ctl_port_entry));
2447			retval = EINVAL;
2448			break;
2449		}
2450		list->fill_len = 0;
2451		list->fill_num = 0;
2452		list->dropped_num = 0;
2453		i = 0;
2454		mtx_lock(&softc->ctl_lock);
2455		STAILQ_FOREACH(port, &softc->port_list, links) {
2456			struct ctl_port_entry entry, *list_entry;
2457
2458			if (list->fill_num >= list->alloc_num) {
2459				list->dropped_num++;
2460				continue;
2461			}
2462
2463			entry.port_type = port->port_type;
2464			strlcpy(entry.port_name, port->port_name,
2465				sizeof(entry.port_name));
2466			entry.targ_port = port->targ_port;
2467			entry.physical_port = port->physical_port;
2468			entry.virtual_port = port->virtual_port;
2469			entry.wwnn = port->wwnn;
2470			entry.wwpn = port->wwpn;
2471			if (port->status & CTL_PORT_STATUS_ONLINE)
2472				entry.online = 1;
2473			else
2474				entry.online = 0;
2475
2476			list_entry = &list->entries[i];
2477
2478			retval = copyout(&entry, list_entry, sizeof(entry));
2479			if (retval != 0) {
2480				printf("%s: CTL_GET_PORT_LIST: copyout "
2481				       "returned %d\n", __func__, retval);
2482				break;
2483			}
2484			i++;
2485			list->fill_num++;
2486			list->fill_len += sizeof(entry);
2487		}
2488		mtx_unlock(&softc->ctl_lock);
2489
2490		/*
2491		 * If this is non-zero, we had a copyout fault, so there's
2492		 * probably no point in attempting to set the status inside
2493		 * the structure.
2494		 */
2495		if (retval != 0)
2496			break;
2497
2498		if (list->dropped_num > 0)
2499			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2500		else
2501			list->status = CTL_PORT_LIST_OK;
2502		break;
2503	}
2504	case CTL_DUMP_OOA: {
2505		struct ctl_lun *lun;
2506		union ctl_io *io;
2507		char printbuf[128];
2508		struct sbuf sb;
2509
2510		mtx_lock(&softc->ctl_lock);
2511		printf("Dumping OOA queues:\n");
2512		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2513			mtx_lock(&lun->lun_lock);
2514			for (io = (union ctl_io *)TAILQ_FIRST(
2515			     &lun->ooa_queue); io != NULL;
2516			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2517			     ooa_links)) {
2518				sbuf_new(&sb, printbuf, sizeof(printbuf),
2519					 SBUF_FIXEDLEN);
2520				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2521					    (intmax_t)lun->lun,
2522					    io->scsiio.tag_num,
2523					    (io->io_hdr.flags &
2524					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2525					    (io->io_hdr.flags &
2526					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2527					    (io->io_hdr.flags &
2528					    CTL_FLAG_ABORT) ? " ABORT" : "",
2529			                    (io->io_hdr.flags &
2530		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2531				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2532				sbuf_finish(&sb);
2533				printf("%s\n", sbuf_data(&sb));
2534			}
2535			mtx_unlock(&lun->lun_lock);
2536		}
2537		printf("OOA queues dump done\n");
2538		mtx_unlock(&softc->ctl_lock);
2539		break;
2540	}
2541	case CTL_GET_OOA: {
2542		struct ctl_lun *lun;
2543		struct ctl_ooa *ooa_hdr;
2544		struct ctl_ooa_entry *entries;
2545		uint32_t cur_fill_num;
2546
2547		ooa_hdr = (struct ctl_ooa *)addr;
2548
2549		if ((ooa_hdr->alloc_len == 0)
2550		 || (ooa_hdr->alloc_num == 0)) {
2551			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2552			       "must be non-zero\n", __func__,
2553			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2554			retval = EINVAL;
2555			break;
2556		}
2557
2558		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2559		    sizeof(struct ctl_ooa_entry))) {
2560			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2561			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2562			       __func__, ooa_hdr->alloc_len,
2563			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2564			retval = EINVAL;
2565			break;
2566		}
2567
2568		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2569		if (entries == NULL) {
2570			printf("%s: could not allocate %d bytes for OOA "
2571			       "dump\n", __func__, ooa_hdr->alloc_len);
2572			retval = ENOMEM;
2573			break;
2574		}
2575
2576		mtx_lock(&softc->ctl_lock);
2577		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2578		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2579		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2580			mtx_unlock(&softc->ctl_lock);
2581			free(entries, M_CTL);
2582			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2583			       __func__, (uintmax_t)ooa_hdr->lun_num);
2584			retval = EINVAL;
2585			break;
2586		}
2587
2588		cur_fill_num = 0;
2589
2590		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2591			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2592				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2593					ooa_hdr, entries);
2594				if (retval != 0)
2595					break;
2596			}
2597			if (retval != 0) {
2598				mtx_unlock(&softc->ctl_lock);
2599				free(entries, M_CTL);
2600				break;
2601			}
2602		} else {
2603			lun = softc->ctl_luns[ooa_hdr->lun_num];
2604
2605			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2606						    entries);
2607		}
2608		mtx_unlock(&softc->ctl_lock);
2609
2610		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2611		ooa_hdr->fill_len = ooa_hdr->fill_num *
2612			sizeof(struct ctl_ooa_entry);
2613		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2614		if (retval != 0) {
2615			printf("%s: error copying out %d bytes for OOA dump\n",
2616			       __func__, ooa_hdr->fill_len);
2617		}
2618
2619		getbintime(&ooa_hdr->cur_bt);
2620
2621		if (cur_fill_num > ooa_hdr->alloc_num) {
2622			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2623			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2624		} else {
2625			ooa_hdr->dropped_num = 0;
2626			ooa_hdr->status = CTL_OOA_OK;
2627		}
2628
2629		free(entries, M_CTL);
2630		break;
2631	}
2632	case CTL_CHECK_OOA: {
2633		union ctl_io *io;
2634		struct ctl_lun *lun;
2635		struct ctl_ooa_info *ooa_info;
2636
2637
2638		ooa_info = (struct ctl_ooa_info *)addr;
2639
2640		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2641			ooa_info->status = CTL_OOA_INVALID_LUN;
2642			break;
2643		}
2644		mtx_lock(&softc->ctl_lock);
2645		lun = softc->ctl_luns[ooa_info->lun_id];
2646		if (lun == NULL) {
2647			mtx_unlock(&softc->ctl_lock);
2648			ooa_info->status = CTL_OOA_INVALID_LUN;
2649			break;
2650		}
2651		mtx_lock(&lun->lun_lock);
2652		mtx_unlock(&softc->ctl_lock);
2653		ooa_info->num_entries = 0;
2654		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2655		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2656		     &io->io_hdr, ooa_links)) {
2657			ooa_info->num_entries++;
2658		}
2659		mtx_unlock(&lun->lun_lock);
2660
2661		ooa_info->status = CTL_OOA_SUCCESS;
2662
2663		break;
2664	}
2665	case CTL_HARD_START:
2666	case CTL_HARD_STOP: {
2667		struct ctl_fe_ioctl_startstop_info ss_info;
2668		struct cfi_metatask *metatask;
2669		struct mtx hs_mtx;
2670
2671		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2672
2673		cv_init(&ss_info.sem, "hard start/stop cv" );
2674
2675		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2676		if (metatask == NULL) {
2677			retval = ENOMEM;
2678			mtx_destroy(&hs_mtx);
2679			break;
2680		}
2681
2682		if (cmd == CTL_HARD_START)
2683			metatask->tasktype = CFI_TASK_STARTUP;
2684		else
2685			metatask->tasktype = CFI_TASK_SHUTDOWN;
2686
2687		metatask->callback = ctl_ioctl_hard_startstop_callback;
2688		metatask->callback_arg = &ss_info;
2689
2690		cfi_action(metatask);
2691
2692		/* Wait for the callback */
2693		mtx_lock(&hs_mtx);
2694		cv_wait_sig(&ss_info.sem, &hs_mtx);
2695		mtx_unlock(&hs_mtx);
2696
2697		/*
2698		 * All information has been copied from the metatask by the
2699		 * time cv_broadcast() is called, so we free the metatask here.
2700		 */
2701		cfi_free_metatask(metatask);
2702
2703		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2704
2705		mtx_destroy(&hs_mtx);
2706		break;
2707	}
2708	case CTL_BBRREAD: {
2709		struct ctl_bbrread_info *bbr_info;
2710		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2711		struct mtx bbr_mtx;
2712		struct cfi_metatask *metatask;
2713
2714		bbr_info = (struct ctl_bbrread_info *)addr;
2715
2716		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2717
2718		bzero(&bbr_mtx, sizeof(bbr_mtx));
2719		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2720
2721		fe_bbr_info.bbr_info = bbr_info;
2722		fe_bbr_info.lock = &bbr_mtx;
2723
2724		cv_init(&fe_bbr_info.sem, "BBR read cv");
2725		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2726
2727		if (metatask == NULL) {
2728			mtx_destroy(&bbr_mtx);
2729			cv_destroy(&fe_bbr_info.sem);
2730			retval = ENOMEM;
2731			break;
2732		}
2733		metatask->tasktype = CFI_TASK_BBRREAD;
2734		metatask->callback = ctl_ioctl_bbrread_callback;
2735		metatask->callback_arg = &fe_bbr_info;
2736		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2737		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2738		metatask->taskinfo.bbrread.len = bbr_info->len;
2739
2740		cfi_action(metatask);
2741
2742		mtx_lock(&bbr_mtx);
2743		while (fe_bbr_info.wakeup_done == 0)
2744			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2745		mtx_unlock(&bbr_mtx);
2746
2747		bbr_info->status = metatask->status;
2748		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2749		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2750		memcpy(&bbr_info->sense_data,
2751		       &metatask->taskinfo.bbrread.sense_data,
2752		       ctl_min(sizeof(bbr_info->sense_data),
2753			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2754
2755		cfi_free_metatask(metatask);
2756
2757		mtx_destroy(&bbr_mtx);
2758		cv_destroy(&fe_bbr_info.sem);
2759
2760		break;
2761	}
2762	case CTL_DELAY_IO: {
2763		struct ctl_io_delay_info *delay_info;
2764#ifdef CTL_IO_DELAY
2765		struct ctl_lun *lun;
2766#endif /* CTL_IO_DELAY */
2767
2768		delay_info = (struct ctl_io_delay_info *)addr;
2769
2770#ifdef CTL_IO_DELAY
2771		mtx_lock(&softc->ctl_lock);
2772
2773		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2774		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2775			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2776		} else {
2777			lun = softc->ctl_luns[delay_info->lun_id];
2778			mtx_lock(&lun->lun_lock);
2779
2780			delay_info->status = CTL_DELAY_STATUS_OK;
2781
2782			switch (delay_info->delay_type) {
2783			case CTL_DELAY_TYPE_CONT:
2784				break;
2785			case CTL_DELAY_TYPE_ONESHOT:
2786				break;
2787			default:
2788				delay_info->status =
2789					CTL_DELAY_STATUS_INVALID_TYPE;
2790				break;
2791			}
2792
2793			switch (delay_info->delay_loc) {
2794			case CTL_DELAY_LOC_DATAMOVE:
2795				lun->delay_info.datamove_type =
2796					delay_info->delay_type;
2797				lun->delay_info.datamove_delay =
2798					delay_info->delay_secs;
2799				break;
2800			case CTL_DELAY_LOC_DONE:
2801				lun->delay_info.done_type =
2802					delay_info->delay_type;
2803				lun->delay_info.done_delay =
2804					delay_info->delay_secs;
2805				break;
2806			default:
2807				delay_info->status =
2808					CTL_DELAY_STATUS_INVALID_LOC;
2809				break;
2810			}
2811			mtx_unlock(&lun->lun_lock);
2812		}
2813
2814		mtx_unlock(&softc->ctl_lock);
2815#else
2816		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2817#endif /* CTL_IO_DELAY */
2818		break;
2819	}
2820	case CTL_REALSYNC_SET: {
2821		int *syncstate;
2822
2823		syncstate = (int *)addr;
2824
2825		mtx_lock(&softc->ctl_lock);
2826		switch (*syncstate) {
2827		case 0:
2828			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2829			break;
2830		case 1:
2831			softc->flags |= CTL_FLAG_REAL_SYNC;
2832			break;
2833		default:
2834			retval = EINVAL;
2835			break;
2836		}
2837		mtx_unlock(&softc->ctl_lock);
2838		break;
2839	}
2840	case CTL_REALSYNC_GET: {
2841		int *syncstate;
2842
2843		syncstate = (int*)addr;
2844
2845		mtx_lock(&softc->ctl_lock);
2846		if (softc->flags & CTL_FLAG_REAL_SYNC)
2847			*syncstate = 1;
2848		else
2849			*syncstate = 0;
2850		mtx_unlock(&softc->ctl_lock);
2851
2852		break;
2853	}
2854	case CTL_SETSYNC:
2855	case CTL_GETSYNC: {
2856		struct ctl_sync_info *sync_info;
2857		struct ctl_lun *lun;
2858
2859		sync_info = (struct ctl_sync_info *)addr;
2860
2861		mtx_lock(&softc->ctl_lock);
2862		lun = softc->ctl_luns[sync_info->lun_id];
2863		if (lun == NULL) {
2864			mtx_unlock(&softc->ctl_lock);
2865			sync_info->status = CTL_GS_SYNC_NO_LUN;
2866		}
2867		/*
2868		 * Get or set the sync interval.  We're not bounds checking
2869		 * in the set case, hopefully the user won't do something
2870		 * silly.
2871		 */
2872		mtx_lock(&lun->lun_lock);
2873		mtx_unlock(&softc->ctl_lock);
2874		if (cmd == CTL_GETSYNC)
2875			sync_info->sync_interval = lun->sync_interval;
2876		else
2877			lun->sync_interval = sync_info->sync_interval;
2878		mtx_unlock(&lun->lun_lock);
2879
2880		sync_info->status = CTL_GS_SYNC_OK;
2881
2882		break;
2883	}
2884	case CTL_GETSTATS: {
2885		struct ctl_stats *stats;
2886		struct ctl_lun *lun;
2887		int i;
2888
2889		stats = (struct ctl_stats *)addr;
2890
2891		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2892		     stats->alloc_len) {
2893			stats->status = CTL_SS_NEED_MORE_SPACE;
2894			stats->num_luns = softc->num_luns;
2895			break;
2896		}
2897		/*
2898		 * XXX KDM no locking here.  If the LUN list changes,
2899		 * things can blow up.
2900		 */
2901		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2902		     i++, lun = STAILQ_NEXT(lun, links)) {
2903			retval = copyout(&lun->stats, &stats->lun_stats[i],
2904					 sizeof(lun->stats));
2905			if (retval != 0)
2906				break;
2907		}
2908		stats->num_luns = softc->num_luns;
2909		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2910				 softc->num_luns;
2911		stats->status = CTL_SS_OK;
2912#ifdef CTL_TIME_IO
2913		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2914#else
2915		stats->flags = CTL_STATS_FLAG_NONE;
2916#endif
2917		getnanouptime(&stats->timestamp);
2918		break;
2919	}
2920	case CTL_ERROR_INJECT: {
2921		struct ctl_error_desc *err_desc, *new_err_desc;
2922		struct ctl_lun *lun;
2923
2924		err_desc = (struct ctl_error_desc *)addr;
2925
2926		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2927				      M_WAITOK | M_ZERO);
2928		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2929
2930		mtx_lock(&softc->ctl_lock);
2931		lun = softc->ctl_luns[err_desc->lun_id];
2932		if (lun == NULL) {
2933			mtx_unlock(&softc->ctl_lock);
2934			free(new_err_desc, M_CTL);
2935			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2936			       __func__, (uintmax_t)err_desc->lun_id);
2937			retval = EINVAL;
2938			break;
2939		}
2940		mtx_lock(&lun->lun_lock);
2941		mtx_unlock(&softc->ctl_lock);
2942
2943		/*
2944		 * We could do some checking here to verify the validity
2945		 * of the request, but given the complexity of error
2946		 * injection requests, the checking logic would be fairly
2947		 * complex.
2948		 *
2949		 * For now, if the request is invalid, it just won't get
2950		 * executed and might get deleted.
2951		 */
2952		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2953
2954		/*
2955		 * XXX KDM check to make sure the serial number is unique,
2956		 * in case we somehow manage to wrap.  That shouldn't
2957		 * happen for a very long time, but it's the right thing to
2958		 * do.
2959		 */
2960		new_err_desc->serial = lun->error_serial;
2961		err_desc->serial = lun->error_serial;
2962		lun->error_serial++;
2963
2964		mtx_unlock(&lun->lun_lock);
2965		break;
2966	}
2967	case CTL_ERROR_INJECT_DELETE: {
2968		struct ctl_error_desc *delete_desc, *desc, *desc2;
2969		struct ctl_lun *lun;
2970		int delete_done;
2971
2972		delete_desc = (struct ctl_error_desc *)addr;
2973		delete_done = 0;
2974
2975		mtx_lock(&softc->ctl_lock);
2976		lun = softc->ctl_luns[delete_desc->lun_id];
2977		if (lun == NULL) {
2978			mtx_unlock(&softc->ctl_lock);
2979			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2980			       __func__, (uintmax_t)delete_desc->lun_id);
2981			retval = EINVAL;
2982			break;
2983		}
2984		mtx_lock(&lun->lun_lock);
2985		mtx_unlock(&softc->ctl_lock);
2986		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2987			if (desc->serial != delete_desc->serial)
2988				continue;
2989
2990			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2991				      links);
2992			free(desc, M_CTL);
2993			delete_done = 1;
2994		}
2995		mtx_unlock(&lun->lun_lock);
2996		if (delete_done == 0) {
2997			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2998			       "error serial %ju on LUN %u\n", __func__,
2999			       delete_desc->serial, delete_desc->lun_id);
3000			retval = EINVAL;
3001			break;
3002		}
3003		break;
3004	}
3005	case CTL_DUMP_STRUCTS: {
3006		int i, j, k, idx;
3007		struct ctl_port *port;
3008		struct ctl_frontend *fe;
3009
3010		mtx_lock(&softc->ctl_lock);
3011		printf("CTL Persistent Reservation information start:\n");
3012		for (i = 0; i < CTL_MAX_LUNS; i++) {
3013			struct ctl_lun *lun;
3014
3015			lun = softc->ctl_luns[i];
3016
3017			if ((lun == NULL)
3018			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3019				continue;
3020
3021			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
3022				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3023					idx = j * CTL_MAX_INIT_PER_PORT + k;
3024					if (lun->pr_keys[idx] == 0)
3025						continue;
3026					printf("  LUN %d port %d iid %d key "
3027					       "%#jx\n", i, j, k,
3028					       (uintmax_t)lun->pr_keys[idx]);
3029				}
3030			}
3031		}
3032		printf("CTL Persistent Reservation information end\n");
3033		printf("CTL Ports:\n");
3034		STAILQ_FOREACH(port, &softc->port_list, links) {
3035			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3036			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3037			       port->frontend->name, port->port_type,
3038			       port->physical_port, port->virtual_port,
3039			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3040			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3041				if (port->wwpn_iid[j].in_use == 0 &&
3042				    port->wwpn_iid[j].wwpn == 0 &&
3043				    port->wwpn_iid[j].name == NULL)
3044					continue;
3045
3046				printf("    iid %u use %d WWPN %#jx '%s'\n",
3047				    j, port->wwpn_iid[j].in_use,
3048				    (uintmax_t)port->wwpn_iid[j].wwpn,
3049				    port->wwpn_iid[j].name);
3050			}
3051		}
3052		printf("CTL Port information end\n");
3053		mtx_unlock(&softc->ctl_lock);
3054		/*
3055		 * XXX KDM calling this without a lock.  We'd likely want
3056		 * to drop the lock before calling the frontend's dump
3057		 * routine anyway.
3058		 */
3059		printf("CTL Frontends:\n");
3060		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3061			printf("  Frontend '%s'\n", fe->name);
3062			if (fe->fe_dump != NULL)
3063				fe->fe_dump();
3064		}
3065		printf("CTL Frontend information end\n");
3066		break;
3067	}
3068	case CTL_LUN_REQ: {
3069		struct ctl_lun_req *lun_req;
3070		struct ctl_backend_driver *backend;
3071
3072		lun_req = (struct ctl_lun_req *)addr;
3073
3074		backend = ctl_backend_find(lun_req->backend);
3075		if (backend == NULL) {
3076			lun_req->status = CTL_LUN_ERROR;
3077			snprintf(lun_req->error_str,
3078				 sizeof(lun_req->error_str),
3079				 "Backend \"%s\" not found.",
3080				 lun_req->backend);
3081			break;
3082		}
3083		if (lun_req->num_be_args > 0) {
3084			lun_req->kern_be_args = ctl_copyin_args(
3085				lun_req->num_be_args,
3086				lun_req->be_args,
3087				lun_req->error_str,
3088				sizeof(lun_req->error_str));
3089			if (lun_req->kern_be_args == NULL) {
3090				lun_req->status = CTL_LUN_ERROR;
3091				break;
3092			}
3093		}
3094
3095		retval = backend->ioctl(dev, cmd, addr, flag, td);
3096
3097		if (lun_req->num_be_args > 0) {
3098			ctl_copyout_args(lun_req->num_be_args,
3099				      lun_req->kern_be_args);
3100			ctl_free_args(lun_req->num_be_args,
3101				      lun_req->kern_be_args);
3102		}
3103		break;
3104	}
3105	case CTL_LUN_LIST: {
3106		struct sbuf *sb;
3107		struct ctl_lun *lun;
3108		struct ctl_lun_list *list;
3109		struct ctl_option *opt;
3110
3111		list = (struct ctl_lun_list *)addr;
3112
3113		/*
3114		 * Allocate a fixed length sbuf here, based on the length
3115		 * of the user's buffer.  We could allocate an auto-extending
3116		 * buffer, and then tell the user how much larger our
3117		 * amount of data is than his buffer, but that presents
3118		 * some problems:
3119		 *
3120		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3121		 *     we can't hold a lock while calling them with an
3122		 *     auto-extending buffer.
3123 		 *
3124		 * 2.  There is not currently a LUN reference counting
3125		 *     mechanism, outside of outstanding transactions on
3126		 *     the LUN's OOA queue.  So a LUN could go away on us
3127		 *     while we're getting the LUN number, backend-specific
3128		 *     information, etc.  Thus, given the way things
3129		 *     currently work, we need to hold the CTL lock while
3130		 *     grabbing LUN information.
3131		 *
3132		 * So, from the user's standpoint, the best thing to do is
3133		 * allocate what he thinks is a reasonable buffer length,
3134		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3135		 * double the buffer length and try again.  (And repeat
3136		 * that until he succeeds.)
3137		 */
3138		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3139		if (sb == NULL) {
3140			list->status = CTL_LUN_LIST_ERROR;
3141			snprintf(list->error_str, sizeof(list->error_str),
3142				 "Unable to allocate %d bytes for LUN list",
3143				 list->alloc_len);
3144			break;
3145		}
3146
3147		sbuf_printf(sb, "<ctllunlist>\n");
3148
3149		mtx_lock(&softc->ctl_lock);
3150		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3151			mtx_lock(&lun->lun_lock);
3152			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3153					     (uintmax_t)lun->lun);
3154
3155			/*
3156			 * Bail out as soon as we see that we've overfilled
3157			 * the buffer.
3158			 */
3159			if (retval != 0)
3160				break;
3161
3162			retval = sbuf_printf(sb, "\t<backend_type>%s"
3163					     "</backend_type>\n",
3164					     (lun->backend == NULL) ?  "none" :
3165					     lun->backend->name);
3166
3167			if (retval != 0)
3168				break;
3169
3170			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3171					     lun->be_lun->lun_type);
3172
3173			if (retval != 0)
3174				break;
3175
3176			if (lun->backend == NULL) {
3177				retval = sbuf_printf(sb, "</lun>\n");
3178				if (retval != 0)
3179					break;
3180				continue;
3181			}
3182
3183			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3184					     (lun->be_lun->maxlba > 0) ?
3185					     lun->be_lun->maxlba + 1 : 0);
3186
3187			if (retval != 0)
3188				break;
3189
3190			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3191					     lun->be_lun->blocksize);
3192
3193			if (retval != 0)
3194				break;
3195
3196			retval = sbuf_printf(sb, "\t<serial_number>");
3197
3198			if (retval != 0)
3199				break;
3200
3201			retval = ctl_sbuf_printf_esc(sb,
3202			    lun->be_lun->serial_num,
3203			    sizeof(lun->be_lun->serial_num));
3204
3205			if (retval != 0)
3206				break;
3207
3208			retval = sbuf_printf(sb, "</serial_number>\n");
3209
3210			if (retval != 0)
3211				break;
3212
3213			retval = sbuf_printf(sb, "\t<device_id>");
3214
3215			if (retval != 0)
3216				break;
3217
3218			retval = ctl_sbuf_printf_esc(sb,
3219			    lun->be_lun->device_id,
3220			    sizeof(lun->be_lun->device_id));
3221
3222			if (retval != 0)
3223				break;
3224
3225			retval = sbuf_printf(sb, "</device_id>\n");
3226
3227			if (retval != 0)
3228				break;
3229
3230			if (lun->backend->lun_info != NULL) {
3231				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3232				if (retval != 0)
3233					break;
3234			}
3235			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3236				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3237				    opt->name, opt->value, opt->name);
3238				if (retval != 0)
3239					break;
3240			}
3241
3242			retval = sbuf_printf(sb, "</lun>\n");
3243
3244			if (retval != 0)
3245				break;
3246			mtx_unlock(&lun->lun_lock);
3247		}
3248		if (lun != NULL)
3249			mtx_unlock(&lun->lun_lock);
3250		mtx_unlock(&softc->ctl_lock);
3251
3252		if ((retval != 0)
3253		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3254			retval = 0;
3255			sbuf_delete(sb);
3256			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3257			snprintf(list->error_str, sizeof(list->error_str),
3258				 "Out of space, %d bytes is too small",
3259				 list->alloc_len);
3260			break;
3261		}
3262
3263		sbuf_finish(sb);
3264
3265		retval = copyout(sbuf_data(sb), list->lun_xml,
3266				 sbuf_len(sb) + 1);
3267
3268		list->fill_len = sbuf_len(sb) + 1;
3269		list->status = CTL_LUN_LIST_OK;
3270		sbuf_delete(sb);
3271		break;
3272	}
3273	case CTL_ISCSI: {
3274		struct ctl_iscsi *ci;
3275		struct ctl_frontend *fe;
3276
3277		ci = (struct ctl_iscsi *)addr;
3278
3279		fe = ctl_frontend_find("iscsi");
3280		if (fe == NULL) {
3281			ci->status = CTL_ISCSI_ERROR;
3282			snprintf(ci->error_str, sizeof(ci->error_str),
3283			    "Frontend \"iscsi\" not found.");
3284			break;
3285		}
3286
3287		retval = fe->ioctl(dev, cmd, addr, flag, td);
3288		break;
3289	}
3290	case CTL_PORT_REQ: {
3291		struct ctl_req *req;
3292		struct ctl_frontend *fe;
3293
3294		req = (struct ctl_req *)addr;
3295
3296		fe = ctl_frontend_find(req->driver);
3297		if (fe == NULL) {
3298			req->status = CTL_LUN_ERROR;
3299			snprintf(req->error_str, sizeof(req->error_str),
3300			    "Frontend \"%s\" not found.", req->driver);
3301			break;
3302		}
3303		if (req->num_args > 0) {
3304			req->kern_args = ctl_copyin_args(req->num_args,
3305			    req->args, req->error_str, sizeof(req->error_str));
3306			if (req->kern_args == NULL) {
3307				req->status = CTL_LUN_ERROR;
3308				break;
3309			}
3310		}
3311
3312		retval = fe->ioctl(dev, cmd, addr, flag, td);
3313
3314		if (req->num_args > 0) {
3315			ctl_copyout_args(req->num_args, req->kern_args);
3316			ctl_free_args(req->num_args, req->kern_args);
3317		}
3318		break;
3319	}
3320	case CTL_PORT_LIST: {
3321		struct sbuf *sb;
3322		struct ctl_port *port;
3323		struct ctl_lun_list *list;
3324		struct ctl_option *opt;
3325		int j;
3326
3327		list = (struct ctl_lun_list *)addr;
3328
3329		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3330		if (sb == NULL) {
3331			list->status = CTL_LUN_LIST_ERROR;
3332			snprintf(list->error_str, sizeof(list->error_str),
3333				 "Unable to allocate %d bytes for LUN list",
3334				 list->alloc_len);
3335			break;
3336		}
3337
3338		sbuf_printf(sb, "<ctlportlist>\n");
3339
3340		mtx_lock(&softc->ctl_lock);
3341		STAILQ_FOREACH(port, &softc->port_list, links) {
3342			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3343					     (uintmax_t)port->targ_port);
3344
3345			/*
3346			 * Bail out as soon as we see that we've overfilled
3347			 * the buffer.
3348			 */
3349			if (retval != 0)
3350				break;
3351
3352			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3353			    "</frontend_type>\n", port->frontend->name);
3354			if (retval != 0)
3355				break;
3356
3357			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3358					     port->port_type);
3359			if (retval != 0)
3360				break;
3361
3362			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3363			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3364			if (retval != 0)
3365				break;
3366
3367			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3368			    port->port_name);
3369			if (retval != 0)
3370				break;
3371
3372			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3373			    port->physical_port);
3374			if (retval != 0)
3375				break;
3376
3377			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3378			    port->virtual_port);
3379			if (retval != 0)
3380				break;
3381
3382			if (port->target_devid != NULL) {
3383				sbuf_printf(sb, "\t<target>");
3384				ctl_id_sbuf(port->target_devid, sb);
3385				sbuf_printf(sb, "</target>\n");
3386			}
3387
3388			if (port->port_devid != NULL) {
3389				sbuf_printf(sb, "\t<port>");
3390				ctl_id_sbuf(port->port_devid, sb);
3391				sbuf_printf(sb, "</port>\n");
3392			}
3393
3394			if (port->port_info != NULL) {
3395				retval = port->port_info(port->onoff_arg, sb);
3396				if (retval != 0)
3397					break;
3398			}
3399			STAILQ_FOREACH(opt, &port->options, links) {
3400				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3401				    opt->name, opt->value, opt->name);
3402				if (retval != 0)
3403					break;
3404			}
3405
3406			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3407				if (port->wwpn_iid[j].in_use == 0 ||
3408				    (port->wwpn_iid[j].wwpn == 0 &&
3409				     port->wwpn_iid[j].name == NULL))
3410					continue;
3411
3412				if (port->wwpn_iid[j].name != NULL)
3413					retval = sbuf_printf(sb,
3414					    "\t<initiator>%u %s</initiator>\n",
3415					    j, port->wwpn_iid[j].name);
3416				else
3417					retval = sbuf_printf(sb,
3418					    "\t<initiator>%u naa.%08jx</initiator>\n",
3419					    j, port->wwpn_iid[j].wwpn);
3420				if (retval != 0)
3421					break;
3422			}
3423			if (retval != 0)
3424				break;
3425
3426			retval = sbuf_printf(sb, "</targ_port>\n");
3427			if (retval != 0)
3428				break;
3429		}
3430		mtx_unlock(&softc->ctl_lock);
3431
3432		if ((retval != 0)
3433		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3434			retval = 0;
3435			sbuf_delete(sb);
3436			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3437			snprintf(list->error_str, sizeof(list->error_str),
3438				 "Out of space, %d bytes is too small",
3439				 list->alloc_len);
3440			break;
3441		}
3442
3443		sbuf_finish(sb);
3444
3445		retval = copyout(sbuf_data(sb), list->lun_xml,
3446				 sbuf_len(sb) + 1);
3447
3448		list->fill_len = sbuf_len(sb) + 1;
3449		list->status = CTL_LUN_LIST_OK;
3450		sbuf_delete(sb);
3451		break;
3452	}
3453	default: {
3454		/* XXX KDM should we fix this? */
3455#if 0
3456		struct ctl_backend_driver *backend;
3457		unsigned int type;
3458		int found;
3459
3460		found = 0;
3461
3462		/*
3463		 * We encode the backend type as the ioctl type for backend
3464		 * ioctls.  So parse it out here, and then search for a
3465		 * backend of this type.
3466		 */
3467		type = _IOC_TYPE(cmd);
3468
3469		STAILQ_FOREACH(backend, &softc->be_list, links) {
3470			if (backend->type == type) {
3471				found = 1;
3472				break;
3473			}
3474		}
3475		if (found == 0) {
3476			printf("ctl: unknown ioctl command %#lx or backend "
3477			       "%d\n", cmd, type);
3478			retval = EINVAL;
3479			break;
3480		}
3481		retval = backend->ioctl(dev, cmd, addr, flag, td);
3482#endif
3483		retval = ENOTTY;
3484		break;
3485	}
3486	}
3487	return (retval);
3488}
3489
3490uint32_t
3491ctl_get_initindex(struct ctl_nexus *nexus)
3492{
3493	if (nexus->targ_port < CTL_MAX_PORTS)
3494		return (nexus->initid.id +
3495			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3496	else
3497		return (nexus->initid.id +
3498		       ((nexus->targ_port - CTL_MAX_PORTS) *
3499			CTL_MAX_INIT_PER_PORT));
3500}
3501
3502uint32_t
3503ctl_get_resindex(struct ctl_nexus *nexus)
3504{
3505	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3506}
3507
3508uint32_t
3509ctl_port_idx(int port_num)
3510{
3511	if (port_num < CTL_MAX_PORTS)
3512		return(port_num);
3513	else
3514		return(port_num - CTL_MAX_PORTS);
3515}
3516
3517static uint32_t
3518ctl_map_lun(int port_num, uint32_t lun_id)
3519{
3520	struct ctl_port *port;
3521
3522	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3523	if (port == NULL)
3524		return (UINT32_MAX);
3525	if (port->lun_map == NULL)
3526		return (lun_id);
3527	return (port->lun_map(port->targ_lun_arg, lun_id));
3528}
3529
3530static uint32_t
3531ctl_map_lun_back(int port_num, uint32_t lun_id)
3532{
3533	struct ctl_port *port;
3534	uint32_t i;
3535
3536	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3537	if (port->lun_map == NULL)
3538		return (lun_id);
3539	for (i = 0; i < CTL_MAX_LUNS; i++) {
3540		if (port->lun_map(port->targ_lun_arg, i) == lun_id)
3541			return (i);
3542	}
3543	return (UINT32_MAX);
3544}
3545
3546/*
3547 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3548 * that are a power of 2.
3549 */
3550int
3551ctl_ffz(uint32_t *mask, uint32_t size)
3552{
3553	uint32_t num_chunks, num_pieces;
3554	int i, j;
3555
3556	num_chunks = (size >> 5);
3557	if (num_chunks == 0)
3558		num_chunks++;
3559	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3560
3561	for (i = 0; i < num_chunks; i++) {
3562		for (j = 0; j < num_pieces; j++) {
3563			if ((mask[i] & (1 << j)) == 0)
3564				return ((i << 5) + j);
3565		}
3566	}
3567
3568	return (-1);
3569}
3570
3571int
3572ctl_set_mask(uint32_t *mask, uint32_t bit)
3573{
3574	uint32_t chunk, piece;
3575
3576	chunk = bit >> 5;
3577	piece = bit % (sizeof(uint32_t) * 8);
3578
3579	if ((mask[chunk] & (1 << piece)) != 0)
3580		return (-1);
3581	else
3582		mask[chunk] |= (1 << piece);
3583
3584	return (0);
3585}
3586
3587int
3588ctl_clear_mask(uint32_t *mask, uint32_t bit)
3589{
3590	uint32_t chunk, piece;
3591
3592	chunk = bit >> 5;
3593	piece = bit % (sizeof(uint32_t) * 8);
3594
3595	if ((mask[chunk] & (1 << piece)) == 0)
3596		return (-1);
3597	else
3598		mask[chunk] &= ~(1 << piece);
3599
3600	return (0);
3601}
3602
3603int
3604ctl_is_set(uint32_t *mask, uint32_t bit)
3605{
3606	uint32_t chunk, piece;
3607
3608	chunk = bit >> 5;
3609	piece = bit % (sizeof(uint32_t) * 8);
3610
3611	if ((mask[chunk] & (1 << piece)) == 0)
3612		return (0);
3613	else
3614		return (1);
3615}
3616
3617#ifdef unused
3618/*
3619 * The bus, target and lun are optional, they can be filled in later.
3620 * can_wait is used to determine whether we can wait on the malloc or not.
3621 */
3622union ctl_io*
3623ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3624	      uint32_t targ_lun, int can_wait)
3625{
3626	union ctl_io *io;
3627
3628	if (can_wait)
3629		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3630	else
3631		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3632
3633	if (io != NULL) {
3634		io->io_hdr.io_type = io_type;
3635		io->io_hdr.targ_port = targ_port;
3636		/*
3637		 * XXX KDM this needs to change/go away.  We need to move
3638		 * to a preallocated pool of ctl_scsiio structures.
3639		 */
3640		io->io_hdr.nexus.targ_target.id = targ_target;
3641		io->io_hdr.nexus.targ_lun = targ_lun;
3642	}
3643
3644	return (io);
3645}
3646
3647void
3648ctl_kfree_io(union ctl_io *io)
3649{
3650	free(io, M_CTL);
3651}
3652#endif /* unused */
3653
3654/*
3655 * ctl_softc, pool_type, total_ctl_io are passed in.
3656 * npool is passed out.
3657 */
3658int
3659ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3660		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3661{
3662	uint32_t i;
3663	union ctl_io *cur_io, *next_io;
3664	struct ctl_io_pool *pool;
3665	int retval;
3666
3667	retval = 0;
3668
3669	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3670					    M_NOWAIT | M_ZERO);
3671	if (pool == NULL) {
3672		retval = ENOMEM;
3673		goto bailout;
3674	}
3675
3676	pool->type = pool_type;
3677	pool->ctl_softc = ctl_softc;
3678
3679	mtx_lock(&ctl_softc->pool_lock);
3680	pool->id = ctl_softc->cur_pool_id++;
3681	mtx_unlock(&ctl_softc->pool_lock);
3682
3683	pool->flags = CTL_POOL_FLAG_NONE;
3684	pool->refcount = 1;		/* Reference for validity. */
3685	STAILQ_INIT(&pool->free_queue);
3686
3687	/*
3688	 * XXX KDM other options here:
3689	 * - allocate a page at a time
3690	 * - allocate one big chunk of memory.
3691	 * Page allocation might work well, but would take a little more
3692	 * tracking.
3693	 */
3694	for (i = 0; i < total_ctl_io; i++) {
3695		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTLIO,
3696						M_NOWAIT);
3697		if (cur_io == NULL) {
3698			retval = ENOMEM;
3699			break;
3700		}
3701		cur_io->io_hdr.pool = pool;
3702		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3703		pool->total_ctl_io++;
3704		pool->free_ctl_io++;
3705	}
3706
3707	if (retval != 0) {
3708		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3709		     cur_io != NULL; cur_io = next_io) {
3710			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3711							      links);
3712			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3713				      ctl_io_hdr, links);
3714			free(cur_io, M_CTLIO);
3715		}
3716
3717		free(pool, M_CTL);
3718		goto bailout;
3719	}
3720	mtx_lock(&ctl_softc->pool_lock);
3721	ctl_softc->num_pools++;
3722	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3723	/*
3724	 * Increment our usage count if this is an external consumer, so we
3725	 * can't get unloaded until the external consumer (most likely a
3726	 * FETD) unloads and frees his pool.
3727	 *
3728	 * XXX KDM will this increment the caller's module use count, or
3729	 * mine?
3730	 */
3731#if 0
3732	if ((pool_type != CTL_POOL_EMERGENCY)
3733	 && (pool_type != CTL_POOL_INTERNAL)
3734	 && (pool_type != CTL_POOL_4OTHERSC))
3735		MOD_INC_USE_COUNT;
3736#endif
3737
3738	mtx_unlock(&ctl_softc->pool_lock);
3739
3740	*npool = pool;
3741
3742bailout:
3743
3744	return (retval);
3745}
3746
3747static int
3748ctl_pool_acquire(struct ctl_io_pool *pool)
3749{
3750
3751	mtx_assert(&pool->ctl_softc->pool_lock, MA_OWNED);
3752
3753	if (pool->flags & CTL_POOL_FLAG_INVALID)
3754		return (EINVAL);
3755
3756	pool->refcount++;
3757
3758	return (0);
3759}
3760
3761static void
3762ctl_pool_release(struct ctl_io_pool *pool)
3763{
3764	struct ctl_softc *ctl_softc = pool->ctl_softc;
3765	union ctl_io *io;
3766
3767	mtx_assert(&ctl_softc->pool_lock, MA_OWNED);
3768
3769	if (--pool->refcount != 0)
3770		return;
3771
3772	while ((io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue)) != NULL) {
3773		STAILQ_REMOVE(&pool->free_queue, &io->io_hdr, ctl_io_hdr,
3774			      links);
3775		free(io, M_CTLIO);
3776	}
3777
3778	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3779	ctl_softc->num_pools--;
3780
3781	/*
3782	 * XXX KDM will this decrement the caller's usage count or mine?
3783	 */
3784#if 0
3785	if ((pool->type != CTL_POOL_EMERGENCY)
3786	 && (pool->type != CTL_POOL_INTERNAL)
3787	 && (pool->type != CTL_POOL_4OTHERSC))
3788		MOD_DEC_USE_COUNT;
3789#endif
3790
3791	free(pool, M_CTL);
3792}
3793
3794void
3795ctl_pool_free(struct ctl_io_pool *pool)
3796{
3797	struct ctl_softc *ctl_softc;
3798
3799	if (pool == NULL)
3800		return;
3801
3802	ctl_softc = pool->ctl_softc;
3803	mtx_lock(&ctl_softc->pool_lock);
3804	pool->flags |= CTL_POOL_FLAG_INVALID;
3805	ctl_pool_release(pool);
3806	mtx_unlock(&ctl_softc->pool_lock);
3807}
3808
3809/*
3810 * This routine does not block (except for spinlocks of course).
3811 * It tries to allocate a ctl_io union from the caller's pool as quickly as
3812 * possible.
3813 */
3814union ctl_io *
3815ctl_alloc_io(void *pool_ref)
3816{
3817	union ctl_io *io;
3818	struct ctl_softc *ctl_softc;
3819	struct ctl_io_pool *pool, *npool;
3820	struct ctl_io_pool *emergency_pool;
3821
3822	pool = (struct ctl_io_pool *)pool_ref;
3823
3824	if (pool == NULL) {
3825		printf("%s: pool is NULL\n", __func__);
3826		return (NULL);
3827	}
3828
3829	emergency_pool = NULL;
3830
3831	ctl_softc = pool->ctl_softc;
3832
3833	mtx_lock(&ctl_softc->pool_lock);
3834	/*
3835	 * First, try to get the io structure from the user's pool.
3836	 */
3837	if (ctl_pool_acquire(pool) == 0) {
3838		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3839		if (io != NULL) {
3840			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3841			pool->total_allocated++;
3842			pool->free_ctl_io--;
3843			mtx_unlock(&ctl_softc->pool_lock);
3844			return (io);
3845		} else
3846			ctl_pool_release(pool);
3847	}
3848	/*
3849	 * If he doesn't have any io structures left, search for an
3850	 * emergency pool and grab one from there.
3851	 */
3852	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3853		if (npool->type != CTL_POOL_EMERGENCY)
3854			continue;
3855
3856		if (ctl_pool_acquire(npool) != 0)
3857			continue;
3858
3859		emergency_pool = npool;
3860
3861		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3862		if (io != NULL) {
3863			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3864			npool->total_allocated++;
3865			npool->free_ctl_io--;
3866			mtx_unlock(&ctl_softc->pool_lock);
3867			return (io);
3868		} else
3869			ctl_pool_release(npool);
3870	}
3871
3872	/* Drop the spinlock before we malloc */
3873	mtx_unlock(&ctl_softc->pool_lock);
3874
3875	/*
3876	 * The emergency pool (if it exists) didn't have one, so try an
3877	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3878	 */
3879	io = (union ctl_io *)malloc(sizeof(*io), M_CTLIO, M_NOWAIT);
3880	if (io != NULL) {
3881		/*
3882		 * If the emergency pool exists but is empty, add this
3883		 * ctl_io to its list when it gets freed.
3884		 */
3885		if (emergency_pool != NULL) {
3886			mtx_lock(&ctl_softc->pool_lock);
3887			if (ctl_pool_acquire(emergency_pool) == 0) {
3888				io->io_hdr.pool = emergency_pool;
3889				emergency_pool->total_ctl_io++;
3890				/*
3891				 * Need to bump this, otherwise
3892				 * total_allocated and total_freed won't
3893				 * match when we no longer have anything
3894				 * outstanding.
3895				 */
3896				emergency_pool->total_allocated++;
3897			}
3898			mtx_unlock(&ctl_softc->pool_lock);
3899		} else
3900			io->io_hdr.pool = NULL;
3901	}
3902
3903	return (io);
3904}
3905
3906void
3907ctl_free_io(union ctl_io *io)
3908{
3909	if (io == NULL)
3910		return;
3911
3912	/*
3913	 * If this ctl_io has a pool, return it to that pool.
3914	 */
3915	if (io->io_hdr.pool != NULL) {
3916		struct ctl_io_pool *pool;
3917
3918		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3919		mtx_lock(&pool->ctl_softc->pool_lock);
3920		io->io_hdr.io_type = 0xff;
3921		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3922		pool->total_freed++;
3923		pool->free_ctl_io++;
3924		ctl_pool_release(pool);
3925		mtx_unlock(&pool->ctl_softc->pool_lock);
3926	} else {
3927		/*
3928		 * Otherwise, just free it.  We probably malloced it and
3929		 * the emergency pool wasn't available.
3930		 */
3931		free(io, M_CTLIO);
3932	}
3933
3934}
3935
3936void
3937ctl_zero_io(union ctl_io *io)
3938{
3939	void *pool_ref;
3940
3941	if (io == NULL)
3942		return;
3943
3944	/*
3945	 * May need to preserve linked list pointers at some point too.
3946	 */
3947	pool_ref = io->io_hdr.pool;
3948
3949	memset(io, 0, sizeof(*io));
3950
3951	io->io_hdr.pool = pool_ref;
3952}
3953
3954/*
3955 * This routine is currently used for internal copies of ctl_ios that need
3956 * to persist for some reason after we've already returned status to the
3957 * FETD.  (Thus the flag set.)
3958 *
3959 * XXX XXX
3960 * Note that this makes a blind copy of all fields in the ctl_io, except
3961 * for the pool reference.  This includes any memory that has been
3962 * allocated!  That memory will no longer be valid after done has been
3963 * called, so this would be VERY DANGEROUS for command that actually does
3964 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3965 * start and stop commands, which don't transfer any data, so this is not a
3966 * problem.  If it is used for anything else, the caller would also need to
3967 * allocate data buffer space and this routine would need to be modified to
3968 * copy the data buffer(s) as well.
3969 */
3970void
3971ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3972{
3973	void *pool_ref;
3974
3975	if ((src == NULL)
3976	 || (dest == NULL))
3977		return;
3978
3979	/*
3980	 * May need to preserve linked list pointers at some point too.
3981	 */
3982	pool_ref = dest->io_hdr.pool;
3983
3984	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
3985
3986	dest->io_hdr.pool = pool_ref;
3987	/*
3988	 * We need to know that this is an internal copy, and doesn't need
3989	 * to get passed back to the FETD that allocated it.
3990	 */
3991	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3992}
3993
3994/*
3995 * This routine could be used in the future to load default and/or saved
3996 * mode page parameters for a particuar lun.
3997 */
3998static int
3999ctl_init_page_index(struct ctl_lun *lun)
4000{
4001	int i;
4002	struct ctl_page_index *page_index;
4003	const char *value;
4004
4005	memcpy(&lun->mode_pages.index, page_index_template,
4006	       sizeof(page_index_template));
4007
4008	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4009
4010		page_index = &lun->mode_pages.index[i];
4011		/*
4012		 * If this is a disk-only mode page, there's no point in
4013		 * setting it up.  For some pages, we have to have some
4014		 * basic information about the disk in order to calculate the
4015		 * mode page data.
4016		 */
4017		if ((lun->be_lun->lun_type != T_DIRECT)
4018		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4019			continue;
4020
4021		switch (page_index->page_code & SMPH_PC_MASK) {
4022		case SMS_RW_ERROR_RECOVERY_PAGE: {
4023			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4024				panic("subpage is incorrect!");
4025			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4026			       &rw_er_page_default,
4027			       sizeof(rw_er_page_default));
4028			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4029			       &rw_er_page_changeable,
4030			       sizeof(rw_er_page_changeable));
4031			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4032			       &rw_er_page_default,
4033			       sizeof(rw_er_page_default));
4034			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4035			       &rw_er_page_default,
4036			       sizeof(rw_er_page_default));
4037			page_index->page_data =
4038				(uint8_t *)lun->mode_pages.rw_er_page;
4039			break;
4040		}
4041		case SMS_FORMAT_DEVICE_PAGE: {
4042			struct scsi_format_page *format_page;
4043
4044			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4045				panic("subpage is incorrect!");
4046
4047			/*
4048			 * Sectors per track are set above.  Bytes per
4049			 * sector need to be set here on a per-LUN basis.
4050			 */
4051			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4052			       &format_page_default,
4053			       sizeof(format_page_default));
4054			memcpy(&lun->mode_pages.format_page[
4055			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4056			       sizeof(format_page_changeable));
4057			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4058			       &format_page_default,
4059			       sizeof(format_page_default));
4060			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4061			       &format_page_default,
4062			       sizeof(format_page_default));
4063
4064			format_page = &lun->mode_pages.format_page[
4065				CTL_PAGE_CURRENT];
4066			scsi_ulto2b(lun->be_lun->blocksize,
4067				    format_page->bytes_per_sector);
4068
4069			format_page = &lun->mode_pages.format_page[
4070				CTL_PAGE_DEFAULT];
4071			scsi_ulto2b(lun->be_lun->blocksize,
4072				    format_page->bytes_per_sector);
4073
4074			format_page = &lun->mode_pages.format_page[
4075				CTL_PAGE_SAVED];
4076			scsi_ulto2b(lun->be_lun->blocksize,
4077				    format_page->bytes_per_sector);
4078
4079			page_index->page_data =
4080				(uint8_t *)lun->mode_pages.format_page;
4081			break;
4082		}
4083		case SMS_RIGID_DISK_PAGE: {
4084			struct scsi_rigid_disk_page *rigid_disk_page;
4085			uint32_t sectors_per_cylinder;
4086			uint64_t cylinders;
4087#ifndef	__XSCALE__
4088			int shift;
4089#endif /* !__XSCALE__ */
4090
4091			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4092				panic("invalid subpage value %d",
4093				      page_index->subpage);
4094
4095			/*
4096			 * Rotation rate and sectors per track are set
4097			 * above.  We calculate the cylinders here based on
4098			 * capacity.  Due to the number of heads and
4099			 * sectors per track we're using, smaller arrays
4100			 * may turn out to have 0 cylinders.  Linux and
4101			 * FreeBSD don't pay attention to these mode pages
4102			 * to figure out capacity, but Solaris does.  It
4103			 * seems to deal with 0 cylinders just fine, and
4104			 * works out a fake geometry based on the capacity.
4105			 */
4106			memcpy(&lun->mode_pages.rigid_disk_page[
4107			       CTL_PAGE_CURRENT], &rigid_disk_page_default,
4108			       sizeof(rigid_disk_page_default));
4109			memcpy(&lun->mode_pages.rigid_disk_page[
4110			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4111			       sizeof(rigid_disk_page_changeable));
4112			memcpy(&lun->mode_pages.rigid_disk_page[
4113			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4114			       sizeof(rigid_disk_page_default));
4115			memcpy(&lun->mode_pages.rigid_disk_page[
4116			       CTL_PAGE_SAVED], &rigid_disk_page_default,
4117			       sizeof(rigid_disk_page_default));
4118
4119			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4120				CTL_DEFAULT_HEADS;
4121
4122			/*
4123			 * The divide method here will be more accurate,
4124			 * probably, but results in floating point being
4125			 * used in the kernel on i386 (__udivdi3()).  On the
4126			 * XScale, though, __udivdi3() is implemented in
4127			 * software.
4128			 *
4129			 * The shift method for cylinder calculation is
4130			 * accurate if sectors_per_cylinder is a power of
4131			 * 2.  Otherwise it might be slightly off -- you
4132			 * might have a bit of a truncation problem.
4133			 */
4134#ifdef	__XSCALE__
4135			cylinders = (lun->be_lun->maxlba + 1) /
4136				sectors_per_cylinder;
4137#else
4138			for (shift = 31; shift > 0; shift--) {
4139				if (sectors_per_cylinder & (1 << shift))
4140					break;
4141			}
4142			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4143#endif
4144
4145			/*
4146			 * We've basically got 3 bytes, or 24 bits for the
4147			 * cylinder size in the mode page.  If we're over,
4148			 * just round down to 2^24.
4149			 */
4150			if (cylinders > 0xffffff)
4151				cylinders = 0xffffff;
4152
4153			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4154				CTL_PAGE_CURRENT];
4155			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4156
4157			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4158				CTL_PAGE_DEFAULT];
4159			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4160
4161			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4162				CTL_PAGE_SAVED];
4163			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4164
4165			page_index->page_data =
4166				(uint8_t *)lun->mode_pages.rigid_disk_page;
4167			break;
4168		}
4169		case SMS_CACHING_PAGE: {
4170			struct scsi_caching_page *caching_page;
4171
4172			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4173				panic("invalid subpage value %d",
4174				      page_index->subpage);
4175			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4176			       &caching_page_default,
4177			       sizeof(caching_page_default));
4178			memcpy(&lun->mode_pages.caching_page[
4179			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4180			       sizeof(caching_page_changeable));
4181			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4182			       &caching_page_default,
4183			       sizeof(caching_page_default));
4184			caching_page = &lun->mode_pages.caching_page[
4185			    CTL_PAGE_SAVED];
4186			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4187			if (value != NULL && strcmp(value, "off") == 0)
4188				caching_page->flags1 &= ~SCP_WCE;
4189			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4190			if (value != NULL && strcmp(value, "off") == 0)
4191				caching_page->flags1 |= SCP_RCD;
4192			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4193			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4194			       sizeof(caching_page_default));
4195			page_index->page_data =
4196				(uint8_t *)lun->mode_pages.caching_page;
4197			break;
4198		}
4199		case SMS_CONTROL_MODE_PAGE: {
4200			struct scsi_control_page *control_page;
4201
4202			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4203				panic("invalid subpage value %d",
4204				      page_index->subpage);
4205
4206			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4207			       &control_page_default,
4208			       sizeof(control_page_default));
4209			memcpy(&lun->mode_pages.control_page[
4210			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4211			       sizeof(control_page_changeable));
4212			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4213			       &control_page_default,
4214			       sizeof(control_page_default));
4215			control_page = &lun->mode_pages.control_page[
4216			    CTL_PAGE_SAVED];
4217			value = ctl_get_opt(&lun->be_lun->options, "reordering");
4218			if (value != NULL && strcmp(value, "unrestricted") == 0) {
4219				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
4220				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
4221			}
4222			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4223			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
4224			       sizeof(control_page_default));
4225			page_index->page_data =
4226				(uint8_t *)lun->mode_pages.control_page;
4227			break;
4228
4229		}
4230		case SMS_INFO_EXCEPTIONS_PAGE: {
4231			switch (page_index->subpage) {
4232			case SMS_SUBPAGE_PAGE_0:
4233				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4234				       &ie_page_default,
4235				       sizeof(ie_page_default));
4236				memcpy(&lun->mode_pages.ie_page[
4237				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4238				       sizeof(ie_page_changeable));
4239				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4240				       &ie_page_default,
4241				       sizeof(ie_page_default));
4242				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4243				       &ie_page_default,
4244				       sizeof(ie_page_default));
4245				page_index->page_data =
4246					(uint8_t *)lun->mode_pages.ie_page;
4247				break;
4248			case 0x02:
4249				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4250				       &lbp_page_default,
4251				       sizeof(lbp_page_default));
4252				memcpy(&lun->mode_pages.lbp_page[
4253				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4254				       sizeof(lbp_page_changeable));
4255				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4256				       &lbp_page_default,
4257				       sizeof(lbp_page_default));
4258				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4259				       &lbp_page_default,
4260				       sizeof(lbp_page_default));
4261				page_index->page_data =
4262					(uint8_t *)lun->mode_pages.lbp_page;
4263			}
4264			break;
4265		}
4266		case SMS_VENDOR_SPECIFIC_PAGE:{
4267			switch (page_index->subpage) {
4268			case DBGCNF_SUBPAGE_CODE: {
4269				struct copan_debugconf_subpage *current_page,
4270							       *saved_page;
4271
4272				memcpy(&lun->mode_pages.debugconf_subpage[
4273				       CTL_PAGE_CURRENT],
4274				       &debugconf_page_default,
4275				       sizeof(debugconf_page_default));
4276				memcpy(&lun->mode_pages.debugconf_subpage[
4277				       CTL_PAGE_CHANGEABLE],
4278				       &debugconf_page_changeable,
4279				       sizeof(debugconf_page_changeable));
4280				memcpy(&lun->mode_pages.debugconf_subpage[
4281				       CTL_PAGE_DEFAULT],
4282				       &debugconf_page_default,
4283				       sizeof(debugconf_page_default));
4284				memcpy(&lun->mode_pages.debugconf_subpage[
4285				       CTL_PAGE_SAVED],
4286				       &debugconf_page_default,
4287				       sizeof(debugconf_page_default));
4288				page_index->page_data =
4289					(uint8_t *)lun->mode_pages.debugconf_subpage;
4290
4291				current_page = (struct copan_debugconf_subpage *)
4292					(page_index->page_data +
4293					 (page_index->page_len *
4294					  CTL_PAGE_CURRENT));
4295				saved_page = (struct copan_debugconf_subpage *)
4296					(page_index->page_data +
4297					 (page_index->page_len *
4298					  CTL_PAGE_SAVED));
4299				break;
4300			}
4301			default:
4302				panic("invalid subpage value %d",
4303				      page_index->subpage);
4304				break;
4305			}
4306   			break;
4307		}
4308		default:
4309			panic("invalid page value %d",
4310			      page_index->page_code & SMPH_PC_MASK);
4311			break;
4312    	}
4313	}
4314
4315	return (CTL_RETVAL_COMPLETE);
4316}
4317
4318static int
4319ctl_init_log_page_index(struct ctl_lun *lun)
4320{
4321	struct ctl_page_index *page_index;
4322	int i, j, prev;
4323
4324	memcpy(&lun->log_pages.index, log_page_index_template,
4325	       sizeof(log_page_index_template));
4326
4327	prev = -1;
4328	for (i = 0, j = 0; i < CTL_NUM_LOG_PAGES; i++) {
4329
4330		page_index = &lun->log_pages.index[i];
4331		/*
4332		 * If this is a disk-only mode page, there's no point in
4333		 * setting it up.  For some pages, we have to have some
4334		 * basic information about the disk in order to calculate the
4335		 * mode page data.
4336		 */
4337		if ((lun->be_lun->lun_type != T_DIRECT)
4338		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4339			continue;
4340
4341		if (page_index->page_code != prev) {
4342			lun->log_pages.pages_page[j] = page_index->page_code;
4343			prev = page_index->page_code;
4344			j++;
4345		}
4346		lun->log_pages.subpages_page[i*2] = page_index->page_code;
4347		lun->log_pages.subpages_page[i*2+1] = page_index->subpage;
4348	}
4349	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4350	lun->log_pages.index[0].page_len = j;
4351	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4352	lun->log_pages.index[1].page_len = i * 2;
4353
4354	return (CTL_RETVAL_COMPLETE);
4355}
4356
4357static int
4358hex2bin(const char *str, uint8_t *buf, int buf_size)
4359{
4360	int i;
4361	u_char c;
4362
4363	memset(buf, 0, buf_size);
4364	while (isspace(str[0]))
4365		str++;
4366	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4367		str += 2;
4368	buf_size *= 2;
4369	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4370		c = str[i];
4371		if (isdigit(c))
4372			c -= '0';
4373		else if (isalpha(c))
4374			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4375		else
4376			break;
4377		if (c >= 16)
4378			break;
4379		if ((i & 1) == 0)
4380			buf[i / 2] |= (c << 4);
4381		else
4382			buf[i / 2] |= c;
4383	}
4384	return ((i + 1) / 2);
4385}
4386
4387/*
4388 * LUN allocation.
4389 *
4390 * Requirements:
4391 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4392 *   wants us to allocate the LUN and he can block.
4393 * - ctl_softc is always set
4394 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4395 *
4396 * Returns 0 for success, non-zero (errno) for failure.
4397 */
4398static int
4399ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4400	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4401{
4402	struct ctl_lun *nlun, *lun;
4403	struct ctl_port *port;
4404	struct scsi_vpd_id_descriptor *desc;
4405	struct scsi_vpd_id_t10 *t10id;
4406	const char *eui, *naa, *scsiname, *vendor, *value;
4407	int lun_number, i, lun_malloced;
4408	int devidlen, idlen1, idlen2 = 0, len;
4409
4410	if (be_lun == NULL)
4411		return (EINVAL);
4412
4413	/*
4414	 * We currently only support Direct Access or Processor LUN types.
4415	 */
4416	switch (be_lun->lun_type) {
4417	case T_DIRECT:
4418		break;
4419	case T_PROCESSOR:
4420		break;
4421	case T_SEQUENTIAL:
4422	case T_CHANGER:
4423	default:
4424		be_lun->lun_config_status(be_lun->be_lun,
4425					  CTL_LUN_CONFIG_FAILURE);
4426		break;
4427	}
4428	if (ctl_lun == NULL) {
4429		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4430		lun_malloced = 1;
4431	} else {
4432		lun_malloced = 0;
4433		lun = ctl_lun;
4434	}
4435
4436	memset(lun, 0, sizeof(*lun));
4437	if (lun_malloced)
4438		lun->flags = CTL_LUN_MALLOCED;
4439
4440	/* Generate LUN ID. */
4441	devidlen = max(CTL_DEVID_MIN_LEN,
4442	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4443	idlen1 = sizeof(*t10id) + devidlen;
4444	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4445	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4446	if (scsiname != NULL) {
4447		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4448		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4449	}
4450	eui = ctl_get_opt(&be_lun->options, "eui");
4451	if (eui != NULL) {
4452		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4453	}
4454	naa = ctl_get_opt(&be_lun->options, "naa");
4455	if (naa != NULL) {
4456		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4457	}
4458	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4459	    M_CTL, M_WAITOK | M_ZERO);
4460	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4461	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4462	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4463	desc->length = idlen1;
4464	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4465	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4466	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4467		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4468	} else {
4469		strncpy(t10id->vendor, vendor,
4470		    min(sizeof(t10id->vendor), strlen(vendor)));
4471	}
4472	strncpy((char *)t10id->vendor_spec_id,
4473	    (char *)be_lun->device_id, devidlen);
4474	if (scsiname != NULL) {
4475		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4476		    desc->length);
4477		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4478		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4479		    SVPD_ID_TYPE_SCSI_NAME;
4480		desc->length = idlen2;
4481		strlcpy(desc->identifier, scsiname, idlen2);
4482	}
4483	if (eui != NULL) {
4484		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4485		    desc->length);
4486		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4487		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4488		    SVPD_ID_TYPE_EUI64;
4489		desc->length = hex2bin(eui, desc->identifier, 16);
4490		desc->length = desc->length > 12 ? 16 :
4491		    (desc->length > 8 ? 12 : 8);
4492		len -= 16 - desc->length;
4493	}
4494	if (naa != NULL) {
4495		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4496		    desc->length);
4497		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4498		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4499		    SVPD_ID_TYPE_NAA;
4500		desc->length = hex2bin(naa, desc->identifier, 16);
4501		desc->length = desc->length > 8 ? 16 : 8;
4502		len -= 16 - desc->length;
4503	}
4504	lun->lun_devid->len = len;
4505
4506	mtx_lock(&ctl_softc->ctl_lock);
4507	/*
4508	 * See if the caller requested a particular LUN number.  If so, see
4509	 * if it is available.  Otherwise, allocate the first available LUN.
4510	 */
4511	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4512		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4513		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4514			mtx_unlock(&ctl_softc->ctl_lock);
4515			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4516				printf("ctl: requested LUN ID %d is higher "
4517				       "than CTL_MAX_LUNS - 1 (%d)\n",
4518				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4519			} else {
4520				/*
4521				 * XXX KDM return an error, or just assign
4522				 * another LUN ID in this case??
4523				 */
4524				printf("ctl: requested LUN ID %d is already "
4525				       "in use\n", be_lun->req_lun_id);
4526			}
4527			if (lun->flags & CTL_LUN_MALLOCED)
4528				free(lun, M_CTL);
4529			be_lun->lun_config_status(be_lun->be_lun,
4530						  CTL_LUN_CONFIG_FAILURE);
4531			return (ENOSPC);
4532		}
4533		lun_number = be_lun->req_lun_id;
4534	} else {
4535		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4536		if (lun_number == -1) {
4537			mtx_unlock(&ctl_softc->ctl_lock);
4538			printf("ctl: can't allocate LUN on target %ju, out of "
4539			       "LUNs\n", (uintmax_t)target_id.id);
4540			if (lun->flags & CTL_LUN_MALLOCED)
4541				free(lun, M_CTL);
4542			be_lun->lun_config_status(be_lun->be_lun,
4543						  CTL_LUN_CONFIG_FAILURE);
4544			return (ENOSPC);
4545		}
4546	}
4547	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4548
4549	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4550	lun->target = target_id;
4551	lun->lun = lun_number;
4552	lun->be_lun = be_lun;
4553	/*
4554	 * The processor LUN is always enabled.  Disk LUNs come on line
4555	 * disabled, and must be enabled by the backend.
4556	 */
4557	lun->flags |= CTL_LUN_DISABLED;
4558	lun->backend = be_lun->be;
4559	be_lun->ctl_lun = lun;
4560	be_lun->lun_id = lun_number;
4561	atomic_add_int(&be_lun->be->num_luns, 1);
4562	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4563		lun->flags |= CTL_LUN_OFFLINE;
4564
4565	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4566		lun->flags |= CTL_LUN_STOPPED;
4567
4568	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4569		lun->flags |= CTL_LUN_INOPERABLE;
4570
4571	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4572		lun->flags |= CTL_LUN_PRIMARY_SC;
4573
4574	value = ctl_get_opt(&be_lun->options, "readonly");
4575	if (value != NULL && strcmp(value, "on") == 0)
4576		lun->flags |= CTL_LUN_READONLY;
4577
4578	lun->ctl_softc = ctl_softc;
4579	TAILQ_INIT(&lun->ooa_queue);
4580	TAILQ_INIT(&lun->blocked_queue);
4581	STAILQ_INIT(&lun->error_list);
4582	ctl_tpc_lun_init(lun);
4583
4584	/*
4585	 * Initialize the mode and log page index.
4586	 */
4587	ctl_init_page_index(lun);
4588	ctl_init_log_page_index(lun);
4589
4590	/*
4591	 * Set the poweron UA for all initiators on this LUN only.
4592	 */
4593	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4594		lun->pending_ua[i] = CTL_UA_POWERON;
4595
4596	/*
4597	 * Now, before we insert this lun on the lun list, set the lun
4598	 * inventory changed UA for all other luns.
4599	 */
4600	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4601		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4602			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4603		}
4604	}
4605
4606	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4607
4608	ctl_softc->ctl_luns[lun_number] = lun;
4609
4610	ctl_softc->num_luns++;
4611
4612	/* Setup statistics gathering */
4613	lun->stats.device_type = be_lun->lun_type;
4614	lun->stats.lun_number = lun_number;
4615	if (lun->stats.device_type == T_DIRECT)
4616		lun->stats.blocksize = be_lun->blocksize;
4617	else
4618		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4619	for (i = 0;i < CTL_MAX_PORTS;i++)
4620		lun->stats.ports[i].targ_port = i;
4621
4622	mtx_unlock(&ctl_softc->ctl_lock);
4623
4624	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4625
4626	/*
4627	 * Run through each registered FETD and bring it online if it isn't
4628	 * already.  Enable the target ID if it hasn't been enabled, and
4629	 * enable this particular LUN.
4630	 */
4631	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4632		int retval;
4633
4634		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4635		if (retval != 0) {
4636			printf("ctl_alloc_lun: FETD %s port %d returned error "
4637			       "%d for lun_enable on target %ju lun %d\n",
4638			       port->port_name, port->targ_port, retval,
4639			       (uintmax_t)target_id.id, lun_number);
4640		} else
4641			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4642	}
4643	return (0);
4644}
4645
4646/*
4647 * Delete a LUN.
4648 * Assumptions:
4649 * - LUN has already been marked invalid and any pending I/O has been taken
4650 *   care of.
4651 */
4652static int
4653ctl_free_lun(struct ctl_lun *lun)
4654{
4655	struct ctl_softc *softc;
4656#if 0
4657	struct ctl_port *port;
4658#endif
4659	struct ctl_lun *nlun;
4660	int i;
4661
4662	softc = lun->ctl_softc;
4663
4664	mtx_assert(&softc->ctl_lock, MA_OWNED);
4665
4666	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4667
4668	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4669
4670	softc->ctl_luns[lun->lun] = NULL;
4671
4672	if (!TAILQ_EMPTY(&lun->ooa_queue))
4673		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4674
4675	softc->num_luns--;
4676
4677	/*
4678	 * XXX KDM this scheme only works for a single target/multiple LUN
4679	 * setup.  It needs to be revamped for a multiple target scheme.
4680	 *
4681	 * XXX KDM this results in port->lun_disable() getting called twice,
4682	 * once when ctl_disable_lun() is called, and a second time here.
4683	 * We really need to re-think the LUN disable semantics.  There
4684	 * should probably be several steps/levels to LUN removal:
4685	 *  - disable
4686	 *  - invalidate
4687	 *  - free
4688 	 *
4689	 * Right now we only have a disable method when communicating to
4690	 * the front end ports, at least for individual LUNs.
4691	 */
4692#if 0
4693	STAILQ_FOREACH(port, &softc->port_list, links) {
4694		int retval;
4695
4696		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4697					 lun->lun);
4698		if (retval != 0) {
4699			printf("ctl_free_lun: FETD %s port %d returned error "
4700			       "%d for lun_disable on target %ju lun %jd\n",
4701			       port->port_name, port->targ_port, retval,
4702			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4703		}
4704
4705		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4706			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4707
4708			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4709			if (retval != 0) {
4710				printf("ctl_free_lun: FETD %s port %d "
4711				       "returned error %d for targ_disable on "
4712				       "target %ju\n", port->port_name,
4713				       port->targ_port, retval,
4714				       (uintmax_t)lun->target.id);
4715			} else
4716				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4717
4718			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4719				continue;
4720
4721#if 0
4722			port->port_offline(port->onoff_arg);
4723			port->status &= ~CTL_PORT_STATUS_ONLINE;
4724#endif
4725		}
4726	}
4727#endif
4728
4729	/*
4730	 * Tell the backend to free resources, if this LUN has a backend.
4731	 */
4732	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4733	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4734
4735	ctl_tpc_lun_shutdown(lun);
4736	mtx_destroy(&lun->lun_lock);
4737	free(lun->lun_devid, M_CTL);
4738	free(lun->write_buffer, M_CTL);
4739	if (lun->flags & CTL_LUN_MALLOCED)
4740		free(lun, M_CTL);
4741
4742	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4743		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4744			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4745		}
4746	}
4747
4748	return (0);
4749}
4750
4751static void
4752ctl_create_lun(struct ctl_be_lun *be_lun)
4753{
4754	struct ctl_softc *ctl_softc;
4755
4756	ctl_softc = control_softc;
4757
4758	/*
4759	 * ctl_alloc_lun() should handle all potential failure cases.
4760	 */
4761	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4762}
4763
4764int
4765ctl_add_lun(struct ctl_be_lun *be_lun)
4766{
4767	struct ctl_softc *ctl_softc = control_softc;
4768
4769	mtx_lock(&ctl_softc->ctl_lock);
4770	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4771	mtx_unlock(&ctl_softc->ctl_lock);
4772	wakeup(&ctl_softc->pending_lun_queue);
4773
4774	return (0);
4775}
4776
4777int
4778ctl_enable_lun(struct ctl_be_lun *be_lun)
4779{
4780	struct ctl_softc *ctl_softc;
4781	struct ctl_port *port, *nport;
4782	struct ctl_lun *lun;
4783	int retval;
4784
4785	ctl_softc = control_softc;
4786
4787	lun = (struct ctl_lun *)be_lun->ctl_lun;
4788
4789	mtx_lock(&ctl_softc->ctl_lock);
4790	mtx_lock(&lun->lun_lock);
4791	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4792		/*
4793		 * eh?  Why did we get called if the LUN is already
4794		 * enabled?
4795		 */
4796		mtx_unlock(&lun->lun_lock);
4797		mtx_unlock(&ctl_softc->ctl_lock);
4798		return (0);
4799	}
4800	lun->flags &= ~CTL_LUN_DISABLED;
4801	mtx_unlock(&lun->lun_lock);
4802
4803	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
4804		nport = STAILQ_NEXT(port, links);
4805
4806		/*
4807		 * Drop the lock while we call the FETD's enable routine.
4808		 * This can lead to a callback into CTL (at least in the
4809		 * case of the internal initiator frontend.
4810		 */
4811		mtx_unlock(&ctl_softc->ctl_lock);
4812		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4813		mtx_lock(&ctl_softc->ctl_lock);
4814		if (retval != 0) {
4815			printf("%s: FETD %s port %d returned error "
4816			       "%d for lun_enable on target %ju lun %jd\n",
4817			       __func__, port->port_name, port->targ_port, retval,
4818			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4819		}
4820#if 0
4821		 else {
4822            /* NOTE:  TODO:  why does lun enable affect port status? */
4823			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4824		}
4825#endif
4826	}
4827
4828	mtx_unlock(&ctl_softc->ctl_lock);
4829
4830	return (0);
4831}
4832
4833int
4834ctl_disable_lun(struct ctl_be_lun *be_lun)
4835{
4836	struct ctl_softc *ctl_softc;
4837	struct ctl_port *port;
4838	struct ctl_lun *lun;
4839	int retval;
4840
4841	ctl_softc = control_softc;
4842
4843	lun = (struct ctl_lun *)be_lun->ctl_lun;
4844
4845	mtx_lock(&ctl_softc->ctl_lock);
4846	mtx_lock(&lun->lun_lock);
4847	if (lun->flags & CTL_LUN_DISABLED) {
4848		mtx_unlock(&lun->lun_lock);
4849		mtx_unlock(&ctl_softc->ctl_lock);
4850		return (0);
4851	}
4852	lun->flags |= CTL_LUN_DISABLED;
4853	mtx_unlock(&lun->lun_lock);
4854
4855	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4856		mtx_unlock(&ctl_softc->ctl_lock);
4857		/*
4858		 * Drop the lock before we call the frontend's disable
4859		 * routine, to avoid lock order reversals.
4860		 *
4861		 * XXX KDM what happens if the frontend list changes while
4862		 * we're traversing it?  It's unlikely, but should be handled.
4863		 */
4864		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4865					 lun->lun);
4866		mtx_lock(&ctl_softc->ctl_lock);
4867		if (retval != 0) {
4868			printf("ctl_alloc_lun: FETD %s port %d returned error "
4869			       "%d for lun_disable on target %ju lun %jd\n",
4870			       port->port_name, port->targ_port, retval,
4871			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4872		}
4873	}
4874
4875	mtx_unlock(&ctl_softc->ctl_lock);
4876
4877	return (0);
4878}
4879
4880int
4881ctl_start_lun(struct ctl_be_lun *be_lun)
4882{
4883	struct ctl_softc *ctl_softc;
4884	struct ctl_lun *lun;
4885
4886	ctl_softc = control_softc;
4887
4888	lun = (struct ctl_lun *)be_lun->ctl_lun;
4889
4890	mtx_lock(&lun->lun_lock);
4891	lun->flags &= ~CTL_LUN_STOPPED;
4892	mtx_unlock(&lun->lun_lock);
4893
4894	return (0);
4895}
4896
4897int
4898ctl_stop_lun(struct ctl_be_lun *be_lun)
4899{
4900	struct ctl_softc *ctl_softc;
4901	struct ctl_lun *lun;
4902
4903	ctl_softc = control_softc;
4904
4905	lun = (struct ctl_lun *)be_lun->ctl_lun;
4906
4907	mtx_lock(&lun->lun_lock);
4908	lun->flags |= CTL_LUN_STOPPED;
4909	mtx_unlock(&lun->lun_lock);
4910
4911	return (0);
4912}
4913
4914int
4915ctl_lun_offline(struct ctl_be_lun *be_lun)
4916{
4917	struct ctl_softc *ctl_softc;
4918	struct ctl_lun *lun;
4919
4920	ctl_softc = control_softc;
4921
4922	lun = (struct ctl_lun *)be_lun->ctl_lun;
4923
4924	mtx_lock(&lun->lun_lock);
4925	lun->flags |= CTL_LUN_OFFLINE;
4926	mtx_unlock(&lun->lun_lock);
4927
4928	return (0);
4929}
4930
4931int
4932ctl_lun_online(struct ctl_be_lun *be_lun)
4933{
4934	struct ctl_softc *ctl_softc;
4935	struct ctl_lun *lun;
4936
4937	ctl_softc = control_softc;
4938
4939	lun = (struct ctl_lun *)be_lun->ctl_lun;
4940
4941	mtx_lock(&lun->lun_lock);
4942	lun->flags &= ~CTL_LUN_OFFLINE;
4943	mtx_unlock(&lun->lun_lock);
4944
4945	return (0);
4946}
4947
4948int
4949ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4950{
4951	struct ctl_softc *ctl_softc;
4952	struct ctl_lun *lun;
4953
4954	ctl_softc = control_softc;
4955
4956	lun = (struct ctl_lun *)be_lun->ctl_lun;
4957
4958	mtx_lock(&lun->lun_lock);
4959
4960	/*
4961	 * The LUN needs to be disabled before it can be marked invalid.
4962	 */
4963	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4964		mtx_unlock(&lun->lun_lock);
4965		return (-1);
4966	}
4967	/*
4968	 * Mark the LUN invalid.
4969	 */
4970	lun->flags |= CTL_LUN_INVALID;
4971
4972	/*
4973	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4974	 * If we have something in the OOA queue, we'll free it when the
4975	 * last I/O completes.
4976	 */
4977	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4978		mtx_unlock(&lun->lun_lock);
4979		mtx_lock(&ctl_softc->ctl_lock);
4980		ctl_free_lun(lun);
4981		mtx_unlock(&ctl_softc->ctl_lock);
4982	} else
4983		mtx_unlock(&lun->lun_lock);
4984
4985	return (0);
4986}
4987
4988int
4989ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4990{
4991	struct ctl_softc *ctl_softc;
4992	struct ctl_lun *lun;
4993
4994	ctl_softc = control_softc;
4995	lun = (struct ctl_lun *)be_lun->ctl_lun;
4996
4997	mtx_lock(&lun->lun_lock);
4998	lun->flags |= CTL_LUN_INOPERABLE;
4999	mtx_unlock(&lun->lun_lock);
5000
5001	return (0);
5002}
5003
5004int
5005ctl_lun_operable(struct ctl_be_lun *be_lun)
5006{
5007	struct ctl_softc *ctl_softc;
5008	struct ctl_lun *lun;
5009
5010	ctl_softc = control_softc;
5011	lun = (struct ctl_lun *)be_lun->ctl_lun;
5012
5013	mtx_lock(&lun->lun_lock);
5014	lun->flags &= ~CTL_LUN_INOPERABLE;
5015	mtx_unlock(&lun->lun_lock);
5016
5017	return (0);
5018}
5019
5020void
5021ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5022{
5023	struct ctl_lun *lun;
5024	struct ctl_softc *softc;
5025	int i;
5026
5027	softc = control_softc;
5028
5029	lun = (struct ctl_lun *)be_lun->ctl_lun;
5030
5031	mtx_lock(&lun->lun_lock);
5032
5033	for (i = 0; i < CTL_MAX_INITIATORS; i++)
5034		lun->pending_ua[i] |= CTL_UA_CAPACITY_CHANGED;
5035
5036	mtx_unlock(&lun->lun_lock);
5037}
5038
5039/*
5040 * Backend "memory move is complete" callback for requests that never
5041 * make it down to say RAIDCore's configuration code.
5042 */
5043int
5044ctl_config_move_done(union ctl_io *io)
5045{
5046	int retval;
5047
5048	retval = CTL_RETVAL_COMPLETE;
5049
5050
5051	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5052	/*
5053	 * XXX KDM this shouldn't happen, but what if it does?
5054	 */
5055	if (io->io_hdr.io_type != CTL_IO_SCSI)
5056		panic("I/O type isn't CTL_IO_SCSI!");
5057
5058	if ((io->io_hdr.port_status == 0)
5059	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5060	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
5061		io->io_hdr.status = CTL_SUCCESS;
5062	else if ((io->io_hdr.port_status != 0)
5063	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5064	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
5065		/*
5066		 * For hardware error sense keys, the sense key
5067		 * specific value is defined to be a retry count,
5068		 * but we use it to pass back an internal FETD
5069		 * error code.  XXX KDM  Hopefully the FETD is only
5070		 * using 16 bits for an error code, since that's
5071		 * all the space we have in the sks field.
5072		 */
5073		ctl_set_internal_failure(&io->scsiio,
5074					 /*sks_valid*/ 1,
5075					 /*retry_count*/
5076					 io->io_hdr.port_status);
5077		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5078			free(io->scsiio.kern_data_ptr, M_CTL);
5079		ctl_done(io);
5080		goto bailout;
5081	}
5082
5083	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
5084	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
5085	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5086		/*
5087		 * XXX KDM just assuming a single pointer here, and not a
5088		 * S/G list.  If we start using S/G lists for config data,
5089		 * we'll need to know how to clean them up here as well.
5090		 */
5091		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5092			free(io->scsiio.kern_data_ptr, M_CTL);
5093		/* Hopefully the user has already set the status... */
5094		ctl_done(io);
5095	} else {
5096		/*
5097		 * XXX KDM now we need to continue data movement.  Some
5098		 * options:
5099		 * - call ctl_scsiio() again?  We don't do this for data
5100		 *   writes, because for those at least we know ahead of
5101		 *   time where the write will go and how long it is.  For
5102		 *   config writes, though, that information is largely
5103		 *   contained within the write itself, thus we need to
5104		 *   parse out the data again.
5105		 *
5106		 * - Call some other function once the data is in?
5107		 */
5108		if (ctl_debug & CTL_DEBUG_CDB_DATA)
5109			ctl_data_print(io);
5110
5111		/*
5112		 * XXX KDM call ctl_scsiio() again for now, and check flag
5113		 * bits to see whether we're allocated or not.
5114		 */
5115		retval = ctl_scsiio(&io->scsiio);
5116	}
5117bailout:
5118	return (retval);
5119}
5120
5121/*
5122 * This gets called by a backend driver when it is done with a
5123 * data_submit method.
5124 */
5125void
5126ctl_data_submit_done(union ctl_io *io)
5127{
5128	/*
5129	 * If the IO_CONT flag is set, we need to call the supplied
5130	 * function to continue processing the I/O, instead of completing
5131	 * the I/O just yet.
5132	 *
5133	 * If there is an error, though, we don't want to keep processing.
5134	 * Instead, just send status back to the initiator.
5135	 */
5136	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5137	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5138	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5139	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5140		io->scsiio.io_cont(io);
5141		return;
5142	}
5143	ctl_done(io);
5144}
5145
5146/*
5147 * This gets called by a backend driver when it is done with a
5148 * configuration write.
5149 */
5150void
5151ctl_config_write_done(union ctl_io *io)
5152{
5153	uint8_t *buf;
5154
5155	/*
5156	 * If the IO_CONT flag is set, we need to call the supplied
5157	 * function to continue processing the I/O, instead of completing
5158	 * the I/O just yet.
5159	 *
5160	 * If there is an error, though, we don't want to keep processing.
5161	 * Instead, just send status back to the initiator.
5162	 */
5163	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5164	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5165	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5166	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5167		io->scsiio.io_cont(io);
5168		return;
5169	}
5170	/*
5171	 * Since a configuration write can be done for commands that actually
5172	 * have data allocated, like write buffer, and commands that have
5173	 * no data, like start/stop unit, we need to check here.
5174	 */
5175	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5176		buf = io->scsiio.kern_data_ptr;
5177	else
5178		buf = NULL;
5179	ctl_done(io);
5180	if (buf)
5181		free(buf, M_CTL);
5182}
5183
5184/*
5185 * SCSI release command.
5186 */
5187int
5188ctl_scsi_release(struct ctl_scsiio *ctsio)
5189{
5190	int length, longid, thirdparty_id, resv_id;
5191	struct ctl_softc *ctl_softc;
5192	struct ctl_lun *lun;
5193	uint32_t residx;
5194
5195	length = 0;
5196	resv_id = 0;
5197
5198	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5199
5200	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5201	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5202	ctl_softc = control_softc;
5203
5204	switch (ctsio->cdb[0]) {
5205	case RELEASE_10: {
5206		struct scsi_release_10 *cdb;
5207
5208		cdb = (struct scsi_release_10 *)ctsio->cdb;
5209
5210		if (cdb->byte2 & SR10_LONGID)
5211			longid = 1;
5212		else
5213			thirdparty_id = cdb->thirdparty_id;
5214
5215		resv_id = cdb->resv_id;
5216		length = scsi_2btoul(cdb->length);
5217		break;
5218	}
5219	}
5220
5221
5222	/*
5223	 * XXX KDM right now, we only support LUN reservation.  We don't
5224	 * support 3rd party reservations, or extent reservations, which
5225	 * might actually need the parameter list.  If we've gotten this
5226	 * far, we've got a LUN reservation.  Anything else got kicked out
5227	 * above.  So, according to SPC, ignore the length.
5228	 */
5229	length = 0;
5230
5231	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5232	 && (length > 0)) {
5233		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5234		ctsio->kern_data_len = length;
5235		ctsio->kern_total_len = length;
5236		ctsio->kern_data_resid = 0;
5237		ctsio->kern_rel_offset = 0;
5238		ctsio->kern_sg_entries = 0;
5239		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5240		ctsio->be_move_done = ctl_config_move_done;
5241		ctl_datamove((union ctl_io *)ctsio);
5242
5243		return (CTL_RETVAL_COMPLETE);
5244	}
5245
5246	if (length > 0)
5247		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5248
5249	mtx_lock(&lun->lun_lock);
5250
5251	/*
5252	 * According to SPC, it is not an error for an intiator to attempt
5253	 * to release a reservation on a LUN that isn't reserved, or that
5254	 * is reserved by another initiator.  The reservation can only be
5255	 * released, though, by the initiator who made it or by one of
5256	 * several reset type events.
5257	 */
5258	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5259			lun->flags &= ~CTL_LUN_RESERVED;
5260
5261	mtx_unlock(&lun->lun_lock);
5262
5263	ctsio->scsi_status = SCSI_STATUS_OK;
5264	ctsio->io_hdr.status = CTL_SUCCESS;
5265
5266	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5267		free(ctsio->kern_data_ptr, M_CTL);
5268		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5269	}
5270
5271	ctl_done((union ctl_io *)ctsio);
5272	return (CTL_RETVAL_COMPLETE);
5273}
5274
5275int
5276ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5277{
5278	int extent, thirdparty, longid;
5279	int resv_id, length;
5280	uint64_t thirdparty_id;
5281	struct ctl_softc *ctl_softc;
5282	struct ctl_lun *lun;
5283	uint32_t residx;
5284
5285	extent = 0;
5286	thirdparty = 0;
5287	longid = 0;
5288	resv_id = 0;
5289	length = 0;
5290	thirdparty_id = 0;
5291
5292	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5293
5294	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5295	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5296	ctl_softc = control_softc;
5297
5298	switch (ctsio->cdb[0]) {
5299	case RESERVE_10: {
5300		struct scsi_reserve_10 *cdb;
5301
5302		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5303
5304		if (cdb->byte2 & SR10_LONGID)
5305			longid = 1;
5306		else
5307			thirdparty_id = cdb->thirdparty_id;
5308
5309		resv_id = cdb->resv_id;
5310		length = scsi_2btoul(cdb->length);
5311		break;
5312	}
5313	}
5314
5315	/*
5316	 * XXX KDM right now, we only support LUN reservation.  We don't
5317	 * support 3rd party reservations, or extent reservations, which
5318	 * might actually need the parameter list.  If we've gotten this
5319	 * far, we've got a LUN reservation.  Anything else got kicked out
5320	 * above.  So, according to SPC, ignore the length.
5321	 */
5322	length = 0;
5323
5324	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5325	 && (length > 0)) {
5326		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5327		ctsio->kern_data_len = length;
5328		ctsio->kern_total_len = length;
5329		ctsio->kern_data_resid = 0;
5330		ctsio->kern_rel_offset = 0;
5331		ctsio->kern_sg_entries = 0;
5332		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5333		ctsio->be_move_done = ctl_config_move_done;
5334		ctl_datamove((union ctl_io *)ctsio);
5335
5336		return (CTL_RETVAL_COMPLETE);
5337	}
5338
5339	if (length > 0)
5340		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5341
5342	mtx_lock(&lun->lun_lock);
5343	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5344		ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
5345		ctsio->io_hdr.status = CTL_SCSI_ERROR;
5346		goto bailout;
5347	}
5348
5349	lun->flags |= CTL_LUN_RESERVED;
5350	lun->res_idx = residx;
5351
5352	ctsio->scsi_status = SCSI_STATUS_OK;
5353	ctsio->io_hdr.status = CTL_SUCCESS;
5354
5355bailout:
5356	mtx_unlock(&lun->lun_lock);
5357
5358	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5359		free(ctsio->kern_data_ptr, M_CTL);
5360		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5361	}
5362
5363	ctl_done((union ctl_io *)ctsio);
5364	return (CTL_RETVAL_COMPLETE);
5365}
5366
5367int
5368ctl_start_stop(struct ctl_scsiio *ctsio)
5369{
5370	struct scsi_start_stop_unit *cdb;
5371	struct ctl_lun *lun;
5372	struct ctl_softc *ctl_softc;
5373	int retval;
5374
5375	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5376
5377	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5378	ctl_softc = control_softc;
5379	retval = 0;
5380
5381	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5382
5383	/*
5384	 * XXX KDM
5385	 * We don't support the immediate bit on a stop unit.  In order to
5386	 * do that, we would need to code up a way to know that a stop is
5387	 * pending, and hold off any new commands until it completes, one
5388	 * way or another.  Then we could accept or reject those commands
5389	 * depending on its status.  We would almost need to do the reverse
5390	 * of what we do below for an immediate start -- return the copy of
5391	 * the ctl_io to the FETD with status to send to the host (and to
5392	 * free the copy!) and then free the original I/O once the stop
5393	 * actually completes.  That way, the OOA queue mechanism can work
5394	 * to block commands that shouldn't proceed.  Another alternative
5395	 * would be to put the copy in the queue in place of the original,
5396	 * and return the original back to the caller.  That could be
5397	 * slightly safer..
5398	 */
5399	if ((cdb->byte2 & SSS_IMMED)
5400	 && ((cdb->how & SSS_START) == 0)) {
5401		ctl_set_invalid_field(ctsio,
5402				      /*sks_valid*/ 1,
5403				      /*command*/ 1,
5404				      /*field*/ 1,
5405				      /*bit_valid*/ 1,
5406				      /*bit*/ 0);
5407		ctl_done((union ctl_io *)ctsio);
5408		return (CTL_RETVAL_COMPLETE);
5409	}
5410
5411	if ((lun->flags & CTL_LUN_PR_RESERVED)
5412	 && ((cdb->how & SSS_START)==0)) {
5413		uint32_t residx;
5414
5415		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5416		if (lun->pr_keys[residx] == 0
5417		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5418
5419			ctl_set_reservation_conflict(ctsio);
5420			ctl_done((union ctl_io *)ctsio);
5421			return (CTL_RETVAL_COMPLETE);
5422		}
5423	}
5424
5425	/*
5426	 * If there is no backend on this device, we can't start or stop
5427	 * it.  In theory we shouldn't get any start/stop commands in the
5428	 * first place at this level if the LUN doesn't have a backend.
5429	 * That should get stopped by the command decode code.
5430	 */
5431	if (lun->backend == NULL) {
5432		ctl_set_invalid_opcode(ctsio);
5433		ctl_done((union ctl_io *)ctsio);
5434		return (CTL_RETVAL_COMPLETE);
5435	}
5436
5437	/*
5438	 * XXX KDM Copan-specific offline behavior.
5439	 * Figure out a reasonable way to port this?
5440	 */
5441#ifdef NEEDTOPORT
5442	mtx_lock(&lun->lun_lock);
5443
5444	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5445	 && (lun->flags & CTL_LUN_OFFLINE)) {
5446		/*
5447		 * If the LUN is offline, and the on/offline bit isn't set,
5448		 * reject the start or stop.  Otherwise, let it through.
5449		 */
5450		mtx_unlock(&lun->lun_lock);
5451		ctl_set_lun_not_ready(ctsio);
5452		ctl_done((union ctl_io *)ctsio);
5453	} else {
5454		mtx_unlock(&lun->lun_lock);
5455#endif /* NEEDTOPORT */
5456		/*
5457		 * This could be a start or a stop when we're online,
5458		 * or a stop/offline or start/online.  A start or stop when
5459		 * we're offline is covered in the case above.
5460		 */
5461		/*
5462		 * In the non-immediate case, we send the request to
5463		 * the backend and return status to the user when
5464		 * it is done.
5465		 *
5466		 * In the immediate case, we allocate a new ctl_io
5467		 * to hold a copy of the request, and send that to
5468		 * the backend.  We then set good status on the
5469		 * user's request and return it immediately.
5470		 */
5471		if (cdb->byte2 & SSS_IMMED) {
5472			union ctl_io *new_io;
5473
5474			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5475			if (new_io == NULL) {
5476				ctl_set_busy(ctsio);
5477				ctl_done((union ctl_io *)ctsio);
5478			} else {
5479				ctl_copy_io((union ctl_io *)ctsio,
5480					    new_io);
5481				retval = lun->backend->config_write(new_io);
5482				ctl_set_success(ctsio);
5483				ctl_done((union ctl_io *)ctsio);
5484			}
5485		} else {
5486			retval = lun->backend->config_write(
5487				(union ctl_io *)ctsio);
5488		}
5489#ifdef NEEDTOPORT
5490	}
5491#endif
5492	return (retval);
5493}
5494
5495/*
5496 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5497 * we don't really do anything with the LBA and length fields if the user
5498 * passes them in.  Instead we'll just flush out the cache for the entire
5499 * LUN.
5500 */
5501int
5502ctl_sync_cache(struct ctl_scsiio *ctsio)
5503{
5504	struct ctl_lun *lun;
5505	struct ctl_softc *ctl_softc;
5506	uint64_t starting_lba;
5507	uint32_t block_count;
5508	int retval;
5509
5510	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5511
5512	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5513	ctl_softc = control_softc;
5514	retval = 0;
5515
5516	switch (ctsio->cdb[0]) {
5517	case SYNCHRONIZE_CACHE: {
5518		struct scsi_sync_cache *cdb;
5519		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5520
5521		starting_lba = scsi_4btoul(cdb->begin_lba);
5522		block_count = scsi_2btoul(cdb->lb_count);
5523		break;
5524	}
5525	case SYNCHRONIZE_CACHE_16: {
5526		struct scsi_sync_cache_16 *cdb;
5527		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5528
5529		starting_lba = scsi_8btou64(cdb->begin_lba);
5530		block_count = scsi_4btoul(cdb->lb_count);
5531		break;
5532	}
5533	default:
5534		ctl_set_invalid_opcode(ctsio);
5535		ctl_done((union ctl_io *)ctsio);
5536		goto bailout;
5537		break; /* NOTREACHED */
5538	}
5539
5540	/*
5541	 * We check the LBA and length, but don't do anything with them.
5542	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5543	 * get flushed.  This check will just help satisfy anyone who wants
5544	 * to see an error for an out of range LBA.
5545	 */
5546	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5547		ctl_set_lba_out_of_range(ctsio);
5548		ctl_done((union ctl_io *)ctsio);
5549		goto bailout;
5550	}
5551
5552	/*
5553	 * If this LUN has no backend, we can't flush the cache anyway.
5554	 */
5555	if (lun->backend == NULL) {
5556		ctl_set_invalid_opcode(ctsio);
5557		ctl_done((union ctl_io *)ctsio);
5558		goto bailout;
5559	}
5560
5561	/*
5562	 * Check to see whether we're configured to send the SYNCHRONIZE
5563	 * CACHE command directly to the back end.
5564	 */
5565	mtx_lock(&lun->lun_lock);
5566	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5567	 && (++(lun->sync_count) >= lun->sync_interval)) {
5568		lun->sync_count = 0;
5569		mtx_unlock(&lun->lun_lock);
5570		retval = lun->backend->config_write((union ctl_io *)ctsio);
5571	} else {
5572		mtx_unlock(&lun->lun_lock);
5573		ctl_set_success(ctsio);
5574		ctl_done((union ctl_io *)ctsio);
5575	}
5576
5577bailout:
5578
5579	return (retval);
5580}
5581
5582int
5583ctl_format(struct ctl_scsiio *ctsio)
5584{
5585	struct scsi_format *cdb;
5586	struct ctl_lun *lun;
5587	struct ctl_softc *ctl_softc;
5588	int length, defect_list_len;
5589
5590	CTL_DEBUG_PRINT(("ctl_format\n"));
5591
5592	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5593	ctl_softc = control_softc;
5594
5595	cdb = (struct scsi_format *)ctsio->cdb;
5596
5597	length = 0;
5598	if (cdb->byte2 & SF_FMTDATA) {
5599		if (cdb->byte2 & SF_LONGLIST)
5600			length = sizeof(struct scsi_format_header_long);
5601		else
5602			length = sizeof(struct scsi_format_header_short);
5603	}
5604
5605	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5606	 && (length > 0)) {
5607		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5608		ctsio->kern_data_len = length;
5609		ctsio->kern_total_len = length;
5610		ctsio->kern_data_resid = 0;
5611		ctsio->kern_rel_offset = 0;
5612		ctsio->kern_sg_entries = 0;
5613		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5614		ctsio->be_move_done = ctl_config_move_done;
5615		ctl_datamove((union ctl_io *)ctsio);
5616
5617		return (CTL_RETVAL_COMPLETE);
5618	}
5619
5620	defect_list_len = 0;
5621
5622	if (cdb->byte2 & SF_FMTDATA) {
5623		if (cdb->byte2 & SF_LONGLIST) {
5624			struct scsi_format_header_long *header;
5625
5626			header = (struct scsi_format_header_long *)
5627				ctsio->kern_data_ptr;
5628
5629			defect_list_len = scsi_4btoul(header->defect_list_len);
5630			if (defect_list_len != 0) {
5631				ctl_set_invalid_field(ctsio,
5632						      /*sks_valid*/ 1,
5633						      /*command*/ 0,
5634						      /*field*/ 2,
5635						      /*bit_valid*/ 0,
5636						      /*bit*/ 0);
5637				goto bailout;
5638			}
5639		} else {
5640			struct scsi_format_header_short *header;
5641
5642			header = (struct scsi_format_header_short *)
5643				ctsio->kern_data_ptr;
5644
5645			defect_list_len = scsi_2btoul(header->defect_list_len);
5646			if (defect_list_len != 0) {
5647				ctl_set_invalid_field(ctsio,
5648						      /*sks_valid*/ 1,
5649						      /*command*/ 0,
5650						      /*field*/ 2,
5651						      /*bit_valid*/ 0,
5652						      /*bit*/ 0);
5653				goto bailout;
5654			}
5655		}
5656	}
5657
5658	/*
5659	 * The format command will clear out the "Medium format corrupted"
5660	 * status if set by the configuration code.  That status is really
5661	 * just a way to notify the host that we have lost the media, and
5662	 * get them to issue a command that will basically make them think
5663	 * they're blowing away the media.
5664	 */
5665	mtx_lock(&lun->lun_lock);
5666	lun->flags &= ~CTL_LUN_INOPERABLE;
5667	mtx_unlock(&lun->lun_lock);
5668
5669	ctsio->scsi_status = SCSI_STATUS_OK;
5670	ctsio->io_hdr.status = CTL_SUCCESS;
5671bailout:
5672
5673	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5674		free(ctsio->kern_data_ptr, M_CTL);
5675		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5676	}
5677
5678	ctl_done((union ctl_io *)ctsio);
5679	return (CTL_RETVAL_COMPLETE);
5680}
5681
5682int
5683ctl_read_buffer(struct ctl_scsiio *ctsio)
5684{
5685	struct scsi_read_buffer *cdb;
5686	struct ctl_lun *lun;
5687	int buffer_offset, len;
5688	static uint8_t descr[4];
5689	static uint8_t echo_descr[4] = { 0 };
5690
5691	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5692
5693	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5694	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5695
5696	if (lun->flags & CTL_LUN_PR_RESERVED) {
5697		uint32_t residx;
5698
5699		/*
5700		 * XXX KDM need a lock here.
5701		 */
5702		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5703		if ((lun->res_type == SPR_TYPE_EX_AC
5704		  && residx != lun->pr_res_idx)
5705		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
5706		   || lun->res_type == SPR_TYPE_EX_AC_AR)
5707		  && lun->pr_keys[residx] == 0)) {
5708			ctl_set_reservation_conflict(ctsio);
5709			ctl_done((union ctl_io *)ctsio);
5710			return (CTL_RETVAL_COMPLETE);
5711	        }
5712	}
5713
5714	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5715	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5716	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5717		ctl_set_invalid_field(ctsio,
5718				      /*sks_valid*/ 1,
5719				      /*command*/ 1,
5720				      /*field*/ 1,
5721				      /*bit_valid*/ 1,
5722				      /*bit*/ 4);
5723		ctl_done((union ctl_io *)ctsio);
5724		return (CTL_RETVAL_COMPLETE);
5725	}
5726
5727	len = scsi_3btoul(cdb->length);
5728	buffer_offset = scsi_3btoul(cdb->offset);
5729
5730	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5731		ctl_set_invalid_field(ctsio,
5732				      /*sks_valid*/ 1,
5733				      /*command*/ 1,
5734				      /*field*/ 6,
5735				      /*bit_valid*/ 0,
5736				      /*bit*/ 0);
5737		ctl_done((union ctl_io *)ctsio);
5738		return (CTL_RETVAL_COMPLETE);
5739	}
5740
5741	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5742		descr[0] = 0;
5743		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5744		ctsio->kern_data_ptr = descr;
5745		len = min(len, sizeof(descr));
5746	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5747		ctsio->kern_data_ptr = echo_descr;
5748		len = min(len, sizeof(echo_descr));
5749	} else {
5750		if (lun->write_buffer == NULL) {
5751			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5752			    M_CTL, M_WAITOK);
5753		}
5754		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5755	}
5756	ctsio->kern_data_len = len;
5757	ctsio->kern_total_len = len;
5758	ctsio->kern_data_resid = 0;
5759	ctsio->kern_rel_offset = 0;
5760	ctsio->kern_sg_entries = 0;
5761	ctsio->be_move_done = ctl_config_move_done;
5762	ctl_datamove((union ctl_io *)ctsio);
5763
5764	return (CTL_RETVAL_COMPLETE);
5765}
5766
5767int
5768ctl_write_buffer(struct ctl_scsiio *ctsio)
5769{
5770	struct scsi_write_buffer *cdb;
5771	struct ctl_lun *lun;
5772	int buffer_offset, len;
5773
5774	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5775
5776	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5777	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5778
5779	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5780		ctl_set_invalid_field(ctsio,
5781				      /*sks_valid*/ 1,
5782				      /*command*/ 1,
5783				      /*field*/ 1,
5784				      /*bit_valid*/ 1,
5785				      /*bit*/ 4);
5786		ctl_done((union ctl_io *)ctsio);
5787		return (CTL_RETVAL_COMPLETE);
5788	}
5789
5790	len = scsi_3btoul(cdb->length);
5791	buffer_offset = scsi_3btoul(cdb->offset);
5792
5793	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5794		ctl_set_invalid_field(ctsio,
5795				      /*sks_valid*/ 1,
5796				      /*command*/ 1,
5797				      /*field*/ 6,
5798				      /*bit_valid*/ 0,
5799				      /*bit*/ 0);
5800		ctl_done((union ctl_io *)ctsio);
5801		return (CTL_RETVAL_COMPLETE);
5802	}
5803
5804	/*
5805	 * If we've got a kernel request that hasn't been malloced yet,
5806	 * malloc it and tell the caller the data buffer is here.
5807	 */
5808	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5809		if (lun->write_buffer == NULL) {
5810			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5811			    M_CTL, M_WAITOK);
5812		}
5813		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5814		ctsio->kern_data_len = len;
5815		ctsio->kern_total_len = len;
5816		ctsio->kern_data_resid = 0;
5817		ctsio->kern_rel_offset = 0;
5818		ctsio->kern_sg_entries = 0;
5819		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5820		ctsio->be_move_done = ctl_config_move_done;
5821		ctl_datamove((union ctl_io *)ctsio);
5822
5823		return (CTL_RETVAL_COMPLETE);
5824	}
5825
5826	ctl_done((union ctl_io *)ctsio);
5827
5828	return (CTL_RETVAL_COMPLETE);
5829}
5830
5831int
5832ctl_write_same(struct ctl_scsiio *ctsio)
5833{
5834	struct ctl_lun *lun;
5835	struct ctl_lba_len_flags *lbalen;
5836	uint64_t lba;
5837	uint32_t num_blocks;
5838	int len, retval;
5839	uint8_t byte2;
5840
5841	retval = CTL_RETVAL_COMPLETE;
5842
5843	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5844
5845	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5846
5847	switch (ctsio->cdb[0]) {
5848	case WRITE_SAME_10: {
5849		struct scsi_write_same_10 *cdb;
5850
5851		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5852
5853		lba = scsi_4btoul(cdb->addr);
5854		num_blocks = scsi_2btoul(cdb->length);
5855		byte2 = cdb->byte2;
5856		break;
5857	}
5858	case WRITE_SAME_16: {
5859		struct scsi_write_same_16 *cdb;
5860
5861		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5862
5863		lba = scsi_8btou64(cdb->addr);
5864		num_blocks = scsi_4btoul(cdb->length);
5865		byte2 = cdb->byte2;
5866		break;
5867	}
5868	default:
5869		/*
5870		 * We got a command we don't support.  This shouldn't
5871		 * happen, commands should be filtered out above us.
5872		 */
5873		ctl_set_invalid_opcode(ctsio);
5874		ctl_done((union ctl_io *)ctsio);
5875
5876		return (CTL_RETVAL_COMPLETE);
5877		break; /* NOTREACHED */
5878	}
5879
5880	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5881	if ((byte2 & SWS_UNMAP) == 0 &&
5882	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5883		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5884		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5885		ctl_done((union ctl_io *)ctsio);
5886		return (CTL_RETVAL_COMPLETE);
5887	}
5888
5889	/*
5890	 * The first check is to make sure we're in bounds, the second
5891	 * check is to catch wrap-around problems.  If the lba + num blocks
5892	 * is less than the lba, then we've wrapped around and the block
5893	 * range is invalid anyway.
5894	 */
5895	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5896	 || ((lba + num_blocks) < lba)) {
5897		ctl_set_lba_out_of_range(ctsio);
5898		ctl_done((union ctl_io *)ctsio);
5899		return (CTL_RETVAL_COMPLETE);
5900	}
5901
5902	/* Zero number of blocks means "to the last logical block" */
5903	if (num_blocks == 0) {
5904		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5905			ctl_set_invalid_field(ctsio,
5906					      /*sks_valid*/ 0,
5907					      /*command*/ 1,
5908					      /*field*/ 0,
5909					      /*bit_valid*/ 0,
5910					      /*bit*/ 0);
5911			ctl_done((union ctl_io *)ctsio);
5912			return (CTL_RETVAL_COMPLETE);
5913		}
5914		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5915	}
5916
5917	len = lun->be_lun->blocksize;
5918
5919	/*
5920	 * If we've got a kernel request that hasn't been malloced yet,
5921	 * malloc it and tell the caller the data buffer is here.
5922	 */
5923	if ((byte2 & SWS_NDOB) == 0 &&
5924	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5925		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5926		ctsio->kern_data_len = len;
5927		ctsio->kern_total_len = len;
5928		ctsio->kern_data_resid = 0;
5929		ctsio->kern_rel_offset = 0;
5930		ctsio->kern_sg_entries = 0;
5931		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5932		ctsio->be_move_done = ctl_config_move_done;
5933		ctl_datamove((union ctl_io *)ctsio);
5934
5935		return (CTL_RETVAL_COMPLETE);
5936	}
5937
5938	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5939	lbalen->lba = lba;
5940	lbalen->len = num_blocks;
5941	lbalen->flags = byte2;
5942	retval = lun->backend->config_write((union ctl_io *)ctsio);
5943
5944	return (retval);
5945}
5946
5947int
5948ctl_unmap(struct ctl_scsiio *ctsio)
5949{
5950	struct ctl_lun *lun;
5951	struct scsi_unmap *cdb;
5952	struct ctl_ptr_len_flags *ptrlen;
5953	struct scsi_unmap_header *hdr;
5954	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5955	uint64_t lba;
5956	uint32_t num_blocks;
5957	int len, retval;
5958	uint8_t byte2;
5959
5960	retval = CTL_RETVAL_COMPLETE;
5961
5962	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5963
5964	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5965	cdb = (struct scsi_unmap *)ctsio->cdb;
5966
5967	len = scsi_2btoul(cdb->length);
5968	byte2 = cdb->byte2;
5969
5970	/*
5971	 * If we've got a kernel request that hasn't been malloced yet,
5972	 * malloc it and tell the caller the data buffer is here.
5973	 */
5974	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5975		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5976		ctsio->kern_data_len = len;
5977		ctsio->kern_total_len = len;
5978		ctsio->kern_data_resid = 0;
5979		ctsio->kern_rel_offset = 0;
5980		ctsio->kern_sg_entries = 0;
5981		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5982		ctsio->be_move_done = ctl_config_move_done;
5983		ctl_datamove((union ctl_io *)ctsio);
5984
5985		return (CTL_RETVAL_COMPLETE);
5986	}
5987
5988	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5989	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5990	if (len < sizeof (*hdr) ||
5991	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5992	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5993	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5994		ctl_set_invalid_field(ctsio,
5995				      /*sks_valid*/ 0,
5996				      /*command*/ 0,
5997				      /*field*/ 0,
5998				      /*bit_valid*/ 0,
5999				      /*bit*/ 0);
6000		ctl_done((union ctl_io *)ctsio);
6001		return (CTL_RETVAL_COMPLETE);
6002	}
6003	len = scsi_2btoul(hdr->desc_length);
6004	buf = (struct scsi_unmap_desc *)(hdr + 1);
6005	end = buf + len / sizeof(*buf);
6006
6007	endnz = buf;
6008	for (range = buf; range < end; range++) {
6009		lba = scsi_8btou64(range->lba);
6010		num_blocks = scsi_4btoul(range->length);
6011		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6012		 || ((lba + num_blocks) < lba)) {
6013			ctl_set_lba_out_of_range(ctsio);
6014			ctl_done((union ctl_io *)ctsio);
6015			return (CTL_RETVAL_COMPLETE);
6016		}
6017		if (num_blocks != 0)
6018			endnz = range + 1;
6019	}
6020
6021	/*
6022	 * Block backend can not handle zero last range.
6023	 * Filter it out and return if there is nothing left.
6024	 */
6025	len = (uint8_t *)endnz - (uint8_t *)buf;
6026	if (len == 0) {
6027		ctl_set_success(ctsio);
6028		ctl_done((union ctl_io *)ctsio);
6029		return (CTL_RETVAL_COMPLETE);
6030	}
6031
6032	mtx_lock(&lun->lun_lock);
6033	ptrlen = (struct ctl_ptr_len_flags *)
6034	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6035	ptrlen->ptr = (void *)buf;
6036	ptrlen->len = len;
6037	ptrlen->flags = byte2;
6038	ctl_check_blocked(lun);
6039	mtx_unlock(&lun->lun_lock);
6040
6041	retval = lun->backend->config_write((union ctl_io *)ctsio);
6042	return (retval);
6043}
6044
6045/*
6046 * Note that this function currently doesn't actually do anything inside
6047 * CTL to enforce things if the DQue bit is turned on.
6048 *
6049 * Also note that this function can't be used in the default case, because
6050 * the DQue bit isn't set in the changeable mask for the control mode page
6051 * anyway.  This is just here as an example for how to implement a page
6052 * handler, and a placeholder in case we want to allow the user to turn
6053 * tagged queueing on and off.
6054 *
6055 * The D_SENSE bit handling is functional, however, and will turn
6056 * descriptor sense on and off for a given LUN.
6057 */
6058int
6059ctl_control_page_handler(struct ctl_scsiio *ctsio,
6060			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6061{
6062	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6063	struct ctl_lun *lun;
6064	struct ctl_softc *softc;
6065	int set_ua;
6066	uint32_t initidx;
6067
6068	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6069	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6070	set_ua = 0;
6071
6072	user_cp = (struct scsi_control_page *)page_ptr;
6073	current_cp = (struct scsi_control_page *)
6074		(page_index->page_data + (page_index->page_len *
6075		CTL_PAGE_CURRENT));
6076	saved_cp = (struct scsi_control_page *)
6077		(page_index->page_data + (page_index->page_len *
6078		CTL_PAGE_SAVED));
6079
6080	softc = control_softc;
6081
6082	mtx_lock(&lun->lun_lock);
6083	if (((current_cp->rlec & SCP_DSENSE) == 0)
6084	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6085		/*
6086		 * Descriptor sense is currently turned off and the user
6087		 * wants to turn it on.
6088		 */
6089		current_cp->rlec |= SCP_DSENSE;
6090		saved_cp->rlec |= SCP_DSENSE;
6091		lun->flags |= CTL_LUN_SENSE_DESC;
6092		set_ua = 1;
6093	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6094		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6095		/*
6096		 * Descriptor sense is currently turned on, and the user
6097		 * wants to turn it off.
6098		 */
6099		current_cp->rlec &= ~SCP_DSENSE;
6100		saved_cp->rlec &= ~SCP_DSENSE;
6101		lun->flags &= ~CTL_LUN_SENSE_DESC;
6102		set_ua = 1;
6103	}
6104	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6105	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6106		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6107		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6108		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6109		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6110		set_ua = 1;
6111	}
6112	if ((current_cp->eca_and_aen & SCP_SWP) !=
6113	    (user_cp->eca_and_aen & SCP_SWP)) {
6114		current_cp->eca_and_aen &= ~SCP_SWP;
6115		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6116		saved_cp->eca_and_aen &= ~SCP_SWP;
6117		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6118		set_ua = 1;
6119	}
6120	if (set_ua != 0) {
6121		int i;
6122		/*
6123		 * Let other initiators know that the mode
6124		 * parameters for this LUN have changed.
6125		 */
6126		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6127			if (i == initidx)
6128				continue;
6129
6130			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6131		}
6132	}
6133	mtx_unlock(&lun->lun_lock);
6134
6135	return (0);
6136}
6137
6138int
6139ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6140		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6141{
6142	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6143	struct ctl_lun *lun;
6144	int set_ua;
6145	uint32_t initidx;
6146
6147	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6148	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6149	set_ua = 0;
6150
6151	user_cp = (struct scsi_caching_page *)page_ptr;
6152	current_cp = (struct scsi_caching_page *)
6153		(page_index->page_data + (page_index->page_len *
6154		CTL_PAGE_CURRENT));
6155	saved_cp = (struct scsi_caching_page *)
6156		(page_index->page_data + (page_index->page_len *
6157		CTL_PAGE_SAVED));
6158
6159	mtx_lock(&lun->lun_lock);
6160	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6161	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6162		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6163		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6164		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6165		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6166		set_ua = 1;
6167	}
6168	if (set_ua != 0) {
6169		int i;
6170		/*
6171		 * Let other initiators know that the mode
6172		 * parameters for this LUN have changed.
6173		 */
6174		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6175			if (i == initidx)
6176				continue;
6177
6178			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6179		}
6180	}
6181	mtx_unlock(&lun->lun_lock);
6182
6183	return (0);
6184}
6185
6186int
6187ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6188				struct ctl_page_index *page_index,
6189				uint8_t *page_ptr)
6190{
6191	uint8_t *c;
6192	int i;
6193
6194	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6195	ctl_time_io_secs =
6196		(c[0] << 8) |
6197		(c[1] << 0) |
6198		0;
6199	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6200	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6201	printf("page data:");
6202	for (i=0; i<8; i++)
6203		printf(" %.2x",page_ptr[i]);
6204	printf("\n");
6205	return (0);
6206}
6207
6208int
6209ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6210			       struct ctl_page_index *page_index,
6211			       int pc)
6212{
6213	struct copan_debugconf_subpage *page;
6214
6215	page = (struct copan_debugconf_subpage *)page_index->page_data +
6216		(page_index->page_len * pc);
6217
6218	switch (pc) {
6219	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6220	case SMS_PAGE_CTRL_DEFAULT >> 6:
6221	case SMS_PAGE_CTRL_SAVED >> 6:
6222		/*
6223		 * We don't update the changable or default bits for this page.
6224		 */
6225		break;
6226	case SMS_PAGE_CTRL_CURRENT >> 6:
6227		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6228		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6229		break;
6230	default:
6231#ifdef NEEDTOPORT
6232		EPRINT(0, "Invalid PC %d!!", pc);
6233#endif /* NEEDTOPORT */
6234		break;
6235	}
6236	return (0);
6237}
6238
6239
6240static int
6241ctl_do_mode_select(union ctl_io *io)
6242{
6243	struct scsi_mode_page_header *page_header;
6244	struct ctl_page_index *page_index;
6245	struct ctl_scsiio *ctsio;
6246	int control_dev, page_len;
6247	int page_len_offset, page_len_size;
6248	union ctl_modepage_info *modepage_info;
6249	struct ctl_lun *lun;
6250	int *len_left, *len_used;
6251	int retval, i;
6252
6253	ctsio = &io->scsiio;
6254	page_index = NULL;
6255	page_len = 0;
6256	retval = CTL_RETVAL_COMPLETE;
6257
6258	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6259
6260	if (lun->be_lun->lun_type != T_DIRECT)
6261		control_dev = 1;
6262	else
6263		control_dev = 0;
6264
6265	modepage_info = (union ctl_modepage_info *)
6266		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6267	len_left = &modepage_info->header.len_left;
6268	len_used = &modepage_info->header.len_used;
6269
6270do_next_page:
6271
6272	page_header = (struct scsi_mode_page_header *)
6273		(ctsio->kern_data_ptr + *len_used);
6274
6275	if (*len_left == 0) {
6276		free(ctsio->kern_data_ptr, M_CTL);
6277		ctl_set_success(ctsio);
6278		ctl_done((union ctl_io *)ctsio);
6279		return (CTL_RETVAL_COMPLETE);
6280	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6281
6282		free(ctsio->kern_data_ptr, M_CTL);
6283		ctl_set_param_len_error(ctsio);
6284		ctl_done((union ctl_io *)ctsio);
6285		return (CTL_RETVAL_COMPLETE);
6286
6287	} else if ((page_header->page_code & SMPH_SPF)
6288		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6289
6290		free(ctsio->kern_data_ptr, M_CTL);
6291		ctl_set_param_len_error(ctsio);
6292		ctl_done((union ctl_io *)ctsio);
6293		return (CTL_RETVAL_COMPLETE);
6294	}
6295
6296
6297	/*
6298	 * XXX KDM should we do something with the block descriptor?
6299	 */
6300	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6301
6302		if ((control_dev != 0)
6303		 && (lun->mode_pages.index[i].page_flags &
6304		     CTL_PAGE_FLAG_DISK_ONLY))
6305			continue;
6306
6307		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6308		    (page_header->page_code & SMPH_PC_MASK))
6309			continue;
6310
6311		/*
6312		 * If neither page has a subpage code, then we've got a
6313		 * match.
6314		 */
6315		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6316		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6317			page_index = &lun->mode_pages.index[i];
6318			page_len = page_header->page_length;
6319			break;
6320		}
6321
6322		/*
6323		 * If both pages have subpages, then the subpage numbers
6324		 * have to match.
6325		 */
6326		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6327		  && (page_header->page_code & SMPH_SPF)) {
6328			struct scsi_mode_page_header_sp *sph;
6329
6330			sph = (struct scsi_mode_page_header_sp *)page_header;
6331
6332			if (lun->mode_pages.index[i].subpage ==
6333			    sph->subpage) {
6334				page_index = &lun->mode_pages.index[i];
6335				page_len = scsi_2btoul(sph->page_length);
6336				break;
6337			}
6338		}
6339	}
6340
6341	/*
6342	 * If we couldn't find the page, or if we don't have a mode select
6343	 * handler for it, send back an error to the user.
6344	 */
6345	if ((page_index == NULL)
6346	 || (page_index->select_handler == NULL)) {
6347		ctl_set_invalid_field(ctsio,
6348				      /*sks_valid*/ 1,
6349				      /*command*/ 0,
6350				      /*field*/ *len_used,
6351				      /*bit_valid*/ 0,
6352				      /*bit*/ 0);
6353		free(ctsio->kern_data_ptr, M_CTL);
6354		ctl_done((union ctl_io *)ctsio);
6355		return (CTL_RETVAL_COMPLETE);
6356	}
6357
6358	if (page_index->page_code & SMPH_SPF) {
6359		page_len_offset = 2;
6360		page_len_size = 2;
6361	} else {
6362		page_len_size = 1;
6363		page_len_offset = 1;
6364	}
6365
6366	/*
6367	 * If the length the initiator gives us isn't the one we specify in
6368	 * the mode page header, or if they didn't specify enough data in
6369	 * the CDB to avoid truncating this page, kick out the request.
6370	 */
6371	if ((page_len != (page_index->page_len - page_len_offset -
6372			  page_len_size))
6373	 || (*len_left < page_index->page_len)) {
6374
6375
6376		ctl_set_invalid_field(ctsio,
6377				      /*sks_valid*/ 1,
6378				      /*command*/ 0,
6379				      /*field*/ *len_used + page_len_offset,
6380				      /*bit_valid*/ 0,
6381				      /*bit*/ 0);
6382		free(ctsio->kern_data_ptr, M_CTL);
6383		ctl_done((union ctl_io *)ctsio);
6384		return (CTL_RETVAL_COMPLETE);
6385	}
6386
6387	/*
6388	 * Run through the mode page, checking to make sure that the bits
6389	 * the user changed are actually legal for him to change.
6390	 */
6391	for (i = 0; i < page_index->page_len; i++) {
6392		uint8_t *user_byte, *change_mask, *current_byte;
6393		int bad_bit;
6394		int j;
6395
6396		user_byte = (uint8_t *)page_header + i;
6397		change_mask = page_index->page_data +
6398			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6399		current_byte = page_index->page_data +
6400			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6401
6402		/*
6403		 * Check to see whether the user set any bits in this byte
6404		 * that he is not allowed to set.
6405		 */
6406		if ((*user_byte & ~(*change_mask)) ==
6407		    (*current_byte & ~(*change_mask)))
6408			continue;
6409
6410		/*
6411		 * Go through bit by bit to determine which one is illegal.
6412		 */
6413		bad_bit = 0;
6414		for (j = 7; j >= 0; j--) {
6415			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6416			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6417				bad_bit = i;
6418				break;
6419			}
6420		}
6421		ctl_set_invalid_field(ctsio,
6422				      /*sks_valid*/ 1,
6423				      /*command*/ 0,
6424				      /*field*/ *len_used + i,
6425				      /*bit_valid*/ 1,
6426				      /*bit*/ bad_bit);
6427		free(ctsio->kern_data_ptr, M_CTL);
6428		ctl_done((union ctl_io *)ctsio);
6429		return (CTL_RETVAL_COMPLETE);
6430	}
6431
6432	/*
6433	 * Decrement these before we call the page handler, since we may
6434	 * end up getting called back one way or another before the handler
6435	 * returns to this context.
6436	 */
6437	*len_left -= page_index->page_len;
6438	*len_used += page_index->page_len;
6439
6440	retval = page_index->select_handler(ctsio, page_index,
6441					    (uint8_t *)page_header);
6442
6443	/*
6444	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6445	 * wait until this queued command completes to finish processing
6446	 * the mode page.  If it returns anything other than
6447	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6448	 * already set the sense information, freed the data pointer, and
6449	 * completed the io for us.
6450	 */
6451	if (retval != CTL_RETVAL_COMPLETE)
6452		goto bailout_no_done;
6453
6454	/*
6455	 * If the initiator sent us more than one page, parse the next one.
6456	 */
6457	if (*len_left > 0)
6458		goto do_next_page;
6459
6460	ctl_set_success(ctsio);
6461	free(ctsio->kern_data_ptr, M_CTL);
6462	ctl_done((union ctl_io *)ctsio);
6463
6464bailout_no_done:
6465
6466	return (CTL_RETVAL_COMPLETE);
6467
6468}
6469
6470int
6471ctl_mode_select(struct ctl_scsiio *ctsio)
6472{
6473	int param_len, pf, sp;
6474	int header_size, bd_len;
6475	int len_left, len_used;
6476	struct ctl_page_index *page_index;
6477	struct ctl_lun *lun;
6478	int control_dev, page_len;
6479	union ctl_modepage_info *modepage_info;
6480	int retval;
6481
6482	pf = 0;
6483	sp = 0;
6484	page_len = 0;
6485	len_used = 0;
6486	len_left = 0;
6487	retval = 0;
6488	bd_len = 0;
6489	page_index = NULL;
6490
6491	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6492
6493	if (lun->be_lun->lun_type != T_DIRECT)
6494		control_dev = 1;
6495	else
6496		control_dev = 0;
6497
6498	switch (ctsio->cdb[0]) {
6499	case MODE_SELECT_6: {
6500		struct scsi_mode_select_6 *cdb;
6501
6502		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6503
6504		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6505		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6506
6507		param_len = cdb->length;
6508		header_size = sizeof(struct scsi_mode_header_6);
6509		break;
6510	}
6511	case MODE_SELECT_10: {
6512		struct scsi_mode_select_10 *cdb;
6513
6514		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6515
6516		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6517		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6518
6519		param_len = scsi_2btoul(cdb->length);
6520		header_size = sizeof(struct scsi_mode_header_10);
6521		break;
6522	}
6523	default:
6524		ctl_set_invalid_opcode(ctsio);
6525		ctl_done((union ctl_io *)ctsio);
6526		return (CTL_RETVAL_COMPLETE);
6527		break; /* NOTREACHED */
6528	}
6529
6530	/*
6531	 * From SPC-3:
6532	 * "A parameter list length of zero indicates that the Data-Out Buffer
6533	 * shall be empty. This condition shall not be considered as an error."
6534	 */
6535	if (param_len == 0) {
6536		ctl_set_success(ctsio);
6537		ctl_done((union ctl_io *)ctsio);
6538		return (CTL_RETVAL_COMPLETE);
6539	}
6540
6541	/*
6542	 * Since we'll hit this the first time through, prior to
6543	 * allocation, we don't need to free a data buffer here.
6544	 */
6545	if (param_len < header_size) {
6546		ctl_set_param_len_error(ctsio);
6547		ctl_done((union ctl_io *)ctsio);
6548		return (CTL_RETVAL_COMPLETE);
6549	}
6550
6551	/*
6552	 * Allocate the data buffer and grab the user's data.  In theory,
6553	 * we shouldn't have to sanity check the parameter list length here
6554	 * because the maximum size is 64K.  We should be able to malloc
6555	 * that much without too many problems.
6556	 */
6557	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6558		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6559		ctsio->kern_data_len = param_len;
6560		ctsio->kern_total_len = param_len;
6561		ctsio->kern_data_resid = 0;
6562		ctsio->kern_rel_offset = 0;
6563		ctsio->kern_sg_entries = 0;
6564		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6565		ctsio->be_move_done = ctl_config_move_done;
6566		ctl_datamove((union ctl_io *)ctsio);
6567
6568		return (CTL_RETVAL_COMPLETE);
6569	}
6570
6571	switch (ctsio->cdb[0]) {
6572	case MODE_SELECT_6: {
6573		struct scsi_mode_header_6 *mh6;
6574
6575		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6576		bd_len = mh6->blk_desc_len;
6577		break;
6578	}
6579	case MODE_SELECT_10: {
6580		struct scsi_mode_header_10 *mh10;
6581
6582		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6583		bd_len = scsi_2btoul(mh10->blk_desc_len);
6584		break;
6585	}
6586	default:
6587		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6588		break;
6589	}
6590
6591	if (param_len < (header_size + bd_len)) {
6592		free(ctsio->kern_data_ptr, M_CTL);
6593		ctl_set_param_len_error(ctsio);
6594		ctl_done((union ctl_io *)ctsio);
6595		return (CTL_RETVAL_COMPLETE);
6596	}
6597
6598	/*
6599	 * Set the IO_CONT flag, so that if this I/O gets passed to
6600	 * ctl_config_write_done(), it'll get passed back to
6601	 * ctl_do_mode_select() for further processing, or completion if
6602	 * we're all done.
6603	 */
6604	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6605	ctsio->io_cont = ctl_do_mode_select;
6606
6607	modepage_info = (union ctl_modepage_info *)
6608		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6609
6610	memset(modepage_info, 0, sizeof(*modepage_info));
6611
6612	len_left = param_len - header_size - bd_len;
6613	len_used = header_size + bd_len;
6614
6615	modepage_info->header.len_left = len_left;
6616	modepage_info->header.len_used = len_used;
6617
6618	return (ctl_do_mode_select((union ctl_io *)ctsio));
6619}
6620
6621int
6622ctl_mode_sense(struct ctl_scsiio *ctsio)
6623{
6624	struct ctl_lun *lun;
6625	int pc, page_code, dbd, llba, subpage;
6626	int alloc_len, page_len, header_len, total_len;
6627	struct scsi_mode_block_descr *block_desc;
6628	struct ctl_page_index *page_index;
6629	int control_dev;
6630
6631	dbd = 0;
6632	llba = 0;
6633	block_desc = NULL;
6634	page_index = NULL;
6635
6636	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6637
6638	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6639
6640	if (lun->be_lun->lun_type != T_DIRECT)
6641		control_dev = 1;
6642	else
6643		control_dev = 0;
6644
6645	if (lun->flags & CTL_LUN_PR_RESERVED) {
6646		uint32_t residx;
6647
6648		/*
6649		 * XXX KDM need a lock here.
6650		 */
6651		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
6652		if ((lun->res_type == SPR_TYPE_EX_AC
6653		  && residx != lun->pr_res_idx)
6654		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
6655		   || lun->res_type == SPR_TYPE_EX_AC_AR)
6656		  && lun->pr_keys[residx] == 0)) {
6657			ctl_set_reservation_conflict(ctsio);
6658			ctl_done((union ctl_io *)ctsio);
6659			return (CTL_RETVAL_COMPLETE);
6660		}
6661	}
6662
6663	switch (ctsio->cdb[0]) {
6664	case MODE_SENSE_6: {
6665		struct scsi_mode_sense_6 *cdb;
6666
6667		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6668
6669		header_len = sizeof(struct scsi_mode_hdr_6);
6670		if (cdb->byte2 & SMS_DBD)
6671			dbd = 1;
6672		else
6673			header_len += sizeof(struct scsi_mode_block_descr);
6674
6675		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6676		page_code = cdb->page & SMS_PAGE_CODE;
6677		subpage = cdb->subpage;
6678		alloc_len = cdb->length;
6679		break;
6680	}
6681	case MODE_SENSE_10: {
6682		struct scsi_mode_sense_10 *cdb;
6683
6684		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6685
6686		header_len = sizeof(struct scsi_mode_hdr_10);
6687
6688		if (cdb->byte2 & SMS_DBD)
6689			dbd = 1;
6690		else
6691			header_len += sizeof(struct scsi_mode_block_descr);
6692		if (cdb->byte2 & SMS10_LLBAA)
6693			llba = 1;
6694		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6695		page_code = cdb->page & SMS_PAGE_CODE;
6696		subpage = cdb->subpage;
6697		alloc_len = scsi_2btoul(cdb->length);
6698		break;
6699	}
6700	default:
6701		ctl_set_invalid_opcode(ctsio);
6702		ctl_done((union ctl_io *)ctsio);
6703		return (CTL_RETVAL_COMPLETE);
6704		break; /* NOTREACHED */
6705	}
6706
6707	/*
6708	 * We have to make a first pass through to calculate the size of
6709	 * the pages that match the user's query.  Then we allocate enough
6710	 * memory to hold it, and actually copy the data into the buffer.
6711	 */
6712	switch (page_code) {
6713	case SMS_ALL_PAGES_PAGE: {
6714		int i;
6715
6716		page_len = 0;
6717
6718		/*
6719		 * At the moment, values other than 0 and 0xff here are
6720		 * reserved according to SPC-3.
6721		 */
6722		if ((subpage != SMS_SUBPAGE_PAGE_0)
6723		 && (subpage != SMS_SUBPAGE_ALL)) {
6724			ctl_set_invalid_field(ctsio,
6725					      /*sks_valid*/ 1,
6726					      /*command*/ 1,
6727					      /*field*/ 3,
6728					      /*bit_valid*/ 0,
6729					      /*bit*/ 0);
6730			ctl_done((union ctl_io *)ctsio);
6731			return (CTL_RETVAL_COMPLETE);
6732		}
6733
6734		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6735			if ((control_dev != 0)
6736			 && (lun->mode_pages.index[i].page_flags &
6737			     CTL_PAGE_FLAG_DISK_ONLY))
6738				continue;
6739
6740			/*
6741			 * We don't use this subpage if the user didn't
6742			 * request all subpages.
6743			 */
6744			if ((lun->mode_pages.index[i].subpage != 0)
6745			 && (subpage == SMS_SUBPAGE_PAGE_0))
6746				continue;
6747
6748#if 0
6749			printf("found page %#x len %d\n",
6750			       lun->mode_pages.index[i].page_code &
6751			       SMPH_PC_MASK,
6752			       lun->mode_pages.index[i].page_len);
6753#endif
6754			page_len += lun->mode_pages.index[i].page_len;
6755		}
6756		break;
6757	}
6758	default: {
6759		int i;
6760
6761		page_len = 0;
6762
6763		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6764			/* Look for the right page code */
6765			if ((lun->mode_pages.index[i].page_code &
6766			     SMPH_PC_MASK) != page_code)
6767				continue;
6768
6769			/* Look for the right subpage or the subpage wildcard*/
6770			if ((lun->mode_pages.index[i].subpage != subpage)
6771			 && (subpage != SMS_SUBPAGE_ALL))
6772				continue;
6773
6774			/* Make sure the page is supported for this dev type */
6775			if ((control_dev != 0)
6776			 && (lun->mode_pages.index[i].page_flags &
6777			     CTL_PAGE_FLAG_DISK_ONLY))
6778				continue;
6779
6780#if 0
6781			printf("found page %#x len %d\n",
6782			       lun->mode_pages.index[i].page_code &
6783			       SMPH_PC_MASK,
6784			       lun->mode_pages.index[i].page_len);
6785#endif
6786
6787			page_len += lun->mode_pages.index[i].page_len;
6788		}
6789
6790		if (page_len == 0) {
6791			ctl_set_invalid_field(ctsio,
6792					      /*sks_valid*/ 1,
6793					      /*command*/ 1,
6794					      /*field*/ 2,
6795					      /*bit_valid*/ 1,
6796					      /*bit*/ 5);
6797			ctl_done((union ctl_io *)ctsio);
6798			return (CTL_RETVAL_COMPLETE);
6799		}
6800		break;
6801	}
6802	}
6803
6804	total_len = header_len + page_len;
6805#if 0
6806	printf("header_len = %d, page_len = %d, total_len = %d\n",
6807	       header_len, page_len, total_len);
6808#endif
6809
6810	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6811	ctsio->kern_sg_entries = 0;
6812	ctsio->kern_data_resid = 0;
6813	ctsio->kern_rel_offset = 0;
6814	if (total_len < alloc_len) {
6815		ctsio->residual = alloc_len - total_len;
6816		ctsio->kern_data_len = total_len;
6817		ctsio->kern_total_len = total_len;
6818	} else {
6819		ctsio->residual = 0;
6820		ctsio->kern_data_len = alloc_len;
6821		ctsio->kern_total_len = alloc_len;
6822	}
6823
6824	switch (ctsio->cdb[0]) {
6825	case MODE_SENSE_6: {
6826		struct scsi_mode_hdr_6 *header;
6827
6828		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6829
6830		header->datalen = ctl_min(total_len - 1, 254);
6831		if (control_dev == 0) {
6832			header->dev_specific = 0x10; /* DPOFUA */
6833			if ((lun->flags & CTL_LUN_READONLY) ||
6834			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6835			    .eca_and_aen & SCP_SWP) != 0)
6836				    header->dev_specific |= 0x80; /* WP */
6837		}
6838		if (dbd)
6839			header->block_descr_len = 0;
6840		else
6841			header->block_descr_len =
6842				sizeof(struct scsi_mode_block_descr);
6843		block_desc = (struct scsi_mode_block_descr *)&header[1];
6844		break;
6845	}
6846	case MODE_SENSE_10: {
6847		struct scsi_mode_hdr_10 *header;
6848		int datalen;
6849
6850		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6851
6852		datalen = ctl_min(total_len - 2, 65533);
6853		scsi_ulto2b(datalen, header->datalen);
6854		if (control_dev == 0) {
6855			header->dev_specific = 0x10; /* DPOFUA */
6856			if ((lun->flags & CTL_LUN_READONLY) ||
6857			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6858			    .eca_and_aen & SCP_SWP) != 0)
6859				    header->dev_specific |= 0x80; /* WP */
6860		}
6861		if (dbd)
6862			scsi_ulto2b(0, header->block_descr_len);
6863		else
6864			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6865				    header->block_descr_len);
6866		block_desc = (struct scsi_mode_block_descr *)&header[1];
6867		break;
6868	}
6869	default:
6870		panic("invalid CDB type %#x", ctsio->cdb[0]);
6871		break; /* NOTREACHED */
6872	}
6873
6874	/*
6875	 * If we've got a disk, use its blocksize in the block
6876	 * descriptor.  Otherwise, just set it to 0.
6877	 */
6878	if (dbd == 0) {
6879		if (control_dev == 0)
6880			scsi_ulto3b(lun->be_lun->blocksize,
6881				    block_desc->block_len);
6882		else
6883			scsi_ulto3b(0, block_desc->block_len);
6884	}
6885
6886	switch (page_code) {
6887	case SMS_ALL_PAGES_PAGE: {
6888		int i, data_used;
6889
6890		data_used = header_len;
6891		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6892			struct ctl_page_index *page_index;
6893
6894			page_index = &lun->mode_pages.index[i];
6895
6896			if ((control_dev != 0)
6897			 && (page_index->page_flags &
6898			    CTL_PAGE_FLAG_DISK_ONLY))
6899				continue;
6900
6901			/*
6902			 * We don't use this subpage if the user didn't
6903			 * request all subpages.  We already checked (above)
6904			 * to make sure the user only specified a subpage
6905			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6906			 */
6907			if ((page_index->subpage != 0)
6908			 && (subpage == SMS_SUBPAGE_PAGE_0))
6909				continue;
6910
6911			/*
6912			 * Call the handler, if it exists, to update the
6913			 * page to the latest values.
6914			 */
6915			if (page_index->sense_handler != NULL)
6916				page_index->sense_handler(ctsio, page_index,pc);
6917
6918			memcpy(ctsio->kern_data_ptr + data_used,
6919			       page_index->page_data +
6920			       (page_index->page_len * pc),
6921			       page_index->page_len);
6922			data_used += page_index->page_len;
6923		}
6924		break;
6925	}
6926	default: {
6927		int i, data_used;
6928
6929		data_used = header_len;
6930
6931		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6932			struct ctl_page_index *page_index;
6933
6934			page_index = &lun->mode_pages.index[i];
6935
6936			/* Look for the right page code */
6937			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6938				continue;
6939
6940			/* Look for the right subpage or the subpage wildcard*/
6941			if ((page_index->subpage != subpage)
6942			 && (subpage != SMS_SUBPAGE_ALL))
6943				continue;
6944
6945			/* Make sure the page is supported for this dev type */
6946			if ((control_dev != 0)
6947			 && (page_index->page_flags &
6948			     CTL_PAGE_FLAG_DISK_ONLY))
6949				continue;
6950
6951			/*
6952			 * Call the handler, if it exists, to update the
6953			 * page to the latest values.
6954			 */
6955			if (page_index->sense_handler != NULL)
6956				page_index->sense_handler(ctsio, page_index,pc);
6957
6958			memcpy(ctsio->kern_data_ptr + data_used,
6959			       page_index->page_data +
6960			       (page_index->page_len * pc),
6961			       page_index->page_len);
6962			data_used += page_index->page_len;
6963		}
6964		break;
6965	}
6966	}
6967
6968	ctsio->scsi_status = SCSI_STATUS_OK;
6969
6970	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6971	ctsio->be_move_done = ctl_config_move_done;
6972	ctl_datamove((union ctl_io *)ctsio);
6973
6974	return (CTL_RETVAL_COMPLETE);
6975}
6976
6977int
6978ctl_log_sense(struct ctl_scsiio *ctsio)
6979{
6980	struct ctl_lun *lun;
6981	int i, pc, page_code, subpage;
6982	int alloc_len, total_len;
6983	struct ctl_page_index *page_index;
6984	struct scsi_log_sense *cdb;
6985	struct scsi_log_header *header;
6986
6987	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6988
6989	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6990	cdb = (struct scsi_log_sense *)ctsio->cdb;
6991	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6992	page_code = cdb->page & SLS_PAGE_CODE;
6993	subpage = cdb->subpage;
6994	alloc_len = scsi_2btoul(cdb->length);
6995
6996	page_index = NULL;
6997	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6998		page_index = &lun->log_pages.index[i];
6999
7000		/* Look for the right page code */
7001		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
7002			continue;
7003
7004		/* Look for the right subpage or the subpage wildcard*/
7005		if (page_index->subpage != subpage)
7006			continue;
7007
7008		break;
7009	}
7010	if (i >= CTL_NUM_LOG_PAGES) {
7011		ctl_set_invalid_field(ctsio,
7012				      /*sks_valid*/ 1,
7013				      /*command*/ 1,
7014				      /*field*/ 2,
7015				      /*bit_valid*/ 0,
7016				      /*bit*/ 0);
7017		ctl_done((union ctl_io *)ctsio);
7018		return (CTL_RETVAL_COMPLETE);
7019	}
7020
7021	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7022
7023	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7024	ctsio->kern_sg_entries = 0;
7025	ctsio->kern_data_resid = 0;
7026	ctsio->kern_rel_offset = 0;
7027	if (total_len < alloc_len) {
7028		ctsio->residual = alloc_len - total_len;
7029		ctsio->kern_data_len = total_len;
7030		ctsio->kern_total_len = total_len;
7031	} else {
7032		ctsio->residual = 0;
7033		ctsio->kern_data_len = alloc_len;
7034		ctsio->kern_total_len = alloc_len;
7035	}
7036
7037	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7038	header->page = page_index->page_code;
7039	if (page_index->subpage) {
7040		header->page |= SL_SPF;
7041		header->subpage = page_index->subpage;
7042	}
7043	scsi_ulto2b(page_index->page_len, header->datalen);
7044
7045	/*
7046	 * Call the handler, if it exists, to update the
7047	 * page to the latest values.
7048	 */
7049	if (page_index->sense_handler != NULL)
7050		page_index->sense_handler(ctsio, page_index, pc);
7051
7052	memcpy(header + 1, page_index->page_data, page_index->page_len);
7053
7054	ctsio->scsi_status = SCSI_STATUS_OK;
7055	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7056	ctsio->be_move_done = ctl_config_move_done;
7057	ctl_datamove((union ctl_io *)ctsio);
7058
7059	return (CTL_RETVAL_COMPLETE);
7060}
7061
7062int
7063ctl_read_capacity(struct ctl_scsiio *ctsio)
7064{
7065	struct scsi_read_capacity *cdb;
7066	struct scsi_read_capacity_data *data;
7067	struct ctl_lun *lun;
7068	uint32_t lba;
7069
7070	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7071
7072	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7073
7074	lba = scsi_4btoul(cdb->addr);
7075	if (((cdb->pmi & SRC_PMI) == 0)
7076	 && (lba != 0)) {
7077		ctl_set_invalid_field(/*ctsio*/ ctsio,
7078				      /*sks_valid*/ 1,
7079				      /*command*/ 1,
7080				      /*field*/ 2,
7081				      /*bit_valid*/ 0,
7082				      /*bit*/ 0);
7083		ctl_done((union ctl_io *)ctsio);
7084		return (CTL_RETVAL_COMPLETE);
7085	}
7086
7087	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7088
7089	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7090	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7091	ctsio->residual = 0;
7092	ctsio->kern_data_len = sizeof(*data);
7093	ctsio->kern_total_len = sizeof(*data);
7094	ctsio->kern_data_resid = 0;
7095	ctsio->kern_rel_offset = 0;
7096	ctsio->kern_sg_entries = 0;
7097
7098	/*
7099	 * If the maximum LBA is greater than 0xfffffffe, the user must
7100	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7101	 * serivce action set.
7102	 */
7103	if (lun->be_lun->maxlba > 0xfffffffe)
7104		scsi_ulto4b(0xffffffff, data->addr);
7105	else
7106		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7107
7108	/*
7109	 * XXX KDM this may not be 512 bytes...
7110	 */
7111	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7112
7113	ctsio->scsi_status = SCSI_STATUS_OK;
7114
7115	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7116	ctsio->be_move_done = ctl_config_move_done;
7117	ctl_datamove((union ctl_io *)ctsio);
7118
7119	return (CTL_RETVAL_COMPLETE);
7120}
7121
7122int
7123ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7124{
7125	struct scsi_read_capacity_16 *cdb;
7126	struct scsi_read_capacity_data_long *data;
7127	struct ctl_lun *lun;
7128	uint64_t lba;
7129	uint32_t alloc_len;
7130
7131	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7132
7133	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7134
7135	alloc_len = scsi_4btoul(cdb->alloc_len);
7136	lba = scsi_8btou64(cdb->addr);
7137
7138	if ((cdb->reladr & SRC16_PMI)
7139	 && (lba != 0)) {
7140		ctl_set_invalid_field(/*ctsio*/ ctsio,
7141				      /*sks_valid*/ 1,
7142				      /*command*/ 1,
7143				      /*field*/ 2,
7144				      /*bit_valid*/ 0,
7145				      /*bit*/ 0);
7146		ctl_done((union ctl_io *)ctsio);
7147		return (CTL_RETVAL_COMPLETE);
7148	}
7149
7150	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7151
7152	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7153	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7154
7155	if (sizeof(*data) < alloc_len) {
7156		ctsio->residual = alloc_len - sizeof(*data);
7157		ctsio->kern_data_len = sizeof(*data);
7158		ctsio->kern_total_len = sizeof(*data);
7159	} else {
7160		ctsio->residual = 0;
7161		ctsio->kern_data_len = alloc_len;
7162		ctsio->kern_total_len = alloc_len;
7163	}
7164	ctsio->kern_data_resid = 0;
7165	ctsio->kern_rel_offset = 0;
7166	ctsio->kern_sg_entries = 0;
7167
7168	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7169	/* XXX KDM this may not be 512 bytes... */
7170	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7171	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7172	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7173	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7174		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7175
7176	ctsio->scsi_status = SCSI_STATUS_OK;
7177
7178	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7179	ctsio->be_move_done = ctl_config_move_done;
7180	ctl_datamove((union ctl_io *)ctsio);
7181
7182	return (CTL_RETVAL_COMPLETE);
7183}
7184
7185int
7186ctl_read_defect(struct ctl_scsiio *ctsio)
7187{
7188	struct scsi_read_defect_data_10 *ccb10;
7189	struct scsi_read_defect_data_12 *ccb12;
7190	struct scsi_read_defect_data_hdr_10 *data10;
7191	struct scsi_read_defect_data_hdr_12 *data12;
7192	struct ctl_lun *lun;
7193	uint32_t alloc_len, data_len;
7194	uint8_t format;
7195
7196	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7197
7198	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7199	if (lun->flags & CTL_LUN_PR_RESERVED) {
7200		uint32_t residx;
7201
7202		/*
7203		 * XXX KDM need a lock here.
7204		 */
7205		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
7206		if ((lun->res_type == SPR_TYPE_EX_AC
7207		  && residx != lun->pr_res_idx)
7208		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
7209		   || lun->res_type == SPR_TYPE_EX_AC_AR)
7210		  && lun->pr_keys[residx] == 0)) {
7211			ctl_set_reservation_conflict(ctsio);
7212			ctl_done((union ctl_io *)ctsio);
7213			return (CTL_RETVAL_COMPLETE);
7214	        }
7215	}
7216
7217	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7218		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7219		format = ccb10->format;
7220		alloc_len = scsi_2btoul(ccb10->alloc_length);
7221		data_len = sizeof(*data10);
7222	} else {
7223		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7224		format = ccb12->format;
7225		alloc_len = scsi_4btoul(ccb12->alloc_length);
7226		data_len = sizeof(*data12);
7227	}
7228	if (alloc_len == 0) {
7229		ctl_set_success(ctsio);
7230		ctl_done((union ctl_io *)ctsio);
7231		return (CTL_RETVAL_COMPLETE);
7232	}
7233
7234	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7235	if (data_len < alloc_len) {
7236		ctsio->residual = alloc_len - data_len;
7237		ctsio->kern_data_len = data_len;
7238		ctsio->kern_total_len = data_len;
7239	} else {
7240		ctsio->residual = 0;
7241		ctsio->kern_data_len = alloc_len;
7242		ctsio->kern_total_len = alloc_len;
7243	}
7244	ctsio->kern_data_resid = 0;
7245	ctsio->kern_rel_offset = 0;
7246	ctsio->kern_sg_entries = 0;
7247
7248	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7249		data10 = (struct scsi_read_defect_data_hdr_10 *)
7250		    ctsio->kern_data_ptr;
7251		data10->format = format;
7252		scsi_ulto2b(0, data10->length);
7253	} else {
7254		data12 = (struct scsi_read_defect_data_hdr_12 *)
7255		    ctsio->kern_data_ptr;
7256		data12->format = format;
7257		scsi_ulto2b(0, data12->generation);
7258		scsi_ulto4b(0, data12->length);
7259	}
7260
7261	ctsio->scsi_status = SCSI_STATUS_OK;
7262	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7263	ctsio->be_move_done = ctl_config_move_done;
7264	ctl_datamove((union ctl_io *)ctsio);
7265	return (CTL_RETVAL_COMPLETE);
7266}
7267
7268int
7269ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7270{
7271	struct scsi_maintenance_in *cdb;
7272	int retval;
7273	int alloc_len, ext, total_len = 0, g, p, pc, pg;
7274	int num_target_port_groups, num_target_ports, single;
7275	struct ctl_lun *lun;
7276	struct ctl_softc *softc;
7277	struct ctl_port *port;
7278	struct scsi_target_group_data *rtg_ptr;
7279	struct scsi_target_group_data_extended *rtg_ext_ptr;
7280	struct scsi_target_port_group_descriptor *tpg_desc;
7281
7282	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7283
7284	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7285	softc = control_softc;
7286	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7287
7288	retval = CTL_RETVAL_COMPLETE;
7289
7290	switch (cdb->byte2 & STG_PDF_MASK) {
7291	case STG_PDF_LENGTH:
7292		ext = 0;
7293		break;
7294	case STG_PDF_EXTENDED:
7295		ext = 1;
7296		break;
7297	default:
7298		ctl_set_invalid_field(/*ctsio*/ ctsio,
7299				      /*sks_valid*/ 1,
7300				      /*command*/ 1,
7301				      /*field*/ 2,
7302				      /*bit_valid*/ 1,
7303				      /*bit*/ 5);
7304		ctl_done((union ctl_io *)ctsio);
7305		return(retval);
7306	}
7307
7308	single = ctl_is_single;
7309	if (single)
7310		num_target_port_groups = 1;
7311	else
7312		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7313	num_target_ports = 0;
7314	mtx_lock(&softc->ctl_lock);
7315	STAILQ_FOREACH(port, &softc->port_list, links) {
7316		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7317			continue;
7318		if (ctl_map_lun_back(port->targ_port, lun->lun) >= CTL_MAX_LUNS)
7319			continue;
7320		num_target_ports++;
7321	}
7322	mtx_unlock(&softc->ctl_lock);
7323
7324	if (ext)
7325		total_len = sizeof(struct scsi_target_group_data_extended);
7326	else
7327		total_len = sizeof(struct scsi_target_group_data);
7328	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7329		num_target_port_groups +
7330	    sizeof(struct scsi_target_port_descriptor) *
7331		num_target_ports * num_target_port_groups;
7332
7333	alloc_len = scsi_4btoul(cdb->length);
7334
7335	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7336
7337	ctsio->kern_sg_entries = 0;
7338
7339	if (total_len < alloc_len) {
7340		ctsio->residual = alloc_len - total_len;
7341		ctsio->kern_data_len = total_len;
7342		ctsio->kern_total_len = total_len;
7343	} else {
7344		ctsio->residual = 0;
7345		ctsio->kern_data_len = alloc_len;
7346		ctsio->kern_total_len = alloc_len;
7347	}
7348	ctsio->kern_data_resid = 0;
7349	ctsio->kern_rel_offset = 0;
7350
7351	if (ext) {
7352		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7353		    ctsio->kern_data_ptr;
7354		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7355		rtg_ext_ptr->format_type = 0x10;
7356		rtg_ext_ptr->implicit_transition_time = 0;
7357		tpg_desc = &rtg_ext_ptr->groups[0];
7358	} else {
7359		rtg_ptr = (struct scsi_target_group_data *)
7360		    ctsio->kern_data_ptr;
7361		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7362		tpg_desc = &rtg_ptr->groups[0];
7363	}
7364
7365	pg = ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS;
7366	mtx_lock(&softc->ctl_lock);
7367	for (g = 0; g < num_target_port_groups; g++) {
7368		if (g == pg)
7369			tpg_desc->pref_state = TPG_PRIMARY |
7370			    TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7371		else
7372			tpg_desc->pref_state =
7373			    TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7374		tpg_desc->support = TPG_AO_SUP;
7375		if (!single)
7376			tpg_desc->support |= TPG_AN_SUP;
7377		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7378		tpg_desc->status = TPG_IMPLICIT;
7379		pc = 0;
7380		STAILQ_FOREACH(port, &softc->port_list, links) {
7381			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7382				continue;
7383			if (ctl_map_lun_back(port->targ_port, lun->lun) >=
7384			    CTL_MAX_LUNS)
7385				continue;
7386			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
7387			scsi_ulto2b(p, tpg_desc->descriptors[pc].
7388			    relative_target_port_identifier);
7389			pc++;
7390		}
7391		tpg_desc->target_port_count = pc;
7392		tpg_desc = (struct scsi_target_port_group_descriptor *)
7393		    &tpg_desc->descriptors[pc];
7394	}
7395	mtx_unlock(&softc->ctl_lock);
7396
7397	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7398	ctsio->be_move_done = ctl_config_move_done;
7399
7400	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7401			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7402			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7403			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7404			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7405
7406	ctl_datamove((union ctl_io *)ctsio);
7407	return(retval);
7408}
7409
7410int
7411ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7412{
7413	struct ctl_lun *lun;
7414	struct scsi_report_supported_opcodes *cdb;
7415	const struct ctl_cmd_entry *entry, *sentry;
7416	struct scsi_report_supported_opcodes_all *all;
7417	struct scsi_report_supported_opcodes_descr *descr;
7418	struct scsi_report_supported_opcodes_one *one;
7419	int retval;
7420	int alloc_len, total_len;
7421	int opcode, service_action, i, j, num;
7422
7423	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7424
7425	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7426	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7427
7428	retval = CTL_RETVAL_COMPLETE;
7429
7430	opcode = cdb->requested_opcode;
7431	service_action = scsi_2btoul(cdb->requested_service_action);
7432	switch (cdb->options & RSO_OPTIONS_MASK) {
7433	case RSO_OPTIONS_ALL:
7434		num = 0;
7435		for (i = 0; i < 256; i++) {
7436			entry = &ctl_cmd_table[i];
7437			if (entry->flags & CTL_CMD_FLAG_SA5) {
7438				for (j = 0; j < 32; j++) {
7439					sentry = &((const struct ctl_cmd_entry *)
7440					    entry->execute)[j];
7441					if (ctl_cmd_applicable(
7442					    lun->be_lun->lun_type, sentry))
7443						num++;
7444				}
7445			} else {
7446				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7447				    entry))
7448					num++;
7449			}
7450		}
7451		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7452		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7453		break;
7454	case RSO_OPTIONS_OC:
7455		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7456			ctl_set_invalid_field(/*ctsio*/ ctsio,
7457					      /*sks_valid*/ 1,
7458					      /*command*/ 1,
7459					      /*field*/ 2,
7460					      /*bit_valid*/ 1,
7461					      /*bit*/ 2);
7462			ctl_done((union ctl_io *)ctsio);
7463			return (CTL_RETVAL_COMPLETE);
7464		}
7465		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7466		break;
7467	case RSO_OPTIONS_OC_SA:
7468		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7469		    service_action >= 32) {
7470			ctl_set_invalid_field(/*ctsio*/ ctsio,
7471					      /*sks_valid*/ 1,
7472					      /*command*/ 1,
7473					      /*field*/ 2,
7474					      /*bit_valid*/ 1,
7475					      /*bit*/ 2);
7476			ctl_done((union ctl_io *)ctsio);
7477			return (CTL_RETVAL_COMPLETE);
7478		}
7479		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7480		break;
7481	default:
7482		ctl_set_invalid_field(/*ctsio*/ ctsio,
7483				      /*sks_valid*/ 1,
7484				      /*command*/ 1,
7485				      /*field*/ 2,
7486				      /*bit_valid*/ 1,
7487				      /*bit*/ 2);
7488		ctl_done((union ctl_io *)ctsio);
7489		return (CTL_RETVAL_COMPLETE);
7490	}
7491
7492	alloc_len = scsi_4btoul(cdb->length);
7493
7494	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7495
7496	ctsio->kern_sg_entries = 0;
7497
7498	if (total_len < alloc_len) {
7499		ctsio->residual = alloc_len - total_len;
7500		ctsio->kern_data_len = total_len;
7501		ctsio->kern_total_len = total_len;
7502	} else {
7503		ctsio->residual = 0;
7504		ctsio->kern_data_len = alloc_len;
7505		ctsio->kern_total_len = alloc_len;
7506	}
7507	ctsio->kern_data_resid = 0;
7508	ctsio->kern_rel_offset = 0;
7509
7510	switch (cdb->options & RSO_OPTIONS_MASK) {
7511	case RSO_OPTIONS_ALL:
7512		all = (struct scsi_report_supported_opcodes_all *)
7513		    ctsio->kern_data_ptr;
7514		num = 0;
7515		for (i = 0; i < 256; i++) {
7516			entry = &ctl_cmd_table[i];
7517			if (entry->flags & CTL_CMD_FLAG_SA5) {
7518				for (j = 0; j < 32; j++) {
7519					sentry = &((const struct ctl_cmd_entry *)
7520					    entry->execute)[j];
7521					if (!ctl_cmd_applicable(
7522					    lun->be_lun->lun_type, sentry))
7523						continue;
7524					descr = &all->descr[num++];
7525					descr->opcode = i;
7526					scsi_ulto2b(j, descr->service_action);
7527					descr->flags = RSO_SERVACTV;
7528					scsi_ulto2b(sentry->length,
7529					    descr->cdb_length);
7530				}
7531			} else {
7532				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7533				    entry))
7534					continue;
7535				descr = &all->descr[num++];
7536				descr->opcode = i;
7537				scsi_ulto2b(0, descr->service_action);
7538				descr->flags = 0;
7539				scsi_ulto2b(entry->length, descr->cdb_length);
7540			}
7541		}
7542		scsi_ulto4b(
7543		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7544		    all->length);
7545		break;
7546	case RSO_OPTIONS_OC:
7547		one = (struct scsi_report_supported_opcodes_one *)
7548		    ctsio->kern_data_ptr;
7549		entry = &ctl_cmd_table[opcode];
7550		goto fill_one;
7551	case RSO_OPTIONS_OC_SA:
7552		one = (struct scsi_report_supported_opcodes_one *)
7553		    ctsio->kern_data_ptr;
7554		entry = &ctl_cmd_table[opcode];
7555		entry = &((const struct ctl_cmd_entry *)
7556		    entry->execute)[service_action];
7557fill_one:
7558		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7559			one->support = 3;
7560			scsi_ulto2b(entry->length, one->cdb_length);
7561			one->cdb_usage[0] = opcode;
7562			memcpy(&one->cdb_usage[1], entry->usage,
7563			    entry->length - 1);
7564		} else
7565			one->support = 1;
7566		break;
7567	}
7568
7569	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7570	ctsio->be_move_done = ctl_config_move_done;
7571
7572	ctl_datamove((union ctl_io *)ctsio);
7573	return(retval);
7574}
7575
7576int
7577ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7578{
7579	struct ctl_lun *lun;
7580	struct scsi_report_supported_tmf *cdb;
7581	struct scsi_report_supported_tmf_data *data;
7582	int retval;
7583	int alloc_len, total_len;
7584
7585	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7586
7587	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7588	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7589
7590	retval = CTL_RETVAL_COMPLETE;
7591
7592	total_len = sizeof(struct scsi_report_supported_tmf_data);
7593	alloc_len = scsi_4btoul(cdb->length);
7594
7595	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7596
7597	ctsio->kern_sg_entries = 0;
7598
7599	if (total_len < alloc_len) {
7600		ctsio->residual = alloc_len - total_len;
7601		ctsio->kern_data_len = total_len;
7602		ctsio->kern_total_len = total_len;
7603	} else {
7604		ctsio->residual = 0;
7605		ctsio->kern_data_len = alloc_len;
7606		ctsio->kern_total_len = alloc_len;
7607	}
7608	ctsio->kern_data_resid = 0;
7609	ctsio->kern_rel_offset = 0;
7610
7611	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7612	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7613	data->byte2 |= RST_ITNRS;
7614
7615	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7616	ctsio->be_move_done = ctl_config_move_done;
7617
7618	ctl_datamove((union ctl_io *)ctsio);
7619	return (retval);
7620}
7621
7622int
7623ctl_report_timestamp(struct ctl_scsiio *ctsio)
7624{
7625	struct ctl_lun *lun;
7626	struct scsi_report_timestamp *cdb;
7627	struct scsi_report_timestamp_data *data;
7628	struct timeval tv;
7629	int64_t timestamp;
7630	int retval;
7631	int alloc_len, total_len;
7632
7633	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7634
7635	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7636	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7637
7638	retval = CTL_RETVAL_COMPLETE;
7639
7640	total_len = sizeof(struct scsi_report_timestamp_data);
7641	alloc_len = scsi_4btoul(cdb->length);
7642
7643	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7644
7645	ctsio->kern_sg_entries = 0;
7646
7647	if (total_len < alloc_len) {
7648		ctsio->residual = alloc_len - total_len;
7649		ctsio->kern_data_len = total_len;
7650		ctsio->kern_total_len = total_len;
7651	} else {
7652		ctsio->residual = 0;
7653		ctsio->kern_data_len = alloc_len;
7654		ctsio->kern_total_len = alloc_len;
7655	}
7656	ctsio->kern_data_resid = 0;
7657	ctsio->kern_rel_offset = 0;
7658
7659	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7660	scsi_ulto2b(sizeof(*data) - 2, data->length);
7661	data->origin = RTS_ORIG_OUTSIDE;
7662	getmicrotime(&tv);
7663	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7664	scsi_ulto4b(timestamp >> 16, data->timestamp);
7665	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7666
7667	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7668	ctsio->be_move_done = ctl_config_move_done;
7669
7670	ctl_datamove((union ctl_io *)ctsio);
7671	return (retval);
7672}
7673
7674int
7675ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7676{
7677	struct scsi_per_res_in *cdb;
7678	int alloc_len, total_len = 0;
7679	/* struct scsi_per_res_in_rsrv in_data; */
7680	struct ctl_lun *lun;
7681	struct ctl_softc *softc;
7682
7683	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7684
7685	softc = control_softc;
7686
7687	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7688
7689	alloc_len = scsi_2btoul(cdb->length);
7690
7691	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7692
7693retry:
7694	mtx_lock(&lun->lun_lock);
7695	switch (cdb->action) {
7696	case SPRI_RK: /* read keys */
7697		total_len = sizeof(struct scsi_per_res_in_keys) +
7698			lun->pr_key_count *
7699			sizeof(struct scsi_per_res_key);
7700		break;
7701	case SPRI_RR: /* read reservation */
7702		if (lun->flags & CTL_LUN_PR_RESERVED)
7703			total_len = sizeof(struct scsi_per_res_in_rsrv);
7704		else
7705			total_len = sizeof(struct scsi_per_res_in_header);
7706		break;
7707	case SPRI_RC: /* report capabilities */
7708		total_len = sizeof(struct scsi_per_res_cap);
7709		break;
7710	case SPRI_RS: /* read full status */
7711		total_len = sizeof(struct scsi_per_res_in_header) +
7712		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7713		    lun->pr_key_count;
7714		break;
7715	default:
7716		panic("Invalid PR type %x", cdb->action);
7717	}
7718	mtx_unlock(&lun->lun_lock);
7719
7720	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7721
7722	if (total_len < alloc_len) {
7723		ctsio->residual = alloc_len - total_len;
7724		ctsio->kern_data_len = total_len;
7725		ctsio->kern_total_len = total_len;
7726	} else {
7727		ctsio->residual = 0;
7728		ctsio->kern_data_len = alloc_len;
7729		ctsio->kern_total_len = alloc_len;
7730	}
7731
7732	ctsio->kern_data_resid = 0;
7733	ctsio->kern_rel_offset = 0;
7734	ctsio->kern_sg_entries = 0;
7735
7736	mtx_lock(&lun->lun_lock);
7737	switch (cdb->action) {
7738	case SPRI_RK: { // read keys
7739        struct scsi_per_res_in_keys *res_keys;
7740		int i, key_count;
7741
7742		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7743
7744		/*
7745		 * We had to drop the lock to allocate our buffer, which
7746		 * leaves time for someone to come in with another
7747		 * persistent reservation.  (That is unlikely, though,
7748		 * since this should be the only persistent reservation
7749		 * command active right now.)
7750		 */
7751		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7752		    (lun->pr_key_count *
7753		     sizeof(struct scsi_per_res_key)))){
7754			mtx_unlock(&lun->lun_lock);
7755			free(ctsio->kern_data_ptr, M_CTL);
7756			printf("%s: reservation length changed, retrying\n",
7757			       __func__);
7758			goto retry;
7759		}
7760
7761		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7762
7763		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7764			     lun->pr_key_count, res_keys->header.length);
7765
7766		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7767			if (lun->pr_keys[i] == 0)
7768				continue;
7769
7770			/*
7771			 * We used lun->pr_key_count to calculate the
7772			 * size to allocate.  If it turns out the number of
7773			 * initiators with the registered flag set is
7774			 * larger than that (i.e. they haven't been kept in
7775			 * sync), we've got a problem.
7776			 */
7777			if (key_count >= lun->pr_key_count) {
7778#ifdef NEEDTOPORT
7779				csevent_log(CSC_CTL | CSC_SHELF_SW |
7780					    CTL_PR_ERROR,
7781					    csevent_LogType_Fault,
7782					    csevent_AlertLevel_Yellow,
7783					    csevent_FRU_ShelfController,
7784					    csevent_FRU_Firmware,
7785				        csevent_FRU_Unknown,
7786					    "registered keys %d >= key "
7787					    "count %d", key_count,
7788					    lun->pr_key_count);
7789#endif
7790				key_count++;
7791				continue;
7792			}
7793			scsi_u64to8b(lun->pr_keys[i],
7794			    res_keys->keys[key_count].key);
7795			key_count++;
7796		}
7797		break;
7798	}
7799	case SPRI_RR: { // read reservation
7800		struct scsi_per_res_in_rsrv *res;
7801		int tmp_len, header_only;
7802
7803		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7804
7805		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7806
7807		if (lun->flags & CTL_LUN_PR_RESERVED)
7808		{
7809			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7810			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7811				    res->header.length);
7812			header_only = 0;
7813		} else {
7814			tmp_len = sizeof(struct scsi_per_res_in_header);
7815			scsi_ulto4b(0, res->header.length);
7816			header_only = 1;
7817		}
7818
7819		/*
7820		 * We had to drop the lock to allocate our buffer, which
7821		 * leaves time for someone to come in with another
7822		 * persistent reservation.  (That is unlikely, though,
7823		 * since this should be the only persistent reservation
7824		 * command active right now.)
7825		 */
7826		if (tmp_len != total_len) {
7827			mtx_unlock(&lun->lun_lock);
7828			free(ctsio->kern_data_ptr, M_CTL);
7829			printf("%s: reservation status changed, retrying\n",
7830			       __func__);
7831			goto retry;
7832		}
7833
7834		/*
7835		 * No reservation held, so we're done.
7836		 */
7837		if (header_only != 0)
7838			break;
7839
7840		/*
7841		 * If the registration is an All Registrants type, the key
7842		 * is 0, since it doesn't really matter.
7843		 */
7844		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7845			scsi_u64to8b(lun->pr_keys[lun->pr_res_idx],
7846			    res->data.reservation);
7847		}
7848		res->data.scopetype = lun->res_type;
7849		break;
7850	}
7851	case SPRI_RC:     //report capabilities
7852	{
7853		struct scsi_per_res_cap *res_cap;
7854		uint16_t type_mask;
7855
7856		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7857		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7858		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7859		type_mask = SPRI_TM_WR_EX_AR |
7860			    SPRI_TM_EX_AC_RO |
7861			    SPRI_TM_WR_EX_RO |
7862			    SPRI_TM_EX_AC |
7863			    SPRI_TM_WR_EX |
7864			    SPRI_TM_EX_AC_AR;
7865		scsi_ulto2b(type_mask, res_cap->type_mask);
7866		break;
7867	}
7868	case SPRI_RS: { // read full status
7869		struct scsi_per_res_in_full *res_status;
7870		struct scsi_per_res_in_full_desc *res_desc;
7871		struct ctl_port *port;
7872		int i, len;
7873
7874		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7875
7876		/*
7877		 * We had to drop the lock to allocate our buffer, which
7878		 * leaves time for someone to come in with another
7879		 * persistent reservation.  (That is unlikely, though,
7880		 * since this should be the only persistent reservation
7881		 * command active right now.)
7882		 */
7883		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7884		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7885		     lun->pr_key_count)){
7886			mtx_unlock(&lun->lun_lock);
7887			free(ctsio->kern_data_ptr, M_CTL);
7888			printf("%s: reservation length changed, retrying\n",
7889			       __func__);
7890			goto retry;
7891		}
7892
7893		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7894
7895		res_desc = &res_status->desc[0];
7896		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7897			if (lun->pr_keys[i] == 0)
7898				continue;
7899
7900			scsi_u64to8b(lun->pr_keys[i], res_desc->res_key.key);
7901			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7902			    (lun->pr_res_idx == i ||
7903			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7904				res_desc->flags = SPRI_FULL_R_HOLDER;
7905				res_desc->scopetype = lun->res_type;
7906			}
7907			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7908			    res_desc->rel_trgt_port_id);
7909			len = 0;
7910			port = softc->ctl_ports[
7911			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
7912			if (port != NULL)
7913				len = ctl_create_iid(port,
7914				    i % CTL_MAX_INIT_PER_PORT,
7915				    res_desc->transport_id);
7916			scsi_ulto4b(len, res_desc->additional_length);
7917			res_desc = (struct scsi_per_res_in_full_desc *)
7918			    &res_desc->transport_id[len];
7919		}
7920		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7921		    res_status->header.length);
7922		break;
7923	}
7924	default:
7925		/*
7926		 * This is a bug, because we just checked for this above,
7927		 * and should have returned an error.
7928		 */
7929		panic("Invalid PR type %x", cdb->action);
7930		break; /* NOTREACHED */
7931	}
7932	mtx_unlock(&lun->lun_lock);
7933
7934	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7935	ctsio->be_move_done = ctl_config_move_done;
7936
7937	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7938			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7939			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7940			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7941			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7942
7943	ctl_datamove((union ctl_io *)ctsio);
7944
7945	return (CTL_RETVAL_COMPLETE);
7946}
7947
7948/*
7949 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7950 * it should return.
7951 */
7952static int
7953ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7954		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7955		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7956		struct scsi_per_res_out_parms* param)
7957{
7958	union ctl_ha_msg persis_io;
7959	int retval, i;
7960	int isc_retval;
7961
7962	retval = 0;
7963
7964	mtx_lock(&lun->lun_lock);
7965	if (sa_res_key == 0) {
7966		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7967			/* validate scope and type */
7968			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7969			     SPR_LU_SCOPE) {
7970				mtx_unlock(&lun->lun_lock);
7971				ctl_set_invalid_field(/*ctsio*/ ctsio,
7972						      /*sks_valid*/ 1,
7973						      /*command*/ 1,
7974						      /*field*/ 2,
7975						      /*bit_valid*/ 1,
7976						      /*bit*/ 4);
7977				ctl_done((union ctl_io *)ctsio);
7978				return (1);
7979			}
7980
7981		        if (type>8 || type==2 || type==4 || type==0) {
7982				mtx_unlock(&lun->lun_lock);
7983				ctl_set_invalid_field(/*ctsio*/ ctsio,
7984       	           				      /*sks_valid*/ 1,
7985						      /*command*/ 1,
7986						      /*field*/ 2,
7987						      /*bit_valid*/ 1,
7988						      /*bit*/ 0);
7989				ctl_done((union ctl_io *)ctsio);
7990				return (1);
7991		        }
7992
7993			/*
7994			 * Unregister everybody else and build UA for
7995			 * them
7996			 */
7997			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7998				if (i == residx || lun->pr_keys[i] == 0)
7999					continue;
8000
8001				if (!persis_offset
8002				 && i <CTL_MAX_INITIATORS)
8003					lun->pending_ua[i] |=
8004						CTL_UA_REG_PREEMPT;
8005				else if (persis_offset
8006				      && i >= persis_offset)
8007					lun->pending_ua[i-persis_offset] |=
8008						CTL_UA_REG_PREEMPT;
8009				lun->pr_keys[i] = 0;
8010			}
8011			lun->pr_key_count = 1;
8012			lun->res_type = type;
8013			if (lun->res_type != SPR_TYPE_WR_EX_AR
8014			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8015				lun->pr_res_idx = residx;
8016
8017			/* send msg to other side */
8018			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8019			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8020			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8021			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8022			persis_io.pr.pr_info.res_type = type;
8023			memcpy(persis_io.pr.pr_info.sa_res_key,
8024			       param->serv_act_res_key,
8025			       sizeof(param->serv_act_res_key));
8026			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8027			     &persis_io, sizeof(persis_io), 0)) >
8028			     CTL_HA_STATUS_SUCCESS) {
8029				printf("CTL:Persis Out error returned "
8030				       "from ctl_ha_msg_send %d\n",
8031				       isc_retval);
8032			}
8033		} else {
8034			/* not all registrants */
8035			mtx_unlock(&lun->lun_lock);
8036			free(ctsio->kern_data_ptr, M_CTL);
8037			ctl_set_invalid_field(ctsio,
8038					      /*sks_valid*/ 1,
8039					      /*command*/ 0,
8040					      /*field*/ 8,
8041					      /*bit_valid*/ 0,
8042					      /*bit*/ 0);
8043			ctl_done((union ctl_io *)ctsio);
8044			return (1);
8045		}
8046	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8047		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8048		int found = 0;
8049
8050		if (res_key == sa_res_key) {
8051			/* special case */
8052			/*
8053			 * The spec implies this is not good but doesn't
8054			 * say what to do. There are two choices either
8055			 * generate a res conflict or check condition
8056			 * with illegal field in parameter data. Since
8057			 * that is what is done when the sa_res_key is
8058			 * zero I'll take that approach since this has
8059			 * to do with the sa_res_key.
8060			 */
8061			mtx_unlock(&lun->lun_lock);
8062			free(ctsio->kern_data_ptr, M_CTL);
8063			ctl_set_invalid_field(ctsio,
8064					      /*sks_valid*/ 1,
8065					      /*command*/ 0,
8066					      /*field*/ 8,
8067					      /*bit_valid*/ 0,
8068					      /*bit*/ 0);
8069			ctl_done((union ctl_io *)ctsio);
8070			return (1);
8071		}
8072
8073		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8074			if (lun->pr_keys[i] != sa_res_key)
8075				continue;
8076
8077			found = 1;
8078			lun->pr_keys[i] = 0;
8079			lun->pr_key_count--;
8080
8081			if (!persis_offset && i < CTL_MAX_INITIATORS)
8082				lun->pending_ua[i] |= CTL_UA_REG_PREEMPT;
8083			else if (persis_offset && i >= persis_offset)
8084				lun->pending_ua[i-persis_offset] |=
8085					CTL_UA_REG_PREEMPT;
8086		}
8087		if (!found) {
8088			mtx_unlock(&lun->lun_lock);
8089			free(ctsio->kern_data_ptr, M_CTL);
8090			ctl_set_reservation_conflict(ctsio);
8091			ctl_done((union ctl_io *)ctsio);
8092			return (CTL_RETVAL_COMPLETE);
8093		}
8094		/* send msg to other side */
8095		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8096		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8097		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8098		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8099		persis_io.pr.pr_info.res_type = type;
8100		memcpy(persis_io.pr.pr_info.sa_res_key,
8101		       param->serv_act_res_key,
8102		       sizeof(param->serv_act_res_key));
8103		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8104		     &persis_io, sizeof(persis_io), 0)) >
8105		     CTL_HA_STATUS_SUCCESS) {
8106			printf("CTL:Persis Out error returned from "
8107			       "ctl_ha_msg_send %d\n", isc_retval);
8108		}
8109	} else {
8110		/* Reserved but not all registrants */
8111		/* sa_res_key is res holder */
8112		if (sa_res_key == lun->pr_keys[lun->pr_res_idx]) {
8113			/* validate scope and type */
8114			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8115			     SPR_LU_SCOPE) {
8116				mtx_unlock(&lun->lun_lock);
8117				ctl_set_invalid_field(/*ctsio*/ ctsio,
8118						      /*sks_valid*/ 1,
8119						      /*command*/ 1,
8120						      /*field*/ 2,
8121						      /*bit_valid*/ 1,
8122						      /*bit*/ 4);
8123				ctl_done((union ctl_io *)ctsio);
8124				return (1);
8125			}
8126
8127			if (type>8 || type==2 || type==4 || type==0) {
8128				mtx_unlock(&lun->lun_lock);
8129				ctl_set_invalid_field(/*ctsio*/ ctsio,
8130						      /*sks_valid*/ 1,
8131						      /*command*/ 1,
8132						      /*field*/ 2,
8133						      /*bit_valid*/ 1,
8134						      /*bit*/ 0);
8135				ctl_done((union ctl_io *)ctsio);
8136				return (1);
8137			}
8138
8139			/*
8140			 * Do the following:
8141			 * if sa_res_key != res_key remove all
8142			 * registrants w/sa_res_key and generate UA
8143			 * for these registrants(Registrations
8144			 * Preempted) if it wasn't an exclusive
8145			 * reservation generate UA(Reservations
8146			 * Preempted) for all other registered nexuses
8147			 * if the type has changed. Establish the new
8148			 * reservation and holder. If res_key and
8149			 * sa_res_key are the same do the above
8150			 * except don't unregister the res holder.
8151			 */
8152
8153			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8154				if (i == residx || lun->pr_keys[i] == 0)
8155					continue;
8156
8157				if (sa_res_key == lun->pr_keys[i]) {
8158					lun->pr_keys[i] = 0;
8159					lun->pr_key_count--;
8160
8161					if (!persis_offset
8162					 && i < CTL_MAX_INITIATORS)
8163						lun->pending_ua[i] |=
8164							CTL_UA_REG_PREEMPT;
8165					else if (persis_offset
8166					      && i >= persis_offset)
8167						lun->pending_ua[i-persis_offset] |=
8168						  CTL_UA_REG_PREEMPT;
8169				} else if (type != lun->res_type
8170					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8171					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8172						if (!persis_offset
8173						 && i < CTL_MAX_INITIATORS)
8174							lun->pending_ua[i] |=
8175							CTL_UA_RES_RELEASE;
8176						else if (persis_offset
8177						      && i >= persis_offset)
8178							lun->pending_ua[
8179							i-persis_offset] |=
8180							CTL_UA_RES_RELEASE;
8181				}
8182			}
8183			lun->res_type = type;
8184			if (lun->res_type != SPR_TYPE_WR_EX_AR
8185			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8186				lun->pr_res_idx = residx;
8187			else
8188				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8189
8190			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8191			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8192			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8193			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8194			persis_io.pr.pr_info.res_type = type;
8195			memcpy(persis_io.pr.pr_info.sa_res_key,
8196			       param->serv_act_res_key,
8197			       sizeof(param->serv_act_res_key));
8198			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8199			     &persis_io, sizeof(persis_io), 0)) >
8200			     CTL_HA_STATUS_SUCCESS) {
8201				printf("CTL:Persis Out error returned "
8202				       "from ctl_ha_msg_send %d\n",
8203				       isc_retval);
8204			}
8205		} else {
8206			/*
8207			 * sa_res_key is not the res holder just
8208			 * remove registrants
8209			 */
8210			int found=0;
8211
8212			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8213				if (sa_res_key != lun->pr_keys[i])
8214					continue;
8215
8216				found = 1;
8217				lun->pr_keys[i] = 0;
8218				lun->pr_key_count--;
8219
8220				if (!persis_offset
8221				 && i < CTL_MAX_INITIATORS)
8222					lun->pending_ua[i] |=
8223						CTL_UA_REG_PREEMPT;
8224				else if (persis_offset
8225				      && i >= persis_offset)
8226					lun->pending_ua[i-persis_offset] |=
8227						CTL_UA_REG_PREEMPT;
8228			}
8229
8230			if (!found) {
8231				mtx_unlock(&lun->lun_lock);
8232				free(ctsio->kern_data_ptr, M_CTL);
8233				ctl_set_reservation_conflict(ctsio);
8234				ctl_done((union ctl_io *)ctsio);
8235		        	return (1);
8236			}
8237			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8238			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8239			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8240			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8241			persis_io.pr.pr_info.res_type = type;
8242			memcpy(persis_io.pr.pr_info.sa_res_key,
8243			       param->serv_act_res_key,
8244			       sizeof(param->serv_act_res_key));
8245			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8246			     &persis_io, sizeof(persis_io), 0)) >
8247			     CTL_HA_STATUS_SUCCESS) {
8248				printf("CTL:Persis Out error returned "
8249				       "from ctl_ha_msg_send %d\n",
8250				isc_retval);
8251			}
8252		}
8253	}
8254
8255	lun->PRGeneration++;
8256	mtx_unlock(&lun->lun_lock);
8257
8258	return (retval);
8259}
8260
8261static void
8262ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8263{
8264	uint64_t sa_res_key;
8265	int i;
8266
8267	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8268
8269	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8270	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8271	 || sa_res_key != lun->pr_keys[lun->pr_res_idx]) {
8272		if (sa_res_key == 0) {
8273			/*
8274			 * Unregister everybody else and build UA for
8275			 * them
8276			 */
8277			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8278				if (i == msg->pr.pr_info.residx ||
8279				    lun->pr_keys[i] == 0)
8280					continue;
8281
8282				if (!persis_offset
8283				 && i < CTL_MAX_INITIATORS)
8284					lun->pending_ua[i] |=
8285						CTL_UA_REG_PREEMPT;
8286				else if (persis_offset && i >= persis_offset)
8287					lun->pending_ua[i - persis_offset] |=
8288						CTL_UA_REG_PREEMPT;
8289				lun->pr_keys[i] = 0;
8290			}
8291
8292			lun->pr_key_count = 1;
8293			lun->res_type = msg->pr.pr_info.res_type;
8294			if (lun->res_type != SPR_TYPE_WR_EX_AR
8295			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8296				lun->pr_res_idx = msg->pr.pr_info.residx;
8297		} else {
8298		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8299				if (sa_res_key == lun->pr_keys[i])
8300					continue;
8301
8302				lun->pr_keys[i] = 0;
8303				lun->pr_key_count--;
8304
8305				if (!persis_offset
8306				 && i < persis_offset)
8307					lun->pending_ua[i] |=
8308						CTL_UA_REG_PREEMPT;
8309				else if (persis_offset
8310				      && i >= persis_offset)
8311					lun->pending_ua[i - persis_offset] |=
8312						CTL_UA_REG_PREEMPT;
8313			}
8314		}
8315	} else {
8316		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8317			if (i == msg->pr.pr_info.residx ||
8318			    lun->pr_keys[i] == 0)
8319				continue;
8320
8321			if (sa_res_key == lun->pr_keys[i]) {
8322				lun->pr_keys[i] = 0;
8323				lun->pr_key_count--;
8324				if (!persis_offset
8325				 && i < CTL_MAX_INITIATORS)
8326					lun->pending_ua[i] |=
8327						CTL_UA_REG_PREEMPT;
8328				else if (persis_offset
8329				      && i >= persis_offset)
8330					lun->pending_ua[i - persis_offset] |=
8331						CTL_UA_REG_PREEMPT;
8332			} else if (msg->pr.pr_info.res_type != lun->res_type
8333				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8334				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8335					if (!persis_offset
8336					 && i < persis_offset)
8337						lun->pending_ua[i] |=
8338							CTL_UA_RES_RELEASE;
8339					else if (persis_offset
8340					      && i >= persis_offset)
8341					lun->pending_ua[i - persis_offset] |=
8342						CTL_UA_RES_RELEASE;
8343			}
8344		}
8345		lun->res_type = msg->pr.pr_info.res_type;
8346		if (lun->res_type != SPR_TYPE_WR_EX_AR
8347		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8348			lun->pr_res_idx = msg->pr.pr_info.residx;
8349		else
8350			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8351	}
8352	lun->PRGeneration++;
8353
8354}
8355
8356
8357int
8358ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8359{
8360	int retval;
8361	int isc_retval;
8362	u_int32_t param_len;
8363	struct scsi_per_res_out *cdb;
8364	struct ctl_lun *lun;
8365	struct scsi_per_res_out_parms* param;
8366	struct ctl_softc *softc;
8367	uint32_t residx;
8368	uint64_t res_key, sa_res_key;
8369	uint8_t type;
8370	union ctl_ha_msg persis_io;
8371	int    i;
8372
8373	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8374
8375	retval = CTL_RETVAL_COMPLETE;
8376
8377	softc = control_softc;
8378
8379	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8380	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8381
8382	/*
8383	 * We only support whole-LUN scope.  The scope & type are ignored for
8384	 * register, register and ignore existing key and clear.
8385	 * We sometimes ignore scope and type on preempts too!!
8386	 * Verify reservation type here as well.
8387	 */
8388	type = cdb->scope_type & SPR_TYPE_MASK;
8389	if ((cdb->action == SPRO_RESERVE)
8390	 || (cdb->action == SPRO_RELEASE)) {
8391		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8392			ctl_set_invalid_field(/*ctsio*/ ctsio,
8393					      /*sks_valid*/ 1,
8394					      /*command*/ 1,
8395					      /*field*/ 2,
8396					      /*bit_valid*/ 1,
8397					      /*bit*/ 4);
8398			ctl_done((union ctl_io *)ctsio);
8399			return (CTL_RETVAL_COMPLETE);
8400		}
8401
8402		if (type>8 || type==2 || type==4 || type==0) {
8403			ctl_set_invalid_field(/*ctsio*/ ctsio,
8404					      /*sks_valid*/ 1,
8405					      /*command*/ 1,
8406					      /*field*/ 2,
8407					      /*bit_valid*/ 1,
8408					      /*bit*/ 0);
8409			ctl_done((union ctl_io *)ctsio);
8410			return (CTL_RETVAL_COMPLETE);
8411		}
8412	}
8413
8414	param_len = scsi_4btoul(cdb->length);
8415
8416	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8417		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8418		ctsio->kern_data_len = param_len;
8419		ctsio->kern_total_len = param_len;
8420		ctsio->kern_data_resid = 0;
8421		ctsio->kern_rel_offset = 0;
8422		ctsio->kern_sg_entries = 0;
8423		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8424		ctsio->be_move_done = ctl_config_move_done;
8425		ctl_datamove((union ctl_io *)ctsio);
8426
8427		return (CTL_RETVAL_COMPLETE);
8428	}
8429
8430	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8431
8432	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8433	res_key = scsi_8btou64(param->res_key.key);
8434	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8435
8436	/*
8437	 * Validate the reservation key here except for SPRO_REG_IGNO
8438	 * This must be done for all other service actions
8439	 */
8440	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8441		mtx_lock(&lun->lun_lock);
8442		if (lun->pr_keys[residx] != 0) {
8443		    if (res_key != lun->pr_keys[residx]) {
8444				/*
8445				 * The current key passed in doesn't match
8446				 * the one the initiator previously
8447				 * registered.
8448				 */
8449				mtx_unlock(&lun->lun_lock);
8450				free(ctsio->kern_data_ptr, M_CTL);
8451				ctl_set_reservation_conflict(ctsio);
8452				ctl_done((union ctl_io *)ctsio);
8453				return (CTL_RETVAL_COMPLETE);
8454			}
8455		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8456			/*
8457			 * We are not registered
8458			 */
8459			mtx_unlock(&lun->lun_lock);
8460			free(ctsio->kern_data_ptr, M_CTL);
8461			ctl_set_reservation_conflict(ctsio);
8462			ctl_done((union ctl_io *)ctsio);
8463			return (CTL_RETVAL_COMPLETE);
8464		} else if (res_key != 0) {
8465			/*
8466			 * We are not registered and trying to register but
8467			 * the register key isn't zero.
8468			 */
8469			mtx_unlock(&lun->lun_lock);
8470			free(ctsio->kern_data_ptr, M_CTL);
8471			ctl_set_reservation_conflict(ctsio);
8472			ctl_done((union ctl_io *)ctsio);
8473			return (CTL_RETVAL_COMPLETE);
8474		}
8475		mtx_unlock(&lun->lun_lock);
8476	}
8477
8478	switch (cdb->action & SPRO_ACTION_MASK) {
8479	case SPRO_REGISTER:
8480	case SPRO_REG_IGNO: {
8481
8482#if 0
8483		printf("Registration received\n");
8484#endif
8485
8486		/*
8487		 * We don't support any of these options, as we report in
8488		 * the read capabilities request (see
8489		 * ctl_persistent_reserve_in(), above).
8490		 */
8491		if ((param->flags & SPR_SPEC_I_PT)
8492		 || (param->flags & SPR_ALL_TG_PT)
8493		 || (param->flags & SPR_APTPL)) {
8494			int bit_ptr;
8495
8496			if (param->flags & SPR_APTPL)
8497				bit_ptr = 0;
8498			else if (param->flags & SPR_ALL_TG_PT)
8499				bit_ptr = 2;
8500			else /* SPR_SPEC_I_PT */
8501				bit_ptr = 3;
8502
8503			free(ctsio->kern_data_ptr, M_CTL);
8504			ctl_set_invalid_field(ctsio,
8505					      /*sks_valid*/ 1,
8506					      /*command*/ 0,
8507					      /*field*/ 20,
8508					      /*bit_valid*/ 1,
8509					      /*bit*/ bit_ptr);
8510			ctl_done((union ctl_io *)ctsio);
8511			return (CTL_RETVAL_COMPLETE);
8512		}
8513
8514		mtx_lock(&lun->lun_lock);
8515
8516		/*
8517		 * The initiator wants to clear the
8518		 * key/unregister.
8519		 */
8520		if (sa_res_key == 0) {
8521			if ((res_key == 0
8522			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8523			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8524			  && lun->pr_keys[residx] == 0)) {
8525				mtx_unlock(&lun->lun_lock);
8526				goto done;
8527			}
8528
8529			lun->pr_keys[residx] = 0;
8530			lun->pr_key_count--;
8531
8532			if (residx == lun->pr_res_idx) {
8533				lun->flags &= ~CTL_LUN_PR_RESERVED;
8534				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8535
8536				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8537				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8538				 && lun->pr_key_count) {
8539					/*
8540					 * If the reservation is a registrants
8541					 * only type we need to generate a UA
8542					 * for other registered inits.  The
8543					 * sense code should be RESERVATIONS
8544					 * RELEASED
8545					 */
8546
8547					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8548						if (lun->pr_keys[
8549						    i + persis_offset] == 0)
8550							continue;
8551						lun->pending_ua[i] |=
8552							CTL_UA_RES_RELEASE;
8553					}
8554				}
8555				lun->res_type = 0;
8556			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8557				if (lun->pr_key_count==0) {
8558					lun->flags &= ~CTL_LUN_PR_RESERVED;
8559					lun->res_type = 0;
8560					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8561				}
8562			}
8563			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8564			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8565			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8566			persis_io.pr.pr_info.residx = residx;
8567			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8568			     &persis_io, sizeof(persis_io), 0 )) >
8569			     CTL_HA_STATUS_SUCCESS) {
8570				printf("CTL:Persis Out error returned from "
8571				       "ctl_ha_msg_send %d\n", isc_retval);
8572			}
8573		} else /* sa_res_key != 0 */ {
8574
8575			/*
8576			 * If we aren't registered currently then increment
8577			 * the key count and set the registered flag.
8578			 */
8579			if (lun->pr_keys[residx] == 0)
8580				lun->pr_key_count++;
8581			lun->pr_keys[residx] = sa_res_key;
8582
8583			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8584			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8585			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8586			persis_io.pr.pr_info.residx = residx;
8587			memcpy(persis_io.pr.pr_info.sa_res_key,
8588			       param->serv_act_res_key,
8589			       sizeof(param->serv_act_res_key));
8590			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8591			     &persis_io, sizeof(persis_io), 0)) >
8592			     CTL_HA_STATUS_SUCCESS) {
8593				printf("CTL:Persis Out error returned from "
8594				       "ctl_ha_msg_send %d\n", isc_retval);
8595			}
8596		}
8597		lun->PRGeneration++;
8598		mtx_unlock(&lun->lun_lock);
8599
8600		break;
8601	}
8602	case SPRO_RESERVE:
8603#if 0
8604                printf("Reserve executed type %d\n", type);
8605#endif
8606		mtx_lock(&lun->lun_lock);
8607		if (lun->flags & CTL_LUN_PR_RESERVED) {
8608			/*
8609			 * if this isn't the reservation holder and it's
8610			 * not a "all registrants" type or if the type is
8611			 * different then we have a conflict
8612			 */
8613			if ((lun->pr_res_idx != residx
8614			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8615			 || lun->res_type != type) {
8616				mtx_unlock(&lun->lun_lock);
8617				free(ctsio->kern_data_ptr, M_CTL);
8618				ctl_set_reservation_conflict(ctsio);
8619				ctl_done((union ctl_io *)ctsio);
8620				return (CTL_RETVAL_COMPLETE);
8621			}
8622			mtx_unlock(&lun->lun_lock);
8623		} else /* create a reservation */ {
8624			/*
8625			 * If it's not an "all registrants" type record
8626			 * reservation holder
8627			 */
8628			if (type != SPR_TYPE_WR_EX_AR
8629			 && type != SPR_TYPE_EX_AC_AR)
8630				lun->pr_res_idx = residx; /* Res holder */
8631			else
8632				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8633
8634			lun->flags |= CTL_LUN_PR_RESERVED;
8635			lun->res_type = type;
8636
8637			mtx_unlock(&lun->lun_lock);
8638
8639			/* send msg to other side */
8640			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8641			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8642			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8643			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8644			persis_io.pr.pr_info.res_type = type;
8645			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8646			     &persis_io, sizeof(persis_io), 0)) >
8647			     CTL_HA_STATUS_SUCCESS) {
8648				printf("CTL:Persis Out error returned from "
8649				       "ctl_ha_msg_send %d\n", isc_retval);
8650			}
8651		}
8652		break;
8653
8654	case SPRO_RELEASE:
8655		mtx_lock(&lun->lun_lock);
8656		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8657			/* No reservation exists return good status */
8658			mtx_unlock(&lun->lun_lock);
8659			goto done;
8660		}
8661		/*
8662		 * Is this nexus a reservation holder?
8663		 */
8664		if (lun->pr_res_idx != residx
8665		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8666			/*
8667			 * not a res holder return good status but
8668			 * do nothing
8669			 */
8670			mtx_unlock(&lun->lun_lock);
8671			goto done;
8672		}
8673
8674		if (lun->res_type != type) {
8675			mtx_unlock(&lun->lun_lock);
8676			free(ctsio->kern_data_ptr, M_CTL);
8677			ctl_set_illegal_pr_release(ctsio);
8678			ctl_done((union ctl_io *)ctsio);
8679			return (CTL_RETVAL_COMPLETE);
8680		}
8681
8682		/* okay to release */
8683		lun->flags &= ~CTL_LUN_PR_RESERVED;
8684		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8685		lun->res_type = 0;
8686
8687		/*
8688		 * if this isn't an exclusive access
8689		 * res generate UA for all other
8690		 * registrants.
8691		 */
8692		if (type != SPR_TYPE_EX_AC
8693		 && type != SPR_TYPE_WR_EX) {
8694			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8695				if (i == residx ||
8696				    lun->pr_keys[i + persis_offset] == 0)
8697					continue;
8698				lun->pending_ua[i] |= CTL_UA_RES_RELEASE;
8699			}
8700		}
8701		mtx_unlock(&lun->lun_lock);
8702		/* Send msg to other side */
8703		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8704		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8705		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8706		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8707		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8708			printf("CTL:Persis Out error returned from "
8709			       "ctl_ha_msg_send %d\n", isc_retval);
8710		}
8711		break;
8712
8713	case SPRO_CLEAR:
8714		/* send msg to other side */
8715
8716		mtx_lock(&lun->lun_lock);
8717		lun->flags &= ~CTL_LUN_PR_RESERVED;
8718		lun->res_type = 0;
8719		lun->pr_key_count = 0;
8720		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8721
8722		lun->pr_keys[residx] = 0;
8723
8724		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8725			if (lun->pr_keys[i] != 0) {
8726				if (!persis_offset && i < CTL_MAX_INITIATORS)
8727					lun->pending_ua[i] |=
8728						CTL_UA_RES_PREEMPT;
8729				else if (persis_offset && i >= persis_offset)
8730					lun->pending_ua[i-persis_offset] |=
8731					    CTL_UA_RES_PREEMPT;
8732
8733				lun->pr_keys[i] = 0;
8734			}
8735		lun->PRGeneration++;
8736		mtx_unlock(&lun->lun_lock);
8737		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8738		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8739		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8740		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8741		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8742			printf("CTL:Persis Out error returned from "
8743			       "ctl_ha_msg_send %d\n", isc_retval);
8744		}
8745		break;
8746
8747	case SPRO_PREEMPT: {
8748		int nretval;
8749
8750		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8751					  residx, ctsio, cdb, param);
8752		if (nretval != 0)
8753			return (CTL_RETVAL_COMPLETE);
8754		break;
8755	}
8756	default:
8757		panic("Invalid PR type %x", cdb->action);
8758	}
8759
8760done:
8761	free(ctsio->kern_data_ptr, M_CTL);
8762	ctl_set_success(ctsio);
8763	ctl_done((union ctl_io *)ctsio);
8764
8765	return (retval);
8766}
8767
8768/*
8769 * This routine is for handling a message from the other SC pertaining to
8770 * persistent reserve out. All the error checking will have been done
8771 * so only perorming the action need be done here to keep the two
8772 * in sync.
8773 */
8774static void
8775ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8776{
8777	struct ctl_lun *lun;
8778	struct ctl_softc *softc;
8779	int i;
8780	uint32_t targ_lun;
8781
8782	softc = control_softc;
8783
8784	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8785	lun = softc->ctl_luns[targ_lun];
8786	mtx_lock(&lun->lun_lock);
8787	switch(msg->pr.pr_info.action) {
8788	case CTL_PR_REG_KEY:
8789		if (lun->pr_keys[msg->pr.pr_info.residx] == 0)
8790			lun->pr_key_count++;
8791		lun->pr_keys[msg->pr.pr_info.residx] =
8792		    scsi_8btou64(msg->pr.pr_info.sa_res_key);
8793		lun->PRGeneration++;
8794		break;
8795
8796	case CTL_PR_UNREG_KEY:
8797		lun->pr_keys[msg->pr.pr_info.residx] = 0;
8798		lun->pr_key_count--;
8799
8800		/* XXX Need to see if the reservation has been released */
8801		/* if so do we need to generate UA? */
8802		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8803			lun->flags &= ~CTL_LUN_PR_RESERVED;
8804			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8805
8806			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8807			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8808			 && lun->pr_key_count) {
8809				/*
8810				 * If the reservation is a registrants
8811				 * only type we need to generate a UA
8812				 * for other registered inits.  The
8813				 * sense code should be RESERVATIONS
8814				 * RELEASED
8815				 */
8816
8817				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8818					if (lun->pr_keys[i+
8819					    persis_offset] == 0)
8820						continue;
8821
8822					lun->pending_ua[i] |=
8823						CTL_UA_RES_RELEASE;
8824				}
8825			}
8826			lun->res_type = 0;
8827		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8828			if (lun->pr_key_count==0) {
8829				lun->flags &= ~CTL_LUN_PR_RESERVED;
8830				lun->res_type = 0;
8831				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8832			}
8833		}
8834		lun->PRGeneration++;
8835		break;
8836
8837	case CTL_PR_RESERVE:
8838		lun->flags |= CTL_LUN_PR_RESERVED;
8839		lun->res_type = msg->pr.pr_info.res_type;
8840		lun->pr_res_idx = msg->pr.pr_info.residx;
8841
8842		break;
8843
8844	case CTL_PR_RELEASE:
8845		/*
8846		 * if this isn't an exclusive access res generate UA for all
8847		 * other registrants.
8848		 */
8849		if (lun->res_type != SPR_TYPE_EX_AC
8850		 && lun->res_type != SPR_TYPE_WR_EX) {
8851			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8852				if (lun->pr_keys[i+persis_offset] != 0)
8853					lun->pending_ua[i] |=
8854						CTL_UA_RES_RELEASE;
8855		}
8856
8857		lun->flags &= ~CTL_LUN_PR_RESERVED;
8858		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8859		lun->res_type = 0;
8860		break;
8861
8862	case CTL_PR_PREEMPT:
8863		ctl_pro_preempt_other(lun, msg);
8864		break;
8865	case CTL_PR_CLEAR:
8866		lun->flags &= ~CTL_LUN_PR_RESERVED;
8867		lun->res_type = 0;
8868		lun->pr_key_count = 0;
8869		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8870
8871		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8872			if (lun->pr_keys[i] == 0)
8873				continue;
8874			if (!persis_offset
8875			 && i < CTL_MAX_INITIATORS)
8876				lun->pending_ua[i] |= CTL_UA_RES_PREEMPT;
8877			else if (persis_offset
8878			      && i >= persis_offset)
8879				lun->pending_ua[i-persis_offset] |=
8880					CTL_UA_RES_PREEMPT;
8881			lun->pr_keys[i] = 0;
8882		}
8883		lun->PRGeneration++;
8884		break;
8885	}
8886
8887	mtx_unlock(&lun->lun_lock);
8888}
8889
8890int
8891ctl_read_write(struct ctl_scsiio *ctsio)
8892{
8893	struct ctl_lun *lun;
8894	struct ctl_lba_len_flags *lbalen;
8895	uint64_t lba;
8896	uint32_t num_blocks;
8897	int flags, retval;
8898	int isread;
8899
8900	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8901
8902	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8903
8904	flags = 0;
8905	retval = CTL_RETVAL_COMPLETE;
8906
8907	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8908	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8909	if (lun->flags & CTL_LUN_PR_RESERVED && isread) {
8910		uint32_t residx;
8911
8912		/*
8913		 * XXX KDM need a lock here.
8914		 */
8915		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8916		if ((lun->res_type == SPR_TYPE_EX_AC
8917		  && residx != lun->pr_res_idx)
8918		 || ((lun->res_type == SPR_TYPE_EX_AC_RO
8919		   || lun->res_type == SPR_TYPE_EX_AC_AR)
8920		  && lun->pr_keys[residx] == 0)) {
8921			ctl_set_reservation_conflict(ctsio);
8922			ctl_done((union ctl_io *)ctsio);
8923			return (CTL_RETVAL_COMPLETE);
8924	        }
8925	}
8926
8927	switch (ctsio->cdb[0]) {
8928	case READ_6:
8929	case WRITE_6: {
8930		struct scsi_rw_6 *cdb;
8931
8932		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8933
8934		lba = scsi_3btoul(cdb->addr);
8935		/* only 5 bits are valid in the most significant address byte */
8936		lba &= 0x1fffff;
8937		num_blocks = cdb->length;
8938		/*
8939		 * This is correct according to SBC-2.
8940		 */
8941		if (num_blocks == 0)
8942			num_blocks = 256;
8943		break;
8944	}
8945	case READ_10:
8946	case WRITE_10: {
8947		struct scsi_rw_10 *cdb;
8948
8949		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8950		if (cdb->byte2 & SRW10_FUA)
8951			flags |= CTL_LLF_FUA;
8952		if (cdb->byte2 & SRW10_DPO)
8953			flags |= CTL_LLF_DPO;
8954		lba = scsi_4btoul(cdb->addr);
8955		num_blocks = scsi_2btoul(cdb->length);
8956		break;
8957	}
8958	case WRITE_VERIFY_10: {
8959		struct scsi_write_verify_10 *cdb;
8960
8961		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8962		flags |= CTL_LLF_FUA;
8963		if (cdb->byte2 & SWV_DPO)
8964			flags |= CTL_LLF_DPO;
8965		lba = scsi_4btoul(cdb->addr);
8966		num_blocks = scsi_2btoul(cdb->length);
8967		break;
8968	}
8969	case READ_12:
8970	case WRITE_12: {
8971		struct scsi_rw_12 *cdb;
8972
8973		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8974		if (cdb->byte2 & SRW12_FUA)
8975			flags |= CTL_LLF_FUA;
8976		if (cdb->byte2 & SRW12_DPO)
8977			flags |= CTL_LLF_DPO;
8978		lba = scsi_4btoul(cdb->addr);
8979		num_blocks = scsi_4btoul(cdb->length);
8980		break;
8981	}
8982	case WRITE_VERIFY_12: {
8983		struct scsi_write_verify_12 *cdb;
8984
8985		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8986		flags |= CTL_LLF_FUA;
8987		if (cdb->byte2 & SWV_DPO)
8988			flags |= CTL_LLF_DPO;
8989		lba = scsi_4btoul(cdb->addr);
8990		num_blocks = scsi_4btoul(cdb->length);
8991		break;
8992	}
8993	case READ_16:
8994	case WRITE_16: {
8995		struct scsi_rw_16 *cdb;
8996
8997		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8998		if (cdb->byte2 & SRW12_FUA)
8999			flags |= CTL_LLF_FUA;
9000		if (cdb->byte2 & SRW12_DPO)
9001			flags |= CTL_LLF_DPO;
9002		lba = scsi_8btou64(cdb->addr);
9003		num_blocks = scsi_4btoul(cdb->length);
9004		break;
9005	}
9006	case WRITE_ATOMIC_16: {
9007		struct scsi_rw_16 *cdb;
9008
9009		if (lun->be_lun->atomicblock == 0) {
9010			ctl_set_invalid_opcode(ctsio);
9011			ctl_done((union ctl_io *)ctsio);
9012			return (CTL_RETVAL_COMPLETE);
9013		}
9014
9015		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9016		if (cdb->byte2 & SRW12_FUA)
9017			flags |= CTL_LLF_FUA;
9018		if (cdb->byte2 & SRW12_DPO)
9019			flags |= CTL_LLF_DPO;
9020		lba = scsi_8btou64(cdb->addr);
9021		num_blocks = scsi_4btoul(cdb->length);
9022		if (num_blocks > lun->be_lun->atomicblock) {
9023			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
9024			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
9025			    /*bit*/ 0);
9026			ctl_done((union ctl_io *)ctsio);
9027			return (CTL_RETVAL_COMPLETE);
9028		}
9029		break;
9030	}
9031	case WRITE_VERIFY_16: {
9032		struct scsi_write_verify_16 *cdb;
9033
9034		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
9035		flags |= CTL_LLF_FUA;
9036		if (cdb->byte2 & SWV_DPO)
9037			flags |= CTL_LLF_DPO;
9038		lba = scsi_8btou64(cdb->addr);
9039		num_blocks = scsi_4btoul(cdb->length);
9040		break;
9041	}
9042	default:
9043		/*
9044		 * We got a command we don't support.  This shouldn't
9045		 * happen, commands should be filtered out above us.
9046		 */
9047		ctl_set_invalid_opcode(ctsio);
9048		ctl_done((union ctl_io *)ctsio);
9049
9050		return (CTL_RETVAL_COMPLETE);
9051		break; /* NOTREACHED */
9052	}
9053
9054	/*
9055	 * The first check is to make sure we're in bounds, the second
9056	 * check is to catch wrap-around problems.  If the lba + num blocks
9057	 * is less than the lba, then we've wrapped around and the block
9058	 * range is invalid anyway.
9059	 */
9060	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9061	 || ((lba + num_blocks) < lba)) {
9062		ctl_set_lba_out_of_range(ctsio);
9063		ctl_done((union ctl_io *)ctsio);
9064		return (CTL_RETVAL_COMPLETE);
9065	}
9066
9067	/*
9068	 * According to SBC-3, a transfer length of 0 is not an error.
9069	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9070	 * translates to 256 blocks for those commands.
9071	 */
9072	if (num_blocks == 0) {
9073		ctl_set_success(ctsio);
9074		ctl_done((union ctl_io *)ctsio);
9075		return (CTL_RETVAL_COMPLETE);
9076	}
9077
9078	/* Set FUA and/or DPO if caches are disabled. */
9079	if (isread) {
9080		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9081		    SCP_RCD) != 0)
9082			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9083	} else {
9084		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9085		    SCP_WCE) == 0)
9086			flags |= CTL_LLF_FUA;
9087	}
9088
9089	lbalen = (struct ctl_lba_len_flags *)
9090	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9091	lbalen->lba = lba;
9092	lbalen->len = num_blocks;
9093	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9094
9095	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9096	ctsio->kern_rel_offset = 0;
9097
9098	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9099
9100	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9101
9102	return (retval);
9103}
9104
9105static int
9106ctl_cnw_cont(union ctl_io *io)
9107{
9108	struct ctl_scsiio *ctsio;
9109	struct ctl_lun *lun;
9110	struct ctl_lba_len_flags *lbalen;
9111	int retval;
9112
9113	ctsio = &io->scsiio;
9114	ctsio->io_hdr.status = CTL_STATUS_NONE;
9115	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9116	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9117	lbalen = (struct ctl_lba_len_flags *)
9118	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9119	lbalen->flags &= ~CTL_LLF_COMPARE;
9120	lbalen->flags |= CTL_LLF_WRITE;
9121
9122	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9123	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9124	return (retval);
9125}
9126
9127int
9128ctl_cnw(struct ctl_scsiio *ctsio)
9129{
9130	struct ctl_lun *lun;
9131	struct ctl_lba_len_flags *lbalen;
9132	uint64_t lba;
9133	uint32_t num_blocks;
9134	int flags, retval;
9135
9136	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9137
9138	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9139
9140	flags = 0;
9141	retval = CTL_RETVAL_COMPLETE;
9142
9143	switch (ctsio->cdb[0]) {
9144	case COMPARE_AND_WRITE: {
9145		struct scsi_compare_and_write *cdb;
9146
9147		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9148		if (cdb->byte2 & SRW10_FUA)
9149			flags |= CTL_LLF_FUA;
9150		if (cdb->byte2 & SRW10_DPO)
9151			flags |= CTL_LLF_DPO;
9152		lba = scsi_8btou64(cdb->addr);
9153		num_blocks = cdb->length;
9154		break;
9155	}
9156	default:
9157		/*
9158		 * We got a command we don't support.  This shouldn't
9159		 * happen, commands should be filtered out above us.
9160		 */
9161		ctl_set_invalid_opcode(ctsio);
9162		ctl_done((union ctl_io *)ctsio);
9163
9164		return (CTL_RETVAL_COMPLETE);
9165		break; /* NOTREACHED */
9166	}
9167
9168	/*
9169	 * The first check is to make sure we're in bounds, the second
9170	 * check is to catch wrap-around problems.  If the lba + num blocks
9171	 * is less than the lba, then we've wrapped around and the block
9172	 * range is invalid anyway.
9173	 */
9174	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9175	 || ((lba + num_blocks) < lba)) {
9176		ctl_set_lba_out_of_range(ctsio);
9177		ctl_done((union ctl_io *)ctsio);
9178		return (CTL_RETVAL_COMPLETE);
9179	}
9180
9181	/*
9182	 * According to SBC-3, a transfer length of 0 is not an error.
9183	 */
9184	if (num_blocks == 0) {
9185		ctl_set_success(ctsio);
9186		ctl_done((union ctl_io *)ctsio);
9187		return (CTL_RETVAL_COMPLETE);
9188	}
9189
9190	/* Set FUA if write cache is disabled. */
9191	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9192	    SCP_WCE) == 0)
9193		flags |= CTL_LLF_FUA;
9194
9195	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9196	ctsio->kern_rel_offset = 0;
9197
9198	/*
9199	 * Set the IO_CONT flag, so that if this I/O gets passed to
9200	 * ctl_data_submit_done(), it'll get passed back to
9201	 * ctl_ctl_cnw_cont() for further processing.
9202	 */
9203	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9204	ctsio->io_cont = ctl_cnw_cont;
9205
9206	lbalen = (struct ctl_lba_len_flags *)
9207	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9208	lbalen->lba = lba;
9209	lbalen->len = num_blocks;
9210	lbalen->flags = CTL_LLF_COMPARE | flags;
9211
9212	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9213	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9214	return (retval);
9215}
9216
9217int
9218ctl_verify(struct ctl_scsiio *ctsio)
9219{
9220	struct ctl_lun *lun;
9221	struct ctl_lba_len_flags *lbalen;
9222	uint64_t lba;
9223	uint32_t num_blocks;
9224	int bytchk, flags;
9225	int retval;
9226
9227	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9228
9229	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9230
9231	bytchk = 0;
9232	flags = CTL_LLF_FUA;
9233	retval = CTL_RETVAL_COMPLETE;
9234
9235	switch (ctsio->cdb[0]) {
9236	case VERIFY_10: {
9237		struct scsi_verify_10 *cdb;
9238
9239		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9240		if (cdb->byte2 & SVFY_BYTCHK)
9241			bytchk = 1;
9242		if (cdb->byte2 & SVFY_DPO)
9243			flags |= CTL_LLF_DPO;
9244		lba = scsi_4btoul(cdb->addr);
9245		num_blocks = scsi_2btoul(cdb->length);
9246		break;
9247	}
9248	case VERIFY_12: {
9249		struct scsi_verify_12 *cdb;
9250
9251		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9252		if (cdb->byte2 & SVFY_BYTCHK)
9253			bytchk = 1;
9254		if (cdb->byte2 & SVFY_DPO)
9255			flags |= CTL_LLF_DPO;
9256		lba = scsi_4btoul(cdb->addr);
9257		num_blocks = scsi_4btoul(cdb->length);
9258		break;
9259	}
9260	case VERIFY_16: {
9261		struct scsi_rw_16 *cdb;
9262
9263		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9264		if (cdb->byte2 & SVFY_BYTCHK)
9265			bytchk = 1;
9266		if (cdb->byte2 & SVFY_DPO)
9267			flags |= CTL_LLF_DPO;
9268		lba = scsi_8btou64(cdb->addr);
9269		num_blocks = scsi_4btoul(cdb->length);
9270		break;
9271	}
9272	default:
9273		/*
9274		 * We got a command we don't support.  This shouldn't
9275		 * happen, commands should be filtered out above us.
9276		 */
9277		ctl_set_invalid_opcode(ctsio);
9278		ctl_done((union ctl_io *)ctsio);
9279		return (CTL_RETVAL_COMPLETE);
9280	}
9281
9282	/*
9283	 * The first check is to make sure we're in bounds, the second
9284	 * check is to catch wrap-around problems.  If the lba + num blocks
9285	 * is less than the lba, then we've wrapped around and the block
9286	 * range is invalid anyway.
9287	 */
9288	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9289	 || ((lba + num_blocks) < lba)) {
9290		ctl_set_lba_out_of_range(ctsio);
9291		ctl_done((union ctl_io *)ctsio);
9292		return (CTL_RETVAL_COMPLETE);
9293	}
9294
9295	/*
9296	 * According to SBC-3, a transfer length of 0 is not an error.
9297	 */
9298	if (num_blocks == 0) {
9299		ctl_set_success(ctsio);
9300		ctl_done((union ctl_io *)ctsio);
9301		return (CTL_RETVAL_COMPLETE);
9302	}
9303
9304	lbalen = (struct ctl_lba_len_flags *)
9305	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9306	lbalen->lba = lba;
9307	lbalen->len = num_blocks;
9308	if (bytchk) {
9309		lbalen->flags = CTL_LLF_COMPARE | flags;
9310		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9311	} else {
9312		lbalen->flags = CTL_LLF_VERIFY | flags;
9313		ctsio->kern_total_len = 0;
9314	}
9315	ctsio->kern_rel_offset = 0;
9316
9317	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9318	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9319	return (retval);
9320}
9321
9322int
9323ctl_report_luns(struct ctl_scsiio *ctsio)
9324{
9325	struct scsi_report_luns *cdb;
9326	struct scsi_report_luns_data *lun_data;
9327	struct ctl_lun *lun, *request_lun;
9328	int num_luns, retval;
9329	uint32_t alloc_len, lun_datalen;
9330	int num_filled, well_known;
9331	uint32_t initidx, targ_lun_id, lun_id;
9332
9333	retval = CTL_RETVAL_COMPLETE;
9334	well_known = 0;
9335
9336	cdb = (struct scsi_report_luns *)ctsio->cdb;
9337
9338	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9339
9340	mtx_lock(&control_softc->ctl_lock);
9341	num_luns = control_softc->num_luns;
9342	mtx_unlock(&control_softc->ctl_lock);
9343
9344	switch (cdb->select_report) {
9345	case RPL_REPORT_DEFAULT:
9346	case RPL_REPORT_ALL:
9347		break;
9348	case RPL_REPORT_WELLKNOWN:
9349		well_known = 1;
9350		num_luns = 0;
9351		break;
9352	default:
9353		ctl_set_invalid_field(ctsio,
9354				      /*sks_valid*/ 1,
9355				      /*command*/ 1,
9356				      /*field*/ 2,
9357				      /*bit_valid*/ 0,
9358				      /*bit*/ 0);
9359		ctl_done((union ctl_io *)ctsio);
9360		return (retval);
9361		break; /* NOTREACHED */
9362	}
9363
9364	alloc_len = scsi_4btoul(cdb->length);
9365	/*
9366	 * The initiator has to allocate at least 16 bytes for this request,
9367	 * so he can at least get the header and the first LUN.  Otherwise
9368	 * we reject the request (per SPC-3 rev 14, section 6.21).
9369	 */
9370	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9371	    sizeof(struct scsi_report_luns_lundata))) {
9372		ctl_set_invalid_field(ctsio,
9373				      /*sks_valid*/ 1,
9374				      /*command*/ 1,
9375				      /*field*/ 6,
9376				      /*bit_valid*/ 0,
9377				      /*bit*/ 0);
9378		ctl_done((union ctl_io *)ctsio);
9379		return (retval);
9380	}
9381
9382	request_lun = (struct ctl_lun *)
9383		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9384
9385	lun_datalen = sizeof(*lun_data) +
9386		(num_luns * sizeof(struct scsi_report_luns_lundata));
9387
9388	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9389	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9390	ctsio->kern_sg_entries = 0;
9391
9392	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9393
9394	mtx_lock(&control_softc->ctl_lock);
9395	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9396		lun_id = ctl_map_lun(ctsio->io_hdr.nexus.targ_port, targ_lun_id);
9397		if (lun_id >= CTL_MAX_LUNS)
9398			continue;
9399		lun = control_softc->ctl_luns[lun_id];
9400		if (lun == NULL)
9401			continue;
9402
9403		if (targ_lun_id <= 0xff) {
9404			/*
9405			 * Peripheral addressing method, bus number 0.
9406			 */
9407			lun_data->luns[num_filled].lundata[0] =
9408				RPL_LUNDATA_ATYP_PERIPH;
9409			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9410			num_filled++;
9411		} else if (targ_lun_id <= 0x3fff) {
9412			/*
9413			 * Flat addressing method.
9414			 */
9415			lun_data->luns[num_filled].lundata[0] =
9416				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9417			lun_data->luns[num_filled].lundata[1] =
9418				(targ_lun_id & 0xff);
9419			num_filled++;
9420		} else if (targ_lun_id <= 0xffffff) {
9421			/*
9422			 * Extended flat addressing method.
9423			 */
9424			lun_data->luns[num_filled].lundata[0] =
9425			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9426			scsi_ulto3b(targ_lun_id,
9427			    &lun_data->luns[num_filled].lundata[1]);
9428			num_filled++;
9429		} else {
9430			printf("ctl_report_luns: bogus LUN number %jd, "
9431			       "skipping\n", (intmax_t)targ_lun_id);
9432		}
9433		/*
9434		 * According to SPC-3, rev 14 section 6.21:
9435		 *
9436		 * "The execution of a REPORT LUNS command to any valid and
9437		 * installed logical unit shall clear the REPORTED LUNS DATA
9438		 * HAS CHANGED unit attention condition for all logical
9439		 * units of that target with respect to the requesting
9440		 * initiator. A valid and installed logical unit is one
9441		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9442		 * INQUIRY data (see 6.4.2)."
9443		 *
9444		 * If request_lun is NULL, the LUN this report luns command
9445		 * was issued to is either disabled or doesn't exist. In that
9446		 * case, we shouldn't clear any pending lun change unit
9447		 * attention.
9448		 */
9449		if (request_lun != NULL) {
9450			mtx_lock(&lun->lun_lock);
9451			lun->pending_ua[initidx] &= ~CTL_UA_LUN_CHANGE;
9452			mtx_unlock(&lun->lun_lock);
9453		}
9454	}
9455	mtx_unlock(&control_softc->ctl_lock);
9456
9457	/*
9458	 * It's quite possible that we've returned fewer LUNs than we allocated
9459	 * space for.  Trim it.
9460	 */
9461	lun_datalen = sizeof(*lun_data) +
9462		(num_filled * sizeof(struct scsi_report_luns_lundata));
9463
9464	if (lun_datalen < alloc_len) {
9465		ctsio->residual = alloc_len - lun_datalen;
9466		ctsio->kern_data_len = lun_datalen;
9467		ctsio->kern_total_len = lun_datalen;
9468	} else {
9469		ctsio->residual = 0;
9470		ctsio->kern_data_len = alloc_len;
9471		ctsio->kern_total_len = alloc_len;
9472	}
9473	ctsio->kern_data_resid = 0;
9474	ctsio->kern_rel_offset = 0;
9475	ctsio->kern_sg_entries = 0;
9476
9477	/*
9478	 * We set this to the actual data length, regardless of how much
9479	 * space we actually have to return results.  If the user looks at
9480	 * this value, he'll know whether or not he allocated enough space
9481	 * and reissue the command if necessary.  We don't support well
9482	 * known logical units, so if the user asks for that, return none.
9483	 */
9484	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9485
9486	/*
9487	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9488	 * this request.
9489	 */
9490	ctsio->scsi_status = SCSI_STATUS_OK;
9491
9492	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9493	ctsio->be_move_done = ctl_config_move_done;
9494	ctl_datamove((union ctl_io *)ctsio);
9495
9496	return (retval);
9497}
9498
9499int
9500ctl_request_sense(struct ctl_scsiio *ctsio)
9501{
9502	struct scsi_request_sense *cdb;
9503	struct scsi_sense_data *sense_ptr;
9504	struct ctl_lun *lun;
9505	uint32_t initidx;
9506	int have_error;
9507	scsi_sense_data_type sense_format;
9508
9509	cdb = (struct scsi_request_sense *)ctsio->cdb;
9510
9511	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9512
9513	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9514
9515	/*
9516	 * Determine which sense format the user wants.
9517	 */
9518	if (cdb->byte2 & SRS_DESC)
9519		sense_format = SSD_TYPE_DESC;
9520	else
9521		sense_format = SSD_TYPE_FIXED;
9522
9523	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9524	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9525	ctsio->kern_sg_entries = 0;
9526
9527	/*
9528	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9529	 * larger than the largest allowed value for the length field in the
9530	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9531	 */
9532	ctsio->residual = 0;
9533	ctsio->kern_data_len = cdb->length;
9534	ctsio->kern_total_len = cdb->length;
9535
9536	ctsio->kern_data_resid = 0;
9537	ctsio->kern_rel_offset = 0;
9538	ctsio->kern_sg_entries = 0;
9539
9540	/*
9541	 * If we don't have a LUN, we don't have any pending sense.
9542	 */
9543	if (lun == NULL)
9544		goto no_sense;
9545
9546	have_error = 0;
9547	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9548	/*
9549	 * Check for pending sense, and then for pending unit attentions.
9550	 * Pending sense gets returned first, then pending unit attentions.
9551	 */
9552	mtx_lock(&lun->lun_lock);
9553#ifdef CTL_WITH_CA
9554	if (ctl_is_set(lun->have_ca, initidx)) {
9555		scsi_sense_data_type stored_format;
9556
9557		/*
9558		 * Check to see which sense format was used for the stored
9559		 * sense data.
9560		 */
9561		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9562
9563		/*
9564		 * If the user requested a different sense format than the
9565		 * one we stored, then we need to convert it to the other
9566		 * format.  If we're going from descriptor to fixed format
9567		 * sense data, we may lose things in translation, depending
9568		 * on what options were used.
9569		 *
9570		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9571		 * for some reason we'll just copy it out as-is.
9572		 */
9573		if ((stored_format == SSD_TYPE_FIXED)
9574		 && (sense_format == SSD_TYPE_DESC))
9575			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9576			    &lun->pending_sense[initidx],
9577			    (struct scsi_sense_data_desc *)sense_ptr);
9578		else if ((stored_format == SSD_TYPE_DESC)
9579		      && (sense_format == SSD_TYPE_FIXED))
9580			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9581			    &lun->pending_sense[initidx],
9582			    (struct scsi_sense_data_fixed *)sense_ptr);
9583		else
9584			memcpy(sense_ptr, &lun->pending_sense[initidx],
9585			       ctl_min(sizeof(*sense_ptr),
9586			       sizeof(lun->pending_sense[initidx])));
9587
9588		ctl_clear_mask(lun->have_ca, initidx);
9589		have_error = 1;
9590	} else
9591#endif
9592	if (lun->pending_ua[initidx] != CTL_UA_NONE) {
9593		ctl_ua_type ua_type;
9594
9595		ua_type = ctl_build_ua(&lun->pending_ua[initidx],
9596				       sense_ptr, sense_format);
9597		if (ua_type != CTL_UA_NONE)
9598			have_error = 1;
9599	}
9600	mtx_unlock(&lun->lun_lock);
9601
9602	/*
9603	 * We already have a pending error, return it.
9604	 */
9605	if (have_error != 0) {
9606		/*
9607		 * We report the SCSI status as OK, since the status of the
9608		 * request sense command itself is OK.
9609		 */
9610		ctsio->scsi_status = SCSI_STATUS_OK;
9611
9612		/*
9613		 * We report 0 for the sense length, because we aren't doing
9614		 * autosense in this case.  We're reporting sense as
9615		 * parameter data.
9616		 */
9617		ctsio->sense_len = 0;
9618		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9619		ctsio->be_move_done = ctl_config_move_done;
9620		ctl_datamove((union ctl_io *)ctsio);
9621
9622		return (CTL_RETVAL_COMPLETE);
9623	}
9624
9625no_sense:
9626
9627	/*
9628	 * No sense information to report, so we report that everything is
9629	 * okay.
9630	 */
9631	ctl_set_sense_data(sense_ptr,
9632			   lun,
9633			   sense_format,
9634			   /*current_error*/ 1,
9635			   /*sense_key*/ SSD_KEY_NO_SENSE,
9636			   /*asc*/ 0x00,
9637			   /*ascq*/ 0x00,
9638			   SSD_ELEM_NONE);
9639
9640	ctsio->scsi_status = SCSI_STATUS_OK;
9641
9642	/*
9643	 * We report 0 for the sense length, because we aren't doing
9644	 * autosense in this case.  We're reporting sense as parameter data.
9645	 */
9646	ctsio->sense_len = 0;
9647	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9648	ctsio->be_move_done = ctl_config_move_done;
9649	ctl_datamove((union ctl_io *)ctsio);
9650
9651	return (CTL_RETVAL_COMPLETE);
9652}
9653
9654int
9655ctl_tur(struct ctl_scsiio *ctsio)
9656{
9657	struct ctl_lun *lun;
9658
9659	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9660
9661	CTL_DEBUG_PRINT(("ctl_tur\n"));
9662
9663	if (lun == NULL)
9664		return (EINVAL);
9665
9666	ctsio->scsi_status = SCSI_STATUS_OK;
9667	ctsio->io_hdr.status = CTL_SUCCESS;
9668
9669	ctl_done((union ctl_io *)ctsio);
9670
9671	return (CTL_RETVAL_COMPLETE);
9672}
9673
9674#ifdef notyet
9675static int
9676ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9677{
9678
9679}
9680#endif
9681
9682static int
9683ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9684{
9685	struct scsi_vpd_supported_pages *pages;
9686	int sup_page_size;
9687	struct ctl_lun *lun;
9688
9689	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9690
9691	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9692	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9693	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9694	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9695	ctsio->kern_sg_entries = 0;
9696
9697	if (sup_page_size < alloc_len) {
9698		ctsio->residual = alloc_len - sup_page_size;
9699		ctsio->kern_data_len = sup_page_size;
9700		ctsio->kern_total_len = sup_page_size;
9701	} else {
9702		ctsio->residual = 0;
9703		ctsio->kern_data_len = alloc_len;
9704		ctsio->kern_total_len = alloc_len;
9705	}
9706	ctsio->kern_data_resid = 0;
9707	ctsio->kern_rel_offset = 0;
9708	ctsio->kern_sg_entries = 0;
9709
9710	/*
9711	 * The control device is always connected.  The disk device, on the
9712	 * other hand, may not be online all the time.  Need to change this
9713	 * to figure out whether the disk device is actually online or not.
9714	 */
9715	if (lun != NULL)
9716		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9717				lun->be_lun->lun_type;
9718	else
9719		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9720
9721	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
9722	/* Supported VPD pages */
9723	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
9724	/* Serial Number */
9725	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
9726	/* Device Identification */
9727	pages->page_list[2] = SVPD_DEVICE_ID;
9728	/* Extended INQUIRY Data */
9729	pages->page_list[3] = SVPD_EXTENDED_INQUIRY_DATA;
9730	/* Mode Page Policy */
9731	pages->page_list[4] = SVPD_MODE_PAGE_POLICY;
9732	/* SCSI Ports */
9733	pages->page_list[5] = SVPD_SCSI_PORTS;
9734	/* Third-party Copy */
9735	pages->page_list[6] = SVPD_SCSI_TPC;
9736	/* Block limits */
9737	pages->page_list[7] = SVPD_BLOCK_LIMITS;
9738	/* Block Device Characteristics */
9739	pages->page_list[8] = SVPD_BDC;
9740	/* Logical Block Provisioning */
9741	pages->page_list[9] = SVPD_LBP;
9742
9743	ctsio->scsi_status = SCSI_STATUS_OK;
9744
9745	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9746	ctsio->be_move_done = ctl_config_move_done;
9747	ctl_datamove((union ctl_io *)ctsio);
9748
9749	return (CTL_RETVAL_COMPLETE);
9750}
9751
9752static int
9753ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9754{
9755	struct scsi_vpd_unit_serial_number *sn_ptr;
9756	struct ctl_lun *lun;
9757	int data_len;
9758
9759	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9760
9761	data_len = 4 + CTL_SN_LEN;
9762	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9763	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9764	if (data_len < alloc_len) {
9765		ctsio->residual = alloc_len - data_len;
9766		ctsio->kern_data_len = data_len;
9767		ctsio->kern_total_len = data_len;
9768	} else {
9769		ctsio->residual = 0;
9770		ctsio->kern_data_len = alloc_len;
9771		ctsio->kern_total_len = alloc_len;
9772	}
9773	ctsio->kern_data_resid = 0;
9774	ctsio->kern_rel_offset = 0;
9775	ctsio->kern_sg_entries = 0;
9776
9777	/*
9778	 * The control device is always connected.  The disk device, on the
9779	 * other hand, may not be online all the time.  Need to change this
9780	 * to figure out whether the disk device is actually online or not.
9781	 */
9782	if (lun != NULL)
9783		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9784				  lun->be_lun->lun_type;
9785	else
9786		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9787
9788	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9789	sn_ptr->length = CTL_SN_LEN;
9790	/*
9791	 * If we don't have a LUN, we just leave the serial number as
9792	 * all spaces.
9793	 */
9794	if (lun != NULL) {
9795		strncpy((char *)sn_ptr->serial_num,
9796			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9797	} else
9798		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9799	ctsio->scsi_status = SCSI_STATUS_OK;
9800
9801	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9802	ctsio->be_move_done = ctl_config_move_done;
9803	ctl_datamove((union ctl_io *)ctsio);
9804
9805	return (CTL_RETVAL_COMPLETE);
9806}
9807
9808
9809static int
9810ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9811{
9812	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9813	struct ctl_lun *lun;
9814	int data_len;
9815
9816	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9817
9818	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9819	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9820	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9821	ctsio->kern_sg_entries = 0;
9822
9823	if (data_len < alloc_len) {
9824		ctsio->residual = alloc_len - data_len;
9825		ctsio->kern_data_len = data_len;
9826		ctsio->kern_total_len = data_len;
9827	} else {
9828		ctsio->residual = 0;
9829		ctsio->kern_data_len = alloc_len;
9830		ctsio->kern_total_len = alloc_len;
9831	}
9832	ctsio->kern_data_resid = 0;
9833	ctsio->kern_rel_offset = 0;
9834	ctsio->kern_sg_entries = 0;
9835
9836	/*
9837	 * The control device is always connected.  The disk device, on the
9838	 * other hand, may not be online all the time.
9839	 */
9840	if (lun != NULL)
9841		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9842				     lun->be_lun->lun_type;
9843	else
9844		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9845	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9846	eid_ptr->page_length = data_len - 4;
9847	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9848	eid_ptr->flags3 = SVPD_EID_V_SUP;
9849
9850	ctsio->scsi_status = SCSI_STATUS_OK;
9851	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9852	ctsio->be_move_done = ctl_config_move_done;
9853	ctl_datamove((union ctl_io *)ctsio);
9854
9855	return (CTL_RETVAL_COMPLETE);
9856}
9857
9858static int
9859ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9860{
9861	struct scsi_vpd_mode_page_policy *mpp_ptr;
9862	struct ctl_lun *lun;
9863	int data_len;
9864
9865	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9866
9867	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9868	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9869
9870	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9871	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9872	ctsio->kern_sg_entries = 0;
9873
9874	if (data_len < alloc_len) {
9875		ctsio->residual = alloc_len - data_len;
9876		ctsio->kern_data_len = data_len;
9877		ctsio->kern_total_len = data_len;
9878	} else {
9879		ctsio->residual = 0;
9880		ctsio->kern_data_len = alloc_len;
9881		ctsio->kern_total_len = alloc_len;
9882	}
9883	ctsio->kern_data_resid = 0;
9884	ctsio->kern_rel_offset = 0;
9885	ctsio->kern_sg_entries = 0;
9886
9887	/*
9888	 * The control device is always connected.  The disk device, on the
9889	 * other hand, may not be online all the time.
9890	 */
9891	if (lun != NULL)
9892		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9893				     lun->be_lun->lun_type;
9894	else
9895		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9896	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9897	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9898	mpp_ptr->descr[0].page_code = 0x3f;
9899	mpp_ptr->descr[0].subpage_code = 0xff;
9900	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9901
9902	ctsio->scsi_status = SCSI_STATUS_OK;
9903	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9904	ctsio->be_move_done = ctl_config_move_done;
9905	ctl_datamove((union ctl_io *)ctsio);
9906
9907	return (CTL_RETVAL_COMPLETE);
9908}
9909
9910static int
9911ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9912{
9913	struct scsi_vpd_device_id *devid_ptr;
9914	struct scsi_vpd_id_descriptor *desc;
9915	struct ctl_softc *ctl_softc;
9916	struct ctl_lun *lun;
9917	struct ctl_port *port;
9918	int data_len;
9919	uint8_t proto;
9920
9921	ctl_softc = control_softc;
9922
9923	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9924	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9925
9926	data_len = sizeof(struct scsi_vpd_device_id) +
9927	    sizeof(struct scsi_vpd_id_descriptor) +
9928		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9929	    sizeof(struct scsi_vpd_id_descriptor) +
9930		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9931	if (lun && lun->lun_devid)
9932		data_len += lun->lun_devid->len;
9933	if (port->port_devid)
9934		data_len += port->port_devid->len;
9935	if (port->target_devid)
9936		data_len += port->target_devid->len;
9937
9938	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9939	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9940	ctsio->kern_sg_entries = 0;
9941
9942	if (data_len < alloc_len) {
9943		ctsio->residual = alloc_len - data_len;
9944		ctsio->kern_data_len = data_len;
9945		ctsio->kern_total_len = data_len;
9946	} else {
9947		ctsio->residual = 0;
9948		ctsio->kern_data_len = alloc_len;
9949		ctsio->kern_total_len = alloc_len;
9950	}
9951	ctsio->kern_data_resid = 0;
9952	ctsio->kern_rel_offset = 0;
9953	ctsio->kern_sg_entries = 0;
9954
9955	/*
9956	 * The control device is always connected.  The disk device, on the
9957	 * other hand, may not be online all the time.
9958	 */
9959	if (lun != NULL)
9960		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9961				     lun->be_lun->lun_type;
9962	else
9963		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9964	devid_ptr->page_code = SVPD_DEVICE_ID;
9965	scsi_ulto2b(data_len - 4, devid_ptr->length);
9966
9967	if (port->port_type == CTL_PORT_FC)
9968		proto = SCSI_PROTO_FC << 4;
9969	else if (port->port_type == CTL_PORT_ISCSI)
9970		proto = SCSI_PROTO_ISCSI << 4;
9971	else
9972		proto = SCSI_PROTO_SPI << 4;
9973	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9974
9975	/*
9976	 * We're using a LUN association here.  i.e., this device ID is a
9977	 * per-LUN identifier.
9978	 */
9979	if (lun && lun->lun_devid) {
9980		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9981		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9982		    lun->lun_devid->len);
9983	}
9984
9985	/*
9986	 * This is for the WWPN which is a port association.
9987	 */
9988	if (port->port_devid) {
9989		memcpy(desc, port->port_devid->data, port->port_devid->len);
9990		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9991		    port->port_devid->len);
9992	}
9993
9994	/*
9995	 * This is for the Relative Target Port(type 4h) identifier
9996	 */
9997	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9998	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9999	    SVPD_ID_TYPE_RELTARG;
10000	desc->length = 4;
10001	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
10002	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10003	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
10004
10005	/*
10006	 * This is for the Target Port Group(type 5h) identifier
10007	 */
10008	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
10009	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
10010	    SVPD_ID_TYPE_TPORTGRP;
10011	desc->length = 4;
10012	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
10013	    &desc->identifier[2]);
10014	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10015	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
10016
10017	/*
10018	 * This is for the Target identifier
10019	 */
10020	if (port->target_devid) {
10021		memcpy(desc, port->target_devid->data, port->target_devid->len);
10022	}
10023
10024	ctsio->scsi_status = SCSI_STATUS_OK;
10025	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10026	ctsio->be_move_done = ctl_config_move_done;
10027	ctl_datamove((union ctl_io *)ctsio);
10028
10029	return (CTL_RETVAL_COMPLETE);
10030}
10031
10032static int
10033ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
10034{
10035	struct ctl_softc *softc = control_softc;
10036	struct scsi_vpd_scsi_ports *sp;
10037	struct scsi_vpd_port_designation *pd;
10038	struct scsi_vpd_port_designation_cont *pdc;
10039	struct ctl_lun *lun;
10040	struct ctl_port *port;
10041	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
10042	int num_target_port_groups, single;
10043
10044	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10045
10046	single = ctl_is_single;
10047	if (single)
10048		num_target_port_groups = 1;
10049	else
10050		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
10051	num_target_ports = 0;
10052	iid_len = 0;
10053	id_len = 0;
10054	mtx_lock(&softc->ctl_lock);
10055	STAILQ_FOREACH(port, &softc->port_list, links) {
10056		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10057			continue;
10058		if (lun != NULL &&
10059		    ctl_map_lun_back(port->targ_port, lun->lun) >=
10060		    CTL_MAX_LUNS)
10061			continue;
10062		num_target_ports++;
10063		if (port->init_devid)
10064			iid_len += port->init_devid->len;
10065		if (port->port_devid)
10066			id_len += port->port_devid->len;
10067	}
10068	mtx_unlock(&softc->ctl_lock);
10069
10070	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
10071	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10072	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10073	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10074	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10075	ctsio->kern_sg_entries = 0;
10076
10077	if (data_len < alloc_len) {
10078		ctsio->residual = alloc_len - data_len;
10079		ctsio->kern_data_len = data_len;
10080		ctsio->kern_total_len = data_len;
10081	} else {
10082		ctsio->residual = 0;
10083		ctsio->kern_data_len = alloc_len;
10084		ctsio->kern_total_len = alloc_len;
10085	}
10086	ctsio->kern_data_resid = 0;
10087	ctsio->kern_rel_offset = 0;
10088	ctsio->kern_sg_entries = 0;
10089
10090	/*
10091	 * The control device is always connected.  The disk device, on the
10092	 * other hand, may not be online all the time.  Need to change this
10093	 * to figure out whether the disk device is actually online or not.
10094	 */
10095	if (lun != NULL)
10096		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10097				  lun->be_lun->lun_type;
10098	else
10099		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10100
10101	sp->page_code = SVPD_SCSI_PORTS;
10102	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10103	    sp->page_length);
10104	pd = &sp->design[0];
10105
10106	mtx_lock(&softc->ctl_lock);
10107	if (softc->flags & CTL_FLAG_MASTER_SHELF)
10108		pg = 0;
10109	else
10110		pg = 1;
10111	for (g = 0; g < num_target_port_groups; g++) {
10112		STAILQ_FOREACH(port, &softc->port_list, links) {
10113			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10114				continue;
10115			if (lun != NULL &&
10116			    ctl_map_lun_back(port->targ_port, lun->lun) >=
10117			    CTL_MAX_LUNS)
10118				continue;
10119			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
10120			scsi_ulto2b(p, pd->relative_port_id);
10121			if (port->init_devid && g == pg) {
10122				iid_len = port->init_devid->len;
10123				memcpy(pd->initiator_transportid,
10124				    port->init_devid->data, port->init_devid->len);
10125			} else
10126				iid_len = 0;
10127			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10128			pdc = (struct scsi_vpd_port_designation_cont *)
10129			    (&pd->initiator_transportid[iid_len]);
10130			if (port->port_devid && g == pg) {
10131				id_len = port->port_devid->len;
10132				memcpy(pdc->target_port_descriptors,
10133				    port->port_devid->data, port->port_devid->len);
10134			} else
10135				id_len = 0;
10136			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10137			pd = (struct scsi_vpd_port_designation *)
10138			    ((uint8_t *)pdc->target_port_descriptors + id_len);
10139		}
10140	}
10141	mtx_unlock(&softc->ctl_lock);
10142
10143	ctsio->scsi_status = SCSI_STATUS_OK;
10144	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10145	ctsio->be_move_done = ctl_config_move_done;
10146	ctl_datamove((union ctl_io *)ctsio);
10147
10148	return (CTL_RETVAL_COMPLETE);
10149}
10150
10151static int
10152ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10153{
10154	struct scsi_vpd_block_limits *bl_ptr;
10155	struct ctl_lun *lun;
10156	int bs;
10157
10158	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10159
10160	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10161	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10162	ctsio->kern_sg_entries = 0;
10163
10164	if (sizeof(*bl_ptr) < alloc_len) {
10165		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10166		ctsio->kern_data_len = sizeof(*bl_ptr);
10167		ctsio->kern_total_len = sizeof(*bl_ptr);
10168	} else {
10169		ctsio->residual = 0;
10170		ctsio->kern_data_len = alloc_len;
10171		ctsio->kern_total_len = alloc_len;
10172	}
10173	ctsio->kern_data_resid = 0;
10174	ctsio->kern_rel_offset = 0;
10175	ctsio->kern_sg_entries = 0;
10176
10177	/*
10178	 * The control device is always connected.  The disk device, on the
10179	 * other hand, may not be online all the time.  Need to change this
10180	 * to figure out whether the disk device is actually online or not.
10181	 */
10182	if (lun != NULL)
10183		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10184				  lun->be_lun->lun_type;
10185	else
10186		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10187
10188	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10189	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10190	bl_ptr->max_cmp_write_len = 0xff;
10191	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10192	if (lun != NULL) {
10193		bs = lun->be_lun->blocksize;
10194		scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
10195		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10196			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10197			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10198			if (lun->be_lun->pblockexp != 0) {
10199				scsi_ulto4b((1 << lun->be_lun->pblockexp),
10200				    bl_ptr->opt_unmap_grain);
10201				scsi_ulto4b(0x80000000 | lun->be_lun->pblockoff,
10202				    bl_ptr->unmap_grain_align);
10203			}
10204		}
10205		scsi_ulto4b(lun->be_lun->atomicblock,
10206		    bl_ptr->max_atomic_transfer_length);
10207		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10208		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10209	}
10210	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10211
10212	ctsio->scsi_status = SCSI_STATUS_OK;
10213	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10214	ctsio->be_move_done = ctl_config_move_done;
10215	ctl_datamove((union ctl_io *)ctsio);
10216
10217	return (CTL_RETVAL_COMPLETE);
10218}
10219
10220static int
10221ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10222{
10223	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10224	struct ctl_lun *lun;
10225	const char *value;
10226	u_int i;
10227
10228	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10229
10230	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10231	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10232	ctsio->kern_sg_entries = 0;
10233
10234	if (sizeof(*bdc_ptr) < alloc_len) {
10235		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10236		ctsio->kern_data_len = sizeof(*bdc_ptr);
10237		ctsio->kern_total_len = sizeof(*bdc_ptr);
10238	} else {
10239		ctsio->residual = 0;
10240		ctsio->kern_data_len = alloc_len;
10241		ctsio->kern_total_len = alloc_len;
10242	}
10243	ctsio->kern_data_resid = 0;
10244	ctsio->kern_rel_offset = 0;
10245	ctsio->kern_sg_entries = 0;
10246
10247	/*
10248	 * The control device is always connected.  The disk device, on the
10249	 * other hand, may not be online all the time.  Need to change this
10250	 * to figure out whether the disk device is actually online or not.
10251	 */
10252	if (lun != NULL)
10253		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10254				  lun->be_lun->lun_type;
10255	else
10256		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10257	bdc_ptr->page_code = SVPD_BDC;
10258	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10259	if (lun != NULL &&
10260	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10261		i = strtol(value, NULL, 0);
10262	else
10263		i = SVPD_NON_ROTATING;
10264	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10265	if (lun != NULL &&
10266	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10267		i = strtol(value, NULL, 0);
10268	else
10269		i = 0;
10270	bdc_ptr->wab_wac_ff = (i & 0x0f);
10271	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10272
10273	ctsio->scsi_status = SCSI_STATUS_OK;
10274	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10275	ctsio->be_move_done = ctl_config_move_done;
10276	ctl_datamove((union ctl_io *)ctsio);
10277
10278	return (CTL_RETVAL_COMPLETE);
10279}
10280
10281static int
10282ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10283{
10284	struct scsi_vpd_logical_block_prov *lbp_ptr;
10285	struct ctl_lun *lun;
10286
10287	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10288
10289	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10290	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10291	ctsio->kern_sg_entries = 0;
10292
10293	if (sizeof(*lbp_ptr) < alloc_len) {
10294		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10295		ctsio->kern_data_len = sizeof(*lbp_ptr);
10296		ctsio->kern_total_len = sizeof(*lbp_ptr);
10297	} else {
10298		ctsio->residual = 0;
10299		ctsio->kern_data_len = alloc_len;
10300		ctsio->kern_total_len = alloc_len;
10301	}
10302	ctsio->kern_data_resid = 0;
10303	ctsio->kern_rel_offset = 0;
10304	ctsio->kern_sg_entries = 0;
10305
10306	/*
10307	 * The control device is always connected.  The disk device, on the
10308	 * other hand, may not be online all the time.  Need to change this
10309	 * to figure out whether the disk device is actually online or not.
10310	 */
10311	if (lun != NULL)
10312		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10313				  lun->be_lun->lun_type;
10314	else
10315		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10316
10317	lbp_ptr->page_code = SVPD_LBP;
10318	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10319	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10320		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10321		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10322		lbp_ptr->prov_type = SVPD_LBP_RESOURCE;
10323	}
10324
10325	ctsio->scsi_status = SCSI_STATUS_OK;
10326	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10327	ctsio->be_move_done = ctl_config_move_done;
10328	ctl_datamove((union ctl_io *)ctsio);
10329
10330	return (CTL_RETVAL_COMPLETE);
10331}
10332
10333static int
10334ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10335{
10336	struct scsi_inquiry *cdb;
10337	struct ctl_lun *lun;
10338	int alloc_len, retval;
10339
10340	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10341	cdb = (struct scsi_inquiry *)ctsio->cdb;
10342
10343	retval = CTL_RETVAL_COMPLETE;
10344
10345	alloc_len = scsi_2btoul(cdb->length);
10346
10347	switch (cdb->page_code) {
10348	case SVPD_SUPPORTED_PAGES:
10349		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10350		break;
10351	case SVPD_UNIT_SERIAL_NUMBER:
10352		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10353		break;
10354	case SVPD_DEVICE_ID:
10355		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10356		break;
10357	case SVPD_EXTENDED_INQUIRY_DATA:
10358		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10359		break;
10360	case SVPD_MODE_PAGE_POLICY:
10361		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10362		break;
10363	case SVPD_SCSI_PORTS:
10364		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10365		break;
10366	case SVPD_SCSI_TPC:
10367		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10368		break;
10369	case SVPD_BLOCK_LIMITS:
10370		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10371		break;
10372	case SVPD_BDC:
10373		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10374		break;
10375	case SVPD_LBP:
10376		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10377		break;
10378	default:
10379		ctl_set_invalid_field(ctsio,
10380				      /*sks_valid*/ 1,
10381				      /*command*/ 1,
10382				      /*field*/ 2,
10383				      /*bit_valid*/ 0,
10384				      /*bit*/ 0);
10385		ctl_done((union ctl_io *)ctsio);
10386		retval = CTL_RETVAL_COMPLETE;
10387		break;
10388	}
10389
10390	return (retval);
10391}
10392
10393static int
10394ctl_inquiry_std(struct ctl_scsiio *ctsio)
10395{
10396	struct scsi_inquiry_data *inq_ptr;
10397	struct scsi_inquiry *cdb;
10398	struct ctl_softc *ctl_softc;
10399	struct ctl_lun *lun;
10400	char *val;
10401	uint32_t alloc_len, data_len;
10402	ctl_port_type port_type;
10403
10404	ctl_softc = control_softc;
10405
10406	/*
10407	 * Figure out whether we're talking to a Fibre Channel port or not.
10408	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10409	 * SCSI front ends.
10410	 */
10411	port_type = ctl_softc->ctl_ports[
10412	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
10413	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10414		port_type = CTL_PORT_SCSI;
10415
10416	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10417	cdb = (struct scsi_inquiry *)ctsio->cdb;
10418	alloc_len = scsi_2btoul(cdb->length);
10419
10420	/*
10421	 * We malloc the full inquiry data size here and fill it
10422	 * in.  If the user only asks for less, we'll give him
10423	 * that much.
10424	 */
10425	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10426	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10427	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10428	ctsio->kern_sg_entries = 0;
10429	ctsio->kern_data_resid = 0;
10430	ctsio->kern_rel_offset = 0;
10431
10432	if (data_len < alloc_len) {
10433		ctsio->residual = alloc_len - data_len;
10434		ctsio->kern_data_len = data_len;
10435		ctsio->kern_total_len = data_len;
10436	} else {
10437		ctsio->residual = 0;
10438		ctsio->kern_data_len = alloc_len;
10439		ctsio->kern_total_len = alloc_len;
10440	}
10441
10442	/*
10443	 * If we have a LUN configured, report it as connected.  Otherwise,
10444	 * report that it is offline or no device is supported, depending
10445	 * on the value of inquiry_pq_no_lun.
10446	 *
10447	 * According to the spec (SPC-4 r34), the peripheral qualifier
10448	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10449	 *
10450	 * "A peripheral device having the specified peripheral device type
10451	 * is not connected to this logical unit. However, the device
10452	 * server is capable of supporting the specified peripheral device
10453	 * type on this logical unit."
10454	 *
10455	 * According to the same spec, the peripheral qualifier
10456	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10457	 *
10458	 * "The device server is not capable of supporting a peripheral
10459	 * device on this logical unit. For this peripheral qualifier the
10460	 * peripheral device type shall be set to 1Fh. All other peripheral
10461	 * device type values are reserved for this peripheral qualifier."
10462	 *
10463	 * Given the text, it would seem that we probably want to report that
10464	 * the LUN is offline here.  There is no LUN connected, but we can
10465	 * support a LUN at the given LUN number.
10466	 *
10467	 * In the real world, though, it sounds like things are a little
10468	 * different:
10469	 *
10470	 * - Linux, when presented with a LUN with the offline peripheral
10471	 *   qualifier, will create an sg driver instance for it.  So when
10472	 *   you attach it to CTL, you wind up with a ton of sg driver
10473	 *   instances.  (One for every LUN that Linux bothered to probe.)
10474	 *   Linux does this despite the fact that it issues a REPORT LUNs
10475	 *   to LUN 0 to get the inventory of supported LUNs.
10476	 *
10477	 * - There is other anecdotal evidence (from Emulex folks) about
10478	 *   arrays that use the offline peripheral qualifier for LUNs that
10479	 *   are on the "passive" path in an active/passive array.
10480	 *
10481	 * So the solution is provide a hopefully reasonable default
10482	 * (return bad/no LUN) and allow the user to change the behavior
10483	 * with a tunable/sysctl variable.
10484	 */
10485	if (lun != NULL)
10486		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10487				  lun->be_lun->lun_type;
10488	else if (ctl_softc->inquiry_pq_no_lun == 0)
10489		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10490	else
10491		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10492
10493	/* RMB in byte 2 is 0 */
10494	inq_ptr->version = SCSI_REV_SPC4;
10495
10496	/*
10497	 * According to SAM-3, even if a device only supports a single
10498	 * level of LUN addressing, it should still set the HISUP bit:
10499	 *
10500	 * 4.9.1 Logical unit numbers overview
10501	 *
10502	 * All logical unit number formats described in this standard are
10503	 * hierarchical in structure even when only a single level in that
10504	 * hierarchy is used. The HISUP bit shall be set to one in the
10505	 * standard INQUIRY data (see SPC-2) when any logical unit number
10506	 * format described in this standard is used.  Non-hierarchical
10507	 * formats are outside the scope of this standard.
10508	 *
10509	 * Therefore we set the HiSup bit here.
10510	 *
10511	 * The reponse format is 2, per SPC-3.
10512	 */
10513	inq_ptr->response_format = SID_HiSup | 2;
10514
10515	inq_ptr->additional_length = data_len -
10516	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10517	CTL_DEBUG_PRINT(("additional_length = %d\n",
10518			 inq_ptr->additional_length));
10519
10520	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10521	/* 16 bit addressing */
10522	if (port_type == CTL_PORT_SCSI)
10523		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10524	/* XXX set the SID_MultiP bit here if we're actually going to
10525	   respond on multiple ports */
10526	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10527
10528	/* 16 bit data bus, synchronous transfers */
10529	if (port_type == CTL_PORT_SCSI)
10530		inq_ptr->flags = SID_WBus16 | SID_Sync;
10531	/*
10532	 * XXX KDM do we want to support tagged queueing on the control
10533	 * device at all?
10534	 */
10535	if ((lun == NULL)
10536	 || (lun->be_lun->lun_type != T_PROCESSOR))
10537		inq_ptr->flags |= SID_CmdQue;
10538	/*
10539	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10540	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10541	 * name and 4 bytes for the revision.
10542	 */
10543	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10544	    "vendor")) == NULL) {
10545		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10546	} else {
10547		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10548		strncpy(inq_ptr->vendor, val,
10549		    min(sizeof(inq_ptr->vendor), strlen(val)));
10550	}
10551	if (lun == NULL) {
10552		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10553		    sizeof(inq_ptr->product));
10554	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10555		switch (lun->be_lun->lun_type) {
10556		case T_DIRECT:
10557			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10558			    sizeof(inq_ptr->product));
10559			break;
10560		case T_PROCESSOR:
10561			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10562			    sizeof(inq_ptr->product));
10563			break;
10564		default:
10565			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10566			    sizeof(inq_ptr->product));
10567			break;
10568		}
10569	} else {
10570		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10571		strncpy(inq_ptr->product, val,
10572		    min(sizeof(inq_ptr->product), strlen(val)));
10573	}
10574
10575	/*
10576	 * XXX make this a macro somewhere so it automatically gets
10577	 * incremented when we make changes.
10578	 */
10579	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10580	    "revision")) == NULL) {
10581		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10582	} else {
10583		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10584		strncpy(inq_ptr->revision, val,
10585		    min(sizeof(inq_ptr->revision), strlen(val)));
10586	}
10587
10588	/*
10589	 * For parallel SCSI, we support double transition and single
10590	 * transition clocking.  We also support QAS (Quick Arbitration
10591	 * and Selection) and Information Unit transfers on both the
10592	 * control and array devices.
10593	 */
10594	if (port_type == CTL_PORT_SCSI)
10595		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10596				    SID_SPI_IUS;
10597
10598	/* SAM-5 (no version claimed) */
10599	scsi_ulto2b(0x00A0, inq_ptr->version1);
10600	/* SPC-4 (no version claimed) */
10601	scsi_ulto2b(0x0460, inq_ptr->version2);
10602	if (port_type == CTL_PORT_FC) {
10603		/* FCP-2 ANSI INCITS.350:2003 */
10604		scsi_ulto2b(0x0917, inq_ptr->version3);
10605	} else if (port_type == CTL_PORT_SCSI) {
10606		/* SPI-4 ANSI INCITS.362:200x */
10607		scsi_ulto2b(0x0B56, inq_ptr->version3);
10608	} else if (port_type == CTL_PORT_ISCSI) {
10609		/* iSCSI (no version claimed) */
10610		scsi_ulto2b(0x0960, inq_ptr->version3);
10611	} else if (port_type == CTL_PORT_SAS) {
10612		/* SAS (no version claimed) */
10613		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10614	}
10615
10616	if (lun == NULL) {
10617		/* SBC-4 (no version claimed) */
10618		scsi_ulto2b(0x0600, inq_ptr->version4);
10619	} else {
10620		switch (lun->be_lun->lun_type) {
10621		case T_DIRECT:
10622			/* SBC-4 (no version claimed) */
10623			scsi_ulto2b(0x0600, inq_ptr->version4);
10624			break;
10625		case T_PROCESSOR:
10626		default:
10627			break;
10628		}
10629	}
10630
10631	ctsio->scsi_status = SCSI_STATUS_OK;
10632	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10633	ctsio->be_move_done = ctl_config_move_done;
10634	ctl_datamove((union ctl_io *)ctsio);
10635	return (CTL_RETVAL_COMPLETE);
10636}
10637
10638int
10639ctl_inquiry(struct ctl_scsiio *ctsio)
10640{
10641	struct scsi_inquiry *cdb;
10642	int retval;
10643
10644	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10645
10646	cdb = (struct scsi_inquiry *)ctsio->cdb;
10647	if (cdb->byte2 & SI_EVPD)
10648		retval = ctl_inquiry_evpd(ctsio);
10649	else if (cdb->page_code == 0)
10650		retval = ctl_inquiry_std(ctsio);
10651	else {
10652		ctl_set_invalid_field(ctsio,
10653				      /*sks_valid*/ 1,
10654				      /*command*/ 1,
10655				      /*field*/ 2,
10656				      /*bit_valid*/ 0,
10657				      /*bit*/ 0);
10658		ctl_done((union ctl_io *)ctsio);
10659		return (CTL_RETVAL_COMPLETE);
10660	}
10661
10662	return (retval);
10663}
10664
10665/*
10666 * For known CDB types, parse the LBA and length.
10667 */
10668static int
10669ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10670{
10671	if (io->io_hdr.io_type != CTL_IO_SCSI)
10672		return (1);
10673
10674	switch (io->scsiio.cdb[0]) {
10675	case COMPARE_AND_WRITE: {
10676		struct scsi_compare_and_write *cdb;
10677
10678		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10679
10680		*lba = scsi_8btou64(cdb->addr);
10681		*len = cdb->length;
10682		break;
10683	}
10684	case READ_6:
10685	case WRITE_6: {
10686		struct scsi_rw_6 *cdb;
10687
10688		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10689
10690		*lba = scsi_3btoul(cdb->addr);
10691		/* only 5 bits are valid in the most significant address byte */
10692		*lba &= 0x1fffff;
10693		*len = cdb->length;
10694		break;
10695	}
10696	case READ_10:
10697	case WRITE_10: {
10698		struct scsi_rw_10 *cdb;
10699
10700		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10701
10702		*lba = scsi_4btoul(cdb->addr);
10703		*len = scsi_2btoul(cdb->length);
10704		break;
10705	}
10706	case WRITE_VERIFY_10: {
10707		struct scsi_write_verify_10 *cdb;
10708
10709		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10710
10711		*lba = scsi_4btoul(cdb->addr);
10712		*len = scsi_2btoul(cdb->length);
10713		break;
10714	}
10715	case READ_12:
10716	case WRITE_12: {
10717		struct scsi_rw_12 *cdb;
10718
10719		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10720
10721		*lba = scsi_4btoul(cdb->addr);
10722		*len = scsi_4btoul(cdb->length);
10723		break;
10724	}
10725	case WRITE_VERIFY_12: {
10726		struct scsi_write_verify_12 *cdb;
10727
10728		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10729
10730		*lba = scsi_4btoul(cdb->addr);
10731		*len = scsi_4btoul(cdb->length);
10732		break;
10733	}
10734	case READ_16:
10735	case WRITE_16:
10736	case WRITE_ATOMIC_16: {
10737		struct scsi_rw_16 *cdb;
10738
10739		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10740
10741		*lba = scsi_8btou64(cdb->addr);
10742		*len = scsi_4btoul(cdb->length);
10743		break;
10744	}
10745	case WRITE_VERIFY_16: {
10746		struct scsi_write_verify_16 *cdb;
10747
10748		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10749
10750		*lba = scsi_8btou64(cdb->addr);
10751		*len = scsi_4btoul(cdb->length);
10752		break;
10753	}
10754	case WRITE_SAME_10: {
10755		struct scsi_write_same_10 *cdb;
10756
10757		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10758
10759		*lba = scsi_4btoul(cdb->addr);
10760		*len = scsi_2btoul(cdb->length);
10761		break;
10762	}
10763	case WRITE_SAME_16: {
10764		struct scsi_write_same_16 *cdb;
10765
10766		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10767
10768		*lba = scsi_8btou64(cdb->addr);
10769		*len = scsi_4btoul(cdb->length);
10770		break;
10771	}
10772	case VERIFY_10: {
10773		struct scsi_verify_10 *cdb;
10774
10775		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10776
10777		*lba = scsi_4btoul(cdb->addr);
10778		*len = scsi_2btoul(cdb->length);
10779		break;
10780	}
10781	case VERIFY_12: {
10782		struct scsi_verify_12 *cdb;
10783
10784		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10785
10786		*lba = scsi_4btoul(cdb->addr);
10787		*len = scsi_4btoul(cdb->length);
10788		break;
10789	}
10790	case VERIFY_16: {
10791		struct scsi_verify_16 *cdb;
10792
10793		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10794
10795		*lba = scsi_8btou64(cdb->addr);
10796		*len = scsi_4btoul(cdb->length);
10797		break;
10798	}
10799	case UNMAP: {
10800		*lba = 0;
10801		*len = UINT64_MAX;
10802		break;
10803	}
10804	default:
10805		return (1);
10806		break; /* NOTREACHED */
10807	}
10808
10809	return (0);
10810}
10811
10812static ctl_action
10813ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2)
10814{
10815	uint64_t endlba1, endlba2;
10816
10817	endlba1 = lba1 + len1 - 1;
10818	endlba2 = lba2 + len2 - 1;
10819
10820	if ((endlba1 < lba2)
10821	 || (endlba2 < lba1))
10822		return (CTL_ACTION_PASS);
10823	else
10824		return (CTL_ACTION_BLOCK);
10825}
10826
10827static int
10828ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10829{
10830	struct ctl_ptr_len_flags *ptrlen;
10831	struct scsi_unmap_desc *buf, *end, *range;
10832	uint64_t lba;
10833	uint32_t len;
10834
10835	/* If not UNMAP -- go other way. */
10836	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10837	    io->scsiio.cdb[0] != UNMAP)
10838		return (CTL_ACTION_ERROR);
10839
10840	/* If UNMAP without data -- block and wait for data. */
10841	ptrlen = (struct ctl_ptr_len_flags *)
10842	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10843	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10844	    ptrlen->ptr == NULL)
10845		return (CTL_ACTION_BLOCK);
10846
10847	/* UNMAP with data -- check for collision. */
10848	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10849	end = buf + ptrlen->len / sizeof(*buf);
10850	for (range = buf; range < end; range++) {
10851		lba = scsi_8btou64(range->lba);
10852		len = scsi_4btoul(range->length);
10853		if ((lba < lba2 + len2) && (lba + len > lba2))
10854			return (CTL_ACTION_BLOCK);
10855	}
10856	return (CTL_ACTION_PASS);
10857}
10858
10859static ctl_action
10860ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
10861{
10862	uint64_t lba1, lba2;
10863	uint64_t len1, len2;
10864	int retval;
10865
10866	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10867		return (CTL_ACTION_ERROR);
10868
10869	retval = ctl_extent_check_unmap(io2, lba1, len1);
10870	if (retval != CTL_ACTION_ERROR)
10871		return (retval);
10872
10873	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10874		return (CTL_ACTION_ERROR);
10875
10876	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
10877}
10878
10879static ctl_action
10880ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10881    union ctl_io *ooa_io)
10882{
10883	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10884	ctl_serialize_action *serialize_row;
10885
10886	/*
10887	 * The initiator attempted multiple untagged commands at the same
10888	 * time.  Can't do that.
10889	 */
10890	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10891	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10892	 && ((pending_io->io_hdr.nexus.targ_port ==
10893	      ooa_io->io_hdr.nexus.targ_port)
10894	  && (pending_io->io_hdr.nexus.initid.id ==
10895	      ooa_io->io_hdr.nexus.initid.id))
10896	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10897		return (CTL_ACTION_OVERLAP);
10898
10899	/*
10900	 * The initiator attempted to send multiple tagged commands with
10901	 * the same ID.  (It's fine if different initiators have the same
10902	 * tag ID.)
10903	 *
10904	 * Even if all of those conditions are true, we don't kill the I/O
10905	 * if the command ahead of us has been aborted.  We won't end up
10906	 * sending it to the FETD, and it's perfectly legal to resend a
10907	 * command with the same tag number as long as the previous
10908	 * instance of this tag number has been aborted somehow.
10909	 */
10910	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10911	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10912	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10913	 && ((pending_io->io_hdr.nexus.targ_port ==
10914	      ooa_io->io_hdr.nexus.targ_port)
10915	  && (pending_io->io_hdr.nexus.initid.id ==
10916	      ooa_io->io_hdr.nexus.initid.id))
10917	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10918		return (CTL_ACTION_OVERLAP_TAG);
10919
10920	/*
10921	 * If we get a head of queue tag, SAM-3 says that we should
10922	 * immediately execute it.
10923	 *
10924	 * What happens if this command would normally block for some other
10925	 * reason?  e.g. a request sense with a head of queue tag
10926	 * immediately after a write.  Normally that would block, but this
10927	 * will result in its getting executed immediately...
10928	 *
10929	 * We currently return "pass" instead of "skip", so we'll end up
10930	 * going through the rest of the queue to check for overlapped tags.
10931	 *
10932	 * XXX KDM check for other types of blockage first??
10933	 */
10934	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10935		return (CTL_ACTION_PASS);
10936
10937	/*
10938	 * Ordered tags have to block until all items ahead of them
10939	 * have completed.  If we get called with an ordered tag, we always
10940	 * block, if something else is ahead of us in the queue.
10941	 */
10942	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10943		return (CTL_ACTION_BLOCK);
10944
10945	/*
10946	 * Simple tags get blocked until all head of queue and ordered tags
10947	 * ahead of them have completed.  I'm lumping untagged commands in
10948	 * with simple tags here.  XXX KDM is that the right thing to do?
10949	 */
10950	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10951	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10952	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10953	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10954		return (CTL_ACTION_BLOCK);
10955
10956	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10957	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10958
10959	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10960
10961	switch (serialize_row[pending_entry->seridx]) {
10962	case CTL_SER_BLOCK:
10963		return (CTL_ACTION_BLOCK);
10964	case CTL_SER_EXTENT:
10965		return (ctl_extent_check(pending_io, ooa_io));
10966	case CTL_SER_EXTENTOPT:
10967		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10968		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10969			return (ctl_extent_check(pending_io, ooa_io));
10970		/* FALLTHROUGH */
10971	case CTL_SER_PASS:
10972		return (CTL_ACTION_PASS);
10973	case CTL_SER_BLOCKOPT:
10974		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10975		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10976			return (CTL_ACTION_BLOCK);
10977		return (CTL_ACTION_PASS);
10978	case CTL_SER_SKIP:
10979		return (CTL_ACTION_SKIP);
10980	default:
10981		panic("invalid serialization value %d",
10982		      serialize_row[pending_entry->seridx]);
10983	}
10984
10985	return (CTL_ACTION_ERROR);
10986}
10987
10988/*
10989 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10990 * Assumptions:
10991 * - pending_io is generally either incoming, or on the blocked queue
10992 * - starting I/O is the I/O we want to start the check with.
10993 */
10994static ctl_action
10995ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10996	      union ctl_io *starting_io)
10997{
10998	union ctl_io *ooa_io;
10999	ctl_action action;
11000
11001	mtx_assert(&lun->lun_lock, MA_OWNED);
11002
11003	/*
11004	 * Run back along the OOA queue, starting with the current
11005	 * blocked I/O and going through every I/O before it on the
11006	 * queue.  If starting_io is NULL, we'll just end up returning
11007	 * CTL_ACTION_PASS.
11008	 */
11009	for (ooa_io = starting_io; ooa_io != NULL;
11010	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11011	     ooa_links)){
11012
11013		/*
11014		 * This routine just checks to see whether
11015		 * cur_blocked is blocked by ooa_io, which is ahead
11016		 * of it in the queue.  It doesn't queue/dequeue
11017		 * cur_blocked.
11018		 */
11019		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11020		switch (action) {
11021		case CTL_ACTION_BLOCK:
11022		case CTL_ACTION_OVERLAP:
11023		case CTL_ACTION_OVERLAP_TAG:
11024		case CTL_ACTION_SKIP:
11025		case CTL_ACTION_ERROR:
11026			return (action);
11027			break; /* NOTREACHED */
11028		case CTL_ACTION_PASS:
11029			break;
11030		default:
11031			panic("invalid action %d", action);
11032			break;  /* NOTREACHED */
11033		}
11034	}
11035
11036	return (CTL_ACTION_PASS);
11037}
11038
11039/*
11040 * Assumptions:
11041 * - An I/O has just completed, and has been removed from the per-LUN OOA
11042 *   queue, so some items on the blocked queue may now be unblocked.
11043 */
11044static int
11045ctl_check_blocked(struct ctl_lun *lun)
11046{
11047	union ctl_io *cur_blocked, *next_blocked;
11048
11049	mtx_assert(&lun->lun_lock, MA_OWNED);
11050
11051	/*
11052	 * Run forward from the head of the blocked queue, checking each
11053	 * entry against the I/Os prior to it on the OOA queue to see if
11054	 * there is still any blockage.
11055	 *
11056	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11057	 * with our removing a variable on it while it is traversing the
11058	 * list.
11059	 */
11060	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11061	     cur_blocked != NULL; cur_blocked = next_blocked) {
11062		union ctl_io *prev_ooa;
11063		ctl_action action;
11064
11065		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11066							  blocked_links);
11067
11068		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11069						      ctl_ooaq, ooa_links);
11070
11071		/*
11072		 * If cur_blocked happens to be the first item in the OOA
11073		 * queue now, prev_ooa will be NULL, and the action
11074		 * returned will just be CTL_ACTION_PASS.
11075		 */
11076		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11077
11078		switch (action) {
11079		case CTL_ACTION_BLOCK:
11080			/* Nothing to do here, still blocked */
11081			break;
11082		case CTL_ACTION_OVERLAP:
11083		case CTL_ACTION_OVERLAP_TAG:
11084			/*
11085			 * This shouldn't happen!  In theory we've already
11086			 * checked this command for overlap...
11087			 */
11088			break;
11089		case CTL_ACTION_PASS:
11090		case CTL_ACTION_SKIP: {
11091			struct ctl_softc *softc;
11092			const struct ctl_cmd_entry *entry;
11093			uint32_t initidx;
11094			int isc_retval;
11095
11096			/*
11097			 * The skip case shouldn't happen, this transaction
11098			 * should have never made it onto the blocked queue.
11099			 */
11100			/*
11101			 * This I/O is no longer blocked, we can remove it
11102			 * from the blocked queue.  Since this is a TAILQ
11103			 * (doubly linked list), we can do O(1) removals
11104			 * from any place on the list.
11105			 */
11106			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11107				     blocked_links);
11108			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11109
11110			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
11111				/*
11112				 * Need to send IO back to original side to
11113				 * run
11114				 */
11115				union ctl_ha_msg msg_info;
11116
11117				msg_info.hdr.original_sc =
11118					cur_blocked->io_hdr.original_sc;
11119				msg_info.hdr.serializing_sc = cur_blocked;
11120				msg_info.hdr.msg_type = CTL_MSG_R2R;
11121				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11122				     &msg_info, sizeof(msg_info), 0)) >
11123				     CTL_HA_STATUS_SUCCESS) {
11124					printf("CTL:Check Blocked error from "
11125					       "ctl_ha_msg_send %d\n",
11126					       isc_retval);
11127				}
11128				break;
11129			}
11130			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11131			softc = control_softc;
11132
11133			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
11134
11135			/*
11136			 * Check this I/O for LUN state changes that may
11137			 * have happened while this command was blocked.
11138			 * The LUN state may have been changed by a command
11139			 * ahead of us in the queue, so we need to re-check
11140			 * for any states that can be caused by SCSI
11141			 * commands.
11142			 */
11143			if (ctl_scsiio_lun_check(softc, lun, entry,
11144						 &cur_blocked->scsiio) == 0) {
11145				cur_blocked->io_hdr.flags |=
11146				                      CTL_FLAG_IS_WAS_ON_RTR;
11147				ctl_enqueue_rtr(cur_blocked);
11148			} else
11149				ctl_done(cur_blocked);
11150			break;
11151		}
11152		default:
11153			/*
11154			 * This probably shouldn't happen -- we shouldn't
11155			 * get CTL_ACTION_ERROR, or anything else.
11156			 */
11157			break;
11158		}
11159	}
11160
11161	return (CTL_RETVAL_COMPLETE);
11162}
11163
11164/*
11165 * This routine (with one exception) checks LUN flags that can be set by
11166 * commands ahead of us in the OOA queue.  These flags have to be checked
11167 * when a command initially comes in, and when we pull a command off the
11168 * blocked queue and are preparing to execute it.  The reason we have to
11169 * check these flags for commands on the blocked queue is that the LUN
11170 * state may have been changed by a command ahead of us while we're on the
11171 * blocked queue.
11172 *
11173 * Ordering is somewhat important with these checks, so please pay
11174 * careful attention to the placement of any new checks.
11175 */
11176static int
11177ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
11178    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11179{
11180	int retval;
11181	uint32_t residx;
11182
11183	retval = 0;
11184
11185	mtx_assert(&lun->lun_lock, MA_OWNED);
11186
11187	/*
11188	 * If this shelf is a secondary shelf controller, we have to reject
11189	 * any media access commands.
11190	 */
11191#if 0
11192	/* No longer needed for HA */
11193	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
11194	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
11195		ctl_set_lun_standby(ctsio);
11196		retval = 1;
11197		goto bailout;
11198	}
11199#endif
11200
11201	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11202		if (lun->flags & CTL_LUN_READONLY) {
11203			ctl_set_sense(ctsio, /*current_error*/ 1,
11204			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11205			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
11206			retval = 1;
11207			goto bailout;
11208		}
11209		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11210		    .eca_and_aen & SCP_SWP) != 0) {
11211			ctl_set_sense(ctsio, /*current_error*/ 1,
11212			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11213			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11214			retval = 1;
11215			goto bailout;
11216		}
11217	}
11218
11219	/*
11220	 * Check for a reservation conflict.  If this command isn't allowed
11221	 * even on reserved LUNs, and if this initiator isn't the one who
11222	 * reserved us, reject the command with a reservation conflict.
11223	 */
11224	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
11225	if ((lun->flags & CTL_LUN_RESERVED)
11226	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11227		if (lun->res_idx != residx) {
11228			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
11229			ctsio->io_hdr.status = CTL_SCSI_ERROR;
11230			retval = 1;
11231			goto bailout;
11232		}
11233	}
11234
11235	if ((lun->flags & CTL_LUN_PR_RESERVED)
11236	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV) == 0)) {
11237		/*
11238		 * if we aren't registered or it's a res holder type
11239		 * reservation and this isn't the res holder then set a
11240		 * conflict.
11241		 * NOTE: Commands which might be allowed on write exclusive
11242		 * type reservations are checked in the particular command
11243		 * for a conflict. Read and SSU are the only ones.
11244		 */
11245		if (lun->pr_keys[residx] == 0
11246		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11247			ctsio->scsi_status = SCSI_STATUS_RESERV_CONFLICT;
11248			ctsio->io_hdr.status = CTL_SCSI_ERROR;
11249			retval = 1;
11250			goto bailout;
11251		}
11252
11253	}
11254
11255	if ((lun->flags & CTL_LUN_OFFLINE)
11256	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
11257		ctl_set_lun_not_ready(ctsio);
11258		retval = 1;
11259		goto bailout;
11260	}
11261
11262	/*
11263	 * If the LUN is stopped, see if this particular command is allowed
11264	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
11265	 */
11266	if ((lun->flags & CTL_LUN_STOPPED)
11267	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11268		/* "Logical unit not ready, initializing cmd. required" */
11269		ctl_set_lun_stopped(ctsio);
11270		retval = 1;
11271		goto bailout;
11272	}
11273
11274	if ((lun->flags & CTL_LUN_INOPERABLE)
11275	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11276		/* "Medium format corrupted" */
11277		ctl_set_medium_format_corrupted(ctsio);
11278		retval = 1;
11279		goto bailout;
11280	}
11281
11282bailout:
11283	return (retval);
11284
11285}
11286
11287static void
11288ctl_failover_io(union ctl_io *io, int have_lock)
11289{
11290	ctl_set_busy(&io->scsiio);
11291	ctl_done(io);
11292}
11293
11294static void
11295ctl_failover(void)
11296{
11297	struct ctl_lun *lun;
11298	struct ctl_softc *ctl_softc;
11299	union ctl_io *next_io, *pending_io;
11300	union ctl_io *io;
11301	int lun_idx;
11302	int i;
11303
11304	ctl_softc = control_softc;
11305
11306	mtx_lock(&ctl_softc->ctl_lock);
11307	/*
11308	 * Remove any cmds from the other SC from the rtr queue.  These
11309	 * will obviously only be for LUNs for which we're the primary.
11310	 * We can't send status or get/send data for these commands.
11311	 * Since they haven't been executed yet, we can just remove them.
11312	 * We'll either abort them or delete them below, depending on
11313	 * which HA mode we're in.
11314	 */
11315#ifdef notyet
11316	mtx_lock(&ctl_softc->queue_lock);
11317	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
11318	     io != NULL; io = next_io) {
11319		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
11320		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11321			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
11322				      ctl_io_hdr, links);
11323	}
11324	mtx_unlock(&ctl_softc->queue_lock);
11325#endif
11326
11327	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
11328		lun = ctl_softc->ctl_luns[lun_idx];
11329		if (lun==NULL)
11330			continue;
11331
11332		/*
11333		 * Processor LUNs are primary on both sides.
11334		 * XXX will this always be true?
11335		 */
11336		if (lun->be_lun->lun_type == T_PROCESSOR)
11337			continue;
11338
11339		if ((lun->flags & CTL_LUN_PRIMARY_SC)
11340		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11341			printf("FAILOVER: primary lun %d\n", lun_idx);
11342		        /*
11343			 * Remove all commands from the other SC. First from the
11344			 * blocked queue then from the ooa queue. Once we have
11345			 * removed them. Call ctl_check_blocked to see if there
11346			 * is anything that can run.
11347			 */
11348			for (io = (union ctl_io *)TAILQ_FIRST(
11349			     &lun->blocked_queue); io != NULL; io = next_io) {
11350
11351		        	next_io = (union ctl_io *)TAILQ_NEXT(
11352				    &io->io_hdr, blocked_links);
11353
11354				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11355					TAILQ_REMOVE(&lun->blocked_queue,
11356						     &io->io_hdr,blocked_links);
11357					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11358					TAILQ_REMOVE(&lun->ooa_queue,
11359						     &io->io_hdr, ooa_links);
11360
11361					ctl_free_io(io);
11362				}
11363			}
11364
11365			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11366	     		     io != NULL; io = next_io) {
11367
11368		        	next_io = (union ctl_io *)TAILQ_NEXT(
11369				    &io->io_hdr, ooa_links);
11370
11371				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11372
11373					TAILQ_REMOVE(&lun->ooa_queue,
11374						&io->io_hdr,
11375					     	ooa_links);
11376
11377					ctl_free_io(io);
11378				}
11379			}
11380			ctl_check_blocked(lun);
11381		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
11382			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11383
11384			printf("FAILOVER: primary lun %d\n", lun_idx);
11385			/*
11386			 * Abort all commands from the other SC.  We can't
11387			 * send status back for them now.  These should get
11388			 * cleaned up when they are completed or come out
11389			 * for a datamove operation.
11390			 */
11391			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11392	     		     io != NULL; io = next_io) {
11393		        	next_io = (union ctl_io *)TAILQ_NEXT(
11394					&io->io_hdr, ooa_links);
11395
11396				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11397					io->io_hdr.flags |= CTL_FLAG_ABORT;
11398			}
11399		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11400			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11401
11402			printf("FAILOVER: secondary lun %d\n", lun_idx);
11403
11404			lun->flags |= CTL_LUN_PRIMARY_SC;
11405
11406			/*
11407			 * We send all I/O that was sent to this controller
11408			 * and redirected to the other side back with
11409			 * busy status, and have the initiator retry it.
11410			 * Figuring out how much data has been transferred,
11411			 * etc. and picking up where we left off would be
11412			 * very tricky.
11413			 *
11414			 * XXX KDM need to remove I/O from the blocked
11415			 * queue as well!
11416			 */
11417			for (pending_io = (union ctl_io *)TAILQ_FIRST(
11418			     &lun->ooa_queue); pending_io != NULL;
11419			     pending_io = next_io) {
11420
11421				next_io =  (union ctl_io *)TAILQ_NEXT(
11422					&pending_io->io_hdr, ooa_links);
11423
11424				pending_io->io_hdr.flags &=
11425					~CTL_FLAG_SENT_2OTHER_SC;
11426
11427				if (pending_io->io_hdr.flags &
11428				    CTL_FLAG_IO_ACTIVE) {
11429					pending_io->io_hdr.flags |=
11430						CTL_FLAG_FAILOVER;
11431				} else {
11432					ctl_set_busy(&pending_io->scsiio);
11433					ctl_done(pending_io);
11434				}
11435			}
11436
11437			/*
11438			 * Build Unit Attention
11439			 */
11440			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11441				lun->pending_ua[i] |=
11442				                     CTL_UA_ASYM_ACC_CHANGE;
11443			}
11444		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11445			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11446			printf("FAILOVER: secondary lun %d\n", lun_idx);
11447			/*
11448			 * if the first io on the OOA is not on the RtR queue
11449			 * add it.
11450			 */
11451			lun->flags |= CTL_LUN_PRIMARY_SC;
11452
11453			pending_io = (union ctl_io *)TAILQ_FIRST(
11454			    &lun->ooa_queue);
11455			if (pending_io==NULL) {
11456				printf("Nothing on OOA queue\n");
11457				continue;
11458			}
11459
11460			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11461			if ((pending_io->io_hdr.flags &
11462			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11463				pending_io->io_hdr.flags |=
11464				    CTL_FLAG_IS_WAS_ON_RTR;
11465				ctl_enqueue_rtr(pending_io);
11466			}
11467#if 0
11468			else
11469			{
11470				printf("Tag 0x%04x is running\n",
11471				      pending_io->scsiio.tag_num);
11472			}
11473#endif
11474
11475			next_io = (union ctl_io *)TAILQ_NEXT(
11476			    &pending_io->io_hdr, ooa_links);
11477			for (pending_io=next_io; pending_io != NULL;
11478			     pending_io = next_io) {
11479				pending_io->io_hdr.flags &=
11480				    ~CTL_FLAG_SENT_2OTHER_SC;
11481				next_io = (union ctl_io *)TAILQ_NEXT(
11482					&pending_io->io_hdr, ooa_links);
11483				if (pending_io->io_hdr.flags &
11484				    CTL_FLAG_IS_WAS_ON_RTR) {
11485#if 0
11486				        printf("Tag 0x%04x is running\n",
11487				      		pending_io->scsiio.tag_num);
11488#endif
11489					continue;
11490				}
11491
11492				switch (ctl_check_ooa(lun, pending_io,
11493			            (union ctl_io *)TAILQ_PREV(
11494				    &pending_io->io_hdr, ctl_ooaq,
11495				    ooa_links))) {
11496
11497				case CTL_ACTION_BLOCK:
11498					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11499							  &pending_io->io_hdr,
11500							  blocked_links);
11501					pending_io->io_hdr.flags |=
11502					    CTL_FLAG_BLOCKED;
11503					break;
11504				case CTL_ACTION_PASS:
11505				case CTL_ACTION_SKIP:
11506					pending_io->io_hdr.flags |=
11507					    CTL_FLAG_IS_WAS_ON_RTR;
11508					ctl_enqueue_rtr(pending_io);
11509					break;
11510				case CTL_ACTION_OVERLAP:
11511					ctl_set_overlapped_cmd(
11512					    (struct ctl_scsiio *)pending_io);
11513					ctl_done(pending_io);
11514					break;
11515				case CTL_ACTION_OVERLAP_TAG:
11516					ctl_set_overlapped_tag(
11517					    (struct ctl_scsiio *)pending_io,
11518					    pending_io->scsiio.tag_num & 0xff);
11519					ctl_done(pending_io);
11520					break;
11521				case CTL_ACTION_ERROR:
11522				default:
11523					ctl_set_internal_failure(
11524						(struct ctl_scsiio *)pending_io,
11525						0,  // sks_valid
11526						0); //retry count
11527					ctl_done(pending_io);
11528					break;
11529				}
11530			}
11531
11532			/*
11533			 * Build Unit Attention
11534			 */
11535			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11536				lun->pending_ua[i] |=
11537				                     CTL_UA_ASYM_ACC_CHANGE;
11538			}
11539		} else {
11540			panic("Unhandled HA mode failover, LUN flags = %#x, "
11541			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
11542		}
11543	}
11544	ctl_pause_rtr = 0;
11545	mtx_unlock(&ctl_softc->ctl_lock);
11546}
11547
11548static int
11549ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
11550{
11551	struct ctl_lun *lun;
11552	const struct ctl_cmd_entry *entry;
11553	uint32_t initidx, targ_lun;
11554	int retval;
11555
11556	retval = 0;
11557
11558	lun = NULL;
11559
11560	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11561	if ((targ_lun < CTL_MAX_LUNS)
11562	 && (ctl_softc->ctl_luns[targ_lun] != NULL)) {
11563		lun = ctl_softc->ctl_luns[targ_lun];
11564		/*
11565		 * If the LUN is invalid, pretend that it doesn't exist.
11566		 * It will go away as soon as all pending I/O has been
11567		 * completed.
11568		 */
11569		if (lun->flags & CTL_LUN_DISABLED) {
11570			lun = NULL;
11571		} else {
11572			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11573			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11574				lun->be_lun;
11575			if (lun->be_lun->lun_type == T_PROCESSOR) {
11576				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11577			}
11578
11579			/*
11580			 * Every I/O goes into the OOA queue for a
11581			 * particular LUN, and stays there until completion.
11582			 */
11583			mtx_lock(&lun->lun_lock);
11584			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11585			    ooa_links);
11586		}
11587	} else {
11588		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11589		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11590	}
11591
11592	/* Get command entry and return error if it is unsuppotyed. */
11593	entry = ctl_validate_command(ctsio);
11594	if (entry == NULL) {
11595		if (lun)
11596			mtx_unlock(&lun->lun_lock);
11597		return (retval);
11598	}
11599
11600	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11601	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11602
11603	/*
11604	 * Check to see whether we can send this command to LUNs that don't
11605	 * exist.  This should pretty much only be the case for inquiry
11606	 * and request sense.  Further checks, below, really require having
11607	 * a LUN, so we can't really check the command anymore.  Just put
11608	 * it on the rtr queue.
11609	 */
11610	if (lun == NULL) {
11611		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11612			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11613			ctl_enqueue_rtr((union ctl_io *)ctsio);
11614			return (retval);
11615		}
11616
11617		ctl_set_unsupported_lun(ctsio);
11618		ctl_done((union ctl_io *)ctsio);
11619		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11620		return (retval);
11621	} else {
11622		/*
11623		 * Make sure we support this particular command on this LUN.
11624		 * e.g., we don't support writes to the control LUN.
11625		 */
11626		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11627			mtx_unlock(&lun->lun_lock);
11628			ctl_set_invalid_opcode(ctsio);
11629			ctl_done((union ctl_io *)ctsio);
11630			return (retval);
11631		}
11632	}
11633
11634	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11635
11636#ifdef CTL_WITH_CA
11637	/*
11638	 * If we've got a request sense, it'll clear the contingent
11639	 * allegiance condition.  Otherwise, if we have a CA condition for
11640	 * this initiator, clear it, because it sent down a command other
11641	 * than request sense.
11642	 */
11643	if ((ctsio->cdb[0] != REQUEST_SENSE)
11644	 && (ctl_is_set(lun->have_ca, initidx)))
11645		ctl_clear_mask(lun->have_ca, initidx);
11646#endif
11647
11648	/*
11649	 * If the command has this flag set, it handles its own unit
11650	 * attention reporting, we shouldn't do anything.  Otherwise we
11651	 * check for any pending unit attentions, and send them back to the
11652	 * initiator.  We only do this when a command initially comes in,
11653	 * not when we pull it off the blocked queue.
11654	 *
11655	 * According to SAM-3, section 5.3.2, the order that things get
11656	 * presented back to the host is basically unit attentions caused
11657	 * by some sort of reset event, busy status, reservation conflicts
11658	 * or task set full, and finally any other status.
11659	 *
11660	 * One issue here is that some of the unit attentions we report
11661	 * don't fall into the "reset" category (e.g. "reported luns data
11662	 * has changed").  So reporting it here, before the reservation
11663	 * check, may be technically wrong.  I guess the only thing to do
11664	 * would be to check for and report the reset events here, and then
11665	 * check for the other unit attention types after we check for a
11666	 * reservation conflict.
11667	 *
11668	 * XXX KDM need to fix this
11669	 */
11670	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11671		ctl_ua_type ua_type;
11672
11673		if (lun->pending_ua[initidx] != CTL_UA_NONE) {
11674			scsi_sense_data_type sense_format;
11675
11676			if (lun != NULL)
11677				sense_format = (lun->flags &
11678				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
11679				    SSD_TYPE_FIXED;
11680			else
11681				sense_format = SSD_TYPE_FIXED;
11682
11683			ua_type = ctl_build_ua(&lun->pending_ua[initidx],
11684			    &ctsio->sense_data, sense_format);
11685			if (ua_type != CTL_UA_NONE) {
11686				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11687				ctsio->io_hdr.status = CTL_SCSI_ERROR |
11688						       CTL_AUTOSENSE;
11689				ctsio->sense_len = SSD_FULL_SIZE;
11690				mtx_unlock(&lun->lun_lock);
11691				ctl_done((union ctl_io *)ctsio);
11692				return (retval);
11693			}
11694		}
11695	}
11696
11697
11698	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
11699		mtx_unlock(&lun->lun_lock);
11700		ctl_done((union ctl_io *)ctsio);
11701		return (retval);
11702	}
11703
11704	/*
11705	 * XXX CHD this is where we want to send IO to other side if
11706	 * this LUN is secondary on this SC. We will need to make a copy
11707	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11708	 * the copy we send as FROM_OTHER.
11709	 * We also need to stuff the address of the original IO so we can
11710	 * find it easily. Something similar will need be done on the other
11711	 * side so when we are done we can find the copy.
11712	 */
11713	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11714		union ctl_ha_msg msg_info;
11715		int isc_retval;
11716
11717		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11718
11719		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11720		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11721#if 0
11722		printf("1. ctsio %p\n", ctsio);
11723#endif
11724		msg_info.hdr.serializing_sc = NULL;
11725		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11726		msg_info.scsi.tag_num = ctsio->tag_num;
11727		msg_info.scsi.tag_type = ctsio->tag_type;
11728		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11729
11730		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11731
11732		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11733		    (void *)&msg_info, sizeof(msg_info), 0)) >
11734		    CTL_HA_STATUS_SUCCESS) {
11735			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11736			       isc_retval);
11737			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11738		} else {
11739#if 0
11740			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11741#endif
11742		}
11743
11744		/*
11745		 * XXX KDM this I/O is off the incoming queue, but hasn't
11746		 * been inserted on any other queue.  We may need to come
11747		 * up with a holding queue while we wait for serialization
11748		 * so that we have an idea of what we're waiting for from
11749		 * the other side.
11750		 */
11751		mtx_unlock(&lun->lun_lock);
11752		return (retval);
11753	}
11754
11755	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11756			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11757			      ctl_ooaq, ooa_links))) {
11758	case CTL_ACTION_BLOCK:
11759		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11760		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11761				  blocked_links);
11762		mtx_unlock(&lun->lun_lock);
11763		return (retval);
11764	case CTL_ACTION_PASS:
11765	case CTL_ACTION_SKIP:
11766		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11767		mtx_unlock(&lun->lun_lock);
11768		ctl_enqueue_rtr((union ctl_io *)ctsio);
11769		break;
11770	case CTL_ACTION_OVERLAP:
11771		mtx_unlock(&lun->lun_lock);
11772		ctl_set_overlapped_cmd(ctsio);
11773		ctl_done((union ctl_io *)ctsio);
11774		break;
11775	case CTL_ACTION_OVERLAP_TAG:
11776		mtx_unlock(&lun->lun_lock);
11777		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11778		ctl_done((union ctl_io *)ctsio);
11779		break;
11780	case CTL_ACTION_ERROR:
11781	default:
11782		mtx_unlock(&lun->lun_lock);
11783		ctl_set_internal_failure(ctsio,
11784					 /*sks_valid*/ 0,
11785					 /*retry_count*/ 0);
11786		ctl_done((union ctl_io *)ctsio);
11787		break;
11788	}
11789	return (retval);
11790}
11791
11792const struct ctl_cmd_entry *
11793ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11794{
11795	const struct ctl_cmd_entry *entry;
11796	int service_action;
11797
11798	entry = &ctl_cmd_table[ctsio->cdb[0]];
11799	if (sa)
11800		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11801	if (entry->flags & CTL_CMD_FLAG_SA5) {
11802		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11803		entry = &((const struct ctl_cmd_entry *)
11804		    entry->execute)[service_action];
11805	}
11806	return (entry);
11807}
11808
11809const struct ctl_cmd_entry *
11810ctl_validate_command(struct ctl_scsiio *ctsio)
11811{
11812	const struct ctl_cmd_entry *entry;
11813	int i, sa;
11814	uint8_t diff;
11815
11816	entry = ctl_get_cmd_entry(ctsio, &sa);
11817	if (entry->execute == NULL) {
11818		if (sa)
11819			ctl_set_invalid_field(ctsio,
11820					      /*sks_valid*/ 1,
11821					      /*command*/ 1,
11822					      /*field*/ 1,
11823					      /*bit_valid*/ 1,
11824					      /*bit*/ 4);
11825		else
11826			ctl_set_invalid_opcode(ctsio);
11827		ctl_done((union ctl_io *)ctsio);
11828		return (NULL);
11829	}
11830	KASSERT(entry->length > 0,
11831	    ("Not defined length for command 0x%02x/0x%02x",
11832	     ctsio->cdb[0], ctsio->cdb[1]));
11833	for (i = 1; i < entry->length; i++) {
11834		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11835		if (diff == 0)
11836			continue;
11837		ctl_set_invalid_field(ctsio,
11838				      /*sks_valid*/ 1,
11839				      /*command*/ 1,
11840				      /*field*/ i,
11841				      /*bit_valid*/ 1,
11842				      /*bit*/ fls(diff) - 1);
11843		ctl_done((union ctl_io *)ctsio);
11844		return (NULL);
11845	}
11846	return (entry);
11847}
11848
11849static int
11850ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11851{
11852
11853	switch (lun_type) {
11854	case T_PROCESSOR:
11855		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11856		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11857			return (0);
11858		break;
11859	case T_DIRECT:
11860		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11861		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11862			return (0);
11863		break;
11864	default:
11865		return (0);
11866	}
11867	return (1);
11868}
11869
11870static int
11871ctl_scsiio(struct ctl_scsiio *ctsio)
11872{
11873	int retval;
11874	const struct ctl_cmd_entry *entry;
11875
11876	retval = CTL_RETVAL_COMPLETE;
11877
11878	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11879
11880	entry = ctl_get_cmd_entry(ctsio, NULL);
11881
11882	/*
11883	 * If this I/O has been aborted, just send it straight to
11884	 * ctl_done() without executing it.
11885	 */
11886	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11887		ctl_done((union ctl_io *)ctsio);
11888		goto bailout;
11889	}
11890
11891	/*
11892	 * All the checks should have been handled by ctl_scsiio_precheck().
11893	 * We should be clear now to just execute the I/O.
11894	 */
11895	retval = entry->execute(ctsio);
11896
11897bailout:
11898	return (retval);
11899}
11900
11901/*
11902 * Since we only implement one target right now, a bus reset simply resets
11903 * our single target.
11904 */
11905static int
11906ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
11907{
11908	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
11909}
11910
11911static int
11912ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
11913		 ctl_ua_type ua_type)
11914{
11915	struct ctl_lun *lun;
11916	int retval;
11917
11918	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11919		union ctl_ha_msg msg_info;
11920
11921		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11922		msg_info.hdr.nexus = io->io_hdr.nexus;
11923		if (ua_type==CTL_UA_TARG_RESET)
11924			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11925		else
11926			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11927		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11928		msg_info.hdr.original_sc = NULL;
11929		msg_info.hdr.serializing_sc = NULL;
11930		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11931		    (void *)&msg_info, sizeof(msg_info), 0)) {
11932		}
11933	}
11934	retval = 0;
11935
11936	mtx_lock(&ctl_softc->ctl_lock);
11937	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
11938		retval += ctl_lun_reset(lun, io, ua_type);
11939	mtx_unlock(&ctl_softc->ctl_lock);
11940
11941	return (retval);
11942}
11943
11944/*
11945 * The LUN should always be set.  The I/O is optional, and is used to
11946 * distinguish between I/Os sent by this initiator, and by other
11947 * initiators.  We set unit attention for initiators other than this one.
11948 * SAM-3 is vague on this point.  It does say that a unit attention should
11949 * be established for other initiators when a LUN is reset (see section
11950 * 5.7.3), but it doesn't specifically say that the unit attention should
11951 * be established for this particular initiator when a LUN is reset.  Here
11952 * is the relevant text, from SAM-3 rev 8:
11953 *
11954 * 5.7.2 When a SCSI initiator port aborts its own tasks
11955 *
11956 * When a SCSI initiator port causes its own task(s) to be aborted, no
11957 * notification that the task(s) have been aborted shall be returned to
11958 * the SCSI initiator port other than the completion response for the
11959 * command or task management function action that caused the task(s) to
11960 * be aborted and notification(s) associated with related effects of the
11961 * action (e.g., a reset unit attention condition).
11962 *
11963 * XXX KDM for now, we're setting unit attention for all initiators.
11964 */
11965static int
11966ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11967{
11968	union ctl_io *xio;
11969#if 0
11970	uint32_t initindex;
11971#endif
11972	int i;
11973
11974	mtx_lock(&lun->lun_lock);
11975	/*
11976	 * Run through the OOA queue and abort each I/O.
11977	 */
11978#if 0
11979	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11980#endif
11981	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11982	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11983		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11984	}
11985
11986	/*
11987	 * This version sets unit attention for every
11988	 */
11989#if 0
11990	initindex = ctl_get_initindex(&io->io_hdr.nexus);
11991	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11992		if (initindex == i)
11993			continue;
11994		lun->pending_ua[i] |= ua_type;
11995	}
11996#endif
11997
11998	/*
11999	 * A reset (any kind, really) clears reservations established with
12000	 * RESERVE/RELEASE.  It does not clear reservations established
12001	 * with PERSISTENT RESERVE OUT, but we don't support that at the
12002	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
12003	 * reservations made with the RESERVE/RELEASE commands, because
12004	 * those commands are obsolete in SPC-3.
12005	 */
12006	lun->flags &= ~CTL_LUN_RESERVED;
12007
12008	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
12009#ifdef CTL_WITH_CA
12010		ctl_clear_mask(lun->have_ca, i);
12011#endif
12012		lun->pending_ua[i] |= ua_type;
12013	}
12014	mtx_unlock(&lun->lun_lock);
12015
12016	return (0);
12017}
12018
12019static void
12020ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
12021    int other_sc)
12022{
12023	union ctl_io *xio;
12024
12025	mtx_assert(&lun->lun_lock, MA_OWNED);
12026
12027	/*
12028	 * Run through the OOA queue and attempt to find the given I/O.
12029	 * The target port, initiator ID, tag type and tag number have to
12030	 * match the values that we got from the initiator.  If we have an
12031	 * untagged command to abort, simply abort the first untagged command
12032	 * we come to.  We only allow one untagged command at a time of course.
12033	 */
12034	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12035	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12036
12037		if ((targ_port == UINT32_MAX ||
12038		     targ_port == xio->io_hdr.nexus.targ_port) &&
12039		    (init_id == UINT32_MAX ||
12040		     init_id == xio->io_hdr.nexus.initid.id)) {
12041			if (targ_port != xio->io_hdr.nexus.targ_port ||
12042			    init_id != xio->io_hdr.nexus.initid.id)
12043				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
12044			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12045			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12046				union ctl_ha_msg msg_info;
12047
12048				msg_info.hdr.nexus = xio->io_hdr.nexus;
12049				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12050				msg_info.task.tag_num = xio->scsiio.tag_num;
12051				msg_info.task.tag_type = xio->scsiio.tag_type;
12052				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12053				msg_info.hdr.original_sc = NULL;
12054				msg_info.hdr.serializing_sc = NULL;
12055				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12056				    (void *)&msg_info, sizeof(msg_info), 0);
12057			}
12058		}
12059	}
12060}
12061
12062static int
12063ctl_abort_task_set(union ctl_io *io)
12064{
12065	struct ctl_softc *softc = control_softc;
12066	struct ctl_lun *lun;
12067	uint32_t targ_lun;
12068
12069	/*
12070	 * Look up the LUN.
12071	 */
12072	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12073	mtx_lock(&softc->ctl_lock);
12074	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
12075		lun = softc->ctl_luns[targ_lun];
12076	else {
12077		mtx_unlock(&softc->ctl_lock);
12078		return (1);
12079	}
12080
12081	mtx_lock(&lun->lun_lock);
12082	mtx_unlock(&softc->ctl_lock);
12083	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12084		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12085		    io->io_hdr.nexus.initid.id,
12086		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12087	} else { /* CTL_TASK_CLEAR_TASK_SET */
12088		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12089		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12090	}
12091	mtx_unlock(&lun->lun_lock);
12092	return (0);
12093}
12094
12095static int
12096ctl_i_t_nexus_reset(union ctl_io *io)
12097{
12098	struct ctl_softc *softc = control_softc;
12099	struct ctl_lun *lun;
12100	uint32_t initindex, residx;
12101
12102	initindex = ctl_get_initindex(&io->io_hdr.nexus);
12103	residx = ctl_get_resindex(&io->io_hdr.nexus);
12104	mtx_lock(&softc->ctl_lock);
12105	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12106		mtx_lock(&lun->lun_lock);
12107		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12108		    io->io_hdr.nexus.initid.id,
12109		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12110#ifdef CTL_WITH_CA
12111		ctl_clear_mask(lun->have_ca, initindex);
12112#endif
12113		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
12114			lun->flags &= ~CTL_LUN_RESERVED;
12115		lun->pending_ua[initindex] |= CTL_UA_I_T_NEXUS_LOSS;
12116		mtx_unlock(&lun->lun_lock);
12117	}
12118	mtx_unlock(&softc->ctl_lock);
12119	return (0);
12120}
12121
12122static int
12123ctl_abort_task(union ctl_io *io)
12124{
12125	union ctl_io *xio;
12126	struct ctl_lun *lun;
12127	struct ctl_softc *ctl_softc;
12128#if 0
12129	struct sbuf sb;
12130	char printbuf[128];
12131#endif
12132	int found;
12133	uint32_t targ_lun;
12134
12135	ctl_softc = control_softc;
12136	found = 0;
12137
12138	/*
12139	 * Look up the LUN.
12140	 */
12141	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12142	mtx_lock(&ctl_softc->ctl_lock);
12143	if ((targ_lun < CTL_MAX_LUNS)
12144	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12145		lun = ctl_softc->ctl_luns[targ_lun];
12146	else {
12147		mtx_unlock(&ctl_softc->ctl_lock);
12148		return (1);
12149	}
12150
12151#if 0
12152	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12153	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12154#endif
12155
12156	mtx_lock(&lun->lun_lock);
12157	mtx_unlock(&ctl_softc->ctl_lock);
12158	/*
12159	 * Run through the OOA queue and attempt to find the given I/O.
12160	 * The target port, initiator ID, tag type and tag number have to
12161	 * match the values that we got from the initiator.  If we have an
12162	 * untagged command to abort, simply abort the first untagged command
12163	 * we come to.  We only allow one untagged command at a time of course.
12164	 */
12165#if 0
12166	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
12167#endif
12168	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12169	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12170#if 0
12171		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12172
12173		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12174			    lun->lun, xio->scsiio.tag_num,
12175			    xio->scsiio.tag_type,
12176			    (xio->io_hdr.blocked_links.tqe_prev
12177			    == NULL) ? "" : " BLOCKED",
12178			    (xio->io_hdr.flags &
12179			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12180			    (xio->io_hdr.flags &
12181			    CTL_FLAG_ABORT) ? " ABORT" : "",
12182			    (xio->io_hdr.flags &
12183			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12184		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12185		sbuf_finish(&sb);
12186		printf("%s\n", sbuf_data(&sb));
12187#endif
12188
12189		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
12190		 && (xio->io_hdr.nexus.initid.id ==
12191		     io->io_hdr.nexus.initid.id)) {
12192			/*
12193			 * If the abort says that the task is untagged, the
12194			 * task in the queue must be untagged.  Otherwise,
12195			 * we just check to see whether the tag numbers
12196			 * match.  This is because the QLogic firmware
12197			 * doesn't pass back the tag type in an abort
12198			 * request.
12199			 */
12200#if 0
12201			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12202			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12203			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
12204#endif
12205			/*
12206			 * XXX KDM we've got problems with FC, because it
12207			 * doesn't send down a tag type with aborts.  So we
12208			 * can only really go by the tag number...
12209			 * This may cause problems with parallel SCSI.
12210			 * Need to figure that out!!
12211			 */
12212			if (xio->scsiio.tag_num == io->taskio.tag_num) {
12213				xio->io_hdr.flags |= CTL_FLAG_ABORT;
12214				found = 1;
12215				if ((io->io_hdr.flags &
12216				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
12217				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12218					union ctl_ha_msg msg_info;
12219
12220					io->io_hdr.flags |=
12221					                CTL_FLAG_SENT_2OTHER_SC;
12222					msg_info.hdr.nexus = io->io_hdr.nexus;
12223					msg_info.task.task_action =
12224						CTL_TASK_ABORT_TASK;
12225					msg_info.task.tag_num =
12226						io->taskio.tag_num;
12227					msg_info.task.tag_type =
12228						io->taskio.tag_type;
12229					msg_info.hdr.msg_type =
12230						CTL_MSG_MANAGE_TASKS;
12231					msg_info.hdr.original_sc = NULL;
12232					msg_info.hdr.serializing_sc = NULL;
12233#if 0
12234					printf("Sent Abort to other side\n");
12235#endif
12236					if (CTL_HA_STATUS_SUCCESS !=
12237					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12238		    				(void *)&msg_info,
12239						sizeof(msg_info), 0)) {
12240					}
12241				}
12242#if 0
12243				printf("ctl_abort_task: found I/O to abort\n");
12244#endif
12245				break;
12246			}
12247		}
12248	}
12249	mtx_unlock(&lun->lun_lock);
12250
12251	if (found == 0) {
12252		/*
12253		 * This isn't really an error.  It's entirely possible for
12254		 * the abort and command completion to cross on the wire.
12255		 * This is more of an informative/diagnostic error.
12256		 */
12257#if 0
12258		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12259		       "%d:%d:%d:%d tag %d type %d\n",
12260		       io->io_hdr.nexus.initid.id,
12261		       io->io_hdr.nexus.targ_port,
12262		       io->io_hdr.nexus.targ_target.id,
12263		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12264		       io->taskio.tag_type);
12265#endif
12266	}
12267	return (0);
12268}
12269
12270static void
12271ctl_run_task(union ctl_io *io)
12272{
12273	struct ctl_softc *ctl_softc = control_softc;
12274	int retval = 1;
12275	const char *task_desc;
12276
12277	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12278
12279	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12280	    ("ctl_run_task: Unextected io_type %d\n",
12281	     io->io_hdr.io_type));
12282
12283	task_desc = ctl_scsi_task_string(&io->taskio);
12284	if (task_desc != NULL) {
12285#ifdef NEEDTOPORT
12286		csevent_log(CSC_CTL | CSC_SHELF_SW |
12287			    CTL_TASK_REPORT,
12288			    csevent_LogType_Trace,
12289			    csevent_Severity_Information,
12290			    csevent_AlertLevel_Green,
12291			    csevent_FRU_Firmware,
12292			    csevent_FRU_Unknown,
12293			    "CTL: received task: %s",task_desc);
12294#endif
12295	} else {
12296#ifdef NEEDTOPORT
12297		csevent_log(CSC_CTL | CSC_SHELF_SW |
12298			    CTL_TASK_REPORT,
12299			    csevent_LogType_Trace,
12300			    csevent_Severity_Information,
12301			    csevent_AlertLevel_Green,
12302			    csevent_FRU_Firmware,
12303			    csevent_FRU_Unknown,
12304			    "CTL: received unknown task "
12305			    "type: %d (%#x)",
12306			    io->taskio.task_action,
12307			    io->taskio.task_action);
12308#endif
12309	}
12310	switch (io->taskio.task_action) {
12311	case CTL_TASK_ABORT_TASK:
12312		retval = ctl_abort_task(io);
12313		break;
12314	case CTL_TASK_ABORT_TASK_SET:
12315	case CTL_TASK_CLEAR_TASK_SET:
12316		retval = ctl_abort_task_set(io);
12317		break;
12318	case CTL_TASK_CLEAR_ACA:
12319		break;
12320	case CTL_TASK_I_T_NEXUS_RESET:
12321		retval = ctl_i_t_nexus_reset(io);
12322		break;
12323	case CTL_TASK_LUN_RESET: {
12324		struct ctl_lun *lun;
12325		uint32_t targ_lun;
12326
12327		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12328		mtx_lock(&ctl_softc->ctl_lock);
12329		if ((targ_lun < CTL_MAX_LUNS)
12330		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12331			lun = ctl_softc->ctl_luns[targ_lun];
12332		else {
12333			mtx_unlock(&ctl_softc->ctl_lock);
12334			retval = 1;
12335			break;
12336		}
12337
12338		if (!(io->io_hdr.flags &
12339		    CTL_FLAG_FROM_OTHER_SC)) {
12340			union ctl_ha_msg msg_info;
12341
12342			io->io_hdr.flags |=
12343				CTL_FLAG_SENT_2OTHER_SC;
12344			msg_info.hdr.msg_type =
12345				CTL_MSG_MANAGE_TASKS;
12346			msg_info.hdr.nexus = io->io_hdr.nexus;
12347			msg_info.task.task_action =
12348				CTL_TASK_LUN_RESET;
12349			msg_info.hdr.original_sc = NULL;
12350			msg_info.hdr.serializing_sc = NULL;
12351			if (CTL_HA_STATUS_SUCCESS !=
12352			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12353			    (void *)&msg_info,
12354			    sizeof(msg_info), 0)) {
12355			}
12356		}
12357
12358		retval = ctl_lun_reset(lun, io,
12359				       CTL_UA_LUN_RESET);
12360		mtx_unlock(&ctl_softc->ctl_lock);
12361		break;
12362	}
12363	case CTL_TASK_TARGET_RESET:
12364		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
12365		break;
12366	case CTL_TASK_BUS_RESET:
12367		retval = ctl_bus_reset(ctl_softc, io);
12368		break;
12369	case CTL_TASK_PORT_LOGIN:
12370		break;
12371	case CTL_TASK_PORT_LOGOUT:
12372		break;
12373	default:
12374		printf("ctl_run_task: got unknown task management event %d\n",
12375		       io->taskio.task_action);
12376		break;
12377	}
12378	if (retval == 0)
12379		io->io_hdr.status = CTL_SUCCESS;
12380	else
12381		io->io_hdr.status = CTL_ERROR;
12382	ctl_done(io);
12383}
12384
12385/*
12386 * For HA operation.  Handle commands that come in from the other
12387 * controller.
12388 */
12389static void
12390ctl_handle_isc(union ctl_io *io)
12391{
12392	int free_io;
12393	struct ctl_lun *lun;
12394	struct ctl_softc *ctl_softc;
12395	uint32_t targ_lun;
12396
12397	ctl_softc = control_softc;
12398
12399	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12400	lun = ctl_softc->ctl_luns[targ_lun];
12401
12402	switch (io->io_hdr.msg_type) {
12403	case CTL_MSG_SERIALIZE:
12404		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12405		break;
12406	case CTL_MSG_R2R: {
12407		const struct ctl_cmd_entry *entry;
12408
12409		/*
12410		 * This is only used in SER_ONLY mode.
12411		 */
12412		free_io = 0;
12413		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12414		mtx_lock(&lun->lun_lock);
12415		if (ctl_scsiio_lun_check(ctl_softc, lun,
12416		    entry, (struct ctl_scsiio *)io) != 0) {
12417			mtx_unlock(&lun->lun_lock);
12418			ctl_done(io);
12419			break;
12420		}
12421		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12422		mtx_unlock(&lun->lun_lock);
12423		ctl_enqueue_rtr(io);
12424		break;
12425	}
12426	case CTL_MSG_FINISH_IO:
12427		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
12428			free_io = 0;
12429			ctl_done(io);
12430		} else {
12431			free_io = 1;
12432			mtx_lock(&lun->lun_lock);
12433			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12434				     ooa_links);
12435			ctl_check_blocked(lun);
12436			mtx_unlock(&lun->lun_lock);
12437		}
12438		break;
12439	case CTL_MSG_PERS_ACTION:
12440		ctl_hndl_per_res_out_on_other_sc(
12441			(union ctl_ha_msg *)&io->presio.pr_msg);
12442		free_io = 1;
12443		break;
12444	case CTL_MSG_BAD_JUJU:
12445		free_io = 0;
12446		ctl_done(io);
12447		break;
12448	case CTL_MSG_DATAMOVE:
12449		/* Only used in XFER mode */
12450		free_io = 0;
12451		ctl_datamove_remote(io);
12452		break;
12453	case CTL_MSG_DATAMOVE_DONE:
12454		/* Only used in XFER mode */
12455		free_io = 0;
12456		io->scsiio.be_move_done(io);
12457		break;
12458	default:
12459		free_io = 1;
12460		printf("%s: Invalid message type %d\n",
12461		       __func__, io->io_hdr.msg_type);
12462		break;
12463	}
12464	if (free_io)
12465		ctl_free_io(io);
12466
12467}
12468
12469
12470/*
12471 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12472 * there is no match.
12473 */
12474static ctl_lun_error_pattern
12475ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12476{
12477	const struct ctl_cmd_entry *entry;
12478	ctl_lun_error_pattern filtered_pattern, pattern;
12479
12480	pattern = desc->error_pattern;
12481
12482	/*
12483	 * XXX KDM we need more data passed into this function to match a
12484	 * custom pattern, and we actually need to implement custom pattern
12485	 * matching.
12486	 */
12487	if (pattern & CTL_LUN_PAT_CMD)
12488		return (CTL_LUN_PAT_CMD);
12489
12490	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12491		return (CTL_LUN_PAT_ANY);
12492
12493	entry = ctl_get_cmd_entry(ctsio, NULL);
12494
12495	filtered_pattern = entry->pattern & pattern;
12496
12497	/*
12498	 * If the user requested specific flags in the pattern (e.g.
12499	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12500	 * flags.
12501	 *
12502	 * If the user did not specify any flags, it doesn't matter whether
12503	 * or not the command supports the flags.
12504	 */
12505	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12506	     (pattern & ~CTL_LUN_PAT_MASK))
12507		return (CTL_LUN_PAT_NONE);
12508
12509	/*
12510	 * If the user asked for a range check, see if the requested LBA
12511	 * range overlaps with this command's LBA range.
12512	 */
12513	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12514		uint64_t lba1;
12515		uint64_t len1;
12516		ctl_action action;
12517		int retval;
12518
12519		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12520		if (retval != 0)
12521			return (CTL_LUN_PAT_NONE);
12522
12523		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12524					      desc->lba_range.len);
12525		/*
12526		 * A "pass" means that the LBA ranges don't overlap, so
12527		 * this doesn't match the user's range criteria.
12528		 */
12529		if (action == CTL_ACTION_PASS)
12530			return (CTL_LUN_PAT_NONE);
12531	}
12532
12533	return (filtered_pattern);
12534}
12535
12536static void
12537ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12538{
12539	struct ctl_error_desc *desc, *desc2;
12540
12541	mtx_assert(&lun->lun_lock, MA_OWNED);
12542
12543	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12544		ctl_lun_error_pattern pattern;
12545		/*
12546		 * Check to see whether this particular command matches
12547		 * the pattern in the descriptor.
12548		 */
12549		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12550		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12551			continue;
12552
12553		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12554		case CTL_LUN_INJ_ABORTED:
12555			ctl_set_aborted(&io->scsiio);
12556			break;
12557		case CTL_LUN_INJ_MEDIUM_ERR:
12558			ctl_set_medium_error(&io->scsiio);
12559			break;
12560		case CTL_LUN_INJ_UA:
12561			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12562			 * OCCURRED */
12563			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12564			break;
12565		case CTL_LUN_INJ_CUSTOM:
12566			/*
12567			 * We're assuming the user knows what he is doing.
12568			 * Just copy the sense information without doing
12569			 * checks.
12570			 */
12571			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12572			      ctl_min(sizeof(desc->custom_sense),
12573				      sizeof(io->scsiio.sense_data)));
12574			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12575			io->scsiio.sense_len = SSD_FULL_SIZE;
12576			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12577			break;
12578		case CTL_LUN_INJ_NONE:
12579		default:
12580			/*
12581			 * If this is an error injection type we don't know
12582			 * about, clear the continuous flag (if it is set)
12583			 * so it will get deleted below.
12584			 */
12585			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12586			break;
12587		}
12588		/*
12589		 * By default, each error injection action is a one-shot
12590		 */
12591		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12592			continue;
12593
12594		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12595
12596		free(desc, M_CTL);
12597	}
12598}
12599
12600#ifdef CTL_IO_DELAY
12601static void
12602ctl_datamove_timer_wakeup(void *arg)
12603{
12604	union ctl_io *io;
12605
12606	io = (union ctl_io *)arg;
12607
12608	ctl_datamove(io);
12609}
12610#endif /* CTL_IO_DELAY */
12611
12612void
12613ctl_datamove(union ctl_io *io)
12614{
12615	void (*fe_datamove)(union ctl_io *io);
12616
12617	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12618
12619	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12620
12621#ifdef CTL_TIME_IO
12622	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12623		char str[256];
12624		char path_str[64];
12625		struct sbuf sb;
12626
12627		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12628		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12629
12630		sbuf_cat(&sb, path_str);
12631		switch (io->io_hdr.io_type) {
12632		case CTL_IO_SCSI:
12633			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12634			sbuf_printf(&sb, "\n");
12635			sbuf_cat(&sb, path_str);
12636			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12637				    io->scsiio.tag_num, io->scsiio.tag_type);
12638			break;
12639		case CTL_IO_TASK:
12640			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12641				    "Tag Type: %d\n", io->taskio.task_action,
12642				    io->taskio.tag_num, io->taskio.tag_type);
12643			break;
12644		default:
12645			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12646			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12647			break;
12648		}
12649		sbuf_cat(&sb, path_str);
12650		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12651			    (intmax_t)time_uptime - io->io_hdr.start_time);
12652		sbuf_finish(&sb);
12653		printf("%s", sbuf_data(&sb));
12654	}
12655#endif /* CTL_TIME_IO */
12656
12657#ifdef CTL_IO_DELAY
12658	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12659		struct ctl_lun *lun;
12660
12661		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12662
12663		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12664	} else {
12665		struct ctl_lun *lun;
12666
12667		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12668		if ((lun != NULL)
12669		 && (lun->delay_info.datamove_delay > 0)) {
12670			struct callout *callout;
12671
12672			callout = (struct callout *)&io->io_hdr.timer_bytes;
12673			callout_init(callout, /*mpsafe*/ 1);
12674			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12675			callout_reset(callout,
12676				      lun->delay_info.datamove_delay * hz,
12677				      ctl_datamove_timer_wakeup, io);
12678			if (lun->delay_info.datamove_type ==
12679			    CTL_DELAY_TYPE_ONESHOT)
12680				lun->delay_info.datamove_delay = 0;
12681			return;
12682		}
12683	}
12684#endif
12685
12686	/*
12687	 * This command has been aborted.  Set the port status, so we fail
12688	 * the data move.
12689	 */
12690	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12691		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12692		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12693		       io->io_hdr.nexus.targ_port,
12694		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12695		       io->io_hdr.nexus.targ_lun);
12696		io->io_hdr.port_status = 31337;
12697		/*
12698		 * Note that the backend, in this case, will get the
12699		 * callback in its context.  In other cases it may get
12700		 * called in the frontend's interrupt thread context.
12701		 */
12702		io->scsiio.be_move_done(io);
12703		return;
12704	}
12705
12706	/* Don't confuse frontend with zero length data move. */
12707	if (io->scsiio.kern_data_len == 0) {
12708		io->scsiio.be_move_done(io);
12709		return;
12710	}
12711
12712	/*
12713	 * If we're in XFER mode and this I/O is from the other shelf
12714	 * controller, we need to send the DMA to the other side to
12715	 * actually transfer the data to/from the host.  In serialize only
12716	 * mode the transfer happens below CTL and ctl_datamove() is only
12717	 * called on the machine that originally received the I/O.
12718	 */
12719	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12720	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12721		union ctl_ha_msg msg;
12722		uint32_t sg_entries_sent;
12723		int do_sg_copy;
12724		int i;
12725
12726		memset(&msg, 0, sizeof(msg));
12727		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12728		msg.hdr.original_sc = io->io_hdr.original_sc;
12729		msg.hdr.serializing_sc = io;
12730		msg.hdr.nexus = io->io_hdr.nexus;
12731		msg.dt.flags = io->io_hdr.flags;
12732		/*
12733		 * We convert everything into a S/G list here.  We can't
12734		 * pass by reference, only by value between controllers.
12735		 * So we can't pass a pointer to the S/G list, only as many
12736		 * S/G entries as we can fit in here.  If it's possible for
12737		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12738		 * then we need to break this up into multiple transfers.
12739		 */
12740		if (io->scsiio.kern_sg_entries == 0) {
12741			msg.dt.kern_sg_entries = 1;
12742			/*
12743			 * If this is in cached memory, flush the cache
12744			 * before we send the DMA request to the other
12745			 * controller.  We want to do this in either the
12746			 * read or the write case.  The read case is
12747			 * straightforward.  In the write case, we want to
12748			 * make sure nothing is in the local cache that
12749			 * could overwrite the DMAed data.
12750			 */
12751			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12752				/*
12753				 * XXX KDM use bus_dmamap_sync() here.
12754				 */
12755			}
12756
12757			/*
12758			 * Convert to a physical address if this is a
12759			 * virtual address.
12760			 */
12761			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12762				msg.dt.sg_list[0].addr =
12763					io->scsiio.kern_data_ptr;
12764			} else {
12765				/*
12766				 * XXX KDM use busdma here!
12767				 */
12768#if 0
12769				msg.dt.sg_list[0].addr = (void *)
12770					vtophys(io->scsiio.kern_data_ptr);
12771#endif
12772			}
12773
12774			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12775			do_sg_copy = 0;
12776		} else {
12777			struct ctl_sg_entry *sgl;
12778
12779			do_sg_copy = 1;
12780			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12781			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12782			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12783				/*
12784				 * XXX KDM use bus_dmamap_sync() here.
12785				 */
12786			}
12787		}
12788
12789		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12790		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12791		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12792		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12793		msg.dt.sg_sequence = 0;
12794
12795		/*
12796		 * Loop until we've sent all of the S/G entries.  On the
12797		 * other end, we'll recompose these S/G entries into one
12798		 * contiguous list before passing it to the
12799		 */
12800		for (sg_entries_sent = 0; sg_entries_sent <
12801		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12802			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
12803				sizeof(msg.dt.sg_list[0])),
12804				msg.dt.kern_sg_entries - sg_entries_sent);
12805
12806			if (do_sg_copy != 0) {
12807				struct ctl_sg_entry *sgl;
12808				int j;
12809
12810				sgl = (struct ctl_sg_entry *)
12811					io->scsiio.kern_data_ptr;
12812				/*
12813				 * If this is in cached memory, flush the cache
12814				 * before we send the DMA request to the other
12815				 * controller.  We want to do this in either
12816				 * the * read or the write case.  The read
12817				 * case is straightforward.  In the write
12818				 * case, we want to make sure nothing is
12819				 * in the local cache that could overwrite
12820				 * the DMAed data.
12821				 */
12822
12823				for (i = sg_entries_sent, j = 0;
12824				     i < msg.dt.cur_sg_entries; i++, j++) {
12825					if ((io->io_hdr.flags &
12826					     CTL_FLAG_NO_DATASYNC) == 0) {
12827						/*
12828						 * XXX KDM use bus_dmamap_sync()
12829						 */
12830					}
12831					if ((io->io_hdr.flags &
12832					     CTL_FLAG_BUS_ADDR) == 0) {
12833						/*
12834						 * XXX KDM use busdma.
12835						 */
12836#if 0
12837						msg.dt.sg_list[j].addr =(void *)
12838						       vtophys(sgl[i].addr);
12839#endif
12840					} else {
12841						msg.dt.sg_list[j].addr =
12842							sgl[i].addr;
12843					}
12844					msg.dt.sg_list[j].len = sgl[i].len;
12845				}
12846			}
12847
12848			sg_entries_sent += msg.dt.cur_sg_entries;
12849			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12850				msg.dt.sg_last = 1;
12851			else
12852				msg.dt.sg_last = 0;
12853
12854			/*
12855			 * XXX KDM drop and reacquire the lock here?
12856			 */
12857			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12858			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12859				/*
12860				 * XXX do something here.
12861				 */
12862			}
12863
12864			msg.dt.sent_sg_entries = sg_entries_sent;
12865		}
12866		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12867		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12868			ctl_failover_io(io, /*have_lock*/ 0);
12869
12870	} else {
12871
12872		/*
12873		 * Lookup the fe_datamove() function for this particular
12874		 * front end.
12875		 */
12876		fe_datamove =
12877		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12878
12879		fe_datamove(io);
12880	}
12881}
12882
12883static void
12884ctl_send_datamove_done(union ctl_io *io, int have_lock)
12885{
12886	union ctl_ha_msg msg;
12887	int isc_status;
12888
12889	memset(&msg, 0, sizeof(msg));
12890
12891	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12892	msg.hdr.original_sc = io;
12893	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12894	msg.hdr.nexus = io->io_hdr.nexus;
12895	msg.hdr.status = io->io_hdr.status;
12896	msg.scsi.tag_num = io->scsiio.tag_num;
12897	msg.scsi.tag_type = io->scsiio.tag_type;
12898	msg.scsi.scsi_status = io->scsiio.scsi_status;
12899	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12900	       sizeof(io->scsiio.sense_data));
12901	msg.scsi.sense_len = io->scsiio.sense_len;
12902	msg.scsi.sense_residual = io->scsiio.sense_residual;
12903	msg.scsi.fetd_status = io->io_hdr.port_status;
12904	msg.scsi.residual = io->scsiio.residual;
12905	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12906
12907	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12908		ctl_failover_io(io, /*have_lock*/ have_lock);
12909		return;
12910	}
12911
12912	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12913	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12914		/* XXX do something if this fails */
12915	}
12916
12917}
12918
12919/*
12920 * The DMA to the remote side is done, now we need to tell the other side
12921 * we're done so it can continue with its data movement.
12922 */
12923static void
12924ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12925{
12926	union ctl_io *io;
12927
12928	io = rq->context;
12929
12930	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12931		printf("%s: ISC DMA write failed with error %d", __func__,
12932		       rq->ret);
12933		ctl_set_internal_failure(&io->scsiio,
12934					 /*sks_valid*/ 1,
12935					 /*retry_count*/ rq->ret);
12936	}
12937
12938	ctl_dt_req_free(rq);
12939
12940	/*
12941	 * In this case, we had to malloc the memory locally.  Free it.
12942	 */
12943	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12944		int i;
12945		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12946			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12947	}
12948	/*
12949	 * The data is in local and remote memory, so now we need to send
12950	 * status (good or back) back to the other side.
12951	 */
12952	ctl_send_datamove_done(io, /*have_lock*/ 0);
12953}
12954
12955/*
12956 * We've moved the data from the host/controller into local memory.  Now we
12957 * need to push it over to the remote controller's memory.
12958 */
12959static int
12960ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12961{
12962	int retval;
12963
12964	retval = 0;
12965
12966	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12967					  ctl_datamove_remote_write_cb);
12968
12969	return (retval);
12970}
12971
12972static void
12973ctl_datamove_remote_write(union ctl_io *io)
12974{
12975	int retval;
12976	void (*fe_datamove)(union ctl_io *io);
12977
12978	/*
12979	 * - Get the data from the host/HBA into local memory.
12980	 * - DMA memory from the local controller to the remote controller.
12981	 * - Send status back to the remote controller.
12982	 */
12983
12984	retval = ctl_datamove_remote_sgl_setup(io);
12985	if (retval != 0)
12986		return;
12987
12988	/* Switch the pointer over so the FETD knows what to do */
12989	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12990
12991	/*
12992	 * Use a custom move done callback, since we need to send completion
12993	 * back to the other controller, not to the backend on this side.
12994	 */
12995	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12996
12997	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12998
12999	fe_datamove(io);
13000
13001	return;
13002
13003}
13004
13005static int
13006ctl_datamove_remote_dm_read_cb(union ctl_io *io)
13007{
13008#if 0
13009	char str[256];
13010	char path_str[64];
13011	struct sbuf sb;
13012#endif
13013
13014	/*
13015	 * In this case, we had to malloc the memory locally.  Free it.
13016	 */
13017	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
13018		int i;
13019		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13020			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13021	}
13022
13023#if 0
13024	scsi_path_string(io, path_str, sizeof(path_str));
13025	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13026	sbuf_cat(&sb, path_str);
13027	scsi_command_string(&io->scsiio, NULL, &sb);
13028	sbuf_printf(&sb, "\n");
13029	sbuf_cat(&sb, path_str);
13030	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13031		    io->scsiio.tag_num, io->scsiio.tag_type);
13032	sbuf_cat(&sb, path_str);
13033	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
13034		    io->io_hdr.flags, io->io_hdr.status);
13035	sbuf_finish(&sb);
13036	printk("%s", sbuf_data(&sb));
13037#endif
13038
13039
13040	/*
13041	 * The read is done, now we need to send status (good or bad) back
13042	 * to the other side.
13043	 */
13044	ctl_send_datamove_done(io, /*have_lock*/ 0);
13045
13046	return (0);
13047}
13048
13049static void
13050ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
13051{
13052	union ctl_io *io;
13053	void (*fe_datamove)(union ctl_io *io);
13054
13055	io = rq->context;
13056
13057	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
13058		printf("%s: ISC DMA read failed with error %d", __func__,
13059		       rq->ret);
13060		ctl_set_internal_failure(&io->scsiio,
13061					 /*sks_valid*/ 1,
13062					 /*retry_count*/ rq->ret);
13063	}
13064
13065	ctl_dt_req_free(rq);
13066
13067	/* Switch the pointer over so the FETD knows what to do */
13068	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13069
13070	/*
13071	 * Use a custom move done callback, since we need to send completion
13072	 * back to the other controller, not to the backend on this side.
13073	 */
13074	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
13075
13076	/* XXX KDM add checks like the ones in ctl_datamove? */
13077
13078	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13079
13080	fe_datamove(io);
13081}
13082
13083static int
13084ctl_datamove_remote_sgl_setup(union ctl_io *io)
13085{
13086	struct ctl_sg_entry *local_sglist, *remote_sglist;
13087	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
13088	struct ctl_softc *softc;
13089	int retval;
13090	int i;
13091
13092	retval = 0;
13093	softc = control_softc;
13094
13095	local_sglist = io->io_hdr.local_sglist;
13096	local_dma_sglist = io->io_hdr.local_dma_sglist;
13097	remote_sglist = io->io_hdr.remote_sglist;
13098	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13099
13100	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
13101		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
13102			local_sglist[i].len = remote_sglist[i].len;
13103
13104			/*
13105			 * XXX Detect the situation where the RS-level I/O
13106			 * redirector on the other side has already read the
13107			 * data off of the AOR RS on this side, and
13108			 * transferred it to remote (mirror) memory on the
13109			 * other side.  Since we already have the data in
13110			 * memory here, we just need to use it.
13111			 *
13112			 * XXX KDM this can probably be removed once we
13113			 * get the cache device code in and take the
13114			 * current AOR implementation out.
13115			 */
13116#ifdef NEEDTOPORT
13117			if ((remote_sglist[i].addr >=
13118			     (void *)vtophys(softc->mirr->addr))
13119			 && (remote_sglist[i].addr <
13120			     ((void *)vtophys(softc->mirr->addr) +
13121			     CacheMirrorOffset))) {
13122				local_sglist[i].addr = remote_sglist[i].addr -
13123					CacheMirrorOffset;
13124				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13125				     CTL_FLAG_DATA_IN)
13126					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
13127			} else {
13128				local_sglist[i].addr = remote_sglist[i].addr +
13129					CacheMirrorOffset;
13130			}
13131#endif
13132#if 0
13133			printf("%s: local %p, remote %p, len %d\n",
13134			       __func__, local_sglist[i].addr,
13135			       remote_sglist[i].addr, local_sglist[i].len);
13136#endif
13137		}
13138	} else {
13139		uint32_t len_to_go;
13140
13141		/*
13142		 * In this case, we don't have automatically allocated
13143		 * memory for this I/O on this controller.  This typically
13144		 * happens with internal CTL I/O -- e.g. inquiry, mode
13145		 * sense, etc.  Anything coming from RAIDCore will have
13146		 * a mirror area available.
13147		 */
13148		len_to_go = io->scsiio.kern_data_len;
13149
13150		/*
13151		 * Clear the no datasync flag, we have to use malloced
13152		 * buffers.
13153		 */
13154		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
13155
13156		/*
13157		 * The difficult thing here is that the size of the various
13158		 * S/G segments may be different than the size from the
13159		 * remote controller.  That'll make it harder when DMAing
13160		 * the data back to the other side.
13161		 */
13162		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
13163		     sizeof(io->io_hdr.remote_sglist[0])) &&
13164		     (len_to_go > 0); i++) {
13165			local_sglist[i].len = ctl_min(len_to_go, 131072);
13166			CTL_SIZE_8B(local_dma_sglist[i].len,
13167				    local_sglist[i].len);
13168			local_sglist[i].addr =
13169				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
13170
13171			local_dma_sglist[i].addr = local_sglist[i].addr;
13172
13173			if (local_sglist[i].addr == NULL) {
13174				int j;
13175
13176				printf("malloc failed for %zd bytes!",
13177				       local_dma_sglist[i].len);
13178				for (j = 0; j < i; j++) {
13179					free(local_sglist[j].addr, M_CTL);
13180				}
13181				ctl_set_internal_failure(&io->scsiio,
13182							 /*sks_valid*/ 1,
13183							 /*retry_count*/ 4857);
13184				retval = 1;
13185				goto bailout_error;
13186
13187			}
13188			/* XXX KDM do we need a sync here? */
13189
13190			len_to_go -= local_sglist[i].len;
13191		}
13192		/*
13193		 * Reset the number of S/G entries accordingly.  The
13194		 * original number of S/G entries is available in
13195		 * rem_sg_entries.
13196		 */
13197		io->scsiio.kern_sg_entries = i;
13198
13199#if 0
13200		printf("%s: kern_sg_entries = %d\n", __func__,
13201		       io->scsiio.kern_sg_entries);
13202		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13203			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
13204			       local_sglist[i].addr, local_sglist[i].len,
13205			       local_dma_sglist[i].len);
13206#endif
13207	}
13208
13209
13210	return (retval);
13211
13212bailout_error:
13213
13214	ctl_send_datamove_done(io, /*have_lock*/ 0);
13215
13216	return (retval);
13217}
13218
13219static int
13220ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
13221			 ctl_ha_dt_cb callback)
13222{
13223	struct ctl_ha_dt_req *rq;
13224	struct ctl_sg_entry *remote_sglist, *local_sglist;
13225	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
13226	uint32_t local_used, remote_used, total_used;
13227	int retval;
13228	int i, j;
13229
13230	retval = 0;
13231
13232	rq = ctl_dt_req_alloc();
13233
13234	/*
13235	 * If we failed to allocate the request, and if the DMA didn't fail
13236	 * anyway, set busy status.  This is just a resource allocation
13237	 * failure.
13238	 */
13239	if ((rq == NULL)
13240	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
13241		ctl_set_busy(&io->scsiio);
13242
13243	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
13244
13245		if (rq != NULL)
13246			ctl_dt_req_free(rq);
13247
13248		/*
13249		 * The data move failed.  We need to return status back
13250		 * to the other controller.  No point in trying to DMA
13251		 * data to the remote controller.
13252		 */
13253
13254		ctl_send_datamove_done(io, /*have_lock*/ 0);
13255
13256		retval = 1;
13257
13258		goto bailout;
13259	}
13260
13261	local_sglist = io->io_hdr.local_sglist;
13262	local_dma_sglist = io->io_hdr.local_dma_sglist;
13263	remote_sglist = io->io_hdr.remote_sglist;
13264	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13265	local_used = 0;
13266	remote_used = 0;
13267	total_used = 0;
13268
13269	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
13270		rq->ret = CTL_HA_STATUS_SUCCESS;
13271		rq->context = io;
13272		callback(rq);
13273		goto bailout;
13274	}
13275
13276	/*
13277	 * Pull/push the data over the wire from/to the other controller.
13278	 * This takes into account the possibility that the local and
13279	 * remote sglists may not be identical in terms of the size of
13280	 * the elements and the number of elements.
13281	 *
13282	 * One fundamental assumption here is that the length allocated for
13283	 * both the local and remote sglists is identical.  Otherwise, we've
13284	 * essentially got a coding error of some sort.
13285	 */
13286	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
13287		int isc_ret;
13288		uint32_t cur_len, dma_length;
13289		uint8_t *tmp_ptr;
13290
13291		rq->id = CTL_HA_DATA_CTL;
13292		rq->command = command;
13293		rq->context = io;
13294
13295		/*
13296		 * Both pointers should be aligned.  But it is possible
13297		 * that the allocation length is not.  They should both
13298		 * also have enough slack left over at the end, though,
13299		 * to round up to the next 8 byte boundary.
13300		 */
13301		cur_len = ctl_min(local_sglist[i].len - local_used,
13302				  remote_sglist[j].len - remote_used);
13303
13304		/*
13305		 * In this case, we have a size issue and need to decrease
13306		 * the size, except in the case where we actually have less
13307		 * than 8 bytes left.  In that case, we need to increase
13308		 * the DMA length to get the last bit.
13309		 */
13310		if ((cur_len & 0x7) != 0) {
13311			if (cur_len > 0x7) {
13312				cur_len = cur_len - (cur_len & 0x7);
13313				dma_length = cur_len;
13314			} else {
13315				CTL_SIZE_8B(dma_length, cur_len);
13316			}
13317
13318		} else
13319			dma_length = cur_len;
13320
13321		/*
13322		 * If we had to allocate memory for this I/O, instead of using
13323		 * the non-cached mirror memory, we'll need to flush the cache
13324		 * before trying to DMA to the other controller.
13325		 *
13326		 * We could end up doing this multiple times for the same
13327		 * segment if we have a larger local segment than remote
13328		 * segment.  That shouldn't be an issue.
13329		 */
13330		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13331			/*
13332			 * XXX KDM use bus_dmamap_sync() here.
13333			 */
13334		}
13335
13336		rq->size = dma_length;
13337
13338		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13339		tmp_ptr += local_used;
13340
13341		/* Use physical addresses when talking to ISC hardware */
13342		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13343			/* XXX KDM use busdma */
13344#if 0
13345			rq->local = vtophys(tmp_ptr);
13346#endif
13347		} else
13348			rq->local = tmp_ptr;
13349
13350		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13351		tmp_ptr += remote_used;
13352		rq->remote = tmp_ptr;
13353
13354		rq->callback = NULL;
13355
13356		local_used += cur_len;
13357		if (local_used >= local_sglist[i].len) {
13358			i++;
13359			local_used = 0;
13360		}
13361
13362		remote_used += cur_len;
13363		if (remote_used >= remote_sglist[j].len) {
13364			j++;
13365			remote_used = 0;
13366		}
13367		total_used += cur_len;
13368
13369		if (total_used >= io->scsiio.kern_data_len)
13370			rq->callback = callback;
13371
13372		if ((rq->size & 0x7) != 0) {
13373			printf("%s: warning: size %d is not on 8b boundary\n",
13374			       __func__, rq->size);
13375		}
13376		if (((uintptr_t)rq->local & 0x7) != 0) {
13377			printf("%s: warning: local %p not on 8b boundary\n",
13378			       __func__, rq->local);
13379		}
13380		if (((uintptr_t)rq->remote & 0x7) != 0) {
13381			printf("%s: warning: remote %p not on 8b boundary\n",
13382			       __func__, rq->local);
13383		}
13384#if 0
13385		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
13386		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13387		       rq->local, rq->remote, rq->size);
13388#endif
13389
13390		isc_ret = ctl_dt_single(rq);
13391		if (isc_ret == CTL_HA_STATUS_WAIT)
13392			continue;
13393
13394		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
13395			rq->ret = CTL_HA_STATUS_SUCCESS;
13396		} else {
13397			rq->ret = isc_ret;
13398		}
13399		callback(rq);
13400		goto bailout;
13401	}
13402
13403bailout:
13404	return (retval);
13405
13406}
13407
13408static void
13409ctl_datamove_remote_read(union ctl_io *io)
13410{
13411	int retval;
13412	int i;
13413
13414	/*
13415	 * This will send an error to the other controller in the case of a
13416	 * failure.
13417	 */
13418	retval = ctl_datamove_remote_sgl_setup(io);
13419	if (retval != 0)
13420		return;
13421
13422	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13423					  ctl_datamove_remote_read_cb);
13424	if ((retval != 0)
13425	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
13426		/*
13427		 * Make sure we free memory if there was an error..  The
13428		 * ctl_datamove_remote_xfer() function will send the
13429		 * datamove done message, or call the callback with an
13430		 * error if there is a problem.
13431		 */
13432		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13433			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13434	}
13435
13436	return;
13437}
13438
13439/*
13440 * Process a datamove request from the other controller.  This is used for
13441 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13442 * first.  Once that is complete, the data gets DMAed into the remote
13443 * controller's memory.  For reads, we DMA from the remote controller's
13444 * memory into our memory first, and then move it out to the FETD.
13445 */
13446static void
13447ctl_datamove_remote(union ctl_io *io)
13448{
13449	struct ctl_softc *softc;
13450
13451	softc = control_softc;
13452
13453	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13454
13455	/*
13456	 * Note that we look for an aborted I/O here, but don't do some of
13457	 * the other checks that ctl_datamove() normally does.
13458	 * We don't need to run the datamove delay code, since that should
13459	 * have been done if need be on the other controller.
13460	 */
13461	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13462		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13463		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13464		       io->io_hdr.nexus.targ_port,
13465		       io->io_hdr.nexus.targ_target.id,
13466		       io->io_hdr.nexus.targ_lun);
13467		io->io_hdr.port_status = 31338;
13468		ctl_send_datamove_done(io, /*have_lock*/ 0);
13469		return;
13470	}
13471
13472	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13473		ctl_datamove_remote_write(io);
13474	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13475		ctl_datamove_remote_read(io);
13476	} else {
13477		union ctl_ha_msg msg;
13478		struct scsi_sense_data *sense;
13479		uint8_t sks[3];
13480		int retry_count;
13481
13482		memset(&msg, 0, sizeof(msg));
13483
13484		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13485		msg.hdr.status = CTL_SCSI_ERROR;
13486		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13487
13488		retry_count = 4243;
13489
13490		sense = &msg.scsi.sense_data;
13491		sks[0] = SSD_SCS_VALID;
13492		sks[1] = (retry_count >> 8) & 0xff;
13493		sks[2] = retry_count & 0xff;
13494
13495		/* "Internal target failure" */
13496		scsi_set_sense_data(sense,
13497				    /*sense_format*/ SSD_TYPE_NONE,
13498				    /*current_error*/ 1,
13499				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13500				    /*asc*/ 0x44,
13501				    /*ascq*/ 0x00,
13502				    /*type*/ SSD_ELEM_SKS,
13503				    /*size*/ sizeof(sks),
13504				    /*data*/ sks,
13505				    SSD_ELEM_NONE);
13506
13507		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13508		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13509			ctl_failover_io(io, /*have_lock*/ 1);
13510			return;
13511		}
13512
13513		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13514		    CTL_HA_STATUS_SUCCESS) {
13515			/* XXX KDM what to do if this fails? */
13516		}
13517		return;
13518	}
13519
13520}
13521
13522static int
13523ctl_process_done(union ctl_io *io)
13524{
13525	struct ctl_lun *lun;
13526	struct ctl_softc *ctl_softc;
13527	void (*fe_done)(union ctl_io *io);
13528	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13529
13530	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13531
13532	fe_done =
13533	    control_softc->ctl_ports[targ_port]->fe_done;
13534
13535#ifdef CTL_TIME_IO
13536	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13537		char str[256];
13538		char path_str[64];
13539		struct sbuf sb;
13540
13541		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13542		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13543
13544		sbuf_cat(&sb, path_str);
13545		switch (io->io_hdr.io_type) {
13546		case CTL_IO_SCSI:
13547			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13548			sbuf_printf(&sb, "\n");
13549			sbuf_cat(&sb, path_str);
13550			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13551				    io->scsiio.tag_num, io->scsiio.tag_type);
13552			break;
13553		case CTL_IO_TASK:
13554			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13555				    "Tag Type: %d\n", io->taskio.task_action,
13556				    io->taskio.tag_num, io->taskio.tag_type);
13557			break;
13558		default:
13559			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13560			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13561			break;
13562		}
13563		sbuf_cat(&sb, path_str);
13564		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13565			    (intmax_t)time_uptime - io->io_hdr.start_time);
13566		sbuf_finish(&sb);
13567		printf("%s", sbuf_data(&sb));
13568	}
13569#endif /* CTL_TIME_IO */
13570
13571	switch (io->io_hdr.io_type) {
13572	case CTL_IO_SCSI:
13573		break;
13574	case CTL_IO_TASK:
13575		if (bootverbose || (ctl_debug & CTL_DEBUG_INFO))
13576			ctl_io_error_print(io, NULL);
13577		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13578			ctl_free_io(io);
13579		else
13580			fe_done(io);
13581		return (CTL_RETVAL_COMPLETE);
13582	default:
13583		panic("ctl_process_done: invalid io type %d\n",
13584		      io->io_hdr.io_type);
13585		break; /* NOTREACHED */
13586	}
13587
13588	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13589	if (lun == NULL) {
13590		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13591				 io->io_hdr.nexus.targ_mapped_lun));
13592		fe_done(io);
13593		goto bailout;
13594	}
13595	ctl_softc = lun->ctl_softc;
13596
13597	mtx_lock(&lun->lun_lock);
13598
13599	/*
13600	 * Check to see if we have any errors to inject here.  We only
13601	 * inject errors for commands that don't already have errors set.
13602	 */
13603	if ((STAILQ_FIRST(&lun->error_list) != NULL)
13604	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
13605		ctl_inject_error(lun, io);
13606
13607	/*
13608	 * XXX KDM how do we treat commands that aren't completed
13609	 * successfully?
13610	 *
13611	 * XXX KDM should we also track I/O latency?
13612	 */
13613	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13614	    io->io_hdr.io_type == CTL_IO_SCSI) {
13615#ifdef CTL_TIME_IO
13616		struct bintime cur_bt;
13617#endif
13618		int type;
13619
13620		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13621		    CTL_FLAG_DATA_IN)
13622			type = CTL_STATS_READ;
13623		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13624		    CTL_FLAG_DATA_OUT)
13625			type = CTL_STATS_WRITE;
13626		else
13627			type = CTL_STATS_NO_IO;
13628
13629		lun->stats.ports[targ_port].bytes[type] +=
13630		    io->scsiio.kern_total_len;
13631		lun->stats.ports[targ_port].operations[type]++;
13632#ifdef CTL_TIME_IO
13633		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13634		   &io->io_hdr.dma_bt);
13635		lun->stats.ports[targ_port].num_dmas[type] +=
13636		    io->io_hdr.num_dmas;
13637		getbintime(&cur_bt);
13638		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13639		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13640#endif
13641	}
13642
13643	/*
13644	 * Remove this from the OOA queue.
13645	 */
13646	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13647
13648	/*
13649	 * Run through the blocked queue on this LUN and see if anything
13650	 * has become unblocked, now that this transaction is done.
13651	 */
13652	ctl_check_blocked(lun);
13653
13654	/*
13655	 * If the LUN has been invalidated, free it if there is nothing
13656	 * left on its OOA queue.
13657	 */
13658	if ((lun->flags & CTL_LUN_INVALID)
13659	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13660		mtx_unlock(&lun->lun_lock);
13661		mtx_lock(&ctl_softc->ctl_lock);
13662		ctl_free_lun(lun);
13663		mtx_unlock(&ctl_softc->ctl_lock);
13664	} else
13665		mtx_unlock(&lun->lun_lock);
13666
13667	/*
13668	 * If this command has been aborted, make sure we set the status
13669	 * properly.  The FETD is responsible for freeing the I/O and doing
13670	 * whatever it needs to do to clean up its state.
13671	 */
13672	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13673		ctl_set_task_aborted(&io->scsiio);
13674
13675	/*
13676	 * If enabled, print command error status.
13677	 * We don't print UAs unless debugging was enabled explicitly.
13678	 */
13679	do {
13680		if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)
13681			break;
13682		if (!bootverbose && (ctl_debug & CTL_DEBUG_INFO) == 0)
13683			break;
13684		if ((ctl_debug & CTL_DEBUG_INFO) == 0 &&
13685		    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR) &&
13686		     (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
13687			int error_code, sense_key, asc, ascq;
13688
13689			scsi_extract_sense_len(&io->scsiio.sense_data,
13690			    io->scsiio.sense_len, &error_code, &sense_key,
13691			    &asc, &ascq, /*show_errors*/ 0);
13692			if (sense_key == SSD_KEY_UNIT_ATTENTION)
13693				break;
13694		}
13695
13696		ctl_io_error_print(io, NULL);
13697	} while (0);
13698
13699	/*
13700	 * Tell the FETD or the other shelf controller we're done with this
13701	 * command.  Note that only SCSI commands get to this point.  Task
13702	 * management commands are completed above.
13703	 *
13704	 * We only send status to the other controller if we're in XFER
13705	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13706	 * received the I/O (from CTL's perspective), and so the status is
13707	 * generated there.
13708	 *
13709	 * XXX KDM if we hold the lock here, we could cause a deadlock
13710	 * if the frontend comes back in in this context to queue
13711	 * something.
13712	 */
13713	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
13714	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13715		union ctl_ha_msg msg;
13716
13717		memset(&msg, 0, sizeof(msg));
13718		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13719		msg.hdr.original_sc = io->io_hdr.original_sc;
13720		msg.hdr.nexus = io->io_hdr.nexus;
13721		msg.hdr.status = io->io_hdr.status;
13722		msg.scsi.scsi_status = io->scsiio.scsi_status;
13723		msg.scsi.tag_num = io->scsiio.tag_num;
13724		msg.scsi.tag_type = io->scsiio.tag_type;
13725		msg.scsi.sense_len = io->scsiio.sense_len;
13726		msg.scsi.sense_residual = io->scsiio.sense_residual;
13727		msg.scsi.residual = io->scsiio.residual;
13728		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13729		       sizeof(io->scsiio.sense_data));
13730		/*
13731		 * We copy this whether or not this is an I/O-related
13732		 * command.  Otherwise, we'd have to go and check to see
13733		 * whether it's a read/write command, and it really isn't
13734		 * worth it.
13735		 */
13736		memcpy(&msg.scsi.lbalen,
13737		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13738		       sizeof(msg.scsi.lbalen));
13739
13740		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13741				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13742			/* XXX do something here */
13743		}
13744
13745		ctl_free_io(io);
13746	} else
13747		fe_done(io);
13748
13749bailout:
13750
13751	return (CTL_RETVAL_COMPLETE);
13752}
13753
13754#ifdef CTL_WITH_CA
13755/*
13756 * Front end should call this if it doesn't do autosense.  When the request
13757 * sense comes back in from the initiator, we'll dequeue this and send it.
13758 */
13759int
13760ctl_queue_sense(union ctl_io *io)
13761{
13762	struct ctl_lun *lun;
13763	struct ctl_softc *ctl_softc;
13764	uint32_t initidx, targ_lun;
13765
13766	ctl_softc = control_softc;
13767
13768	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13769
13770	/*
13771	 * LUN lookup will likely move to the ctl_work_thread() once we
13772	 * have our new queueing infrastructure (that doesn't put things on
13773	 * a per-LUN queue initially).  That is so that we can handle
13774	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13775	 * can't deal with that right now.
13776	 */
13777	mtx_lock(&ctl_softc->ctl_lock);
13778
13779	/*
13780	 * If we don't have a LUN for this, just toss the sense
13781	 * information.
13782	 */
13783	targ_lun = io->io_hdr.nexus.targ_lun;
13784	targ_lun = ctl_map_lun(io->io_hdr.nexus.targ_port, targ_lun);
13785	if ((targ_lun < CTL_MAX_LUNS)
13786	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
13787		lun = ctl_softc->ctl_luns[targ_lun];
13788	else
13789		goto bailout;
13790
13791	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13792
13793	mtx_lock(&lun->lun_lock);
13794	/*
13795	 * Already have CA set for this LUN...toss the sense information.
13796	 */
13797	if (ctl_is_set(lun->have_ca, initidx)) {
13798		mtx_unlock(&lun->lun_lock);
13799		goto bailout;
13800	}
13801
13802	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13803	       ctl_min(sizeof(lun->pending_sense[initidx]),
13804	       sizeof(io->scsiio.sense_data)));
13805	ctl_set_mask(lun->have_ca, initidx);
13806	mtx_unlock(&lun->lun_lock);
13807
13808bailout:
13809	mtx_unlock(&ctl_softc->ctl_lock);
13810
13811	ctl_free_io(io);
13812
13813	return (CTL_RETVAL_COMPLETE);
13814}
13815#endif
13816
13817/*
13818 * Primary command inlet from frontend ports.  All SCSI and task I/O
13819 * requests must go through this function.
13820 */
13821int
13822ctl_queue(union ctl_io *io)
13823{
13824	struct ctl_softc *ctl_softc;
13825
13826	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13827
13828	ctl_softc = control_softc;
13829
13830#ifdef CTL_TIME_IO
13831	io->io_hdr.start_time = time_uptime;
13832	getbintime(&io->io_hdr.start_bt);
13833#endif /* CTL_TIME_IO */
13834
13835	/* Map FE-specific LUN ID into global one. */
13836	io->io_hdr.nexus.targ_mapped_lun =
13837	    ctl_map_lun(io->io_hdr.nexus.targ_port, io->io_hdr.nexus.targ_lun);
13838
13839	switch (io->io_hdr.io_type) {
13840	case CTL_IO_SCSI:
13841	case CTL_IO_TASK:
13842		if (ctl_debug & CTL_DEBUG_CDB)
13843			ctl_io_print(io);
13844		ctl_enqueue_incoming(io);
13845		break;
13846	default:
13847		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13848		return (EINVAL);
13849	}
13850
13851	return (CTL_RETVAL_COMPLETE);
13852}
13853
13854#ifdef CTL_IO_DELAY
13855static void
13856ctl_done_timer_wakeup(void *arg)
13857{
13858	union ctl_io *io;
13859
13860	io = (union ctl_io *)arg;
13861	ctl_done(io);
13862}
13863#endif /* CTL_IO_DELAY */
13864
13865void
13866ctl_done(union ctl_io *io)
13867{
13868	struct ctl_softc *ctl_softc;
13869
13870	ctl_softc = control_softc;
13871
13872	/*
13873	 * Enable this to catch duplicate completion issues.
13874	 */
13875#if 0
13876	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13877		printf("%s: type %d msg %d cdb %x iptl: "
13878		       "%d:%d:%d:%d tag 0x%04x "
13879		       "flag %#x status %x\n",
13880			__func__,
13881			io->io_hdr.io_type,
13882			io->io_hdr.msg_type,
13883			io->scsiio.cdb[0],
13884			io->io_hdr.nexus.initid.id,
13885			io->io_hdr.nexus.targ_port,
13886			io->io_hdr.nexus.targ_target.id,
13887			io->io_hdr.nexus.targ_lun,
13888			(io->io_hdr.io_type ==
13889			CTL_IO_TASK) ?
13890			io->taskio.tag_num :
13891			io->scsiio.tag_num,
13892		        io->io_hdr.flags,
13893			io->io_hdr.status);
13894	} else
13895		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13896#endif
13897
13898	/*
13899	 * This is an internal copy of an I/O, and should not go through
13900	 * the normal done processing logic.
13901	 */
13902	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13903		return;
13904
13905	/*
13906	 * We need to send a msg to the serializing shelf to finish the IO
13907	 * as well.  We don't send a finish message to the other shelf if
13908	 * this is a task management command.  Task management commands
13909	 * aren't serialized in the OOA queue, but rather just executed on
13910	 * both shelf controllers for commands that originated on that
13911	 * controller.
13912	 */
13913	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13914	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13915		union ctl_ha_msg msg_io;
13916
13917		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13918		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13919		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13920		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13921		}
13922		/* continue on to finish IO */
13923	}
13924#ifdef CTL_IO_DELAY
13925	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13926		struct ctl_lun *lun;
13927
13928		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13929
13930		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13931	} else {
13932		struct ctl_lun *lun;
13933
13934		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13935
13936		if ((lun != NULL)
13937		 && (lun->delay_info.done_delay > 0)) {
13938			struct callout *callout;
13939
13940			callout = (struct callout *)&io->io_hdr.timer_bytes;
13941			callout_init(callout, /*mpsafe*/ 1);
13942			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13943			callout_reset(callout,
13944				      lun->delay_info.done_delay * hz,
13945				      ctl_done_timer_wakeup, io);
13946			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13947				lun->delay_info.done_delay = 0;
13948			return;
13949		}
13950	}
13951#endif /* CTL_IO_DELAY */
13952
13953	ctl_enqueue_done(io);
13954}
13955
13956int
13957ctl_isc(struct ctl_scsiio *ctsio)
13958{
13959	struct ctl_lun *lun;
13960	int retval;
13961
13962	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13963
13964	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13965
13966	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13967
13968	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13969
13970	return (retval);
13971}
13972
13973
13974static void
13975ctl_work_thread(void *arg)
13976{
13977	struct ctl_thread *thr = (struct ctl_thread *)arg;
13978	struct ctl_softc *softc = thr->ctl_softc;
13979	union ctl_io *io;
13980	int retval;
13981
13982	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13983
13984	for (;;) {
13985		retval = 0;
13986
13987		/*
13988		 * We handle the queues in this order:
13989		 * - ISC
13990		 * - done queue (to free up resources, unblock other commands)
13991		 * - RtR queue
13992		 * - incoming queue
13993		 *
13994		 * If those queues are empty, we break out of the loop and
13995		 * go to sleep.
13996		 */
13997		mtx_lock(&thr->queue_lock);
13998		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13999		if (io != NULL) {
14000			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
14001			mtx_unlock(&thr->queue_lock);
14002			ctl_handle_isc(io);
14003			continue;
14004		}
14005		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
14006		if (io != NULL) {
14007			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
14008			/* clear any blocked commands, call fe_done */
14009			mtx_unlock(&thr->queue_lock);
14010			retval = ctl_process_done(io);
14011			continue;
14012		}
14013		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
14014		if (io != NULL) {
14015			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
14016			mtx_unlock(&thr->queue_lock);
14017			if (io->io_hdr.io_type == CTL_IO_TASK)
14018				ctl_run_task(io);
14019			else
14020				ctl_scsiio_precheck(softc, &io->scsiio);
14021			continue;
14022		}
14023		if (!ctl_pause_rtr) {
14024			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
14025			if (io != NULL) {
14026				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
14027				mtx_unlock(&thr->queue_lock);
14028				retval = ctl_scsiio(&io->scsiio);
14029				if (retval != CTL_RETVAL_COMPLETE)
14030					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
14031				continue;
14032			}
14033		}
14034
14035		/* Sleep until we have something to do. */
14036		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
14037	}
14038}
14039
14040static void
14041ctl_lun_thread(void *arg)
14042{
14043	struct ctl_softc *softc = (struct ctl_softc *)arg;
14044	struct ctl_be_lun *be_lun;
14045	int retval;
14046
14047	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
14048
14049	for (;;) {
14050		retval = 0;
14051		mtx_lock(&softc->ctl_lock);
14052		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
14053		if (be_lun != NULL) {
14054			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
14055			mtx_unlock(&softc->ctl_lock);
14056			ctl_create_lun(be_lun);
14057			continue;
14058		}
14059
14060		/* Sleep until we have something to do. */
14061		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
14062		    PDROP | PRIBIO, "-", 0);
14063	}
14064}
14065
14066static void
14067ctl_enqueue_incoming(union ctl_io *io)
14068{
14069	struct ctl_softc *softc = control_softc;
14070	struct ctl_thread *thr;
14071	u_int idx;
14072
14073	idx = (io->io_hdr.nexus.targ_port * 127 +
14074	       io->io_hdr.nexus.initid.id) % worker_threads;
14075	thr = &softc->threads[idx];
14076	mtx_lock(&thr->queue_lock);
14077	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
14078	mtx_unlock(&thr->queue_lock);
14079	wakeup(thr);
14080}
14081
14082static void
14083ctl_enqueue_rtr(union ctl_io *io)
14084{
14085	struct ctl_softc *softc = control_softc;
14086	struct ctl_thread *thr;
14087
14088	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14089	mtx_lock(&thr->queue_lock);
14090	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
14091	mtx_unlock(&thr->queue_lock);
14092	wakeup(thr);
14093}
14094
14095static void
14096ctl_enqueue_done(union ctl_io *io)
14097{
14098	struct ctl_softc *softc = control_softc;
14099	struct ctl_thread *thr;
14100
14101	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14102	mtx_lock(&thr->queue_lock);
14103	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
14104	mtx_unlock(&thr->queue_lock);
14105	wakeup(thr);
14106}
14107
14108static void
14109ctl_enqueue_isc(union ctl_io *io)
14110{
14111	struct ctl_softc *softc = control_softc;
14112	struct ctl_thread *thr;
14113
14114	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14115	mtx_lock(&thr->queue_lock);
14116	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
14117	mtx_unlock(&thr->queue_lock);
14118	wakeup(thr);
14119}
14120
14121/* Initialization and failover */
14122
14123void
14124ctl_init_isc_msg(void)
14125{
14126	printf("CTL: Still calling this thing\n");
14127}
14128
14129/*
14130 * Init component
14131 * 	Initializes component into configuration defined by bootMode
14132 *	(see hasc-sv.c)
14133 *  	returns hasc_Status:
14134 * 		OK
14135 *		ERROR - fatal error
14136 */
14137static ctl_ha_comp_status
14138ctl_isc_init(struct ctl_ha_component *c)
14139{
14140	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14141
14142	c->status = ret;
14143	return ret;
14144}
14145
14146/* Start component
14147 * 	Starts component in state requested. If component starts successfully,
14148 *	it must set its own state to the requestrd state
14149 *	When requested state is HASC_STATE_HA, the component may refine it
14150 * 	by adding _SLAVE or _MASTER flags.
14151 *	Currently allowed state transitions are:
14152 *	UNKNOWN->HA		- initial startup
14153 *	UNKNOWN->SINGLE - initial startup when no parter detected
14154 *	HA->SINGLE		- failover
14155 * returns ctl_ha_comp_status:
14156 * 		OK	- component successfully started in requested state
14157 *		FAILED  - could not start the requested state, failover may
14158 * 			  be possible
14159 *		ERROR	- fatal error detected, no future startup possible
14160 */
14161static ctl_ha_comp_status
14162ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
14163{
14164	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14165
14166	printf("%s: go\n", __func__);
14167
14168	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
14169	if (c->state == CTL_HA_STATE_UNKNOWN ) {
14170		ctl_is_single = 0;
14171		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
14172		    != CTL_HA_STATUS_SUCCESS) {
14173			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
14174			ret = CTL_HA_COMP_STATUS_ERROR;
14175		}
14176	} else if (CTL_HA_STATE_IS_HA(c->state)
14177		&& CTL_HA_STATE_IS_SINGLE(state)){
14178		// HA->SINGLE transition
14179	        ctl_failover();
14180		ctl_is_single = 1;
14181	} else {
14182		printf("ctl_isc_start:Invalid state transition %X->%X\n",
14183		       c->state, state);
14184		ret = CTL_HA_COMP_STATUS_ERROR;
14185	}
14186	if (CTL_HA_STATE_IS_SINGLE(state))
14187		ctl_is_single = 1;
14188
14189	c->state = state;
14190	c->status = ret;
14191	return ret;
14192}
14193
14194/*
14195 * Quiesce component
14196 * The component must clear any error conditions (set status to OK) and
14197 * prepare itself to another Start call
14198 * returns ctl_ha_comp_status:
14199 * 	OK
14200 *	ERROR
14201 */
14202static ctl_ha_comp_status
14203ctl_isc_quiesce(struct ctl_ha_component *c)
14204{
14205	int ret = CTL_HA_COMP_STATUS_OK;
14206
14207	ctl_pause_rtr = 1;
14208	c->status = ret;
14209	return ret;
14210}
14211
14212struct ctl_ha_component ctl_ha_component_ctlisc =
14213{
14214	.name = "CTL ISC",
14215	.state = CTL_HA_STATE_UNKNOWN,
14216	.init = ctl_isc_init,
14217	.start = ctl_isc_start,
14218	.quiesce = ctl_isc_quiesce
14219};
14220
14221/*
14222 *  vim: ts=8
14223 */
14224