ctl.c revision 274333 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 274333 2014-11-09 22:43:29Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/ctype.h>
50#include <sys/kernel.h>
51#include <sys/types.h>
52#include <sys/kthread.h>
53#include <sys/bio.h>
54#include <sys/fcntl.h>
55#include <sys/lock.h>
56#include <sys/module.h>
57#include <sys/mutex.h>
58#include <sys/condvar.h>
59#include <sys/malloc.h>
60#include <sys/conf.h>
61#include <sys/ioccom.h>
62#include <sys/queue.h>
63#include <sys/sbuf.h>
64#include <sys/smp.h>
65#include <sys/endian.h>
66#include <sys/sysctl.h>
67
68#include <cam/cam.h>
69#include <cam/scsi/scsi_all.h>
70#include <cam/scsi/scsi_da.h>
71#include <cam/ctl/ctl_io.h>
72#include <cam/ctl/ctl.h>
73#include <cam/ctl/ctl_frontend.h>
74#include <cam/ctl/ctl_frontend_internal.h>
75#include <cam/ctl/ctl_util.h>
76#include <cam/ctl/ctl_backend.h>
77#include <cam/ctl/ctl_ioctl.h>
78#include <cam/ctl/ctl_ha.h>
79#include <cam/ctl/ctl_private.h>
80#include <cam/ctl/ctl_debug.h>
81#include <cam/ctl/ctl_scsi_all.h>
82#include <cam/ctl/ctl_error.h>
83
84struct ctl_softc *control_softc = NULL;
85
86/*
87 * Size and alignment macros needed for Copan-specific HA hardware.  These
88 * can go away when the HA code is re-written, and uses busdma for any
89 * hardware.
90 */
91#define	CTL_ALIGN_8B(target, source, type)				\
92	if (((uint32_t)source & 0x7) != 0)				\
93		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
94	else								\
95		target = (type)source;
96
97#define	CTL_SIZE_8B(target, size)					\
98	if ((size & 0x7) != 0)						\
99		target = size + (0x8 - (size & 0x7));			\
100	else								\
101		target = size;
102
103#define CTL_ALIGN_8B_MARGIN	16
104
105/*
106 * Template mode pages.
107 */
108
109/*
110 * Note that these are default values only.  The actual values will be
111 * filled in when the user does a mode sense.
112 */
113static struct copan_debugconf_subpage debugconf_page_default = {
114	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
115	DBGCNF_SUBPAGE_CODE,		/* subpage */
116	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
117	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
118	DBGCNF_VERSION,			/* page_version */
119	{CTL_TIME_IO_DEFAULT_SECS>>8,
120	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
121};
122
123static struct copan_debugconf_subpage debugconf_page_changeable = {
124	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
125	DBGCNF_SUBPAGE_CODE,		/* subpage */
126	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
127	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
128	0,				/* page_version */
129	{0xff,0xff},			/* ctl_time_io_secs */
130};
131
132static struct scsi_da_rw_recovery_page rw_er_page_default = {
133	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
134	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
135	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
136	/*read_retry_count*/0,
137	/*correction_span*/0,
138	/*head_offset_count*/0,
139	/*data_strobe_offset_cnt*/0,
140	/*byte8*/SMS_RWER_LBPERE,
141	/*write_retry_count*/0,
142	/*reserved2*/0,
143	/*recovery_time_limit*/{0, 0},
144};
145
146static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
147	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
148	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
149	/*byte3*/0,
150	/*read_retry_count*/0,
151	/*correction_span*/0,
152	/*head_offset_count*/0,
153	/*data_strobe_offset_cnt*/0,
154	/*byte8*/0,
155	/*write_retry_count*/0,
156	/*reserved2*/0,
157	/*recovery_time_limit*/{0, 0},
158};
159
160static struct scsi_format_page format_page_default = {
161	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
162	/*page_length*/sizeof(struct scsi_format_page) - 2,
163	/*tracks_per_zone*/ {0, 0},
164	/*alt_sectors_per_zone*/ {0, 0},
165	/*alt_tracks_per_zone*/ {0, 0},
166	/*alt_tracks_per_lun*/ {0, 0},
167	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
168			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
169	/*bytes_per_sector*/ {0, 0},
170	/*interleave*/ {0, 0},
171	/*track_skew*/ {0, 0},
172	/*cylinder_skew*/ {0, 0},
173	/*flags*/ SFP_HSEC,
174	/*reserved*/ {0, 0, 0}
175};
176
177static struct scsi_format_page format_page_changeable = {
178	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
179	/*page_length*/sizeof(struct scsi_format_page) - 2,
180	/*tracks_per_zone*/ {0, 0},
181	/*alt_sectors_per_zone*/ {0, 0},
182	/*alt_tracks_per_zone*/ {0, 0},
183	/*alt_tracks_per_lun*/ {0, 0},
184	/*sectors_per_track*/ {0, 0},
185	/*bytes_per_sector*/ {0, 0},
186	/*interleave*/ {0, 0},
187	/*track_skew*/ {0, 0},
188	/*cylinder_skew*/ {0, 0},
189	/*flags*/ 0,
190	/*reserved*/ {0, 0, 0}
191};
192
193static struct scsi_rigid_disk_page rigid_disk_page_default = {
194	/*page_code*/SMS_RIGID_DISK_PAGE,
195	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
196	/*cylinders*/ {0, 0, 0},
197	/*heads*/ CTL_DEFAULT_HEADS,
198	/*start_write_precomp*/ {0, 0, 0},
199	/*start_reduced_current*/ {0, 0, 0},
200	/*step_rate*/ {0, 0},
201	/*landing_zone_cylinder*/ {0, 0, 0},
202	/*rpl*/ SRDP_RPL_DISABLED,
203	/*rotational_offset*/ 0,
204	/*reserved1*/ 0,
205	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
206			   CTL_DEFAULT_ROTATION_RATE & 0xff},
207	/*reserved2*/ {0, 0}
208};
209
210static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
211	/*page_code*/SMS_RIGID_DISK_PAGE,
212	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
213	/*cylinders*/ {0, 0, 0},
214	/*heads*/ 0,
215	/*start_write_precomp*/ {0, 0, 0},
216	/*start_reduced_current*/ {0, 0, 0},
217	/*step_rate*/ {0, 0},
218	/*landing_zone_cylinder*/ {0, 0, 0},
219	/*rpl*/ 0,
220	/*rotational_offset*/ 0,
221	/*reserved1*/ 0,
222	/*rotation_rate*/ {0, 0},
223	/*reserved2*/ {0, 0}
224};
225
226static struct scsi_caching_page caching_page_default = {
227	/*page_code*/SMS_CACHING_PAGE,
228	/*page_length*/sizeof(struct scsi_caching_page) - 2,
229	/*flags1*/ SCP_DISC | SCP_WCE,
230	/*ret_priority*/ 0,
231	/*disable_pf_transfer_len*/ {0xff, 0xff},
232	/*min_prefetch*/ {0, 0},
233	/*max_prefetch*/ {0xff, 0xff},
234	/*max_pf_ceiling*/ {0xff, 0xff},
235	/*flags2*/ 0,
236	/*cache_segments*/ 0,
237	/*cache_seg_size*/ {0, 0},
238	/*reserved*/ 0,
239	/*non_cache_seg_size*/ {0, 0, 0}
240};
241
242static struct scsi_caching_page caching_page_changeable = {
243	/*page_code*/SMS_CACHING_PAGE,
244	/*page_length*/sizeof(struct scsi_caching_page) - 2,
245	/*flags1*/ SCP_WCE | SCP_RCD,
246	/*ret_priority*/ 0,
247	/*disable_pf_transfer_len*/ {0, 0},
248	/*min_prefetch*/ {0, 0},
249	/*max_prefetch*/ {0, 0},
250	/*max_pf_ceiling*/ {0, 0},
251	/*flags2*/ 0,
252	/*cache_segments*/ 0,
253	/*cache_seg_size*/ {0, 0},
254	/*reserved*/ 0,
255	/*non_cache_seg_size*/ {0, 0, 0}
256};
257
258static struct scsi_control_page control_page_default = {
259	/*page_code*/SMS_CONTROL_MODE_PAGE,
260	/*page_length*/sizeof(struct scsi_control_page) - 2,
261	/*rlec*/0,
262	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
263	/*eca_and_aen*/0,
264	/*flags4*/SCP_TAS,
265	/*aen_holdoff_period*/{0, 0},
266	/*busy_timeout_period*/{0, 0},
267	/*extended_selftest_completion_time*/{0, 0}
268};
269
270static struct scsi_control_page control_page_changeable = {
271	/*page_code*/SMS_CONTROL_MODE_PAGE,
272	/*page_length*/sizeof(struct scsi_control_page) - 2,
273	/*rlec*/SCP_DSENSE,
274	/*queue_flags*/SCP_QUEUE_ALG_MASK,
275	/*eca_and_aen*/SCP_SWP,
276	/*flags4*/0,
277	/*aen_holdoff_period*/{0, 0},
278	/*busy_timeout_period*/{0, 0},
279	/*extended_selftest_completion_time*/{0, 0}
280};
281
282static struct scsi_info_exceptions_page ie_page_default = {
283	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
284	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
285	/*info_flags*/SIEP_FLAGS_DEXCPT,
286	/*mrie*/0,
287	/*interval_timer*/{0, 0, 0, 0},
288	/*report_count*/{0, 0, 0, 0}
289};
290
291static struct scsi_info_exceptions_page ie_page_changeable = {
292	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
293	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
294	/*info_flags*/0,
295	/*mrie*/0,
296	/*interval_timer*/{0, 0, 0, 0},
297	/*report_count*/{0, 0, 0, 0}
298};
299
300#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
301
302static struct ctl_logical_block_provisioning_page lbp_page_default = {{
303	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
304	/*subpage_code*/0x02,
305	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
306	/*flags*/0,
307	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
308	/*descr*/{}},
309	{{/*flags*/0,
310	  /*resource*/0x01,
311	  /*reserved*/{0, 0},
312	  /*count*/{0, 0, 0, 0}},
313	 {/*flags*/0,
314	  /*resource*/0x02,
315	  /*reserved*/{0, 0},
316	  /*count*/{0, 0, 0, 0}},
317	 {/*flags*/0,
318	  /*resource*/0xf1,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0xf2,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}}
325	}
326};
327
328static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
329	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
330	/*subpage_code*/0x02,
331	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
332	/*flags*/0,
333	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
334	/*descr*/{}},
335	{{/*flags*/0,
336	  /*resource*/0,
337	  /*reserved*/{0, 0},
338	  /*count*/{0, 0, 0, 0}},
339	 {/*flags*/0,
340	  /*resource*/0,
341	  /*reserved*/{0, 0},
342	  /*count*/{0, 0, 0, 0}},
343	 {/*flags*/0,
344	  /*resource*/0,
345	  /*reserved*/{0, 0},
346	  /*count*/{0, 0, 0, 0}},
347	 {/*flags*/0,
348	  /*resource*/0,
349	  /*reserved*/{0, 0},
350	  /*count*/{0, 0, 0, 0}}
351	}
352};
353
354/*
355 * XXX KDM move these into the softc.
356 */
357static int rcv_sync_msg;
358static int persis_offset;
359static uint8_t ctl_pause_rtr;
360static int     ctl_is_single = 1;
361
362SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
363static int worker_threads = -1;
364SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
365    &worker_threads, 1, "Number of worker threads");
366static int ctl_debug = CTL_DEBUG_NONE;
367SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
368    &ctl_debug, 0, "Enabled debug flags");
369
370/*
371 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
372 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
373 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
374 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
375 */
376#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
377
378static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
379				  int param);
380static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
381static int ctl_init(void);
382void ctl_shutdown(void);
383static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
384static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
385static void ctl_ioctl_online(void *arg);
386static void ctl_ioctl_offline(void *arg);
387static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
388static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
389static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
390static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
391static int ctl_ioctl_submit_wait(union ctl_io *io);
392static void ctl_ioctl_datamove(union ctl_io *io);
393static void ctl_ioctl_done(union ctl_io *io);
394static void ctl_ioctl_hard_startstop_callback(void *arg,
395					      struct cfi_metatask *metatask);
396static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
397static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
398			      struct ctl_ooa *ooa_hdr,
399			      struct ctl_ooa_entry *kern_entries);
400static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
401		     struct thread *td);
402static uint32_t ctl_map_lun(int port_num, uint32_t lun);
403static uint32_t ctl_map_lun_back(int port_num, uint32_t lun);
404#ifdef unused
405static union ctl_io *ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port,
406				   uint32_t targ_target, uint32_t targ_lun,
407				   int can_wait);
408static void ctl_kfree_io(union ctl_io *io);
409#endif /* unused */
410static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
411			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
412static int ctl_free_lun(struct ctl_lun *lun);
413static void ctl_create_lun(struct ctl_be_lun *be_lun);
414/**
415static void ctl_failover_change_pages(struct ctl_softc *softc,
416				      struct ctl_scsiio *ctsio, int master);
417**/
418
419static int ctl_do_mode_select(union ctl_io *io);
420static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
421			   uint64_t res_key, uint64_t sa_res_key,
422			   uint8_t type, uint32_t residx,
423			   struct ctl_scsiio *ctsio,
424			   struct scsi_per_res_out *cdb,
425			   struct scsi_per_res_out_parms* param);
426static void ctl_pro_preempt_other(struct ctl_lun *lun,
427				  union ctl_ha_msg *msg);
428static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
429static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
430static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
431static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
432static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
433static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
434static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
435					 int alloc_len);
436static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
437					 int alloc_len);
438static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
439static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
440static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
441static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
442static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
443static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
444static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
445    union ctl_io *pending_io, union ctl_io *ooa_io);
446static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
447				union ctl_io *starting_io);
448static int ctl_check_blocked(struct ctl_lun *lun);
449static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
450				struct ctl_lun *lun,
451				const struct ctl_cmd_entry *entry,
452				struct ctl_scsiio *ctsio);
453//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
454static void ctl_failover(void);
455static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
456			       struct ctl_scsiio *ctsio);
457static int ctl_scsiio(struct ctl_scsiio *ctsio);
458
459static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
460static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
461			    ctl_ua_type ua_type);
462static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
463			 ctl_ua_type ua_type);
464static int ctl_abort_task(union ctl_io *io);
465static int ctl_abort_task_set(union ctl_io *io);
466static int ctl_i_t_nexus_reset(union ctl_io *io);
467static void ctl_run_task(union ctl_io *io);
468#ifdef CTL_IO_DELAY
469static void ctl_datamove_timer_wakeup(void *arg);
470static void ctl_done_timer_wakeup(void *arg);
471#endif /* CTL_IO_DELAY */
472
473static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
474static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
475static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
476static void ctl_datamove_remote_write(union ctl_io *io);
477static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
478static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
479static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
480static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
481				    ctl_ha_dt_cb callback);
482static void ctl_datamove_remote_read(union ctl_io *io);
483static void ctl_datamove_remote(union ctl_io *io);
484static int ctl_process_done(union ctl_io *io);
485static void ctl_lun_thread(void *arg);
486static void ctl_thresh_thread(void *arg);
487static void ctl_work_thread(void *arg);
488static void ctl_enqueue_incoming(union ctl_io *io);
489static void ctl_enqueue_rtr(union ctl_io *io);
490static void ctl_enqueue_done(union ctl_io *io);
491static void ctl_enqueue_isc(union ctl_io *io);
492static const struct ctl_cmd_entry *
493    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
494static const struct ctl_cmd_entry *
495    ctl_validate_command(struct ctl_scsiio *ctsio);
496static int ctl_cmd_applicable(uint8_t lun_type,
497    const struct ctl_cmd_entry *entry);
498
499/*
500 * Load the serialization table.  This isn't very pretty, but is probably
501 * the easiest way to do it.
502 */
503#include "ctl_ser_table.c"
504
505/*
506 * We only need to define open, close and ioctl routines for this driver.
507 */
508static struct cdevsw ctl_cdevsw = {
509	.d_version =	D_VERSION,
510	.d_flags =	0,
511	.d_open =	ctl_open,
512	.d_close =	ctl_close,
513	.d_ioctl =	ctl_ioctl,
514	.d_name =	"ctl",
515};
516
517
518MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
519MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
520
521static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
522
523static moduledata_t ctl_moduledata = {
524	"ctl",
525	ctl_module_event_handler,
526	NULL
527};
528
529DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
530MODULE_VERSION(ctl, 1);
531
532static struct ctl_frontend ioctl_frontend =
533{
534	.name = "ioctl",
535};
536
537static void
538ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
539			    union ctl_ha_msg *msg_info)
540{
541	struct ctl_scsiio *ctsio;
542
543	if (msg_info->hdr.original_sc == NULL) {
544		printf("%s: original_sc == NULL!\n", __func__);
545		/* XXX KDM now what? */
546		return;
547	}
548
549	ctsio = &msg_info->hdr.original_sc->scsiio;
550	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
551	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
552	ctsio->io_hdr.status = msg_info->hdr.status;
553	ctsio->scsi_status = msg_info->scsi.scsi_status;
554	ctsio->sense_len = msg_info->scsi.sense_len;
555	ctsio->sense_residual = msg_info->scsi.sense_residual;
556	ctsio->residual = msg_info->scsi.residual;
557	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
558	       sizeof(ctsio->sense_data));
559	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
560	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
561	ctl_enqueue_isc((union ctl_io *)ctsio);
562}
563
564static void
565ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
566				union ctl_ha_msg *msg_info)
567{
568	struct ctl_scsiio *ctsio;
569
570	if (msg_info->hdr.serializing_sc == NULL) {
571		printf("%s: serializing_sc == NULL!\n", __func__);
572		/* XXX KDM now what? */
573		return;
574	}
575
576	ctsio = &msg_info->hdr.serializing_sc->scsiio;
577#if 0
578	/*
579	 * Attempt to catch the situation where an I/O has
580	 * been freed, and we're using it again.
581	 */
582	if (ctsio->io_hdr.io_type == 0xff) {
583		union ctl_io *tmp_io;
584		tmp_io = (union ctl_io *)ctsio;
585		printf("%s: %p use after free!\n", __func__,
586		       ctsio);
587		printf("%s: type %d msg %d cdb %x iptl: "
588		       "%d:%d:%d:%d tag 0x%04x "
589		       "flag %#x status %x\n",
590			__func__,
591			tmp_io->io_hdr.io_type,
592			tmp_io->io_hdr.msg_type,
593			tmp_io->scsiio.cdb[0],
594			tmp_io->io_hdr.nexus.initid.id,
595			tmp_io->io_hdr.nexus.targ_port,
596			tmp_io->io_hdr.nexus.targ_target.id,
597			tmp_io->io_hdr.nexus.targ_lun,
598			(tmp_io->io_hdr.io_type ==
599			CTL_IO_TASK) ?
600			tmp_io->taskio.tag_num :
601			tmp_io->scsiio.tag_num,
602		        tmp_io->io_hdr.flags,
603			tmp_io->io_hdr.status);
604	}
605#endif
606	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
607	ctl_enqueue_isc((union ctl_io *)ctsio);
608}
609
610/*
611 * ISC (Inter Shelf Communication) event handler.  Events from the HA
612 * subsystem come in here.
613 */
614static void
615ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
616{
617	struct ctl_softc *ctl_softc;
618	union ctl_io *io;
619	struct ctl_prio *presio;
620	ctl_ha_status isc_status;
621
622	ctl_softc = control_softc;
623	io = NULL;
624
625
626#if 0
627	printf("CTL: Isc Msg event %d\n", event);
628#endif
629	if (event == CTL_HA_EVT_MSG_RECV) {
630		union ctl_ha_msg msg_info;
631
632		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
633					     sizeof(msg_info), /*wait*/ 0);
634#if 0
635		printf("CTL: msg_type %d\n", msg_info.msg_type);
636#endif
637		if (isc_status != 0) {
638			printf("Error receiving message, status = %d\n",
639			       isc_status);
640			return;
641		}
642
643		switch (msg_info.hdr.msg_type) {
644		case CTL_MSG_SERIALIZE:
645#if 0
646			printf("Serialize\n");
647#endif
648			io = ctl_alloc_io((void *)ctl_softc->othersc_pool);
649			if (io == NULL) {
650				printf("ctl_isc_event_handler: can't allocate "
651				       "ctl_io!\n");
652				/* Bad Juju */
653				/* Need to set busy and send msg back */
654				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
655				msg_info.hdr.status = CTL_SCSI_ERROR;
656				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
657				msg_info.scsi.sense_len = 0;
658			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
659				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
660				}
661				goto bailout;
662			}
663			ctl_zero_io(io);
664			// populate ctsio from msg_info
665			io->io_hdr.io_type = CTL_IO_SCSI;
666			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
667			io->io_hdr.original_sc = msg_info.hdr.original_sc;
668#if 0
669			printf("pOrig %x\n", (int)msg_info.original_sc);
670#endif
671			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
672					    CTL_FLAG_IO_ACTIVE;
673			/*
674			 * If we're in serialization-only mode, we don't
675			 * want to go through full done processing.  Thus
676			 * the COPY flag.
677			 *
678			 * XXX KDM add another flag that is more specific.
679			 */
680			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
681				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
682			io->io_hdr.nexus = msg_info.hdr.nexus;
683#if 0
684			printf("targ %d, port %d, iid %d, lun %d\n",
685			       io->io_hdr.nexus.targ_target.id,
686			       io->io_hdr.nexus.targ_port,
687			       io->io_hdr.nexus.initid.id,
688			       io->io_hdr.nexus.targ_lun);
689#endif
690			io->scsiio.tag_num = msg_info.scsi.tag_num;
691			io->scsiio.tag_type = msg_info.scsi.tag_type;
692			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
693			       CTL_MAX_CDBLEN);
694			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
695				const struct ctl_cmd_entry *entry;
696
697				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
698				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
699				io->io_hdr.flags |=
700					entry->flags & CTL_FLAG_DATA_MASK;
701			}
702			ctl_enqueue_isc(io);
703			break;
704
705		/* Performed on the Originating SC, XFER mode only */
706		case CTL_MSG_DATAMOVE: {
707			struct ctl_sg_entry *sgl;
708			int i, j;
709
710			io = msg_info.hdr.original_sc;
711			if (io == NULL) {
712				printf("%s: original_sc == NULL!\n", __func__);
713				/* XXX KDM do something here */
714				break;
715			}
716			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
717			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
718			/*
719			 * Keep track of this, we need to send it back over
720			 * when the datamove is complete.
721			 */
722			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
723
724			if (msg_info.dt.sg_sequence == 0) {
725				/*
726				 * XXX KDM we use the preallocated S/G list
727				 * here, but we'll need to change this to
728				 * dynamic allocation if we need larger S/G
729				 * lists.
730				 */
731				if (msg_info.dt.kern_sg_entries >
732				    sizeof(io->io_hdr.remote_sglist) /
733				    sizeof(io->io_hdr.remote_sglist[0])) {
734					printf("%s: number of S/G entries "
735					    "needed %u > allocated num %zd\n",
736					    __func__,
737					    msg_info.dt.kern_sg_entries,
738					    sizeof(io->io_hdr.remote_sglist)/
739					    sizeof(io->io_hdr.remote_sglist[0]));
740
741					/*
742					 * XXX KDM send a message back to
743					 * the other side to shut down the
744					 * DMA.  The error will come back
745					 * through via the normal channel.
746					 */
747					break;
748				}
749				sgl = io->io_hdr.remote_sglist;
750				memset(sgl, 0,
751				       sizeof(io->io_hdr.remote_sglist));
752
753				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
754
755				io->scsiio.kern_sg_entries =
756					msg_info.dt.kern_sg_entries;
757				io->scsiio.rem_sg_entries =
758					msg_info.dt.kern_sg_entries;
759				io->scsiio.kern_data_len =
760					msg_info.dt.kern_data_len;
761				io->scsiio.kern_total_len =
762					msg_info.dt.kern_total_len;
763				io->scsiio.kern_data_resid =
764					msg_info.dt.kern_data_resid;
765				io->scsiio.kern_rel_offset =
766					msg_info.dt.kern_rel_offset;
767				/*
768				 * Clear out per-DMA flags.
769				 */
770				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
771				/*
772				 * Add per-DMA flags that are set for this
773				 * particular DMA request.
774				 */
775				io->io_hdr.flags |= msg_info.dt.flags &
776						    CTL_FLAG_RDMA_MASK;
777			} else
778				sgl = (struct ctl_sg_entry *)
779					io->scsiio.kern_data_ptr;
780
781			for (i = msg_info.dt.sent_sg_entries, j = 0;
782			     i < (msg_info.dt.sent_sg_entries +
783			     msg_info.dt.cur_sg_entries); i++, j++) {
784				sgl[i].addr = msg_info.dt.sg_list[j].addr;
785				sgl[i].len = msg_info.dt.sg_list[j].len;
786
787#if 0
788				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
789				       __func__,
790				       msg_info.dt.sg_list[j].addr,
791				       msg_info.dt.sg_list[j].len,
792				       sgl[i].addr, sgl[i].len, j, i);
793#endif
794			}
795#if 0
796			memcpy(&sgl[msg_info.dt.sent_sg_entries],
797			       msg_info.dt.sg_list,
798			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
799#endif
800
801			/*
802			 * If this is the last piece of the I/O, we've got
803			 * the full S/G list.  Queue processing in the thread.
804			 * Otherwise wait for the next piece.
805			 */
806			if (msg_info.dt.sg_last != 0)
807				ctl_enqueue_isc(io);
808			break;
809		}
810		/* Performed on the Serializing (primary) SC, XFER mode only */
811		case CTL_MSG_DATAMOVE_DONE: {
812			if (msg_info.hdr.serializing_sc == NULL) {
813				printf("%s: serializing_sc == NULL!\n",
814				       __func__);
815				/* XXX KDM now what? */
816				break;
817			}
818			/*
819			 * We grab the sense information here in case
820			 * there was a failure, so we can return status
821			 * back to the initiator.
822			 */
823			io = msg_info.hdr.serializing_sc;
824			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
825			io->io_hdr.status = msg_info.hdr.status;
826			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
827			io->scsiio.sense_len = msg_info.scsi.sense_len;
828			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
829			io->io_hdr.port_status = msg_info.scsi.fetd_status;
830			io->scsiio.residual = msg_info.scsi.residual;
831			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
832			       sizeof(io->scsiio.sense_data));
833			ctl_enqueue_isc(io);
834			break;
835		}
836
837		/* Preformed on Originating SC, SER_ONLY mode */
838		case CTL_MSG_R2R:
839			io = msg_info.hdr.original_sc;
840			if (io == NULL) {
841				printf("%s: Major Bummer\n", __func__);
842				return;
843			} else {
844#if 0
845				printf("pOrig %x\n",(int) ctsio);
846#endif
847			}
848			io->io_hdr.msg_type = CTL_MSG_R2R;
849			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
850			ctl_enqueue_isc(io);
851			break;
852
853		/*
854		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
855		 * mode.
856		 * Performed on the Originating (i.e. secondary) SC in XFER
857		 * mode
858		 */
859		case CTL_MSG_FINISH_IO:
860			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
861				ctl_isc_handler_finish_xfer(ctl_softc,
862							    &msg_info);
863			else
864				ctl_isc_handler_finish_ser_only(ctl_softc,
865								&msg_info);
866			break;
867
868		/* Preformed on Originating SC */
869		case CTL_MSG_BAD_JUJU:
870			io = msg_info.hdr.original_sc;
871			if (io == NULL) {
872				printf("%s: Bad JUJU!, original_sc is NULL!\n",
873				       __func__);
874				break;
875			}
876			ctl_copy_sense_data(&msg_info, io);
877			/*
878			 * IO should have already been cleaned up on other
879			 * SC so clear this flag so we won't send a message
880			 * back to finish the IO there.
881			 */
882			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
883			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
884
885			/* io = msg_info.hdr.serializing_sc; */
886			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
887			ctl_enqueue_isc(io);
888			break;
889
890		/* Handle resets sent from the other side */
891		case CTL_MSG_MANAGE_TASKS: {
892			struct ctl_taskio *taskio;
893			taskio = (struct ctl_taskio *)ctl_alloc_io(
894				(void *)ctl_softc->othersc_pool);
895			if (taskio == NULL) {
896				printf("ctl_isc_event_handler: can't allocate "
897				       "ctl_io!\n");
898				/* Bad Juju */
899				/* should I just call the proper reset func
900				   here??? */
901				goto bailout;
902			}
903			ctl_zero_io((union ctl_io *)taskio);
904			taskio->io_hdr.io_type = CTL_IO_TASK;
905			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
906			taskio->io_hdr.nexus = msg_info.hdr.nexus;
907			taskio->task_action = msg_info.task.task_action;
908			taskio->tag_num = msg_info.task.tag_num;
909			taskio->tag_type = msg_info.task.tag_type;
910#ifdef CTL_TIME_IO
911			taskio->io_hdr.start_time = time_uptime;
912			getbintime(&taskio->io_hdr.start_bt);
913#if 0
914			cs_prof_gettime(&taskio->io_hdr.start_ticks);
915#endif
916#endif /* CTL_TIME_IO */
917			ctl_run_task((union ctl_io *)taskio);
918			break;
919		}
920		/* Persistent Reserve action which needs attention */
921		case CTL_MSG_PERS_ACTION:
922			presio = (struct ctl_prio *)ctl_alloc_io(
923				(void *)ctl_softc->othersc_pool);
924			if (presio == NULL) {
925				printf("ctl_isc_event_handler: can't allocate "
926				       "ctl_io!\n");
927				/* Bad Juju */
928				/* Need to set busy and send msg back */
929				goto bailout;
930			}
931			ctl_zero_io((union ctl_io *)presio);
932			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
933			presio->pr_msg = msg_info.pr;
934			ctl_enqueue_isc((union ctl_io *)presio);
935			break;
936		case CTL_MSG_SYNC_FE:
937			rcv_sync_msg = 1;
938			break;
939		default:
940		        printf("How did I get here?\n");
941		}
942	} else if (event == CTL_HA_EVT_MSG_SENT) {
943		if (param != CTL_HA_STATUS_SUCCESS) {
944			printf("Bad status from ctl_ha_msg_send status %d\n",
945			       param);
946		}
947		return;
948	} else if (event == CTL_HA_EVT_DISCONNECT) {
949		printf("CTL: Got a disconnect from Isc\n");
950		return;
951	} else {
952		printf("ctl_isc_event_handler: Unknown event %d\n", event);
953		return;
954	}
955
956bailout:
957	return;
958}
959
960static void
961ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
962{
963	struct scsi_sense_data *sense;
964
965	sense = &dest->scsiio.sense_data;
966	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
967	dest->scsiio.scsi_status = src->scsi.scsi_status;
968	dest->scsiio.sense_len = src->scsi.sense_len;
969	dest->io_hdr.status = src->hdr.status;
970}
971
972static int
973ctl_init(void)
974{
975	struct ctl_softc *softc;
976	struct ctl_io_pool *internal_pool, *emergency_pool, *other_pool;
977	struct ctl_port *port;
978        uint8_t sc_id =0;
979	int i, error, retval;
980	//int isc_retval;
981
982	retval = 0;
983	ctl_pause_rtr = 0;
984        rcv_sync_msg = 0;
985
986	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
987			       M_WAITOK | M_ZERO);
988	softc = control_softc;
989
990	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
991			      "cam/ctl");
992
993	softc->dev->si_drv1 = softc;
994
995	/*
996	 * By default, return a "bad LUN" peripheral qualifier for unknown
997	 * LUNs.  The user can override this default using the tunable or
998	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
999	 */
1000	softc->inquiry_pq_no_lun = 1;
1001	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
1002			  &softc->inquiry_pq_no_lun);
1003	sysctl_ctx_init(&softc->sysctl_ctx);
1004	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1005		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1006		CTLFLAG_RD, 0, "CAM Target Layer");
1007
1008	if (softc->sysctl_tree == NULL) {
1009		printf("%s: unable to allocate sysctl tree\n", __func__);
1010		destroy_dev(softc->dev);
1011		free(control_softc, M_DEVBUF);
1012		control_softc = NULL;
1013		return (ENOMEM);
1014	}
1015
1016	SYSCTL_ADD_INT(&softc->sysctl_ctx,
1017		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
1018		       "inquiry_pq_no_lun", CTLFLAG_RW,
1019		       &softc->inquiry_pq_no_lun, 0,
1020		       "Report no lun possible for invalid LUNs");
1021
1022	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1023	mtx_init(&softc->pool_lock, "CTL pool mutex", NULL, MTX_DEF);
1024	softc->open_count = 0;
1025
1026	/*
1027	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1028	 * the drive.
1029	 */
1030	softc->flags = CTL_FLAG_REAL_SYNC;
1031
1032	/*
1033	 * In Copan's HA scheme, the "master" and "slave" roles are
1034	 * figured out through the slot the controller is in.  Although it
1035	 * is an active/active system, someone has to be in charge.
1036 	 */
1037#ifdef NEEDTOPORT
1038        scmicro_rw(SCMICRO_GET_SHELF_ID, &sc_id);
1039#endif
1040
1041        if (sc_id == 0) {
1042		softc->flags |= CTL_FLAG_MASTER_SHELF;
1043		persis_offset = 0;
1044	} else
1045		persis_offset = CTL_MAX_INITIATORS;
1046
1047	/*
1048	 * XXX KDM need to figure out where we want to get our target ID
1049	 * and WWID.  Is it different on each port?
1050	 */
1051	softc->target.id = 0;
1052	softc->target.wwid[0] = 0x12345678;
1053	softc->target.wwid[1] = 0x87654321;
1054	STAILQ_INIT(&softc->lun_list);
1055	STAILQ_INIT(&softc->pending_lun_queue);
1056	STAILQ_INIT(&softc->fe_list);
1057	STAILQ_INIT(&softc->port_list);
1058	STAILQ_INIT(&softc->be_list);
1059	STAILQ_INIT(&softc->io_pools);
1060	ctl_tpc_init(softc);
1061
1062	if (ctl_pool_create(softc, CTL_POOL_INTERNAL, CTL_POOL_ENTRIES_INTERNAL,
1063			    &internal_pool)!= 0){
1064		printf("ctl: can't allocate %d entry internal pool, "
1065		       "exiting\n", CTL_POOL_ENTRIES_INTERNAL);
1066		return (ENOMEM);
1067	}
1068
1069	if (ctl_pool_create(softc, CTL_POOL_EMERGENCY,
1070			    CTL_POOL_ENTRIES_EMERGENCY, &emergency_pool) != 0) {
1071		printf("ctl: can't allocate %d entry emergency pool, "
1072		       "exiting\n", CTL_POOL_ENTRIES_EMERGENCY);
1073		ctl_pool_free(internal_pool);
1074		return (ENOMEM);
1075	}
1076
1077	if (ctl_pool_create(softc, CTL_POOL_4OTHERSC, CTL_POOL_ENTRIES_OTHER_SC,
1078	                    &other_pool) != 0)
1079	{
1080		printf("ctl: can't allocate %d entry other SC pool, "
1081		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1082		ctl_pool_free(internal_pool);
1083		ctl_pool_free(emergency_pool);
1084		return (ENOMEM);
1085	}
1086
1087	softc->internal_pool = internal_pool;
1088	softc->emergency_pool = emergency_pool;
1089	softc->othersc_pool = other_pool;
1090
1091	if (worker_threads <= 0)
1092		worker_threads = max(1, mp_ncpus / 4);
1093	if (worker_threads > CTL_MAX_THREADS)
1094		worker_threads = CTL_MAX_THREADS;
1095
1096	for (i = 0; i < worker_threads; i++) {
1097		struct ctl_thread *thr = &softc->threads[i];
1098
1099		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1100		thr->ctl_softc = softc;
1101		STAILQ_INIT(&thr->incoming_queue);
1102		STAILQ_INIT(&thr->rtr_queue);
1103		STAILQ_INIT(&thr->done_queue);
1104		STAILQ_INIT(&thr->isc_queue);
1105
1106		error = kproc_kthread_add(ctl_work_thread, thr,
1107		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1108		if (error != 0) {
1109			printf("error creating CTL work thread!\n");
1110			ctl_pool_free(internal_pool);
1111			ctl_pool_free(emergency_pool);
1112			ctl_pool_free(other_pool);
1113			return (error);
1114		}
1115	}
1116	error = kproc_kthread_add(ctl_lun_thread, softc,
1117	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1118	if (error != 0) {
1119		printf("error creating CTL lun thread!\n");
1120		ctl_pool_free(internal_pool);
1121		ctl_pool_free(emergency_pool);
1122		ctl_pool_free(other_pool);
1123		return (error);
1124	}
1125	error = kproc_kthread_add(ctl_thresh_thread, softc,
1126	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1127	if (error != 0) {
1128		printf("error creating CTL threshold thread!\n");
1129		ctl_pool_free(internal_pool);
1130		ctl_pool_free(emergency_pool);
1131		ctl_pool_free(other_pool);
1132		return (error);
1133	}
1134	if (bootverbose)
1135		printf("ctl: CAM Target Layer loaded\n");
1136
1137	/*
1138	 * Initialize the ioctl front end.
1139	 */
1140	ctl_frontend_register(&ioctl_frontend);
1141	port = &softc->ioctl_info.port;
1142	port->frontend = &ioctl_frontend;
1143	sprintf(softc->ioctl_info.port_name, "ioctl");
1144	port->port_type = CTL_PORT_IOCTL;
1145	port->num_requested_ctl_io = 100;
1146	port->port_name = softc->ioctl_info.port_name;
1147	port->port_online = ctl_ioctl_online;
1148	port->port_offline = ctl_ioctl_offline;
1149	port->onoff_arg = &softc->ioctl_info;
1150	port->lun_enable = ctl_ioctl_lun_enable;
1151	port->lun_disable = ctl_ioctl_lun_disable;
1152	port->targ_lun_arg = &softc->ioctl_info;
1153	port->fe_datamove = ctl_ioctl_datamove;
1154	port->fe_done = ctl_ioctl_done;
1155	port->max_targets = 15;
1156	port->max_target_id = 15;
1157
1158	if (ctl_port_register(&softc->ioctl_info.port,
1159	                  (softc->flags & CTL_FLAG_MASTER_SHELF)) != 0) {
1160		printf("ctl: ioctl front end registration failed, will "
1161		       "continue anyway\n");
1162	}
1163
1164#ifdef CTL_IO_DELAY
1165	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1166		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1167		       sizeof(struct callout), CTL_TIMER_BYTES);
1168		return (EINVAL);
1169	}
1170#endif /* CTL_IO_DELAY */
1171
1172	return (0);
1173}
1174
1175void
1176ctl_shutdown(void)
1177{
1178	struct ctl_softc *softc;
1179	struct ctl_lun *lun, *next_lun;
1180	struct ctl_io_pool *pool;
1181
1182	softc = (struct ctl_softc *)control_softc;
1183
1184	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1185		printf("ctl: ioctl front end deregistration failed\n");
1186
1187	mtx_lock(&softc->ctl_lock);
1188
1189	/*
1190	 * Free up each LUN.
1191	 */
1192	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1193		next_lun = STAILQ_NEXT(lun, links);
1194		ctl_free_lun(lun);
1195	}
1196
1197	mtx_unlock(&softc->ctl_lock);
1198
1199	ctl_frontend_deregister(&ioctl_frontend);
1200
1201	/*
1202	 * This will rip the rug out from under any FETDs or anyone else
1203	 * that has a pool allocated.  Since we increment our module
1204	 * refcount any time someone outside the main CTL module allocates
1205	 * a pool, we shouldn't have any problems here.  The user won't be
1206	 * able to unload the CTL module until client modules have
1207	 * successfully unloaded.
1208	 */
1209	while ((pool = STAILQ_FIRST(&softc->io_pools)) != NULL)
1210		ctl_pool_free(pool);
1211
1212#if 0
1213	ctl_shutdown_thread(softc->work_thread);
1214	mtx_destroy(&softc->queue_lock);
1215#endif
1216
1217	ctl_tpc_shutdown(softc);
1218	mtx_destroy(&softc->pool_lock);
1219	mtx_destroy(&softc->ctl_lock);
1220
1221	destroy_dev(softc->dev);
1222
1223	sysctl_ctx_free(&softc->sysctl_ctx);
1224
1225	free(control_softc, M_DEVBUF);
1226	control_softc = NULL;
1227
1228	if (bootverbose)
1229		printf("ctl: CAM Target Layer unloaded\n");
1230}
1231
1232static int
1233ctl_module_event_handler(module_t mod, int what, void *arg)
1234{
1235
1236	switch (what) {
1237	case MOD_LOAD:
1238		return (ctl_init());
1239	case MOD_UNLOAD:
1240		return (EBUSY);
1241	default:
1242		return (EOPNOTSUPP);
1243	}
1244}
1245
1246/*
1247 * XXX KDM should we do some access checks here?  Bump a reference count to
1248 * prevent a CTL module from being unloaded while someone has it open?
1249 */
1250static int
1251ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1252{
1253	return (0);
1254}
1255
1256static int
1257ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1258{
1259	return (0);
1260}
1261
1262int
1263ctl_port_enable(ctl_port_type port_type)
1264{
1265	struct ctl_softc *softc;
1266	struct ctl_port *port;
1267
1268	if (ctl_is_single == 0) {
1269		union ctl_ha_msg msg_info;
1270		int isc_retval;
1271
1272#if 0
1273		printf("%s: HA mode, synchronizing frontend enable\n",
1274		        __func__);
1275#endif
1276		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1277	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1278		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1279			printf("Sync msg send error retval %d\n", isc_retval);
1280		}
1281		if (!rcv_sync_msg) {
1282			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1283			        sizeof(msg_info), 1);
1284		}
1285#if 0
1286        	printf("CTL:Frontend Enable\n");
1287	} else {
1288		printf("%s: single mode, skipping frontend synchronization\n",
1289		        __func__);
1290#endif
1291	}
1292
1293	softc = control_softc;
1294
1295	STAILQ_FOREACH(port, &softc->port_list, links) {
1296		if (port_type & port->port_type)
1297		{
1298#if 0
1299			printf("port %d\n", port->targ_port);
1300#endif
1301			ctl_port_online(port);
1302		}
1303	}
1304
1305	return (0);
1306}
1307
1308int
1309ctl_port_disable(ctl_port_type port_type)
1310{
1311	struct ctl_softc *softc;
1312	struct ctl_port *port;
1313
1314	softc = control_softc;
1315
1316	STAILQ_FOREACH(port, &softc->port_list, links) {
1317		if (port_type & port->port_type)
1318			ctl_port_offline(port);
1319	}
1320
1321	return (0);
1322}
1323
1324/*
1325 * Returns 0 for success, 1 for failure.
1326 * Currently the only failure mode is if there aren't enough entries
1327 * allocated.  So, in case of a failure, look at num_entries_dropped,
1328 * reallocate and try again.
1329 */
1330int
1331ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1332	      int *num_entries_filled, int *num_entries_dropped,
1333	      ctl_port_type port_type, int no_virtual)
1334{
1335	struct ctl_softc *softc;
1336	struct ctl_port *port;
1337	int entries_dropped, entries_filled;
1338	int retval;
1339	int i;
1340
1341	softc = control_softc;
1342
1343	retval = 0;
1344	entries_filled = 0;
1345	entries_dropped = 0;
1346
1347	i = 0;
1348	mtx_lock(&softc->ctl_lock);
1349	STAILQ_FOREACH(port, &softc->port_list, links) {
1350		struct ctl_port_entry *entry;
1351
1352		if ((port->port_type & port_type) == 0)
1353			continue;
1354
1355		if ((no_virtual != 0)
1356		 && (port->virtual_port != 0))
1357			continue;
1358
1359		if (entries_filled >= num_entries_alloced) {
1360			entries_dropped++;
1361			continue;
1362		}
1363		entry = &entries[i];
1364
1365		entry->port_type = port->port_type;
1366		strlcpy(entry->port_name, port->port_name,
1367			sizeof(entry->port_name));
1368		entry->physical_port = port->physical_port;
1369		entry->virtual_port = port->virtual_port;
1370		entry->wwnn = port->wwnn;
1371		entry->wwpn = port->wwpn;
1372
1373		i++;
1374		entries_filled++;
1375	}
1376
1377	mtx_unlock(&softc->ctl_lock);
1378
1379	if (entries_dropped > 0)
1380		retval = 1;
1381
1382	*num_entries_dropped = entries_dropped;
1383	*num_entries_filled = entries_filled;
1384
1385	return (retval);
1386}
1387
1388static void
1389ctl_ioctl_online(void *arg)
1390{
1391	struct ctl_ioctl_info *ioctl_info;
1392
1393	ioctl_info = (struct ctl_ioctl_info *)arg;
1394
1395	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1396}
1397
1398static void
1399ctl_ioctl_offline(void *arg)
1400{
1401	struct ctl_ioctl_info *ioctl_info;
1402
1403	ioctl_info = (struct ctl_ioctl_info *)arg;
1404
1405	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1406}
1407
1408/*
1409 * Remove an initiator by port number and initiator ID.
1410 * Returns 0 for success, -1 for failure.
1411 */
1412int
1413ctl_remove_initiator(struct ctl_port *port, int iid)
1414{
1415	struct ctl_softc *softc = control_softc;
1416
1417	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1418
1419	if (iid > CTL_MAX_INIT_PER_PORT) {
1420		printf("%s: initiator ID %u > maximun %u!\n",
1421		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1422		return (-1);
1423	}
1424
1425	mtx_lock(&softc->ctl_lock);
1426	port->wwpn_iid[iid].in_use--;
1427	port->wwpn_iid[iid].last_use = time_uptime;
1428	mtx_unlock(&softc->ctl_lock);
1429
1430	return (0);
1431}
1432
1433/*
1434 * Add an initiator to the initiator map.
1435 * Returns iid for success, < 0 for failure.
1436 */
1437int
1438ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1439{
1440	struct ctl_softc *softc = control_softc;
1441	time_t best_time;
1442	int i, best;
1443
1444	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1445
1446	if (iid >= CTL_MAX_INIT_PER_PORT) {
1447		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1448		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1449		free(name, M_CTL);
1450		return (-1);
1451	}
1452
1453	mtx_lock(&softc->ctl_lock);
1454
1455	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1456		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1457			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1458				iid = i;
1459				break;
1460			}
1461			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1462			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1463				iid = i;
1464				break;
1465			}
1466		}
1467	}
1468
1469	if (iid < 0) {
1470		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1471			if (port->wwpn_iid[i].in_use == 0 &&
1472			    port->wwpn_iid[i].wwpn == 0 &&
1473			    port->wwpn_iid[i].name == NULL) {
1474				iid = i;
1475				break;
1476			}
1477		}
1478	}
1479
1480	if (iid < 0) {
1481		best = -1;
1482		best_time = INT32_MAX;
1483		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1484			if (port->wwpn_iid[i].in_use == 0) {
1485				if (port->wwpn_iid[i].last_use < best_time) {
1486					best = i;
1487					best_time = port->wwpn_iid[i].last_use;
1488				}
1489			}
1490		}
1491		iid = best;
1492	}
1493
1494	if (iid < 0) {
1495		mtx_unlock(&softc->ctl_lock);
1496		free(name, M_CTL);
1497		return (-2);
1498	}
1499
1500	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1501		/*
1502		 * This is not an error yet.
1503		 */
1504		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1505#if 0
1506			printf("%s: port %d iid %u WWPN %#jx arrived"
1507			    " again\n", __func__, port->targ_port,
1508			    iid, (uintmax_t)wwpn);
1509#endif
1510			goto take;
1511		}
1512		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1513		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1514#if 0
1515			printf("%s: port %d iid %u name '%s' arrived"
1516			    " again\n", __func__, port->targ_port,
1517			    iid, name);
1518#endif
1519			goto take;
1520		}
1521
1522		/*
1523		 * This is an error, but what do we do about it?  The
1524		 * driver is telling us we have a new WWPN for this
1525		 * initiator ID, so we pretty much need to use it.
1526		 */
1527		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1528		    " but WWPN %#jx '%s' is still at that address\n",
1529		    __func__, port->targ_port, iid, wwpn, name,
1530		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1531		    port->wwpn_iid[iid].name);
1532
1533		/*
1534		 * XXX KDM clear have_ca and ua_pending on each LUN for
1535		 * this initiator.
1536		 */
1537	}
1538take:
1539	free(port->wwpn_iid[iid].name, M_CTL);
1540	port->wwpn_iid[iid].name = name;
1541	port->wwpn_iid[iid].wwpn = wwpn;
1542	port->wwpn_iid[iid].in_use++;
1543	mtx_unlock(&softc->ctl_lock);
1544
1545	return (iid);
1546}
1547
1548static int
1549ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1550{
1551	int len;
1552
1553	switch (port->port_type) {
1554	case CTL_PORT_FC:
1555	{
1556		struct scsi_transportid_fcp *id =
1557		    (struct scsi_transportid_fcp *)buf;
1558		if (port->wwpn_iid[iid].wwpn == 0)
1559			return (0);
1560		memset(id, 0, sizeof(*id));
1561		id->format_protocol = SCSI_PROTO_FC;
1562		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1563		return (sizeof(*id));
1564	}
1565	case CTL_PORT_ISCSI:
1566	{
1567		struct scsi_transportid_iscsi_port *id =
1568		    (struct scsi_transportid_iscsi_port *)buf;
1569		if (port->wwpn_iid[iid].name == NULL)
1570			return (0);
1571		memset(id, 0, 256);
1572		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1573		    SCSI_PROTO_ISCSI;
1574		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1575		len = roundup2(min(len, 252), 4);
1576		scsi_ulto2b(len, id->additional_length);
1577		return (sizeof(*id) + len);
1578	}
1579	case CTL_PORT_SAS:
1580	{
1581		struct scsi_transportid_sas *id =
1582		    (struct scsi_transportid_sas *)buf;
1583		if (port->wwpn_iid[iid].wwpn == 0)
1584			return (0);
1585		memset(id, 0, sizeof(*id));
1586		id->format_protocol = SCSI_PROTO_SAS;
1587		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1588		return (sizeof(*id));
1589	}
1590	default:
1591	{
1592		struct scsi_transportid_spi *id =
1593		    (struct scsi_transportid_spi *)buf;
1594		memset(id, 0, sizeof(*id));
1595		id->format_protocol = SCSI_PROTO_SPI;
1596		scsi_ulto2b(iid, id->scsi_addr);
1597		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1598		return (sizeof(*id));
1599	}
1600	}
1601}
1602
1603static int
1604ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1605{
1606	return (0);
1607}
1608
1609static int
1610ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1611{
1612	return (0);
1613}
1614
1615/*
1616 * Data movement routine for the CTL ioctl frontend port.
1617 */
1618static int
1619ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1620{
1621	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1622	struct ctl_sg_entry ext_entry, kern_entry;
1623	int ext_sglen, ext_sg_entries, kern_sg_entries;
1624	int ext_sg_start, ext_offset;
1625	int len_to_copy, len_copied;
1626	int kern_watermark, ext_watermark;
1627	int ext_sglist_malloced;
1628	int i, j;
1629
1630	ext_sglist_malloced = 0;
1631	ext_sg_start = 0;
1632	ext_offset = 0;
1633
1634	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1635
1636	/*
1637	 * If this flag is set, fake the data transfer.
1638	 */
1639	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1640		ctsio->ext_data_filled = ctsio->ext_data_len;
1641		goto bailout;
1642	}
1643
1644	/*
1645	 * To simplify things here, if we have a single buffer, stick it in
1646	 * a S/G entry and just make it a single entry S/G list.
1647	 */
1648	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1649		int len_seen;
1650
1651		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1652
1653		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1654							   M_WAITOK);
1655		ext_sglist_malloced = 1;
1656		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1657				   ext_sglen) != 0) {
1658			ctl_set_internal_failure(ctsio,
1659						 /*sks_valid*/ 0,
1660						 /*retry_count*/ 0);
1661			goto bailout;
1662		}
1663		ext_sg_entries = ctsio->ext_sg_entries;
1664		len_seen = 0;
1665		for (i = 0; i < ext_sg_entries; i++) {
1666			if ((len_seen + ext_sglist[i].len) >=
1667			     ctsio->ext_data_filled) {
1668				ext_sg_start = i;
1669				ext_offset = ctsio->ext_data_filled - len_seen;
1670				break;
1671			}
1672			len_seen += ext_sglist[i].len;
1673		}
1674	} else {
1675		ext_sglist = &ext_entry;
1676		ext_sglist->addr = ctsio->ext_data_ptr;
1677		ext_sglist->len = ctsio->ext_data_len;
1678		ext_sg_entries = 1;
1679		ext_sg_start = 0;
1680		ext_offset = ctsio->ext_data_filled;
1681	}
1682
1683	if (ctsio->kern_sg_entries > 0) {
1684		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1685		kern_sg_entries = ctsio->kern_sg_entries;
1686	} else {
1687		kern_sglist = &kern_entry;
1688		kern_sglist->addr = ctsio->kern_data_ptr;
1689		kern_sglist->len = ctsio->kern_data_len;
1690		kern_sg_entries = 1;
1691	}
1692
1693
1694	kern_watermark = 0;
1695	ext_watermark = ext_offset;
1696	len_copied = 0;
1697	for (i = ext_sg_start, j = 0;
1698	     i < ext_sg_entries && j < kern_sg_entries;) {
1699		uint8_t *ext_ptr, *kern_ptr;
1700
1701		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1702				      kern_sglist[j].len - kern_watermark);
1703
1704		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1705		ext_ptr = ext_ptr + ext_watermark;
1706		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1707			/*
1708			 * XXX KDM fix this!
1709			 */
1710			panic("need to implement bus address support");
1711#if 0
1712			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1713#endif
1714		} else
1715			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1716		kern_ptr = kern_ptr + kern_watermark;
1717
1718		kern_watermark += len_to_copy;
1719		ext_watermark += len_to_copy;
1720
1721		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1722		     CTL_FLAG_DATA_IN) {
1723			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1724					 "bytes to user\n", len_to_copy));
1725			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1726					 "to %p\n", kern_ptr, ext_ptr));
1727			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1728				ctl_set_internal_failure(ctsio,
1729							 /*sks_valid*/ 0,
1730							 /*retry_count*/ 0);
1731				goto bailout;
1732			}
1733		} else {
1734			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1735					 "bytes from user\n", len_to_copy));
1736			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1737					 "to %p\n", ext_ptr, kern_ptr));
1738			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1739				ctl_set_internal_failure(ctsio,
1740							 /*sks_valid*/ 0,
1741							 /*retry_count*/0);
1742				goto bailout;
1743			}
1744		}
1745
1746		len_copied += len_to_copy;
1747
1748		if (ext_sglist[i].len == ext_watermark) {
1749			i++;
1750			ext_watermark = 0;
1751		}
1752
1753		if (kern_sglist[j].len == kern_watermark) {
1754			j++;
1755			kern_watermark = 0;
1756		}
1757	}
1758
1759	ctsio->ext_data_filled += len_copied;
1760
1761	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1762			 "kern_sg_entries: %d\n", ext_sg_entries,
1763			 kern_sg_entries));
1764	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1765			 "kern_data_len = %d\n", ctsio->ext_data_len,
1766			 ctsio->kern_data_len));
1767
1768
1769	/* XXX KDM set residual?? */
1770bailout:
1771
1772	if (ext_sglist_malloced != 0)
1773		free(ext_sglist, M_CTL);
1774
1775	return (CTL_RETVAL_COMPLETE);
1776}
1777
1778/*
1779 * Serialize a command that went down the "wrong" side, and so was sent to
1780 * this controller for execution.  The logic is a little different than the
1781 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1782 * sent back to the other side, but in the success case, we execute the
1783 * command on this side (XFER mode) or tell the other side to execute it
1784 * (SER_ONLY mode).
1785 */
1786static int
1787ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1788{
1789	struct ctl_softc *ctl_softc;
1790	union ctl_ha_msg msg_info;
1791	struct ctl_lun *lun;
1792	int retval = 0;
1793	uint32_t targ_lun;
1794
1795	ctl_softc = control_softc;
1796
1797	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1798	lun = ctl_softc->ctl_luns[targ_lun];
1799	if (lun==NULL)
1800	{
1801		/*
1802		 * Why isn't LUN defined? The other side wouldn't
1803		 * send a cmd if the LUN is undefined.
1804		 */
1805		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1806
1807		/* "Logical unit not supported" */
1808		ctl_set_sense_data(&msg_info.scsi.sense_data,
1809				   lun,
1810				   /*sense_format*/SSD_TYPE_NONE,
1811				   /*current_error*/ 1,
1812				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1813				   /*asc*/ 0x25,
1814				   /*ascq*/ 0x00,
1815				   SSD_ELEM_NONE);
1816
1817		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1818		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1819		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1820		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1821		msg_info.hdr.serializing_sc = NULL;
1822		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1823	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1824				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1825		}
1826		return(1);
1827
1828	}
1829
1830	mtx_lock(&lun->lun_lock);
1831    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1832
1833	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1834		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1835		 ooa_links))) {
1836	case CTL_ACTION_BLOCK:
1837		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1838		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1839				  blocked_links);
1840		break;
1841	case CTL_ACTION_PASS:
1842	case CTL_ACTION_SKIP:
1843		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1844			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1845			ctl_enqueue_rtr((union ctl_io *)ctsio);
1846		} else {
1847
1848			/* send msg back to other side */
1849			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1850			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1851			msg_info.hdr.msg_type = CTL_MSG_R2R;
1852#if 0
1853			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1854#endif
1855		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1856			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1857			}
1858		}
1859		break;
1860	case CTL_ACTION_OVERLAP:
1861		/* OVERLAPPED COMMANDS ATTEMPTED */
1862		ctl_set_sense_data(&msg_info.scsi.sense_data,
1863				   lun,
1864				   /*sense_format*/SSD_TYPE_NONE,
1865				   /*current_error*/ 1,
1866				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1867				   /*asc*/ 0x4E,
1868				   /*ascq*/ 0x00,
1869				   SSD_ELEM_NONE);
1870
1871		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1872		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1873		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1874		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1875		msg_info.hdr.serializing_sc = NULL;
1876		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1877#if 0
1878		printf("BAD JUJU:Major Bummer Overlap\n");
1879#endif
1880		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1881		retval = 1;
1882		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1883		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1884		}
1885		break;
1886	case CTL_ACTION_OVERLAP_TAG:
1887		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1888		ctl_set_sense_data(&msg_info.scsi.sense_data,
1889				   lun,
1890				   /*sense_format*/SSD_TYPE_NONE,
1891				   /*current_error*/ 1,
1892				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1893				   /*asc*/ 0x4D,
1894				   /*ascq*/ ctsio->tag_num & 0xff,
1895				   SSD_ELEM_NONE);
1896
1897		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1898		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1899		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1900		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1901		msg_info.hdr.serializing_sc = NULL;
1902		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1903#if 0
1904		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1905#endif
1906		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1907		retval = 1;
1908		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1909		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1910		}
1911		break;
1912	case CTL_ACTION_ERROR:
1913	default:
1914		/* "Internal target failure" */
1915		ctl_set_sense_data(&msg_info.scsi.sense_data,
1916				   lun,
1917				   /*sense_format*/SSD_TYPE_NONE,
1918				   /*current_error*/ 1,
1919				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1920				   /*asc*/ 0x44,
1921				   /*ascq*/ 0x00,
1922				   SSD_ELEM_NONE);
1923
1924		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1925		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1926		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1927		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1928		msg_info.hdr.serializing_sc = NULL;
1929		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1930#if 0
1931		printf("BAD JUJU:Major Bummer HW Error\n");
1932#endif
1933		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1934		retval = 1;
1935		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1936		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1937		}
1938		break;
1939	}
1940	mtx_unlock(&lun->lun_lock);
1941	return (retval);
1942}
1943
1944static int
1945ctl_ioctl_submit_wait(union ctl_io *io)
1946{
1947	struct ctl_fe_ioctl_params params;
1948	ctl_fe_ioctl_state last_state;
1949	int done, retval;
1950
1951	retval = 0;
1952
1953	bzero(&params, sizeof(params));
1954
1955	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
1956	cv_init(&params.sem, "ctlioccv");
1957	params.state = CTL_IOCTL_INPROG;
1958	last_state = params.state;
1959
1960	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
1961
1962	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
1963
1964	/* This shouldn't happen */
1965	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
1966		return (retval);
1967
1968	done = 0;
1969
1970	do {
1971		mtx_lock(&params.ioctl_mtx);
1972		/*
1973		 * Check the state here, and don't sleep if the state has
1974		 * already changed (i.e. wakeup has already occured, but we
1975		 * weren't waiting yet).
1976		 */
1977		if (params.state == last_state) {
1978			/* XXX KDM cv_wait_sig instead? */
1979			cv_wait(&params.sem, &params.ioctl_mtx);
1980		}
1981		last_state = params.state;
1982
1983		switch (params.state) {
1984		case CTL_IOCTL_INPROG:
1985			/* Why did we wake up? */
1986			/* XXX KDM error here? */
1987			mtx_unlock(&params.ioctl_mtx);
1988			break;
1989		case CTL_IOCTL_DATAMOVE:
1990			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
1991
1992			/*
1993			 * change last_state back to INPROG to avoid
1994			 * deadlock on subsequent data moves.
1995			 */
1996			params.state = last_state = CTL_IOCTL_INPROG;
1997
1998			mtx_unlock(&params.ioctl_mtx);
1999			ctl_ioctl_do_datamove(&io->scsiio);
2000			/*
2001			 * Note that in some cases, most notably writes,
2002			 * this will queue the I/O and call us back later.
2003			 * In other cases, generally reads, this routine
2004			 * will immediately call back and wake us up,
2005			 * probably using our own context.
2006			 */
2007			io->scsiio.be_move_done(io);
2008			break;
2009		case CTL_IOCTL_DONE:
2010			mtx_unlock(&params.ioctl_mtx);
2011			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
2012			done = 1;
2013			break;
2014		default:
2015			mtx_unlock(&params.ioctl_mtx);
2016			/* XXX KDM error here? */
2017			break;
2018		}
2019	} while (done == 0);
2020
2021	mtx_destroy(&params.ioctl_mtx);
2022	cv_destroy(&params.sem);
2023
2024	return (CTL_RETVAL_COMPLETE);
2025}
2026
2027static void
2028ctl_ioctl_datamove(union ctl_io *io)
2029{
2030	struct ctl_fe_ioctl_params *params;
2031
2032	params = (struct ctl_fe_ioctl_params *)
2033		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2034
2035	mtx_lock(&params->ioctl_mtx);
2036	params->state = CTL_IOCTL_DATAMOVE;
2037	cv_broadcast(&params->sem);
2038	mtx_unlock(&params->ioctl_mtx);
2039}
2040
2041static void
2042ctl_ioctl_done(union ctl_io *io)
2043{
2044	struct ctl_fe_ioctl_params *params;
2045
2046	params = (struct ctl_fe_ioctl_params *)
2047		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2048
2049	mtx_lock(&params->ioctl_mtx);
2050	params->state = CTL_IOCTL_DONE;
2051	cv_broadcast(&params->sem);
2052	mtx_unlock(&params->ioctl_mtx);
2053}
2054
2055static void
2056ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
2057{
2058	struct ctl_fe_ioctl_startstop_info *sd_info;
2059
2060	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
2061
2062	sd_info->hs_info.status = metatask->status;
2063	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
2064	sd_info->hs_info.luns_complete =
2065		metatask->taskinfo.startstop.luns_complete;
2066	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
2067
2068	cv_broadcast(&sd_info->sem);
2069}
2070
2071static void
2072ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
2073{
2074	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
2075
2076	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
2077
2078	mtx_lock(fe_bbr_info->lock);
2079	fe_bbr_info->bbr_info->status = metatask->status;
2080	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2081	fe_bbr_info->wakeup_done = 1;
2082	mtx_unlock(fe_bbr_info->lock);
2083
2084	cv_broadcast(&fe_bbr_info->sem);
2085}
2086
2087/*
2088 * Returns 0 for success, errno for failure.
2089 */
2090static int
2091ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2092		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2093{
2094	union ctl_io *io;
2095	int retval;
2096
2097	retval = 0;
2098
2099	mtx_lock(&lun->lun_lock);
2100	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2101	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2102	     ooa_links)) {
2103		struct ctl_ooa_entry *entry;
2104
2105		/*
2106		 * If we've got more than we can fit, just count the
2107		 * remaining entries.
2108		 */
2109		if (*cur_fill_num >= ooa_hdr->alloc_num)
2110			continue;
2111
2112		entry = &kern_entries[*cur_fill_num];
2113
2114		entry->tag_num = io->scsiio.tag_num;
2115		entry->lun_num = lun->lun;
2116#ifdef CTL_TIME_IO
2117		entry->start_bt = io->io_hdr.start_bt;
2118#endif
2119		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2120		entry->cdb_len = io->scsiio.cdb_len;
2121		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2122			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2123
2124		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2125			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2126
2127		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2128			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2129
2130		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2131			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2132
2133		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2134			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2135	}
2136	mtx_unlock(&lun->lun_lock);
2137
2138	return (retval);
2139}
2140
2141static void *
2142ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2143		 size_t error_str_len)
2144{
2145	void *kptr;
2146
2147	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2148
2149	if (copyin(user_addr, kptr, len) != 0) {
2150		snprintf(error_str, error_str_len, "Error copying %d bytes "
2151			 "from user address %p to kernel address %p", len,
2152			 user_addr, kptr);
2153		free(kptr, M_CTL);
2154		return (NULL);
2155	}
2156
2157	return (kptr);
2158}
2159
2160static void
2161ctl_free_args(int num_args, struct ctl_be_arg *args)
2162{
2163	int i;
2164
2165	if (args == NULL)
2166		return;
2167
2168	for (i = 0; i < num_args; i++) {
2169		free(args[i].kname, M_CTL);
2170		free(args[i].kvalue, M_CTL);
2171	}
2172
2173	free(args, M_CTL);
2174}
2175
2176static struct ctl_be_arg *
2177ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2178		char *error_str, size_t error_str_len)
2179{
2180	struct ctl_be_arg *args;
2181	int i;
2182
2183	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2184				error_str, error_str_len);
2185
2186	if (args == NULL)
2187		goto bailout;
2188
2189	for (i = 0; i < num_args; i++) {
2190		args[i].kname = NULL;
2191		args[i].kvalue = NULL;
2192	}
2193
2194	for (i = 0; i < num_args; i++) {
2195		uint8_t *tmpptr;
2196
2197		args[i].kname = ctl_copyin_alloc(args[i].name,
2198			args[i].namelen, error_str, error_str_len);
2199		if (args[i].kname == NULL)
2200			goto bailout;
2201
2202		if (args[i].kname[args[i].namelen - 1] != '\0') {
2203			snprintf(error_str, error_str_len, "Argument %d "
2204				 "name is not NUL-terminated", i);
2205			goto bailout;
2206		}
2207
2208		if (args[i].flags & CTL_BEARG_RD) {
2209			tmpptr = ctl_copyin_alloc(args[i].value,
2210				args[i].vallen, error_str, error_str_len);
2211			if (tmpptr == NULL)
2212				goto bailout;
2213			if ((args[i].flags & CTL_BEARG_ASCII)
2214			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2215				snprintf(error_str, error_str_len, "Argument "
2216				    "%d value is not NUL-terminated", i);
2217				goto bailout;
2218			}
2219			args[i].kvalue = tmpptr;
2220		} else {
2221			args[i].kvalue = malloc(args[i].vallen,
2222			    M_CTL, M_WAITOK | M_ZERO);
2223		}
2224	}
2225
2226	return (args);
2227bailout:
2228
2229	ctl_free_args(num_args, args);
2230
2231	return (NULL);
2232}
2233
2234static void
2235ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2236{
2237	int i;
2238
2239	for (i = 0; i < num_args; i++) {
2240		if (args[i].flags & CTL_BEARG_WR)
2241			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2242	}
2243}
2244
2245/*
2246 * Escape characters that are illegal or not recommended in XML.
2247 */
2248int
2249ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2250{
2251	char *end = str + size;
2252	int retval;
2253
2254	retval = 0;
2255
2256	for (; *str && str < end; str++) {
2257		switch (*str) {
2258		case '&':
2259			retval = sbuf_printf(sb, "&amp;");
2260			break;
2261		case '>':
2262			retval = sbuf_printf(sb, "&gt;");
2263			break;
2264		case '<':
2265			retval = sbuf_printf(sb, "&lt;");
2266			break;
2267		default:
2268			retval = sbuf_putc(sb, *str);
2269			break;
2270		}
2271
2272		if (retval != 0)
2273			break;
2274
2275	}
2276
2277	return (retval);
2278}
2279
2280static void
2281ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2282{
2283	struct scsi_vpd_id_descriptor *desc;
2284	int i;
2285
2286	if (id == NULL || id->len < 4)
2287		return;
2288	desc = (struct scsi_vpd_id_descriptor *)id->data;
2289	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2290	case SVPD_ID_TYPE_T10:
2291		sbuf_printf(sb, "t10.");
2292		break;
2293	case SVPD_ID_TYPE_EUI64:
2294		sbuf_printf(sb, "eui.");
2295		break;
2296	case SVPD_ID_TYPE_NAA:
2297		sbuf_printf(sb, "naa.");
2298		break;
2299	case SVPD_ID_TYPE_SCSI_NAME:
2300		break;
2301	}
2302	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2303	case SVPD_ID_CODESET_BINARY:
2304		for (i = 0; i < desc->length; i++)
2305			sbuf_printf(sb, "%02x", desc->identifier[i]);
2306		break;
2307	case SVPD_ID_CODESET_ASCII:
2308		sbuf_printf(sb, "%.*s", (int)desc->length,
2309		    (char *)desc->identifier);
2310		break;
2311	case SVPD_ID_CODESET_UTF8:
2312		sbuf_printf(sb, "%s", (char *)desc->identifier);
2313		break;
2314	}
2315}
2316
2317static int
2318ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2319	  struct thread *td)
2320{
2321	struct ctl_softc *softc;
2322	int retval;
2323
2324	softc = control_softc;
2325
2326	retval = 0;
2327
2328	switch (cmd) {
2329	case CTL_IO: {
2330		union ctl_io *io;
2331		void *pool_tmp;
2332
2333		/*
2334		 * If we haven't been "enabled", don't allow any SCSI I/O
2335		 * to this FETD.
2336		 */
2337		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2338			retval = EPERM;
2339			break;
2340		}
2341
2342		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2343		if (io == NULL) {
2344			printf("ctl_ioctl: can't allocate ctl_io!\n");
2345			retval = ENOSPC;
2346			break;
2347		}
2348
2349		/*
2350		 * Need to save the pool reference so it doesn't get
2351		 * spammed by the user's ctl_io.
2352		 */
2353		pool_tmp = io->io_hdr.pool;
2354
2355		memcpy(io, (void *)addr, sizeof(*io));
2356
2357		io->io_hdr.pool = pool_tmp;
2358		/*
2359		 * No status yet, so make sure the status is set properly.
2360		 */
2361		io->io_hdr.status = CTL_STATUS_NONE;
2362
2363		/*
2364		 * The user sets the initiator ID, target and LUN IDs.
2365		 */
2366		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2367		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2368		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2369		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2370			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2371
2372		retval = ctl_ioctl_submit_wait(io);
2373
2374		if (retval != 0) {
2375			ctl_free_io(io);
2376			break;
2377		}
2378
2379		memcpy((void *)addr, io, sizeof(*io));
2380
2381		/* return this to our pool */
2382		ctl_free_io(io);
2383
2384		break;
2385	}
2386	case CTL_ENABLE_PORT:
2387	case CTL_DISABLE_PORT:
2388	case CTL_SET_PORT_WWNS: {
2389		struct ctl_port *port;
2390		struct ctl_port_entry *entry;
2391
2392		entry = (struct ctl_port_entry *)addr;
2393
2394		mtx_lock(&softc->ctl_lock);
2395		STAILQ_FOREACH(port, &softc->port_list, links) {
2396			int action, done;
2397
2398			action = 0;
2399			done = 0;
2400
2401			if ((entry->port_type == CTL_PORT_NONE)
2402			 && (entry->targ_port == port->targ_port)) {
2403				/*
2404				 * If the user only wants to enable or
2405				 * disable or set WWNs on a specific port,
2406				 * do the operation and we're done.
2407				 */
2408				action = 1;
2409				done = 1;
2410			} else if (entry->port_type & port->port_type) {
2411				/*
2412				 * Compare the user's type mask with the
2413				 * particular frontend type to see if we
2414				 * have a match.
2415				 */
2416				action = 1;
2417				done = 0;
2418
2419				/*
2420				 * Make sure the user isn't trying to set
2421				 * WWNs on multiple ports at the same time.
2422				 */
2423				if (cmd == CTL_SET_PORT_WWNS) {
2424					printf("%s: Can't set WWNs on "
2425					       "multiple ports\n", __func__);
2426					retval = EINVAL;
2427					break;
2428				}
2429			}
2430			if (action != 0) {
2431				/*
2432				 * XXX KDM we have to drop the lock here,
2433				 * because the online/offline operations
2434				 * can potentially block.  We need to
2435				 * reference count the frontends so they
2436				 * can't go away,
2437				 */
2438				mtx_unlock(&softc->ctl_lock);
2439
2440				if (cmd == CTL_ENABLE_PORT) {
2441					struct ctl_lun *lun;
2442
2443					STAILQ_FOREACH(lun, &softc->lun_list,
2444						       links) {
2445						port->lun_enable(port->targ_lun_arg,
2446						    lun->target,
2447						    lun->lun);
2448					}
2449
2450					ctl_port_online(port);
2451				} else if (cmd == CTL_DISABLE_PORT) {
2452					struct ctl_lun *lun;
2453
2454					ctl_port_offline(port);
2455
2456					STAILQ_FOREACH(lun, &softc->lun_list,
2457						       links) {
2458						port->lun_disable(
2459						    port->targ_lun_arg,
2460						    lun->target,
2461						    lun->lun);
2462					}
2463				}
2464
2465				mtx_lock(&softc->ctl_lock);
2466
2467				if (cmd == CTL_SET_PORT_WWNS)
2468					ctl_port_set_wwns(port,
2469					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2470					    1 : 0, entry->wwnn,
2471					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2472					    1 : 0, entry->wwpn);
2473			}
2474			if (done != 0)
2475				break;
2476		}
2477		mtx_unlock(&softc->ctl_lock);
2478		break;
2479	}
2480	case CTL_GET_PORT_LIST: {
2481		struct ctl_port *port;
2482		struct ctl_port_list *list;
2483		int i;
2484
2485		list = (struct ctl_port_list *)addr;
2486
2487		if (list->alloc_len != (list->alloc_num *
2488		    sizeof(struct ctl_port_entry))) {
2489			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2490			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2491			       "%zu\n", __func__, list->alloc_len,
2492			       list->alloc_num, sizeof(struct ctl_port_entry));
2493			retval = EINVAL;
2494			break;
2495		}
2496		list->fill_len = 0;
2497		list->fill_num = 0;
2498		list->dropped_num = 0;
2499		i = 0;
2500		mtx_lock(&softc->ctl_lock);
2501		STAILQ_FOREACH(port, &softc->port_list, links) {
2502			struct ctl_port_entry entry, *list_entry;
2503
2504			if (list->fill_num >= list->alloc_num) {
2505				list->dropped_num++;
2506				continue;
2507			}
2508
2509			entry.port_type = port->port_type;
2510			strlcpy(entry.port_name, port->port_name,
2511				sizeof(entry.port_name));
2512			entry.targ_port = port->targ_port;
2513			entry.physical_port = port->physical_port;
2514			entry.virtual_port = port->virtual_port;
2515			entry.wwnn = port->wwnn;
2516			entry.wwpn = port->wwpn;
2517			if (port->status & CTL_PORT_STATUS_ONLINE)
2518				entry.online = 1;
2519			else
2520				entry.online = 0;
2521
2522			list_entry = &list->entries[i];
2523
2524			retval = copyout(&entry, list_entry, sizeof(entry));
2525			if (retval != 0) {
2526				printf("%s: CTL_GET_PORT_LIST: copyout "
2527				       "returned %d\n", __func__, retval);
2528				break;
2529			}
2530			i++;
2531			list->fill_num++;
2532			list->fill_len += sizeof(entry);
2533		}
2534		mtx_unlock(&softc->ctl_lock);
2535
2536		/*
2537		 * If this is non-zero, we had a copyout fault, so there's
2538		 * probably no point in attempting to set the status inside
2539		 * the structure.
2540		 */
2541		if (retval != 0)
2542			break;
2543
2544		if (list->dropped_num > 0)
2545			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2546		else
2547			list->status = CTL_PORT_LIST_OK;
2548		break;
2549	}
2550	case CTL_DUMP_OOA: {
2551		struct ctl_lun *lun;
2552		union ctl_io *io;
2553		char printbuf[128];
2554		struct sbuf sb;
2555
2556		mtx_lock(&softc->ctl_lock);
2557		printf("Dumping OOA queues:\n");
2558		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2559			mtx_lock(&lun->lun_lock);
2560			for (io = (union ctl_io *)TAILQ_FIRST(
2561			     &lun->ooa_queue); io != NULL;
2562			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2563			     ooa_links)) {
2564				sbuf_new(&sb, printbuf, sizeof(printbuf),
2565					 SBUF_FIXEDLEN);
2566				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2567					    (intmax_t)lun->lun,
2568					    io->scsiio.tag_num,
2569					    (io->io_hdr.flags &
2570					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2571					    (io->io_hdr.flags &
2572					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2573					    (io->io_hdr.flags &
2574					    CTL_FLAG_ABORT) ? " ABORT" : "",
2575			                    (io->io_hdr.flags &
2576		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2577				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2578				sbuf_finish(&sb);
2579				printf("%s\n", sbuf_data(&sb));
2580			}
2581			mtx_unlock(&lun->lun_lock);
2582		}
2583		printf("OOA queues dump done\n");
2584		mtx_unlock(&softc->ctl_lock);
2585		break;
2586	}
2587	case CTL_GET_OOA: {
2588		struct ctl_lun *lun;
2589		struct ctl_ooa *ooa_hdr;
2590		struct ctl_ooa_entry *entries;
2591		uint32_t cur_fill_num;
2592
2593		ooa_hdr = (struct ctl_ooa *)addr;
2594
2595		if ((ooa_hdr->alloc_len == 0)
2596		 || (ooa_hdr->alloc_num == 0)) {
2597			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2598			       "must be non-zero\n", __func__,
2599			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2600			retval = EINVAL;
2601			break;
2602		}
2603
2604		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2605		    sizeof(struct ctl_ooa_entry))) {
2606			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2607			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2608			       __func__, ooa_hdr->alloc_len,
2609			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2610			retval = EINVAL;
2611			break;
2612		}
2613
2614		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2615		if (entries == NULL) {
2616			printf("%s: could not allocate %d bytes for OOA "
2617			       "dump\n", __func__, ooa_hdr->alloc_len);
2618			retval = ENOMEM;
2619			break;
2620		}
2621
2622		mtx_lock(&softc->ctl_lock);
2623		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2624		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2625		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2626			mtx_unlock(&softc->ctl_lock);
2627			free(entries, M_CTL);
2628			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2629			       __func__, (uintmax_t)ooa_hdr->lun_num);
2630			retval = EINVAL;
2631			break;
2632		}
2633
2634		cur_fill_num = 0;
2635
2636		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2637			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2638				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2639					ooa_hdr, entries);
2640				if (retval != 0)
2641					break;
2642			}
2643			if (retval != 0) {
2644				mtx_unlock(&softc->ctl_lock);
2645				free(entries, M_CTL);
2646				break;
2647			}
2648		} else {
2649			lun = softc->ctl_luns[ooa_hdr->lun_num];
2650
2651			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2652						    entries);
2653		}
2654		mtx_unlock(&softc->ctl_lock);
2655
2656		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2657		ooa_hdr->fill_len = ooa_hdr->fill_num *
2658			sizeof(struct ctl_ooa_entry);
2659		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2660		if (retval != 0) {
2661			printf("%s: error copying out %d bytes for OOA dump\n",
2662			       __func__, ooa_hdr->fill_len);
2663		}
2664
2665		getbintime(&ooa_hdr->cur_bt);
2666
2667		if (cur_fill_num > ooa_hdr->alloc_num) {
2668			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2669			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2670		} else {
2671			ooa_hdr->dropped_num = 0;
2672			ooa_hdr->status = CTL_OOA_OK;
2673		}
2674
2675		free(entries, M_CTL);
2676		break;
2677	}
2678	case CTL_CHECK_OOA: {
2679		union ctl_io *io;
2680		struct ctl_lun *lun;
2681		struct ctl_ooa_info *ooa_info;
2682
2683
2684		ooa_info = (struct ctl_ooa_info *)addr;
2685
2686		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2687			ooa_info->status = CTL_OOA_INVALID_LUN;
2688			break;
2689		}
2690		mtx_lock(&softc->ctl_lock);
2691		lun = softc->ctl_luns[ooa_info->lun_id];
2692		if (lun == NULL) {
2693			mtx_unlock(&softc->ctl_lock);
2694			ooa_info->status = CTL_OOA_INVALID_LUN;
2695			break;
2696		}
2697		mtx_lock(&lun->lun_lock);
2698		mtx_unlock(&softc->ctl_lock);
2699		ooa_info->num_entries = 0;
2700		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2701		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2702		     &io->io_hdr, ooa_links)) {
2703			ooa_info->num_entries++;
2704		}
2705		mtx_unlock(&lun->lun_lock);
2706
2707		ooa_info->status = CTL_OOA_SUCCESS;
2708
2709		break;
2710	}
2711	case CTL_HARD_START:
2712	case CTL_HARD_STOP: {
2713		struct ctl_fe_ioctl_startstop_info ss_info;
2714		struct cfi_metatask *metatask;
2715		struct mtx hs_mtx;
2716
2717		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2718
2719		cv_init(&ss_info.sem, "hard start/stop cv" );
2720
2721		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2722		if (metatask == NULL) {
2723			retval = ENOMEM;
2724			mtx_destroy(&hs_mtx);
2725			break;
2726		}
2727
2728		if (cmd == CTL_HARD_START)
2729			metatask->tasktype = CFI_TASK_STARTUP;
2730		else
2731			metatask->tasktype = CFI_TASK_SHUTDOWN;
2732
2733		metatask->callback = ctl_ioctl_hard_startstop_callback;
2734		metatask->callback_arg = &ss_info;
2735
2736		cfi_action(metatask);
2737
2738		/* Wait for the callback */
2739		mtx_lock(&hs_mtx);
2740		cv_wait_sig(&ss_info.sem, &hs_mtx);
2741		mtx_unlock(&hs_mtx);
2742
2743		/*
2744		 * All information has been copied from the metatask by the
2745		 * time cv_broadcast() is called, so we free the metatask here.
2746		 */
2747		cfi_free_metatask(metatask);
2748
2749		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2750
2751		mtx_destroy(&hs_mtx);
2752		break;
2753	}
2754	case CTL_BBRREAD: {
2755		struct ctl_bbrread_info *bbr_info;
2756		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2757		struct mtx bbr_mtx;
2758		struct cfi_metatask *metatask;
2759
2760		bbr_info = (struct ctl_bbrread_info *)addr;
2761
2762		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2763
2764		bzero(&bbr_mtx, sizeof(bbr_mtx));
2765		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2766
2767		fe_bbr_info.bbr_info = bbr_info;
2768		fe_bbr_info.lock = &bbr_mtx;
2769
2770		cv_init(&fe_bbr_info.sem, "BBR read cv");
2771		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2772
2773		if (metatask == NULL) {
2774			mtx_destroy(&bbr_mtx);
2775			cv_destroy(&fe_bbr_info.sem);
2776			retval = ENOMEM;
2777			break;
2778		}
2779		metatask->tasktype = CFI_TASK_BBRREAD;
2780		metatask->callback = ctl_ioctl_bbrread_callback;
2781		metatask->callback_arg = &fe_bbr_info;
2782		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2783		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2784		metatask->taskinfo.bbrread.len = bbr_info->len;
2785
2786		cfi_action(metatask);
2787
2788		mtx_lock(&bbr_mtx);
2789		while (fe_bbr_info.wakeup_done == 0)
2790			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2791		mtx_unlock(&bbr_mtx);
2792
2793		bbr_info->status = metatask->status;
2794		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2795		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2796		memcpy(&bbr_info->sense_data,
2797		       &metatask->taskinfo.bbrread.sense_data,
2798		       ctl_min(sizeof(bbr_info->sense_data),
2799			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2800
2801		cfi_free_metatask(metatask);
2802
2803		mtx_destroy(&bbr_mtx);
2804		cv_destroy(&fe_bbr_info.sem);
2805
2806		break;
2807	}
2808	case CTL_DELAY_IO: {
2809		struct ctl_io_delay_info *delay_info;
2810#ifdef CTL_IO_DELAY
2811		struct ctl_lun *lun;
2812#endif /* CTL_IO_DELAY */
2813
2814		delay_info = (struct ctl_io_delay_info *)addr;
2815
2816#ifdef CTL_IO_DELAY
2817		mtx_lock(&softc->ctl_lock);
2818
2819		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2820		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2821			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2822		} else {
2823			lun = softc->ctl_luns[delay_info->lun_id];
2824			mtx_lock(&lun->lun_lock);
2825
2826			delay_info->status = CTL_DELAY_STATUS_OK;
2827
2828			switch (delay_info->delay_type) {
2829			case CTL_DELAY_TYPE_CONT:
2830				break;
2831			case CTL_DELAY_TYPE_ONESHOT:
2832				break;
2833			default:
2834				delay_info->status =
2835					CTL_DELAY_STATUS_INVALID_TYPE;
2836				break;
2837			}
2838
2839			switch (delay_info->delay_loc) {
2840			case CTL_DELAY_LOC_DATAMOVE:
2841				lun->delay_info.datamove_type =
2842					delay_info->delay_type;
2843				lun->delay_info.datamove_delay =
2844					delay_info->delay_secs;
2845				break;
2846			case CTL_DELAY_LOC_DONE:
2847				lun->delay_info.done_type =
2848					delay_info->delay_type;
2849				lun->delay_info.done_delay =
2850					delay_info->delay_secs;
2851				break;
2852			default:
2853				delay_info->status =
2854					CTL_DELAY_STATUS_INVALID_LOC;
2855				break;
2856			}
2857			mtx_unlock(&lun->lun_lock);
2858		}
2859
2860		mtx_unlock(&softc->ctl_lock);
2861#else
2862		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2863#endif /* CTL_IO_DELAY */
2864		break;
2865	}
2866	case CTL_REALSYNC_SET: {
2867		int *syncstate;
2868
2869		syncstate = (int *)addr;
2870
2871		mtx_lock(&softc->ctl_lock);
2872		switch (*syncstate) {
2873		case 0:
2874			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2875			break;
2876		case 1:
2877			softc->flags |= CTL_FLAG_REAL_SYNC;
2878			break;
2879		default:
2880			retval = EINVAL;
2881			break;
2882		}
2883		mtx_unlock(&softc->ctl_lock);
2884		break;
2885	}
2886	case CTL_REALSYNC_GET: {
2887		int *syncstate;
2888
2889		syncstate = (int*)addr;
2890
2891		mtx_lock(&softc->ctl_lock);
2892		if (softc->flags & CTL_FLAG_REAL_SYNC)
2893			*syncstate = 1;
2894		else
2895			*syncstate = 0;
2896		mtx_unlock(&softc->ctl_lock);
2897
2898		break;
2899	}
2900	case CTL_SETSYNC:
2901	case CTL_GETSYNC: {
2902		struct ctl_sync_info *sync_info;
2903		struct ctl_lun *lun;
2904
2905		sync_info = (struct ctl_sync_info *)addr;
2906
2907		mtx_lock(&softc->ctl_lock);
2908		lun = softc->ctl_luns[sync_info->lun_id];
2909		if (lun == NULL) {
2910			mtx_unlock(&softc->ctl_lock);
2911			sync_info->status = CTL_GS_SYNC_NO_LUN;
2912		}
2913		/*
2914		 * Get or set the sync interval.  We're not bounds checking
2915		 * in the set case, hopefully the user won't do something
2916		 * silly.
2917		 */
2918		mtx_lock(&lun->lun_lock);
2919		mtx_unlock(&softc->ctl_lock);
2920		if (cmd == CTL_GETSYNC)
2921			sync_info->sync_interval = lun->sync_interval;
2922		else
2923			lun->sync_interval = sync_info->sync_interval;
2924		mtx_unlock(&lun->lun_lock);
2925
2926		sync_info->status = CTL_GS_SYNC_OK;
2927
2928		break;
2929	}
2930	case CTL_GETSTATS: {
2931		struct ctl_stats *stats;
2932		struct ctl_lun *lun;
2933		int i;
2934
2935		stats = (struct ctl_stats *)addr;
2936
2937		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2938		     stats->alloc_len) {
2939			stats->status = CTL_SS_NEED_MORE_SPACE;
2940			stats->num_luns = softc->num_luns;
2941			break;
2942		}
2943		/*
2944		 * XXX KDM no locking here.  If the LUN list changes,
2945		 * things can blow up.
2946		 */
2947		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2948		     i++, lun = STAILQ_NEXT(lun, links)) {
2949			retval = copyout(&lun->stats, &stats->lun_stats[i],
2950					 sizeof(lun->stats));
2951			if (retval != 0)
2952				break;
2953		}
2954		stats->num_luns = softc->num_luns;
2955		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2956				 softc->num_luns;
2957		stats->status = CTL_SS_OK;
2958#ifdef CTL_TIME_IO
2959		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2960#else
2961		stats->flags = CTL_STATS_FLAG_NONE;
2962#endif
2963		getnanouptime(&stats->timestamp);
2964		break;
2965	}
2966	case CTL_ERROR_INJECT: {
2967		struct ctl_error_desc *err_desc, *new_err_desc;
2968		struct ctl_lun *lun;
2969
2970		err_desc = (struct ctl_error_desc *)addr;
2971
2972		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2973				      M_WAITOK | M_ZERO);
2974		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2975
2976		mtx_lock(&softc->ctl_lock);
2977		lun = softc->ctl_luns[err_desc->lun_id];
2978		if (lun == NULL) {
2979			mtx_unlock(&softc->ctl_lock);
2980			free(new_err_desc, M_CTL);
2981			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2982			       __func__, (uintmax_t)err_desc->lun_id);
2983			retval = EINVAL;
2984			break;
2985		}
2986		mtx_lock(&lun->lun_lock);
2987		mtx_unlock(&softc->ctl_lock);
2988
2989		/*
2990		 * We could do some checking here to verify the validity
2991		 * of the request, but given the complexity of error
2992		 * injection requests, the checking logic would be fairly
2993		 * complex.
2994		 *
2995		 * For now, if the request is invalid, it just won't get
2996		 * executed and might get deleted.
2997		 */
2998		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2999
3000		/*
3001		 * XXX KDM check to make sure the serial number is unique,
3002		 * in case we somehow manage to wrap.  That shouldn't
3003		 * happen for a very long time, but it's the right thing to
3004		 * do.
3005		 */
3006		new_err_desc->serial = lun->error_serial;
3007		err_desc->serial = lun->error_serial;
3008		lun->error_serial++;
3009
3010		mtx_unlock(&lun->lun_lock);
3011		break;
3012	}
3013	case CTL_ERROR_INJECT_DELETE: {
3014		struct ctl_error_desc *delete_desc, *desc, *desc2;
3015		struct ctl_lun *lun;
3016		int delete_done;
3017
3018		delete_desc = (struct ctl_error_desc *)addr;
3019		delete_done = 0;
3020
3021		mtx_lock(&softc->ctl_lock);
3022		lun = softc->ctl_luns[delete_desc->lun_id];
3023		if (lun == NULL) {
3024			mtx_unlock(&softc->ctl_lock);
3025			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
3026			       __func__, (uintmax_t)delete_desc->lun_id);
3027			retval = EINVAL;
3028			break;
3029		}
3030		mtx_lock(&lun->lun_lock);
3031		mtx_unlock(&softc->ctl_lock);
3032		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
3033			if (desc->serial != delete_desc->serial)
3034				continue;
3035
3036			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
3037				      links);
3038			free(desc, M_CTL);
3039			delete_done = 1;
3040		}
3041		mtx_unlock(&lun->lun_lock);
3042		if (delete_done == 0) {
3043			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
3044			       "error serial %ju on LUN %u\n", __func__,
3045			       delete_desc->serial, delete_desc->lun_id);
3046			retval = EINVAL;
3047			break;
3048		}
3049		break;
3050	}
3051	case CTL_DUMP_STRUCTS: {
3052		int i, j, k, idx;
3053		struct ctl_port *port;
3054		struct ctl_frontend *fe;
3055
3056		mtx_lock(&softc->ctl_lock);
3057		printf("CTL Persistent Reservation information start:\n");
3058		for (i = 0; i < CTL_MAX_LUNS; i++) {
3059			struct ctl_lun *lun;
3060
3061			lun = softc->ctl_luns[i];
3062
3063			if ((lun == NULL)
3064			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3065				continue;
3066
3067			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
3068				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3069					idx = j * CTL_MAX_INIT_PER_PORT + k;
3070					if (lun->pr_keys[idx] == 0)
3071						continue;
3072					printf("  LUN %d port %d iid %d key "
3073					       "%#jx\n", i, j, k,
3074					       (uintmax_t)lun->pr_keys[idx]);
3075				}
3076			}
3077		}
3078		printf("CTL Persistent Reservation information end\n");
3079		printf("CTL Ports:\n");
3080		STAILQ_FOREACH(port, &softc->port_list, links) {
3081			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3082			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3083			       port->frontend->name, port->port_type,
3084			       port->physical_port, port->virtual_port,
3085			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3086			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3087				if (port->wwpn_iid[j].in_use == 0 &&
3088				    port->wwpn_iid[j].wwpn == 0 &&
3089				    port->wwpn_iid[j].name == NULL)
3090					continue;
3091
3092				printf("    iid %u use %d WWPN %#jx '%s'\n",
3093				    j, port->wwpn_iid[j].in_use,
3094				    (uintmax_t)port->wwpn_iid[j].wwpn,
3095				    port->wwpn_iid[j].name);
3096			}
3097		}
3098		printf("CTL Port information end\n");
3099		mtx_unlock(&softc->ctl_lock);
3100		/*
3101		 * XXX KDM calling this without a lock.  We'd likely want
3102		 * to drop the lock before calling the frontend's dump
3103		 * routine anyway.
3104		 */
3105		printf("CTL Frontends:\n");
3106		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3107			printf("  Frontend '%s'\n", fe->name);
3108			if (fe->fe_dump != NULL)
3109				fe->fe_dump();
3110		}
3111		printf("CTL Frontend information end\n");
3112		break;
3113	}
3114	case CTL_LUN_REQ: {
3115		struct ctl_lun_req *lun_req;
3116		struct ctl_backend_driver *backend;
3117
3118		lun_req = (struct ctl_lun_req *)addr;
3119
3120		backend = ctl_backend_find(lun_req->backend);
3121		if (backend == NULL) {
3122			lun_req->status = CTL_LUN_ERROR;
3123			snprintf(lun_req->error_str,
3124				 sizeof(lun_req->error_str),
3125				 "Backend \"%s\" not found.",
3126				 lun_req->backend);
3127			break;
3128		}
3129		if (lun_req->num_be_args > 0) {
3130			lun_req->kern_be_args = ctl_copyin_args(
3131				lun_req->num_be_args,
3132				lun_req->be_args,
3133				lun_req->error_str,
3134				sizeof(lun_req->error_str));
3135			if (lun_req->kern_be_args == NULL) {
3136				lun_req->status = CTL_LUN_ERROR;
3137				break;
3138			}
3139		}
3140
3141		retval = backend->ioctl(dev, cmd, addr, flag, td);
3142
3143		if (lun_req->num_be_args > 0) {
3144			ctl_copyout_args(lun_req->num_be_args,
3145				      lun_req->kern_be_args);
3146			ctl_free_args(lun_req->num_be_args,
3147				      lun_req->kern_be_args);
3148		}
3149		break;
3150	}
3151	case CTL_LUN_LIST: {
3152		struct sbuf *sb;
3153		struct ctl_lun *lun;
3154		struct ctl_lun_list *list;
3155		struct ctl_option *opt;
3156
3157		list = (struct ctl_lun_list *)addr;
3158
3159		/*
3160		 * Allocate a fixed length sbuf here, based on the length
3161		 * of the user's buffer.  We could allocate an auto-extending
3162		 * buffer, and then tell the user how much larger our
3163		 * amount of data is than his buffer, but that presents
3164		 * some problems:
3165		 *
3166		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3167		 *     we can't hold a lock while calling them with an
3168		 *     auto-extending buffer.
3169 		 *
3170		 * 2.  There is not currently a LUN reference counting
3171		 *     mechanism, outside of outstanding transactions on
3172		 *     the LUN's OOA queue.  So a LUN could go away on us
3173		 *     while we're getting the LUN number, backend-specific
3174		 *     information, etc.  Thus, given the way things
3175		 *     currently work, we need to hold the CTL lock while
3176		 *     grabbing LUN information.
3177		 *
3178		 * So, from the user's standpoint, the best thing to do is
3179		 * allocate what he thinks is a reasonable buffer length,
3180		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3181		 * double the buffer length and try again.  (And repeat
3182		 * that until he succeeds.)
3183		 */
3184		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3185		if (sb == NULL) {
3186			list->status = CTL_LUN_LIST_ERROR;
3187			snprintf(list->error_str, sizeof(list->error_str),
3188				 "Unable to allocate %d bytes for LUN list",
3189				 list->alloc_len);
3190			break;
3191		}
3192
3193		sbuf_printf(sb, "<ctllunlist>\n");
3194
3195		mtx_lock(&softc->ctl_lock);
3196		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3197			mtx_lock(&lun->lun_lock);
3198			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3199					     (uintmax_t)lun->lun);
3200
3201			/*
3202			 * Bail out as soon as we see that we've overfilled
3203			 * the buffer.
3204			 */
3205			if (retval != 0)
3206				break;
3207
3208			retval = sbuf_printf(sb, "\t<backend_type>%s"
3209					     "</backend_type>\n",
3210					     (lun->backend == NULL) ?  "none" :
3211					     lun->backend->name);
3212
3213			if (retval != 0)
3214				break;
3215
3216			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3217					     lun->be_lun->lun_type);
3218
3219			if (retval != 0)
3220				break;
3221
3222			if (lun->backend == NULL) {
3223				retval = sbuf_printf(sb, "</lun>\n");
3224				if (retval != 0)
3225					break;
3226				continue;
3227			}
3228
3229			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3230					     (lun->be_lun->maxlba > 0) ?
3231					     lun->be_lun->maxlba + 1 : 0);
3232
3233			if (retval != 0)
3234				break;
3235
3236			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3237					     lun->be_lun->blocksize);
3238
3239			if (retval != 0)
3240				break;
3241
3242			retval = sbuf_printf(sb, "\t<serial_number>");
3243
3244			if (retval != 0)
3245				break;
3246
3247			retval = ctl_sbuf_printf_esc(sb,
3248			    lun->be_lun->serial_num,
3249			    sizeof(lun->be_lun->serial_num));
3250
3251			if (retval != 0)
3252				break;
3253
3254			retval = sbuf_printf(sb, "</serial_number>\n");
3255
3256			if (retval != 0)
3257				break;
3258
3259			retval = sbuf_printf(sb, "\t<device_id>");
3260
3261			if (retval != 0)
3262				break;
3263
3264			retval = ctl_sbuf_printf_esc(sb,
3265			    lun->be_lun->device_id,
3266			    sizeof(lun->be_lun->device_id));
3267
3268			if (retval != 0)
3269				break;
3270
3271			retval = sbuf_printf(sb, "</device_id>\n");
3272
3273			if (retval != 0)
3274				break;
3275
3276			if (lun->backend->lun_info != NULL) {
3277				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3278				if (retval != 0)
3279					break;
3280			}
3281			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3282				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3283				    opt->name, opt->value, opt->name);
3284				if (retval != 0)
3285					break;
3286			}
3287
3288			retval = sbuf_printf(sb, "</lun>\n");
3289
3290			if (retval != 0)
3291				break;
3292			mtx_unlock(&lun->lun_lock);
3293		}
3294		if (lun != NULL)
3295			mtx_unlock(&lun->lun_lock);
3296		mtx_unlock(&softc->ctl_lock);
3297
3298		if ((retval != 0)
3299		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3300			retval = 0;
3301			sbuf_delete(sb);
3302			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3303			snprintf(list->error_str, sizeof(list->error_str),
3304				 "Out of space, %d bytes is too small",
3305				 list->alloc_len);
3306			break;
3307		}
3308
3309		sbuf_finish(sb);
3310
3311		retval = copyout(sbuf_data(sb), list->lun_xml,
3312				 sbuf_len(sb) + 1);
3313
3314		list->fill_len = sbuf_len(sb) + 1;
3315		list->status = CTL_LUN_LIST_OK;
3316		sbuf_delete(sb);
3317		break;
3318	}
3319	case CTL_ISCSI: {
3320		struct ctl_iscsi *ci;
3321		struct ctl_frontend *fe;
3322
3323		ci = (struct ctl_iscsi *)addr;
3324
3325		fe = ctl_frontend_find("iscsi");
3326		if (fe == NULL) {
3327			ci->status = CTL_ISCSI_ERROR;
3328			snprintf(ci->error_str, sizeof(ci->error_str),
3329			    "Frontend \"iscsi\" not found.");
3330			break;
3331		}
3332
3333		retval = fe->ioctl(dev, cmd, addr, flag, td);
3334		break;
3335	}
3336	case CTL_PORT_REQ: {
3337		struct ctl_req *req;
3338		struct ctl_frontend *fe;
3339
3340		req = (struct ctl_req *)addr;
3341
3342		fe = ctl_frontend_find(req->driver);
3343		if (fe == NULL) {
3344			req->status = CTL_LUN_ERROR;
3345			snprintf(req->error_str, sizeof(req->error_str),
3346			    "Frontend \"%s\" not found.", req->driver);
3347			break;
3348		}
3349		if (req->num_args > 0) {
3350			req->kern_args = ctl_copyin_args(req->num_args,
3351			    req->args, req->error_str, sizeof(req->error_str));
3352			if (req->kern_args == NULL) {
3353				req->status = CTL_LUN_ERROR;
3354				break;
3355			}
3356		}
3357
3358		retval = fe->ioctl(dev, cmd, addr, flag, td);
3359
3360		if (req->num_args > 0) {
3361			ctl_copyout_args(req->num_args, req->kern_args);
3362			ctl_free_args(req->num_args, req->kern_args);
3363		}
3364		break;
3365	}
3366	case CTL_PORT_LIST: {
3367		struct sbuf *sb;
3368		struct ctl_port *port;
3369		struct ctl_lun_list *list;
3370		struct ctl_option *opt;
3371		int j;
3372
3373		list = (struct ctl_lun_list *)addr;
3374
3375		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3376		if (sb == NULL) {
3377			list->status = CTL_LUN_LIST_ERROR;
3378			snprintf(list->error_str, sizeof(list->error_str),
3379				 "Unable to allocate %d bytes for LUN list",
3380				 list->alloc_len);
3381			break;
3382		}
3383
3384		sbuf_printf(sb, "<ctlportlist>\n");
3385
3386		mtx_lock(&softc->ctl_lock);
3387		STAILQ_FOREACH(port, &softc->port_list, links) {
3388			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3389					     (uintmax_t)port->targ_port);
3390
3391			/*
3392			 * Bail out as soon as we see that we've overfilled
3393			 * the buffer.
3394			 */
3395			if (retval != 0)
3396				break;
3397
3398			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3399			    "</frontend_type>\n", port->frontend->name);
3400			if (retval != 0)
3401				break;
3402
3403			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3404					     port->port_type);
3405			if (retval != 0)
3406				break;
3407
3408			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3409			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3410			if (retval != 0)
3411				break;
3412
3413			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3414			    port->port_name);
3415			if (retval != 0)
3416				break;
3417
3418			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3419			    port->physical_port);
3420			if (retval != 0)
3421				break;
3422
3423			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3424			    port->virtual_port);
3425			if (retval != 0)
3426				break;
3427
3428			if (port->target_devid != NULL) {
3429				sbuf_printf(sb, "\t<target>");
3430				ctl_id_sbuf(port->target_devid, sb);
3431				sbuf_printf(sb, "</target>\n");
3432			}
3433
3434			if (port->port_devid != NULL) {
3435				sbuf_printf(sb, "\t<port>");
3436				ctl_id_sbuf(port->port_devid, sb);
3437				sbuf_printf(sb, "</port>\n");
3438			}
3439
3440			if (port->port_info != NULL) {
3441				retval = port->port_info(port->onoff_arg, sb);
3442				if (retval != 0)
3443					break;
3444			}
3445			STAILQ_FOREACH(opt, &port->options, links) {
3446				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3447				    opt->name, opt->value, opt->name);
3448				if (retval != 0)
3449					break;
3450			}
3451
3452			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3453				if (port->wwpn_iid[j].in_use == 0 ||
3454				    (port->wwpn_iid[j].wwpn == 0 &&
3455				     port->wwpn_iid[j].name == NULL))
3456					continue;
3457
3458				if (port->wwpn_iid[j].name != NULL)
3459					retval = sbuf_printf(sb,
3460					    "\t<initiator>%u %s</initiator>\n",
3461					    j, port->wwpn_iid[j].name);
3462				else
3463					retval = sbuf_printf(sb,
3464					    "\t<initiator>%u naa.%08jx</initiator>\n",
3465					    j, port->wwpn_iid[j].wwpn);
3466				if (retval != 0)
3467					break;
3468			}
3469			if (retval != 0)
3470				break;
3471
3472			retval = sbuf_printf(sb, "</targ_port>\n");
3473			if (retval != 0)
3474				break;
3475		}
3476		mtx_unlock(&softc->ctl_lock);
3477
3478		if ((retval != 0)
3479		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3480			retval = 0;
3481			sbuf_delete(sb);
3482			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3483			snprintf(list->error_str, sizeof(list->error_str),
3484				 "Out of space, %d bytes is too small",
3485				 list->alloc_len);
3486			break;
3487		}
3488
3489		sbuf_finish(sb);
3490
3491		retval = copyout(sbuf_data(sb), list->lun_xml,
3492				 sbuf_len(sb) + 1);
3493
3494		list->fill_len = sbuf_len(sb) + 1;
3495		list->status = CTL_LUN_LIST_OK;
3496		sbuf_delete(sb);
3497		break;
3498	}
3499	default: {
3500		/* XXX KDM should we fix this? */
3501#if 0
3502		struct ctl_backend_driver *backend;
3503		unsigned int type;
3504		int found;
3505
3506		found = 0;
3507
3508		/*
3509		 * We encode the backend type as the ioctl type for backend
3510		 * ioctls.  So parse it out here, and then search for a
3511		 * backend of this type.
3512		 */
3513		type = _IOC_TYPE(cmd);
3514
3515		STAILQ_FOREACH(backend, &softc->be_list, links) {
3516			if (backend->type == type) {
3517				found = 1;
3518				break;
3519			}
3520		}
3521		if (found == 0) {
3522			printf("ctl: unknown ioctl command %#lx or backend "
3523			       "%d\n", cmd, type);
3524			retval = EINVAL;
3525			break;
3526		}
3527		retval = backend->ioctl(dev, cmd, addr, flag, td);
3528#endif
3529		retval = ENOTTY;
3530		break;
3531	}
3532	}
3533	return (retval);
3534}
3535
3536uint32_t
3537ctl_get_initindex(struct ctl_nexus *nexus)
3538{
3539	if (nexus->targ_port < CTL_MAX_PORTS)
3540		return (nexus->initid.id +
3541			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3542	else
3543		return (nexus->initid.id +
3544		       ((nexus->targ_port - CTL_MAX_PORTS) *
3545			CTL_MAX_INIT_PER_PORT));
3546}
3547
3548uint32_t
3549ctl_get_resindex(struct ctl_nexus *nexus)
3550{
3551	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3552}
3553
3554uint32_t
3555ctl_port_idx(int port_num)
3556{
3557	if (port_num < CTL_MAX_PORTS)
3558		return(port_num);
3559	else
3560		return(port_num - CTL_MAX_PORTS);
3561}
3562
3563static uint32_t
3564ctl_map_lun(int port_num, uint32_t lun_id)
3565{
3566	struct ctl_port *port;
3567
3568	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3569	if (port == NULL)
3570		return (UINT32_MAX);
3571	if (port->lun_map == NULL)
3572		return (lun_id);
3573	return (port->lun_map(port->targ_lun_arg, lun_id));
3574}
3575
3576static uint32_t
3577ctl_map_lun_back(int port_num, uint32_t lun_id)
3578{
3579	struct ctl_port *port;
3580	uint32_t i;
3581
3582	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3583	if (port->lun_map == NULL)
3584		return (lun_id);
3585	for (i = 0; i < CTL_MAX_LUNS; i++) {
3586		if (port->lun_map(port->targ_lun_arg, i) == lun_id)
3587			return (i);
3588	}
3589	return (UINT32_MAX);
3590}
3591
3592/*
3593 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3594 * that are a power of 2.
3595 */
3596int
3597ctl_ffz(uint32_t *mask, uint32_t size)
3598{
3599	uint32_t num_chunks, num_pieces;
3600	int i, j;
3601
3602	num_chunks = (size >> 5);
3603	if (num_chunks == 0)
3604		num_chunks++;
3605	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3606
3607	for (i = 0; i < num_chunks; i++) {
3608		for (j = 0; j < num_pieces; j++) {
3609			if ((mask[i] & (1 << j)) == 0)
3610				return ((i << 5) + j);
3611		}
3612	}
3613
3614	return (-1);
3615}
3616
3617int
3618ctl_set_mask(uint32_t *mask, uint32_t bit)
3619{
3620	uint32_t chunk, piece;
3621
3622	chunk = bit >> 5;
3623	piece = bit % (sizeof(uint32_t) * 8);
3624
3625	if ((mask[chunk] & (1 << piece)) != 0)
3626		return (-1);
3627	else
3628		mask[chunk] |= (1 << piece);
3629
3630	return (0);
3631}
3632
3633int
3634ctl_clear_mask(uint32_t *mask, uint32_t bit)
3635{
3636	uint32_t chunk, piece;
3637
3638	chunk = bit >> 5;
3639	piece = bit % (sizeof(uint32_t) * 8);
3640
3641	if ((mask[chunk] & (1 << piece)) == 0)
3642		return (-1);
3643	else
3644		mask[chunk] &= ~(1 << piece);
3645
3646	return (0);
3647}
3648
3649int
3650ctl_is_set(uint32_t *mask, uint32_t bit)
3651{
3652	uint32_t chunk, piece;
3653
3654	chunk = bit >> 5;
3655	piece = bit % (sizeof(uint32_t) * 8);
3656
3657	if ((mask[chunk] & (1 << piece)) == 0)
3658		return (0);
3659	else
3660		return (1);
3661}
3662
3663#ifdef unused
3664/*
3665 * The bus, target and lun are optional, they can be filled in later.
3666 * can_wait is used to determine whether we can wait on the malloc or not.
3667 */
3668union ctl_io*
3669ctl_malloc_io(ctl_io_type io_type, uint32_t targ_port, uint32_t targ_target,
3670	      uint32_t targ_lun, int can_wait)
3671{
3672	union ctl_io *io;
3673
3674	if (can_wait)
3675		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_WAITOK);
3676	else
3677		io = (union ctl_io *)malloc(sizeof(*io), M_CTL, M_NOWAIT);
3678
3679	if (io != NULL) {
3680		io->io_hdr.io_type = io_type;
3681		io->io_hdr.targ_port = targ_port;
3682		/*
3683		 * XXX KDM this needs to change/go away.  We need to move
3684		 * to a preallocated pool of ctl_scsiio structures.
3685		 */
3686		io->io_hdr.nexus.targ_target.id = targ_target;
3687		io->io_hdr.nexus.targ_lun = targ_lun;
3688	}
3689
3690	return (io);
3691}
3692
3693void
3694ctl_kfree_io(union ctl_io *io)
3695{
3696	free(io, M_CTL);
3697}
3698#endif /* unused */
3699
3700/*
3701 * ctl_softc, pool_type, total_ctl_io are passed in.
3702 * npool is passed out.
3703 */
3704int
3705ctl_pool_create(struct ctl_softc *ctl_softc, ctl_pool_type pool_type,
3706		uint32_t total_ctl_io, struct ctl_io_pool **npool)
3707{
3708	uint32_t i;
3709	union ctl_io *cur_io, *next_io;
3710	struct ctl_io_pool *pool;
3711	int retval;
3712
3713	retval = 0;
3714
3715	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3716					    M_NOWAIT | M_ZERO);
3717	if (pool == NULL) {
3718		retval = ENOMEM;
3719		goto bailout;
3720	}
3721
3722	pool->type = pool_type;
3723	pool->ctl_softc = ctl_softc;
3724
3725	mtx_lock(&ctl_softc->pool_lock);
3726	pool->id = ctl_softc->cur_pool_id++;
3727	mtx_unlock(&ctl_softc->pool_lock);
3728
3729	pool->flags = CTL_POOL_FLAG_NONE;
3730	pool->refcount = 1;		/* Reference for validity. */
3731	STAILQ_INIT(&pool->free_queue);
3732
3733	/*
3734	 * XXX KDM other options here:
3735	 * - allocate a page at a time
3736	 * - allocate one big chunk of memory.
3737	 * Page allocation might work well, but would take a little more
3738	 * tracking.
3739	 */
3740	for (i = 0; i < total_ctl_io; i++) {
3741		cur_io = (union ctl_io *)malloc(sizeof(*cur_io), M_CTLIO,
3742						M_NOWAIT);
3743		if (cur_io == NULL) {
3744			retval = ENOMEM;
3745			break;
3746		}
3747		cur_io->io_hdr.pool = pool;
3748		STAILQ_INSERT_TAIL(&pool->free_queue, &cur_io->io_hdr, links);
3749		pool->total_ctl_io++;
3750		pool->free_ctl_io++;
3751	}
3752
3753	if (retval != 0) {
3754		for (cur_io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3755		     cur_io != NULL; cur_io = next_io) {
3756			next_io = (union ctl_io *)STAILQ_NEXT(&cur_io->io_hdr,
3757							      links);
3758			STAILQ_REMOVE(&pool->free_queue, &cur_io->io_hdr,
3759				      ctl_io_hdr, links);
3760			free(cur_io, M_CTLIO);
3761		}
3762
3763		free(pool, M_CTL);
3764		goto bailout;
3765	}
3766	mtx_lock(&ctl_softc->pool_lock);
3767	ctl_softc->num_pools++;
3768	STAILQ_INSERT_TAIL(&ctl_softc->io_pools, pool, links);
3769	/*
3770	 * Increment our usage count if this is an external consumer, so we
3771	 * can't get unloaded until the external consumer (most likely a
3772	 * FETD) unloads and frees his pool.
3773	 *
3774	 * XXX KDM will this increment the caller's module use count, or
3775	 * mine?
3776	 */
3777#if 0
3778	if ((pool_type != CTL_POOL_EMERGENCY)
3779	 && (pool_type != CTL_POOL_INTERNAL)
3780	 && (pool_type != CTL_POOL_4OTHERSC))
3781		MOD_INC_USE_COUNT;
3782#endif
3783
3784	mtx_unlock(&ctl_softc->pool_lock);
3785
3786	*npool = pool;
3787
3788bailout:
3789
3790	return (retval);
3791}
3792
3793static int
3794ctl_pool_acquire(struct ctl_io_pool *pool)
3795{
3796
3797	mtx_assert(&pool->ctl_softc->pool_lock, MA_OWNED);
3798
3799	if (pool->flags & CTL_POOL_FLAG_INVALID)
3800		return (EINVAL);
3801
3802	pool->refcount++;
3803
3804	return (0);
3805}
3806
3807static void
3808ctl_pool_release(struct ctl_io_pool *pool)
3809{
3810	struct ctl_softc *ctl_softc = pool->ctl_softc;
3811	union ctl_io *io;
3812
3813	mtx_assert(&ctl_softc->pool_lock, MA_OWNED);
3814
3815	if (--pool->refcount != 0)
3816		return;
3817
3818	while ((io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue)) != NULL) {
3819		STAILQ_REMOVE(&pool->free_queue, &io->io_hdr, ctl_io_hdr,
3820			      links);
3821		free(io, M_CTLIO);
3822	}
3823
3824	STAILQ_REMOVE(&ctl_softc->io_pools, pool, ctl_io_pool, links);
3825	ctl_softc->num_pools--;
3826
3827	/*
3828	 * XXX KDM will this decrement the caller's usage count or mine?
3829	 */
3830#if 0
3831	if ((pool->type != CTL_POOL_EMERGENCY)
3832	 && (pool->type != CTL_POOL_INTERNAL)
3833	 && (pool->type != CTL_POOL_4OTHERSC))
3834		MOD_DEC_USE_COUNT;
3835#endif
3836
3837	free(pool, M_CTL);
3838}
3839
3840void
3841ctl_pool_free(struct ctl_io_pool *pool)
3842{
3843	struct ctl_softc *ctl_softc;
3844
3845	if (pool == NULL)
3846		return;
3847
3848	ctl_softc = pool->ctl_softc;
3849	mtx_lock(&ctl_softc->pool_lock);
3850	pool->flags |= CTL_POOL_FLAG_INVALID;
3851	ctl_pool_release(pool);
3852	mtx_unlock(&ctl_softc->pool_lock);
3853}
3854
3855/*
3856 * This routine does not block (except for spinlocks of course).
3857 * It tries to allocate a ctl_io union from the caller's pool as quickly as
3858 * possible.
3859 */
3860union ctl_io *
3861ctl_alloc_io(void *pool_ref)
3862{
3863	union ctl_io *io;
3864	struct ctl_softc *ctl_softc;
3865	struct ctl_io_pool *pool, *npool;
3866	struct ctl_io_pool *emergency_pool;
3867
3868	pool = (struct ctl_io_pool *)pool_ref;
3869
3870	if (pool == NULL) {
3871		printf("%s: pool is NULL\n", __func__);
3872		return (NULL);
3873	}
3874
3875	emergency_pool = NULL;
3876
3877	ctl_softc = pool->ctl_softc;
3878
3879	mtx_lock(&ctl_softc->pool_lock);
3880	/*
3881	 * First, try to get the io structure from the user's pool.
3882	 */
3883	if (ctl_pool_acquire(pool) == 0) {
3884		io = (union ctl_io *)STAILQ_FIRST(&pool->free_queue);
3885		if (io != NULL) {
3886			STAILQ_REMOVE_HEAD(&pool->free_queue, links);
3887			pool->total_allocated++;
3888			pool->free_ctl_io--;
3889			mtx_unlock(&ctl_softc->pool_lock);
3890			return (io);
3891		} else
3892			ctl_pool_release(pool);
3893	}
3894	/*
3895	 * If he doesn't have any io structures left, search for an
3896	 * emergency pool and grab one from there.
3897	 */
3898	STAILQ_FOREACH(npool, &ctl_softc->io_pools, links) {
3899		if (npool->type != CTL_POOL_EMERGENCY)
3900			continue;
3901
3902		if (ctl_pool_acquire(npool) != 0)
3903			continue;
3904
3905		emergency_pool = npool;
3906
3907		io = (union ctl_io *)STAILQ_FIRST(&npool->free_queue);
3908		if (io != NULL) {
3909			STAILQ_REMOVE_HEAD(&npool->free_queue, links);
3910			npool->total_allocated++;
3911			npool->free_ctl_io--;
3912			mtx_unlock(&ctl_softc->pool_lock);
3913			return (io);
3914		} else
3915			ctl_pool_release(npool);
3916	}
3917
3918	/* Drop the spinlock before we malloc */
3919	mtx_unlock(&ctl_softc->pool_lock);
3920
3921	/*
3922	 * The emergency pool (if it exists) didn't have one, so try an
3923	 * atomic (i.e. nonblocking) malloc and see if we get lucky.
3924	 */
3925	io = (union ctl_io *)malloc(sizeof(*io), M_CTLIO, M_NOWAIT);
3926	if (io != NULL) {
3927		/*
3928		 * If the emergency pool exists but is empty, add this
3929		 * ctl_io to its list when it gets freed.
3930		 */
3931		if (emergency_pool != NULL) {
3932			mtx_lock(&ctl_softc->pool_lock);
3933			if (ctl_pool_acquire(emergency_pool) == 0) {
3934				io->io_hdr.pool = emergency_pool;
3935				emergency_pool->total_ctl_io++;
3936				/*
3937				 * Need to bump this, otherwise
3938				 * total_allocated and total_freed won't
3939				 * match when we no longer have anything
3940				 * outstanding.
3941				 */
3942				emergency_pool->total_allocated++;
3943			}
3944			mtx_unlock(&ctl_softc->pool_lock);
3945		} else
3946			io->io_hdr.pool = NULL;
3947	}
3948
3949	return (io);
3950}
3951
3952void
3953ctl_free_io(union ctl_io *io)
3954{
3955	if (io == NULL)
3956		return;
3957
3958	/*
3959	 * If this ctl_io has a pool, return it to that pool.
3960	 */
3961	if (io->io_hdr.pool != NULL) {
3962		struct ctl_io_pool *pool;
3963
3964		pool = (struct ctl_io_pool *)io->io_hdr.pool;
3965		mtx_lock(&pool->ctl_softc->pool_lock);
3966		io->io_hdr.io_type = 0xff;
3967		STAILQ_INSERT_TAIL(&pool->free_queue, &io->io_hdr, links);
3968		pool->total_freed++;
3969		pool->free_ctl_io++;
3970		ctl_pool_release(pool);
3971		mtx_unlock(&pool->ctl_softc->pool_lock);
3972	} else {
3973		/*
3974		 * Otherwise, just free it.  We probably malloced it and
3975		 * the emergency pool wasn't available.
3976		 */
3977		free(io, M_CTLIO);
3978	}
3979
3980}
3981
3982void
3983ctl_zero_io(union ctl_io *io)
3984{
3985	void *pool_ref;
3986
3987	if (io == NULL)
3988		return;
3989
3990	/*
3991	 * May need to preserve linked list pointers at some point too.
3992	 */
3993	pool_ref = io->io_hdr.pool;
3994
3995	memset(io, 0, sizeof(*io));
3996
3997	io->io_hdr.pool = pool_ref;
3998}
3999
4000/*
4001 * This routine is currently used for internal copies of ctl_ios that need
4002 * to persist for some reason after we've already returned status to the
4003 * FETD.  (Thus the flag set.)
4004 *
4005 * XXX XXX
4006 * Note that this makes a blind copy of all fields in the ctl_io, except
4007 * for the pool reference.  This includes any memory that has been
4008 * allocated!  That memory will no longer be valid after done has been
4009 * called, so this would be VERY DANGEROUS for command that actually does
4010 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
4011 * start and stop commands, which don't transfer any data, so this is not a
4012 * problem.  If it is used for anything else, the caller would also need to
4013 * allocate data buffer space and this routine would need to be modified to
4014 * copy the data buffer(s) as well.
4015 */
4016void
4017ctl_copy_io(union ctl_io *src, union ctl_io *dest)
4018{
4019	void *pool_ref;
4020
4021	if ((src == NULL)
4022	 || (dest == NULL))
4023		return;
4024
4025	/*
4026	 * May need to preserve linked list pointers at some point too.
4027	 */
4028	pool_ref = dest->io_hdr.pool;
4029
4030	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
4031
4032	dest->io_hdr.pool = pool_ref;
4033	/*
4034	 * We need to know that this is an internal copy, and doesn't need
4035	 * to get passed back to the FETD that allocated it.
4036	 */
4037	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
4038}
4039
4040static int
4041ctl_expand_number(const char *buf, uint64_t *num)
4042{
4043	char *endptr;
4044	uint64_t number;
4045	unsigned shift;
4046
4047	number = strtoq(buf, &endptr, 0);
4048
4049	switch (tolower((unsigned char)*endptr)) {
4050	case 'e':
4051		shift = 60;
4052		break;
4053	case 'p':
4054		shift = 50;
4055		break;
4056	case 't':
4057		shift = 40;
4058		break;
4059	case 'g':
4060		shift = 30;
4061		break;
4062	case 'm':
4063		shift = 20;
4064		break;
4065	case 'k':
4066		shift = 10;
4067		break;
4068	case 'b':
4069	case '\0': /* No unit. */
4070		*num = number;
4071		return (0);
4072	default:
4073		/* Unrecognized unit. */
4074		return (-1);
4075	}
4076
4077	if ((number << shift) >> shift != number) {
4078		/* Overflow */
4079		return (-1);
4080	}
4081	*num = number << shift;
4082	return (0);
4083}
4084
4085
4086/*
4087 * This routine could be used in the future to load default and/or saved
4088 * mode page parameters for a particuar lun.
4089 */
4090static int
4091ctl_init_page_index(struct ctl_lun *lun)
4092{
4093	int i;
4094	struct ctl_page_index *page_index;
4095	const char *value;
4096	uint64_t ival;
4097
4098	memcpy(&lun->mode_pages.index, page_index_template,
4099	       sizeof(page_index_template));
4100
4101	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4102
4103		page_index = &lun->mode_pages.index[i];
4104		/*
4105		 * If this is a disk-only mode page, there's no point in
4106		 * setting it up.  For some pages, we have to have some
4107		 * basic information about the disk in order to calculate the
4108		 * mode page data.
4109		 */
4110		if ((lun->be_lun->lun_type != T_DIRECT)
4111		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4112			continue;
4113
4114		switch (page_index->page_code & SMPH_PC_MASK) {
4115		case SMS_RW_ERROR_RECOVERY_PAGE: {
4116			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4117				panic("subpage is incorrect!");
4118			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4119			       &rw_er_page_default,
4120			       sizeof(rw_er_page_default));
4121			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4122			       &rw_er_page_changeable,
4123			       sizeof(rw_er_page_changeable));
4124			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4125			       &rw_er_page_default,
4126			       sizeof(rw_er_page_default));
4127			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4128			       &rw_er_page_default,
4129			       sizeof(rw_er_page_default));
4130			page_index->page_data =
4131				(uint8_t *)lun->mode_pages.rw_er_page;
4132			break;
4133		}
4134		case SMS_FORMAT_DEVICE_PAGE: {
4135			struct scsi_format_page *format_page;
4136
4137			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4138				panic("subpage is incorrect!");
4139
4140			/*
4141			 * Sectors per track are set above.  Bytes per
4142			 * sector need to be set here on a per-LUN basis.
4143			 */
4144			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4145			       &format_page_default,
4146			       sizeof(format_page_default));
4147			memcpy(&lun->mode_pages.format_page[
4148			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4149			       sizeof(format_page_changeable));
4150			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4151			       &format_page_default,
4152			       sizeof(format_page_default));
4153			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4154			       &format_page_default,
4155			       sizeof(format_page_default));
4156
4157			format_page = &lun->mode_pages.format_page[
4158				CTL_PAGE_CURRENT];
4159			scsi_ulto2b(lun->be_lun->blocksize,
4160				    format_page->bytes_per_sector);
4161
4162			format_page = &lun->mode_pages.format_page[
4163				CTL_PAGE_DEFAULT];
4164			scsi_ulto2b(lun->be_lun->blocksize,
4165				    format_page->bytes_per_sector);
4166
4167			format_page = &lun->mode_pages.format_page[
4168				CTL_PAGE_SAVED];
4169			scsi_ulto2b(lun->be_lun->blocksize,
4170				    format_page->bytes_per_sector);
4171
4172			page_index->page_data =
4173				(uint8_t *)lun->mode_pages.format_page;
4174			break;
4175		}
4176		case SMS_RIGID_DISK_PAGE: {
4177			struct scsi_rigid_disk_page *rigid_disk_page;
4178			uint32_t sectors_per_cylinder;
4179			uint64_t cylinders;
4180#ifndef	__XSCALE__
4181			int shift;
4182#endif /* !__XSCALE__ */
4183
4184			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4185				panic("invalid subpage value %d",
4186				      page_index->subpage);
4187
4188			/*
4189			 * Rotation rate and sectors per track are set
4190			 * above.  We calculate the cylinders here based on
4191			 * capacity.  Due to the number of heads and
4192			 * sectors per track we're using, smaller arrays
4193			 * may turn out to have 0 cylinders.  Linux and
4194			 * FreeBSD don't pay attention to these mode pages
4195			 * to figure out capacity, but Solaris does.  It
4196			 * seems to deal with 0 cylinders just fine, and
4197			 * works out a fake geometry based on the capacity.
4198			 */
4199			memcpy(&lun->mode_pages.rigid_disk_page[
4200			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4201			       sizeof(rigid_disk_page_default));
4202			memcpy(&lun->mode_pages.rigid_disk_page[
4203			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4204			       sizeof(rigid_disk_page_changeable));
4205
4206			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4207				CTL_DEFAULT_HEADS;
4208
4209			/*
4210			 * The divide method here will be more accurate,
4211			 * probably, but results in floating point being
4212			 * used in the kernel on i386 (__udivdi3()).  On the
4213			 * XScale, though, __udivdi3() is implemented in
4214			 * software.
4215			 *
4216			 * The shift method for cylinder calculation is
4217			 * accurate if sectors_per_cylinder is a power of
4218			 * 2.  Otherwise it might be slightly off -- you
4219			 * might have a bit of a truncation problem.
4220			 */
4221#ifdef	__XSCALE__
4222			cylinders = (lun->be_lun->maxlba + 1) /
4223				sectors_per_cylinder;
4224#else
4225			for (shift = 31; shift > 0; shift--) {
4226				if (sectors_per_cylinder & (1 << shift))
4227					break;
4228			}
4229			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4230#endif
4231
4232			/*
4233			 * We've basically got 3 bytes, or 24 bits for the
4234			 * cylinder size in the mode page.  If we're over,
4235			 * just round down to 2^24.
4236			 */
4237			if (cylinders > 0xffffff)
4238				cylinders = 0xffffff;
4239
4240			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4241				CTL_PAGE_DEFAULT];
4242			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4243
4244			if ((value = ctl_get_opt(&lun->be_lun->options,
4245			    "rpm")) != NULL) {
4246				scsi_ulto2b(strtol(value, NULL, 0),
4247				     rigid_disk_page->rotation_rate);
4248			}
4249
4250			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4251			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4252			       sizeof(rigid_disk_page_default));
4253			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4254			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4255			       sizeof(rigid_disk_page_default));
4256
4257			page_index->page_data =
4258				(uint8_t *)lun->mode_pages.rigid_disk_page;
4259			break;
4260		}
4261		case SMS_CACHING_PAGE: {
4262			struct scsi_caching_page *caching_page;
4263
4264			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4265				panic("invalid subpage value %d",
4266				      page_index->subpage);
4267			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4268			       &caching_page_default,
4269			       sizeof(caching_page_default));
4270			memcpy(&lun->mode_pages.caching_page[
4271			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4272			       sizeof(caching_page_changeable));
4273			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4274			       &caching_page_default,
4275			       sizeof(caching_page_default));
4276			caching_page = &lun->mode_pages.caching_page[
4277			    CTL_PAGE_SAVED];
4278			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4279			if (value != NULL && strcmp(value, "off") == 0)
4280				caching_page->flags1 &= ~SCP_WCE;
4281			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4282			if (value != NULL && strcmp(value, "off") == 0)
4283				caching_page->flags1 |= SCP_RCD;
4284			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4285			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4286			       sizeof(caching_page_default));
4287			page_index->page_data =
4288				(uint8_t *)lun->mode_pages.caching_page;
4289			break;
4290		}
4291		case SMS_CONTROL_MODE_PAGE: {
4292			struct scsi_control_page *control_page;
4293
4294			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4295				panic("invalid subpage value %d",
4296				      page_index->subpage);
4297
4298			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4299			       &control_page_default,
4300			       sizeof(control_page_default));
4301			memcpy(&lun->mode_pages.control_page[
4302			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4303			       sizeof(control_page_changeable));
4304			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4305			       &control_page_default,
4306			       sizeof(control_page_default));
4307			control_page = &lun->mode_pages.control_page[
4308			    CTL_PAGE_SAVED];
4309			value = ctl_get_opt(&lun->be_lun->options, "reordering");
4310			if (value != NULL && strcmp(value, "unrestricted") == 0) {
4311				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
4312				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
4313			}
4314			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4315			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
4316			       sizeof(control_page_default));
4317			page_index->page_data =
4318				(uint8_t *)lun->mode_pages.control_page;
4319			break;
4320
4321		}
4322		case SMS_INFO_EXCEPTIONS_PAGE: {
4323			switch (page_index->subpage) {
4324			case SMS_SUBPAGE_PAGE_0:
4325				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4326				       &ie_page_default,
4327				       sizeof(ie_page_default));
4328				memcpy(&lun->mode_pages.ie_page[
4329				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4330				       sizeof(ie_page_changeable));
4331				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4332				       &ie_page_default,
4333				       sizeof(ie_page_default));
4334				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4335				       &ie_page_default,
4336				       sizeof(ie_page_default));
4337				page_index->page_data =
4338					(uint8_t *)lun->mode_pages.ie_page;
4339				break;
4340			case 0x02: {
4341				struct ctl_logical_block_provisioning_page *page;
4342
4343				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4344				       &lbp_page_default,
4345				       sizeof(lbp_page_default));
4346				memcpy(&lun->mode_pages.lbp_page[
4347				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4348				       sizeof(lbp_page_changeable));
4349				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4350				       &lbp_page_default,
4351				       sizeof(lbp_page_default));
4352				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4353				value = ctl_get_opt(&lun->be_lun->options,
4354				    "avail-threshold");
4355				if (value != NULL &&
4356				    ctl_expand_number(value, &ival) == 0) {
4357					page->descr[0].flags |= SLBPPD_ENABLED |
4358					    SLBPPD_ARMING_DEC;
4359					if (lun->be_lun->blocksize)
4360						ival /= lun->be_lun->blocksize;
4361					else
4362						ival /= 512;
4363					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4364					    page->descr[0].count);
4365				}
4366				value = ctl_get_opt(&lun->be_lun->options,
4367				    "used-threshold");
4368				if (value != NULL &&
4369				    ctl_expand_number(value, &ival) == 0) {
4370					page->descr[1].flags |= SLBPPD_ENABLED |
4371					    SLBPPD_ARMING_INC;
4372					if (lun->be_lun->blocksize)
4373						ival /= lun->be_lun->blocksize;
4374					else
4375						ival /= 512;
4376					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4377					    page->descr[1].count);
4378				}
4379				value = ctl_get_opt(&lun->be_lun->options,
4380				    "pool-avail-threshold");
4381				if (value != NULL &&
4382				    ctl_expand_number(value, &ival) == 0) {
4383					page->descr[2].flags |= SLBPPD_ENABLED |
4384					    SLBPPD_ARMING_DEC;
4385					if (lun->be_lun->blocksize)
4386						ival /= lun->be_lun->blocksize;
4387					else
4388						ival /= 512;
4389					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4390					    page->descr[2].count);
4391				}
4392				value = ctl_get_opt(&lun->be_lun->options,
4393				    "pool-used-threshold");
4394				if (value != NULL &&
4395				    ctl_expand_number(value, &ival) == 0) {
4396					page->descr[3].flags |= SLBPPD_ENABLED |
4397					    SLBPPD_ARMING_INC;
4398					if (lun->be_lun->blocksize)
4399						ival /= lun->be_lun->blocksize;
4400					else
4401						ival /= 512;
4402					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4403					    page->descr[3].count);
4404				}
4405				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4406				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4407				       sizeof(lbp_page_default));
4408				page_index->page_data =
4409					(uint8_t *)lun->mode_pages.lbp_page;
4410			}}
4411			break;
4412		}
4413		case SMS_VENDOR_SPECIFIC_PAGE:{
4414			switch (page_index->subpage) {
4415			case DBGCNF_SUBPAGE_CODE: {
4416				struct copan_debugconf_subpage *current_page,
4417							       *saved_page;
4418
4419				memcpy(&lun->mode_pages.debugconf_subpage[
4420				       CTL_PAGE_CURRENT],
4421				       &debugconf_page_default,
4422				       sizeof(debugconf_page_default));
4423				memcpy(&lun->mode_pages.debugconf_subpage[
4424				       CTL_PAGE_CHANGEABLE],
4425				       &debugconf_page_changeable,
4426				       sizeof(debugconf_page_changeable));
4427				memcpy(&lun->mode_pages.debugconf_subpage[
4428				       CTL_PAGE_DEFAULT],
4429				       &debugconf_page_default,
4430				       sizeof(debugconf_page_default));
4431				memcpy(&lun->mode_pages.debugconf_subpage[
4432				       CTL_PAGE_SAVED],
4433				       &debugconf_page_default,
4434				       sizeof(debugconf_page_default));
4435				page_index->page_data =
4436					(uint8_t *)lun->mode_pages.debugconf_subpage;
4437
4438				current_page = (struct copan_debugconf_subpage *)
4439					(page_index->page_data +
4440					 (page_index->page_len *
4441					  CTL_PAGE_CURRENT));
4442				saved_page = (struct copan_debugconf_subpage *)
4443					(page_index->page_data +
4444					 (page_index->page_len *
4445					  CTL_PAGE_SAVED));
4446				break;
4447			}
4448			default:
4449				panic("invalid subpage value %d",
4450				      page_index->subpage);
4451				break;
4452			}
4453   			break;
4454		}
4455		default:
4456			panic("invalid page value %d",
4457			      page_index->page_code & SMPH_PC_MASK);
4458			break;
4459    	}
4460	}
4461
4462	return (CTL_RETVAL_COMPLETE);
4463}
4464
4465static int
4466ctl_init_log_page_index(struct ctl_lun *lun)
4467{
4468	struct ctl_page_index *page_index;
4469	int i, j, k, prev;
4470
4471	memcpy(&lun->log_pages.index, log_page_index_template,
4472	       sizeof(log_page_index_template));
4473
4474	prev = -1;
4475	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4476
4477		page_index = &lun->log_pages.index[i];
4478		/*
4479		 * If this is a disk-only mode page, there's no point in
4480		 * setting it up.  For some pages, we have to have some
4481		 * basic information about the disk in order to calculate the
4482		 * mode page data.
4483		 */
4484		if ((lun->be_lun->lun_type != T_DIRECT)
4485		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4486			continue;
4487
4488		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4489		    ((lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) == 0 ||
4490		     lun->backend->lun_attr == NULL))
4491			continue;
4492
4493		if (page_index->page_code != prev) {
4494			lun->log_pages.pages_page[j] = page_index->page_code;
4495			prev = page_index->page_code;
4496			j++;
4497		}
4498		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4499		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4500		k++;
4501	}
4502	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4503	lun->log_pages.index[0].page_len = j;
4504	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4505	lun->log_pages.index[1].page_len = k * 2;
4506	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4507	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4508
4509	return (CTL_RETVAL_COMPLETE);
4510}
4511
4512static int
4513hex2bin(const char *str, uint8_t *buf, int buf_size)
4514{
4515	int i;
4516	u_char c;
4517
4518	memset(buf, 0, buf_size);
4519	while (isspace(str[0]))
4520		str++;
4521	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4522		str += 2;
4523	buf_size *= 2;
4524	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4525		c = str[i];
4526		if (isdigit(c))
4527			c -= '0';
4528		else if (isalpha(c))
4529			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4530		else
4531			break;
4532		if (c >= 16)
4533			break;
4534		if ((i & 1) == 0)
4535			buf[i / 2] |= (c << 4);
4536		else
4537			buf[i / 2] |= c;
4538	}
4539	return ((i + 1) / 2);
4540}
4541
4542/*
4543 * LUN allocation.
4544 *
4545 * Requirements:
4546 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4547 *   wants us to allocate the LUN and he can block.
4548 * - ctl_softc is always set
4549 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4550 *
4551 * Returns 0 for success, non-zero (errno) for failure.
4552 */
4553static int
4554ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4555	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4556{
4557	struct ctl_lun *nlun, *lun;
4558	struct ctl_port *port;
4559	struct scsi_vpd_id_descriptor *desc;
4560	struct scsi_vpd_id_t10 *t10id;
4561	const char *eui, *naa, *scsiname, *vendor, *value;
4562	int lun_number, i, lun_malloced;
4563	int devidlen, idlen1, idlen2 = 0, len;
4564
4565	if (be_lun == NULL)
4566		return (EINVAL);
4567
4568	/*
4569	 * We currently only support Direct Access or Processor LUN types.
4570	 */
4571	switch (be_lun->lun_type) {
4572	case T_DIRECT:
4573		break;
4574	case T_PROCESSOR:
4575		break;
4576	case T_SEQUENTIAL:
4577	case T_CHANGER:
4578	default:
4579		be_lun->lun_config_status(be_lun->be_lun,
4580					  CTL_LUN_CONFIG_FAILURE);
4581		break;
4582	}
4583	if (ctl_lun == NULL) {
4584		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4585		lun_malloced = 1;
4586	} else {
4587		lun_malloced = 0;
4588		lun = ctl_lun;
4589	}
4590
4591	memset(lun, 0, sizeof(*lun));
4592	if (lun_malloced)
4593		lun->flags = CTL_LUN_MALLOCED;
4594
4595	/* Generate LUN ID. */
4596	devidlen = max(CTL_DEVID_MIN_LEN,
4597	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4598	idlen1 = sizeof(*t10id) + devidlen;
4599	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4600	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4601	if (scsiname != NULL) {
4602		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4603		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4604	}
4605	eui = ctl_get_opt(&be_lun->options, "eui");
4606	if (eui != NULL) {
4607		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4608	}
4609	naa = ctl_get_opt(&be_lun->options, "naa");
4610	if (naa != NULL) {
4611		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4612	}
4613	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4614	    M_CTL, M_WAITOK | M_ZERO);
4615	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4616	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4617	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4618	desc->length = idlen1;
4619	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4620	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4621	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4622		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4623	} else {
4624		strncpy(t10id->vendor, vendor,
4625		    min(sizeof(t10id->vendor), strlen(vendor)));
4626	}
4627	strncpy((char *)t10id->vendor_spec_id,
4628	    (char *)be_lun->device_id, devidlen);
4629	if (scsiname != NULL) {
4630		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4631		    desc->length);
4632		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4633		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4634		    SVPD_ID_TYPE_SCSI_NAME;
4635		desc->length = idlen2;
4636		strlcpy(desc->identifier, scsiname, idlen2);
4637	}
4638	if (eui != NULL) {
4639		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4640		    desc->length);
4641		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4642		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4643		    SVPD_ID_TYPE_EUI64;
4644		desc->length = hex2bin(eui, desc->identifier, 16);
4645		desc->length = desc->length > 12 ? 16 :
4646		    (desc->length > 8 ? 12 : 8);
4647		len -= 16 - desc->length;
4648	}
4649	if (naa != NULL) {
4650		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4651		    desc->length);
4652		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4653		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4654		    SVPD_ID_TYPE_NAA;
4655		desc->length = hex2bin(naa, desc->identifier, 16);
4656		desc->length = desc->length > 8 ? 16 : 8;
4657		len -= 16 - desc->length;
4658	}
4659	lun->lun_devid->len = len;
4660
4661	mtx_lock(&ctl_softc->ctl_lock);
4662	/*
4663	 * See if the caller requested a particular LUN number.  If so, see
4664	 * if it is available.  Otherwise, allocate the first available LUN.
4665	 */
4666	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4667		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4668		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4669			mtx_unlock(&ctl_softc->ctl_lock);
4670			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4671				printf("ctl: requested LUN ID %d is higher "
4672				       "than CTL_MAX_LUNS - 1 (%d)\n",
4673				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4674			} else {
4675				/*
4676				 * XXX KDM return an error, or just assign
4677				 * another LUN ID in this case??
4678				 */
4679				printf("ctl: requested LUN ID %d is already "
4680				       "in use\n", be_lun->req_lun_id);
4681			}
4682			if (lun->flags & CTL_LUN_MALLOCED)
4683				free(lun, M_CTL);
4684			be_lun->lun_config_status(be_lun->be_lun,
4685						  CTL_LUN_CONFIG_FAILURE);
4686			return (ENOSPC);
4687		}
4688		lun_number = be_lun->req_lun_id;
4689	} else {
4690		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4691		if (lun_number == -1) {
4692			mtx_unlock(&ctl_softc->ctl_lock);
4693			printf("ctl: can't allocate LUN on target %ju, out of "
4694			       "LUNs\n", (uintmax_t)target_id.id);
4695			if (lun->flags & CTL_LUN_MALLOCED)
4696				free(lun, M_CTL);
4697			be_lun->lun_config_status(be_lun->be_lun,
4698						  CTL_LUN_CONFIG_FAILURE);
4699			return (ENOSPC);
4700		}
4701	}
4702	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4703
4704	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4705	lun->target = target_id;
4706	lun->lun = lun_number;
4707	lun->be_lun = be_lun;
4708	/*
4709	 * The processor LUN is always enabled.  Disk LUNs come on line
4710	 * disabled, and must be enabled by the backend.
4711	 */
4712	lun->flags |= CTL_LUN_DISABLED;
4713	lun->backend = be_lun->be;
4714	be_lun->ctl_lun = lun;
4715	be_lun->lun_id = lun_number;
4716	atomic_add_int(&be_lun->be->num_luns, 1);
4717	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4718		lun->flags |= CTL_LUN_OFFLINE;
4719
4720	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4721		lun->flags |= CTL_LUN_STOPPED;
4722
4723	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4724		lun->flags |= CTL_LUN_INOPERABLE;
4725
4726	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4727		lun->flags |= CTL_LUN_PRIMARY_SC;
4728
4729	value = ctl_get_opt(&be_lun->options, "readonly");
4730	if (value != NULL && strcmp(value, "on") == 0)
4731		lun->flags |= CTL_LUN_READONLY;
4732
4733	lun->ctl_softc = ctl_softc;
4734	TAILQ_INIT(&lun->ooa_queue);
4735	TAILQ_INIT(&lun->blocked_queue);
4736	STAILQ_INIT(&lun->error_list);
4737	ctl_tpc_lun_init(lun);
4738
4739	/*
4740	 * Initialize the mode and log page index.
4741	 */
4742	ctl_init_page_index(lun);
4743	ctl_init_log_page_index(lun);
4744
4745	/*
4746	 * Set the poweron UA for all initiators on this LUN only.
4747	 */
4748	for (i = 0; i < CTL_MAX_INITIATORS; i++)
4749		lun->pending_ua[i] = CTL_UA_POWERON;
4750
4751	/*
4752	 * Now, before we insert this lun on the lun list, set the lun
4753	 * inventory changed UA for all other luns.
4754	 */
4755	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4756		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4757			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4758		}
4759	}
4760
4761	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4762
4763	ctl_softc->ctl_luns[lun_number] = lun;
4764
4765	ctl_softc->num_luns++;
4766
4767	/* Setup statistics gathering */
4768	lun->stats.device_type = be_lun->lun_type;
4769	lun->stats.lun_number = lun_number;
4770	if (lun->stats.device_type == T_DIRECT)
4771		lun->stats.blocksize = be_lun->blocksize;
4772	else
4773		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4774	for (i = 0;i < CTL_MAX_PORTS;i++)
4775		lun->stats.ports[i].targ_port = i;
4776
4777	mtx_unlock(&ctl_softc->ctl_lock);
4778
4779	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4780
4781	/*
4782	 * Run through each registered FETD and bring it online if it isn't
4783	 * already.  Enable the target ID if it hasn't been enabled, and
4784	 * enable this particular LUN.
4785	 */
4786	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4787		int retval;
4788
4789		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4790		if (retval != 0) {
4791			printf("ctl_alloc_lun: FETD %s port %d returned error "
4792			       "%d for lun_enable on target %ju lun %d\n",
4793			       port->port_name, port->targ_port, retval,
4794			       (uintmax_t)target_id.id, lun_number);
4795		} else
4796			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4797	}
4798	return (0);
4799}
4800
4801/*
4802 * Delete a LUN.
4803 * Assumptions:
4804 * - LUN has already been marked invalid and any pending I/O has been taken
4805 *   care of.
4806 */
4807static int
4808ctl_free_lun(struct ctl_lun *lun)
4809{
4810	struct ctl_softc *softc;
4811#if 0
4812	struct ctl_port *port;
4813#endif
4814	struct ctl_lun *nlun;
4815	int i;
4816
4817	softc = lun->ctl_softc;
4818
4819	mtx_assert(&softc->ctl_lock, MA_OWNED);
4820
4821	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4822
4823	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4824
4825	softc->ctl_luns[lun->lun] = NULL;
4826
4827	if (!TAILQ_EMPTY(&lun->ooa_queue))
4828		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4829
4830	softc->num_luns--;
4831
4832	/*
4833	 * XXX KDM this scheme only works for a single target/multiple LUN
4834	 * setup.  It needs to be revamped for a multiple target scheme.
4835	 *
4836	 * XXX KDM this results in port->lun_disable() getting called twice,
4837	 * once when ctl_disable_lun() is called, and a second time here.
4838	 * We really need to re-think the LUN disable semantics.  There
4839	 * should probably be several steps/levels to LUN removal:
4840	 *  - disable
4841	 *  - invalidate
4842	 *  - free
4843 	 *
4844	 * Right now we only have a disable method when communicating to
4845	 * the front end ports, at least for individual LUNs.
4846	 */
4847#if 0
4848	STAILQ_FOREACH(port, &softc->port_list, links) {
4849		int retval;
4850
4851		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4852					 lun->lun);
4853		if (retval != 0) {
4854			printf("ctl_free_lun: FETD %s port %d returned error "
4855			       "%d for lun_disable on target %ju lun %jd\n",
4856			       port->port_name, port->targ_port, retval,
4857			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4858		}
4859
4860		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4861			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4862
4863			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4864			if (retval != 0) {
4865				printf("ctl_free_lun: FETD %s port %d "
4866				       "returned error %d for targ_disable on "
4867				       "target %ju\n", port->port_name,
4868				       port->targ_port, retval,
4869				       (uintmax_t)lun->target.id);
4870			} else
4871				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4872
4873			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4874				continue;
4875
4876#if 0
4877			port->port_offline(port->onoff_arg);
4878			port->status &= ~CTL_PORT_STATUS_ONLINE;
4879#endif
4880		}
4881	}
4882#endif
4883
4884	/*
4885	 * Tell the backend to free resources, if this LUN has a backend.
4886	 */
4887	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4888	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4889
4890	ctl_tpc_lun_shutdown(lun);
4891	mtx_destroy(&lun->lun_lock);
4892	free(lun->lun_devid, M_CTL);
4893	free(lun->write_buffer, M_CTL);
4894	if (lun->flags & CTL_LUN_MALLOCED)
4895		free(lun, M_CTL);
4896
4897	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4898		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
4899			nlun->pending_ua[i] |= CTL_UA_LUN_CHANGE;
4900		}
4901	}
4902
4903	return (0);
4904}
4905
4906static void
4907ctl_create_lun(struct ctl_be_lun *be_lun)
4908{
4909	struct ctl_softc *ctl_softc;
4910
4911	ctl_softc = control_softc;
4912
4913	/*
4914	 * ctl_alloc_lun() should handle all potential failure cases.
4915	 */
4916	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4917}
4918
4919int
4920ctl_add_lun(struct ctl_be_lun *be_lun)
4921{
4922	struct ctl_softc *ctl_softc = control_softc;
4923
4924	mtx_lock(&ctl_softc->ctl_lock);
4925	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4926	mtx_unlock(&ctl_softc->ctl_lock);
4927	wakeup(&ctl_softc->pending_lun_queue);
4928
4929	return (0);
4930}
4931
4932int
4933ctl_enable_lun(struct ctl_be_lun *be_lun)
4934{
4935	struct ctl_softc *ctl_softc;
4936	struct ctl_port *port, *nport;
4937	struct ctl_lun *lun;
4938	int retval;
4939
4940	ctl_softc = control_softc;
4941
4942	lun = (struct ctl_lun *)be_lun->ctl_lun;
4943
4944	mtx_lock(&ctl_softc->ctl_lock);
4945	mtx_lock(&lun->lun_lock);
4946	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4947		/*
4948		 * eh?  Why did we get called if the LUN is already
4949		 * enabled?
4950		 */
4951		mtx_unlock(&lun->lun_lock);
4952		mtx_unlock(&ctl_softc->ctl_lock);
4953		return (0);
4954	}
4955	lun->flags &= ~CTL_LUN_DISABLED;
4956	mtx_unlock(&lun->lun_lock);
4957
4958	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
4959		nport = STAILQ_NEXT(port, links);
4960
4961		/*
4962		 * Drop the lock while we call the FETD's enable routine.
4963		 * This can lead to a callback into CTL (at least in the
4964		 * case of the internal initiator frontend.
4965		 */
4966		mtx_unlock(&ctl_softc->ctl_lock);
4967		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4968		mtx_lock(&ctl_softc->ctl_lock);
4969		if (retval != 0) {
4970			printf("%s: FETD %s port %d returned error "
4971			       "%d for lun_enable on target %ju lun %jd\n",
4972			       __func__, port->port_name, port->targ_port, retval,
4973			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4974		}
4975#if 0
4976		 else {
4977            /* NOTE:  TODO:  why does lun enable affect port status? */
4978			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4979		}
4980#endif
4981	}
4982
4983	mtx_unlock(&ctl_softc->ctl_lock);
4984
4985	return (0);
4986}
4987
4988int
4989ctl_disable_lun(struct ctl_be_lun *be_lun)
4990{
4991	struct ctl_softc *ctl_softc;
4992	struct ctl_port *port;
4993	struct ctl_lun *lun;
4994	int retval;
4995
4996	ctl_softc = control_softc;
4997
4998	lun = (struct ctl_lun *)be_lun->ctl_lun;
4999
5000	mtx_lock(&ctl_softc->ctl_lock);
5001	mtx_lock(&lun->lun_lock);
5002	if (lun->flags & CTL_LUN_DISABLED) {
5003		mtx_unlock(&lun->lun_lock);
5004		mtx_unlock(&ctl_softc->ctl_lock);
5005		return (0);
5006	}
5007	lun->flags |= CTL_LUN_DISABLED;
5008	mtx_unlock(&lun->lun_lock);
5009
5010	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
5011		mtx_unlock(&ctl_softc->ctl_lock);
5012		/*
5013		 * Drop the lock before we call the frontend's disable
5014		 * routine, to avoid lock order reversals.
5015		 *
5016		 * XXX KDM what happens if the frontend list changes while
5017		 * we're traversing it?  It's unlikely, but should be handled.
5018		 */
5019		retval = port->lun_disable(port->targ_lun_arg, lun->target,
5020					 lun->lun);
5021		mtx_lock(&ctl_softc->ctl_lock);
5022		if (retval != 0) {
5023			printf("ctl_alloc_lun: FETD %s port %d returned error "
5024			       "%d for lun_disable on target %ju lun %jd\n",
5025			       port->port_name, port->targ_port, retval,
5026			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
5027		}
5028	}
5029
5030	mtx_unlock(&ctl_softc->ctl_lock);
5031
5032	return (0);
5033}
5034
5035int
5036ctl_start_lun(struct ctl_be_lun *be_lun)
5037{
5038	struct ctl_softc *ctl_softc;
5039	struct ctl_lun *lun;
5040
5041	ctl_softc = control_softc;
5042
5043	lun = (struct ctl_lun *)be_lun->ctl_lun;
5044
5045	mtx_lock(&lun->lun_lock);
5046	lun->flags &= ~CTL_LUN_STOPPED;
5047	mtx_unlock(&lun->lun_lock);
5048
5049	return (0);
5050}
5051
5052int
5053ctl_stop_lun(struct ctl_be_lun *be_lun)
5054{
5055	struct ctl_softc *ctl_softc;
5056	struct ctl_lun *lun;
5057
5058	ctl_softc = control_softc;
5059
5060	lun = (struct ctl_lun *)be_lun->ctl_lun;
5061
5062	mtx_lock(&lun->lun_lock);
5063	lun->flags |= CTL_LUN_STOPPED;
5064	mtx_unlock(&lun->lun_lock);
5065
5066	return (0);
5067}
5068
5069int
5070ctl_lun_offline(struct ctl_be_lun *be_lun)
5071{
5072	struct ctl_softc *ctl_softc;
5073	struct ctl_lun *lun;
5074
5075	ctl_softc = control_softc;
5076
5077	lun = (struct ctl_lun *)be_lun->ctl_lun;
5078
5079	mtx_lock(&lun->lun_lock);
5080	lun->flags |= CTL_LUN_OFFLINE;
5081	mtx_unlock(&lun->lun_lock);
5082
5083	return (0);
5084}
5085
5086int
5087ctl_lun_online(struct ctl_be_lun *be_lun)
5088{
5089	struct ctl_softc *ctl_softc;
5090	struct ctl_lun *lun;
5091
5092	ctl_softc = control_softc;
5093
5094	lun = (struct ctl_lun *)be_lun->ctl_lun;
5095
5096	mtx_lock(&lun->lun_lock);
5097	lun->flags &= ~CTL_LUN_OFFLINE;
5098	mtx_unlock(&lun->lun_lock);
5099
5100	return (0);
5101}
5102
5103int
5104ctl_invalidate_lun(struct ctl_be_lun *be_lun)
5105{
5106	struct ctl_softc *ctl_softc;
5107	struct ctl_lun *lun;
5108
5109	ctl_softc = control_softc;
5110
5111	lun = (struct ctl_lun *)be_lun->ctl_lun;
5112
5113	mtx_lock(&lun->lun_lock);
5114
5115	/*
5116	 * The LUN needs to be disabled before it can be marked invalid.
5117	 */
5118	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
5119		mtx_unlock(&lun->lun_lock);
5120		return (-1);
5121	}
5122	/*
5123	 * Mark the LUN invalid.
5124	 */
5125	lun->flags |= CTL_LUN_INVALID;
5126
5127	/*
5128	 * If there is nothing in the OOA queue, go ahead and free the LUN.
5129	 * If we have something in the OOA queue, we'll free it when the
5130	 * last I/O completes.
5131	 */
5132	if (TAILQ_EMPTY(&lun->ooa_queue)) {
5133		mtx_unlock(&lun->lun_lock);
5134		mtx_lock(&ctl_softc->ctl_lock);
5135		ctl_free_lun(lun);
5136		mtx_unlock(&ctl_softc->ctl_lock);
5137	} else
5138		mtx_unlock(&lun->lun_lock);
5139
5140	return (0);
5141}
5142
5143int
5144ctl_lun_inoperable(struct ctl_be_lun *be_lun)
5145{
5146	struct ctl_softc *ctl_softc;
5147	struct ctl_lun *lun;
5148
5149	ctl_softc = control_softc;
5150	lun = (struct ctl_lun *)be_lun->ctl_lun;
5151
5152	mtx_lock(&lun->lun_lock);
5153	lun->flags |= CTL_LUN_INOPERABLE;
5154	mtx_unlock(&lun->lun_lock);
5155
5156	return (0);
5157}
5158
5159int
5160ctl_lun_operable(struct ctl_be_lun *be_lun)
5161{
5162	struct ctl_softc *ctl_softc;
5163	struct ctl_lun *lun;
5164
5165	ctl_softc = control_softc;
5166	lun = (struct ctl_lun *)be_lun->ctl_lun;
5167
5168	mtx_lock(&lun->lun_lock);
5169	lun->flags &= ~CTL_LUN_INOPERABLE;
5170	mtx_unlock(&lun->lun_lock);
5171
5172	return (0);
5173}
5174
5175void
5176ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5177{
5178	struct ctl_lun *lun;
5179	struct ctl_softc *softc;
5180	int i;
5181
5182	softc = control_softc;
5183
5184	lun = (struct ctl_lun *)be_lun->ctl_lun;
5185
5186	mtx_lock(&lun->lun_lock);
5187
5188	for (i = 0; i < CTL_MAX_INITIATORS; i++)
5189		lun->pending_ua[i] |= CTL_UA_CAPACITY_CHANGED;
5190
5191	mtx_unlock(&lun->lun_lock);
5192}
5193
5194/*
5195 * Backend "memory move is complete" callback for requests that never
5196 * make it down to say RAIDCore's configuration code.
5197 */
5198int
5199ctl_config_move_done(union ctl_io *io)
5200{
5201	int retval;
5202
5203	retval = CTL_RETVAL_COMPLETE;
5204
5205
5206	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5207	/*
5208	 * XXX KDM this shouldn't happen, but what if it does?
5209	 */
5210	if (io->io_hdr.io_type != CTL_IO_SCSI)
5211		panic("I/O type isn't CTL_IO_SCSI!");
5212
5213	if ((io->io_hdr.port_status == 0)
5214	 && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5215	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE))
5216		io->io_hdr.status = CTL_SUCCESS;
5217	else if ((io->io_hdr.port_status != 0)
5218	      && ((io->io_hdr.flags & CTL_FLAG_ABORT) == 0)
5219	      && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE)){
5220		/*
5221		 * For hardware error sense keys, the sense key
5222		 * specific value is defined to be a retry count,
5223		 * but we use it to pass back an internal FETD
5224		 * error code.  XXX KDM  Hopefully the FETD is only
5225		 * using 16 bits for an error code, since that's
5226		 * all the space we have in the sks field.
5227		 */
5228		ctl_set_internal_failure(&io->scsiio,
5229					 /*sks_valid*/ 1,
5230					 /*retry_count*/
5231					 io->io_hdr.port_status);
5232		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5233			free(io->scsiio.kern_data_ptr, M_CTL);
5234		ctl_done(io);
5235		goto bailout;
5236	}
5237
5238	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
5239	 || ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)
5240	 || ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5241		/*
5242		 * XXX KDM just assuming a single pointer here, and not a
5243		 * S/G list.  If we start using S/G lists for config data,
5244		 * we'll need to know how to clean them up here as well.
5245		 */
5246		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5247			free(io->scsiio.kern_data_ptr, M_CTL);
5248		/* Hopefully the user has already set the status... */
5249		ctl_done(io);
5250	} else {
5251		/*
5252		 * XXX KDM now we need to continue data movement.  Some
5253		 * options:
5254		 * - call ctl_scsiio() again?  We don't do this for data
5255		 *   writes, because for those at least we know ahead of
5256		 *   time where the write will go and how long it is.  For
5257		 *   config writes, though, that information is largely
5258		 *   contained within the write itself, thus we need to
5259		 *   parse out the data again.
5260		 *
5261		 * - Call some other function once the data is in?
5262		 */
5263		if (ctl_debug & CTL_DEBUG_CDB_DATA)
5264			ctl_data_print(io);
5265
5266		/*
5267		 * XXX KDM call ctl_scsiio() again for now, and check flag
5268		 * bits to see whether we're allocated or not.
5269		 */
5270		retval = ctl_scsiio(&io->scsiio);
5271	}
5272bailout:
5273	return (retval);
5274}
5275
5276/*
5277 * This gets called by a backend driver when it is done with a
5278 * data_submit method.
5279 */
5280void
5281ctl_data_submit_done(union ctl_io *io)
5282{
5283	/*
5284	 * If the IO_CONT flag is set, we need to call the supplied
5285	 * function to continue processing the I/O, instead of completing
5286	 * the I/O just yet.
5287	 *
5288	 * If there is an error, though, we don't want to keep processing.
5289	 * Instead, just send status back to the initiator.
5290	 */
5291	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5292	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5293	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5294	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5295		io->scsiio.io_cont(io);
5296		return;
5297	}
5298	ctl_done(io);
5299}
5300
5301/*
5302 * This gets called by a backend driver when it is done with a
5303 * configuration write.
5304 */
5305void
5306ctl_config_write_done(union ctl_io *io)
5307{
5308	uint8_t *buf;
5309
5310	/*
5311	 * If the IO_CONT flag is set, we need to call the supplied
5312	 * function to continue processing the I/O, instead of completing
5313	 * the I/O just yet.
5314	 *
5315	 * If there is an error, though, we don't want to keep processing.
5316	 * Instead, just send status back to the initiator.
5317	 */
5318	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5319	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5320	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5321	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5322		io->scsiio.io_cont(io);
5323		return;
5324	}
5325	/*
5326	 * Since a configuration write can be done for commands that actually
5327	 * have data allocated, like write buffer, and commands that have
5328	 * no data, like start/stop unit, we need to check here.
5329	 */
5330	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5331		buf = io->scsiio.kern_data_ptr;
5332	else
5333		buf = NULL;
5334	ctl_done(io);
5335	if (buf)
5336		free(buf, M_CTL);
5337}
5338
5339/*
5340 * SCSI release command.
5341 */
5342int
5343ctl_scsi_release(struct ctl_scsiio *ctsio)
5344{
5345	int length, longid, thirdparty_id, resv_id;
5346	struct ctl_softc *ctl_softc;
5347	struct ctl_lun *lun;
5348	uint32_t residx;
5349
5350	length = 0;
5351	resv_id = 0;
5352
5353	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5354
5355	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5356	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5357	ctl_softc = control_softc;
5358
5359	switch (ctsio->cdb[0]) {
5360	case RELEASE_10: {
5361		struct scsi_release_10 *cdb;
5362
5363		cdb = (struct scsi_release_10 *)ctsio->cdb;
5364
5365		if (cdb->byte2 & SR10_LONGID)
5366			longid = 1;
5367		else
5368			thirdparty_id = cdb->thirdparty_id;
5369
5370		resv_id = cdb->resv_id;
5371		length = scsi_2btoul(cdb->length);
5372		break;
5373	}
5374	}
5375
5376
5377	/*
5378	 * XXX KDM right now, we only support LUN reservation.  We don't
5379	 * support 3rd party reservations, or extent reservations, which
5380	 * might actually need the parameter list.  If we've gotten this
5381	 * far, we've got a LUN reservation.  Anything else got kicked out
5382	 * above.  So, according to SPC, ignore the length.
5383	 */
5384	length = 0;
5385
5386	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5387	 && (length > 0)) {
5388		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5389		ctsio->kern_data_len = length;
5390		ctsio->kern_total_len = length;
5391		ctsio->kern_data_resid = 0;
5392		ctsio->kern_rel_offset = 0;
5393		ctsio->kern_sg_entries = 0;
5394		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5395		ctsio->be_move_done = ctl_config_move_done;
5396		ctl_datamove((union ctl_io *)ctsio);
5397
5398		return (CTL_RETVAL_COMPLETE);
5399	}
5400
5401	if (length > 0)
5402		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5403
5404	mtx_lock(&lun->lun_lock);
5405
5406	/*
5407	 * According to SPC, it is not an error for an intiator to attempt
5408	 * to release a reservation on a LUN that isn't reserved, or that
5409	 * is reserved by another initiator.  The reservation can only be
5410	 * released, though, by the initiator who made it or by one of
5411	 * several reset type events.
5412	 */
5413	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5414			lun->flags &= ~CTL_LUN_RESERVED;
5415
5416	mtx_unlock(&lun->lun_lock);
5417
5418	ctsio->scsi_status = SCSI_STATUS_OK;
5419	ctsio->io_hdr.status = CTL_SUCCESS;
5420
5421	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5422		free(ctsio->kern_data_ptr, M_CTL);
5423		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5424	}
5425
5426	ctl_done((union ctl_io *)ctsio);
5427	return (CTL_RETVAL_COMPLETE);
5428}
5429
5430int
5431ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5432{
5433	int extent, thirdparty, longid;
5434	int resv_id, length;
5435	uint64_t thirdparty_id;
5436	struct ctl_softc *ctl_softc;
5437	struct ctl_lun *lun;
5438	uint32_t residx;
5439
5440	extent = 0;
5441	thirdparty = 0;
5442	longid = 0;
5443	resv_id = 0;
5444	length = 0;
5445	thirdparty_id = 0;
5446
5447	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5448
5449	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5450	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5451	ctl_softc = control_softc;
5452
5453	switch (ctsio->cdb[0]) {
5454	case RESERVE_10: {
5455		struct scsi_reserve_10 *cdb;
5456
5457		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5458
5459		if (cdb->byte2 & SR10_LONGID)
5460			longid = 1;
5461		else
5462			thirdparty_id = cdb->thirdparty_id;
5463
5464		resv_id = cdb->resv_id;
5465		length = scsi_2btoul(cdb->length);
5466		break;
5467	}
5468	}
5469
5470	/*
5471	 * XXX KDM right now, we only support LUN reservation.  We don't
5472	 * support 3rd party reservations, or extent reservations, which
5473	 * might actually need the parameter list.  If we've gotten this
5474	 * far, we've got a LUN reservation.  Anything else got kicked out
5475	 * above.  So, according to SPC, ignore the length.
5476	 */
5477	length = 0;
5478
5479	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5480	 && (length > 0)) {
5481		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5482		ctsio->kern_data_len = length;
5483		ctsio->kern_total_len = length;
5484		ctsio->kern_data_resid = 0;
5485		ctsio->kern_rel_offset = 0;
5486		ctsio->kern_sg_entries = 0;
5487		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5488		ctsio->be_move_done = ctl_config_move_done;
5489		ctl_datamove((union ctl_io *)ctsio);
5490
5491		return (CTL_RETVAL_COMPLETE);
5492	}
5493
5494	if (length > 0)
5495		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5496
5497	mtx_lock(&lun->lun_lock);
5498	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5499		ctl_set_reservation_conflict(ctsio);
5500		goto bailout;
5501	}
5502
5503	lun->flags |= CTL_LUN_RESERVED;
5504	lun->res_idx = residx;
5505
5506	ctsio->scsi_status = SCSI_STATUS_OK;
5507	ctsio->io_hdr.status = CTL_SUCCESS;
5508
5509bailout:
5510	mtx_unlock(&lun->lun_lock);
5511
5512	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5513		free(ctsio->kern_data_ptr, M_CTL);
5514		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5515	}
5516
5517	ctl_done((union ctl_io *)ctsio);
5518	return (CTL_RETVAL_COMPLETE);
5519}
5520
5521int
5522ctl_start_stop(struct ctl_scsiio *ctsio)
5523{
5524	struct scsi_start_stop_unit *cdb;
5525	struct ctl_lun *lun;
5526	struct ctl_softc *ctl_softc;
5527	int retval;
5528
5529	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5530
5531	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5532	ctl_softc = control_softc;
5533	retval = 0;
5534
5535	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5536
5537	/*
5538	 * XXX KDM
5539	 * We don't support the immediate bit on a stop unit.  In order to
5540	 * do that, we would need to code up a way to know that a stop is
5541	 * pending, and hold off any new commands until it completes, one
5542	 * way or another.  Then we could accept or reject those commands
5543	 * depending on its status.  We would almost need to do the reverse
5544	 * of what we do below for an immediate start -- return the copy of
5545	 * the ctl_io to the FETD with status to send to the host (and to
5546	 * free the copy!) and then free the original I/O once the stop
5547	 * actually completes.  That way, the OOA queue mechanism can work
5548	 * to block commands that shouldn't proceed.  Another alternative
5549	 * would be to put the copy in the queue in place of the original,
5550	 * and return the original back to the caller.  That could be
5551	 * slightly safer..
5552	 */
5553	if ((cdb->byte2 & SSS_IMMED)
5554	 && ((cdb->how & SSS_START) == 0)) {
5555		ctl_set_invalid_field(ctsio,
5556				      /*sks_valid*/ 1,
5557				      /*command*/ 1,
5558				      /*field*/ 1,
5559				      /*bit_valid*/ 1,
5560				      /*bit*/ 0);
5561		ctl_done((union ctl_io *)ctsio);
5562		return (CTL_RETVAL_COMPLETE);
5563	}
5564
5565	if ((lun->flags & CTL_LUN_PR_RESERVED)
5566	 && ((cdb->how & SSS_START)==0)) {
5567		uint32_t residx;
5568
5569		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5570		if (lun->pr_keys[residx] == 0
5571		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5572
5573			ctl_set_reservation_conflict(ctsio);
5574			ctl_done((union ctl_io *)ctsio);
5575			return (CTL_RETVAL_COMPLETE);
5576		}
5577	}
5578
5579	/*
5580	 * If there is no backend on this device, we can't start or stop
5581	 * it.  In theory we shouldn't get any start/stop commands in the
5582	 * first place at this level if the LUN doesn't have a backend.
5583	 * That should get stopped by the command decode code.
5584	 */
5585	if (lun->backend == NULL) {
5586		ctl_set_invalid_opcode(ctsio);
5587		ctl_done((union ctl_io *)ctsio);
5588		return (CTL_RETVAL_COMPLETE);
5589	}
5590
5591	/*
5592	 * XXX KDM Copan-specific offline behavior.
5593	 * Figure out a reasonable way to port this?
5594	 */
5595#ifdef NEEDTOPORT
5596	mtx_lock(&lun->lun_lock);
5597
5598	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5599	 && (lun->flags & CTL_LUN_OFFLINE)) {
5600		/*
5601		 * If the LUN is offline, and the on/offline bit isn't set,
5602		 * reject the start or stop.  Otherwise, let it through.
5603		 */
5604		mtx_unlock(&lun->lun_lock);
5605		ctl_set_lun_not_ready(ctsio);
5606		ctl_done((union ctl_io *)ctsio);
5607	} else {
5608		mtx_unlock(&lun->lun_lock);
5609#endif /* NEEDTOPORT */
5610		/*
5611		 * This could be a start or a stop when we're online,
5612		 * or a stop/offline or start/online.  A start or stop when
5613		 * we're offline is covered in the case above.
5614		 */
5615		/*
5616		 * In the non-immediate case, we send the request to
5617		 * the backend and return status to the user when
5618		 * it is done.
5619		 *
5620		 * In the immediate case, we allocate a new ctl_io
5621		 * to hold a copy of the request, and send that to
5622		 * the backend.  We then set good status on the
5623		 * user's request and return it immediately.
5624		 */
5625		if (cdb->byte2 & SSS_IMMED) {
5626			union ctl_io *new_io;
5627
5628			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5629			if (new_io == NULL) {
5630				ctl_set_busy(ctsio);
5631				ctl_done((union ctl_io *)ctsio);
5632			} else {
5633				ctl_copy_io((union ctl_io *)ctsio,
5634					    new_io);
5635				retval = lun->backend->config_write(new_io);
5636				ctl_set_success(ctsio);
5637				ctl_done((union ctl_io *)ctsio);
5638			}
5639		} else {
5640			retval = lun->backend->config_write(
5641				(union ctl_io *)ctsio);
5642		}
5643#ifdef NEEDTOPORT
5644	}
5645#endif
5646	return (retval);
5647}
5648
5649/*
5650 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5651 * we don't really do anything with the LBA and length fields if the user
5652 * passes them in.  Instead we'll just flush out the cache for the entire
5653 * LUN.
5654 */
5655int
5656ctl_sync_cache(struct ctl_scsiio *ctsio)
5657{
5658	struct ctl_lun *lun;
5659	struct ctl_softc *ctl_softc;
5660	uint64_t starting_lba;
5661	uint32_t block_count;
5662	int retval;
5663
5664	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5665
5666	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5667	ctl_softc = control_softc;
5668	retval = 0;
5669
5670	switch (ctsio->cdb[0]) {
5671	case SYNCHRONIZE_CACHE: {
5672		struct scsi_sync_cache *cdb;
5673		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5674
5675		starting_lba = scsi_4btoul(cdb->begin_lba);
5676		block_count = scsi_2btoul(cdb->lb_count);
5677		break;
5678	}
5679	case SYNCHRONIZE_CACHE_16: {
5680		struct scsi_sync_cache_16 *cdb;
5681		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5682
5683		starting_lba = scsi_8btou64(cdb->begin_lba);
5684		block_count = scsi_4btoul(cdb->lb_count);
5685		break;
5686	}
5687	default:
5688		ctl_set_invalid_opcode(ctsio);
5689		ctl_done((union ctl_io *)ctsio);
5690		goto bailout;
5691		break; /* NOTREACHED */
5692	}
5693
5694	/*
5695	 * We check the LBA and length, but don't do anything with them.
5696	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5697	 * get flushed.  This check will just help satisfy anyone who wants
5698	 * to see an error for an out of range LBA.
5699	 */
5700	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5701		ctl_set_lba_out_of_range(ctsio);
5702		ctl_done((union ctl_io *)ctsio);
5703		goto bailout;
5704	}
5705
5706	/*
5707	 * If this LUN has no backend, we can't flush the cache anyway.
5708	 */
5709	if (lun->backend == NULL) {
5710		ctl_set_invalid_opcode(ctsio);
5711		ctl_done((union ctl_io *)ctsio);
5712		goto bailout;
5713	}
5714
5715	/*
5716	 * Check to see whether we're configured to send the SYNCHRONIZE
5717	 * CACHE command directly to the back end.
5718	 */
5719	mtx_lock(&lun->lun_lock);
5720	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5721	 && (++(lun->sync_count) >= lun->sync_interval)) {
5722		lun->sync_count = 0;
5723		mtx_unlock(&lun->lun_lock);
5724		retval = lun->backend->config_write((union ctl_io *)ctsio);
5725	} else {
5726		mtx_unlock(&lun->lun_lock);
5727		ctl_set_success(ctsio);
5728		ctl_done((union ctl_io *)ctsio);
5729	}
5730
5731bailout:
5732
5733	return (retval);
5734}
5735
5736int
5737ctl_format(struct ctl_scsiio *ctsio)
5738{
5739	struct scsi_format *cdb;
5740	struct ctl_lun *lun;
5741	struct ctl_softc *ctl_softc;
5742	int length, defect_list_len;
5743
5744	CTL_DEBUG_PRINT(("ctl_format\n"));
5745
5746	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5747	ctl_softc = control_softc;
5748
5749	cdb = (struct scsi_format *)ctsio->cdb;
5750
5751	length = 0;
5752	if (cdb->byte2 & SF_FMTDATA) {
5753		if (cdb->byte2 & SF_LONGLIST)
5754			length = sizeof(struct scsi_format_header_long);
5755		else
5756			length = sizeof(struct scsi_format_header_short);
5757	}
5758
5759	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5760	 && (length > 0)) {
5761		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5762		ctsio->kern_data_len = length;
5763		ctsio->kern_total_len = length;
5764		ctsio->kern_data_resid = 0;
5765		ctsio->kern_rel_offset = 0;
5766		ctsio->kern_sg_entries = 0;
5767		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5768		ctsio->be_move_done = ctl_config_move_done;
5769		ctl_datamove((union ctl_io *)ctsio);
5770
5771		return (CTL_RETVAL_COMPLETE);
5772	}
5773
5774	defect_list_len = 0;
5775
5776	if (cdb->byte2 & SF_FMTDATA) {
5777		if (cdb->byte2 & SF_LONGLIST) {
5778			struct scsi_format_header_long *header;
5779
5780			header = (struct scsi_format_header_long *)
5781				ctsio->kern_data_ptr;
5782
5783			defect_list_len = scsi_4btoul(header->defect_list_len);
5784			if (defect_list_len != 0) {
5785				ctl_set_invalid_field(ctsio,
5786						      /*sks_valid*/ 1,
5787						      /*command*/ 0,
5788						      /*field*/ 2,
5789						      /*bit_valid*/ 0,
5790						      /*bit*/ 0);
5791				goto bailout;
5792			}
5793		} else {
5794			struct scsi_format_header_short *header;
5795
5796			header = (struct scsi_format_header_short *)
5797				ctsio->kern_data_ptr;
5798
5799			defect_list_len = scsi_2btoul(header->defect_list_len);
5800			if (defect_list_len != 0) {
5801				ctl_set_invalid_field(ctsio,
5802						      /*sks_valid*/ 1,
5803						      /*command*/ 0,
5804						      /*field*/ 2,
5805						      /*bit_valid*/ 0,
5806						      /*bit*/ 0);
5807				goto bailout;
5808			}
5809		}
5810	}
5811
5812	/*
5813	 * The format command will clear out the "Medium format corrupted"
5814	 * status if set by the configuration code.  That status is really
5815	 * just a way to notify the host that we have lost the media, and
5816	 * get them to issue a command that will basically make them think
5817	 * they're blowing away the media.
5818	 */
5819	mtx_lock(&lun->lun_lock);
5820	lun->flags &= ~CTL_LUN_INOPERABLE;
5821	mtx_unlock(&lun->lun_lock);
5822
5823	ctsio->scsi_status = SCSI_STATUS_OK;
5824	ctsio->io_hdr.status = CTL_SUCCESS;
5825bailout:
5826
5827	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5828		free(ctsio->kern_data_ptr, M_CTL);
5829		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5830	}
5831
5832	ctl_done((union ctl_io *)ctsio);
5833	return (CTL_RETVAL_COMPLETE);
5834}
5835
5836int
5837ctl_read_buffer(struct ctl_scsiio *ctsio)
5838{
5839	struct scsi_read_buffer *cdb;
5840	struct ctl_lun *lun;
5841	int buffer_offset, len;
5842	static uint8_t descr[4];
5843	static uint8_t echo_descr[4] = { 0 };
5844
5845	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5846
5847	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5848	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5849
5850	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5851	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5852	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5853		ctl_set_invalid_field(ctsio,
5854				      /*sks_valid*/ 1,
5855				      /*command*/ 1,
5856				      /*field*/ 1,
5857				      /*bit_valid*/ 1,
5858				      /*bit*/ 4);
5859		ctl_done((union ctl_io *)ctsio);
5860		return (CTL_RETVAL_COMPLETE);
5861	}
5862
5863	len = scsi_3btoul(cdb->length);
5864	buffer_offset = scsi_3btoul(cdb->offset);
5865
5866	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5867		ctl_set_invalid_field(ctsio,
5868				      /*sks_valid*/ 1,
5869				      /*command*/ 1,
5870				      /*field*/ 6,
5871				      /*bit_valid*/ 0,
5872				      /*bit*/ 0);
5873		ctl_done((union ctl_io *)ctsio);
5874		return (CTL_RETVAL_COMPLETE);
5875	}
5876
5877	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5878		descr[0] = 0;
5879		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5880		ctsio->kern_data_ptr = descr;
5881		len = min(len, sizeof(descr));
5882	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5883		ctsio->kern_data_ptr = echo_descr;
5884		len = min(len, sizeof(echo_descr));
5885	} else {
5886		if (lun->write_buffer == NULL) {
5887			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5888			    M_CTL, M_WAITOK);
5889		}
5890		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5891	}
5892	ctsio->kern_data_len = len;
5893	ctsio->kern_total_len = len;
5894	ctsio->kern_data_resid = 0;
5895	ctsio->kern_rel_offset = 0;
5896	ctsio->kern_sg_entries = 0;
5897	ctsio->be_move_done = ctl_config_move_done;
5898	ctl_datamove((union ctl_io *)ctsio);
5899
5900	return (CTL_RETVAL_COMPLETE);
5901}
5902
5903int
5904ctl_write_buffer(struct ctl_scsiio *ctsio)
5905{
5906	struct scsi_write_buffer *cdb;
5907	struct ctl_lun *lun;
5908	int buffer_offset, len;
5909
5910	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5911
5912	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5913	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5914
5915	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5916		ctl_set_invalid_field(ctsio,
5917				      /*sks_valid*/ 1,
5918				      /*command*/ 1,
5919				      /*field*/ 1,
5920				      /*bit_valid*/ 1,
5921				      /*bit*/ 4);
5922		ctl_done((union ctl_io *)ctsio);
5923		return (CTL_RETVAL_COMPLETE);
5924	}
5925
5926	len = scsi_3btoul(cdb->length);
5927	buffer_offset = scsi_3btoul(cdb->offset);
5928
5929	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5930		ctl_set_invalid_field(ctsio,
5931				      /*sks_valid*/ 1,
5932				      /*command*/ 1,
5933				      /*field*/ 6,
5934				      /*bit_valid*/ 0,
5935				      /*bit*/ 0);
5936		ctl_done((union ctl_io *)ctsio);
5937		return (CTL_RETVAL_COMPLETE);
5938	}
5939
5940	/*
5941	 * If we've got a kernel request that hasn't been malloced yet,
5942	 * malloc it and tell the caller the data buffer is here.
5943	 */
5944	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5945		if (lun->write_buffer == NULL) {
5946			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5947			    M_CTL, M_WAITOK);
5948		}
5949		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5950		ctsio->kern_data_len = len;
5951		ctsio->kern_total_len = len;
5952		ctsio->kern_data_resid = 0;
5953		ctsio->kern_rel_offset = 0;
5954		ctsio->kern_sg_entries = 0;
5955		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5956		ctsio->be_move_done = ctl_config_move_done;
5957		ctl_datamove((union ctl_io *)ctsio);
5958
5959		return (CTL_RETVAL_COMPLETE);
5960	}
5961
5962	ctl_done((union ctl_io *)ctsio);
5963
5964	return (CTL_RETVAL_COMPLETE);
5965}
5966
5967int
5968ctl_write_same(struct ctl_scsiio *ctsio)
5969{
5970	struct ctl_lun *lun;
5971	struct ctl_lba_len_flags *lbalen;
5972	uint64_t lba;
5973	uint32_t num_blocks;
5974	int len, retval;
5975	uint8_t byte2;
5976
5977	retval = CTL_RETVAL_COMPLETE;
5978
5979	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5980
5981	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5982
5983	switch (ctsio->cdb[0]) {
5984	case WRITE_SAME_10: {
5985		struct scsi_write_same_10 *cdb;
5986
5987		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5988
5989		lba = scsi_4btoul(cdb->addr);
5990		num_blocks = scsi_2btoul(cdb->length);
5991		byte2 = cdb->byte2;
5992		break;
5993	}
5994	case WRITE_SAME_16: {
5995		struct scsi_write_same_16 *cdb;
5996
5997		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5998
5999		lba = scsi_8btou64(cdb->addr);
6000		num_blocks = scsi_4btoul(cdb->length);
6001		byte2 = cdb->byte2;
6002		break;
6003	}
6004	default:
6005		/*
6006		 * We got a command we don't support.  This shouldn't
6007		 * happen, commands should be filtered out above us.
6008		 */
6009		ctl_set_invalid_opcode(ctsio);
6010		ctl_done((union ctl_io *)ctsio);
6011
6012		return (CTL_RETVAL_COMPLETE);
6013		break; /* NOTREACHED */
6014	}
6015
6016	/* NDOB and ANCHOR flags can be used only together with UNMAP */
6017	if ((byte2 & SWS_UNMAP) == 0 &&
6018	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
6019		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
6020		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
6021		ctl_done((union ctl_io *)ctsio);
6022		return (CTL_RETVAL_COMPLETE);
6023	}
6024
6025	/*
6026	 * The first check is to make sure we're in bounds, the second
6027	 * check is to catch wrap-around problems.  If the lba + num blocks
6028	 * is less than the lba, then we've wrapped around and the block
6029	 * range is invalid anyway.
6030	 */
6031	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6032	 || ((lba + num_blocks) < lba)) {
6033		ctl_set_lba_out_of_range(ctsio);
6034		ctl_done((union ctl_io *)ctsio);
6035		return (CTL_RETVAL_COMPLETE);
6036	}
6037
6038	/* Zero number of blocks means "to the last logical block" */
6039	if (num_blocks == 0) {
6040		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
6041			ctl_set_invalid_field(ctsio,
6042					      /*sks_valid*/ 0,
6043					      /*command*/ 1,
6044					      /*field*/ 0,
6045					      /*bit_valid*/ 0,
6046					      /*bit*/ 0);
6047			ctl_done((union ctl_io *)ctsio);
6048			return (CTL_RETVAL_COMPLETE);
6049		}
6050		num_blocks = (lun->be_lun->maxlba + 1) - lba;
6051	}
6052
6053	len = lun->be_lun->blocksize;
6054
6055	/*
6056	 * If we've got a kernel request that hasn't been malloced yet,
6057	 * malloc it and tell the caller the data buffer is here.
6058	 */
6059	if ((byte2 & SWS_NDOB) == 0 &&
6060	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6061		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
6062		ctsio->kern_data_len = len;
6063		ctsio->kern_total_len = len;
6064		ctsio->kern_data_resid = 0;
6065		ctsio->kern_rel_offset = 0;
6066		ctsio->kern_sg_entries = 0;
6067		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6068		ctsio->be_move_done = ctl_config_move_done;
6069		ctl_datamove((union ctl_io *)ctsio);
6070
6071		return (CTL_RETVAL_COMPLETE);
6072	}
6073
6074	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6075	lbalen->lba = lba;
6076	lbalen->len = num_blocks;
6077	lbalen->flags = byte2;
6078	retval = lun->backend->config_write((union ctl_io *)ctsio);
6079
6080	return (retval);
6081}
6082
6083int
6084ctl_unmap(struct ctl_scsiio *ctsio)
6085{
6086	struct ctl_lun *lun;
6087	struct scsi_unmap *cdb;
6088	struct ctl_ptr_len_flags *ptrlen;
6089	struct scsi_unmap_header *hdr;
6090	struct scsi_unmap_desc *buf, *end, *endnz, *range;
6091	uint64_t lba;
6092	uint32_t num_blocks;
6093	int len, retval;
6094	uint8_t byte2;
6095
6096	retval = CTL_RETVAL_COMPLETE;
6097
6098	CTL_DEBUG_PRINT(("ctl_unmap\n"));
6099
6100	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6101	cdb = (struct scsi_unmap *)ctsio->cdb;
6102
6103	len = scsi_2btoul(cdb->length);
6104	byte2 = cdb->byte2;
6105
6106	/*
6107	 * If we've got a kernel request that hasn't been malloced yet,
6108	 * malloc it and tell the caller the data buffer is here.
6109	 */
6110	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6111		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
6112		ctsio->kern_data_len = len;
6113		ctsio->kern_total_len = len;
6114		ctsio->kern_data_resid = 0;
6115		ctsio->kern_rel_offset = 0;
6116		ctsio->kern_sg_entries = 0;
6117		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6118		ctsio->be_move_done = ctl_config_move_done;
6119		ctl_datamove((union ctl_io *)ctsio);
6120
6121		return (CTL_RETVAL_COMPLETE);
6122	}
6123
6124	len = ctsio->kern_total_len - ctsio->kern_data_resid;
6125	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
6126	if (len < sizeof (*hdr) ||
6127	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
6128	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
6129	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
6130		ctl_set_invalid_field(ctsio,
6131				      /*sks_valid*/ 0,
6132				      /*command*/ 0,
6133				      /*field*/ 0,
6134				      /*bit_valid*/ 0,
6135				      /*bit*/ 0);
6136		ctl_done((union ctl_io *)ctsio);
6137		return (CTL_RETVAL_COMPLETE);
6138	}
6139	len = scsi_2btoul(hdr->desc_length);
6140	buf = (struct scsi_unmap_desc *)(hdr + 1);
6141	end = buf + len / sizeof(*buf);
6142
6143	endnz = buf;
6144	for (range = buf; range < end; range++) {
6145		lba = scsi_8btou64(range->lba);
6146		num_blocks = scsi_4btoul(range->length);
6147		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6148		 || ((lba + num_blocks) < lba)) {
6149			ctl_set_lba_out_of_range(ctsio);
6150			ctl_done((union ctl_io *)ctsio);
6151			return (CTL_RETVAL_COMPLETE);
6152		}
6153		if (num_blocks != 0)
6154			endnz = range + 1;
6155	}
6156
6157	/*
6158	 * Block backend can not handle zero last range.
6159	 * Filter it out and return if there is nothing left.
6160	 */
6161	len = (uint8_t *)endnz - (uint8_t *)buf;
6162	if (len == 0) {
6163		ctl_set_success(ctsio);
6164		ctl_done((union ctl_io *)ctsio);
6165		return (CTL_RETVAL_COMPLETE);
6166	}
6167
6168	mtx_lock(&lun->lun_lock);
6169	ptrlen = (struct ctl_ptr_len_flags *)
6170	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6171	ptrlen->ptr = (void *)buf;
6172	ptrlen->len = len;
6173	ptrlen->flags = byte2;
6174	ctl_check_blocked(lun);
6175	mtx_unlock(&lun->lun_lock);
6176
6177	retval = lun->backend->config_write((union ctl_io *)ctsio);
6178	return (retval);
6179}
6180
6181/*
6182 * Note that this function currently doesn't actually do anything inside
6183 * CTL to enforce things if the DQue bit is turned on.
6184 *
6185 * Also note that this function can't be used in the default case, because
6186 * the DQue bit isn't set in the changeable mask for the control mode page
6187 * anyway.  This is just here as an example for how to implement a page
6188 * handler, and a placeholder in case we want to allow the user to turn
6189 * tagged queueing on and off.
6190 *
6191 * The D_SENSE bit handling is functional, however, and will turn
6192 * descriptor sense on and off for a given LUN.
6193 */
6194int
6195ctl_control_page_handler(struct ctl_scsiio *ctsio,
6196			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6197{
6198	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6199	struct ctl_lun *lun;
6200	struct ctl_softc *softc;
6201	int set_ua;
6202	uint32_t initidx;
6203
6204	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6205	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6206	set_ua = 0;
6207
6208	user_cp = (struct scsi_control_page *)page_ptr;
6209	current_cp = (struct scsi_control_page *)
6210		(page_index->page_data + (page_index->page_len *
6211		CTL_PAGE_CURRENT));
6212	saved_cp = (struct scsi_control_page *)
6213		(page_index->page_data + (page_index->page_len *
6214		CTL_PAGE_SAVED));
6215
6216	softc = control_softc;
6217
6218	mtx_lock(&lun->lun_lock);
6219	if (((current_cp->rlec & SCP_DSENSE) == 0)
6220	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6221		/*
6222		 * Descriptor sense is currently turned off and the user
6223		 * wants to turn it on.
6224		 */
6225		current_cp->rlec |= SCP_DSENSE;
6226		saved_cp->rlec |= SCP_DSENSE;
6227		lun->flags |= CTL_LUN_SENSE_DESC;
6228		set_ua = 1;
6229	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6230		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6231		/*
6232		 * Descriptor sense is currently turned on, and the user
6233		 * wants to turn it off.
6234		 */
6235		current_cp->rlec &= ~SCP_DSENSE;
6236		saved_cp->rlec &= ~SCP_DSENSE;
6237		lun->flags &= ~CTL_LUN_SENSE_DESC;
6238		set_ua = 1;
6239	}
6240	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6241	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6242		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6243		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6244		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6245		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6246		set_ua = 1;
6247	}
6248	if ((current_cp->eca_and_aen & SCP_SWP) !=
6249	    (user_cp->eca_and_aen & SCP_SWP)) {
6250		current_cp->eca_and_aen &= ~SCP_SWP;
6251		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6252		saved_cp->eca_and_aen &= ~SCP_SWP;
6253		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6254		set_ua = 1;
6255	}
6256	if (set_ua != 0) {
6257		int i;
6258		/*
6259		 * Let other initiators know that the mode
6260		 * parameters for this LUN have changed.
6261		 */
6262		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6263			if (i == initidx)
6264				continue;
6265
6266			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6267		}
6268	}
6269	mtx_unlock(&lun->lun_lock);
6270
6271	return (0);
6272}
6273
6274int
6275ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6276		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6277{
6278	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6279	struct ctl_lun *lun;
6280	int set_ua;
6281	uint32_t initidx;
6282
6283	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6284	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6285	set_ua = 0;
6286
6287	user_cp = (struct scsi_caching_page *)page_ptr;
6288	current_cp = (struct scsi_caching_page *)
6289		(page_index->page_data + (page_index->page_len *
6290		CTL_PAGE_CURRENT));
6291	saved_cp = (struct scsi_caching_page *)
6292		(page_index->page_data + (page_index->page_len *
6293		CTL_PAGE_SAVED));
6294
6295	mtx_lock(&lun->lun_lock);
6296	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6297	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6298		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6299		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6300		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6301		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6302		set_ua = 1;
6303	}
6304	if (set_ua != 0) {
6305		int i;
6306		/*
6307		 * Let other initiators know that the mode
6308		 * parameters for this LUN have changed.
6309		 */
6310		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
6311			if (i == initidx)
6312				continue;
6313
6314			lun->pending_ua[i] |= CTL_UA_MODE_CHANGE;
6315		}
6316	}
6317	mtx_unlock(&lun->lun_lock);
6318
6319	return (0);
6320}
6321
6322int
6323ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6324				struct ctl_page_index *page_index,
6325				uint8_t *page_ptr)
6326{
6327	uint8_t *c;
6328	int i;
6329
6330	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6331	ctl_time_io_secs =
6332		(c[0] << 8) |
6333		(c[1] << 0) |
6334		0;
6335	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6336	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6337	printf("page data:");
6338	for (i=0; i<8; i++)
6339		printf(" %.2x",page_ptr[i]);
6340	printf("\n");
6341	return (0);
6342}
6343
6344int
6345ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6346			       struct ctl_page_index *page_index,
6347			       int pc)
6348{
6349	struct copan_debugconf_subpage *page;
6350
6351	page = (struct copan_debugconf_subpage *)page_index->page_data +
6352		(page_index->page_len * pc);
6353
6354	switch (pc) {
6355	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6356	case SMS_PAGE_CTRL_DEFAULT >> 6:
6357	case SMS_PAGE_CTRL_SAVED >> 6:
6358		/*
6359		 * We don't update the changable or default bits for this page.
6360		 */
6361		break;
6362	case SMS_PAGE_CTRL_CURRENT >> 6:
6363		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6364		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6365		break;
6366	default:
6367#ifdef NEEDTOPORT
6368		EPRINT(0, "Invalid PC %d!!", pc);
6369#endif /* NEEDTOPORT */
6370		break;
6371	}
6372	return (0);
6373}
6374
6375
6376static int
6377ctl_do_mode_select(union ctl_io *io)
6378{
6379	struct scsi_mode_page_header *page_header;
6380	struct ctl_page_index *page_index;
6381	struct ctl_scsiio *ctsio;
6382	int control_dev, page_len;
6383	int page_len_offset, page_len_size;
6384	union ctl_modepage_info *modepage_info;
6385	struct ctl_lun *lun;
6386	int *len_left, *len_used;
6387	int retval, i;
6388
6389	ctsio = &io->scsiio;
6390	page_index = NULL;
6391	page_len = 0;
6392	retval = CTL_RETVAL_COMPLETE;
6393
6394	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6395
6396	if (lun->be_lun->lun_type != T_DIRECT)
6397		control_dev = 1;
6398	else
6399		control_dev = 0;
6400
6401	modepage_info = (union ctl_modepage_info *)
6402		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6403	len_left = &modepage_info->header.len_left;
6404	len_used = &modepage_info->header.len_used;
6405
6406do_next_page:
6407
6408	page_header = (struct scsi_mode_page_header *)
6409		(ctsio->kern_data_ptr + *len_used);
6410
6411	if (*len_left == 0) {
6412		free(ctsio->kern_data_ptr, M_CTL);
6413		ctl_set_success(ctsio);
6414		ctl_done((union ctl_io *)ctsio);
6415		return (CTL_RETVAL_COMPLETE);
6416	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6417
6418		free(ctsio->kern_data_ptr, M_CTL);
6419		ctl_set_param_len_error(ctsio);
6420		ctl_done((union ctl_io *)ctsio);
6421		return (CTL_RETVAL_COMPLETE);
6422
6423	} else if ((page_header->page_code & SMPH_SPF)
6424		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6425
6426		free(ctsio->kern_data_ptr, M_CTL);
6427		ctl_set_param_len_error(ctsio);
6428		ctl_done((union ctl_io *)ctsio);
6429		return (CTL_RETVAL_COMPLETE);
6430	}
6431
6432
6433	/*
6434	 * XXX KDM should we do something with the block descriptor?
6435	 */
6436	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6437
6438		if ((control_dev != 0)
6439		 && (lun->mode_pages.index[i].page_flags &
6440		     CTL_PAGE_FLAG_DISK_ONLY))
6441			continue;
6442
6443		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6444		    (page_header->page_code & SMPH_PC_MASK))
6445			continue;
6446
6447		/*
6448		 * If neither page has a subpage code, then we've got a
6449		 * match.
6450		 */
6451		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6452		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6453			page_index = &lun->mode_pages.index[i];
6454			page_len = page_header->page_length;
6455			break;
6456		}
6457
6458		/*
6459		 * If both pages have subpages, then the subpage numbers
6460		 * have to match.
6461		 */
6462		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6463		  && (page_header->page_code & SMPH_SPF)) {
6464			struct scsi_mode_page_header_sp *sph;
6465
6466			sph = (struct scsi_mode_page_header_sp *)page_header;
6467
6468			if (lun->mode_pages.index[i].subpage ==
6469			    sph->subpage) {
6470				page_index = &lun->mode_pages.index[i];
6471				page_len = scsi_2btoul(sph->page_length);
6472				break;
6473			}
6474		}
6475	}
6476
6477	/*
6478	 * If we couldn't find the page, or if we don't have a mode select
6479	 * handler for it, send back an error to the user.
6480	 */
6481	if ((page_index == NULL)
6482	 || (page_index->select_handler == NULL)) {
6483		ctl_set_invalid_field(ctsio,
6484				      /*sks_valid*/ 1,
6485				      /*command*/ 0,
6486				      /*field*/ *len_used,
6487				      /*bit_valid*/ 0,
6488				      /*bit*/ 0);
6489		free(ctsio->kern_data_ptr, M_CTL);
6490		ctl_done((union ctl_io *)ctsio);
6491		return (CTL_RETVAL_COMPLETE);
6492	}
6493
6494	if (page_index->page_code & SMPH_SPF) {
6495		page_len_offset = 2;
6496		page_len_size = 2;
6497	} else {
6498		page_len_size = 1;
6499		page_len_offset = 1;
6500	}
6501
6502	/*
6503	 * If the length the initiator gives us isn't the one we specify in
6504	 * the mode page header, or if they didn't specify enough data in
6505	 * the CDB to avoid truncating this page, kick out the request.
6506	 */
6507	if ((page_len != (page_index->page_len - page_len_offset -
6508			  page_len_size))
6509	 || (*len_left < page_index->page_len)) {
6510
6511
6512		ctl_set_invalid_field(ctsio,
6513				      /*sks_valid*/ 1,
6514				      /*command*/ 0,
6515				      /*field*/ *len_used + page_len_offset,
6516				      /*bit_valid*/ 0,
6517				      /*bit*/ 0);
6518		free(ctsio->kern_data_ptr, M_CTL);
6519		ctl_done((union ctl_io *)ctsio);
6520		return (CTL_RETVAL_COMPLETE);
6521	}
6522
6523	/*
6524	 * Run through the mode page, checking to make sure that the bits
6525	 * the user changed are actually legal for him to change.
6526	 */
6527	for (i = 0; i < page_index->page_len; i++) {
6528		uint8_t *user_byte, *change_mask, *current_byte;
6529		int bad_bit;
6530		int j;
6531
6532		user_byte = (uint8_t *)page_header + i;
6533		change_mask = page_index->page_data +
6534			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6535		current_byte = page_index->page_data +
6536			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6537
6538		/*
6539		 * Check to see whether the user set any bits in this byte
6540		 * that he is not allowed to set.
6541		 */
6542		if ((*user_byte & ~(*change_mask)) ==
6543		    (*current_byte & ~(*change_mask)))
6544			continue;
6545
6546		/*
6547		 * Go through bit by bit to determine which one is illegal.
6548		 */
6549		bad_bit = 0;
6550		for (j = 7; j >= 0; j--) {
6551			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6552			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6553				bad_bit = i;
6554				break;
6555			}
6556		}
6557		ctl_set_invalid_field(ctsio,
6558				      /*sks_valid*/ 1,
6559				      /*command*/ 0,
6560				      /*field*/ *len_used + i,
6561				      /*bit_valid*/ 1,
6562				      /*bit*/ bad_bit);
6563		free(ctsio->kern_data_ptr, M_CTL);
6564		ctl_done((union ctl_io *)ctsio);
6565		return (CTL_RETVAL_COMPLETE);
6566	}
6567
6568	/*
6569	 * Decrement these before we call the page handler, since we may
6570	 * end up getting called back one way or another before the handler
6571	 * returns to this context.
6572	 */
6573	*len_left -= page_index->page_len;
6574	*len_used += page_index->page_len;
6575
6576	retval = page_index->select_handler(ctsio, page_index,
6577					    (uint8_t *)page_header);
6578
6579	/*
6580	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6581	 * wait until this queued command completes to finish processing
6582	 * the mode page.  If it returns anything other than
6583	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6584	 * already set the sense information, freed the data pointer, and
6585	 * completed the io for us.
6586	 */
6587	if (retval != CTL_RETVAL_COMPLETE)
6588		goto bailout_no_done;
6589
6590	/*
6591	 * If the initiator sent us more than one page, parse the next one.
6592	 */
6593	if (*len_left > 0)
6594		goto do_next_page;
6595
6596	ctl_set_success(ctsio);
6597	free(ctsio->kern_data_ptr, M_CTL);
6598	ctl_done((union ctl_io *)ctsio);
6599
6600bailout_no_done:
6601
6602	return (CTL_RETVAL_COMPLETE);
6603
6604}
6605
6606int
6607ctl_mode_select(struct ctl_scsiio *ctsio)
6608{
6609	int param_len, pf, sp;
6610	int header_size, bd_len;
6611	int len_left, len_used;
6612	struct ctl_page_index *page_index;
6613	struct ctl_lun *lun;
6614	int control_dev, page_len;
6615	union ctl_modepage_info *modepage_info;
6616	int retval;
6617
6618	pf = 0;
6619	sp = 0;
6620	page_len = 0;
6621	len_used = 0;
6622	len_left = 0;
6623	retval = 0;
6624	bd_len = 0;
6625	page_index = NULL;
6626
6627	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6628
6629	if (lun->be_lun->lun_type != T_DIRECT)
6630		control_dev = 1;
6631	else
6632		control_dev = 0;
6633
6634	switch (ctsio->cdb[0]) {
6635	case MODE_SELECT_6: {
6636		struct scsi_mode_select_6 *cdb;
6637
6638		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6639
6640		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6641		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6642
6643		param_len = cdb->length;
6644		header_size = sizeof(struct scsi_mode_header_6);
6645		break;
6646	}
6647	case MODE_SELECT_10: {
6648		struct scsi_mode_select_10 *cdb;
6649
6650		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6651
6652		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6653		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6654
6655		param_len = scsi_2btoul(cdb->length);
6656		header_size = sizeof(struct scsi_mode_header_10);
6657		break;
6658	}
6659	default:
6660		ctl_set_invalid_opcode(ctsio);
6661		ctl_done((union ctl_io *)ctsio);
6662		return (CTL_RETVAL_COMPLETE);
6663		break; /* NOTREACHED */
6664	}
6665
6666	/*
6667	 * From SPC-3:
6668	 * "A parameter list length of zero indicates that the Data-Out Buffer
6669	 * shall be empty. This condition shall not be considered as an error."
6670	 */
6671	if (param_len == 0) {
6672		ctl_set_success(ctsio);
6673		ctl_done((union ctl_io *)ctsio);
6674		return (CTL_RETVAL_COMPLETE);
6675	}
6676
6677	/*
6678	 * Since we'll hit this the first time through, prior to
6679	 * allocation, we don't need to free a data buffer here.
6680	 */
6681	if (param_len < header_size) {
6682		ctl_set_param_len_error(ctsio);
6683		ctl_done((union ctl_io *)ctsio);
6684		return (CTL_RETVAL_COMPLETE);
6685	}
6686
6687	/*
6688	 * Allocate the data buffer and grab the user's data.  In theory,
6689	 * we shouldn't have to sanity check the parameter list length here
6690	 * because the maximum size is 64K.  We should be able to malloc
6691	 * that much without too many problems.
6692	 */
6693	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6694		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6695		ctsio->kern_data_len = param_len;
6696		ctsio->kern_total_len = param_len;
6697		ctsio->kern_data_resid = 0;
6698		ctsio->kern_rel_offset = 0;
6699		ctsio->kern_sg_entries = 0;
6700		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6701		ctsio->be_move_done = ctl_config_move_done;
6702		ctl_datamove((union ctl_io *)ctsio);
6703
6704		return (CTL_RETVAL_COMPLETE);
6705	}
6706
6707	switch (ctsio->cdb[0]) {
6708	case MODE_SELECT_6: {
6709		struct scsi_mode_header_6 *mh6;
6710
6711		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6712		bd_len = mh6->blk_desc_len;
6713		break;
6714	}
6715	case MODE_SELECT_10: {
6716		struct scsi_mode_header_10 *mh10;
6717
6718		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6719		bd_len = scsi_2btoul(mh10->blk_desc_len);
6720		break;
6721	}
6722	default:
6723		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6724		break;
6725	}
6726
6727	if (param_len < (header_size + bd_len)) {
6728		free(ctsio->kern_data_ptr, M_CTL);
6729		ctl_set_param_len_error(ctsio);
6730		ctl_done((union ctl_io *)ctsio);
6731		return (CTL_RETVAL_COMPLETE);
6732	}
6733
6734	/*
6735	 * Set the IO_CONT flag, so that if this I/O gets passed to
6736	 * ctl_config_write_done(), it'll get passed back to
6737	 * ctl_do_mode_select() for further processing, or completion if
6738	 * we're all done.
6739	 */
6740	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6741	ctsio->io_cont = ctl_do_mode_select;
6742
6743	modepage_info = (union ctl_modepage_info *)
6744		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6745
6746	memset(modepage_info, 0, sizeof(*modepage_info));
6747
6748	len_left = param_len - header_size - bd_len;
6749	len_used = header_size + bd_len;
6750
6751	modepage_info->header.len_left = len_left;
6752	modepage_info->header.len_used = len_used;
6753
6754	return (ctl_do_mode_select((union ctl_io *)ctsio));
6755}
6756
6757int
6758ctl_mode_sense(struct ctl_scsiio *ctsio)
6759{
6760	struct ctl_lun *lun;
6761	int pc, page_code, dbd, llba, subpage;
6762	int alloc_len, page_len, header_len, total_len;
6763	struct scsi_mode_block_descr *block_desc;
6764	struct ctl_page_index *page_index;
6765	int control_dev;
6766
6767	dbd = 0;
6768	llba = 0;
6769	block_desc = NULL;
6770	page_index = NULL;
6771
6772	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6773
6774	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6775
6776	if (lun->be_lun->lun_type != T_DIRECT)
6777		control_dev = 1;
6778	else
6779		control_dev = 0;
6780
6781	switch (ctsio->cdb[0]) {
6782	case MODE_SENSE_6: {
6783		struct scsi_mode_sense_6 *cdb;
6784
6785		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6786
6787		header_len = sizeof(struct scsi_mode_hdr_6);
6788		if (cdb->byte2 & SMS_DBD)
6789			dbd = 1;
6790		else
6791			header_len += sizeof(struct scsi_mode_block_descr);
6792
6793		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6794		page_code = cdb->page & SMS_PAGE_CODE;
6795		subpage = cdb->subpage;
6796		alloc_len = cdb->length;
6797		break;
6798	}
6799	case MODE_SENSE_10: {
6800		struct scsi_mode_sense_10 *cdb;
6801
6802		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6803
6804		header_len = sizeof(struct scsi_mode_hdr_10);
6805
6806		if (cdb->byte2 & SMS_DBD)
6807			dbd = 1;
6808		else
6809			header_len += sizeof(struct scsi_mode_block_descr);
6810		if (cdb->byte2 & SMS10_LLBAA)
6811			llba = 1;
6812		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6813		page_code = cdb->page & SMS_PAGE_CODE;
6814		subpage = cdb->subpage;
6815		alloc_len = scsi_2btoul(cdb->length);
6816		break;
6817	}
6818	default:
6819		ctl_set_invalid_opcode(ctsio);
6820		ctl_done((union ctl_io *)ctsio);
6821		return (CTL_RETVAL_COMPLETE);
6822		break; /* NOTREACHED */
6823	}
6824
6825	/*
6826	 * We have to make a first pass through to calculate the size of
6827	 * the pages that match the user's query.  Then we allocate enough
6828	 * memory to hold it, and actually copy the data into the buffer.
6829	 */
6830	switch (page_code) {
6831	case SMS_ALL_PAGES_PAGE: {
6832		int i;
6833
6834		page_len = 0;
6835
6836		/*
6837		 * At the moment, values other than 0 and 0xff here are
6838		 * reserved according to SPC-3.
6839		 */
6840		if ((subpage != SMS_SUBPAGE_PAGE_0)
6841		 && (subpage != SMS_SUBPAGE_ALL)) {
6842			ctl_set_invalid_field(ctsio,
6843					      /*sks_valid*/ 1,
6844					      /*command*/ 1,
6845					      /*field*/ 3,
6846					      /*bit_valid*/ 0,
6847					      /*bit*/ 0);
6848			ctl_done((union ctl_io *)ctsio);
6849			return (CTL_RETVAL_COMPLETE);
6850		}
6851
6852		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6853			if ((control_dev != 0)
6854			 && (lun->mode_pages.index[i].page_flags &
6855			     CTL_PAGE_FLAG_DISK_ONLY))
6856				continue;
6857
6858			/*
6859			 * We don't use this subpage if the user didn't
6860			 * request all subpages.
6861			 */
6862			if ((lun->mode_pages.index[i].subpage != 0)
6863			 && (subpage == SMS_SUBPAGE_PAGE_0))
6864				continue;
6865
6866#if 0
6867			printf("found page %#x len %d\n",
6868			       lun->mode_pages.index[i].page_code &
6869			       SMPH_PC_MASK,
6870			       lun->mode_pages.index[i].page_len);
6871#endif
6872			page_len += lun->mode_pages.index[i].page_len;
6873		}
6874		break;
6875	}
6876	default: {
6877		int i;
6878
6879		page_len = 0;
6880
6881		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6882			/* Look for the right page code */
6883			if ((lun->mode_pages.index[i].page_code &
6884			     SMPH_PC_MASK) != page_code)
6885				continue;
6886
6887			/* Look for the right subpage or the subpage wildcard*/
6888			if ((lun->mode_pages.index[i].subpage != subpage)
6889			 && (subpage != SMS_SUBPAGE_ALL))
6890				continue;
6891
6892			/* Make sure the page is supported for this dev type */
6893			if ((control_dev != 0)
6894			 && (lun->mode_pages.index[i].page_flags &
6895			     CTL_PAGE_FLAG_DISK_ONLY))
6896				continue;
6897
6898#if 0
6899			printf("found page %#x len %d\n",
6900			       lun->mode_pages.index[i].page_code &
6901			       SMPH_PC_MASK,
6902			       lun->mode_pages.index[i].page_len);
6903#endif
6904
6905			page_len += lun->mode_pages.index[i].page_len;
6906		}
6907
6908		if (page_len == 0) {
6909			ctl_set_invalid_field(ctsio,
6910					      /*sks_valid*/ 1,
6911					      /*command*/ 1,
6912					      /*field*/ 2,
6913					      /*bit_valid*/ 1,
6914					      /*bit*/ 5);
6915			ctl_done((union ctl_io *)ctsio);
6916			return (CTL_RETVAL_COMPLETE);
6917		}
6918		break;
6919	}
6920	}
6921
6922	total_len = header_len + page_len;
6923#if 0
6924	printf("header_len = %d, page_len = %d, total_len = %d\n",
6925	       header_len, page_len, total_len);
6926#endif
6927
6928	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6929	ctsio->kern_sg_entries = 0;
6930	ctsio->kern_data_resid = 0;
6931	ctsio->kern_rel_offset = 0;
6932	if (total_len < alloc_len) {
6933		ctsio->residual = alloc_len - total_len;
6934		ctsio->kern_data_len = total_len;
6935		ctsio->kern_total_len = total_len;
6936	} else {
6937		ctsio->residual = 0;
6938		ctsio->kern_data_len = alloc_len;
6939		ctsio->kern_total_len = alloc_len;
6940	}
6941
6942	switch (ctsio->cdb[0]) {
6943	case MODE_SENSE_6: {
6944		struct scsi_mode_hdr_6 *header;
6945
6946		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6947
6948		header->datalen = ctl_min(total_len - 1, 254);
6949		if (control_dev == 0) {
6950			header->dev_specific = 0x10; /* DPOFUA */
6951			if ((lun->flags & CTL_LUN_READONLY) ||
6952			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6953			    .eca_and_aen & SCP_SWP) != 0)
6954				    header->dev_specific |= 0x80; /* WP */
6955		}
6956		if (dbd)
6957			header->block_descr_len = 0;
6958		else
6959			header->block_descr_len =
6960				sizeof(struct scsi_mode_block_descr);
6961		block_desc = (struct scsi_mode_block_descr *)&header[1];
6962		break;
6963	}
6964	case MODE_SENSE_10: {
6965		struct scsi_mode_hdr_10 *header;
6966		int datalen;
6967
6968		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6969
6970		datalen = ctl_min(total_len - 2, 65533);
6971		scsi_ulto2b(datalen, header->datalen);
6972		if (control_dev == 0) {
6973			header->dev_specific = 0x10; /* DPOFUA */
6974			if ((lun->flags & CTL_LUN_READONLY) ||
6975			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6976			    .eca_and_aen & SCP_SWP) != 0)
6977				    header->dev_specific |= 0x80; /* WP */
6978		}
6979		if (dbd)
6980			scsi_ulto2b(0, header->block_descr_len);
6981		else
6982			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6983				    header->block_descr_len);
6984		block_desc = (struct scsi_mode_block_descr *)&header[1];
6985		break;
6986	}
6987	default:
6988		panic("invalid CDB type %#x", ctsio->cdb[0]);
6989		break; /* NOTREACHED */
6990	}
6991
6992	/*
6993	 * If we've got a disk, use its blocksize in the block
6994	 * descriptor.  Otherwise, just set it to 0.
6995	 */
6996	if (dbd == 0) {
6997		if (control_dev == 0)
6998			scsi_ulto3b(lun->be_lun->blocksize,
6999				    block_desc->block_len);
7000		else
7001			scsi_ulto3b(0, block_desc->block_len);
7002	}
7003
7004	switch (page_code) {
7005	case SMS_ALL_PAGES_PAGE: {
7006		int i, data_used;
7007
7008		data_used = header_len;
7009		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
7010			struct ctl_page_index *page_index;
7011
7012			page_index = &lun->mode_pages.index[i];
7013
7014			if ((control_dev != 0)
7015			 && (page_index->page_flags &
7016			    CTL_PAGE_FLAG_DISK_ONLY))
7017				continue;
7018
7019			/*
7020			 * We don't use this subpage if the user didn't
7021			 * request all subpages.  We already checked (above)
7022			 * to make sure the user only specified a subpage
7023			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
7024			 */
7025			if ((page_index->subpage != 0)
7026			 && (subpage == SMS_SUBPAGE_PAGE_0))
7027				continue;
7028
7029			/*
7030			 * Call the handler, if it exists, to update the
7031			 * page to the latest values.
7032			 */
7033			if (page_index->sense_handler != NULL)
7034				page_index->sense_handler(ctsio, page_index,pc);
7035
7036			memcpy(ctsio->kern_data_ptr + data_used,
7037			       page_index->page_data +
7038			       (page_index->page_len * pc),
7039			       page_index->page_len);
7040			data_used += page_index->page_len;
7041		}
7042		break;
7043	}
7044	default: {
7045		int i, data_used;
7046
7047		data_used = header_len;
7048
7049		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
7050			struct ctl_page_index *page_index;
7051
7052			page_index = &lun->mode_pages.index[i];
7053
7054			/* Look for the right page code */
7055			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
7056				continue;
7057
7058			/* Look for the right subpage or the subpage wildcard*/
7059			if ((page_index->subpage != subpage)
7060			 && (subpage != SMS_SUBPAGE_ALL))
7061				continue;
7062
7063			/* Make sure the page is supported for this dev type */
7064			if ((control_dev != 0)
7065			 && (page_index->page_flags &
7066			     CTL_PAGE_FLAG_DISK_ONLY))
7067				continue;
7068
7069			/*
7070			 * Call the handler, if it exists, to update the
7071			 * page to the latest values.
7072			 */
7073			if (page_index->sense_handler != NULL)
7074				page_index->sense_handler(ctsio, page_index,pc);
7075
7076			memcpy(ctsio->kern_data_ptr + data_used,
7077			       page_index->page_data +
7078			       (page_index->page_len * pc),
7079			       page_index->page_len);
7080			data_used += page_index->page_len;
7081		}
7082		break;
7083	}
7084	}
7085
7086	ctsio->scsi_status = SCSI_STATUS_OK;
7087
7088	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7089	ctsio->be_move_done = ctl_config_move_done;
7090	ctl_datamove((union ctl_io *)ctsio);
7091
7092	return (CTL_RETVAL_COMPLETE);
7093}
7094
7095int
7096ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
7097			       struct ctl_page_index *page_index,
7098			       int pc)
7099{
7100	struct ctl_lun *lun;
7101	struct scsi_log_param_header *phdr;
7102	uint8_t *data;
7103	uint64_t val;
7104
7105	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7106	data = page_index->page_data;
7107
7108	if (lun->backend->lun_attr != NULL &&
7109	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
7110	     != UINT64_MAX) {
7111		phdr = (struct scsi_log_param_header *)data;
7112		scsi_ulto2b(0x0001, phdr->param_code);
7113		phdr->param_control = SLP_LBIN | SLP_LP;
7114		phdr->param_len = 8;
7115		data = (uint8_t *)(phdr + 1);
7116		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
7117		data[4] = 0x01; /* per-LUN */
7118		data += phdr->param_len;
7119	}
7120
7121	if (lun->backend->lun_attr != NULL &&
7122	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
7123	     != UINT64_MAX) {
7124		phdr = (struct scsi_log_param_header *)data;
7125		scsi_ulto2b(0x0002, phdr->param_code);
7126		phdr->param_control = SLP_LBIN | SLP_LP;
7127		phdr->param_len = 8;
7128		data = (uint8_t *)(phdr + 1);
7129		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
7130		data[4] = 0x02; /* per-pool */
7131		data += phdr->param_len;
7132	}
7133
7134	if (lun->backend->lun_attr != NULL &&
7135	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
7136	     != UINT64_MAX) {
7137		phdr = (struct scsi_log_param_header *)data;
7138		scsi_ulto2b(0x00f1, phdr->param_code);
7139		phdr->param_control = SLP_LBIN | SLP_LP;
7140		phdr->param_len = 8;
7141		data = (uint8_t *)(phdr + 1);
7142		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
7143		data[4] = 0x02; /* per-pool */
7144		data += phdr->param_len;
7145	}
7146
7147	if (lun->backend->lun_attr != NULL &&
7148	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
7149	     != UINT64_MAX) {
7150		phdr = (struct scsi_log_param_header *)data;
7151		scsi_ulto2b(0x00f2, phdr->param_code);
7152		phdr->param_control = SLP_LBIN | SLP_LP;
7153		phdr->param_len = 8;
7154		data = (uint8_t *)(phdr + 1);
7155		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
7156		data[4] = 0x02; /* per-pool */
7157		data += phdr->param_len;
7158	}
7159
7160	page_index->page_len = data - page_index->page_data;
7161	return (0);
7162}
7163
7164int
7165ctl_log_sense(struct ctl_scsiio *ctsio)
7166{
7167	struct ctl_lun *lun;
7168	int i, pc, page_code, subpage;
7169	int alloc_len, total_len;
7170	struct ctl_page_index *page_index;
7171	struct scsi_log_sense *cdb;
7172	struct scsi_log_header *header;
7173
7174	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
7175
7176	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7177	cdb = (struct scsi_log_sense *)ctsio->cdb;
7178	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
7179	page_code = cdb->page & SLS_PAGE_CODE;
7180	subpage = cdb->subpage;
7181	alloc_len = scsi_2btoul(cdb->length);
7182
7183	page_index = NULL;
7184	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
7185		page_index = &lun->log_pages.index[i];
7186
7187		/* Look for the right page code */
7188		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
7189			continue;
7190
7191		/* Look for the right subpage or the subpage wildcard*/
7192		if (page_index->subpage != subpage)
7193			continue;
7194
7195		break;
7196	}
7197	if (i >= CTL_NUM_LOG_PAGES) {
7198		ctl_set_invalid_field(ctsio,
7199				      /*sks_valid*/ 1,
7200				      /*command*/ 1,
7201				      /*field*/ 2,
7202				      /*bit_valid*/ 0,
7203				      /*bit*/ 0);
7204		ctl_done((union ctl_io *)ctsio);
7205		return (CTL_RETVAL_COMPLETE);
7206	}
7207
7208	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7209
7210	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7211	ctsio->kern_sg_entries = 0;
7212	ctsio->kern_data_resid = 0;
7213	ctsio->kern_rel_offset = 0;
7214	if (total_len < alloc_len) {
7215		ctsio->residual = alloc_len - total_len;
7216		ctsio->kern_data_len = total_len;
7217		ctsio->kern_total_len = total_len;
7218	} else {
7219		ctsio->residual = 0;
7220		ctsio->kern_data_len = alloc_len;
7221		ctsio->kern_total_len = alloc_len;
7222	}
7223
7224	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7225	header->page = page_index->page_code;
7226	if (page_index->subpage) {
7227		header->page |= SL_SPF;
7228		header->subpage = page_index->subpage;
7229	}
7230	scsi_ulto2b(page_index->page_len, header->datalen);
7231
7232	/*
7233	 * Call the handler, if it exists, to update the
7234	 * page to the latest values.
7235	 */
7236	if (page_index->sense_handler != NULL)
7237		page_index->sense_handler(ctsio, page_index, pc);
7238
7239	memcpy(header + 1, page_index->page_data, page_index->page_len);
7240
7241	ctsio->scsi_status = SCSI_STATUS_OK;
7242	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7243	ctsio->be_move_done = ctl_config_move_done;
7244	ctl_datamove((union ctl_io *)ctsio);
7245
7246	return (CTL_RETVAL_COMPLETE);
7247}
7248
7249int
7250ctl_read_capacity(struct ctl_scsiio *ctsio)
7251{
7252	struct scsi_read_capacity *cdb;
7253	struct scsi_read_capacity_data *data;
7254	struct ctl_lun *lun;
7255	uint32_t lba;
7256
7257	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7258
7259	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7260
7261	lba = scsi_4btoul(cdb->addr);
7262	if (((cdb->pmi & SRC_PMI) == 0)
7263	 && (lba != 0)) {
7264		ctl_set_invalid_field(/*ctsio*/ ctsio,
7265				      /*sks_valid*/ 1,
7266				      /*command*/ 1,
7267				      /*field*/ 2,
7268				      /*bit_valid*/ 0,
7269				      /*bit*/ 0);
7270		ctl_done((union ctl_io *)ctsio);
7271		return (CTL_RETVAL_COMPLETE);
7272	}
7273
7274	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7275
7276	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7277	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7278	ctsio->residual = 0;
7279	ctsio->kern_data_len = sizeof(*data);
7280	ctsio->kern_total_len = sizeof(*data);
7281	ctsio->kern_data_resid = 0;
7282	ctsio->kern_rel_offset = 0;
7283	ctsio->kern_sg_entries = 0;
7284
7285	/*
7286	 * If the maximum LBA is greater than 0xfffffffe, the user must
7287	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7288	 * serivce action set.
7289	 */
7290	if (lun->be_lun->maxlba > 0xfffffffe)
7291		scsi_ulto4b(0xffffffff, data->addr);
7292	else
7293		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7294
7295	/*
7296	 * XXX KDM this may not be 512 bytes...
7297	 */
7298	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7299
7300	ctsio->scsi_status = SCSI_STATUS_OK;
7301
7302	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7303	ctsio->be_move_done = ctl_config_move_done;
7304	ctl_datamove((union ctl_io *)ctsio);
7305
7306	return (CTL_RETVAL_COMPLETE);
7307}
7308
7309int
7310ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7311{
7312	struct scsi_read_capacity_16 *cdb;
7313	struct scsi_read_capacity_data_long *data;
7314	struct ctl_lun *lun;
7315	uint64_t lba;
7316	uint32_t alloc_len;
7317
7318	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7319
7320	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7321
7322	alloc_len = scsi_4btoul(cdb->alloc_len);
7323	lba = scsi_8btou64(cdb->addr);
7324
7325	if ((cdb->reladr & SRC16_PMI)
7326	 && (lba != 0)) {
7327		ctl_set_invalid_field(/*ctsio*/ ctsio,
7328				      /*sks_valid*/ 1,
7329				      /*command*/ 1,
7330				      /*field*/ 2,
7331				      /*bit_valid*/ 0,
7332				      /*bit*/ 0);
7333		ctl_done((union ctl_io *)ctsio);
7334		return (CTL_RETVAL_COMPLETE);
7335	}
7336
7337	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7338
7339	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7340	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7341
7342	if (sizeof(*data) < alloc_len) {
7343		ctsio->residual = alloc_len - sizeof(*data);
7344		ctsio->kern_data_len = sizeof(*data);
7345		ctsio->kern_total_len = sizeof(*data);
7346	} else {
7347		ctsio->residual = 0;
7348		ctsio->kern_data_len = alloc_len;
7349		ctsio->kern_total_len = alloc_len;
7350	}
7351	ctsio->kern_data_resid = 0;
7352	ctsio->kern_rel_offset = 0;
7353	ctsio->kern_sg_entries = 0;
7354
7355	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7356	/* XXX KDM this may not be 512 bytes... */
7357	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7358	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7359	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7360	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7361		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7362
7363	ctsio->scsi_status = SCSI_STATUS_OK;
7364
7365	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7366	ctsio->be_move_done = ctl_config_move_done;
7367	ctl_datamove((union ctl_io *)ctsio);
7368
7369	return (CTL_RETVAL_COMPLETE);
7370}
7371
7372int
7373ctl_read_defect(struct ctl_scsiio *ctsio)
7374{
7375	struct scsi_read_defect_data_10 *ccb10;
7376	struct scsi_read_defect_data_12 *ccb12;
7377	struct scsi_read_defect_data_hdr_10 *data10;
7378	struct scsi_read_defect_data_hdr_12 *data12;
7379	struct ctl_lun *lun;
7380	uint32_t alloc_len, data_len;
7381	uint8_t format;
7382
7383	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7384
7385	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7386
7387	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7388		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7389		format = ccb10->format;
7390		alloc_len = scsi_2btoul(ccb10->alloc_length);
7391		data_len = sizeof(*data10);
7392	} else {
7393		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7394		format = ccb12->format;
7395		alloc_len = scsi_4btoul(ccb12->alloc_length);
7396		data_len = sizeof(*data12);
7397	}
7398	if (alloc_len == 0) {
7399		ctl_set_success(ctsio);
7400		ctl_done((union ctl_io *)ctsio);
7401		return (CTL_RETVAL_COMPLETE);
7402	}
7403
7404	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7405	if (data_len < alloc_len) {
7406		ctsio->residual = alloc_len - data_len;
7407		ctsio->kern_data_len = data_len;
7408		ctsio->kern_total_len = data_len;
7409	} else {
7410		ctsio->residual = 0;
7411		ctsio->kern_data_len = alloc_len;
7412		ctsio->kern_total_len = alloc_len;
7413	}
7414	ctsio->kern_data_resid = 0;
7415	ctsio->kern_rel_offset = 0;
7416	ctsio->kern_sg_entries = 0;
7417
7418	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7419		data10 = (struct scsi_read_defect_data_hdr_10 *)
7420		    ctsio->kern_data_ptr;
7421		data10->format = format;
7422		scsi_ulto2b(0, data10->length);
7423	} else {
7424		data12 = (struct scsi_read_defect_data_hdr_12 *)
7425		    ctsio->kern_data_ptr;
7426		data12->format = format;
7427		scsi_ulto2b(0, data12->generation);
7428		scsi_ulto4b(0, data12->length);
7429	}
7430
7431	ctsio->scsi_status = SCSI_STATUS_OK;
7432	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7433	ctsio->be_move_done = ctl_config_move_done;
7434	ctl_datamove((union ctl_io *)ctsio);
7435	return (CTL_RETVAL_COMPLETE);
7436}
7437
7438int
7439ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7440{
7441	struct scsi_maintenance_in *cdb;
7442	int retval;
7443	int alloc_len, ext, total_len = 0, g, p, pc, pg;
7444	int num_target_port_groups, num_target_ports, single;
7445	struct ctl_lun *lun;
7446	struct ctl_softc *softc;
7447	struct ctl_port *port;
7448	struct scsi_target_group_data *rtg_ptr;
7449	struct scsi_target_group_data_extended *rtg_ext_ptr;
7450	struct scsi_target_port_group_descriptor *tpg_desc;
7451
7452	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7453
7454	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7455	softc = control_softc;
7456	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7457
7458	retval = CTL_RETVAL_COMPLETE;
7459
7460	switch (cdb->byte2 & STG_PDF_MASK) {
7461	case STG_PDF_LENGTH:
7462		ext = 0;
7463		break;
7464	case STG_PDF_EXTENDED:
7465		ext = 1;
7466		break;
7467	default:
7468		ctl_set_invalid_field(/*ctsio*/ ctsio,
7469				      /*sks_valid*/ 1,
7470				      /*command*/ 1,
7471				      /*field*/ 2,
7472				      /*bit_valid*/ 1,
7473				      /*bit*/ 5);
7474		ctl_done((union ctl_io *)ctsio);
7475		return(retval);
7476	}
7477
7478	single = ctl_is_single;
7479	if (single)
7480		num_target_port_groups = 1;
7481	else
7482		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7483	num_target_ports = 0;
7484	mtx_lock(&softc->ctl_lock);
7485	STAILQ_FOREACH(port, &softc->port_list, links) {
7486		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7487			continue;
7488		if (ctl_map_lun_back(port->targ_port, lun->lun) >= CTL_MAX_LUNS)
7489			continue;
7490		num_target_ports++;
7491	}
7492	mtx_unlock(&softc->ctl_lock);
7493
7494	if (ext)
7495		total_len = sizeof(struct scsi_target_group_data_extended);
7496	else
7497		total_len = sizeof(struct scsi_target_group_data);
7498	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7499		num_target_port_groups +
7500	    sizeof(struct scsi_target_port_descriptor) *
7501		num_target_ports * num_target_port_groups;
7502
7503	alloc_len = scsi_4btoul(cdb->length);
7504
7505	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7506
7507	ctsio->kern_sg_entries = 0;
7508
7509	if (total_len < alloc_len) {
7510		ctsio->residual = alloc_len - total_len;
7511		ctsio->kern_data_len = total_len;
7512		ctsio->kern_total_len = total_len;
7513	} else {
7514		ctsio->residual = 0;
7515		ctsio->kern_data_len = alloc_len;
7516		ctsio->kern_total_len = alloc_len;
7517	}
7518	ctsio->kern_data_resid = 0;
7519	ctsio->kern_rel_offset = 0;
7520
7521	if (ext) {
7522		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7523		    ctsio->kern_data_ptr;
7524		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7525		rtg_ext_ptr->format_type = 0x10;
7526		rtg_ext_ptr->implicit_transition_time = 0;
7527		tpg_desc = &rtg_ext_ptr->groups[0];
7528	} else {
7529		rtg_ptr = (struct scsi_target_group_data *)
7530		    ctsio->kern_data_ptr;
7531		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7532		tpg_desc = &rtg_ptr->groups[0];
7533	}
7534
7535	pg = ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS;
7536	mtx_lock(&softc->ctl_lock);
7537	for (g = 0; g < num_target_port_groups; g++) {
7538		if (g == pg)
7539			tpg_desc->pref_state = TPG_PRIMARY |
7540			    TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7541		else
7542			tpg_desc->pref_state =
7543			    TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7544		tpg_desc->support = TPG_AO_SUP;
7545		if (!single)
7546			tpg_desc->support |= TPG_AN_SUP;
7547		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7548		tpg_desc->status = TPG_IMPLICIT;
7549		pc = 0;
7550		STAILQ_FOREACH(port, &softc->port_list, links) {
7551			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7552				continue;
7553			if (ctl_map_lun_back(port->targ_port, lun->lun) >=
7554			    CTL_MAX_LUNS)
7555				continue;
7556			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
7557			scsi_ulto2b(p, tpg_desc->descriptors[pc].
7558			    relative_target_port_identifier);
7559			pc++;
7560		}
7561		tpg_desc->target_port_count = pc;
7562		tpg_desc = (struct scsi_target_port_group_descriptor *)
7563		    &tpg_desc->descriptors[pc];
7564	}
7565	mtx_unlock(&softc->ctl_lock);
7566
7567	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7568	ctsio->be_move_done = ctl_config_move_done;
7569
7570	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
7571			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
7572			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
7573			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
7574			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
7575
7576	ctl_datamove((union ctl_io *)ctsio);
7577	return(retval);
7578}
7579
7580int
7581ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7582{
7583	struct ctl_lun *lun;
7584	struct scsi_report_supported_opcodes *cdb;
7585	const struct ctl_cmd_entry *entry, *sentry;
7586	struct scsi_report_supported_opcodes_all *all;
7587	struct scsi_report_supported_opcodes_descr *descr;
7588	struct scsi_report_supported_opcodes_one *one;
7589	int retval;
7590	int alloc_len, total_len;
7591	int opcode, service_action, i, j, num;
7592
7593	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7594
7595	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7596	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7597
7598	retval = CTL_RETVAL_COMPLETE;
7599
7600	opcode = cdb->requested_opcode;
7601	service_action = scsi_2btoul(cdb->requested_service_action);
7602	switch (cdb->options & RSO_OPTIONS_MASK) {
7603	case RSO_OPTIONS_ALL:
7604		num = 0;
7605		for (i = 0; i < 256; i++) {
7606			entry = &ctl_cmd_table[i];
7607			if (entry->flags & CTL_CMD_FLAG_SA5) {
7608				for (j = 0; j < 32; j++) {
7609					sentry = &((const struct ctl_cmd_entry *)
7610					    entry->execute)[j];
7611					if (ctl_cmd_applicable(
7612					    lun->be_lun->lun_type, sentry))
7613						num++;
7614				}
7615			} else {
7616				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7617				    entry))
7618					num++;
7619			}
7620		}
7621		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7622		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7623		break;
7624	case RSO_OPTIONS_OC:
7625		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7626			ctl_set_invalid_field(/*ctsio*/ ctsio,
7627					      /*sks_valid*/ 1,
7628					      /*command*/ 1,
7629					      /*field*/ 2,
7630					      /*bit_valid*/ 1,
7631					      /*bit*/ 2);
7632			ctl_done((union ctl_io *)ctsio);
7633			return (CTL_RETVAL_COMPLETE);
7634		}
7635		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7636		break;
7637	case RSO_OPTIONS_OC_SA:
7638		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7639		    service_action >= 32) {
7640			ctl_set_invalid_field(/*ctsio*/ ctsio,
7641					      /*sks_valid*/ 1,
7642					      /*command*/ 1,
7643					      /*field*/ 2,
7644					      /*bit_valid*/ 1,
7645					      /*bit*/ 2);
7646			ctl_done((union ctl_io *)ctsio);
7647			return (CTL_RETVAL_COMPLETE);
7648		}
7649		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7650		break;
7651	default:
7652		ctl_set_invalid_field(/*ctsio*/ ctsio,
7653				      /*sks_valid*/ 1,
7654				      /*command*/ 1,
7655				      /*field*/ 2,
7656				      /*bit_valid*/ 1,
7657				      /*bit*/ 2);
7658		ctl_done((union ctl_io *)ctsio);
7659		return (CTL_RETVAL_COMPLETE);
7660	}
7661
7662	alloc_len = scsi_4btoul(cdb->length);
7663
7664	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7665
7666	ctsio->kern_sg_entries = 0;
7667
7668	if (total_len < alloc_len) {
7669		ctsio->residual = alloc_len - total_len;
7670		ctsio->kern_data_len = total_len;
7671		ctsio->kern_total_len = total_len;
7672	} else {
7673		ctsio->residual = 0;
7674		ctsio->kern_data_len = alloc_len;
7675		ctsio->kern_total_len = alloc_len;
7676	}
7677	ctsio->kern_data_resid = 0;
7678	ctsio->kern_rel_offset = 0;
7679
7680	switch (cdb->options & RSO_OPTIONS_MASK) {
7681	case RSO_OPTIONS_ALL:
7682		all = (struct scsi_report_supported_opcodes_all *)
7683		    ctsio->kern_data_ptr;
7684		num = 0;
7685		for (i = 0; i < 256; i++) {
7686			entry = &ctl_cmd_table[i];
7687			if (entry->flags & CTL_CMD_FLAG_SA5) {
7688				for (j = 0; j < 32; j++) {
7689					sentry = &((const struct ctl_cmd_entry *)
7690					    entry->execute)[j];
7691					if (!ctl_cmd_applicable(
7692					    lun->be_lun->lun_type, sentry))
7693						continue;
7694					descr = &all->descr[num++];
7695					descr->opcode = i;
7696					scsi_ulto2b(j, descr->service_action);
7697					descr->flags = RSO_SERVACTV;
7698					scsi_ulto2b(sentry->length,
7699					    descr->cdb_length);
7700				}
7701			} else {
7702				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7703				    entry))
7704					continue;
7705				descr = &all->descr[num++];
7706				descr->opcode = i;
7707				scsi_ulto2b(0, descr->service_action);
7708				descr->flags = 0;
7709				scsi_ulto2b(entry->length, descr->cdb_length);
7710			}
7711		}
7712		scsi_ulto4b(
7713		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7714		    all->length);
7715		break;
7716	case RSO_OPTIONS_OC:
7717		one = (struct scsi_report_supported_opcodes_one *)
7718		    ctsio->kern_data_ptr;
7719		entry = &ctl_cmd_table[opcode];
7720		goto fill_one;
7721	case RSO_OPTIONS_OC_SA:
7722		one = (struct scsi_report_supported_opcodes_one *)
7723		    ctsio->kern_data_ptr;
7724		entry = &ctl_cmd_table[opcode];
7725		entry = &((const struct ctl_cmd_entry *)
7726		    entry->execute)[service_action];
7727fill_one:
7728		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7729			one->support = 3;
7730			scsi_ulto2b(entry->length, one->cdb_length);
7731			one->cdb_usage[0] = opcode;
7732			memcpy(&one->cdb_usage[1], entry->usage,
7733			    entry->length - 1);
7734		} else
7735			one->support = 1;
7736		break;
7737	}
7738
7739	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7740	ctsio->be_move_done = ctl_config_move_done;
7741
7742	ctl_datamove((union ctl_io *)ctsio);
7743	return(retval);
7744}
7745
7746int
7747ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7748{
7749	struct ctl_lun *lun;
7750	struct scsi_report_supported_tmf *cdb;
7751	struct scsi_report_supported_tmf_data *data;
7752	int retval;
7753	int alloc_len, total_len;
7754
7755	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7756
7757	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7758	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7759
7760	retval = CTL_RETVAL_COMPLETE;
7761
7762	total_len = sizeof(struct scsi_report_supported_tmf_data);
7763	alloc_len = scsi_4btoul(cdb->length);
7764
7765	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7766
7767	ctsio->kern_sg_entries = 0;
7768
7769	if (total_len < alloc_len) {
7770		ctsio->residual = alloc_len - total_len;
7771		ctsio->kern_data_len = total_len;
7772		ctsio->kern_total_len = total_len;
7773	} else {
7774		ctsio->residual = 0;
7775		ctsio->kern_data_len = alloc_len;
7776		ctsio->kern_total_len = alloc_len;
7777	}
7778	ctsio->kern_data_resid = 0;
7779	ctsio->kern_rel_offset = 0;
7780
7781	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7782	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7783	data->byte2 |= RST_ITNRS;
7784
7785	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7786	ctsio->be_move_done = ctl_config_move_done;
7787
7788	ctl_datamove((union ctl_io *)ctsio);
7789	return (retval);
7790}
7791
7792int
7793ctl_report_timestamp(struct ctl_scsiio *ctsio)
7794{
7795	struct ctl_lun *lun;
7796	struct scsi_report_timestamp *cdb;
7797	struct scsi_report_timestamp_data *data;
7798	struct timeval tv;
7799	int64_t timestamp;
7800	int retval;
7801	int alloc_len, total_len;
7802
7803	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7804
7805	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7806	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7807
7808	retval = CTL_RETVAL_COMPLETE;
7809
7810	total_len = sizeof(struct scsi_report_timestamp_data);
7811	alloc_len = scsi_4btoul(cdb->length);
7812
7813	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7814
7815	ctsio->kern_sg_entries = 0;
7816
7817	if (total_len < alloc_len) {
7818		ctsio->residual = alloc_len - total_len;
7819		ctsio->kern_data_len = total_len;
7820		ctsio->kern_total_len = total_len;
7821	} else {
7822		ctsio->residual = 0;
7823		ctsio->kern_data_len = alloc_len;
7824		ctsio->kern_total_len = alloc_len;
7825	}
7826	ctsio->kern_data_resid = 0;
7827	ctsio->kern_rel_offset = 0;
7828
7829	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7830	scsi_ulto2b(sizeof(*data) - 2, data->length);
7831	data->origin = RTS_ORIG_OUTSIDE;
7832	getmicrotime(&tv);
7833	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7834	scsi_ulto4b(timestamp >> 16, data->timestamp);
7835	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7836
7837	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7838	ctsio->be_move_done = ctl_config_move_done;
7839
7840	ctl_datamove((union ctl_io *)ctsio);
7841	return (retval);
7842}
7843
7844int
7845ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7846{
7847	struct scsi_per_res_in *cdb;
7848	int alloc_len, total_len = 0;
7849	/* struct scsi_per_res_in_rsrv in_data; */
7850	struct ctl_lun *lun;
7851	struct ctl_softc *softc;
7852
7853	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7854
7855	softc = control_softc;
7856
7857	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7858
7859	alloc_len = scsi_2btoul(cdb->length);
7860
7861	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7862
7863retry:
7864	mtx_lock(&lun->lun_lock);
7865	switch (cdb->action) {
7866	case SPRI_RK: /* read keys */
7867		total_len = sizeof(struct scsi_per_res_in_keys) +
7868			lun->pr_key_count *
7869			sizeof(struct scsi_per_res_key);
7870		break;
7871	case SPRI_RR: /* read reservation */
7872		if (lun->flags & CTL_LUN_PR_RESERVED)
7873			total_len = sizeof(struct scsi_per_res_in_rsrv);
7874		else
7875			total_len = sizeof(struct scsi_per_res_in_header);
7876		break;
7877	case SPRI_RC: /* report capabilities */
7878		total_len = sizeof(struct scsi_per_res_cap);
7879		break;
7880	case SPRI_RS: /* read full status */
7881		total_len = sizeof(struct scsi_per_res_in_header) +
7882		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7883		    lun->pr_key_count;
7884		break;
7885	default:
7886		panic("Invalid PR type %x", cdb->action);
7887	}
7888	mtx_unlock(&lun->lun_lock);
7889
7890	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7891
7892	if (total_len < alloc_len) {
7893		ctsio->residual = alloc_len - total_len;
7894		ctsio->kern_data_len = total_len;
7895		ctsio->kern_total_len = total_len;
7896	} else {
7897		ctsio->residual = 0;
7898		ctsio->kern_data_len = alloc_len;
7899		ctsio->kern_total_len = alloc_len;
7900	}
7901
7902	ctsio->kern_data_resid = 0;
7903	ctsio->kern_rel_offset = 0;
7904	ctsio->kern_sg_entries = 0;
7905
7906	mtx_lock(&lun->lun_lock);
7907	switch (cdb->action) {
7908	case SPRI_RK: { // read keys
7909        struct scsi_per_res_in_keys *res_keys;
7910		int i, key_count;
7911
7912		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7913
7914		/*
7915		 * We had to drop the lock to allocate our buffer, which
7916		 * leaves time for someone to come in with another
7917		 * persistent reservation.  (That is unlikely, though,
7918		 * since this should be the only persistent reservation
7919		 * command active right now.)
7920		 */
7921		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7922		    (lun->pr_key_count *
7923		     sizeof(struct scsi_per_res_key)))){
7924			mtx_unlock(&lun->lun_lock);
7925			free(ctsio->kern_data_ptr, M_CTL);
7926			printf("%s: reservation length changed, retrying\n",
7927			       __func__);
7928			goto retry;
7929		}
7930
7931		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7932
7933		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7934			     lun->pr_key_count, res_keys->header.length);
7935
7936		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7937			if (lun->pr_keys[i] == 0)
7938				continue;
7939
7940			/*
7941			 * We used lun->pr_key_count to calculate the
7942			 * size to allocate.  If it turns out the number of
7943			 * initiators with the registered flag set is
7944			 * larger than that (i.e. they haven't been kept in
7945			 * sync), we've got a problem.
7946			 */
7947			if (key_count >= lun->pr_key_count) {
7948#ifdef NEEDTOPORT
7949				csevent_log(CSC_CTL | CSC_SHELF_SW |
7950					    CTL_PR_ERROR,
7951					    csevent_LogType_Fault,
7952					    csevent_AlertLevel_Yellow,
7953					    csevent_FRU_ShelfController,
7954					    csevent_FRU_Firmware,
7955				        csevent_FRU_Unknown,
7956					    "registered keys %d >= key "
7957					    "count %d", key_count,
7958					    lun->pr_key_count);
7959#endif
7960				key_count++;
7961				continue;
7962			}
7963			scsi_u64to8b(lun->pr_keys[i],
7964			    res_keys->keys[key_count].key);
7965			key_count++;
7966		}
7967		break;
7968	}
7969	case SPRI_RR: { // read reservation
7970		struct scsi_per_res_in_rsrv *res;
7971		int tmp_len, header_only;
7972
7973		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7974
7975		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7976
7977		if (lun->flags & CTL_LUN_PR_RESERVED)
7978		{
7979			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7980			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7981				    res->header.length);
7982			header_only = 0;
7983		} else {
7984			tmp_len = sizeof(struct scsi_per_res_in_header);
7985			scsi_ulto4b(0, res->header.length);
7986			header_only = 1;
7987		}
7988
7989		/*
7990		 * We had to drop the lock to allocate our buffer, which
7991		 * leaves time for someone to come in with another
7992		 * persistent reservation.  (That is unlikely, though,
7993		 * since this should be the only persistent reservation
7994		 * command active right now.)
7995		 */
7996		if (tmp_len != total_len) {
7997			mtx_unlock(&lun->lun_lock);
7998			free(ctsio->kern_data_ptr, M_CTL);
7999			printf("%s: reservation status changed, retrying\n",
8000			       __func__);
8001			goto retry;
8002		}
8003
8004		/*
8005		 * No reservation held, so we're done.
8006		 */
8007		if (header_only != 0)
8008			break;
8009
8010		/*
8011		 * If the registration is an All Registrants type, the key
8012		 * is 0, since it doesn't really matter.
8013		 */
8014		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8015			scsi_u64to8b(lun->pr_keys[lun->pr_res_idx],
8016			    res->data.reservation);
8017		}
8018		res->data.scopetype = lun->res_type;
8019		break;
8020	}
8021	case SPRI_RC:     //report capabilities
8022	{
8023		struct scsi_per_res_cap *res_cap;
8024		uint16_t type_mask;
8025
8026		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
8027		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
8028		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
8029		type_mask = SPRI_TM_WR_EX_AR |
8030			    SPRI_TM_EX_AC_RO |
8031			    SPRI_TM_WR_EX_RO |
8032			    SPRI_TM_EX_AC |
8033			    SPRI_TM_WR_EX |
8034			    SPRI_TM_EX_AC_AR;
8035		scsi_ulto2b(type_mask, res_cap->type_mask);
8036		break;
8037	}
8038	case SPRI_RS: { // read full status
8039		struct scsi_per_res_in_full *res_status;
8040		struct scsi_per_res_in_full_desc *res_desc;
8041		struct ctl_port *port;
8042		int i, len;
8043
8044		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
8045
8046		/*
8047		 * We had to drop the lock to allocate our buffer, which
8048		 * leaves time for someone to come in with another
8049		 * persistent reservation.  (That is unlikely, though,
8050		 * since this should be the only persistent reservation
8051		 * command active right now.)
8052		 */
8053		if (total_len < (sizeof(struct scsi_per_res_in_header) +
8054		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
8055		     lun->pr_key_count)){
8056			mtx_unlock(&lun->lun_lock);
8057			free(ctsio->kern_data_ptr, M_CTL);
8058			printf("%s: reservation length changed, retrying\n",
8059			       __func__);
8060			goto retry;
8061		}
8062
8063		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
8064
8065		res_desc = &res_status->desc[0];
8066		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
8067			if (lun->pr_keys[i] == 0)
8068				continue;
8069
8070			scsi_u64to8b(lun->pr_keys[i], res_desc->res_key.key);
8071			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
8072			    (lun->pr_res_idx == i ||
8073			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
8074				res_desc->flags = SPRI_FULL_R_HOLDER;
8075				res_desc->scopetype = lun->res_type;
8076			}
8077			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
8078			    res_desc->rel_trgt_port_id);
8079			len = 0;
8080			port = softc->ctl_ports[
8081			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
8082			if (port != NULL)
8083				len = ctl_create_iid(port,
8084				    i % CTL_MAX_INIT_PER_PORT,
8085				    res_desc->transport_id);
8086			scsi_ulto4b(len, res_desc->additional_length);
8087			res_desc = (struct scsi_per_res_in_full_desc *)
8088			    &res_desc->transport_id[len];
8089		}
8090		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
8091		    res_status->header.length);
8092		break;
8093	}
8094	default:
8095		/*
8096		 * This is a bug, because we just checked for this above,
8097		 * and should have returned an error.
8098		 */
8099		panic("Invalid PR type %x", cdb->action);
8100		break; /* NOTREACHED */
8101	}
8102	mtx_unlock(&lun->lun_lock);
8103
8104	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8105	ctsio->be_move_done = ctl_config_move_done;
8106
8107	CTL_DEBUG_PRINT(("buf = %x %x %x %x %x %x %x %x\n",
8108			 ctsio->kern_data_ptr[0], ctsio->kern_data_ptr[1],
8109			 ctsio->kern_data_ptr[2], ctsio->kern_data_ptr[3],
8110			 ctsio->kern_data_ptr[4], ctsio->kern_data_ptr[5],
8111			 ctsio->kern_data_ptr[6], ctsio->kern_data_ptr[7]));
8112
8113	ctl_datamove((union ctl_io *)ctsio);
8114
8115	return (CTL_RETVAL_COMPLETE);
8116}
8117
8118/*
8119 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
8120 * it should return.
8121 */
8122static int
8123ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
8124		uint64_t sa_res_key, uint8_t type, uint32_t residx,
8125		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
8126		struct scsi_per_res_out_parms* param)
8127{
8128	union ctl_ha_msg persis_io;
8129	int retval, i;
8130	int isc_retval;
8131
8132	retval = 0;
8133
8134	mtx_lock(&lun->lun_lock);
8135	if (sa_res_key == 0) {
8136		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8137			/* validate scope and type */
8138			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8139			     SPR_LU_SCOPE) {
8140				mtx_unlock(&lun->lun_lock);
8141				ctl_set_invalid_field(/*ctsio*/ ctsio,
8142						      /*sks_valid*/ 1,
8143						      /*command*/ 1,
8144						      /*field*/ 2,
8145						      /*bit_valid*/ 1,
8146						      /*bit*/ 4);
8147				ctl_done((union ctl_io *)ctsio);
8148				return (1);
8149			}
8150
8151		        if (type>8 || type==2 || type==4 || type==0) {
8152				mtx_unlock(&lun->lun_lock);
8153				ctl_set_invalid_field(/*ctsio*/ ctsio,
8154       	           				      /*sks_valid*/ 1,
8155						      /*command*/ 1,
8156						      /*field*/ 2,
8157						      /*bit_valid*/ 1,
8158						      /*bit*/ 0);
8159				ctl_done((union ctl_io *)ctsio);
8160				return (1);
8161		        }
8162
8163			/*
8164			 * Unregister everybody else and build UA for
8165			 * them
8166			 */
8167			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8168				if (i == residx || lun->pr_keys[i] == 0)
8169					continue;
8170
8171				if (!persis_offset
8172				 && i <CTL_MAX_INITIATORS)
8173					lun->pending_ua[i] |=
8174						CTL_UA_REG_PREEMPT;
8175				else if (persis_offset
8176				      && i >= persis_offset)
8177					lun->pending_ua[i-persis_offset] |=
8178						CTL_UA_REG_PREEMPT;
8179				lun->pr_keys[i] = 0;
8180			}
8181			lun->pr_key_count = 1;
8182			lun->res_type = type;
8183			if (lun->res_type != SPR_TYPE_WR_EX_AR
8184			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8185				lun->pr_res_idx = residx;
8186
8187			/* send msg to other side */
8188			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8189			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8190			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8191			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8192			persis_io.pr.pr_info.res_type = type;
8193			memcpy(persis_io.pr.pr_info.sa_res_key,
8194			       param->serv_act_res_key,
8195			       sizeof(param->serv_act_res_key));
8196			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8197			     &persis_io, sizeof(persis_io), 0)) >
8198			     CTL_HA_STATUS_SUCCESS) {
8199				printf("CTL:Persis Out error returned "
8200				       "from ctl_ha_msg_send %d\n",
8201				       isc_retval);
8202			}
8203		} else {
8204			/* not all registrants */
8205			mtx_unlock(&lun->lun_lock);
8206			free(ctsio->kern_data_ptr, M_CTL);
8207			ctl_set_invalid_field(ctsio,
8208					      /*sks_valid*/ 1,
8209					      /*command*/ 0,
8210					      /*field*/ 8,
8211					      /*bit_valid*/ 0,
8212					      /*bit*/ 0);
8213			ctl_done((union ctl_io *)ctsio);
8214			return (1);
8215		}
8216	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8217		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8218		int found = 0;
8219
8220		if (res_key == sa_res_key) {
8221			/* special case */
8222			/*
8223			 * The spec implies this is not good but doesn't
8224			 * say what to do. There are two choices either
8225			 * generate a res conflict or check condition
8226			 * with illegal field in parameter data. Since
8227			 * that is what is done when the sa_res_key is
8228			 * zero I'll take that approach since this has
8229			 * to do with the sa_res_key.
8230			 */
8231			mtx_unlock(&lun->lun_lock);
8232			free(ctsio->kern_data_ptr, M_CTL);
8233			ctl_set_invalid_field(ctsio,
8234					      /*sks_valid*/ 1,
8235					      /*command*/ 0,
8236					      /*field*/ 8,
8237					      /*bit_valid*/ 0,
8238					      /*bit*/ 0);
8239			ctl_done((union ctl_io *)ctsio);
8240			return (1);
8241		}
8242
8243		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8244			if (lun->pr_keys[i] != sa_res_key)
8245				continue;
8246
8247			found = 1;
8248			lun->pr_keys[i] = 0;
8249			lun->pr_key_count--;
8250
8251			if (!persis_offset && i < CTL_MAX_INITIATORS)
8252				lun->pending_ua[i] |= CTL_UA_REG_PREEMPT;
8253			else if (persis_offset && i >= persis_offset)
8254				lun->pending_ua[i-persis_offset] |=
8255					CTL_UA_REG_PREEMPT;
8256		}
8257		if (!found) {
8258			mtx_unlock(&lun->lun_lock);
8259			free(ctsio->kern_data_ptr, M_CTL);
8260			ctl_set_reservation_conflict(ctsio);
8261			ctl_done((union ctl_io *)ctsio);
8262			return (CTL_RETVAL_COMPLETE);
8263		}
8264		/* send msg to other side */
8265		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8266		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8267		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8268		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8269		persis_io.pr.pr_info.res_type = type;
8270		memcpy(persis_io.pr.pr_info.sa_res_key,
8271		       param->serv_act_res_key,
8272		       sizeof(param->serv_act_res_key));
8273		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8274		     &persis_io, sizeof(persis_io), 0)) >
8275		     CTL_HA_STATUS_SUCCESS) {
8276			printf("CTL:Persis Out error returned from "
8277			       "ctl_ha_msg_send %d\n", isc_retval);
8278		}
8279	} else {
8280		/* Reserved but not all registrants */
8281		/* sa_res_key is res holder */
8282		if (sa_res_key == lun->pr_keys[lun->pr_res_idx]) {
8283			/* validate scope and type */
8284			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8285			     SPR_LU_SCOPE) {
8286				mtx_unlock(&lun->lun_lock);
8287				ctl_set_invalid_field(/*ctsio*/ ctsio,
8288						      /*sks_valid*/ 1,
8289						      /*command*/ 1,
8290						      /*field*/ 2,
8291						      /*bit_valid*/ 1,
8292						      /*bit*/ 4);
8293				ctl_done((union ctl_io *)ctsio);
8294				return (1);
8295			}
8296
8297			if (type>8 || type==2 || type==4 || type==0) {
8298				mtx_unlock(&lun->lun_lock);
8299				ctl_set_invalid_field(/*ctsio*/ ctsio,
8300						      /*sks_valid*/ 1,
8301						      /*command*/ 1,
8302						      /*field*/ 2,
8303						      /*bit_valid*/ 1,
8304						      /*bit*/ 0);
8305				ctl_done((union ctl_io *)ctsio);
8306				return (1);
8307			}
8308
8309			/*
8310			 * Do the following:
8311			 * if sa_res_key != res_key remove all
8312			 * registrants w/sa_res_key and generate UA
8313			 * for these registrants(Registrations
8314			 * Preempted) if it wasn't an exclusive
8315			 * reservation generate UA(Reservations
8316			 * Preempted) for all other registered nexuses
8317			 * if the type has changed. Establish the new
8318			 * reservation and holder. If res_key and
8319			 * sa_res_key are the same do the above
8320			 * except don't unregister the res holder.
8321			 */
8322
8323			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8324				if (i == residx || lun->pr_keys[i] == 0)
8325					continue;
8326
8327				if (sa_res_key == lun->pr_keys[i]) {
8328					lun->pr_keys[i] = 0;
8329					lun->pr_key_count--;
8330
8331					if (!persis_offset
8332					 && i < CTL_MAX_INITIATORS)
8333						lun->pending_ua[i] |=
8334							CTL_UA_REG_PREEMPT;
8335					else if (persis_offset
8336					      && i >= persis_offset)
8337						lun->pending_ua[i-persis_offset] |=
8338						  CTL_UA_REG_PREEMPT;
8339				} else if (type != lun->res_type
8340					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8341					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8342						if (!persis_offset
8343						 && i < CTL_MAX_INITIATORS)
8344							lun->pending_ua[i] |=
8345							CTL_UA_RES_RELEASE;
8346						else if (persis_offset
8347						      && i >= persis_offset)
8348							lun->pending_ua[
8349							i-persis_offset] |=
8350							CTL_UA_RES_RELEASE;
8351				}
8352			}
8353			lun->res_type = type;
8354			if (lun->res_type != SPR_TYPE_WR_EX_AR
8355			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8356				lun->pr_res_idx = residx;
8357			else
8358				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8359
8360			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8361			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8362			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8363			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8364			persis_io.pr.pr_info.res_type = type;
8365			memcpy(persis_io.pr.pr_info.sa_res_key,
8366			       param->serv_act_res_key,
8367			       sizeof(param->serv_act_res_key));
8368			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8369			     &persis_io, sizeof(persis_io), 0)) >
8370			     CTL_HA_STATUS_SUCCESS) {
8371				printf("CTL:Persis Out error returned "
8372				       "from ctl_ha_msg_send %d\n",
8373				       isc_retval);
8374			}
8375		} else {
8376			/*
8377			 * sa_res_key is not the res holder just
8378			 * remove registrants
8379			 */
8380			int found=0;
8381
8382			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8383				if (sa_res_key != lun->pr_keys[i])
8384					continue;
8385
8386				found = 1;
8387				lun->pr_keys[i] = 0;
8388				lun->pr_key_count--;
8389
8390				if (!persis_offset
8391				 && i < CTL_MAX_INITIATORS)
8392					lun->pending_ua[i] |=
8393						CTL_UA_REG_PREEMPT;
8394				else if (persis_offset
8395				      && i >= persis_offset)
8396					lun->pending_ua[i-persis_offset] |=
8397						CTL_UA_REG_PREEMPT;
8398			}
8399
8400			if (!found) {
8401				mtx_unlock(&lun->lun_lock);
8402				free(ctsio->kern_data_ptr, M_CTL);
8403				ctl_set_reservation_conflict(ctsio);
8404				ctl_done((union ctl_io *)ctsio);
8405		        	return (1);
8406			}
8407			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8408			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8409			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8410			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8411			persis_io.pr.pr_info.res_type = type;
8412			memcpy(persis_io.pr.pr_info.sa_res_key,
8413			       param->serv_act_res_key,
8414			       sizeof(param->serv_act_res_key));
8415			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8416			     &persis_io, sizeof(persis_io), 0)) >
8417			     CTL_HA_STATUS_SUCCESS) {
8418				printf("CTL:Persis Out error returned "
8419				       "from ctl_ha_msg_send %d\n",
8420				isc_retval);
8421			}
8422		}
8423	}
8424
8425	lun->PRGeneration++;
8426	mtx_unlock(&lun->lun_lock);
8427
8428	return (retval);
8429}
8430
8431static void
8432ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8433{
8434	uint64_t sa_res_key;
8435	int i;
8436
8437	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8438
8439	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8440	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8441	 || sa_res_key != lun->pr_keys[lun->pr_res_idx]) {
8442		if (sa_res_key == 0) {
8443			/*
8444			 * Unregister everybody else and build UA for
8445			 * them
8446			 */
8447			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8448				if (i == msg->pr.pr_info.residx ||
8449				    lun->pr_keys[i] == 0)
8450					continue;
8451
8452				if (!persis_offset
8453				 && i < CTL_MAX_INITIATORS)
8454					lun->pending_ua[i] |=
8455						CTL_UA_REG_PREEMPT;
8456				else if (persis_offset && i >= persis_offset)
8457					lun->pending_ua[i - persis_offset] |=
8458						CTL_UA_REG_PREEMPT;
8459				lun->pr_keys[i] = 0;
8460			}
8461
8462			lun->pr_key_count = 1;
8463			lun->res_type = msg->pr.pr_info.res_type;
8464			if (lun->res_type != SPR_TYPE_WR_EX_AR
8465			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8466				lun->pr_res_idx = msg->pr.pr_info.residx;
8467		} else {
8468		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8469				if (sa_res_key == lun->pr_keys[i])
8470					continue;
8471
8472				lun->pr_keys[i] = 0;
8473				lun->pr_key_count--;
8474
8475				if (!persis_offset
8476				 && i < persis_offset)
8477					lun->pending_ua[i] |=
8478						CTL_UA_REG_PREEMPT;
8479				else if (persis_offset
8480				      && i >= persis_offset)
8481					lun->pending_ua[i - persis_offset] |=
8482						CTL_UA_REG_PREEMPT;
8483			}
8484		}
8485	} else {
8486		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8487			if (i == msg->pr.pr_info.residx ||
8488			    lun->pr_keys[i] == 0)
8489				continue;
8490
8491			if (sa_res_key == lun->pr_keys[i]) {
8492				lun->pr_keys[i] = 0;
8493				lun->pr_key_count--;
8494				if (!persis_offset
8495				 && i < CTL_MAX_INITIATORS)
8496					lun->pending_ua[i] |=
8497						CTL_UA_REG_PREEMPT;
8498				else if (persis_offset
8499				      && i >= persis_offset)
8500					lun->pending_ua[i - persis_offset] |=
8501						CTL_UA_REG_PREEMPT;
8502			} else if (msg->pr.pr_info.res_type != lun->res_type
8503				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8504				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8505					if (!persis_offset
8506					 && i < persis_offset)
8507						lun->pending_ua[i] |=
8508							CTL_UA_RES_RELEASE;
8509					else if (persis_offset
8510					      && i >= persis_offset)
8511					lun->pending_ua[i - persis_offset] |=
8512						CTL_UA_RES_RELEASE;
8513			}
8514		}
8515		lun->res_type = msg->pr.pr_info.res_type;
8516		if (lun->res_type != SPR_TYPE_WR_EX_AR
8517		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8518			lun->pr_res_idx = msg->pr.pr_info.residx;
8519		else
8520			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8521	}
8522	lun->PRGeneration++;
8523
8524}
8525
8526
8527int
8528ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8529{
8530	int retval;
8531	int isc_retval;
8532	u_int32_t param_len;
8533	struct scsi_per_res_out *cdb;
8534	struct ctl_lun *lun;
8535	struct scsi_per_res_out_parms* param;
8536	struct ctl_softc *softc;
8537	uint32_t residx;
8538	uint64_t res_key, sa_res_key;
8539	uint8_t type;
8540	union ctl_ha_msg persis_io;
8541	int    i;
8542
8543	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8544
8545	retval = CTL_RETVAL_COMPLETE;
8546
8547	softc = control_softc;
8548
8549	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8550	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8551
8552	/*
8553	 * We only support whole-LUN scope.  The scope & type are ignored for
8554	 * register, register and ignore existing key and clear.
8555	 * We sometimes ignore scope and type on preempts too!!
8556	 * Verify reservation type here as well.
8557	 */
8558	type = cdb->scope_type & SPR_TYPE_MASK;
8559	if ((cdb->action == SPRO_RESERVE)
8560	 || (cdb->action == SPRO_RELEASE)) {
8561		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8562			ctl_set_invalid_field(/*ctsio*/ ctsio,
8563					      /*sks_valid*/ 1,
8564					      /*command*/ 1,
8565					      /*field*/ 2,
8566					      /*bit_valid*/ 1,
8567					      /*bit*/ 4);
8568			ctl_done((union ctl_io *)ctsio);
8569			return (CTL_RETVAL_COMPLETE);
8570		}
8571
8572		if (type>8 || type==2 || type==4 || type==0) {
8573			ctl_set_invalid_field(/*ctsio*/ ctsio,
8574					      /*sks_valid*/ 1,
8575					      /*command*/ 1,
8576					      /*field*/ 2,
8577					      /*bit_valid*/ 1,
8578					      /*bit*/ 0);
8579			ctl_done((union ctl_io *)ctsio);
8580			return (CTL_RETVAL_COMPLETE);
8581		}
8582	}
8583
8584	param_len = scsi_4btoul(cdb->length);
8585
8586	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8587		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8588		ctsio->kern_data_len = param_len;
8589		ctsio->kern_total_len = param_len;
8590		ctsio->kern_data_resid = 0;
8591		ctsio->kern_rel_offset = 0;
8592		ctsio->kern_sg_entries = 0;
8593		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8594		ctsio->be_move_done = ctl_config_move_done;
8595		ctl_datamove((union ctl_io *)ctsio);
8596
8597		return (CTL_RETVAL_COMPLETE);
8598	}
8599
8600	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8601
8602	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8603	res_key = scsi_8btou64(param->res_key.key);
8604	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8605
8606	/*
8607	 * Validate the reservation key here except for SPRO_REG_IGNO
8608	 * This must be done for all other service actions
8609	 */
8610	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8611		mtx_lock(&lun->lun_lock);
8612		if (lun->pr_keys[residx] != 0) {
8613		    if (res_key != lun->pr_keys[residx]) {
8614				/*
8615				 * The current key passed in doesn't match
8616				 * the one the initiator previously
8617				 * registered.
8618				 */
8619				mtx_unlock(&lun->lun_lock);
8620				free(ctsio->kern_data_ptr, M_CTL);
8621				ctl_set_reservation_conflict(ctsio);
8622				ctl_done((union ctl_io *)ctsio);
8623				return (CTL_RETVAL_COMPLETE);
8624			}
8625		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8626			/*
8627			 * We are not registered
8628			 */
8629			mtx_unlock(&lun->lun_lock);
8630			free(ctsio->kern_data_ptr, M_CTL);
8631			ctl_set_reservation_conflict(ctsio);
8632			ctl_done((union ctl_io *)ctsio);
8633			return (CTL_RETVAL_COMPLETE);
8634		} else if (res_key != 0) {
8635			/*
8636			 * We are not registered and trying to register but
8637			 * the register key isn't zero.
8638			 */
8639			mtx_unlock(&lun->lun_lock);
8640			free(ctsio->kern_data_ptr, M_CTL);
8641			ctl_set_reservation_conflict(ctsio);
8642			ctl_done((union ctl_io *)ctsio);
8643			return (CTL_RETVAL_COMPLETE);
8644		}
8645		mtx_unlock(&lun->lun_lock);
8646	}
8647
8648	switch (cdb->action & SPRO_ACTION_MASK) {
8649	case SPRO_REGISTER:
8650	case SPRO_REG_IGNO: {
8651
8652#if 0
8653		printf("Registration received\n");
8654#endif
8655
8656		/*
8657		 * We don't support any of these options, as we report in
8658		 * the read capabilities request (see
8659		 * ctl_persistent_reserve_in(), above).
8660		 */
8661		if ((param->flags & SPR_SPEC_I_PT)
8662		 || (param->flags & SPR_ALL_TG_PT)
8663		 || (param->flags & SPR_APTPL)) {
8664			int bit_ptr;
8665
8666			if (param->flags & SPR_APTPL)
8667				bit_ptr = 0;
8668			else if (param->flags & SPR_ALL_TG_PT)
8669				bit_ptr = 2;
8670			else /* SPR_SPEC_I_PT */
8671				bit_ptr = 3;
8672
8673			free(ctsio->kern_data_ptr, M_CTL);
8674			ctl_set_invalid_field(ctsio,
8675					      /*sks_valid*/ 1,
8676					      /*command*/ 0,
8677					      /*field*/ 20,
8678					      /*bit_valid*/ 1,
8679					      /*bit*/ bit_ptr);
8680			ctl_done((union ctl_io *)ctsio);
8681			return (CTL_RETVAL_COMPLETE);
8682		}
8683
8684		mtx_lock(&lun->lun_lock);
8685
8686		/*
8687		 * The initiator wants to clear the
8688		 * key/unregister.
8689		 */
8690		if (sa_res_key == 0) {
8691			if ((res_key == 0
8692			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8693			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8694			  && lun->pr_keys[residx] == 0)) {
8695				mtx_unlock(&lun->lun_lock);
8696				goto done;
8697			}
8698
8699			lun->pr_keys[residx] = 0;
8700			lun->pr_key_count--;
8701
8702			if (residx == lun->pr_res_idx) {
8703				lun->flags &= ~CTL_LUN_PR_RESERVED;
8704				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8705
8706				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8707				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8708				 && lun->pr_key_count) {
8709					/*
8710					 * If the reservation is a registrants
8711					 * only type we need to generate a UA
8712					 * for other registered inits.  The
8713					 * sense code should be RESERVATIONS
8714					 * RELEASED
8715					 */
8716
8717					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8718						if (lun->pr_keys[
8719						    i + persis_offset] == 0)
8720							continue;
8721						lun->pending_ua[i] |=
8722							CTL_UA_RES_RELEASE;
8723					}
8724				}
8725				lun->res_type = 0;
8726			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8727				if (lun->pr_key_count==0) {
8728					lun->flags &= ~CTL_LUN_PR_RESERVED;
8729					lun->res_type = 0;
8730					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8731				}
8732			}
8733			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8734			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8735			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8736			persis_io.pr.pr_info.residx = residx;
8737			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8738			     &persis_io, sizeof(persis_io), 0 )) >
8739			     CTL_HA_STATUS_SUCCESS) {
8740				printf("CTL:Persis Out error returned from "
8741				       "ctl_ha_msg_send %d\n", isc_retval);
8742			}
8743		} else /* sa_res_key != 0 */ {
8744
8745			/*
8746			 * If we aren't registered currently then increment
8747			 * the key count and set the registered flag.
8748			 */
8749			if (lun->pr_keys[residx] == 0)
8750				lun->pr_key_count++;
8751			lun->pr_keys[residx] = sa_res_key;
8752
8753			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8754			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8755			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8756			persis_io.pr.pr_info.residx = residx;
8757			memcpy(persis_io.pr.pr_info.sa_res_key,
8758			       param->serv_act_res_key,
8759			       sizeof(param->serv_act_res_key));
8760			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8761			     &persis_io, sizeof(persis_io), 0)) >
8762			     CTL_HA_STATUS_SUCCESS) {
8763				printf("CTL:Persis Out error returned from "
8764				       "ctl_ha_msg_send %d\n", isc_retval);
8765			}
8766		}
8767		lun->PRGeneration++;
8768		mtx_unlock(&lun->lun_lock);
8769
8770		break;
8771	}
8772	case SPRO_RESERVE:
8773#if 0
8774                printf("Reserve executed type %d\n", type);
8775#endif
8776		mtx_lock(&lun->lun_lock);
8777		if (lun->flags & CTL_LUN_PR_RESERVED) {
8778			/*
8779			 * if this isn't the reservation holder and it's
8780			 * not a "all registrants" type or if the type is
8781			 * different then we have a conflict
8782			 */
8783			if ((lun->pr_res_idx != residx
8784			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8785			 || lun->res_type != type) {
8786				mtx_unlock(&lun->lun_lock);
8787				free(ctsio->kern_data_ptr, M_CTL);
8788				ctl_set_reservation_conflict(ctsio);
8789				ctl_done((union ctl_io *)ctsio);
8790				return (CTL_RETVAL_COMPLETE);
8791			}
8792			mtx_unlock(&lun->lun_lock);
8793		} else /* create a reservation */ {
8794			/*
8795			 * If it's not an "all registrants" type record
8796			 * reservation holder
8797			 */
8798			if (type != SPR_TYPE_WR_EX_AR
8799			 && type != SPR_TYPE_EX_AC_AR)
8800				lun->pr_res_idx = residx; /* Res holder */
8801			else
8802				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8803
8804			lun->flags |= CTL_LUN_PR_RESERVED;
8805			lun->res_type = type;
8806
8807			mtx_unlock(&lun->lun_lock);
8808
8809			/* send msg to other side */
8810			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8811			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8812			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8813			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8814			persis_io.pr.pr_info.res_type = type;
8815			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8816			     &persis_io, sizeof(persis_io), 0)) >
8817			     CTL_HA_STATUS_SUCCESS) {
8818				printf("CTL:Persis Out error returned from "
8819				       "ctl_ha_msg_send %d\n", isc_retval);
8820			}
8821		}
8822		break;
8823
8824	case SPRO_RELEASE:
8825		mtx_lock(&lun->lun_lock);
8826		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8827			/* No reservation exists return good status */
8828			mtx_unlock(&lun->lun_lock);
8829			goto done;
8830		}
8831		/*
8832		 * Is this nexus a reservation holder?
8833		 */
8834		if (lun->pr_res_idx != residx
8835		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8836			/*
8837			 * not a res holder return good status but
8838			 * do nothing
8839			 */
8840			mtx_unlock(&lun->lun_lock);
8841			goto done;
8842		}
8843
8844		if (lun->res_type != type) {
8845			mtx_unlock(&lun->lun_lock);
8846			free(ctsio->kern_data_ptr, M_CTL);
8847			ctl_set_illegal_pr_release(ctsio);
8848			ctl_done((union ctl_io *)ctsio);
8849			return (CTL_RETVAL_COMPLETE);
8850		}
8851
8852		/* okay to release */
8853		lun->flags &= ~CTL_LUN_PR_RESERVED;
8854		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8855		lun->res_type = 0;
8856
8857		/*
8858		 * if this isn't an exclusive access
8859		 * res generate UA for all other
8860		 * registrants.
8861		 */
8862		if (type != SPR_TYPE_EX_AC
8863		 && type != SPR_TYPE_WR_EX) {
8864			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8865				if (i == residx ||
8866				    lun->pr_keys[i + persis_offset] == 0)
8867					continue;
8868				lun->pending_ua[i] |= CTL_UA_RES_RELEASE;
8869			}
8870		}
8871		mtx_unlock(&lun->lun_lock);
8872		/* Send msg to other side */
8873		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8874		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8875		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8876		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8877		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8878			printf("CTL:Persis Out error returned from "
8879			       "ctl_ha_msg_send %d\n", isc_retval);
8880		}
8881		break;
8882
8883	case SPRO_CLEAR:
8884		/* send msg to other side */
8885
8886		mtx_lock(&lun->lun_lock);
8887		lun->flags &= ~CTL_LUN_PR_RESERVED;
8888		lun->res_type = 0;
8889		lun->pr_key_count = 0;
8890		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8891
8892		lun->pr_keys[residx] = 0;
8893
8894		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8895			if (lun->pr_keys[i] != 0) {
8896				if (!persis_offset && i < CTL_MAX_INITIATORS)
8897					lun->pending_ua[i] |=
8898						CTL_UA_RES_PREEMPT;
8899				else if (persis_offset && i >= persis_offset)
8900					lun->pending_ua[i-persis_offset] |=
8901					    CTL_UA_RES_PREEMPT;
8902
8903				lun->pr_keys[i] = 0;
8904			}
8905		lun->PRGeneration++;
8906		mtx_unlock(&lun->lun_lock);
8907		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8908		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8909		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8910		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8911		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8912			printf("CTL:Persis Out error returned from "
8913			       "ctl_ha_msg_send %d\n", isc_retval);
8914		}
8915		break;
8916
8917	case SPRO_PREEMPT:
8918	case SPRO_PRE_ABO: {
8919		int nretval;
8920
8921		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8922					  residx, ctsio, cdb, param);
8923		if (nretval != 0)
8924			return (CTL_RETVAL_COMPLETE);
8925		break;
8926	}
8927	default:
8928		panic("Invalid PR type %x", cdb->action);
8929	}
8930
8931done:
8932	free(ctsio->kern_data_ptr, M_CTL);
8933	ctl_set_success(ctsio);
8934	ctl_done((union ctl_io *)ctsio);
8935
8936	return (retval);
8937}
8938
8939/*
8940 * This routine is for handling a message from the other SC pertaining to
8941 * persistent reserve out. All the error checking will have been done
8942 * so only perorming the action need be done here to keep the two
8943 * in sync.
8944 */
8945static void
8946ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8947{
8948	struct ctl_lun *lun;
8949	struct ctl_softc *softc;
8950	int i;
8951	uint32_t targ_lun;
8952
8953	softc = control_softc;
8954
8955	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8956	lun = softc->ctl_luns[targ_lun];
8957	mtx_lock(&lun->lun_lock);
8958	switch(msg->pr.pr_info.action) {
8959	case CTL_PR_REG_KEY:
8960		if (lun->pr_keys[msg->pr.pr_info.residx] == 0)
8961			lun->pr_key_count++;
8962		lun->pr_keys[msg->pr.pr_info.residx] =
8963		    scsi_8btou64(msg->pr.pr_info.sa_res_key);
8964		lun->PRGeneration++;
8965		break;
8966
8967	case CTL_PR_UNREG_KEY:
8968		lun->pr_keys[msg->pr.pr_info.residx] = 0;
8969		lun->pr_key_count--;
8970
8971		/* XXX Need to see if the reservation has been released */
8972		/* if so do we need to generate UA? */
8973		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8974			lun->flags &= ~CTL_LUN_PR_RESERVED;
8975			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8976
8977			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8978			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8979			 && lun->pr_key_count) {
8980				/*
8981				 * If the reservation is a registrants
8982				 * only type we need to generate a UA
8983				 * for other registered inits.  The
8984				 * sense code should be RESERVATIONS
8985				 * RELEASED
8986				 */
8987
8988				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8989					if (lun->pr_keys[i+
8990					    persis_offset] == 0)
8991						continue;
8992
8993					lun->pending_ua[i] |=
8994						CTL_UA_RES_RELEASE;
8995				}
8996			}
8997			lun->res_type = 0;
8998		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8999			if (lun->pr_key_count==0) {
9000				lun->flags &= ~CTL_LUN_PR_RESERVED;
9001				lun->res_type = 0;
9002				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9003			}
9004		}
9005		lun->PRGeneration++;
9006		break;
9007
9008	case CTL_PR_RESERVE:
9009		lun->flags |= CTL_LUN_PR_RESERVED;
9010		lun->res_type = msg->pr.pr_info.res_type;
9011		lun->pr_res_idx = msg->pr.pr_info.residx;
9012
9013		break;
9014
9015	case CTL_PR_RELEASE:
9016		/*
9017		 * if this isn't an exclusive access res generate UA for all
9018		 * other registrants.
9019		 */
9020		if (lun->res_type != SPR_TYPE_EX_AC
9021		 && lun->res_type != SPR_TYPE_WR_EX) {
9022			for (i = 0; i < CTL_MAX_INITIATORS; i++)
9023				if (lun->pr_keys[i+persis_offset] != 0)
9024					lun->pending_ua[i] |=
9025						CTL_UA_RES_RELEASE;
9026		}
9027
9028		lun->flags &= ~CTL_LUN_PR_RESERVED;
9029		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9030		lun->res_type = 0;
9031		break;
9032
9033	case CTL_PR_PREEMPT:
9034		ctl_pro_preempt_other(lun, msg);
9035		break;
9036	case CTL_PR_CLEAR:
9037		lun->flags &= ~CTL_LUN_PR_RESERVED;
9038		lun->res_type = 0;
9039		lun->pr_key_count = 0;
9040		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
9041
9042		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
9043			if (lun->pr_keys[i] == 0)
9044				continue;
9045			if (!persis_offset
9046			 && i < CTL_MAX_INITIATORS)
9047				lun->pending_ua[i] |= CTL_UA_RES_PREEMPT;
9048			else if (persis_offset
9049			      && i >= persis_offset)
9050				lun->pending_ua[i-persis_offset] |=
9051					CTL_UA_RES_PREEMPT;
9052			lun->pr_keys[i] = 0;
9053		}
9054		lun->PRGeneration++;
9055		break;
9056	}
9057
9058	mtx_unlock(&lun->lun_lock);
9059}
9060
9061int
9062ctl_read_write(struct ctl_scsiio *ctsio)
9063{
9064	struct ctl_lun *lun;
9065	struct ctl_lba_len_flags *lbalen;
9066	uint64_t lba;
9067	uint32_t num_blocks;
9068	int flags, retval;
9069	int isread;
9070
9071	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9072
9073	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
9074
9075	flags = 0;
9076	retval = CTL_RETVAL_COMPLETE;
9077
9078	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
9079	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
9080	switch (ctsio->cdb[0]) {
9081	case READ_6:
9082	case WRITE_6: {
9083		struct scsi_rw_6 *cdb;
9084
9085		cdb = (struct scsi_rw_6 *)ctsio->cdb;
9086
9087		lba = scsi_3btoul(cdb->addr);
9088		/* only 5 bits are valid in the most significant address byte */
9089		lba &= 0x1fffff;
9090		num_blocks = cdb->length;
9091		/*
9092		 * This is correct according to SBC-2.
9093		 */
9094		if (num_blocks == 0)
9095			num_blocks = 256;
9096		break;
9097	}
9098	case READ_10:
9099	case WRITE_10: {
9100		struct scsi_rw_10 *cdb;
9101
9102		cdb = (struct scsi_rw_10 *)ctsio->cdb;
9103		if (cdb->byte2 & SRW10_FUA)
9104			flags |= CTL_LLF_FUA;
9105		if (cdb->byte2 & SRW10_DPO)
9106			flags |= CTL_LLF_DPO;
9107		lba = scsi_4btoul(cdb->addr);
9108		num_blocks = scsi_2btoul(cdb->length);
9109		break;
9110	}
9111	case WRITE_VERIFY_10: {
9112		struct scsi_write_verify_10 *cdb;
9113
9114		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
9115		flags |= CTL_LLF_FUA;
9116		if (cdb->byte2 & SWV_DPO)
9117			flags |= CTL_LLF_DPO;
9118		lba = scsi_4btoul(cdb->addr);
9119		num_blocks = scsi_2btoul(cdb->length);
9120		break;
9121	}
9122	case READ_12:
9123	case WRITE_12: {
9124		struct scsi_rw_12 *cdb;
9125
9126		cdb = (struct scsi_rw_12 *)ctsio->cdb;
9127		if (cdb->byte2 & SRW12_FUA)
9128			flags |= CTL_LLF_FUA;
9129		if (cdb->byte2 & SRW12_DPO)
9130			flags |= CTL_LLF_DPO;
9131		lba = scsi_4btoul(cdb->addr);
9132		num_blocks = scsi_4btoul(cdb->length);
9133		break;
9134	}
9135	case WRITE_VERIFY_12: {
9136		struct scsi_write_verify_12 *cdb;
9137
9138		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
9139		flags |= CTL_LLF_FUA;
9140		if (cdb->byte2 & SWV_DPO)
9141			flags |= CTL_LLF_DPO;
9142		lba = scsi_4btoul(cdb->addr);
9143		num_blocks = scsi_4btoul(cdb->length);
9144		break;
9145	}
9146	case READ_16:
9147	case WRITE_16: {
9148		struct scsi_rw_16 *cdb;
9149
9150		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9151		if (cdb->byte2 & SRW12_FUA)
9152			flags |= CTL_LLF_FUA;
9153		if (cdb->byte2 & SRW12_DPO)
9154			flags |= CTL_LLF_DPO;
9155		lba = scsi_8btou64(cdb->addr);
9156		num_blocks = scsi_4btoul(cdb->length);
9157		break;
9158	}
9159	case WRITE_ATOMIC_16: {
9160		struct scsi_rw_16 *cdb;
9161
9162		if (lun->be_lun->atomicblock == 0) {
9163			ctl_set_invalid_opcode(ctsio);
9164			ctl_done((union ctl_io *)ctsio);
9165			return (CTL_RETVAL_COMPLETE);
9166		}
9167
9168		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9169		if (cdb->byte2 & SRW12_FUA)
9170			flags |= CTL_LLF_FUA;
9171		if (cdb->byte2 & SRW12_DPO)
9172			flags |= CTL_LLF_DPO;
9173		lba = scsi_8btou64(cdb->addr);
9174		num_blocks = scsi_4btoul(cdb->length);
9175		if (num_blocks > lun->be_lun->atomicblock) {
9176			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
9177			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
9178			    /*bit*/ 0);
9179			ctl_done((union ctl_io *)ctsio);
9180			return (CTL_RETVAL_COMPLETE);
9181		}
9182		break;
9183	}
9184	case WRITE_VERIFY_16: {
9185		struct scsi_write_verify_16 *cdb;
9186
9187		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
9188		flags |= CTL_LLF_FUA;
9189		if (cdb->byte2 & SWV_DPO)
9190			flags |= CTL_LLF_DPO;
9191		lba = scsi_8btou64(cdb->addr);
9192		num_blocks = scsi_4btoul(cdb->length);
9193		break;
9194	}
9195	default:
9196		/*
9197		 * We got a command we don't support.  This shouldn't
9198		 * happen, commands should be filtered out above us.
9199		 */
9200		ctl_set_invalid_opcode(ctsio);
9201		ctl_done((union ctl_io *)ctsio);
9202
9203		return (CTL_RETVAL_COMPLETE);
9204		break; /* NOTREACHED */
9205	}
9206
9207	/*
9208	 * The first check is to make sure we're in bounds, the second
9209	 * check is to catch wrap-around problems.  If the lba + num blocks
9210	 * is less than the lba, then we've wrapped around and the block
9211	 * range is invalid anyway.
9212	 */
9213	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9214	 || ((lba + num_blocks) < lba)) {
9215		ctl_set_lba_out_of_range(ctsio);
9216		ctl_done((union ctl_io *)ctsio);
9217		return (CTL_RETVAL_COMPLETE);
9218	}
9219
9220	/*
9221	 * According to SBC-3, a transfer length of 0 is not an error.
9222	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9223	 * translates to 256 blocks for those commands.
9224	 */
9225	if (num_blocks == 0) {
9226		ctl_set_success(ctsio);
9227		ctl_done((union ctl_io *)ctsio);
9228		return (CTL_RETVAL_COMPLETE);
9229	}
9230
9231	/* Set FUA and/or DPO if caches are disabled. */
9232	if (isread) {
9233		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9234		    SCP_RCD) != 0)
9235			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9236	} else {
9237		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9238		    SCP_WCE) == 0)
9239			flags |= CTL_LLF_FUA;
9240	}
9241
9242	lbalen = (struct ctl_lba_len_flags *)
9243	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9244	lbalen->lba = lba;
9245	lbalen->len = num_blocks;
9246	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9247
9248	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9249	ctsio->kern_rel_offset = 0;
9250
9251	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9252
9253	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9254
9255	return (retval);
9256}
9257
9258static int
9259ctl_cnw_cont(union ctl_io *io)
9260{
9261	struct ctl_scsiio *ctsio;
9262	struct ctl_lun *lun;
9263	struct ctl_lba_len_flags *lbalen;
9264	int retval;
9265
9266	ctsio = &io->scsiio;
9267	ctsio->io_hdr.status = CTL_STATUS_NONE;
9268	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9269	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9270	lbalen = (struct ctl_lba_len_flags *)
9271	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9272	lbalen->flags &= ~CTL_LLF_COMPARE;
9273	lbalen->flags |= CTL_LLF_WRITE;
9274
9275	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9276	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9277	return (retval);
9278}
9279
9280int
9281ctl_cnw(struct ctl_scsiio *ctsio)
9282{
9283	struct ctl_lun *lun;
9284	struct ctl_lba_len_flags *lbalen;
9285	uint64_t lba;
9286	uint32_t num_blocks;
9287	int flags, retval;
9288
9289	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9290
9291	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9292
9293	flags = 0;
9294	retval = CTL_RETVAL_COMPLETE;
9295
9296	switch (ctsio->cdb[0]) {
9297	case COMPARE_AND_WRITE: {
9298		struct scsi_compare_and_write *cdb;
9299
9300		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9301		if (cdb->byte2 & SRW10_FUA)
9302			flags |= CTL_LLF_FUA;
9303		if (cdb->byte2 & SRW10_DPO)
9304			flags |= CTL_LLF_DPO;
9305		lba = scsi_8btou64(cdb->addr);
9306		num_blocks = cdb->length;
9307		break;
9308	}
9309	default:
9310		/*
9311		 * We got a command we don't support.  This shouldn't
9312		 * happen, commands should be filtered out above us.
9313		 */
9314		ctl_set_invalid_opcode(ctsio);
9315		ctl_done((union ctl_io *)ctsio);
9316
9317		return (CTL_RETVAL_COMPLETE);
9318		break; /* NOTREACHED */
9319	}
9320
9321	/*
9322	 * The first check is to make sure we're in bounds, the second
9323	 * check is to catch wrap-around problems.  If the lba + num blocks
9324	 * is less than the lba, then we've wrapped around and the block
9325	 * range is invalid anyway.
9326	 */
9327	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9328	 || ((lba + num_blocks) < lba)) {
9329		ctl_set_lba_out_of_range(ctsio);
9330		ctl_done((union ctl_io *)ctsio);
9331		return (CTL_RETVAL_COMPLETE);
9332	}
9333
9334	/*
9335	 * According to SBC-3, a transfer length of 0 is not an error.
9336	 */
9337	if (num_blocks == 0) {
9338		ctl_set_success(ctsio);
9339		ctl_done((union ctl_io *)ctsio);
9340		return (CTL_RETVAL_COMPLETE);
9341	}
9342
9343	/* Set FUA if write cache is disabled. */
9344	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9345	    SCP_WCE) == 0)
9346		flags |= CTL_LLF_FUA;
9347
9348	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9349	ctsio->kern_rel_offset = 0;
9350
9351	/*
9352	 * Set the IO_CONT flag, so that if this I/O gets passed to
9353	 * ctl_data_submit_done(), it'll get passed back to
9354	 * ctl_ctl_cnw_cont() for further processing.
9355	 */
9356	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9357	ctsio->io_cont = ctl_cnw_cont;
9358
9359	lbalen = (struct ctl_lba_len_flags *)
9360	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9361	lbalen->lba = lba;
9362	lbalen->len = num_blocks;
9363	lbalen->flags = CTL_LLF_COMPARE | flags;
9364
9365	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9366	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9367	return (retval);
9368}
9369
9370int
9371ctl_verify(struct ctl_scsiio *ctsio)
9372{
9373	struct ctl_lun *lun;
9374	struct ctl_lba_len_flags *lbalen;
9375	uint64_t lba;
9376	uint32_t num_blocks;
9377	int bytchk, flags;
9378	int retval;
9379
9380	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9381
9382	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9383
9384	bytchk = 0;
9385	flags = CTL_LLF_FUA;
9386	retval = CTL_RETVAL_COMPLETE;
9387
9388	switch (ctsio->cdb[0]) {
9389	case VERIFY_10: {
9390		struct scsi_verify_10 *cdb;
9391
9392		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9393		if (cdb->byte2 & SVFY_BYTCHK)
9394			bytchk = 1;
9395		if (cdb->byte2 & SVFY_DPO)
9396			flags |= CTL_LLF_DPO;
9397		lba = scsi_4btoul(cdb->addr);
9398		num_blocks = scsi_2btoul(cdb->length);
9399		break;
9400	}
9401	case VERIFY_12: {
9402		struct scsi_verify_12 *cdb;
9403
9404		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9405		if (cdb->byte2 & SVFY_BYTCHK)
9406			bytchk = 1;
9407		if (cdb->byte2 & SVFY_DPO)
9408			flags |= CTL_LLF_DPO;
9409		lba = scsi_4btoul(cdb->addr);
9410		num_blocks = scsi_4btoul(cdb->length);
9411		break;
9412	}
9413	case VERIFY_16: {
9414		struct scsi_rw_16 *cdb;
9415
9416		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9417		if (cdb->byte2 & SVFY_BYTCHK)
9418			bytchk = 1;
9419		if (cdb->byte2 & SVFY_DPO)
9420			flags |= CTL_LLF_DPO;
9421		lba = scsi_8btou64(cdb->addr);
9422		num_blocks = scsi_4btoul(cdb->length);
9423		break;
9424	}
9425	default:
9426		/*
9427		 * We got a command we don't support.  This shouldn't
9428		 * happen, commands should be filtered out above us.
9429		 */
9430		ctl_set_invalid_opcode(ctsio);
9431		ctl_done((union ctl_io *)ctsio);
9432		return (CTL_RETVAL_COMPLETE);
9433	}
9434
9435	/*
9436	 * The first check is to make sure we're in bounds, the second
9437	 * check is to catch wrap-around problems.  If the lba + num blocks
9438	 * is less than the lba, then we've wrapped around and the block
9439	 * range is invalid anyway.
9440	 */
9441	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9442	 || ((lba + num_blocks) < lba)) {
9443		ctl_set_lba_out_of_range(ctsio);
9444		ctl_done((union ctl_io *)ctsio);
9445		return (CTL_RETVAL_COMPLETE);
9446	}
9447
9448	/*
9449	 * According to SBC-3, a transfer length of 0 is not an error.
9450	 */
9451	if (num_blocks == 0) {
9452		ctl_set_success(ctsio);
9453		ctl_done((union ctl_io *)ctsio);
9454		return (CTL_RETVAL_COMPLETE);
9455	}
9456
9457	lbalen = (struct ctl_lba_len_flags *)
9458	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9459	lbalen->lba = lba;
9460	lbalen->len = num_blocks;
9461	if (bytchk) {
9462		lbalen->flags = CTL_LLF_COMPARE | flags;
9463		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9464	} else {
9465		lbalen->flags = CTL_LLF_VERIFY | flags;
9466		ctsio->kern_total_len = 0;
9467	}
9468	ctsio->kern_rel_offset = 0;
9469
9470	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9471	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9472	return (retval);
9473}
9474
9475int
9476ctl_report_luns(struct ctl_scsiio *ctsio)
9477{
9478	struct scsi_report_luns *cdb;
9479	struct scsi_report_luns_data *lun_data;
9480	struct ctl_lun *lun, *request_lun;
9481	int num_luns, retval;
9482	uint32_t alloc_len, lun_datalen;
9483	int num_filled, well_known;
9484	uint32_t initidx, targ_lun_id, lun_id;
9485
9486	retval = CTL_RETVAL_COMPLETE;
9487	well_known = 0;
9488
9489	cdb = (struct scsi_report_luns *)ctsio->cdb;
9490
9491	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9492
9493	mtx_lock(&control_softc->ctl_lock);
9494	num_luns = control_softc->num_luns;
9495	mtx_unlock(&control_softc->ctl_lock);
9496
9497	switch (cdb->select_report) {
9498	case RPL_REPORT_DEFAULT:
9499	case RPL_REPORT_ALL:
9500		break;
9501	case RPL_REPORT_WELLKNOWN:
9502		well_known = 1;
9503		num_luns = 0;
9504		break;
9505	default:
9506		ctl_set_invalid_field(ctsio,
9507				      /*sks_valid*/ 1,
9508				      /*command*/ 1,
9509				      /*field*/ 2,
9510				      /*bit_valid*/ 0,
9511				      /*bit*/ 0);
9512		ctl_done((union ctl_io *)ctsio);
9513		return (retval);
9514		break; /* NOTREACHED */
9515	}
9516
9517	alloc_len = scsi_4btoul(cdb->length);
9518	/*
9519	 * The initiator has to allocate at least 16 bytes for this request,
9520	 * so he can at least get the header and the first LUN.  Otherwise
9521	 * we reject the request (per SPC-3 rev 14, section 6.21).
9522	 */
9523	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9524	    sizeof(struct scsi_report_luns_lundata))) {
9525		ctl_set_invalid_field(ctsio,
9526				      /*sks_valid*/ 1,
9527				      /*command*/ 1,
9528				      /*field*/ 6,
9529				      /*bit_valid*/ 0,
9530				      /*bit*/ 0);
9531		ctl_done((union ctl_io *)ctsio);
9532		return (retval);
9533	}
9534
9535	request_lun = (struct ctl_lun *)
9536		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9537
9538	lun_datalen = sizeof(*lun_data) +
9539		(num_luns * sizeof(struct scsi_report_luns_lundata));
9540
9541	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9542	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9543	ctsio->kern_sg_entries = 0;
9544
9545	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9546
9547	mtx_lock(&control_softc->ctl_lock);
9548	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9549		lun_id = ctl_map_lun(ctsio->io_hdr.nexus.targ_port, targ_lun_id);
9550		if (lun_id >= CTL_MAX_LUNS)
9551			continue;
9552		lun = control_softc->ctl_luns[lun_id];
9553		if (lun == NULL)
9554			continue;
9555
9556		if (targ_lun_id <= 0xff) {
9557			/*
9558			 * Peripheral addressing method, bus number 0.
9559			 */
9560			lun_data->luns[num_filled].lundata[0] =
9561				RPL_LUNDATA_ATYP_PERIPH;
9562			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9563			num_filled++;
9564		} else if (targ_lun_id <= 0x3fff) {
9565			/*
9566			 * Flat addressing method.
9567			 */
9568			lun_data->luns[num_filled].lundata[0] =
9569				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9570			lun_data->luns[num_filled].lundata[1] =
9571				(targ_lun_id & 0xff);
9572			num_filled++;
9573		} else if (targ_lun_id <= 0xffffff) {
9574			/*
9575			 * Extended flat addressing method.
9576			 */
9577			lun_data->luns[num_filled].lundata[0] =
9578			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9579			scsi_ulto3b(targ_lun_id,
9580			    &lun_data->luns[num_filled].lundata[1]);
9581			num_filled++;
9582		} else {
9583			printf("ctl_report_luns: bogus LUN number %jd, "
9584			       "skipping\n", (intmax_t)targ_lun_id);
9585		}
9586		/*
9587		 * According to SPC-3, rev 14 section 6.21:
9588		 *
9589		 * "The execution of a REPORT LUNS command to any valid and
9590		 * installed logical unit shall clear the REPORTED LUNS DATA
9591		 * HAS CHANGED unit attention condition for all logical
9592		 * units of that target with respect to the requesting
9593		 * initiator. A valid and installed logical unit is one
9594		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9595		 * INQUIRY data (see 6.4.2)."
9596		 *
9597		 * If request_lun is NULL, the LUN this report luns command
9598		 * was issued to is either disabled or doesn't exist. In that
9599		 * case, we shouldn't clear any pending lun change unit
9600		 * attention.
9601		 */
9602		if (request_lun != NULL) {
9603			mtx_lock(&lun->lun_lock);
9604			lun->pending_ua[initidx] &= ~CTL_UA_LUN_CHANGE;
9605			mtx_unlock(&lun->lun_lock);
9606		}
9607	}
9608	mtx_unlock(&control_softc->ctl_lock);
9609
9610	/*
9611	 * It's quite possible that we've returned fewer LUNs than we allocated
9612	 * space for.  Trim it.
9613	 */
9614	lun_datalen = sizeof(*lun_data) +
9615		(num_filled * sizeof(struct scsi_report_luns_lundata));
9616
9617	if (lun_datalen < alloc_len) {
9618		ctsio->residual = alloc_len - lun_datalen;
9619		ctsio->kern_data_len = lun_datalen;
9620		ctsio->kern_total_len = lun_datalen;
9621	} else {
9622		ctsio->residual = 0;
9623		ctsio->kern_data_len = alloc_len;
9624		ctsio->kern_total_len = alloc_len;
9625	}
9626	ctsio->kern_data_resid = 0;
9627	ctsio->kern_rel_offset = 0;
9628	ctsio->kern_sg_entries = 0;
9629
9630	/*
9631	 * We set this to the actual data length, regardless of how much
9632	 * space we actually have to return results.  If the user looks at
9633	 * this value, he'll know whether or not he allocated enough space
9634	 * and reissue the command if necessary.  We don't support well
9635	 * known logical units, so if the user asks for that, return none.
9636	 */
9637	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9638
9639	/*
9640	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9641	 * this request.
9642	 */
9643	ctsio->scsi_status = SCSI_STATUS_OK;
9644
9645	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9646	ctsio->be_move_done = ctl_config_move_done;
9647	ctl_datamove((union ctl_io *)ctsio);
9648
9649	return (retval);
9650}
9651
9652int
9653ctl_request_sense(struct ctl_scsiio *ctsio)
9654{
9655	struct scsi_request_sense *cdb;
9656	struct scsi_sense_data *sense_ptr;
9657	struct ctl_lun *lun;
9658	uint32_t initidx;
9659	int have_error;
9660	scsi_sense_data_type sense_format;
9661
9662	cdb = (struct scsi_request_sense *)ctsio->cdb;
9663
9664	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9665
9666	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9667
9668	/*
9669	 * Determine which sense format the user wants.
9670	 */
9671	if (cdb->byte2 & SRS_DESC)
9672		sense_format = SSD_TYPE_DESC;
9673	else
9674		sense_format = SSD_TYPE_FIXED;
9675
9676	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9677	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9678	ctsio->kern_sg_entries = 0;
9679
9680	/*
9681	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9682	 * larger than the largest allowed value for the length field in the
9683	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9684	 */
9685	ctsio->residual = 0;
9686	ctsio->kern_data_len = cdb->length;
9687	ctsio->kern_total_len = cdb->length;
9688
9689	ctsio->kern_data_resid = 0;
9690	ctsio->kern_rel_offset = 0;
9691	ctsio->kern_sg_entries = 0;
9692
9693	/*
9694	 * If we don't have a LUN, we don't have any pending sense.
9695	 */
9696	if (lun == NULL)
9697		goto no_sense;
9698
9699	have_error = 0;
9700	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9701	/*
9702	 * Check for pending sense, and then for pending unit attentions.
9703	 * Pending sense gets returned first, then pending unit attentions.
9704	 */
9705	mtx_lock(&lun->lun_lock);
9706#ifdef CTL_WITH_CA
9707	if (ctl_is_set(lun->have_ca, initidx)) {
9708		scsi_sense_data_type stored_format;
9709
9710		/*
9711		 * Check to see which sense format was used for the stored
9712		 * sense data.
9713		 */
9714		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9715
9716		/*
9717		 * If the user requested a different sense format than the
9718		 * one we stored, then we need to convert it to the other
9719		 * format.  If we're going from descriptor to fixed format
9720		 * sense data, we may lose things in translation, depending
9721		 * on what options were used.
9722		 *
9723		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9724		 * for some reason we'll just copy it out as-is.
9725		 */
9726		if ((stored_format == SSD_TYPE_FIXED)
9727		 && (sense_format == SSD_TYPE_DESC))
9728			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9729			    &lun->pending_sense[initidx],
9730			    (struct scsi_sense_data_desc *)sense_ptr);
9731		else if ((stored_format == SSD_TYPE_DESC)
9732		      && (sense_format == SSD_TYPE_FIXED))
9733			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9734			    &lun->pending_sense[initidx],
9735			    (struct scsi_sense_data_fixed *)sense_ptr);
9736		else
9737			memcpy(sense_ptr, &lun->pending_sense[initidx],
9738			       ctl_min(sizeof(*sense_ptr),
9739			       sizeof(lun->pending_sense[initidx])));
9740
9741		ctl_clear_mask(lun->have_ca, initidx);
9742		have_error = 1;
9743	} else
9744#endif
9745	if (lun->pending_ua[initidx] != CTL_UA_NONE) {
9746		ctl_ua_type ua_type;
9747
9748		ua_type = ctl_build_ua(&lun->pending_ua[initidx],
9749				       sense_ptr, sense_format);
9750		if (ua_type != CTL_UA_NONE)
9751			have_error = 1;
9752	}
9753	mtx_unlock(&lun->lun_lock);
9754
9755	/*
9756	 * We already have a pending error, return it.
9757	 */
9758	if (have_error != 0) {
9759		/*
9760		 * We report the SCSI status as OK, since the status of the
9761		 * request sense command itself is OK.
9762		 */
9763		ctsio->scsi_status = SCSI_STATUS_OK;
9764
9765		/*
9766		 * We report 0 for the sense length, because we aren't doing
9767		 * autosense in this case.  We're reporting sense as
9768		 * parameter data.
9769		 */
9770		ctsio->sense_len = 0;
9771		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9772		ctsio->be_move_done = ctl_config_move_done;
9773		ctl_datamove((union ctl_io *)ctsio);
9774
9775		return (CTL_RETVAL_COMPLETE);
9776	}
9777
9778no_sense:
9779
9780	/*
9781	 * No sense information to report, so we report that everything is
9782	 * okay.
9783	 */
9784	ctl_set_sense_data(sense_ptr,
9785			   lun,
9786			   sense_format,
9787			   /*current_error*/ 1,
9788			   /*sense_key*/ SSD_KEY_NO_SENSE,
9789			   /*asc*/ 0x00,
9790			   /*ascq*/ 0x00,
9791			   SSD_ELEM_NONE);
9792
9793	ctsio->scsi_status = SCSI_STATUS_OK;
9794
9795	/*
9796	 * We report 0 for the sense length, because we aren't doing
9797	 * autosense in this case.  We're reporting sense as parameter data.
9798	 */
9799	ctsio->sense_len = 0;
9800	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9801	ctsio->be_move_done = ctl_config_move_done;
9802	ctl_datamove((union ctl_io *)ctsio);
9803
9804	return (CTL_RETVAL_COMPLETE);
9805}
9806
9807int
9808ctl_tur(struct ctl_scsiio *ctsio)
9809{
9810	struct ctl_lun *lun;
9811
9812	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9813
9814	CTL_DEBUG_PRINT(("ctl_tur\n"));
9815
9816	if (lun == NULL)
9817		return (EINVAL);
9818
9819	ctsio->scsi_status = SCSI_STATUS_OK;
9820	ctsio->io_hdr.status = CTL_SUCCESS;
9821
9822	ctl_done((union ctl_io *)ctsio);
9823
9824	return (CTL_RETVAL_COMPLETE);
9825}
9826
9827#ifdef notyet
9828static int
9829ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9830{
9831
9832}
9833#endif
9834
9835static int
9836ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9837{
9838	struct scsi_vpd_supported_pages *pages;
9839	int sup_page_size;
9840	struct ctl_lun *lun;
9841
9842	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9843
9844	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9845	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9846	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9847	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9848	ctsio->kern_sg_entries = 0;
9849
9850	if (sup_page_size < alloc_len) {
9851		ctsio->residual = alloc_len - sup_page_size;
9852		ctsio->kern_data_len = sup_page_size;
9853		ctsio->kern_total_len = sup_page_size;
9854	} else {
9855		ctsio->residual = 0;
9856		ctsio->kern_data_len = alloc_len;
9857		ctsio->kern_total_len = alloc_len;
9858	}
9859	ctsio->kern_data_resid = 0;
9860	ctsio->kern_rel_offset = 0;
9861	ctsio->kern_sg_entries = 0;
9862
9863	/*
9864	 * The control device is always connected.  The disk device, on the
9865	 * other hand, may not be online all the time.  Need to change this
9866	 * to figure out whether the disk device is actually online or not.
9867	 */
9868	if (lun != NULL)
9869		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9870				lun->be_lun->lun_type;
9871	else
9872		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9873
9874	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
9875	/* Supported VPD pages */
9876	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
9877	/* Serial Number */
9878	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
9879	/* Device Identification */
9880	pages->page_list[2] = SVPD_DEVICE_ID;
9881	/* Extended INQUIRY Data */
9882	pages->page_list[3] = SVPD_EXTENDED_INQUIRY_DATA;
9883	/* Mode Page Policy */
9884	pages->page_list[4] = SVPD_MODE_PAGE_POLICY;
9885	/* SCSI Ports */
9886	pages->page_list[5] = SVPD_SCSI_PORTS;
9887	/* Third-party Copy */
9888	pages->page_list[6] = SVPD_SCSI_TPC;
9889	/* Block limits */
9890	pages->page_list[7] = SVPD_BLOCK_LIMITS;
9891	/* Block Device Characteristics */
9892	pages->page_list[8] = SVPD_BDC;
9893	/* Logical Block Provisioning */
9894	pages->page_list[9] = SVPD_LBP;
9895
9896	ctsio->scsi_status = SCSI_STATUS_OK;
9897
9898	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9899	ctsio->be_move_done = ctl_config_move_done;
9900	ctl_datamove((union ctl_io *)ctsio);
9901
9902	return (CTL_RETVAL_COMPLETE);
9903}
9904
9905static int
9906ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9907{
9908	struct scsi_vpd_unit_serial_number *sn_ptr;
9909	struct ctl_lun *lun;
9910	int data_len;
9911
9912	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9913
9914	data_len = 4 + CTL_SN_LEN;
9915	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9916	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9917	if (data_len < alloc_len) {
9918		ctsio->residual = alloc_len - data_len;
9919		ctsio->kern_data_len = data_len;
9920		ctsio->kern_total_len = data_len;
9921	} else {
9922		ctsio->residual = 0;
9923		ctsio->kern_data_len = alloc_len;
9924		ctsio->kern_total_len = alloc_len;
9925	}
9926	ctsio->kern_data_resid = 0;
9927	ctsio->kern_rel_offset = 0;
9928	ctsio->kern_sg_entries = 0;
9929
9930	/*
9931	 * The control device is always connected.  The disk device, on the
9932	 * other hand, may not be online all the time.  Need to change this
9933	 * to figure out whether the disk device is actually online or not.
9934	 */
9935	if (lun != NULL)
9936		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9937				  lun->be_lun->lun_type;
9938	else
9939		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9940
9941	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9942	sn_ptr->length = CTL_SN_LEN;
9943	/*
9944	 * If we don't have a LUN, we just leave the serial number as
9945	 * all spaces.
9946	 */
9947	if (lun != NULL) {
9948		strncpy((char *)sn_ptr->serial_num,
9949			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9950	} else
9951		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9952	ctsio->scsi_status = SCSI_STATUS_OK;
9953
9954	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9955	ctsio->be_move_done = ctl_config_move_done;
9956	ctl_datamove((union ctl_io *)ctsio);
9957
9958	return (CTL_RETVAL_COMPLETE);
9959}
9960
9961
9962static int
9963ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9964{
9965	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9966	struct ctl_lun *lun;
9967	int data_len;
9968
9969	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9970
9971	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9972	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9973	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9974	ctsio->kern_sg_entries = 0;
9975
9976	if (data_len < alloc_len) {
9977		ctsio->residual = alloc_len - data_len;
9978		ctsio->kern_data_len = data_len;
9979		ctsio->kern_total_len = data_len;
9980	} else {
9981		ctsio->residual = 0;
9982		ctsio->kern_data_len = alloc_len;
9983		ctsio->kern_total_len = alloc_len;
9984	}
9985	ctsio->kern_data_resid = 0;
9986	ctsio->kern_rel_offset = 0;
9987	ctsio->kern_sg_entries = 0;
9988
9989	/*
9990	 * The control device is always connected.  The disk device, on the
9991	 * other hand, may not be online all the time.
9992	 */
9993	if (lun != NULL)
9994		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9995				     lun->be_lun->lun_type;
9996	else
9997		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9998	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9999	eid_ptr->page_length = data_len - 4;
10000	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
10001	eid_ptr->flags3 = SVPD_EID_V_SUP;
10002
10003	ctsio->scsi_status = SCSI_STATUS_OK;
10004	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10005	ctsio->be_move_done = ctl_config_move_done;
10006	ctl_datamove((union ctl_io *)ctsio);
10007
10008	return (CTL_RETVAL_COMPLETE);
10009}
10010
10011static int
10012ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
10013{
10014	struct scsi_vpd_mode_page_policy *mpp_ptr;
10015	struct ctl_lun *lun;
10016	int data_len;
10017
10018	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10019
10020	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
10021	    sizeof(struct scsi_vpd_mode_page_policy_descr);
10022
10023	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10024	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
10025	ctsio->kern_sg_entries = 0;
10026
10027	if (data_len < alloc_len) {
10028		ctsio->residual = alloc_len - data_len;
10029		ctsio->kern_data_len = data_len;
10030		ctsio->kern_total_len = data_len;
10031	} else {
10032		ctsio->residual = 0;
10033		ctsio->kern_data_len = alloc_len;
10034		ctsio->kern_total_len = alloc_len;
10035	}
10036	ctsio->kern_data_resid = 0;
10037	ctsio->kern_rel_offset = 0;
10038	ctsio->kern_sg_entries = 0;
10039
10040	/*
10041	 * The control device is always connected.  The disk device, on the
10042	 * other hand, may not be online all the time.
10043	 */
10044	if (lun != NULL)
10045		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10046				     lun->be_lun->lun_type;
10047	else
10048		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10049	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
10050	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
10051	mpp_ptr->descr[0].page_code = 0x3f;
10052	mpp_ptr->descr[0].subpage_code = 0xff;
10053	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
10054
10055	ctsio->scsi_status = SCSI_STATUS_OK;
10056	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10057	ctsio->be_move_done = ctl_config_move_done;
10058	ctl_datamove((union ctl_io *)ctsio);
10059
10060	return (CTL_RETVAL_COMPLETE);
10061}
10062
10063static int
10064ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
10065{
10066	struct scsi_vpd_device_id *devid_ptr;
10067	struct scsi_vpd_id_descriptor *desc;
10068	struct ctl_softc *ctl_softc;
10069	struct ctl_lun *lun;
10070	struct ctl_port *port;
10071	int data_len;
10072	uint8_t proto;
10073
10074	ctl_softc = control_softc;
10075
10076	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
10077	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10078
10079	data_len = sizeof(struct scsi_vpd_device_id) +
10080	    sizeof(struct scsi_vpd_id_descriptor) +
10081		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
10082	    sizeof(struct scsi_vpd_id_descriptor) +
10083		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
10084	if (lun && lun->lun_devid)
10085		data_len += lun->lun_devid->len;
10086	if (port->port_devid)
10087		data_len += port->port_devid->len;
10088	if (port->target_devid)
10089		data_len += port->target_devid->len;
10090
10091	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10092	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
10093	ctsio->kern_sg_entries = 0;
10094
10095	if (data_len < alloc_len) {
10096		ctsio->residual = alloc_len - data_len;
10097		ctsio->kern_data_len = data_len;
10098		ctsio->kern_total_len = data_len;
10099	} else {
10100		ctsio->residual = 0;
10101		ctsio->kern_data_len = alloc_len;
10102		ctsio->kern_total_len = alloc_len;
10103	}
10104	ctsio->kern_data_resid = 0;
10105	ctsio->kern_rel_offset = 0;
10106	ctsio->kern_sg_entries = 0;
10107
10108	/*
10109	 * The control device is always connected.  The disk device, on the
10110	 * other hand, may not be online all the time.
10111	 */
10112	if (lun != NULL)
10113		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10114				     lun->be_lun->lun_type;
10115	else
10116		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10117	devid_ptr->page_code = SVPD_DEVICE_ID;
10118	scsi_ulto2b(data_len - 4, devid_ptr->length);
10119
10120	if (port->port_type == CTL_PORT_FC)
10121		proto = SCSI_PROTO_FC << 4;
10122	else if (port->port_type == CTL_PORT_ISCSI)
10123		proto = SCSI_PROTO_ISCSI << 4;
10124	else
10125		proto = SCSI_PROTO_SPI << 4;
10126	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
10127
10128	/*
10129	 * We're using a LUN association here.  i.e., this device ID is a
10130	 * per-LUN identifier.
10131	 */
10132	if (lun && lun->lun_devid) {
10133		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
10134		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
10135		    lun->lun_devid->len);
10136	}
10137
10138	/*
10139	 * This is for the WWPN which is a port association.
10140	 */
10141	if (port->port_devid) {
10142		memcpy(desc, port->port_devid->data, port->port_devid->len);
10143		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
10144		    port->port_devid->len);
10145	}
10146
10147	/*
10148	 * This is for the Relative Target Port(type 4h) identifier
10149	 */
10150	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
10151	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
10152	    SVPD_ID_TYPE_RELTARG;
10153	desc->length = 4;
10154	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
10155	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10156	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
10157
10158	/*
10159	 * This is for the Target Port Group(type 5h) identifier
10160	 */
10161	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
10162	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
10163	    SVPD_ID_TYPE_TPORTGRP;
10164	desc->length = 4;
10165	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
10166	    &desc->identifier[2]);
10167	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
10168	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
10169
10170	/*
10171	 * This is for the Target identifier
10172	 */
10173	if (port->target_devid) {
10174		memcpy(desc, port->target_devid->data, port->target_devid->len);
10175	}
10176
10177	ctsio->scsi_status = SCSI_STATUS_OK;
10178	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10179	ctsio->be_move_done = ctl_config_move_done;
10180	ctl_datamove((union ctl_io *)ctsio);
10181
10182	return (CTL_RETVAL_COMPLETE);
10183}
10184
10185static int
10186ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
10187{
10188	struct ctl_softc *softc = control_softc;
10189	struct scsi_vpd_scsi_ports *sp;
10190	struct scsi_vpd_port_designation *pd;
10191	struct scsi_vpd_port_designation_cont *pdc;
10192	struct ctl_lun *lun;
10193	struct ctl_port *port;
10194	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
10195	int num_target_port_groups, single;
10196
10197	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10198
10199	single = ctl_is_single;
10200	if (single)
10201		num_target_port_groups = 1;
10202	else
10203		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
10204	num_target_ports = 0;
10205	iid_len = 0;
10206	id_len = 0;
10207	mtx_lock(&softc->ctl_lock);
10208	STAILQ_FOREACH(port, &softc->port_list, links) {
10209		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10210			continue;
10211		if (lun != NULL &&
10212		    ctl_map_lun_back(port->targ_port, lun->lun) >=
10213		    CTL_MAX_LUNS)
10214			continue;
10215		num_target_ports++;
10216		if (port->init_devid)
10217			iid_len += port->init_devid->len;
10218		if (port->port_devid)
10219			id_len += port->port_devid->len;
10220	}
10221	mtx_unlock(&softc->ctl_lock);
10222
10223	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
10224	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10225	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10226	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10227	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10228	ctsio->kern_sg_entries = 0;
10229
10230	if (data_len < alloc_len) {
10231		ctsio->residual = alloc_len - data_len;
10232		ctsio->kern_data_len = data_len;
10233		ctsio->kern_total_len = data_len;
10234	} else {
10235		ctsio->residual = 0;
10236		ctsio->kern_data_len = alloc_len;
10237		ctsio->kern_total_len = alloc_len;
10238	}
10239	ctsio->kern_data_resid = 0;
10240	ctsio->kern_rel_offset = 0;
10241	ctsio->kern_sg_entries = 0;
10242
10243	/*
10244	 * The control device is always connected.  The disk device, on the
10245	 * other hand, may not be online all the time.  Need to change this
10246	 * to figure out whether the disk device is actually online or not.
10247	 */
10248	if (lun != NULL)
10249		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10250				  lun->be_lun->lun_type;
10251	else
10252		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10253
10254	sp->page_code = SVPD_SCSI_PORTS;
10255	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10256	    sp->page_length);
10257	pd = &sp->design[0];
10258
10259	mtx_lock(&softc->ctl_lock);
10260	if (softc->flags & CTL_FLAG_MASTER_SHELF)
10261		pg = 0;
10262	else
10263		pg = 1;
10264	for (g = 0; g < num_target_port_groups; g++) {
10265		STAILQ_FOREACH(port, &softc->port_list, links) {
10266			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10267				continue;
10268			if (lun != NULL &&
10269			    ctl_map_lun_back(port->targ_port, lun->lun) >=
10270			    CTL_MAX_LUNS)
10271				continue;
10272			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
10273			scsi_ulto2b(p, pd->relative_port_id);
10274			if (port->init_devid && g == pg) {
10275				iid_len = port->init_devid->len;
10276				memcpy(pd->initiator_transportid,
10277				    port->init_devid->data, port->init_devid->len);
10278			} else
10279				iid_len = 0;
10280			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10281			pdc = (struct scsi_vpd_port_designation_cont *)
10282			    (&pd->initiator_transportid[iid_len]);
10283			if (port->port_devid && g == pg) {
10284				id_len = port->port_devid->len;
10285				memcpy(pdc->target_port_descriptors,
10286				    port->port_devid->data, port->port_devid->len);
10287			} else
10288				id_len = 0;
10289			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10290			pd = (struct scsi_vpd_port_designation *)
10291			    ((uint8_t *)pdc->target_port_descriptors + id_len);
10292		}
10293	}
10294	mtx_unlock(&softc->ctl_lock);
10295
10296	ctsio->scsi_status = SCSI_STATUS_OK;
10297	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10298	ctsio->be_move_done = ctl_config_move_done;
10299	ctl_datamove((union ctl_io *)ctsio);
10300
10301	return (CTL_RETVAL_COMPLETE);
10302}
10303
10304static int
10305ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10306{
10307	struct scsi_vpd_block_limits *bl_ptr;
10308	struct ctl_lun *lun;
10309	int bs;
10310
10311	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10312
10313	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10314	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10315	ctsio->kern_sg_entries = 0;
10316
10317	if (sizeof(*bl_ptr) < alloc_len) {
10318		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10319		ctsio->kern_data_len = sizeof(*bl_ptr);
10320		ctsio->kern_total_len = sizeof(*bl_ptr);
10321	} else {
10322		ctsio->residual = 0;
10323		ctsio->kern_data_len = alloc_len;
10324		ctsio->kern_total_len = alloc_len;
10325	}
10326	ctsio->kern_data_resid = 0;
10327	ctsio->kern_rel_offset = 0;
10328	ctsio->kern_sg_entries = 0;
10329
10330	/*
10331	 * The control device is always connected.  The disk device, on the
10332	 * other hand, may not be online all the time.  Need to change this
10333	 * to figure out whether the disk device is actually online or not.
10334	 */
10335	if (lun != NULL)
10336		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10337				  lun->be_lun->lun_type;
10338	else
10339		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10340
10341	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10342	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10343	bl_ptr->max_cmp_write_len = 0xff;
10344	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10345	if (lun != NULL) {
10346		bs = lun->be_lun->blocksize;
10347		scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
10348		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10349			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10350			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10351			if (lun->be_lun->pblockexp != 0) {
10352				scsi_ulto4b((1 << lun->be_lun->pblockexp),
10353				    bl_ptr->opt_unmap_grain);
10354				scsi_ulto4b(0x80000000 | lun->be_lun->pblockoff,
10355				    bl_ptr->unmap_grain_align);
10356			}
10357		}
10358		scsi_ulto4b(lun->be_lun->atomicblock,
10359		    bl_ptr->max_atomic_transfer_length);
10360		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10361		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10362	}
10363	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10364
10365	ctsio->scsi_status = SCSI_STATUS_OK;
10366	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10367	ctsio->be_move_done = ctl_config_move_done;
10368	ctl_datamove((union ctl_io *)ctsio);
10369
10370	return (CTL_RETVAL_COMPLETE);
10371}
10372
10373static int
10374ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10375{
10376	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10377	struct ctl_lun *lun;
10378	const char *value;
10379	u_int i;
10380
10381	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10382
10383	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10384	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10385	ctsio->kern_sg_entries = 0;
10386
10387	if (sizeof(*bdc_ptr) < alloc_len) {
10388		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10389		ctsio->kern_data_len = sizeof(*bdc_ptr);
10390		ctsio->kern_total_len = sizeof(*bdc_ptr);
10391	} else {
10392		ctsio->residual = 0;
10393		ctsio->kern_data_len = alloc_len;
10394		ctsio->kern_total_len = alloc_len;
10395	}
10396	ctsio->kern_data_resid = 0;
10397	ctsio->kern_rel_offset = 0;
10398	ctsio->kern_sg_entries = 0;
10399
10400	/*
10401	 * The control device is always connected.  The disk device, on the
10402	 * other hand, may not be online all the time.  Need to change this
10403	 * to figure out whether the disk device is actually online or not.
10404	 */
10405	if (lun != NULL)
10406		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10407				  lun->be_lun->lun_type;
10408	else
10409		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10410	bdc_ptr->page_code = SVPD_BDC;
10411	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10412	if (lun != NULL &&
10413	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10414		i = strtol(value, NULL, 0);
10415	else
10416		i = CTL_DEFAULT_ROTATION_RATE;
10417	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10418	if (lun != NULL &&
10419	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10420		i = strtol(value, NULL, 0);
10421	else
10422		i = 0;
10423	bdc_ptr->wab_wac_ff = (i & 0x0f);
10424	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10425
10426	ctsio->scsi_status = SCSI_STATUS_OK;
10427	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10428	ctsio->be_move_done = ctl_config_move_done;
10429	ctl_datamove((union ctl_io *)ctsio);
10430
10431	return (CTL_RETVAL_COMPLETE);
10432}
10433
10434static int
10435ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10436{
10437	struct scsi_vpd_logical_block_prov *lbp_ptr;
10438	struct ctl_lun *lun;
10439
10440	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10441
10442	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10443	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10444	ctsio->kern_sg_entries = 0;
10445
10446	if (sizeof(*lbp_ptr) < alloc_len) {
10447		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10448		ctsio->kern_data_len = sizeof(*lbp_ptr);
10449		ctsio->kern_total_len = sizeof(*lbp_ptr);
10450	} else {
10451		ctsio->residual = 0;
10452		ctsio->kern_data_len = alloc_len;
10453		ctsio->kern_total_len = alloc_len;
10454	}
10455	ctsio->kern_data_resid = 0;
10456	ctsio->kern_rel_offset = 0;
10457	ctsio->kern_sg_entries = 0;
10458
10459	/*
10460	 * The control device is always connected.  The disk device, on the
10461	 * other hand, may not be online all the time.  Need to change this
10462	 * to figure out whether the disk device is actually online or not.
10463	 */
10464	if (lun != NULL)
10465		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10466				  lun->be_lun->lun_type;
10467	else
10468		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10469
10470	lbp_ptr->page_code = SVPD_LBP;
10471	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10472	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10473		lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10474		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10475		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10476		lbp_ptr->prov_type = SVPD_LBP_THIN;
10477	}
10478
10479	ctsio->scsi_status = SCSI_STATUS_OK;
10480	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10481	ctsio->be_move_done = ctl_config_move_done;
10482	ctl_datamove((union ctl_io *)ctsio);
10483
10484	return (CTL_RETVAL_COMPLETE);
10485}
10486
10487static int
10488ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10489{
10490	struct scsi_inquiry *cdb;
10491	struct ctl_lun *lun;
10492	int alloc_len, retval;
10493
10494	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10495	cdb = (struct scsi_inquiry *)ctsio->cdb;
10496
10497	retval = CTL_RETVAL_COMPLETE;
10498
10499	alloc_len = scsi_2btoul(cdb->length);
10500
10501	switch (cdb->page_code) {
10502	case SVPD_SUPPORTED_PAGES:
10503		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10504		break;
10505	case SVPD_UNIT_SERIAL_NUMBER:
10506		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10507		break;
10508	case SVPD_DEVICE_ID:
10509		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10510		break;
10511	case SVPD_EXTENDED_INQUIRY_DATA:
10512		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10513		break;
10514	case SVPD_MODE_PAGE_POLICY:
10515		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10516		break;
10517	case SVPD_SCSI_PORTS:
10518		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10519		break;
10520	case SVPD_SCSI_TPC:
10521		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10522		break;
10523	case SVPD_BLOCK_LIMITS:
10524		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10525		break;
10526	case SVPD_BDC:
10527		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10528		break;
10529	case SVPD_LBP:
10530		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10531		break;
10532	default:
10533		ctl_set_invalid_field(ctsio,
10534				      /*sks_valid*/ 1,
10535				      /*command*/ 1,
10536				      /*field*/ 2,
10537				      /*bit_valid*/ 0,
10538				      /*bit*/ 0);
10539		ctl_done((union ctl_io *)ctsio);
10540		retval = CTL_RETVAL_COMPLETE;
10541		break;
10542	}
10543
10544	return (retval);
10545}
10546
10547static int
10548ctl_inquiry_std(struct ctl_scsiio *ctsio)
10549{
10550	struct scsi_inquiry_data *inq_ptr;
10551	struct scsi_inquiry *cdb;
10552	struct ctl_softc *ctl_softc;
10553	struct ctl_lun *lun;
10554	char *val;
10555	uint32_t alloc_len, data_len;
10556	ctl_port_type port_type;
10557
10558	ctl_softc = control_softc;
10559
10560	/*
10561	 * Figure out whether we're talking to a Fibre Channel port or not.
10562	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10563	 * SCSI front ends.
10564	 */
10565	port_type = ctl_softc->ctl_ports[
10566	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
10567	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10568		port_type = CTL_PORT_SCSI;
10569
10570	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10571	cdb = (struct scsi_inquiry *)ctsio->cdb;
10572	alloc_len = scsi_2btoul(cdb->length);
10573
10574	/*
10575	 * We malloc the full inquiry data size here and fill it
10576	 * in.  If the user only asks for less, we'll give him
10577	 * that much.
10578	 */
10579	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10580	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10581	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10582	ctsio->kern_sg_entries = 0;
10583	ctsio->kern_data_resid = 0;
10584	ctsio->kern_rel_offset = 0;
10585
10586	if (data_len < alloc_len) {
10587		ctsio->residual = alloc_len - data_len;
10588		ctsio->kern_data_len = data_len;
10589		ctsio->kern_total_len = data_len;
10590	} else {
10591		ctsio->residual = 0;
10592		ctsio->kern_data_len = alloc_len;
10593		ctsio->kern_total_len = alloc_len;
10594	}
10595
10596	/*
10597	 * If we have a LUN configured, report it as connected.  Otherwise,
10598	 * report that it is offline or no device is supported, depending
10599	 * on the value of inquiry_pq_no_lun.
10600	 *
10601	 * According to the spec (SPC-4 r34), the peripheral qualifier
10602	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10603	 *
10604	 * "A peripheral device having the specified peripheral device type
10605	 * is not connected to this logical unit. However, the device
10606	 * server is capable of supporting the specified peripheral device
10607	 * type on this logical unit."
10608	 *
10609	 * According to the same spec, the peripheral qualifier
10610	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10611	 *
10612	 * "The device server is not capable of supporting a peripheral
10613	 * device on this logical unit. For this peripheral qualifier the
10614	 * peripheral device type shall be set to 1Fh. All other peripheral
10615	 * device type values are reserved for this peripheral qualifier."
10616	 *
10617	 * Given the text, it would seem that we probably want to report that
10618	 * the LUN is offline here.  There is no LUN connected, but we can
10619	 * support a LUN at the given LUN number.
10620	 *
10621	 * In the real world, though, it sounds like things are a little
10622	 * different:
10623	 *
10624	 * - Linux, when presented with a LUN with the offline peripheral
10625	 *   qualifier, will create an sg driver instance for it.  So when
10626	 *   you attach it to CTL, you wind up with a ton of sg driver
10627	 *   instances.  (One for every LUN that Linux bothered to probe.)
10628	 *   Linux does this despite the fact that it issues a REPORT LUNs
10629	 *   to LUN 0 to get the inventory of supported LUNs.
10630	 *
10631	 * - There is other anecdotal evidence (from Emulex folks) about
10632	 *   arrays that use the offline peripheral qualifier for LUNs that
10633	 *   are on the "passive" path in an active/passive array.
10634	 *
10635	 * So the solution is provide a hopefully reasonable default
10636	 * (return bad/no LUN) and allow the user to change the behavior
10637	 * with a tunable/sysctl variable.
10638	 */
10639	if (lun != NULL)
10640		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10641				  lun->be_lun->lun_type;
10642	else if (ctl_softc->inquiry_pq_no_lun == 0)
10643		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10644	else
10645		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10646
10647	/* RMB in byte 2 is 0 */
10648	inq_ptr->version = SCSI_REV_SPC4;
10649
10650	/*
10651	 * According to SAM-3, even if a device only supports a single
10652	 * level of LUN addressing, it should still set the HISUP bit:
10653	 *
10654	 * 4.9.1 Logical unit numbers overview
10655	 *
10656	 * All logical unit number formats described in this standard are
10657	 * hierarchical in structure even when only a single level in that
10658	 * hierarchy is used. The HISUP bit shall be set to one in the
10659	 * standard INQUIRY data (see SPC-2) when any logical unit number
10660	 * format described in this standard is used.  Non-hierarchical
10661	 * formats are outside the scope of this standard.
10662	 *
10663	 * Therefore we set the HiSup bit here.
10664	 *
10665	 * The reponse format is 2, per SPC-3.
10666	 */
10667	inq_ptr->response_format = SID_HiSup | 2;
10668
10669	inq_ptr->additional_length = data_len -
10670	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10671	CTL_DEBUG_PRINT(("additional_length = %d\n",
10672			 inq_ptr->additional_length));
10673
10674	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10675	/* 16 bit addressing */
10676	if (port_type == CTL_PORT_SCSI)
10677		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10678	/* XXX set the SID_MultiP bit here if we're actually going to
10679	   respond on multiple ports */
10680	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10681
10682	/* 16 bit data bus, synchronous transfers */
10683	if (port_type == CTL_PORT_SCSI)
10684		inq_ptr->flags = SID_WBus16 | SID_Sync;
10685	/*
10686	 * XXX KDM do we want to support tagged queueing on the control
10687	 * device at all?
10688	 */
10689	if ((lun == NULL)
10690	 || (lun->be_lun->lun_type != T_PROCESSOR))
10691		inq_ptr->flags |= SID_CmdQue;
10692	/*
10693	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10694	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10695	 * name and 4 bytes for the revision.
10696	 */
10697	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10698	    "vendor")) == NULL) {
10699		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10700	} else {
10701		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10702		strncpy(inq_ptr->vendor, val,
10703		    min(sizeof(inq_ptr->vendor), strlen(val)));
10704	}
10705	if (lun == NULL) {
10706		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10707		    sizeof(inq_ptr->product));
10708	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10709		switch (lun->be_lun->lun_type) {
10710		case T_DIRECT:
10711			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10712			    sizeof(inq_ptr->product));
10713			break;
10714		case T_PROCESSOR:
10715			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10716			    sizeof(inq_ptr->product));
10717			break;
10718		default:
10719			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10720			    sizeof(inq_ptr->product));
10721			break;
10722		}
10723	} else {
10724		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10725		strncpy(inq_ptr->product, val,
10726		    min(sizeof(inq_ptr->product), strlen(val)));
10727	}
10728
10729	/*
10730	 * XXX make this a macro somewhere so it automatically gets
10731	 * incremented when we make changes.
10732	 */
10733	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10734	    "revision")) == NULL) {
10735		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10736	} else {
10737		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10738		strncpy(inq_ptr->revision, val,
10739		    min(sizeof(inq_ptr->revision), strlen(val)));
10740	}
10741
10742	/*
10743	 * For parallel SCSI, we support double transition and single
10744	 * transition clocking.  We also support QAS (Quick Arbitration
10745	 * and Selection) and Information Unit transfers on both the
10746	 * control and array devices.
10747	 */
10748	if (port_type == CTL_PORT_SCSI)
10749		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10750				    SID_SPI_IUS;
10751
10752	/* SAM-5 (no version claimed) */
10753	scsi_ulto2b(0x00A0, inq_ptr->version1);
10754	/* SPC-4 (no version claimed) */
10755	scsi_ulto2b(0x0460, inq_ptr->version2);
10756	if (port_type == CTL_PORT_FC) {
10757		/* FCP-2 ANSI INCITS.350:2003 */
10758		scsi_ulto2b(0x0917, inq_ptr->version3);
10759	} else if (port_type == CTL_PORT_SCSI) {
10760		/* SPI-4 ANSI INCITS.362:200x */
10761		scsi_ulto2b(0x0B56, inq_ptr->version3);
10762	} else if (port_type == CTL_PORT_ISCSI) {
10763		/* iSCSI (no version claimed) */
10764		scsi_ulto2b(0x0960, inq_ptr->version3);
10765	} else if (port_type == CTL_PORT_SAS) {
10766		/* SAS (no version claimed) */
10767		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10768	}
10769
10770	if (lun == NULL) {
10771		/* SBC-4 (no version claimed) */
10772		scsi_ulto2b(0x0600, inq_ptr->version4);
10773	} else {
10774		switch (lun->be_lun->lun_type) {
10775		case T_DIRECT:
10776			/* SBC-4 (no version claimed) */
10777			scsi_ulto2b(0x0600, inq_ptr->version4);
10778			break;
10779		case T_PROCESSOR:
10780		default:
10781			break;
10782		}
10783	}
10784
10785	ctsio->scsi_status = SCSI_STATUS_OK;
10786	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10787	ctsio->be_move_done = ctl_config_move_done;
10788	ctl_datamove((union ctl_io *)ctsio);
10789	return (CTL_RETVAL_COMPLETE);
10790}
10791
10792int
10793ctl_inquiry(struct ctl_scsiio *ctsio)
10794{
10795	struct scsi_inquiry *cdb;
10796	int retval;
10797
10798	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10799
10800	cdb = (struct scsi_inquiry *)ctsio->cdb;
10801	if (cdb->byte2 & SI_EVPD)
10802		retval = ctl_inquiry_evpd(ctsio);
10803	else if (cdb->page_code == 0)
10804		retval = ctl_inquiry_std(ctsio);
10805	else {
10806		ctl_set_invalid_field(ctsio,
10807				      /*sks_valid*/ 1,
10808				      /*command*/ 1,
10809				      /*field*/ 2,
10810				      /*bit_valid*/ 0,
10811				      /*bit*/ 0);
10812		ctl_done((union ctl_io *)ctsio);
10813		return (CTL_RETVAL_COMPLETE);
10814	}
10815
10816	return (retval);
10817}
10818
10819/*
10820 * For known CDB types, parse the LBA and length.
10821 */
10822static int
10823ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10824{
10825	if (io->io_hdr.io_type != CTL_IO_SCSI)
10826		return (1);
10827
10828	switch (io->scsiio.cdb[0]) {
10829	case COMPARE_AND_WRITE: {
10830		struct scsi_compare_and_write *cdb;
10831
10832		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10833
10834		*lba = scsi_8btou64(cdb->addr);
10835		*len = cdb->length;
10836		break;
10837	}
10838	case READ_6:
10839	case WRITE_6: {
10840		struct scsi_rw_6 *cdb;
10841
10842		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10843
10844		*lba = scsi_3btoul(cdb->addr);
10845		/* only 5 bits are valid in the most significant address byte */
10846		*lba &= 0x1fffff;
10847		*len = cdb->length;
10848		break;
10849	}
10850	case READ_10:
10851	case WRITE_10: {
10852		struct scsi_rw_10 *cdb;
10853
10854		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10855
10856		*lba = scsi_4btoul(cdb->addr);
10857		*len = scsi_2btoul(cdb->length);
10858		break;
10859	}
10860	case WRITE_VERIFY_10: {
10861		struct scsi_write_verify_10 *cdb;
10862
10863		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10864
10865		*lba = scsi_4btoul(cdb->addr);
10866		*len = scsi_2btoul(cdb->length);
10867		break;
10868	}
10869	case READ_12:
10870	case WRITE_12: {
10871		struct scsi_rw_12 *cdb;
10872
10873		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10874
10875		*lba = scsi_4btoul(cdb->addr);
10876		*len = scsi_4btoul(cdb->length);
10877		break;
10878	}
10879	case WRITE_VERIFY_12: {
10880		struct scsi_write_verify_12 *cdb;
10881
10882		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10883
10884		*lba = scsi_4btoul(cdb->addr);
10885		*len = scsi_4btoul(cdb->length);
10886		break;
10887	}
10888	case READ_16:
10889	case WRITE_16:
10890	case WRITE_ATOMIC_16: {
10891		struct scsi_rw_16 *cdb;
10892
10893		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10894
10895		*lba = scsi_8btou64(cdb->addr);
10896		*len = scsi_4btoul(cdb->length);
10897		break;
10898	}
10899	case WRITE_VERIFY_16: {
10900		struct scsi_write_verify_16 *cdb;
10901
10902		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10903
10904		*lba = scsi_8btou64(cdb->addr);
10905		*len = scsi_4btoul(cdb->length);
10906		break;
10907	}
10908	case WRITE_SAME_10: {
10909		struct scsi_write_same_10 *cdb;
10910
10911		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10912
10913		*lba = scsi_4btoul(cdb->addr);
10914		*len = scsi_2btoul(cdb->length);
10915		break;
10916	}
10917	case WRITE_SAME_16: {
10918		struct scsi_write_same_16 *cdb;
10919
10920		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10921
10922		*lba = scsi_8btou64(cdb->addr);
10923		*len = scsi_4btoul(cdb->length);
10924		break;
10925	}
10926	case VERIFY_10: {
10927		struct scsi_verify_10 *cdb;
10928
10929		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10930
10931		*lba = scsi_4btoul(cdb->addr);
10932		*len = scsi_2btoul(cdb->length);
10933		break;
10934	}
10935	case VERIFY_12: {
10936		struct scsi_verify_12 *cdb;
10937
10938		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10939
10940		*lba = scsi_4btoul(cdb->addr);
10941		*len = scsi_4btoul(cdb->length);
10942		break;
10943	}
10944	case VERIFY_16: {
10945		struct scsi_verify_16 *cdb;
10946
10947		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10948
10949		*lba = scsi_8btou64(cdb->addr);
10950		*len = scsi_4btoul(cdb->length);
10951		break;
10952	}
10953	case UNMAP: {
10954		*lba = 0;
10955		*len = UINT64_MAX;
10956		break;
10957	}
10958	default:
10959		return (1);
10960		break; /* NOTREACHED */
10961	}
10962
10963	return (0);
10964}
10965
10966static ctl_action
10967ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2)
10968{
10969	uint64_t endlba1, endlba2;
10970
10971	endlba1 = lba1 + len1 - 1;
10972	endlba2 = lba2 + len2 - 1;
10973
10974	if ((endlba1 < lba2)
10975	 || (endlba2 < lba1))
10976		return (CTL_ACTION_PASS);
10977	else
10978		return (CTL_ACTION_BLOCK);
10979}
10980
10981static int
10982ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10983{
10984	struct ctl_ptr_len_flags *ptrlen;
10985	struct scsi_unmap_desc *buf, *end, *range;
10986	uint64_t lba;
10987	uint32_t len;
10988
10989	/* If not UNMAP -- go other way. */
10990	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10991	    io->scsiio.cdb[0] != UNMAP)
10992		return (CTL_ACTION_ERROR);
10993
10994	/* If UNMAP without data -- block and wait for data. */
10995	ptrlen = (struct ctl_ptr_len_flags *)
10996	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10997	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10998	    ptrlen->ptr == NULL)
10999		return (CTL_ACTION_BLOCK);
11000
11001	/* UNMAP with data -- check for collision. */
11002	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
11003	end = buf + ptrlen->len / sizeof(*buf);
11004	for (range = buf; range < end; range++) {
11005		lba = scsi_8btou64(range->lba);
11006		len = scsi_4btoul(range->length);
11007		if ((lba < lba2 + len2) && (lba + len > lba2))
11008			return (CTL_ACTION_BLOCK);
11009	}
11010	return (CTL_ACTION_PASS);
11011}
11012
11013static ctl_action
11014ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
11015{
11016	uint64_t lba1, lba2;
11017	uint64_t len1, len2;
11018	int retval;
11019
11020	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
11021		return (CTL_ACTION_ERROR);
11022
11023	retval = ctl_extent_check_unmap(io2, lba1, len1);
11024	if (retval != CTL_ACTION_ERROR)
11025		return (retval);
11026
11027	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
11028		return (CTL_ACTION_ERROR);
11029
11030	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
11031}
11032
11033static ctl_action
11034ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
11035    union ctl_io *ooa_io)
11036{
11037	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
11038	ctl_serialize_action *serialize_row;
11039
11040	/*
11041	 * The initiator attempted multiple untagged commands at the same
11042	 * time.  Can't do that.
11043	 */
11044	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11045	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11046	 && ((pending_io->io_hdr.nexus.targ_port ==
11047	      ooa_io->io_hdr.nexus.targ_port)
11048	  && (pending_io->io_hdr.nexus.initid.id ==
11049	      ooa_io->io_hdr.nexus.initid.id))
11050	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
11051		return (CTL_ACTION_OVERLAP);
11052
11053	/*
11054	 * The initiator attempted to send multiple tagged commands with
11055	 * the same ID.  (It's fine if different initiators have the same
11056	 * tag ID.)
11057	 *
11058	 * Even if all of those conditions are true, we don't kill the I/O
11059	 * if the command ahead of us has been aborted.  We won't end up
11060	 * sending it to the FETD, and it's perfectly legal to resend a
11061	 * command with the same tag number as long as the previous
11062	 * instance of this tag number has been aborted somehow.
11063	 */
11064	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
11065	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
11066	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
11067	 && ((pending_io->io_hdr.nexus.targ_port ==
11068	      ooa_io->io_hdr.nexus.targ_port)
11069	  && (pending_io->io_hdr.nexus.initid.id ==
11070	      ooa_io->io_hdr.nexus.initid.id))
11071	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
11072		return (CTL_ACTION_OVERLAP_TAG);
11073
11074	/*
11075	 * If we get a head of queue tag, SAM-3 says that we should
11076	 * immediately execute it.
11077	 *
11078	 * What happens if this command would normally block for some other
11079	 * reason?  e.g. a request sense with a head of queue tag
11080	 * immediately after a write.  Normally that would block, but this
11081	 * will result in its getting executed immediately...
11082	 *
11083	 * We currently return "pass" instead of "skip", so we'll end up
11084	 * going through the rest of the queue to check for overlapped tags.
11085	 *
11086	 * XXX KDM check for other types of blockage first??
11087	 */
11088	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11089		return (CTL_ACTION_PASS);
11090
11091	/*
11092	 * Ordered tags have to block until all items ahead of them
11093	 * have completed.  If we get called with an ordered tag, we always
11094	 * block, if something else is ahead of us in the queue.
11095	 */
11096	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
11097		return (CTL_ACTION_BLOCK);
11098
11099	/*
11100	 * Simple tags get blocked until all head of queue and ordered tags
11101	 * ahead of them have completed.  I'm lumping untagged commands in
11102	 * with simple tags here.  XXX KDM is that the right thing to do?
11103	 */
11104	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
11105	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
11106	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
11107	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
11108		return (CTL_ACTION_BLOCK);
11109
11110	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
11111	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
11112
11113	serialize_row = ctl_serialize_table[ooa_entry->seridx];
11114
11115	switch (serialize_row[pending_entry->seridx]) {
11116	case CTL_SER_BLOCK:
11117		return (CTL_ACTION_BLOCK);
11118	case CTL_SER_EXTENT:
11119		return (ctl_extent_check(pending_io, ooa_io));
11120	case CTL_SER_EXTENTOPT:
11121		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11122		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11123			return (ctl_extent_check(pending_io, ooa_io));
11124		/* FALLTHROUGH */
11125	case CTL_SER_PASS:
11126		return (CTL_ACTION_PASS);
11127	case CTL_SER_BLOCKOPT:
11128		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
11129		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
11130			return (CTL_ACTION_BLOCK);
11131		return (CTL_ACTION_PASS);
11132	case CTL_SER_SKIP:
11133		return (CTL_ACTION_SKIP);
11134	default:
11135		panic("invalid serialization value %d",
11136		      serialize_row[pending_entry->seridx]);
11137	}
11138
11139	return (CTL_ACTION_ERROR);
11140}
11141
11142/*
11143 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
11144 * Assumptions:
11145 * - pending_io is generally either incoming, or on the blocked queue
11146 * - starting I/O is the I/O we want to start the check with.
11147 */
11148static ctl_action
11149ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
11150	      union ctl_io *starting_io)
11151{
11152	union ctl_io *ooa_io;
11153	ctl_action action;
11154
11155	mtx_assert(&lun->lun_lock, MA_OWNED);
11156
11157	/*
11158	 * Run back along the OOA queue, starting with the current
11159	 * blocked I/O and going through every I/O before it on the
11160	 * queue.  If starting_io is NULL, we'll just end up returning
11161	 * CTL_ACTION_PASS.
11162	 */
11163	for (ooa_io = starting_io; ooa_io != NULL;
11164	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
11165	     ooa_links)){
11166
11167		/*
11168		 * This routine just checks to see whether
11169		 * cur_blocked is blocked by ooa_io, which is ahead
11170		 * of it in the queue.  It doesn't queue/dequeue
11171		 * cur_blocked.
11172		 */
11173		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
11174		switch (action) {
11175		case CTL_ACTION_BLOCK:
11176		case CTL_ACTION_OVERLAP:
11177		case CTL_ACTION_OVERLAP_TAG:
11178		case CTL_ACTION_SKIP:
11179		case CTL_ACTION_ERROR:
11180			return (action);
11181			break; /* NOTREACHED */
11182		case CTL_ACTION_PASS:
11183			break;
11184		default:
11185			panic("invalid action %d", action);
11186			break;  /* NOTREACHED */
11187		}
11188	}
11189
11190	return (CTL_ACTION_PASS);
11191}
11192
11193/*
11194 * Assumptions:
11195 * - An I/O has just completed, and has been removed from the per-LUN OOA
11196 *   queue, so some items on the blocked queue may now be unblocked.
11197 */
11198static int
11199ctl_check_blocked(struct ctl_lun *lun)
11200{
11201	union ctl_io *cur_blocked, *next_blocked;
11202
11203	mtx_assert(&lun->lun_lock, MA_OWNED);
11204
11205	/*
11206	 * Run forward from the head of the blocked queue, checking each
11207	 * entry against the I/Os prior to it on the OOA queue to see if
11208	 * there is still any blockage.
11209	 *
11210	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11211	 * with our removing a variable on it while it is traversing the
11212	 * list.
11213	 */
11214	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11215	     cur_blocked != NULL; cur_blocked = next_blocked) {
11216		union ctl_io *prev_ooa;
11217		ctl_action action;
11218
11219		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11220							  blocked_links);
11221
11222		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11223						      ctl_ooaq, ooa_links);
11224
11225		/*
11226		 * If cur_blocked happens to be the first item in the OOA
11227		 * queue now, prev_ooa will be NULL, and the action
11228		 * returned will just be CTL_ACTION_PASS.
11229		 */
11230		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11231
11232		switch (action) {
11233		case CTL_ACTION_BLOCK:
11234			/* Nothing to do here, still blocked */
11235			break;
11236		case CTL_ACTION_OVERLAP:
11237		case CTL_ACTION_OVERLAP_TAG:
11238			/*
11239			 * This shouldn't happen!  In theory we've already
11240			 * checked this command for overlap...
11241			 */
11242			break;
11243		case CTL_ACTION_PASS:
11244		case CTL_ACTION_SKIP: {
11245			struct ctl_softc *softc;
11246			const struct ctl_cmd_entry *entry;
11247			uint32_t initidx;
11248			int isc_retval;
11249
11250			/*
11251			 * The skip case shouldn't happen, this transaction
11252			 * should have never made it onto the blocked queue.
11253			 */
11254			/*
11255			 * This I/O is no longer blocked, we can remove it
11256			 * from the blocked queue.  Since this is a TAILQ
11257			 * (doubly linked list), we can do O(1) removals
11258			 * from any place on the list.
11259			 */
11260			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11261				     blocked_links);
11262			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11263
11264			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
11265				/*
11266				 * Need to send IO back to original side to
11267				 * run
11268				 */
11269				union ctl_ha_msg msg_info;
11270
11271				msg_info.hdr.original_sc =
11272					cur_blocked->io_hdr.original_sc;
11273				msg_info.hdr.serializing_sc = cur_blocked;
11274				msg_info.hdr.msg_type = CTL_MSG_R2R;
11275				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11276				     &msg_info, sizeof(msg_info), 0)) >
11277				     CTL_HA_STATUS_SUCCESS) {
11278					printf("CTL:Check Blocked error from "
11279					       "ctl_ha_msg_send %d\n",
11280					       isc_retval);
11281				}
11282				break;
11283			}
11284			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11285			softc = control_softc;
11286
11287			initidx = ctl_get_initindex(&cur_blocked->io_hdr.nexus);
11288
11289			/*
11290			 * Check this I/O for LUN state changes that may
11291			 * have happened while this command was blocked.
11292			 * The LUN state may have been changed by a command
11293			 * ahead of us in the queue, so we need to re-check
11294			 * for any states that can be caused by SCSI
11295			 * commands.
11296			 */
11297			if (ctl_scsiio_lun_check(softc, lun, entry,
11298						 &cur_blocked->scsiio) == 0) {
11299				cur_blocked->io_hdr.flags |=
11300				                      CTL_FLAG_IS_WAS_ON_RTR;
11301				ctl_enqueue_rtr(cur_blocked);
11302			} else
11303				ctl_done(cur_blocked);
11304			break;
11305		}
11306		default:
11307			/*
11308			 * This probably shouldn't happen -- we shouldn't
11309			 * get CTL_ACTION_ERROR, or anything else.
11310			 */
11311			break;
11312		}
11313	}
11314
11315	return (CTL_RETVAL_COMPLETE);
11316}
11317
11318/*
11319 * This routine (with one exception) checks LUN flags that can be set by
11320 * commands ahead of us in the OOA queue.  These flags have to be checked
11321 * when a command initially comes in, and when we pull a command off the
11322 * blocked queue and are preparing to execute it.  The reason we have to
11323 * check these flags for commands on the blocked queue is that the LUN
11324 * state may have been changed by a command ahead of us while we're on the
11325 * blocked queue.
11326 *
11327 * Ordering is somewhat important with these checks, so please pay
11328 * careful attention to the placement of any new checks.
11329 */
11330static int
11331ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
11332    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11333{
11334	int retval;
11335	uint32_t residx;
11336
11337	retval = 0;
11338
11339	mtx_assert(&lun->lun_lock, MA_OWNED);
11340
11341	/*
11342	 * If this shelf is a secondary shelf controller, we have to reject
11343	 * any media access commands.
11344	 */
11345#if 0
11346	/* No longer needed for HA */
11347	if (((ctl_softc->flags & CTL_FLAG_MASTER_SHELF) == 0)
11348	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0)) {
11349		ctl_set_lun_standby(ctsio);
11350		retval = 1;
11351		goto bailout;
11352	}
11353#endif
11354
11355	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11356		if (lun->flags & CTL_LUN_READONLY) {
11357			ctl_set_sense(ctsio, /*current_error*/ 1,
11358			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11359			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
11360			retval = 1;
11361			goto bailout;
11362		}
11363		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11364		    .eca_and_aen & SCP_SWP) != 0) {
11365			ctl_set_sense(ctsio, /*current_error*/ 1,
11366			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11367			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11368			retval = 1;
11369			goto bailout;
11370		}
11371	}
11372
11373	/*
11374	 * Check for a reservation conflict.  If this command isn't allowed
11375	 * even on reserved LUNs, and if this initiator isn't the one who
11376	 * reserved us, reject the command with a reservation conflict.
11377	 */
11378	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
11379	if ((lun->flags & CTL_LUN_RESERVED)
11380	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11381		if (lun->res_idx != residx) {
11382			ctl_set_reservation_conflict(ctsio);
11383			retval = 1;
11384			goto bailout;
11385		}
11386	}
11387
11388	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11389	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11390		/* No reservation or command is allowed. */;
11391	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11392	    (lun->res_type == SPR_TYPE_WR_EX ||
11393	     lun->res_type == SPR_TYPE_WR_EX_RO ||
11394	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
11395		/* The command is allowed for Write Exclusive resv. */;
11396	} else {
11397		/*
11398		 * if we aren't registered or it's a res holder type
11399		 * reservation and this isn't the res holder then set a
11400		 * conflict.
11401		 */
11402		if (lun->pr_keys[residx] == 0
11403		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11404			ctl_set_reservation_conflict(ctsio);
11405			retval = 1;
11406			goto bailout;
11407		}
11408
11409	}
11410
11411	if ((lun->flags & CTL_LUN_OFFLINE)
11412	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
11413		ctl_set_lun_not_ready(ctsio);
11414		retval = 1;
11415		goto bailout;
11416	}
11417
11418	/*
11419	 * If the LUN is stopped, see if this particular command is allowed
11420	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
11421	 */
11422	if ((lun->flags & CTL_LUN_STOPPED)
11423	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11424		/* "Logical unit not ready, initializing cmd. required" */
11425		ctl_set_lun_stopped(ctsio);
11426		retval = 1;
11427		goto bailout;
11428	}
11429
11430	if ((lun->flags & CTL_LUN_INOPERABLE)
11431	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11432		/* "Medium format corrupted" */
11433		ctl_set_medium_format_corrupted(ctsio);
11434		retval = 1;
11435		goto bailout;
11436	}
11437
11438bailout:
11439	return (retval);
11440
11441}
11442
11443static void
11444ctl_failover_io(union ctl_io *io, int have_lock)
11445{
11446	ctl_set_busy(&io->scsiio);
11447	ctl_done(io);
11448}
11449
11450static void
11451ctl_failover(void)
11452{
11453	struct ctl_lun *lun;
11454	struct ctl_softc *ctl_softc;
11455	union ctl_io *next_io, *pending_io;
11456	union ctl_io *io;
11457	int lun_idx;
11458	int i;
11459
11460	ctl_softc = control_softc;
11461
11462	mtx_lock(&ctl_softc->ctl_lock);
11463	/*
11464	 * Remove any cmds from the other SC from the rtr queue.  These
11465	 * will obviously only be for LUNs for which we're the primary.
11466	 * We can't send status or get/send data for these commands.
11467	 * Since they haven't been executed yet, we can just remove them.
11468	 * We'll either abort them or delete them below, depending on
11469	 * which HA mode we're in.
11470	 */
11471#ifdef notyet
11472	mtx_lock(&ctl_softc->queue_lock);
11473	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
11474	     io != NULL; io = next_io) {
11475		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
11476		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11477			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
11478				      ctl_io_hdr, links);
11479	}
11480	mtx_unlock(&ctl_softc->queue_lock);
11481#endif
11482
11483	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
11484		lun = ctl_softc->ctl_luns[lun_idx];
11485		if (lun==NULL)
11486			continue;
11487
11488		/*
11489		 * Processor LUNs are primary on both sides.
11490		 * XXX will this always be true?
11491		 */
11492		if (lun->be_lun->lun_type == T_PROCESSOR)
11493			continue;
11494
11495		if ((lun->flags & CTL_LUN_PRIMARY_SC)
11496		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11497			printf("FAILOVER: primary lun %d\n", lun_idx);
11498		        /*
11499			 * Remove all commands from the other SC. First from the
11500			 * blocked queue then from the ooa queue. Once we have
11501			 * removed them. Call ctl_check_blocked to see if there
11502			 * is anything that can run.
11503			 */
11504			for (io = (union ctl_io *)TAILQ_FIRST(
11505			     &lun->blocked_queue); io != NULL; io = next_io) {
11506
11507		        	next_io = (union ctl_io *)TAILQ_NEXT(
11508				    &io->io_hdr, blocked_links);
11509
11510				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11511					TAILQ_REMOVE(&lun->blocked_queue,
11512						     &io->io_hdr,blocked_links);
11513					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11514					TAILQ_REMOVE(&lun->ooa_queue,
11515						     &io->io_hdr, ooa_links);
11516
11517					ctl_free_io(io);
11518				}
11519			}
11520
11521			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11522	     		     io != NULL; io = next_io) {
11523
11524		        	next_io = (union ctl_io *)TAILQ_NEXT(
11525				    &io->io_hdr, ooa_links);
11526
11527				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11528
11529					TAILQ_REMOVE(&lun->ooa_queue,
11530						&io->io_hdr,
11531					     	ooa_links);
11532
11533					ctl_free_io(io);
11534				}
11535			}
11536			ctl_check_blocked(lun);
11537		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
11538			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11539
11540			printf("FAILOVER: primary lun %d\n", lun_idx);
11541			/*
11542			 * Abort all commands from the other SC.  We can't
11543			 * send status back for them now.  These should get
11544			 * cleaned up when they are completed or come out
11545			 * for a datamove operation.
11546			 */
11547			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11548	     		     io != NULL; io = next_io) {
11549		        	next_io = (union ctl_io *)TAILQ_NEXT(
11550					&io->io_hdr, ooa_links);
11551
11552				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11553					io->io_hdr.flags |= CTL_FLAG_ABORT;
11554			}
11555		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11556			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11557
11558			printf("FAILOVER: secondary lun %d\n", lun_idx);
11559
11560			lun->flags |= CTL_LUN_PRIMARY_SC;
11561
11562			/*
11563			 * We send all I/O that was sent to this controller
11564			 * and redirected to the other side back with
11565			 * busy status, and have the initiator retry it.
11566			 * Figuring out how much data has been transferred,
11567			 * etc. and picking up where we left off would be
11568			 * very tricky.
11569			 *
11570			 * XXX KDM need to remove I/O from the blocked
11571			 * queue as well!
11572			 */
11573			for (pending_io = (union ctl_io *)TAILQ_FIRST(
11574			     &lun->ooa_queue); pending_io != NULL;
11575			     pending_io = next_io) {
11576
11577				next_io =  (union ctl_io *)TAILQ_NEXT(
11578					&pending_io->io_hdr, ooa_links);
11579
11580				pending_io->io_hdr.flags &=
11581					~CTL_FLAG_SENT_2OTHER_SC;
11582
11583				if (pending_io->io_hdr.flags &
11584				    CTL_FLAG_IO_ACTIVE) {
11585					pending_io->io_hdr.flags |=
11586						CTL_FLAG_FAILOVER;
11587				} else {
11588					ctl_set_busy(&pending_io->scsiio);
11589					ctl_done(pending_io);
11590				}
11591			}
11592
11593			/*
11594			 * Build Unit Attention
11595			 */
11596			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11597				lun->pending_ua[i] |=
11598				                     CTL_UA_ASYM_ACC_CHANGE;
11599			}
11600		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11601			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11602			printf("FAILOVER: secondary lun %d\n", lun_idx);
11603			/*
11604			 * if the first io on the OOA is not on the RtR queue
11605			 * add it.
11606			 */
11607			lun->flags |= CTL_LUN_PRIMARY_SC;
11608
11609			pending_io = (union ctl_io *)TAILQ_FIRST(
11610			    &lun->ooa_queue);
11611			if (pending_io==NULL) {
11612				printf("Nothing on OOA queue\n");
11613				continue;
11614			}
11615
11616			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11617			if ((pending_io->io_hdr.flags &
11618			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11619				pending_io->io_hdr.flags |=
11620				    CTL_FLAG_IS_WAS_ON_RTR;
11621				ctl_enqueue_rtr(pending_io);
11622			}
11623#if 0
11624			else
11625			{
11626				printf("Tag 0x%04x is running\n",
11627				      pending_io->scsiio.tag_num);
11628			}
11629#endif
11630
11631			next_io = (union ctl_io *)TAILQ_NEXT(
11632			    &pending_io->io_hdr, ooa_links);
11633			for (pending_io=next_io; pending_io != NULL;
11634			     pending_io = next_io) {
11635				pending_io->io_hdr.flags &=
11636				    ~CTL_FLAG_SENT_2OTHER_SC;
11637				next_io = (union ctl_io *)TAILQ_NEXT(
11638					&pending_io->io_hdr, ooa_links);
11639				if (pending_io->io_hdr.flags &
11640				    CTL_FLAG_IS_WAS_ON_RTR) {
11641#if 0
11642				        printf("Tag 0x%04x is running\n",
11643				      		pending_io->scsiio.tag_num);
11644#endif
11645					continue;
11646				}
11647
11648				switch (ctl_check_ooa(lun, pending_io,
11649			            (union ctl_io *)TAILQ_PREV(
11650				    &pending_io->io_hdr, ctl_ooaq,
11651				    ooa_links))) {
11652
11653				case CTL_ACTION_BLOCK:
11654					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11655							  &pending_io->io_hdr,
11656							  blocked_links);
11657					pending_io->io_hdr.flags |=
11658					    CTL_FLAG_BLOCKED;
11659					break;
11660				case CTL_ACTION_PASS:
11661				case CTL_ACTION_SKIP:
11662					pending_io->io_hdr.flags |=
11663					    CTL_FLAG_IS_WAS_ON_RTR;
11664					ctl_enqueue_rtr(pending_io);
11665					break;
11666				case CTL_ACTION_OVERLAP:
11667					ctl_set_overlapped_cmd(
11668					    (struct ctl_scsiio *)pending_io);
11669					ctl_done(pending_io);
11670					break;
11671				case CTL_ACTION_OVERLAP_TAG:
11672					ctl_set_overlapped_tag(
11673					    (struct ctl_scsiio *)pending_io,
11674					    pending_io->scsiio.tag_num & 0xff);
11675					ctl_done(pending_io);
11676					break;
11677				case CTL_ACTION_ERROR:
11678				default:
11679					ctl_set_internal_failure(
11680						(struct ctl_scsiio *)pending_io,
11681						0,  // sks_valid
11682						0); //retry count
11683					ctl_done(pending_io);
11684					break;
11685				}
11686			}
11687
11688			/*
11689			 * Build Unit Attention
11690			 */
11691			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
11692				lun->pending_ua[i] |=
11693				                     CTL_UA_ASYM_ACC_CHANGE;
11694			}
11695		} else {
11696			panic("Unhandled HA mode failover, LUN flags = %#x, "
11697			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
11698		}
11699	}
11700	ctl_pause_rtr = 0;
11701	mtx_unlock(&ctl_softc->ctl_lock);
11702}
11703
11704static int
11705ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
11706{
11707	struct ctl_lun *lun;
11708	const struct ctl_cmd_entry *entry;
11709	uint32_t initidx, targ_lun;
11710	int retval;
11711
11712	retval = 0;
11713
11714	lun = NULL;
11715
11716	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11717	if ((targ_lun < CTL_MAX_LUNS)
11718	 && (ctl_softc->ctl_luns[targ_lun] != NULL)) {
11719		lun = ctl_softc->ctl_luns[targ_lun];
11720		/*
11721		 * If the LUN is invalid, pretend that it doesn't exist.
11722		 * It will go away as soon as all pending I/O has been
11723		 * completed.
11724		 */
11725		if (lun->flags & CTL_LUN_DISABLED) {
11726			lun = NULL;
11727		} else {
11728			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11729			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11730				lun->be_lun;
11731			if (lun->be_lun->lun_type == T_PROCESSOR) {
11732				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11733			}
11734
11735			/*
11736			 * Every I/O goes into the OOA queue for a
11737			 * particular LUN, and stays there until completion.
11738			 */
11739			mtx_lock(&lun->lun_lock);
11740			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11741			    ooa_links);
11742		}
11743	} else {
11744		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11745		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11746	}
11747
11748	/* Get command entry and return error if it is unsuppotyed. */
11749	entry = ctl_validate_command(ctsio);
11750	if (entry == NULL) {
11751		if (lun)
11752			mtx_unlock(&lun->lun_lock);
11753		return (retval);
11754	}
11755
11756	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11757	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11758
11759	/*
11760	 * Check to see whether we can send this command to LUNs that don't
11761	 * exist.  This should pretty much only be the case for inquiry
11762	 * and request sense.  Further checks, below, really require having
11763	 * a LUN, so we can't really check the command anymore.  Just put
11764	 * it on the rtr queue.
11765	 */
11766	if (lun == NULL) {
11767		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11768			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11769			ctl_enqueue_rtr((union ctl_io *)ctsio);
11770			return (retval);
11771		}
11772
11773		ctl_set_unsupported_lun(ctsio);
11774		ctl_done((union ctl_io *)ctsio);
11775		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11776		return (retval);
11777	} else {
11778		/*
11779		 * Make sure we support this particular command on this LUN.
11780		 * e.g., we don't support writes to the control LUN.
11781		 */
11782		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11783			mtx_unlock(&lun->lun_lock);
11784			ctl_set_invalid_opcode(ctsio);
11785			ctl_done((union ctl_io *)ctsio);
11786			return (retval);
11787		}
11788	}
11789
11790	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11791
11792#ifdef CTL_WITH_CA
11793	/*
11794	 * If we've got a request sense, it'll clear the contingent
11795	 * allegiance condition.  Otherwise, if we have a CA condition for
11796	 * this initiator, clear it, because it sent down a command other
11797	 * than request sense.
11798	 */
11799	if ((ctsio->cdb[0] != REQUEST_SENSE)
11800	 && (ctl_is_set(lun->have_ca, initidx)))
11801		ctl_clear_mask(lun->have_ca, initidx);
11802#endif
11803
11804	/*
11805	 * If the command has this flag set, it handles its own unit
11806	 * attention reporting, we shouldn't do anything.  Otherwise we
11807	 * check for any pending unit attentions, and send them back to the
11808	 * initiator.  We only do this when a command initially comes in,
11809	 * not when we pull it off the blocked queue.
11810	 *
11811	 * According to SAM-3, section 5.3.2, the order that things get
11812	 * presented back to the host is basically unit attentions caused
11813	 * by some sort of reset event, busy status, reservation conflicts
11814	 * or task set full, and finally any other status.
11815	 *
11816	 * One issue here is that some of the unit attentions we report
11817	 * don't fall into the "reset" category (e.g. "reported luns data
11818	 * has changed").  So reporting it here, before the reservation
11819	 * check, may be technically wrong.  I guess the only thing to do
11820	 * would be to check for and report the reset events here, and then
11821	 * check for the other unit attention types after we check for a
11822	 * reservation conflict.
11823	 *
11824	 * XXX KDM need to fix this
11825	 */
11826	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11827		ctl_ua_type ua_type;
11828
11829		if (lun->pending_ua[initidx] != CTL_UA_NONE) {
11830			scsi_sense_data_type sense_format;
11831
11832			if (lun != NULL)
11833				sense_format = (lun->flags &
11834				    CTL_LUN_SENSE_DESC) ? SSD_TYPE_DESC :
11835				    SSD_TYPE_FIXED;
11836			else
11837				sense_format = SSD_TYPE_FIXED;
11838
11839			ua_type = ctl_build_ua(&lun->pending_ua[initidx],
11840			    &ctsio->sense_data, sense_format);
11841			if (ua_type != CTL_UA_NONE) {
11842				ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11843				ctsio->io_hdr.status = CTL_SCSI_ERROR |
11844						       CTL_AUTOSENSE;
11845				ctsio->sense_len = SSD_FULL_SIZE;
11846				mtx_unlock(&lun->lun_lock);
11847				ctl_done((union ctl_io *)ctsio);
11848				return (retval);
11849			}
11850		}
11851	}
11852
11853
11854	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
11855		mtx_unlock(&lun->lun_lock);
11856		ctl_done((union ctl_io *)ctsio);
11857		return (retval);
11858	}
11859
11860	/*
11861	 * XXX CHD this is where we want to send IO to other side if
11862	 * this LUN is secondary on this SC. We will need to make a copy
11863	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11864	 * the copy we send as FROM_OTHER.
11865	 * We also need to stuff the address of the original IO so we can
11866	 * find it easily. Something similar will need be done on the other
11867	 * side so when we are done we can find the copy.
11868	 */
11869	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11870		union ctl_ha_msg msg_info;
11871		int isc_retval;
11872
11873		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11874
11875		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11876		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11877#if 0
11878		printf("1. ctsio %p\n", ctsio);
11879#endif
11880		msg_info.hdr.serializing_sc = NULL;
11881		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11882		msg_info.scsi.tag_num = ctsio->tag_num;
11883		msg_info.scsi.tag_type = ctsio->tag_type;
11884		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11885
11886		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11887
11888		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11889		    (void *)&msg_info, sizeof(msg_info), 0)) >
11890		    CTL_HA_STATUS_SUCCESS) {
11891			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11892			       isc_retval);
11893			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11894		} else {
11895#if 0
11896			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11897#endif
11898		}
11899
11900		/*
11901		 * XXX KDM this I/O is off the incoming queue, but hasn't
11902		 * been inserted on any other queue.  We may need to come
11903		 * up with a holding queue while we wait for serialization
11904		 * so that we have an idea of what we're waiting for from
11905		 * the other side.
11906		 */
11907		mtx_unlock(&lun->lun_lock);
11908		return (retval);
11909	}
11910
11911	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11912			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11913			      ctl_ooaq, ooa_links))) {
11914	case CTL_ACTION_BLOCK:
11915		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11916		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11917				  blocked_links);
11918		mtx_unlock(&lun->lun_lock);
11919		return (retval);
11920	case CTL_ACTION_PASS:
11921	case CTL_ACTION_SKIP:
11922		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11923		mtx_unlock(&lun->lun_lock);
11924		ctl_enqueue_rtr((union ctl_io *)ctsio);
11925		break;
11926	case CTL_ACTION_OVERLAP:
11927		mtx_unlock(&lun->lun_lock);
11928		ctl_set_overlapped_cmd(ctsio);
11929		ctl_done((union ctl_io *)ctsio);
11930		break;
11931	case CTL_ACTION_OVERLAP_TAG:
11932		mtx_unlock(&lun->lun_lock);
11933		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11934		ctl_done((union ctl_io *)ctsio);
11935		break;
11936	case CTL_ACTION_ERROR:
11937	default:
11938		mtx_unlock(&lun->lun_lock);
11939		ctl_set_internal_failure(ctsio,
11940					 /*sks_valid*/ 0,
11941					 /*retry_count*/ 0);
11942		ctl_done((union ctl_io *)ctsio);
11943		break;
11944	}
11945	return (retval);
11946}
11947
11948const struct ctl_cmd_entry *
11949ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11950{
11951	const struct ctl_cmd_entry *entry;
11952	int service_action;
11953
11954	entry = &ctl_cmd_table[ctsio->cdb[0]];
11955	if (sa)
11956		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11957	if (entry->flags & CTL_CMD_FLAG_SA5) {
11958		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11959		entry = &((const struct ctl_cmd_entry *)
11960		    entry->execute)[service_action];
11961	}
11962	return (entry);
11963}
11964
11965const struct ctl_cmd_entry *
11966ctl_validate_command(struct ctl_scsiio *ctsio)
11967{
11968	const struct ctl_cmd_entry *entry;
11969	int i, sa;
11970	uint8_t diff;
11971
11972	entry = ctl_get_cmd_entry(ctsio, &sa);
11973	if (entry->execute == NULL) {
11974		if (sa)
11975			ctl_set_invalid_field(ctsio,
11976					      /*sks_valid*/ 1,
11977					      /*command*/ 1,
11978					      /*field*/ 1,
11979					      /*bit_valid*/ 1,
11980					      /*bit*/ 4);
11981		else
11982			ctl_set_invalid_opcode(ctsio);
11983		ctl_done((union ctl_io *)ctsio);
11984		return (NULL);
11985	}
11986	KASSERT(entry->length > 0,
11987	    ("Not defined length for command 0x%02x/0x%02x",
11988	     ctsio->cdb[0], ctsio->cdb[1]));
11989	for (i = 1; i < entry->length; i++) {
11990		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11991		if (diff == 0)
11992			continue;
11993		ctl_set_invalid_field(ctsio,
11994				      /*sks_valid*/ 1,
11995				      /*command*/ 1,
11996				      /*field*/ i,
11997				      /*bit_valid*/ 1,
11998				      /*bit*/ fls(diff) - 1);
11999		ctl_done((union ctl_io *)ctsio);
12000		return (NULL);
12001	}
12002	return (entry);
12003}
12004
12005static int
12006ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
12007{
12008
12009	switch (lun_type) {
12010	case T_PROCESSOR:
12011		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
12012		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
12013			return (0);
12014		break;
12015	case T_DIRECT:
12016		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
12017		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
12018			return (0);
12019		break;
12020	default:
12021		return (0);
12022	}
12023	return (1);
12024}
12025
12026static int
12027ctl_scsiio(struct ctl_scsiio *ctsio)
12028{
12029	int retval;
12030	const struct ctl_cmd_entry *entry;
12031
12032	retval = CTL_RETVAL_COMPLETE;
12033
12034	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
12035
12036	entry = ctl_get_cmd_entry(ctsio, NULL);
12037
12038	/*
12039	 * If this I/O has been aborted, just send it straight to
12040	 * ctl_done() without executing it.
12041	 */
12042	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
12043		ctl_done((union ctl_io *)ctsio);
12044		goto bailout;
12045	}
12046
12047	/*
12048	 * All the checks should have been handled by ctl_scsiio_precheck().
12049	 * We should be clear now to just execute the I/O.
12050	 */
12051	retval = entry->execute(ctsio);
12052
12053bailout:
12054	return (retval);
12055}
12056
12057/*
12058 * Since we only implement one target right now, a bus reset simply resets
12059 * our single target.
12060 */
12061static int
12062ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
12063{
12064	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
12065}
12066
12067static int
12068ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
12069		 ctl_ua_type ua_type)
12070{
12071	struct ctl_lun *lun;
12072	int retval;
12073
12074	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12075		union ctl_ha_msg msg_info;
12076
12077		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
12078		msg_info.hdr.nexus = io->io_hdr.nexus;
12079		if (ua_type==CTL_UA_TARG_RESET)
12080			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
12081		else
12082			msg_info.task.task_action = CTL_TASK_BUS_RESET;
12083		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12084		msg_info.hdr.original_sc = NULL;
12085		msg_info.hdr.serializing_sc = NULL;
12086		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12087		    (void *)&msg_info, sizeof(msg_info), 0)) {
12088		}
12089	}
12090	retval = 0;
12091
12092	mtx_lock(&ctl_softc->ctl_lock);
12093	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
12094		retval += ctl_lun_reset(lun, io, ua_type);
12095	mtx_unlock(&ctl_softc->ctl_lock);
12096
12097	return (retval);
12098}
12099
12100/*
12101 * The LUN should always be set.  The I/O is optional, and is used to
12102 * distinguish between I/Os sent by this initiator, and by other
12103 * initiators.  We set unit attention for initiators other than this one.
12104 * SAM-3 is vague on this point.  It does say that a unit attention should
12105 * be established for other initiators when a LUN is reset (see section
12106 * 5.7.3), but it doesn't specifically say that the unit attention should
12107 * be established for this particular initiator when a LUN is reset.  Here
12108 * is the relevant text, from SAM-3 rev 8:
12109 *
12110 * 5.7.2 When a SCSI initiator port aborts its own tasks
12111 *
12112 * When a SCSI initiator port causes its own task(s) to be aborted, no
12113 * notification that the task(s) have been aborted shall be returned to
12114 * the SCSI initiator port other than the completion response for the
12115 * command or task management function action that caused the task(s) to
12116 * be aborted and notification(s) associated with related effects of the
12117 * action (e.g., a reset unit attention condition).
12118 *
12119 * XXX KDM for now, we're setting unit attention for all initiators.
12120 */
12121static int
12122ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
12123{
12124	union ctl_io *xio;
12125#if 0
12126	uint32_t initindex;
12127#endif
12128	int i;
12129
12130	mtx_lock(&lun->lun_lock);
12131	/*
12132	 * Run through the OOA queue and abort each I/O.
12133	 */
12134#if 0
12135	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
12136#endif
12137	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12138	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12139		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
12140	}
12141
12142	/*
12143	 * This version sets unit attention for every
12144	 */
12145#if 0
12146	initindex = ctl_get_initindex(&io->io_hdr.nexus);
12147	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
12148		if (initindex == i)
12149			continue;
12150		lun->pending_ua[i] |= ua_type;
12151	}
12152#endif
12153
12154	/*
12155	 * A reset (any kind, really) clears reservations established with
12156	 * RESERVE/RELEASE.  It does not clear reservations established
12157	 * with PERSISTENT RESERVE OUT, but we don't support that at the
12158	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
12159	 * reservations made with the RESERVE/RELEASE commands, because
12160	 * those commands are obsolete in SPC-3.
12161	 */
12162	lun->flags &= ~CTL_LUN_RESERVED;
12163
12164	for (i = 0; i < CTL_MAX_INITIATORS; i++) {
12165#ifdef CTL_WITH_CA
12166		ctl_clear_mask(lun->have_ca, i);
12167#endif
12168		lun->pending_ua[i] |= ua_type;
12169	}
12170	mtx_unlock(&lun->lun_lock);
12171
12172	return (0);
12173}
12174
12175static void
12176ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
12177    int other_sc)
12178{
12179	union ctl_io *xio;
12180
12181	mtx_assert(&lun->lun_lock, MA_OWNED);
12182
12183	/*
12184	 * Run through the OOA queue and attempt to find the given I/O.
12185	 * The target port, initiator ID, tag type and tag number have to
12186	 * match the values that we got from the initiator.  If we have an
12187	 * untagged command to abort, simply abort the first untagged command
12188	 * we come to.  We only allow one untagged command at a time of course.
12189	 */
12190	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12191	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12192
12193		if ((targ_port == UINT32_MAX ||
12194		     targ_port == xio->io_hdr.nexus.targ_port) &&
12195		    (init_id == UINT32_MAX ||
12196		     init_id == xio->io_hdr.nexus.initid.id)) {
12197			if (targ_port != xio->io_hdr.nexus.targ_port ||
12198			    init_id != xio->io_hdr.nexus.initid.id)
12199				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
12200			xio->io_hdr.flags |= CTL_FLAG_ABORT;
12201			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12202				union ctl_ha_msg msg_info;
12203
12204				msg_info.hdr.nexus = xio->io_hdr.nexus;
12205				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12206				msg_info.task.tag_num = xio->scsiio.tag_num;
12207				msg_info.task.tag_type = xio->scsiio.tag_type;
12208				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12209				msg_info.hdr.original_sc = NULL;
12210				msg_info.hdr.serializing_sc = NULL;
12211				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12212				    (void *)&msg_info, sizeof(msg_info), 0);
12213			}
12214		}
12215	}
12216}
12217
12218static int
12219ctl_abort_task_set(union ctl_io *io)
12220{
12221	struct ctl_softc *softc = control_softc;
12222	struct ctl_lun *lun;
12223	uint32_t targ_lun;
12224
12225	/*
12226	 * Look up the LUN.
12227	 */
12228	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12229	mtx_lock(&softc->ctl_lock);
12230	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
12231		lun = softc->ctl_luns[targ_lun];
12232	else {
12233		mtx_unlock(&softc->ctl_lock);
12234		return (1);
12235	}
12236
12237	mtx_lock(&lun->lun_lock);
12238	mtx_unlock(&softc->ctl_lock);
12239	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12240		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12241		    io->io_hdr.nexus.initid.id,
12242		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12243	} else { /* CTL_TASK_CLEAR_TASK_SET */
12244		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12245		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12246	}
12247	mtx_unlock(&lun->lun_lock);
12248	return (0);
12249}
12250
12251static int
12252ctl_i_t_nexus_reset(union ctl_io *io)
12253{
12254	struct ctl_softc *softc = control_softc;
12255	struct ctl_lun *lun;
12256	uint32_t initindex, residx;
12257
12258	initindex = ctl_get_initindex(&io->io_hdr.nexus);
12259	residx = ctl_get_resindex(&io->io_hdr.nexus);
12260	mtx_lock(&softc->ctl_lock);
12261	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12262		mtx_lock(&lun->lun_lock);
12263		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12264		    io->io_hdr.nexus.initid.id,
12265		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12266#ifdef CTL_WITH_CA
12267		ctl_clear_mask(lun->have_ca, initindex);
12268#endif
12269		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
12270			lun->flags &= ~CTL_LUN_RESERVED;
12271		lun->pending_ua[initindex] |= CTL_UA_I_T_NEXUS_LOSS;
12272		mtx_unlock(&lun->lun_lock);
12273	}
12274	mtx_unlock(&softc->ctl_lock);
12275	return (0);
12276}
12277
12278static int
12279ctl_abort_task(union ctl_io *io)
12280{
12281	union ctl_io *xio;
12282	struct ctl_lun *lun;
12283	struct ctl_softc *ctl_softc;
12284#if 0
12285	struct sbuf sb;
12286	char printbuf[128];
12287#endif
12288	int found;
12289	uint32_t targ_lun;
12290
12291	ctl_softc = control_softc;
12292	found = 0;
12293
12294	/*
12295	 * Look up the LUN.
12296	 */
12297	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12298	mtx_lock(&ctl_softc->ctl_lock);
12299	if ((targ_lun < CTL_MAX_LUNS)
12300	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12301		lun = ctl_softc->ctl_luns[targ_lun];
12302	else {
12303		mtx_unlock(&ctl_softc->ctl_lock);
12304		return (1);
12305	}
12306
12307#if 0
12308	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12309	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12310#endif
12311
12312	mtx_lock(&lun->lun_lock);
12313	mtx_unlock(&ctl_softc->ctl_lock);
12314	/*
12315	 * Run through the OOA queue and attempt to find the given I/O.
12316	 * The target port, initiator ID, tag type and tag number have to
12317	 * match the values that we got from the initiator.  If we have an
12318	 * untagged command to abort, simply abort the first untagged command
12319	 * we come to.  We only allow one untagged command at a time of course.
12320	 */
12321#if 0
12322	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
12323#endif
12324	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12325	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12326#if 0
12327		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12328
12329		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12330			    lun->lun, xio->scsiio.tag_num,
12331			    xio->scsiio.tag_type,
12332			    (xio->io_hdr.blocked_links.tqe_prev
12333			    == NULL) ? "" : " BLOCKED",
12334			    (xio->io_hdr.flags &
12335			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12336			    (xio->io_hdr.flags &
12337			    CTL_FLAG_ABORT) ? " ABORT" : "",
12338			    (xio->io_hdr.flags &
12339			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12340		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12341		sbuf_finish(&sb);
12342		printf("%s\n", sbuf_data(&sb));
12343#endif
12344
12345		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
12346		 && (xio->io_hdr.nexus.initid.id ==
12347		     io->io_hdr.nexus.initid.id)) {
12348			/*
12349			 * If the abort says that the task is untagged, the
12350			 * task in the queue must be untagged.  Otherwise,
12351			 * we just check to see whether the tag numbers
12352			 * match.  This is because the QLogic firmware
12353			 * doesn't pass back the tag type in an abort
12354			 * request.
12355			 */
12356#if 0
12357			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12358			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12359			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
12360#endif
12361			/*
12362			 * XXX KDM we've got problems with FC, because it
12363			 * doesn't send down a tag type with aborts.  So we
12364			 * can only really go by the tag number...
12365			 * This may cause problems with parallel SCSI.
12366			 * Need to figure that out!!
12367			 */
12368			if (xio->scsiio.tag_num == io->taskio.tag_num) {
12369				xio->io_hdr.flags |= CTL_FLAG_ABORT;
12370				found = 1;
12371				if ((io->io_hdr.flags &
12372				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
12373				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12374					union ctl_ha_msg msg_info;
12375
12376					io->io_hdr.flags |=
12377					                CTL_FLAG_SENT_2OTHER_SC;
12378					msg_info.hdr.nexus = io->io_hdr.nexus;
12379					msg_info.task.task_action =
12380						CTL_TASK_ABORT_TASK;
12381					msg_info.task.tag_num =
12382						io->taskio.tag_num;
12383					msg_info.task.tag_type =
12384						io->taskio.tag_type;
12385					msg_info.hdr.msg_type =
12386						CTL_MSG_MANAGE_TASKS;
12387					msg_info.hdr.original_sc = NULL;
12388					msg_info.hdr.serializing_sc = NULL;
12389#if 0
12390					printf("Sent Abort to other side\n");
12391#endif
12392					if (CTL_HA_STATUS_SUCCESS !=
12393					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12394		    				(void *)&msg_info,
12395						sizeof(msg_info), 0)) {
12396					}
12397				}
12398#if 0
12399				printf("ctl_abort_task: found I/O to abort\n");
12400#endif
12401				break;
12402			}
12403		}
12404	}
12405	mtx_unlock(&lun->lun_lock);
12406
12407	if (found == 0) {
12408		/*
12409		 * This isn't really an error.  It's entirely possible for
12410		 * the abort and command completion to cross on the wire.
12411		 * This is more of an informative/diagnostic error.
12412		 */
12413#if 0
12414		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12415		       "%d:%d:%d:%d tag %d type %d\n",
12416		       io->io_hdr.nexus.initid.id,
12417		       io->io_hdr.nexus.targ_port,
12418		       io->io_hdr.nexus.targ_target.id,
12419		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12420		       io->taskio.tag_type);
12421#endif
12422	}
12423	return (0);
12424}
12425
12426static void
12427ctl_run_task(union ctl_io *io)
12428{
12429	struct ctl_softc *ctl_softc = control_softc;
12430	int retval = 1;
12431	const char *task_desc;
12432
12433	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12434
12435	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12436	    ("ctl_run_task: Unextected io_type %d\n",
12437	     io->io_hdr.io_type));
12438
12439	task_desc = ctl_scsi_task_string(&io->taskio);
12440	if (task_desc != NULL) {
12441#ifdef NEEDTOPORT
12442		csevent_log(CSC_CTL | CSC_SHELF_SW |
12443			    CTL_TASK_REPORT,
12444			    csevent_LogType_Trace,
12445			    csevent_Severity_Information,
12446			    csevent_AlertLevel_Green,
12447			    csevent_FRU_Firmware,
12448			    csevent_FRU_Unknown,
12449			    "CTL: received task: %s",task_desc);
12450#endif
12451	} else {
12452#ifdef NEEDTOPORT
12453		csevent_log(CSC_CTL | CSC_SHELF_SW |
12454			    CTL_TASK_REPORT,
12455			    csevent_LogType_Trace,
12456			    csevent_Severity_Information,
12457			    csevent_AlertLevel_Green,
12458			    csevent_FRU_Firmware,
12459			    csevent_FRU_Unknown,
12460			    "CTL: received unknown task "
12461			    "type: %d (%#x)",
12462			    io->taskio.task_action,
12463			    io->taskio.task_action);
12464#endif
12465	}
12466	switch (io->taskio.task_action) {
12467	case CTL_TASK_ABORT_TASK:
12468		retval = ctl_abort_task(io);
12469		break;
12470	case CTL_TASK_ABORT_TASK_SET:
12471	case CTL_TASK_CLEAR_TASK_SET:
12472		retval = ctl_abort_task_set(io);
12473		break;
12474	case CTL_TASK_CLEAR_ACA:
12475		break;
12476	case CTL_TASK_I_T_NEXUS_RESET:
12477		retval = ctl_i_t_nexus_reset(io);
12478		break;
12479	case CTL_TASK_LUN_RESET: {
12480		struct ctl_lun *lun;
12481		uint32_t targ_lun;
12482
12483		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12484		mtx_lock(&ctl_softc->ctl_lock);
12485		if ((targ_lun < CTL_MAX_LUNS)
12486		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12487			lun = ctl_softc->ctl_luns[targ_lun];
12488		else {
12489			mtx_unlock(&ctl_softc->ctl_lock);
12490			retval = 1;
12491			break;
12492		}
12493
12494		if (!(io->io_hdr.flags &
12495		    CTL_FLAG_FROM_OTHER_SC)) {
12496			union ctl_ha_msg msg_info;
12497
12498			io->io_hdr.flags |=
12499				CTL_FLAG_SENT_2OTHER_SC;
12500			msg_info.hdr.msg_type =
12501				CTL_MSG_MANAGE_TASKS;
12502			msg_info.hdr.nexus = io->io_hdr.nexus;
12503			msg_info.task.task_action =
12504				CTL_TASK_LUN_RESET;
12505			msg_info.hdr.original_sc = NULL;
12506			msg_info.hdr.serializing_sc = NULL;
12507			if (CTL_HA_STATUS_SUCCESS !=
12508			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12509			    (void *)&msg_info,
12510			    sizeof(msg_info), 0)) {
12511			}
12512		}
12513
12514		retval = ctl_lun_reset(lun, io,
12515				       CTL_UA_LUN_RESET);
12516		mtx_unlock(&ctl_softc->ctl_lock);
12517		break;
12518	}
12519	case CTL_TASK_TARGET_RESET:
12520		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
12521		break;
12522	case CTL_TASK_BUS_RESET:
12523		retval = ctl_bus_reset(ctl_softc, io);
12524		break;
12525	case CTL_TASK_PORT_LOGIN:
12526		break;
12527	case CTL_TASK_PORT_LOGOUT:
12528		break;
12529	default:
12530		printf("ctl_run_task: got unknown task management event %d\n",
12531		       io->taskio.task_action);
12532		break;
12533	}
12534	if (retval == 0)
12535		io->io_hdr.status = CTL_SUCCESS;
12536	else
12537		io->io_hdr.status = CTL_ERROR;
12538	ctl_done(io);
12539}
12540
12541/*
12542 * For HA operation.  Handle commands that come in from the other
12543 * controller.
12544 */
12545static void
12546ctl_handle_isc(union ctl_io *io)
12547{
12548	int free_io;
12549	struct ctl_lun *lun;
12550	struct ctl_softc *ctl_softc;
12551	uint32_t targ_lun;
12552
12553	ctl_softc = control_softc;
12554
12555	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12556	lun = ctl_softc->ctl_luns[targ_lun];
12557
12558	switch (io->io_hdr.msg_type) {
12559	case CTL_MSG_SERIALIZE:
12560		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12561		break;
12562	case CTL_MSG_R2R: {
12563		const struct ctl_cmd_entry *entry;
12564
12565		/*
12566		 * This is only used in SER_ONLY mode.
12567		 */
12568		free_io = 0;
12569		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12570		mtx_lock(&lun->lun_lock);
12571		if (ctl_scsiio_lun_check(ctl_softc, lun,
12572		    entry, (struct ctl_scsiio *)io) != 0) {
12573			mtx_unlock(&lun->lun_lock);
12574			ctl_done(io);
12575			break;
12576		}
12577		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12578		mtx_unlock(&lun->lun_lock);
12579		ctl_enqueue_rtr(io);
12580		break;
12581	}
12582	case CTL_MSG_FINISH_IO:
12583		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
12584			free_io = 0;
12585			ctl_done(io);
12586		} else {
12587			free_io = 1;
12588			mtx_lock(&lun->lun_lock);
12589			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12590				     ooa_links);
12591			ctl_check_blocked(lun);
12592			mtx_unlock(&lun->lun_lock);
12593		}
12594		break;
12595	case CTL_MSG_PERS_ACTION:
12596		ctl_hndl_per_res_out_on_other_sc(
12597			(union ctl_ha_msg *)&io->presio.pr_msg);
12598		free_io = 1;
12599		break;
12600	case CTL_MSG_BAD_JUJU:
12601		free_io = 0;
12602		ctl_done(io);
12603		break;
12604	case CTL_MSG_DATAMOVE:
12605		/* Only used in XFER mode */
12606		free_io = 0;
12607		ctl_datamove_remote(io);
12608		break;
12609	case CTL_MSG_DATAMOVE_DONE:
12610		/* Only used in XFER mode */
12611		free_io = 0;
12612		io->scsiio.be_move_done(io);
12613		break;
12614	default:
12615		free_io = 1;
12616		printf("%s: Invalid message type %d\n",
12617		       __func__, io->io_hdr.msg_type);
12618		break;
12619	}
12620	if (free_io)
12621		ctl_free_io(io);
12622
12623}
12624
12625
12626/*
12627 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12628 * there is no match.
12629 */
12630static ctl_lun_error_pattern
12631ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12632{
12633	const struct ctl_cmd_entry *entry;
12634	ctl_lun_error_pattern filtered_pattern, pattern;
12635
12636	pattern = desc->error_pattern;
12637
12638	/*
12639	 * XXX KDM we need more data passed into this function to match a
12640	 * custom pattern, and we actually need to implement custom pattern
12641	 * matching.
12642	 */
12643	if (pattern & CTL_LUN_PAT_CMD)
12644		return (CTL_LUN_PAT_CMD);
12645
12646	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12647		return (CTL_LUN_PAT_ANY);
12648
12649	entry = ctl_get_cmd_entry(ctsio, NULL);
12650
12651	filtered_pattern = entry->pattern & pattern;
12652
12653	/*
12654	 * If the user requested specific flags in the pattern (e.g.
12655	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12656	 * flags.
12657	 *
12658	 * If the user did not specify any flags, it doesn't matter whether
12659	 * or not the command supports the flags.
12660	 */
12661	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12662	     (pattern & ~CTL_LUN_PAT_MASK))
12663		return (CTL_LUN_PAT_NONE);
12664
12665	/*
12666	 * If the user asked for a range check, see if the requested LBA
12667	 * range overlaps with this command's LBA range.
12668	 */
12669	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12670		uint64_t lba1;
12671		uint64_t len1;
12672		ctl_action action;
12673		int retval;
12674
12675		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12676		if (retval != 0)
12677			return (CTL_LUN_PAT_NONE);
12678
12679		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12680					      desc->lba_range.len);
12681		/*
12682		 * A "pass" means that the LBA ranges don't overlap, so
12683		 * this doesn't match the user's range criteria.
12684		 */
12685		if (action == CTL_ACTION_PASS)
12686			return (CTL_LUN_PAT_NONE);
12687	}
12688
12689	return (filtered_pattern);
12690}
12691
12692static void
12693ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12694{
12695	struct ctl_error_desc *desc, *desc2;
12696
12697	mtx_assert(&lun->lun_lock, MA_OWNED);
12698
12699	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12700		ctl_lun_error_pattern pattern;
12701		/*
12702		 * Check to see whether this particular command matches
12703		 * the pattern in the descriptor.
12704		 */
12705		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12706		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12707			continue;
12708
12709		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12710		case CTL_LUN_INJ_ABORTED:
12711			ctl_set_aborted(&io->scsiio);
12712			break;
12713		case CTL_LUN_INJ_MEDIUM_ERR:
12714			ctl_set_medium_error(&io->scsiio);
12715			break;
12716		case CTL_LUN_INJ_UA:
12717			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12718			 * OCCURRED */
12719			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12720			break;
12721		case CTL_LUN_INJ_CUSTOM:
12722			/*
12723			 * We're assuming the user knows what he is doing.
12724			 * Just copy the sense information without doing
12725			 * checks.
12726			 */
12727			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12728			      ctl_min(sizeof(desc->custom_sense),
12729				      sizeof(io->scsiio.sense_data)));
12730			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12731			io->scsiio.sense_len = SSD_FULL_SIZE;
12732			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12733			break;
12734		case CTL_LUN_INJ_NONE:
12735		default:
12736			/*
12737			 * If this is an error injection type we don't know
12738			 * about, clear the continuous flag (if it is set)
12739			 * so it will get deleted below.
12740			 */
12741			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12742			break;
12743		}
12744		/*
12745		 * By default, each error injection action is a one-shot
12746		 */
12747		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12748			continue;
12749
12750		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12751
12752		free(desc, M_CTL);
12753	}
12754}
12755
12756#ifdef CTL_IO_DELAY
12757static void
12758ctl_datamove_timer_wakeup(void *arg)
12759{
12760	union ctl_io *io;
12761
12762	io = (union ctl_io *)arg;
12763
12764	ctl_datamove(io);
12765}
12766#endif /* CTL_IO_DELAY */
12767
12768void
12769ctl_datamove(union ctl_io *io)
12770{
12771	void (*fe_datamove)(union ctl_io *io);
12772
12773	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12774
12775	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12776
12777#ifdef CTL_TIME_IO
12778	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12779		char str[256];
12780		char path_str[64];
12781		struct sbuf sb;
12782
12783		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12784		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12785
12786		sbuf_cat(&sb, path_str);
12787		switch (io->io_hdr.io_type) {
12788		case CTL_IO_SCSI:
12789			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12790			sbuf_printf(&sb, "\n");
12791			sbuf_cat(&sb, path_str);
12792			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12793				    io->scsiio.tag_num, io->scsiio.tag_type);
12794			break;
12795		case CTL_IO_TASK:
12796			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12797				    "Tag Type: %d\n", io->taskio.task_action,
12798				    io->taskio.tag_num, io->taskio.tag_type);
12799			break;
12800		default:
12801			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12802			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12803			break;
12804		}
12805		sbuf_cat(&sb, path_str);
12806		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12807			    (intmax_t)time_uptime - io->io_hdr.start_time);
12808		sbuf_finish(&sb);
12809		printf("%s", sbuf_data(&sb));
12810	}
12811#endif /* CTL_TIME_IO */
12812
12813#ifdef CTL_IO_DELAY
12814	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12815		struct ctl_lun *lun;
12816
12817		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12818
12819		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12820	} else {
12821		struct ctl_lun *lun;
12822
12823		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12824		if ((lun != NULL)
12825		 && (lun->delay_info.datamove_delay > 0)) {
12826			struct callout *callout;
12827
12828			callout = (struct callout *)&io->io_hdr.timer_bytes;
12829			callout_init(callout, /*mpsafe*/ 1);
12830			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12831			callout_reset(callout,
12832				      lun->delay_info.datamove_delay * hz,
12833				      ctl_datamove_timer_wakeup, io);
12834			if (lun->delay_info.datamove_type ==
12835			    CTL_DELAY_TYPE_ONESHOT)
12836				lun->delay_info.datamove_delay = 0;
12837			return;
12838		}
12839	}
12840#endif
12841
12842	/*
12843	 * This command has been aborted.  Set the port status, so we fail
12844	 * the data move.
12845	 */
12846	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12847		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12848		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12849		       io->io_hdr.nexus.targ_port,
12850		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12851		       io->io_hdr.nexus.targ_lun);
12852		io->io_hdr.port_status = 31337;
12853		/*
12854		 * Note that the backend, in this case, will get the
12855		 * callback in its context.  In other cases it may get
12856		 * called in the frontend's interrupt thread context.
12857		 */
12858		io->scsiio.be_move_done(io);
12859		return;
12860	}
12861
12862	/* Don't confuse frontend with zero length data move. */
12863	if (io->scsiio.kern_data_len == 0) {
12864		io->scsiio.be_move_done(io);
12865		return;
12866	}
12867
12868	/*
12869	 * If we're in XFER mode and this I/O is from the other shelf
12870	 * controller, we need to send the DMA to the other side to
12871	 * actually transfer the data to/from the host.  In serialize only
12872	 * mode the transfer happens below CTL and ctl_datamove() is only
12873	 * called on the machine that originally received the I/O.
12874	 */
12875	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12876	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12877		union ctl_ha_msg msg;
12878		uint32_t sg_entries_sent;
12879		int do_sg_copy;
12880		int i;
12881
12882		memset(&msg, 0, sizeof(msg));
12883		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12884		msg.hdr.original_sc = io->io_hdr.original_sc;
12885		msg.hdr.serializing_sc = io;
12886		msg.hdr.nexus = io->io_hdr.nexus;
12887		msg.dt.flags = io->io_hdr.flags;
12888		/*
12889		 * We convert everything into a S/G list here.  We can't
12890		 * pass by reference, only by value between controllers.
12891		 * So we can't pass a pointer to the S/G list, only as many
12892		 * S/G entries as we can fit in here.  If it's possible for
12893		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12894		 * then we need to break this up into multiple transfers.
12895		 */
12896		if (io->scsiio.kern_sg_entries == 0) {
12897			msg.dt.kern_sg_entries = 1;
12898			/*
12899			 * If this is in cached memory, flush the cache
12900			 * before we send the DMA request to the other
12901			 * controller.  We want to do this in either the
12902			 * read or the write case.  The read case is
12903			 * straightforward.  In the write case, we want to
12904			 * make sure nothing is in the local cache that
12905			 * could overwrite the DMAed data.
12906			 */
12907			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12908				/*
12909				 * XXX KDM use bus_dmamap_sync() here.
12910				 */
12911			}
12912
12913			/*
12914			 * Convert to a physical address if this is a
12915			 * virtual address.
12916			 */
12917			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12918				msg.dt.sg_list[0].addr =
12919					io->scsiio.kern_data_ptr;
12920			} else {
12921				/*
12922				 * XXX KDM use busdma here!
12923				 */
12924#if 0
12925				msg.dt.sg_list[0].addr = (void *)
12926					vtophys(io->scsiio.kern_data_ptr);
12927#endif
12928			}
12929
12930			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12931			do_sg_copy = 0;
12932		} else {
12933			struct ctl_sg_entry *sgl;
12934
12935			do_sg_copy = 1;
12936			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12937			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12938			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12939				/*
12940				 * XXX KDM use bus_dmamap_sync() here.
12941				 */
12942			}
12943		}
12944
12945		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12946		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12947		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12948		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12949		msg.dt.sg_sequence = 0;
12950
12951		/*
12952		 * Loop until we've sent all of the S/G entries.  On the
12953		 * other end, we'll recompose these S/G entries into one
12954		 * contiguous list before passing it to the
12955		 */
12956		for (sg_entries_sent = 0; sg_entries_sent <
12957		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12958			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
12959				sizeof(msg.dt.sg_list[0])),
12960				msg.dt.kern_sg_entries - sg_entries_sent);
12961
12962			if (do_sg_copy != 0) {
12963				struct ctl_sg_entry *sgl;
12964				int j;
12965
12966				sgl = (struct ctl_sg_entry *)
12967					io->scsiio.kern_data_ptr;
12968				/*
12969				 * If this is in cached memory, flush the cache
12970				 * before we send the DMA request to the other
12971				 * controller.  We want to do this in either
12972				 * the * read or the write case.  The read
12973				 * case is straightforward.  In the write
12974				 * case, we want to make sure nothing is
12975				 * in the local cache that could overwrite
12976				 * the DMAed data.
12977				 */
12978
12979				for (i = sg_entries_sent, j = 0;
12980				     i < msg.dt.cur_sg_entries; i++, j++) {
12981					if ((io->io_hdr.flags &
12982					     CTL_FLAG_NO_DATASYNC) == 0) {
12983						/*
12984						 * XXX KDM use bus_dmamap_sync()
12985						 */
12986					}
12987					if ((io->io_hdr.flags &
12988					     CTL_FLAG_BUS_ADDR) == 0) {
12989						/*
12990						 * XXX KDM use busdma.
12991						 */
12992#if 0
12993						msg.dt.sg_list[j].addr =(void *)
12994						       vtophys(sgl[i].addr);
12995#endif
12996					} else {
12997						msg.dt.sg_list[j].addr =
12998							sgl[i].addr;
12999					}
13000					msg.dt.sg_list[j].len = sgl[i].len;
13001				}
13002			}
13003
13004			sg_entries_sent += msg.dt.cur_sg_entries;
13005			if (sg_entries_sent >= msg.dt.kern_sg_entries)
13006				msg.dt.sg_last = 1;
13007			else
13008				msg.dt.sg_last = 0;
13009
13010			/*
13011			 * XXX KDM drop and reacquire the lock here?
13012			 */
13013			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13014			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13015				/*
13016				 * XXX do something here.
13017				 */
13018			}
13019
13020			msg.dt.sent_sg_entries = sg_entries_sent;
13021		}
13022		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13023		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
13024			ctl_failover_io(io, /*have_lock*/ 0);
13025
13026	} else {
13027
13028		/*
13029		 * Lookup the fe_datamove() function for this particular
13030		 * front end.
13031		 */
13032		fe_datamove =
13033		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13034
13035		fe_datamove(io);
13036	}
13037}
13038
13039static void
13040ctl_send_datamove_done(union ctl_io *io, int have_lock)
13041{
13042	union ctl_ha_msg msg;
13043	int isc_status;
13044
13045	memset(&msg, 0, sizeof(msg));
13046
13047	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
13048	msg.hdr.original_sc = io;
13049	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13050	msg.hdr.nexus = io->io_hdr.nexus;
13051	msg.hdr.status = io->io_hdr.status;
13052	msg.scsi.tag_num = io->scsiio.tag_num;
13053	msg.scsi.tag_type = io->scsiio.tag_type;
13054	msg.scsi.scsi_status = io->scsiio.scsi_status;
13055	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13056	       sizeof(io->scsiio.sense_data));
13057	msg.scsi.sense_len = io->scsiio.sense_len;
13058	msg.scsi.sense_residual = io->scsiio.sense_residual;
13059	msg.scsi.fetd_status = io->io_hdr.port_status;
13060	msg.scsi.residual = io->scsiio.residual;
13061	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13062
13063	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13064		ctl_failover_io(io, /*have_lock*/ have_lock);
13065		return;
13066	}
13067
13068	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
13069	if (isc_status > CTL_HA_STATUS_SUCCESS) {
13070		/* XXX do something if this fails */
13071	}
13072
13073}
13074
13075/*
13076 * The DMA to the remote side is done, now we need to tell the other side
13077 * we're done so it can continue with its data movement.
13078 */
13079static void
13080ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
13081{
13082	union ctl_io *io;
13083
13084	io = rq->context;
13085
13086	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
13087		printf("%s: ISC DMA write failed with error %d", __func__,
13088		       rq->ret);
13089		ctl_set_internal_failure(&io->scsiio,
13090					 /*sks_valid*/ 1,
13091					 /*retry_count*/ rq->ret);
13092	}
13093
13094	ctl_dt_req_free(rq);
13095
13096	/*
13097	 * In this case, we had to malloc the memory locally.  Free it.
13098	 */
13099	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
13100		int i;
13101		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13102			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13103	}
13104	/*
13105	 * The data is in local and remote memory, so now we need to send
13106	 * status (good or back) back to the other side.
13107	 */
13108	ctl_send_datamove_done(io, /*have_lock*/ 0);
13109}
13110
13111/*
13112 * We've moved the data from the host/controller into local memory.  Now we
13113 * need to push it over to the remote controller's memory.
13114 */
13115static int
13116ctl_datamove_remote_dm_write_cb(union ctl_io *io)
13117{
13118	int retval;
13119
13120	retval = 0;
13121
13122	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
13123					  ctl_datamove_remote_write_cb);
13124
13125	return (retval);
13126}
13127
13128static void
13129ctl_datamove_remote_write(union ctl_io *io)
13130{
13131	int retval;
13132	void (*fe_datamove)(union ctl_io *io);
13133
13134	/*
13135	 * - Get the data from the host/HBA into local memory.
13136	 * - DMA memory from the local controller to the remote controller.
13137	 * - Send status back to the remote controller.
13138	 */
13139
13140	retval = ctl_datamove_remote_sgl_setup(io);
13141	if (retval != 0)
13142		return;
13143
13144	/* Switch the pointer over so the FETD knows what to do */
13145	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13146
13147	/*
13148	 * Use a custom move done callback, since we need to send completion
13149	 * back to the other controller, not to the backend on this side.
13150	 */
13151	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
13152
13153	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13154
13155	fe_datamove(io);
13156
13157	return;
13158
13159}
13160
13161static int
13162ctl_datamove_remote_dm_read_cb(union ctl_io *io)
13163{
13164#if 0
13165	char str[256];
13166	char path_str[64];
13167	struct sbuf sb;
13168#endif
13169
13170	/*
13171	 * In this case, we had to malloc the memory locally.  Free it.
13172	 */
13173	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
13174		int i;
13175		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13176			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13177	}
13178
13179#if 0
13180	scsi_path_string(io, path_str, sizeof(path_str));
13181	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13182	sbuf_cat(&sb, path_str);
13183	scsi_command_string(&io->scsiio, NULL, &sb);
13184	sbuf_printf(&sb, "\n");
13185	sbuf_cat(&sb, path_str);
13186	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13187		    io->scsiio.tag_num, io->scsiio.tag_type);
13188	sbuf_cat(&sb, path_str);
13189	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
13190		    io->io_hdr.flags, io->io_hdr.status);
13191	sbuf_finish(&sb);
13192	printk("%s", sbuf_data(&sb));
13193#endif
13194
13195
13196	/*
13197	 * The read is done, now we need to send status (good or bad) back
13198	 * to the other side.
13199	 */
13200	ctl_send_datamove_done(io, /*have_lock*/ 0);
13201
13202	return (0);
13203}
13204
13205static void
13206ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
13207{
13208	union ctl_io *io;
13209	void (*fe_datamove)(union ctl_io *io);
13210
13211	io = rq->context;
13212
13213	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
13214		printf("%s: ISC DMA read failed with error %d", __func__,
13215		       rq->ret);
13216		ctl_set_internal_failure(&io->scsiio,
13217					 /*sks_valid*/ 1,
13218					 /*retry_count*/ rq->ret);
13219	}
13220
13221	ctl_dt_req_free(rq);
13222
13223	/* Switch the pointer over so the FETD knows what to do */
13224	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
13225
13226	/*
13227	 * Use a custom move done callback, since we need to send completion
13228	 * back to the other controller, not to the backend on this side.
13229	 */
13230	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
13231
13232	/* XXX KDM add checks like the ones in ctl_datamove? */
13233
13234	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
13235
13236	fe_datamove(io);
13237}
13238
13239static int
13240ctl_datamove_remote_sgl_setup(union ctl_io *io)
13241{
13242	struct ctl_sg_entry *local_sglist, *remote_sglist;
13243	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
13244	struct ctl_softc *softc;
13245	int retval;
13246	int i;
13247
13248	retval = 0;
13249	softc = control_softc;
13250
13251	local_sglist = io->io_hdr.local_sglist;
13252	local_dma_sglist = io->io_hdr.local_dma_sglist;
13253	remote_sglist = io->io_hdr.remote_sglist;
13254	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13255
13256	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
13257		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
13258			local_sglist[i].len = remote_sglist[i].len;
13259
13260			/*
13261			 * XXX Detect the situation where the RS-level I/O
13262			 * redirector on the other side has already read the
13263			 * data off of the AOR RS on this side, and
13264			 * transferred it to remote (mirror) memory on the
13265			 * other side.  Since we already have the data in
13266			 * memory here, we just need to use it.
13267			 *
13268			 * XXX KDM this can probably be removed once we
13269			 * get the cache device code in and take the
13270			 * current AOR implementation out.
13271			 */
13272#ifdef NEEDTOPORT
13273			if ((remote_sglist[i].addr >=
13274			     (void *)vtophys(softc->mirr->addr))
13275			 && (remote_sglist[i].addr <
13276			     ((void *)vtophys(softc->mirr->addr) +
13277			     CacheMirrorOffset))) {
13278				local_sglist[i].addr = remote_sglist[i].addr -
13279					CacheMirrorOffset;
13280				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13281				     CTL_FLAG_DATA_IN)
13282					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
13283			} else {
13284				local_sglist[i].addr = remote_sglist[i].addr +
13285					CacheMirrorOffset;
13286			}
13287#endif
13288#if 0
13289			printf("%s: local %p, remote %p, len %d\n",
13290			       __func__, local_sglist[i].addr,
13291			       remote_sglist[i].addr, local_sglist[i].len);
13292#endif
13293		}
13294	} else {
13295		uint32_t len_to_go;
13296
13297		/*
13298		 * In this case, we don't have automatically allocated
13299		 * memory for this I/O on this controller.  This typically
13300		 * happens with internal CTL I/O -- e.g. inquiry, mode
13301		 * sense, etc.  Anything coming from RAIDCore will have
13302		 * a mirror area available.
13303		 */
13304		len_to_go = io->scsiio.kern_data_len;
13305
13306		/*
13307		 * Clear the no datasync flag, we have to use malloced
13308		 * buffers.
13309		 */
13310		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
13311
13312		/*
13313		 * The difficult thing here is that the size of the various
13314		 * S/G segments may be different than the size from the
13315		 * remote controller.  That'll make it harder when DMAing
13316		 * the data back to the other side.
13317		 */
13318		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
13319		     sizeof(io->io_hdr.remote_sglist[0])) &&
13320		     (len_to_go > 0); i++) {
13321			local_sglist[i].len = ctl_min(len_to_go, 131072);
13322			CTL_SIZE_8B(local_dma_sglist[i].len,
13323				    local_sglist[i].len);
13324			local_sglist[i].addr =
13325				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
13326
13327			local_dma_sglist[i].addr = local_sglist[i].addr;
13328
13329			if (local_sglist[i].addr == NULL) {
13330				int j;
13331
13332				printf("malloc failed for %zd bytes!",
13333				       local_dma_sglist[i].len);
13334				for (j = 0; j < i; j++) {
13335					free(local_sglist[j].addr, M_CTL);
13336				}
13337				ctl_set_internal_failure(&io->scsiio,
13338							 /*sks_valid*/ 1,
13339							 /*retry_count*/ 4857);
13340				retval = 1;
13341				goto bailout_error;
13342
13343			}
13344			/* XXX KDM do we need a sync here? */
13345
13346			len_to_go -= local_sglist[i].len;
13347		}
13348		/*
13349		 * Reset the number of S/G entries accordingly.  The
13350		 * original number of S/G entries is available in
13351		 * rem_sg_entries.
13352		 */
13353		io->scsiio.kern_sg_entries = i;
13354
13355#if 0
13356		printf("%s: kern_sg_entries = %d\n", __func__,
13357		       io->scsiio.kern_sg_entries);
13358		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13359			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
13360			       local_sglist[i].addr, local_sglist[i].len,
13361			       local_dma_sglist[i].len);
13362#endif
13363	}
13364
13365
13366	return (retval);
13367
13368bailout_error:
13369
13370	ctl_send_datamove_done(io, /*have_lock*/ 0);
13371
13372	return (retval);
13373}
13374
13375static int
13376ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
13377			 ctl_ha_dt_cb callback)
13378{
13379	struct ctl_ha_dt_req *rq;
13380	struct ctl_sg_entry *remote_sglist, *local_sglist;
13381	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
13382	uint32_t local_used, remote_used, total_used;
13383	int retval;
13384	int i, j;
13385
13386	retval = 0;
13387
13388	rq = ctl_dt_req_alloc();
13389
13390	/*
13391	 * If we failed to allocate the request, and if the DMA didn't fail
13392	 * anyway, set busy status.  This is just a resource allocation
13393	 * failure.
13394	 */
13395	if ((rq == NULL)
13396	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
13397		ctl_set_busy(&io->scsiio);
13398
13399	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
13400
13401		if (rq != NULL)
13402			ctl_dt_req_free(rq);
13403
13404		/*
13405		 * The data move failed.  We need to return status back
13406		 * to the other controller.  No point in trying to DMA
13407		 * data to the remote controller.
13408		 */
13409
13410		ctl_send_datamove_done(io, /*have_lock*/ 0);
13411
13412		retval = 1;
13413
13414		goto bailout;
13415	}
13416
13417	local_sglist = io->io_hdr.local_sglist;
13418	local_dma_sglist = io->io_hdr.local_dma_sglist;
13419	remote_sglist = io->io_hdr.remote_sglist;
13420	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13421	local_used = 0;
13422	remote_used = 0;
13423	total_used = 0;
13424
13425	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
13426		rq->ret = CTL_HA_STATUS_SUCCESS;
13427		rq->context = io;
13428		callback(rq);
13429		goto bailout;
13430	}
13431
13432	/*
13433	 * Pull/push the data over the wire from/to the other controller.
13434	 * This takes into account the possibility that the local and
13435	 * remote sglists may not be identical in terms of the size of
13436	 * the elements and the number of elements.
13437	 *
13438	 * One fundamental assumption here is that the length allocated for
13439	 * both the local and remote sglists is identical.  Otherwise, we've
13440	 * essentially got a coding error of some sort.
13441	 */
13442	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
13443		int isc_ret;
13444		uint32_t cur_len, dma_length;
13445		uint8_t *tmp_ptr;
13446
13447		rq->id = CTL_HA_DATA_CTL;
13448		rq->command = command;
13449		rq->context = io;
13450
13451		/*
13452		 * Both pointers should be aligned.  But it is possible
13453		 * that the allocation length is not.  They should both
13454		 * also have enough slack left over at the end, though,
13455		 * to round up to the next 8 byte boundary.
13456		 */
13457		cur_len = ctl_min(local_sglist[i].len - local_used,
13458				  remote_sglist[j].len - remote_used);
13459
13460		/*
13461		 * In this case, we have a size issue and need to decrease
13462		 * the size, except in the case where we actually have less
13463		 * than 8 bytes left.  In that case, we need to increase
13464		 * the DMA length to get the last bit.
13465		 */
13466		if ((cur_len & 0x7) != 0) {
13467			if (cur_len > 0x7) {
13468				cur_len = cur_len - (cur_len & 0x7);
13469				dma_length = cur_len;
13470			} else {
13471				CTL_SIZE_8B(dma_length, cur_len);
13472			}
13473
13474		} else
13475			dma_length = cur_len;
13476
13477		/*
13478		 * If we had to allocate memory for this I/O, instead of using
13479		 * the non-cached mirror memory, we'll need to flush the cache
13480		 * before trying to DMA to the other controller.
13481		 *
13482		 * We could end up doing this multiple times for the same
13483		 * segment if we have a larger local segment than remote
13484		 * segment.  That shouldn't be an issue.
13485		 */
13486		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13487			/*
13488			 * XXX KDM use bus_dmamap_sync() here.
13489			 */
13490		}
13491
13492		rq->size = dma_length;
13493
13494		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13495		tmp_ptr += local_used;
13496
13497		/* Use physical addresses when talking to ISC hardware */
13498		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13499			/* XXX KDM use busdma */
13500#if 0
13501			rq->local = vtophys(tmp_ptr);
13502#endif
13503		} else
13504			rq->local = tmp_ptr;
13505
13506		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13507		tmp_ptr += remote_used;
13508		rq->remote = tmp_ptr;
13509
13510		rq->callback = NULL;
13511
13512		local_used += cur_len;
13513		if (local_used >= local_sglist[i].len) {
13514			i++;
13515			local_used = 0;
13516		}
13517
13518		remote_used += cur_len;
13519		if (remote_used >= remote_sglist[j].len) {
13520			j++;
13521			remote_used = 0;
13522		}
13523		total_used += cur_len;
13524
13525		if (total_used >= io->scsiio.kern_data_len)
13526			rq->callback = callback;
13527
13528		if ((rq->size & 0x7) != 0) {
13529			printf("%s: warning: size %d is not on 8b boundary\n",
13530			       __func__, rq->size);
13531		}
13532		if (((uintptr_t)rq->local & 0x7) != 0) {
13533			printf("%s: warning: local %p not on 8b boundary\n",
13534			       __func__, rq->local);
13535		}
13536		if (((uintptr_t)rq->remote & 0x7) != 0) {
13537			printf("%s: warning: remote %p not on 8b boundary\n",
13538			       __func__, rq->local);
13539		}
13540#if 0
13541		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
13542		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13543		       rq->local, rq->remote, rq->size);
13544#endif
13545
13546		isc_ret = ctl_dt_single(rq);
13547		if (isc_ret == CTL_HA_STATUS_WAIT)
13548			continue;
13549
13550		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
13551			rq->ret = CTL_HA_STATUS_SUCCESS;
13552		} else {
13553			rq->ret = isc_ret;
13554		}
13555		callback(rq);
13556		goto bailout;
13557	}
13558
13559bailout:
13560	return (retval);
13561
13562}
13563
13564static void
13565ctl_datamove_remote_read(union ctl_io *io)
13566{
13567	int retval;
13568	int i;
13569
13570	/*
13571	 * This will send an error to the other controller in the case of a
13572	 * failure.
13573	 */
13574	retval = ctl_datamove_remote_sgl_setup(io);
13575	if (retval != 0)
13576		return;
13577
13578	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13579					  ctl_datamove_remote_read_cb);
13580	if ((retval != 0)
13581	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
13582		/*
13583		 * Make sure we free memory if there was an error..  The
13584		 * ctl_datamove_remote_xfer() function will send the
13585		 * datamove done message, or call the callback with an
13586		 * error if there is a problem.
13587		 */
13588		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13589			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13590	}
13591
13592	return;
13593}
13594
13595/*
13596 * Process a datamove request from the other controller.  This is used for
13597 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13598 * first.  Once that is complete, the data gets DMAed into the remote
13599 * controller's memory.  For reads, we DMA from the remote controller's
13600 * memory into our memory first, and then move it out to the FETD.
13601 */
13602static void
13603ctl_datamove_remote(union ctl_io *io)
13604{
13605	struct ctl_softc *softc;
13606
13607	softc = control_softc;
13608
13609	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13610
13611	/*
13612	 * Note that we look for an aborted I/O here, but don't do some of
13613	 * the other checks that ctl_datamove() normally does.
13614	 * We don't need to run the datamove delay code, since that should
13615	 * have been done if need be on the other controller.
13616	 */
13617	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13618		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13619		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13620		       io->io_hdr.nexus.targ_port,
13621		       io->io_hdr.nexus.targ_target.id,
13622		       io->io_hdr.nexus.targ_lun);
13623		io->io_hdr.port_status = 31338;
13624		ctl_send_datamove_done(io, /*have_lock*/ 0);
13625		return;
13626	}
13627
13628	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13629		ctl_datamove_remote_write(io);
13630	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13631		ctl_datamove_remote_read(io);
13632	} else {
13633		union ctl_ha_msg msg;
13634		struct scsi_sense_data *sense;
13635		uint8_t sks[3];
13636		int retry_count;
13637
13638		memset(&msg, 0, sizeof(msg));
13639
13640		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13641		msg.hdr.status = CTL_SCSI_ERROR;
13642		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13643
13644		retry_count = 4243;
13645
13646		sense = &msg.scsi.sense_data;
13647		sks[0] = SSD_SCS_VALID;
13648		sks[1] = (retry_count >> 8) & 0xff;
13649		sks[2] = retry_count & 0xff;
13650
13651		/* "Internal target failure" */
13652		scsi_set_sense_data(sense,
13653				    /*sense_format*/ SSD_TYPE_NONE,
13654				    /*current_error*/ 1,
13655				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13656				    /*asc*/ 0x44,
13657				    /*ascq*/ 0x00,
13658				    /*type*/ SSD_ELEM_SKS,
13659				    /*size*/ sizeof(sks),
13660				    /*data*/ sks,
13661				    SSD_ELEM_NONE);
13662
13663		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13664		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13665			ctl_failover_io(io, /*have_lock*/ 1);
13666			return;
13667		}
13668
13669		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13670		    CTL_HA_STATUS_SUCCESS) {
13671			/* XXX KDM what to do if this fails? */
13672		}
13673		return;
13674	}
13675
13676}
13677
13678static int
13679ctl_process_done(union ctl_io *io)
13680{
13681	struct ctl_lun *lun;
13682	struct ctl_softc *ctl_softc;
13683	void (*fe_done)(union ctl_io *io);
13684	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13685
13686	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13687
13688	fe_done =
13689	    control_softc->ctl_ports[targ_port]->fe_done;
13690
13691#ifdef CTL_TIME_IO
13692	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13693		char str[256];
13694		char path_str[64];
13695		struct sbuf sb;
13696
13697		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13698		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13699
13700		sbuf_cat(&sb, path_str);
13701		switch (io->io_hdr.io_type) {
13702		case CTL_IO_SCSI:
13703			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13704			sbuf_printf(&sb, "\n");
13705			sbuf_cat(&sb, path_str);
13706			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13707				    io->scsiio.tag_num, io->scsiio.tag_type);
13708			break;
13709		case CTL_IO_TASK:
13710			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13711				    "Tag Type: %d\n", io->taskio.task_action,
13712				    io->taskio.tag_num, io->taskio.tag_type);
13713			break;
13714		default:
13715			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13716			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13717			break;
13718		}
13719		sbuf_cat(&sb, path_str);
13720		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13721			    (intmax_t)time_uptime - io->io_hdr.start_time);
13722		sbuf_finish(&sb);
13723		printf("%s", sbuf_data(&sb));
13724	}
13725#endif /* CTL_TIME_IO */
13726
13727	switch (io->io_hdr.io_type) {
13728	case CTL_IO_SCSI:
13729		break;
13730	case CTL_IO_TASK:
13731		if (bootverbose || (ctl_debug & CTL_DEBUG_INFO))
13732			ctl_io_error_print(io, NULL);
13733		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13734			ctl_free_io(io);
13735		else
13736			fe_done(io);
13737		return (CTL_RETVAL_COMPLETE);
13738	default:
13739		panic("ctl_process_done: invalid io type %d\n",
13740		      io->io_hdr.io_type);
13741		break; /* NOTREACHED */
13742	}
13743
13744	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13745	if (lun == NULL) {
13746		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13747				 io->io_hdr.nexus.targ_mapped_lun));
13748		fe_done(io);
13749		goto bailout;
13750	}
13751	ctl_softc = lun->ctl_softc;
13752
13753	mtx_lock(&lun->lun_lock);
13754
13755	/*
13756	 * Check to see if we have any errors to inject here.  We only
13757	 * inject errors for commands that don't already have errors set.
13758	 */
13759	if ((STAILQ_FIRST(&lun->error_list) != NULL)
13760	 && ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS))
13761		ctl_inject_error(lun, io);
13762
13763	/*
13764	 * XXX KDM how do we treat commands that aren't completed
13765	 * successfully?
13766	 *
13767	 * XXX KDM should we also track I/O latency?
13768	 */
13769	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13770	    io->io_hdr.io_type == CTL_IO_SCSI) {
13771#ifdef CTL_TIME_IO
13772		struct bintime cur_bt;
13773#endif
13774		int type;
13775
13776		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13777		    CTL_FLAG_DATA_IN)
13778			type = CTL_STATS_READ;
13779		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13780		    CTL_FLAG_DATA_OUT)
13781			type = CTL_STATS_WRITE;
13782		else
13783			type = CTL_STATS_NO_IO;
13784
13785		lun->stats.ports[targ_port].bytes[type] +=
13786		    io->scsiio.kern_total_len;
13787		lun->stats.ports[targ_port].operations[type]++;
13788#ifdef CTL_TIME_IO
13789		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13790		   &io->io_hdr.dma_bt);
13791		lun->stats.ports[targ_port].num_dmas[type] +=
13792		    io->io_hdr.num_dmas;
13793		getbintime(&cur_bt);
13794		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13795		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13796#endif
13797	}
13798
13799	/*
13800	 * Remove this from the OOA queue.
13801	 */
13802	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13803
13804	/*
13805	 * Run through the blocked queue on this LUN and see if anything
13806	 * has become unblocked, now that this transaction is done.
13807	 */
13808	ctl_check_blocked(lun);
13809
13810	/*
13811	 * If the LUN has been invalidated, free it if there is nothing
13812	 * left on its OOA queue.
13813	 */
13814	if ((lun->flags & CTL_LUN_INVALID)
13815	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13816		mtx_unlock(&lun->lun_lock);
13817		mtx_lock(&ctl_softc->ctl_lock);
13818		ctl_free_lun(lun);
13819		mtx_unlock(&ctl_softc->ctl_lock);
13820	} else
13821		mtx_unlock(&lun->lun_lock);
13822
13823	/*
13824	 * If this command has been aborted, make sure we set the status
13825	 * properly.  The FETD is responsible for freeing the I/O and doing
13826	 * whatever it needs to do to clean up its state.
13827	 */
13828	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13829		ctl_set_task_aborted(&io->scsiio);
13830
13831	/*
13832	 * If enabled, print command error status.
13833	 * We don't print UAs unless debugging was enabled explicitly.
13834	 */
13835	do {
13836		if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)
13837			break;
13838		if (!bootverbose && (ctl_debug & CTL_DEBUG_INFO) == 0)
13839			break;
13840		if ((ctl_debug & CTL_DEBUG_INFO) == 0 &&
13841		    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR) &&
13842		     (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
13843			int error_code, sense_key, asc, ascq;
13844
13845			scsi_extract_sense_len(&io->scsiio.sense_data,
13846			    io->scsiio.sense_len, &error_code, &sense_key,
13847			    &asc, &ascq, /*show_errors*/ 0);
13848			if (sense_key == SSD_KEY_UNIT_ATTENTION)
13849				break;
13850		}
13851
13852		ctl_io_error_print(io, NULL);
13853	} while (0);
13854
13855	/*
13856	 * Tell the FETD or the other shelf controller we're done with this
13857	 * command.  Note that only SCSI commands get to this point.  Task
13858	 * management commands are completed above.
13859	 *
13860	 * We only send status to the other controller if we're in XFER
13861	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13862	 * received the I/O (from CTL's perspective), and so the status is
13863	 * generated there.
13864	 *
13865	 * XXX KDM if we hold the lock here, we could cause a deadlock
13866	 * if the frontend comes back in in this context to queue
13867	 * something.
13868	 */
13869	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
13870	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13871		union ctl_ha_msg msg;
13872
13873		memset(&msg, 0, sizeof(msg));
13874		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13875		msg.hdr.original_sc = io->io_hdr.original_sc;
13876		msg.hdr.nexus = io->io_hdr.nexus;
13877		msg.hdr.status = io->io_hdr.status;
13878		msg.scsi.scsi_status = io->scsiio.scsi_status;
13879		msg.scsi.tag_num = io->scsiio.tag_num;
13880		msg.scsi.tag_type = io->scsiio.tag_type;
13881		msg.scsi.sense_len = io->scsiio.sense_len;
13882		msg.scsi.sense_residual = io->scsiio.sense_residual;
13883		msg.scsi.residual = io->scsiio.residual;
13884		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13885		       sizeof(io->scsiio.sense_data));
13886		/*
13887		 * We copy this whether or not this is an I/O-related
13888		 * command.  Otherwise, we'd have to go and check to see
13889		 * whether it's a read/write command, and it really isn't
13890		 * worth it.
13891		 */
13892		memcpy(&msg.scsi.lbalen,
13893		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13894		       sizeof(msg.scsi.lbalen));
13895
13896		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13897				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13898			/* XXX do something here */
13899		}
13900
13901		ctl_free_io(io);
13902	} else
13903		fe_done(io);
13904
13905bailout:
13906
13907	return (CTL_RETVAL_COMPLETE);
13908}
13909
13910#ifdef CTL_WITH_CA
13911/*
13912 * Front end should call this if it doesn't do autosense.  When the request
13913 * sense comes back in from the initiator, we'll dequeue this and send it.
13914 */
13915int
13916ctl_queue_sense(union ctl_io *io)
13917{
13918	struct ctl_lun *lun;
13919	struct ctl_softc *ctl_softc;
13920	uint32_t initidx, targ_lun;
13921
13922	ctl_softc = control_softc;
13923
13924	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13925
13926	/*
13927	 * LUN lookup will likely move to the ctl_work_thread() once we
13928	 * have our new queueing infrastructure (that doesn't put things on
13929	 * a per-LUN queue initially).  That is so that we can handle
13930	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13931	 * can't deal with that right now.
13932	 */
13933	mtx_lock(&ctl_softc->ctl_lock);
13934
13935	/*
13936	 * If we don't have a LUN for this, just toss the sense
13937	 * information.
13938	 */
13939	targ_lun = io->io_hdr.nexus.targ_lun;
13940	targ_lun = ctl_map_lun(io->io_hdr.nexus.targ_port, targ_lun);
13941	if ((targ_lun < CTL_MAX_LUNS)
13942	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
13943		lun = ctl_softc->ctl_luns[targ_lun];
13944	else
13945		goto bailout;
13946
13947	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13948
13949	mtx_lock(&lun->lun_lock);
13950	/*
13951	 * Already have CA set for this LUN...toss the sense information.
13952	 */
13953	if (ctl_is_set(lun->have_ca, initidx)) {
13954		mtx_unlock(&lun->lun_lock);
13955		goto bailout;
13956	}
13957
13958	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13959	       ctl_min(sizeof(lun->pending_sense[initidx]),
13960	       sizeof(io->scsiio.sense_data)));
13961	ctl_set_mask(lun->have_ca, initidx);
13962	mtx_unlock(&lun->lun_lock);
13963
13964bailout:
13965	mtx_unlock(&ctl_softc->ctl_lock);
13966
13967	ctl_free_io(io);
13968
13969	return (CTL_RETVAL_COMPLETE);
13970}
13971#endif
13972
13973/*
13974 * Primary command inlet from frontend ports.  All SCSI and task I/O
13975 * requests must go through this function.
13976 */
13977int
13978ctl_queue(union ctl_io *io)
13979{
13980	struct ctl_softc *ctl_softc;
13981
13982	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13983
13984	ctl_softc = control_softc;
13985
13986#ifdef CTL_TIME_IO
13987	io->io_hdr.start_time = time_uptime;
13988	getbintime(&io->io_hdr.start_bt);
13989#endif /* CTL_TIME_IO */
13990
13991	/* Map FE-specific LUN ID into global one. */
13992	io->io_hdr.nexus.targ_mapped_lun =
13993	    ctl_map_lun(io->io_hdr.nexus.targ_port, io->io_hdr.nexus.targ_lun);
13994
13995	switch (io->io_hdr.io_type) {
13996	case CTL_IO_SCSI:
13997	case CTL_IO_TASK:
13998		if (ctl_debug & CTL_DEBUG_CDB)
13999			ctl_io_print(io);
14000		ctl_enqueue_incoming(io);
14001		break;
14002	default:
14003		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
14004		return (EINVAL);
14005	}
14006
14007	return (CTL_RETVAL_COMPLETE);
14008}
14009
14010#ifdef CTL_IO_DELAY
14011static void
14012ctl_done_timer_wakeup(void *arg)
14013{
14014	union ctl_io *io;
14015
14016	io = (union ctl_io *)arg;
14017	ctl_done(io);
14018}
14019#endif /* CTL_IO_DELAY */
14020
14021void
14022ctl_done(union ctl_io *io)
14023{
14024	struct ctl_softc *ctl_softc;
14025
14026	ctl_softc = control_softc;
14027
14028	/*
14029	 * Enable this to catch duplicate completion issues.
14030	 */
14031#if 0
14032	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
14033		printf("%s: type %d msg %d cdb %x iptl: "
14034		       "%d:%d:%d:%d tag 0x%04x "
14035		       "flag %#x status %x\n",
14036			__func__,
14037			io->io_hdr.io_type,
14038			io->io_hdr.msg_type,
14039			io->scsiio.cdb[0],
14040			io->io_hdr.nexus.initid.id,
14041			io->io_hdr.nexus.targ_port,
14042			io->io_hdr.nexus.targ_target.id,
14043			io->io_hdr.nexus.targ_lun,
14044			(io->io_hdr.io_type ==
14045			CTL_IO_TASK) ?
14046			io->taskio.tag_num :
14047			io->scsiio.tag_num,
14048		        io->io_hdr.flags,
14049			io->io_hdr.status);
14050	} else
14051		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
14052#endif
14053
14054	/*
14055	 * This is an internal copy of an I/O, and should not go through
14056	 * the normal done processing logic.
14057	 */
14058	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
14059		return;
14060
14061	/*
14062	 * We need to send a msg to the serializing shelf to finish the IO
14063	 * as well.  We don't send a finish message to the other shelf if
14064	 * this is a task management command.  Task management commands
14065	 * aren't serialized in the OOA queue, but rather just executed on
14066	 * both shelf controllers for commands that originated on that
14067	 * controller.
14068	 */
14069	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
14070	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
14071		union ctl_ha_msg msg_io;
14072
14073		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
14074		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
14075		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
14076		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
14077		}
14078		/* continue on to finish IO */
14079	}
14080#ifdef CTL_IO_DELAY
14081	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
14082		struct ctl_lun *lun;
14083
14084		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14085
14086		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
14087	} else {
14088		struct ctl_lun *lun;
14089
14090		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14091
14092		if ((lun != NULL)
14093		 && (lun->delay_info.done_delay > 0)) {
14094			struct callout *callout;
14095
14096			callout = (struct callout *)&io->io_hdr.timer_bytes;
14097			callout_init(callout, /*mpsafe*/ 1);
14098			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
14099			callout_reset(callout,
14100				      lun->delay_info.done_delay * hz,
14101				      ctl_done_timer_wakeup, io);
14102			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
14103				lun->delay_info.done_delay = 0;
14104			return;
14105		}
14106	}
14107#endif /* CTL_IO_DELAY */
14108
14109	ctl_enqueue_done(io);
14110}
14111
14112int
14113ctl_isc(struct ctl_scsiio *ctsio)
14114{
14115	struct ctl_lun *lun;
14116	int retval;
14117
14118	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
14119
14120	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
14121
14122	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
14123
14124	retval = lun->backend->data_submit((union ctl_io *)ctsio);
14125
14126	return (retval);
14127}
14128
14129
14130static void
14131ctl_work_thread(void *arg)
14132{
14133	struct ctl_thread *thr = (struct ctl_thread *)arg;
14134	struct ctl_softc *softc = thr->ctl_softc;
14135	union ctl_io *io;
14136	int retval;
14137
14138	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
14139
14140	for (;;) {
14141		retval = 0;
14142
14143		/*
14144		 * We handle the queues in this order:
14145		 * - ISC
14146		 * - done queue (to free up resources, unblock other commands)
14147		 * - RtR queue
14148		 * - incoming queue
14149		 *
14150		 * If those queues are empty, we break out of the loop and
14151		 * go to sleep.
14152		 */
14153		mtx_lock(&thr->queue_lock);
14154		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
14155		if (io != NULL) {
14156			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
14157			mtx_unlock(&thr->queue_lock);
14158			ctl_handle_isc(io);
14159			continue;
14160		}
14161		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
14162		if (io != NULL) {
14163			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
14164			/* clear any blocked commands, call fe_done */
14165			mtx_unlock(&thr->queue_lock);
14166			retval = ctl_process_done(io);
14167			continue;
14168		}
14169		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
14170		if (io != NULL) {
14171			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
14172			mtx_unlock(&thr->queue_lock);
14173			if (io->io_hdr.io_type == CTL_IO_TASK)
14174				ctl_run_task(io);
14175			else
14176				ctl_scsiio_precheck(softc, &io->scsiio);
14177			continue;
14178		}
14179		if (!ctl_pause_rtr) {
14180			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
14181			if (io != NULL) {
14182				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
14183				mtx_unlock(&thr->queue_lock);
14184				retval = ctl_scsiio(&io->scsiio);
14185				if (retval != CTL_RETVAL_COMPLETE)
14186					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
14187				continue;
14188			}
14189		}
14190
14191		/* Sleep until we have something to do. */
14192		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
14193	}
14194}
14195
14196static void
14197ctl_lun_thread(void *arg)
14198{
14199	struct ctl_softc *softc = (struct ctl_softc *)arg;
14200	struct ctl_be_lun *be_lun;
14201	int retval;
14202
14203	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
14204
14205	for (;;) {
14206		retval = 0;
14207		mtx_lock(&softc->ctl_lock);
14208		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
14209		if (be_lun != NULL) {
14210			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
14211			mtx_unlock(&softc->ctl_lock);
14212			ctl_create_lun(be_lun);
14213			continue;
14214		}
14215
14216		/* Sleep until we have something to do. */
14217		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
14218		    PDROP | PRIBIO, "-", 0);
14219	}
14220}
14221
14222static void
14223ctl_thresh_thread(void *arg)
14224{
14225	struct ctl_softc *softc = (struct ctl_softc *)arg;
14226	struct ctl_lun *lun;
14227	struct ctl_be_lun *be_lun;
14228	struct scsi_da_rw_recovery_page *rwpage;
14229	struct ctl_logical_block_provisioning_page *page;
14230	const char *attr;
14231	uint64_t thres, val;
14232	int i, e;
14233
14234	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
14235
14236	for (;;) {
14237		mtx_lock(&softc->ctl_lock);
14238		STAILQ_FOREACH(lun, &softc->lun_list, links) {
14239			be_lun = lun->be_lun;
14240			if ((lun->flags & CTL_LUN_DISABLED) ||
14241			    (lun->flags & CTL_LUN_OFFLINE) ||
14242			    (be_lun->flags & CTL_LUN_FLAG_UNMAP) == 0 ||
14243			    lun->backend->lun_attr == NULL)
14244				continue;
14245			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
14246			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
14247				continue;
14248			e = 0;
14249			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
14250			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
14251				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
14252					continue;
14253				thres = scsi_4btoul(page->descr[i].count);
14254				thres <<= CTL_LBP_EXPONENT;
14255				switch (page->descr[i].resource) {
14256				case 0x01:
14257					attr = "blocksavail";
14258					break;
14259				case 0x02:
14260					attr = "blocksused";
14261					break;
14262				case 0xf1:
14263					attr = "poolblocksavail";
14264					break;
14265				case 0xf2:
14266					attr = "poolblocksused";
14267					break;
14268				default:
14269					continue;
14270				}
14271				mtx_unlock(&softc->ctl_lock); // XXX
14272				val = lun->backend->lun_attr(
14273				    lun->be_lun->be_lun, attr);
14274				mtx_lock(&softc->ctl_lock);
14275				if (val == UINT64_MAX)
14276					continue;
14277				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
14278				    == SLBPPD_ARMING_INC)
14279					e |= (val >= thres);
14280				else
14281					e |= (val <= thres);
14282			}
14283			mtx_lock(&lun->lun_lock);
14284			if (e) {
14285				if (lun->lasttpt == 0 ||
14286				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
14287					lun->lasttpt = time_uptime;
14288					for (i = 0; i < CTL_MAX_INITIATORS; i++)
14289						lun->pending_ua[i] |=
14290						    CTL_UA_THIN_PROV_THRES;
14291				}
14292			} else {
14293				lun->lasttpt = 0;
14294				for (i = 0; i < CTL_MAX_INITIATORS; i++)
14295					lun->pending_ua[i] &= ~CTL_UA_THIN_PROV_THRES;
14296			}
14297			mtx_unlock(&lun->lun_lock);
14298		}
14299		mtx_unlock(&softc->ctl_lock);
14300		pause("-", CTL_LBP_PERIOD * hz);
14301	}
14302}
14303
14304static void
14305ctl_enqueue_incoming(union ctl_io *io)
14306{
14307	struct ctl_softc *softc = control_softc;
14308	struct ctl_thread *thr;
14309	u_int idx;
14310
14311	idx = (io->io_hdr.nexus.targ_port * 127 +
14312	       io->io_hdr.nexus.initid.id) % worker_threads;
14313	thr = &softc->threads[idx];
14314	mtx_lock(&thr->queue_lock);
14315	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
14316	mtx_unlock(&thr->queue_lock);
14317	wakeup(thr);
14318}
14319
14320static void
14321ctl_enqueue_rtr(union ctl_io *io)
14322{
14323	struct ctl_softc *softc = control_softc;
14324	struct ctl_thread *thr;
14325
14326	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14327	mtx_lock(&thr->queue_lock);
14328	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
14329	mtx_unlock(&thr->queue_lock);
14330	wakeup(thr);
14331}
14332
14333static void
14334ctl_enqueue_done(union ctl_io *io)
14335{
14336	struct ctl_softc *softc = control_softc;
14337	struct ctl_thread *thr;
14338
14339	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14340	mtx_lock(&thr->queue_lock);
14341	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
14342	mtx_unlock(&thr->queue_lock);
14343	wakeup(thr);
14344}
14345
14346static void
14347ctl_enqueue_isc(union ctl_io *io)
14348{
14349	struct ctl_softc *softc = control_softc;
14350	struct ctl_thread *thr;
14351
14352	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14353	mtx_lock(&thr->queue_lock);
14354	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
14355	mtx_unlock(&thr->queue_lock);
14356	wakeup(thr);
14357}
14358
14359/* Initialization and failover */
14360
14361void
14362ctl_init_isc_msg(void)
14363{
14364	printf("CTL: Still calling this thing\n");
14365}
14366
14367/*
14368 * Init component
14369 * 	Initializes component into configuration defined by bootMode
14370 *	(see hasc-sv.c)
14371 *  	returns hasc_Status:
14372 * 		OK
14373 *		ERROR - fatal error
14374 */
14375static ctl_ha_comp_status
14376ctl_isc_init(struct ctl_ha_component *c)
14377{
14378	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14379
14380	c->status = ret;
14381	return ret;
14382}
14383
14384/* Start component
14385 * 	Starts component in state requested. If component starts successfully,
14386 *	it must set its own state to the requestrd state
14387 *	When requested state is HASC_STATE_HA, the component may refine it
14388 * 	by adding _SLAVE or _MASTER flags.
14389 *	Currently allowed state transitions are:
14390 *	UNKNOWN->HA		- initial startup
14391 *	UNKNOWN->SINGLE - initial startup when no parter detected
14392 *	HA->SINGLE		- failover
14393 * returns ctl_ha_comp_status:
14394 * 		OK	- component successfully started in requested state
14395 *		FAILED  - could not start the requested state, failover may
14396 * 			  be possible
14397 *		ERROR	- fatal error detected, no future startup possible
14398 */
14399static ctl_ha_comp_status
14400ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
14401{
14402	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14403
14404	printf("%s: go\n", __func__);
14405
14406	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
14407	if (c->state == CTL_HA_STATE_UNKNOWN ) {
14408		ctl_is_single = 0;
14409		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
14410		    != CTL_HA_STATUS_SUCCESS) {
14411			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
14412			ret = CTL_HA_COMP_STATUS_ERROR;
14413		}
14414	} else if (CTL_HA_STATE_IS_HA(c->state)
14415		&& CTL_HA_STATE_IS_SINGLE(state)){
14416		// HA->SINGLE transition
14417	        ctl_failover();
14418		ctl_is_single = 1;
14419	} else {
14420		printf("ctl_isc_start:Invalid state transition %X->%X\n",
14421		       c->state, state);
14422		ret = CTL_HA_COMP_STATUS_ERROR;
14423	}
14424	if (CTL_HA_STATE_IS_SINGLE(state))
14425		ctl_is_single = 1;
14426
14427	c->state = state;
14428	c->status = ret;
14429	return ret;
14430}
14431
14432/*
14433 * Quiesce component
14434 * The component must clear any error conditions (set status to OK) and
14435 * prepare itself to another Start call
14436 * returns ctl_ha_comp_status:
14437 * 	OK
14438 *	ERROR
14439 */
14440static ctl_ha_comp_status
14441ctl_isc_quiesce(struct ctl_ha_component *c)
14442{
14443	int ret = CTL_HA_COMP_STATUS_OK;
14444
14445	ctl_pause_rtr = 1;
14446	c->status = ret;
14447	return ret;
14448}
14449
14450struct ctl_ha_component ctl_ha_component_ctlisc =
14451{
14452	.name = "CTL ISC",
14453	.state = CTL_HA_STATE_UNKNOWN,
14454	.init = ctl_isc_init,
14455	.start = ctl_isc_start,
14456	.quiesce = ctl_isc_quiesce
14457};
14458
14459/*
14460 *  vim: ts=8
14461 */
14462