ctl.c revision 275478 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id: //depot/users/kenm/FreeBSD-test2/sys/cam/ctl/ctl.c#8 $
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 275478 2014-12-04 17:36:29Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/ctype.h>
50#include <sys/kernel.h>
51#include <sys/types.h>
52#include <sys/kthread.h>
53#include <sys/bio.h>
54#include <sys/fcntl.h>
55#include <sys/lock.h>
56#include <sys/module.h>
57#include <sys/mutex.h>
58#include <sys/condvar.h>
59#include <sys/malloc.h>
60#include <sys/conf.h>
61#include <sys/ioccom.h>
62#include <sys/queue.h>
63#include <sys/sbuf.h>
64#include <sys/smp.h>
65#include <sys/endian.h>
66#include <sys/sysctl.h>
67#include <vm/uma.h>
68
69#include <cam/cam.h>
70#include <cam/scsi/scsi_all.h>
71#include <cam/scsi/scsi_da.h>
72#include <cam/ctl/ctl_io.h>
73#include <cam/ctl/ctl.h>
74#include <cam/ctl/ctl_frontend.h>
75#include <cam/ctl/ctl_frontend_internal.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Size and alignment macros needed for Copan-specific HA hardware.  These
89 * can go away when the HA code is re-written, and uses busdma for any
90 * hardware.
91 */
92#define	CTL_ALIGN_8B(target, source, type)				\
93	if (((uint32_t)source & 0x7) != 0)				\
94		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
95	else								\
96		target = (type)source;
97
98#define	CTL_SIZE_8B(target, size)					\
99	if ((size & 0x7) != 0)						\
100		target = size + (0x8 - (size & 0x7));			\
101	else								\
102		target = size;
103
104#define CTL_ALIGN_8B_MARGIN	16
105
106/*
107 * Template mode pages.
108 */
109
110/*
111 * Note that these are default values only.  The actual values will be
112 * filled in when the user does a mode sense.
113 */
114static struct copan_debugconf_subpage debugconf_page_default = {
115	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
116	DBGCNF_SUBPAGE_CODE,		/* subpage */
117	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
118	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
119	DBGCNF_VERSION,			/* page_version */
120	{CTL_TIME_IO_DEFAULT_SECS>>8,
121	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
122};
123
124static struct copan_debugconf_subpage debugconf_page_changeable = {
125	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
126	DBGCNF_SUBPAGE_CODE,		/* subpage */
127	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
128	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
129	0,				/* page_version */
130	{0xff,0xff},			/* ctl_time_io_secs */
131};
132
133static struct scsi_da_rw_recovery_page rw_er_page_default = {
134	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
135	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
136	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
137	/*read_retry_count*/0,
138	/*correction_span*/0,
139	/*head_offset_count*/0,
140	/*data_strobe_offset_cnt*/0,
141	/*byte8*/SMS_RWER_LBPERE,
142	/*write_retry_count*/0,
143	/*reserved2*/0,
144	/*recovery_time_limit*/{0, 0},
145};
146
147static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
148	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
149	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
150	/*byte3*/0,
151	/*read_retry_count*/0,
152	/*correction_span*/0,
153	/*head_offset_count*/0,
154	/*data_strobe_offset_cnt*/0,
155	/*byte8*/0,
156	/*write_retry_count*/0,
157	/*reserved2*/0,
158	/*recovery_time_limit*/{0, 0},
159};
160
161static struct scsi_format_page format_page_default = {
162	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
163	/*page_length*/sizeof(struct scsi_format_page) - 2,
164	/*tracks_per_zone*/ {0, 0},
165	/*alt_sectors_per_zone*/ {0, 0},
166	/*alt_tracks_per_zone*/ {0, 0},
167	/*alt_tracks_per_lun*/ {0, 0},
168	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
169			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
170	/*bytes_per_sector*/ {0, 0},
171	/*interleave*/ {0, 0},
172	/*track_skew*/ {0, 0},
173	/*cylinder_skew*/ {0, 0},
174	/*flags*/ SFP_HSEC,
175	/*reserved*/ {0, 0, 0}
176};
177
178static struct scsi_format_page format_page_changeable = {
179	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
180	/*page_length*/sizeof(struct scsi_format_page) - 2,
181	/*tracks_per_zone*/ {0, 0},
182	/*alt_sectors_per_zone*/ {0, 0},
183	/*alt_tracks_per_zone*/ {0, 0},
184	/*alt_tracks_per_lun*/ {0, 0},
185	/*sectors_per_track*/ {0, 0},
186	/*bytes_per_sector*/ {0, 0},
187	/*interleave*/ {0, 0},
188	/*track_skew*/ {0, 0},
189	/*cylinder_skew*/ {0, 0},
190	/*flags*/ 0,
191	/*reserved*/ {0, 0, 0}
192};
193
194static struct scsi_rigid_disk_page rigid_disk_page_default = {
195	/*page_code*/SMS_RIGID_DISK_PAGE,
196	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
197	/*cylinders*/ {0, 0, 0},
198	/*heads*/ CTL_DEFAULT_HEADS,
199	/*start_write_precomp*/ {0, 0, 0},
200	/*start_reduced_current*/ {0, 0, 0},
201	/*step_rate*/ {0, 0},
202	/*landing_zone_cylinder*/ {0, 0, 0},
203	/*rpl*/ SRDP_RPL_DISABLED,
204	/*rotational_offset*/ 0,
205	/*reserved1*/ 0,
206	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
207			   CTL_DEFAULT_ROTATION_RATE & 0xff},
208	/*reserved2*/ {0, 0}
209};
210
211static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
212	/*page_code*/SMS_RIGID_DISK_PAGE,
213	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
214	/*cylinders*/ {0, 0, 0},
215	/*heads*/ 0,
216	/*start_write_precomp*/ {0, 0, 0},
217	/*start_reduced_current*/ {0, 0, 0},
218	/*step_rate*/ {0, 0},
219	/*landing_zone_cylinder*/ {0, 0, 0},
220	/*rpl*/ 0,
221	/*rotational_offset*/ 0,
222	/*reserved1*/ 0,
223	/*rotation_rate*/ {0, 0},
224	/*reserved2*/ {0, 0}
225};
226
227static struct scsi_caching_page caching_page_default = {
228	/*page_code*/SMS_CACHING_PAGE,
229	/*page_length*/sizeof(struct scsi_caching_page) - 2,
230	/*flags1*/ SCP_DISC | SCP_WCE,
231	/*ret_priority*/ 0,
232	/*disable_pf_transfer_len*/ {0xff, 0xff},
233	/*min_prefetch*/ {0, 0},
234	/*max_prefetch*/ {0xff, 0xff},
235	/*max_pf_ceiling*/ {0xff, 0xff},
236	/*flags2*/ 0,
237	/*cache_segments*/ 0,
238	/*cache_seg_size*/ {0, 0},
239	/*reserved*/ 0,
240	/*non_cache_seg_size*/ {0, 0, 0}
241};
242
243static struct scsi_caching_page caching_page_changeable = {
244	/*page_code*/SMS_CACHING_PAGE,
245	/*page_length*/sizeof(struct scsi_caching_page) - 2,
246	/*flags1*/ SCP_WCE | SCP_RCD,
247	/*ret_priority*/ 0,
248	/*disable_pf_transfer_len*/ {0, 0},
249	/*min_prefetch*/ {0, 0},
250	/*max_prefetch*/ {0, 0},
251	/*max_pf_ceiling*/ {0, 0},
252	/*flags2*/ 0,
253	/*cache_segments*/ 0,
254	/*cache_seg_size*/ {0, 0},
255	/*reserved*/ 0,
256	/*non_cache_seg_size*/ {0, 0, 0}
257};
258
259static struct scsi_control_page control_page_default = {
260	/*page_code*/SMS_CONTROL_MODE_PAGE,
261	/*page_length*/sizeof(struct scsi_control_page) - 2,
262	/*rlec*/0,
263	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
264	/*eca_and_aen*/0,
265	/*flags4*/SCP_TAS,
266	/*aen_holdoff_period*/{0, 0},
267	/*busy_timeout_period*/{0, 0},
268	/*extended_selftest_completion_time*/{0, 0}
269};
270
271static struct scsi_control_page control_page_changeable = {
272	/*page_code*/SMS_CONTROL_MODE_PAGE,
273	/*page_length*/sizeof(struct scsi_control_page) - 2,
274	/*rlec*/SCP_DSENSE,
275	/*queue_flags*/SCP_QUEUE_ALG_MASK,
276	/*eca_and_aen*/SCP_SWP,
277	/*flags4*/0,
278	/*aen_holdoff_period*/{0, 0},
279	/*busy_timeout_period*/{0, 0},
280	/*extended_selftest_completion_time*/{0, 0}
281};
282
283static struct scsi_info_exceptions_page ie_page_default = {
284	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
285	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
286	/*info_flags*/SIEP_FLAGS_DEXCPT,
287	/*mrie*/0,
288	/*interval_timer*/{0, 0, 0, 0},
289	/*report_count*/{0, 0, 0, 0}
290};
291
292static struct scsi_info_exceptions_page ie_page_changeable = {
293	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
294	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
295	/*info_flags*/0,
296	/*mrie*/0,
297	/*interval_timer*/{0, 0, 0, 0},
298	/*report_count*/{0, 0, 0, 0}
299};
300
301#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
302
303static struct ctl_logical_block_provisioning_page lbp_page_default = {{
304	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
305	/*subpage_code*/0x02,
306	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
307	/*flags*/0,
308	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
309	/*descr*/{}},
310	{{/*flags*/0,
311	  /*resource*/0x01,
312	  /*reserved*/{0, 0},
313	  /*count*/{0, 0, 0, 0}},
314	 {/*flags*/0,
315	  /*resource*/0x02,
316	  /*reserved*/{0, 0},
317	  /*count*/{0, 0, 0, 0}},
318	 {/*flags*/0,
319	  /*resource*/0xf1,
320	  /*reserved*/{0, 0},
321	  /*count*/{0, 0, 0, 0}},
322	 {/*flags*/0,
323	  /*resource*/0xf2,
324	  /*reserved*/{0, 0},
325	  /*count*/{0, 0, 0, 0}}
326	}
327};
328
329static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
330	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
331	/*subpage_code*/0x02,
332	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
333	/*flags*/0,
334	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
335	/*descr*/{}},
336	{{/*flags*/0,
337	  /*resource*/0,
338	  /*reserved*/{0, 0},
339	  /*count*/{0, 0, 0, 0}},
340	 {/*flags*/0,
341	  /*resource*/0,
342	  /*reserved*/{0, 0},
343	  /*count*/{0, 0, 0, 0}},
344	 {/*flags*/0,
345	  /*resource*/0,
346	  /*reserved*/{0, 0},
347	  /*count*/{0, 0, 0, 0}},
348	 {/*flags*/0,
349	  /*resource*/0,
350	  /*reserved*/{0, 0},
351	  /*count*/{0, 0, 0, 0}}
352	}
353};
354
355/*
356 * XXX KDM move these into the softc.
357 */
358static int rcv_sync_msg;
359static uint8_t ctl_pause_rtr;
360
361SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
362static int worker_threads = -1;
363SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
364    &worker_threads, 1, "Number of worker threads");
365static int ctl_debug = CTL_DEBUG_NONE;
366SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
367    &ctl_debug, 0, "Enabled debug flags");
368
369/*
370 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
371 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
372 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
373 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
374 */
375#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
376
377static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
378				  int param);
379static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
380static int ctl_init(void);
381void ctl_shutdown(void);
382static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
383static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
384static void ctl_ioctl_online(void *arg);
385static void ctl_ioctl_offline(void *arg);
386static int ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id);
387static int ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id);
388static int ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio);
389static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
390static int ctl_ioctl_submit_wait(union ctl_io *io);
391static void ctl_ioctl_datamove(union ctl_io *io);
392static void ctl_ioctl_done(union ctl_io *io);
393static void ctl_ioctl_hard_startstop_callback(void *arg,
394					      struct cfi_metatask *metatask);
395static void ctl_ioctl_bbrread_callback(void *arg,struct cfi_metatask *metatask);
396static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
397			      struct ctl_ooa *ooa_hdr,
398			      struct ctl_ooa_entry *kern_entries);
399static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
400		     struct thread *td);
401static uint32_t ctl_map_lun(int port_num, uint32_t lun);
402static uint32_t ctl_map_lun_back(int port_num, uint32_t lun);
403static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
404			 struct ctl_be_lun *be_lun, struct ctl_id target_id);
405static int ctl_free_lun(struct ctl_lun *lun);
406static void ctl_create_lun(struct ctl_be_lun *be_lun);
407/**
408static void ctl_failover_change_pages(struct ctl_softc *softc,
409				      struct ctl_scsiio *ctsio, int master);
410**/
411
412static int ctl_do_mode_select(union ctl_io *io);
413static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
414			   uint64_t res_key, uint64_t sa_res_key,
415			   uint8_t type, uint32_t residx,
416			   struct ctl_scsiio *ctsio,
417			   struct scsi_per_res_out *cdb,
418			   struct scsi_per_res_out_parms* param);
419static void ctl_pro_preempt_other(struct ctl_lun *lun,
420				  union ctl_ha_msg *msg);
421static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
422static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
423static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
424static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
425static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
426static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
427static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
428					 int alloc_len);
429static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
430					 int alloc_len);
431static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
432static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
433static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
434static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
435static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
436static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2);
437static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
438    union ctl_io *pending_io, union ctl_io *ooa_io);
439static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
440				union ctl_io *starting_io);
441static int ctl_check_blocked(struct ctl_lun *lun);
442static int ctl_scsiio_lun_check(struct ctl_softc *ctl_softc,
443				struct ctl_lun *lun,
444				const struct ctl_cmd_entry *entry,
445				struct ctl_scsiio *ctsio);
446//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
447static void ctl_failover(void);
448static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
449			       struct ctl_scsiio *ctsio);
450static int ctl_scsiio(struct ctl_scsiio *ctsio);
451
452static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
453static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
454			    ctl_ua_type ua_type);
455static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
456			 ctl_ua_type ua_type);
457static int ctl_abort_task(union ctl_io *io);
458static int ctl_abort_task_set(union ctl_io *io);
459static int ctl_i_t_nexus_reset(union ctl_io *io);
460static void ctl_run_task(union ctl_io *io);
461#ifdef CTL_IO_DELAY
462static void ctl_datamove_timer_wakeup(void *arg);
463static void ctl_done_timer_wakeup(void *arg);
464#endif /* CTL_IO_DELAY */
465
466static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
467static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
468static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
469static void ctl_datamove_remote_write(union ctl_io *io);
470static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
471static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
472static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
473static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
474				    ctl_ha_dt_cb callback);
475static void ctl_datamove_remote_read(union ctl_io *io);
476static void ctl_datamove_remote(union ctl_io *io);
477static int ctl_process_done(union ctl_io *io);
478static void ctl_lun_thread(void *arg);
479static void ctl_thresh_thread(void *arg);
480static void ctl_work_thread(void *arg);
481static void ctl_enqueue_incoming(union ctl_io *io);
482static void ctl_enqueue_rtr(union ctl_io *io);
483static void ctl_enqueue_done(union ctl_io *io);
484static void ctl_enqueue_isc(union ctl_io *io);
485static const struct ctl_cmd_entry *
486    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
487static const struct ctl_cmd_entry *
488    ctl_validate_command(struct ctl_scsiio *ctsio);
489static int ctl_cmd_applicable(uint8_t lun_type,
490    const struct ctl_cmd_entry *entry);
491
492/*
493 * Load the serialization table.  This isn't very pretty, but is probably
494 * the easiest way to do it.
495 */
496#include "ctl_ser_table.c"
497
498/*
499 * We only need to define open, close and ioctl routines for this driver.
500 */
501static struct cdevsw ctl_cdevsw = {
502	.d_version =	D_VERSION,
503	.d_flags =	0,
504	.d_open =	ctl_open,
505	.d_close =	ctl_close,
506	.d_ioctl =	ctl_ioctl,
507	.d_name =	"ctl",
508};
509
510
511MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
512MALLOC_DEFINE(M_CTLIO, "ctlio", "Memory used for CTL requests");
513
514static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
515
516static moduledata_t ctl_moduledata = {
517	"ctl",
518	ctl_module_event_handler,
519	NULL
520};
521
522DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
523MODULE_VERSION(ctl, 1);
524
525static struct ctl_frontend ioctl_frontend =
526{
527	.name = "ioctl",
528};
529
530static void
531ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
532			    union ctl_ha_msg *msg_info)
533{
534	struct ctl_scsiio *ctsio;
535
536	if (msg_info->hdr.original_sc == NULL) {
537		printf("%s: original_sc == NULL!\n", __func__);
538		/* XXX KDM now what? */
539		return;
540	}
541
542	ctsio = &msg_info->hdr.original_sc->scsiio;
543	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
544	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
545	ctsio->io_hdr.status = msg_info->hdr.status;
546	ctsio->scsi_status = msg_info->scsi.scsi_status;
547	ctsio->sense_len = msg_info->scsi.sense_len;
548	ctsio->sense_residual = msg_info->scsi.sense_residual;
549	ctsio->residual = msg_info->scsi.residual;
550	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
551	       sizeof(ctsio->sense_data));
552	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
553	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
554	ctl_enqueue_isc((union ctl_io *)ctsio);
555}
556
557static void
558ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
559				union ctl_ha_msg *msg_info)
560{
561	struct ctl_scsiio *ctsio;
562
563	if (msg_info->hdr.serializing_sc == NULL) {
564		printf("%s: serializing_sc == NULL!\n", __func__);
565		/* XXX KDM now what? */
566		return;
567	}
568
569	ctsio = &msg_info->hdr.serializing_sc->scsiio;
570#if 0
571	/*
572	 * Attempt to catch the situation where an I/O has
573	 * been freed, and we're using it again.
574	 */
575	if (ctsio->io_hdr.io_type == 0xff) {
576		union ctl_io *tmp_io;
577		tmp_io = (union ctl_io *)ctsio;
578		printf("%s: %p use after free!\n", __func__,
579		       ctsio);
580		printf("%s: type %d msg %d cdb %x iptl: "
581		       "%d:%d:%d:%d tag 0x%04x "
582		       "flag %#x status %x\n",
583			__func__,
584			tmp_io->io_hdr.io_type,
585			tmp_io->io_hdr.msg_type,
586			tmp_io->scsiio.cdb[0],
587			tmp_io->io_hdr.nexus.initid.id,
588			tmp_io->io_hdr.nexus.targ_port,
589			tmp_io->io_hdr.nexus.targ_target.id,
590			tmp_io->io_hdr.nexus.targ_lun,
591			(tmp_io->io_hdr.io_type ==
592			CTL_IO_TASK) ?
593			tmp_io->taskio.tag_num :
594			tmp_io->scsiio.tag_num,
595		        tmp_io->io_hdr.flags,
596			tmp_io->io_hdr.status);
597	}
598#endif
599	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
600	ctl_enqueue_isc((union ctl_io *)ctsio);
601}
602
603/*
604 * ISC (Inter Shelf Communication) event handler.  Events from the HA
605 * subsystem come in here.
606 */
607static void
608ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
609{
610	struct ctl_softc *ctl_softc;
611	union ctl_io *io;
612	struct ctl_prio *presio;
613	ctl_ha_status isc_status;
614
615	ctl_softc = control_softc;
616	io = NULL;
617
618
619#if 0
620	printf("CTL: Isc Msg event %d\n", event);
621#endif
622	if (event == CTL_HA_EVT_MSG_RECV) {
623		union ctl_ha_msg msg_info;
624
625		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
626					     sizeof(msg_info), /*wait*/ 0);
627#if 0
628		printf("CTL: msg_type %d\n", msg_info.msg_type);
629#endif
630		if (isc_status != 0) {
631			printf("Error receiving message, status = %d\n",
632			       isc_status);
633			return;
634		}
635
636		switch (msg_info.hdr.msg_type) {
637		case CTL_MSG_SERIALIZE:
638#if 0
639			printf("Serialize\n");
640#endif
641			io = ctl_alloc_io_nowait(ctl_softc->othersc_pool);
642			if (io == NULL) {
643				printf("ctl_isc_event_handler: can't allocate "
644				       "ctl_io!\n");
645				/* Bad Juju */
646				/* Need to set busy and send msg back */
647				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
648				msg_info.hdr.status = CTL_SCSI_ERROR;
649				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
650				msg_info.scsi.sense_len = 0;
651			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
652				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
653				}
654				goto bailout;
655			}
656			ctl_zero_io(io);
657			// populate ctsio from msg_info
658			io->io_hdr.io_type = CTL_IO_SCSI;
659			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
660			io->io_hdr.original_sc = msg_info.hdr.original_sc;
661#if 0
662			printf("pOrig %x\n", (int)msg_info.original_sc);
663#endif
664			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
665					    CTL_FLAG_IO_ACTIVE;
666			/*
667			 * If we're in serialization-only mode, we don't
668			 * want to go through full done processing.  Thus
669			 * the COPY flag.
670			 *
671			 * XXX KDM add another flag that is more specific.
672			 */
673			if (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)
674				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
675			io->io_hdr.nexus = msg_info.hdr.nexus;
676#if 0
677			printf("targ %d, port %d, iid %d, lun %d\n",
678			       io->io_hdr.nexus.targ_target.id,
679			       io->io_hdr.nexus.targ_port,
680			       io->io_hdr.nexus.initid.id,
681			       io->io_hdr.nexus.targ_lun);
682#endif
683			io->scsiio.tag_num = msg_info.scsi.tag_num;
684			io->scsiio.tag_type = msg_info.scsi.tag_type;
685			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
686			       CTL_MAX_CDBLEN);
687			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
688				const struct ctl_cmd_entry *entry;
689
690				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
691				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
692				io->io_hdr.flags |=
693					entry->flags & CTL_FLAG_DATA_MASK;
694			}
695			ctl_enqueue_isc(io);
696			break;
697
698		/* Performed on the Originating SC, XFER mode only */
699		case CTL_MSG_DATAMOVE: {
700			struct ctl_sg_entry *sgl;
701			int i, j;
702
703			io = msg_info.hdr.original_sc;
704			if (io == NULL) {
705				printf("%s: original_sc == NULL!\n", __func__);
706				/* XXX KDM do something here */
707				break;
708			}
709			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
710			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
711			/*
712			 * Keep track of this, we need to send it back over
713			 * when the datamove is complete.
714			 */
715			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
716
717			if (msg_info.dt.sg_sequence == 0) {
718				/*
719				 * XXX KDM we use the preallocated S/G list
720				 * here, but we'll need to change this to
721				 * dynamic allocation if we need larger S/G
722				 * lists.
723				 */
724				if (msg_info.dt.kern_sg_entries >
725				    sizeof(io->io_hdr.remote_sglist) /
726				    sizeof(io->io_hdr.remote_sglist[0])) {
727					printf("%s: number of S/G entries "
728					    "needed %u > allocated num %zd\n",
729					    __func__,
730					    msg_info.dt.kern_sg_entries,
731					    sizeof(io->io_hdr.remote_sglist)/
732					    sizeof(io->io_hdr.remote_sglist[0]));
733
734					/*
735					 * XXX KDM send a message back to
736					 * the other side to shut down the
737					 * DMA.  The error will come back
738					 * through via the normal channel.
739					 */
740					break;
741				}
742				sgl = io->io_hdr.remote_sglist;
743				memset(sgl, 0,
744				       sizeof(io->io_hdr.remote_sglist));
745
746				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
747
748				io->scsiio.kern_sg_entries =
749					msg_info.dt.kern_sg_entries;
750				io->scsiio.rem_sg_entries =
751					msg_info.dt.kern_sg_entries;
752				io->scsiio.kern_data_len =
753					msg_info.dt.kern_data_len;
754				io->scsiio.kern_total_len =
755					msg_info.dt.kern_total_len;
756				io->scsiio.kern_data_resid =
757					msg_info.dt.kern_data_resid;
758				io->scsiio.kern_rel_offset =
759					msg_info.dt.kern_rel_offset;
760				/*
761				 * Clear out per-DMA flags.
762				 */
763				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
764				/*
765				 * Add per-DMA flags that are set for this
766				 * particular DMA request.
767				 */
768				io->io_hdr.flags |= msg_info.dt.flags &
769						    CTL_FLAG_RDMA_MASK;
770			} else
771				sgl = (struct ctl_sg_entry *)
772					io->scsiio.kern_data_ptr;
773
774			for (i = msg_info.dt.sent_sg_entries, j = 0;
775			     i < (msg_info.dt.sent_sg_entries +
776			     msg_info.dt.cur_sg_entries); i++, j++) {
777				sgl[i].addr = msg_info.dt.sg_list[j].addr;
778				sgl[i].len = msg_info.dt.sg_list[j].len;
779
780#if 0
781				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
782				       __func__,
783				       msg_info.dt.sg_list[j].addr,
784				       msg_info.dt.sg_list[j].len,
785				       sgl[i].addr, sgl[i].len, j, i);
786#endif
787			}
788#if 0
789			memcpy(&sgl[msg_info.dt.sent_sg_entries],
790			       msg_info.dt.sg_list,
791			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
792#endif
793
794			/*
795			 * If this is the last piece of the I/O, we've got
796			 * the full S/G list.  Queue processing in the thread.
797			 * Otherwise wait for the next piece.
798			 */
799			if (msg_info.dt.sg_last != 0)
800				ctl_enqueue_isc(io);
801			break;
802		}
803		/* Performed on the Serializing (primary) SC, XFER mode only */
804		case CTL_MSG_DATAMOVE_DONE: {
805			if (msg_info.hdr.serializing_sc == NULL) {
806				printf("%s: serializing_sc == NULL!\n",
807				       __func__);
808				/* XXX KDM now what? */
809				break;
810			}
811			/*
812			 * We grab the sense information here in case
813			 * there was a failure, so we can return status
814			 * back to the initiator.
815			 */
816			io = msg_info.hdr.serializing_sc;
817			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
818			io->io_hdr.status = msg_info.hdr.status;
819			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
820			io->scsiio.sense_len = msg_info.scsi.sense_len;
821			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
822			io->io_hdr.port_status = msg_info.scsi.fetd_status;
823			io->scsiio.residual = msg_info.scsi.residual;
824			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
825			       sizeof(io->scsiio.sense_data));
826			ctl_enqueue_isc(io);
827			break;
828		}
829
830		/* Preformed on Originating SC, SER_ONLY mode */
831		case CTL_MSG_R2R:
832			io = msg_info.hdr.original_sc;
833			if (io == NULL) {
834				printf("%s: Major Bummer\n", __func__);
835				return;
836			} else {
837#if 0
838				printf("pOrig %x\n",(int) ctsio);
839#endif
840			}
841			io->io_hdr.msg_type = CTL_MSG_R2R;
842			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
843			ctl_enqueue_isc(io);
844			break;
845
846		/*
847		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
848		 * mode.
849		 * Performed on the Originating (i.e. secondary) SC in XFER
850		 * mode
851		 */
852		case CTL_MSG_FINISH_IO:
853			if (ctl_softc->ha_mode == CTL_HA_MODE_XFER)
854				ctl_isc_handler_finish_xfer(ctl_softc,
855							    &msg_info);
856			else
857				ctl_isc_handler_finish_ser_only(ctl_softc,
858								&msg_info);
859			break;
860
861		/* Preformed on Originating SC */
862		case CTL_MSG_BAD_JUJU:
863			io = msg_info.hdr.original_sc;
864			if (io == NULL) {
865				printf("%s: Bad JUJU!, original_sc is NULL!\n",
866				       __func__);
867				break;
868			}
869			ctl_copy_sense_data(&msg_info, io);
870			/*
871			 * IO should have already been cleaned up on other
872			 * SC so clear this flag so we won't send a message
873			 * back to finish the IO there.
874			 */
875			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
876			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
877
878			/* io = msg_info.hdr.serializing_sc; */
879			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
880			ctl_enqueue_isc(io);
881			break;
882
883		/* Handle resets sent from the other side */
884		case CTL_MSG_MANAGE_TASKS: {
885			struct ctl_taskio *taskio;
886			taskio = (struct ctl_taskio *)ctl_alloc_io_nowait(
887			    ctl_softc->othersc_pool);
888			if (taskio == NULL) {
889				printf("ctl_isc_event_handler: can't allocate "
890				       "ctl_io!\n");
891				/* Bad Juju */
892				/* should I just call the proper reset func
893				   here??? */
894				goto bailout;
895			}
896			ctl_zero_io((union ctl_io *)taskio);
897			taskio->io_hdr.io_type = CTL_IO_TASK;
898			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
899			taskio->io_hdr.nexus = msg_info.hdr.nexus;
900			taskio->task_action = msg_info.task.task_action;
901			taskio->tag_num = msg_info.task.tag_num;
902			taskio->tag_type = msg_info.task.tag_type;
903#ifdef CTL_TIME_IO
904			taskio->io_hdr.start_time = time_uptime;
905			getbintime(&taskio->io_hdr.start_bt);
906#if 0
907			cs_prof_gettime(&taskio->io_hdr.start_ticks);
908#endif
909#endif /* CTL_TIME_IO */
910			ctl_run_task((union ctl_io *)taskio);
911			break;
912		}
913		/* Persistent Reserve action which needs attention */
914		case CTL_MSG_PERS_ACTION:
915			presio = (struct ctl_prio *)ctl_alloc_io_nowait(
916			    ctl_softc->othersc_pool);
917			if (presio == NULL) {
918				printf("ctl_isc_event_handler: can't allocate "
919				       "ctl_io!\n");
920				/* Bad Juju */
921				/* Need to set busy and send msg back */
922				goto bailout;
923			}
924			ctl_zero_io((union ctl_io *)presio);
925			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
926			presio->pr_msg = msg_info.pr;
927			ctl_enqueue_isc((union ctl_io *)presio);
928			break;
929		case CTL_MSG_SYNC_FE:
930			rcv_sync_msg = 1;
931			break;
932		default:
933		        printf("How did I get here?\n");
934		}
935	} else if (event == CTL_HA_EVT_MSG_SENT) {
936		if (param != CTL_HA_STATUS_SUCCESS) {
937			printf("Bad status from ctl_ha_msg_send status %d\n",
938			       param);
939		}
940		return;
941	} else if (event == CTL_HA_EVT_DISCONNECT) {
942		printf("CTL: Got a disconnect from Isc\n");
943		return;
944	} else {
945		printf("ctl_isc_event_handler: Unknown event %d\n", event);
946		return;
947	}
948
949bailout:
950	return;
951}
952
953static void
954ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
955{
956	struct scsi_sense_data *sense;
957
958	sense = &dest->scsiio.sense_data;
959	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
960	dest->scsiio.scsi_status = src->scsi.scsi_status;
961	dest->scsiio.sense_len = src->scsi.sense_len;
962	dest->io_hdr.status = src->hdr.status;
963}
964
965static void
966ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
967{
968	ctl_ua_type *pu;
969
970	mtx_assert(&lun->lun_lock, MA_OWNED);
971	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
972	if (pu == NULL)
973		return;
974	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
975}
976
977static void
978ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
979{
980	int i, j;
981
982	mtx_assert(&lun->lun_lock, MA_OWNED);
983	for (i = 0; i < CTL_MAX_PORTS; i++) {
984		if (lun->pending_ua[i] == NULL)
985			continue;
986		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
987			if (i * CTL_MAX_INIT_PER_PORT + j == except)
988				continue;
989			lun->pending_ua[i][j] |= ua;
990		}
991	}
992}
993
994static void
995ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
996{
997	ctl_ua_type *pu;
998
999	mtx_assert(&lun->lun_lock, MA_OWNED);
1000	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1001	if (pu == NULL)
1002		return;
1003	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1004}
1005
1006static void
1007ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1008{
1009	int i, j;
1010
1011	mtx_assert(&lun->lun_lock, MA_OWNED);
1012	for (i = 0; i < CTL_MAX_PORTS; i++) {
1013		if (lun->pending_ua[i] == NULL)
1014			continue;
1015		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1016			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1017				continue;
1018			lun->pending_ua[i][j] &= ~ua;
1019		}
1020	}
1021}
1022
1023static int
1024ctl_ha_state_sysctl(SYSCTL_HANDLER_ARGS)
1025{
1026	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1027	struct ctl_lun *lun;
1028	int error, value;
1029
1030	if (softc->flags & CTL_FLAG_ACTIVE_SHELF)
1031		value = 0;
1032	else
1033		value = 1;
1034
1035	error = sysctl_handle_int(oidp, &value, 0, req);
1036	if ((error != 0) || (req->newptr == NULL))
1037		return (error);
1038
1039	mtx_lock(&softc->ctl_lock);
1040	if (value == 0)
1041		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1042	else
1043		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1044	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1045		mtx_lock(&lun->lun_lock);
1046		ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1047		mtx_unlock(&lun->lun_lock);
1048	}
1049	mtx_unlock(&softc->ctl_lock);
1050	return (0);
1051}
1052
1053static int
1054ctl_init(void)
1055{
1056	struct ctl_softc *softc;
1057	void *other_pool;
1058	struct ctl_port *port;
1059	int i, error, retval;
1060	//int isc_retval;
1061
1062	retval = 0;
1063	ctl_pause_rtr = 0;
1064        rcv_sync_msg = 0;
1065
1066	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1067			       M_WAITOK | M_ZERO);
1068	softc = control_softc;
1069
1070	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1071			      "cam/ctl");
1072
1073	softc->dev->si_drv1 = softc;
1074
1075	/*
1076	 * By default, return a "bad LUN" peripheral qualifier for unknown
1077	 * LUNs.  The user can override this default using the tunable or
1078	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
1079	 */
1080	softc->inquiry_pq_no_lun = 1;
1081	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
1082			  &softc->inquiry_pq_no_lun);
1083	sysctl_ctx_init(&softc->sysctl_ctx);
1084	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1085		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1086		CTLFLAG_RD, 0, "CAM Target Layer");
1087
1088	if (softc->sysctl_tree == NULL) {
1089		printf("%s: unable to allocate sysctl tree\n", __func__);
1090		destroy_dev(softc->dev);
1091		free(control_softc, M_DEVBUF);
1092		control_softc = NULL;
1093		return (ENOMEM);
1094	}
1095
1096	SYSCTL_ADD_INT(&softc->sysctl_ctx,
1097		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
1098		       "inquiry_pq_no_lun", CTLFLAG_RW,
1099		       &softc->inquiry_pq_no_lun, 0,
1100		       "Report no lun possible for invalid LUNs");
1101
1102	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1103	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1104	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1105	softc->open_count = 0;
1106
1107	/*
1108	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1109	 * the drive.
1110	 */
1111	softc->flags = CTL_FLAG_REAL_SYNC;
1112
1113	/*
1114	 * In Copan's HA scheme, the "master" and "slave" roles are
1115	 * figured out through the slot the controller is in.  Although it
1116	 * is an active/active system, someone has to be in charge.
1117	 */
1118	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1119	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1120	    "HA head ID (0 - no HA)");
1121	if (softc->ha_id == 0) {
1122		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1123		softc->is_single = 1;
1124		softc->port_offset = 0;
1125	} else
1126		softc->port_offset = (softc->ha_id - 1) * CTL_MAX_PORTS;
1127	softc->persis_offset = softc->port_offset * CTL_MAX_INIT_PER_PORT;
1128
1129	/*
1130	 * XXX KDM need to figure out where we want to get our target ID
1131	 * and WWID.  Is it different on each port?
1132	 */
1133	softc->target.id = 0;
1134	softc->target.wwid[0] = 0x12345678;
1135	softc->target.wwid[1] = 0x87654321;
1136	STAILQ_INIT(&softc->lun_list);
1137	STAILQ_INIT(&softc->pending_lun_queue);
1138	STAILQ_INIT(&softc->fe_list);
1139	STAILQ_INIT(&softc->port_list);
1140	STAILQ_INIT(&softc->be_list);
1141	ctl_tpc_init(softc);
1142
1143	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1144	                    &other_pool) != 0)
1145	{
1146		printf("ctl: can't allocate %d entry other SC pool, "
1147		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1148		return (ENOMEM);
1149	}
1150	softc->othersc_pool = other_pool;
1151
1152	if (worker_threads <= 0)
1153		worker_threads = max(1, mp_ncpus / 4);
1154	if (worker_threads > CTL_MAX_THREADS)
1155		worker_threads = CTL_MAX_THREADS;
1156
1157	for (i = 0; i < worker_threads; i++) {
1158		struct ctl_thread *thr = &softc->threads[i];
1159
1160		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1161		thr->ctl_softc = softc;
1162		STAILQ_INIT(&thr->incoming_queue);
1163		STAILQ_INIT(&thr->rtr_queue);
1164		STAILQ_INIT(&thr->done_queue);
1165		STAILQ_INIT(&thr->isc_queue);
1166
1167		error = kproc_kthread_add(ctl_work_thread, thr,
1168		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1169		if (error != 0) {
1170			printf("error creating CTL work thread!\n");
1171			ctl_pool_free(other_pool);
1172			return (error);
1173		}
1174	}
1175	error = kproc_kthread_add(ctl_lun_thread, softc,
1176	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1177	if (error != 0) {
1178		printf("error creating CTL lun thread!\n");
1179		ctl_pool_free(other_pool);
1180		return (error);
1181	}
1182	error = kproc_kthread_add(ctl_thresh_thread, softc,
1183	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1184	if (error != 0) {
1185		printf("error creating CTL threshold thread!\n");
1186		ctl_pool_free(other_pool);
1187		return (error);
1188	}
1189	if (bootverbose)
1190		printf("ctl: CAM Target Layer loaded\n");
1191
1192	/*
1193	 * Initialize the ioctl front end.
1194	 */
1195	ctl_frontend_register(&ioctl_frontend);
1196	port = &softc->ioctl_info.port;
1197	port->frontend = &ioctl_frontend;
1198	sprintf(softc->ioctl_info.port_name, "ioctl");
1199	port->port_type = CTL_PORT_IOCTL;
1200	port->num_requested_ctl_io = 100;
1201	port->port_name = softc->ioctl_info.port_name;
1202	port->port_online = ctl_ioctl_online;
1203	port->port_offline = ctl_ioctl_offline;
1204	port->onoff_arg = &softc->ioctl_info;
1205	port->lun_enable = ctl_ioctl_lun_enable;
1206	port->lun_disable = ctl_ioctl_lun_disable;
1207	port->targ_lun_arg = &softc->ioctl_info;
1208	port->fe_datamove = ctl_ioctl_datamove;
1209	port->fe_done = ctl_ioctl_done;
1210	port->max_targets = 15;
1211	port->max_target_id = 15;
1212
1213	if (ctl_port_register(&softc->ioctl_info.port) != 0) {
1214		printf("ctl: ioctl front end registration failed, will "
1215		       "continue anyway\n");
1216	}
1217
1218	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1219	    OID_AUTO, "ha_state", CTLTYPE_INT | CTLFLAG_RWTUN,
1220	    softc, 0, ctl_ha_state_sysctl, "I", "HA state for this head");
1221
1222#ifdef CTL_IO_DELAY
1223	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1224		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1225		       sizeof(struct callout), CTL_TIMER_BYTES);
1226		return (EINVAL);
1227	}
1228#endif /* CTL_IO_DELAY */
1229
1230	return (0);
1231}
1232
1233void
1234ctl_shutdown(void)
1235{
1236	struct ctl_softc *softc;
1237	struct ctl_lun *lun, *next_lun;
1238
1239	softc = (struct ctl_softc *)control_softc;
1240
1241	if (ctl_port_deregister(&softc->ioctl_info.port) != 0)
1242		printf("ctl: ioctl front end deregistration failed\n");
1243
1244	mtx_lock(&softc->ctl_lock);
1245
1246	/*
1247	 * Free up each LUN.
1248	 */
1249	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1250		next_lun = STAILQ_NEXT(lun, links);
1251		ctl_free_lun(lun);
1252	}
1253
1254	mtx_unlock(&softc->ctl_lock);
1255
1256	ctl_frontend_deregister(&ioctl_frontend);
1257
1258#if 0
1259	ctl_shutdown_thread(softc->work_thread);
1260	mtx_destroy(&softc->queue_lock);
1261#endif
1262
1263	ctl_tpc_shutdown(softc);
1264	uma_zdestroy(softc->io_zone);
1265	mtx_destroy(&softc->ctl_lock);
1266
1267	destroy_dev(softc->dev);
1268
1269	sysctl_ctx_free(&softc->sysctl_ctx);
1270
1271	free(control_softc, M_DEVBUF);
1272	control_softc = NULL;
1273
1274	if (bootverbose)
1275		printf("ctl: CAM Target Layer unloaded\n");
1276}
1277
1278static int
1279ctl_module_event_handler(module_t mod, int what, void *arg)
1280{
1281
1282	switch (what) {
1283	case MOD_LOAD:
1284		return (ctl_init());
1285	case MOD_UNLOAD:
1286		return (EBUSY);
1287	default:
1288		return (EOPNOTSUPP);
1289	}
1290}
1291
1292/*
1293 * XXX KDM should we do some access checks here?  Bump a reference count to
1294 * prevent a CTL module from being unloaded while someone has it open?
1295 */
1296static int
1297ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1298{
1299	return (0);
1300}
1301
1302static int
1303ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1304{
1305	return (0);
1306}
1307
1308int
1309ctl_port_enable(ctl_port_type port_type)
1310{
1311	struct ctl_softc *softc = control_softc;
1312	struct ctl_port *port;
1313
1314	if (softc->is_single == 0) {
1315		union ctl_ha_msg msg_info;
1316		int isc_retval;
1317
1318#if 0
1319		printf("%s: HA mode, synchronizing frontend enable\n",
1320		        __func__);
1321#endif
1322		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1323	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1324		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1325			printf("Sync msg send error retval %d\n", isc_retval);
1326		}
1327		if (!rcv_sync_msg) {
1328			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1329			        sizeof(msg_info), 1);
1330		}
1331#if 0
1332        	printf("CTL:Frontend Enable\n");
1333	} else {
1334		printf("%s: single mode, skipping frontend synchronization\n",
1335		        __func__);
1336#endif
1337	}
1338
1339	STAILQ_FOREACH(port, &softc->port_list, links) {
1340		if (port_type & port->port_type)
1341		{
1342#if 0
1343			printf("port %d\n", port->targ_port);
1344#endif
1345			ctl_port_online(port);
1346		}
1347	}
1348
1349	return (0);
1350}
1351
1352int
1353ctl_port_disable(ctl_port_type port_type)
1354{
1355	struct ctl_softc *softc;
1356	struct ctl_port *port;
1357
1358	softc = control_softc;
1359
1360	STAILQ_FOREACH(port, &softc->port_list, links) {
1361		if (port_type & port->port_type)
1362			ctl_port_offline(port);
1363	}
1364
1365	return (0);
1366}
1367
1368/*
1369 * Returns 0 for success, 1 for failure.
1370 * Currently the only failure mode is if there aren't enough entries
1371 * allocated.  So, in case of a failure, look at num_entries_dropped,
1372 * reallocate and try again.
1373 */
1374int
1375ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1376	      int *num_entries_filled, int *num_entries_dropped,
1377	      ctl_port_type port_type, int no_virtual)
1378{
1379	struct ctl_softc *softc;
1380	struct ctl_port *port;
1381	int entries_dropped, entries_filled;
1382	int retval;
1383	int i;
1384
1385	softc = control_softc;
1386
1387	retval = 0;
1388	entries_filled = 0;
1389	entries_dropped = 0;
1390
1391	i = 0;
1392	mtx_lock(&softc->ctl_lock);
1393	STAILQ_FOREACH(port, &softc->port_list, links) {
1394		struct ctl_port_entry *entry;
1395
1396		if ((port->port_type & port_type) == 0)
1397			continue;
1398
1399		if ((no_virtual != 0)
1400		 && (port->virtual_port != 0))
1401			continue;
1402
1403		if (entries_filled >= num_entries_alloced) {
1404			entries_dropped++;
1405			continue;
1406		}
1407		entry = &entries[i];
1408
1409		entry->port_type = port->port_type;
1410		strlcpy(entry->port_name, port->port_name,
1411			sizeof(entry->port_name));
1412		entry->physical_port = port->physical_port;
1413		entry->virtual_port = port->virtual_port;
1414		entry->wwnn = port->wwnn;
1415		entry->wwpn = port->wwpn;
1416
1417		i++;
1418		entries_filled++;
1419	}
1420
1421	mtx_unlock(&softc->ctl_lock);
1422
1423	if (entries_dropped > 0)
1424		retval = 1;
1425
1426	*num_entries_dropped = entries_dropped;
1427	*num_entries_filled = entries_filled;
1428
1429	return (retval);
1430}
1431
1432static void
1433ctl_ioctl_online(void *arg)
1434{
1435	struct ctl_ioctl_info *ioctl_info;
1436
1437	ioctl_info = (struct ctl_ioctl_info *)arg;
1438
1439	ioctl_info->flags |= CTL_IOCTL_FLAG_ENABLED;
1440}
1441
1442static void
1443ctl_ioctl_offline(void *arg)
1444{
1445	struct ctl_ioctl_info *ioctl_info;
1446
1447	ioctl_info = (struct ctl_ioctl_info *)arg;
1448
1449	ioctl_info->flags &= ~CTL_IOCTL_FLAG_ENABLED;
1450}
1451
1452/*
1453 * Remove an initiator by port number and initiator ID.
1454 * Returns 0 for success, -1 for failure.
1455 */
1456int
1457ctl_remove_initiator(struct ctl_port *port, int iid)
1458{
1459	struct ctl_softc *softc = control_softc;
1460
1461	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1462
1463	if (iid > CTL_MAX_INIT_PER_PORT) {
1464		printf("%s: initiator ID %u > maximun %u!\n",
1465		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1466		return (-1);
1467	}
1468
1469	mtx_lock(&softc->ctl_lock);
1470	port->wwpn_iid[iid].in_use--;
1471	port->wwpn_iid[iid].last_use = time_uptime;
1472	mtx_unlock(&softc->ctl_lock);
1473
1474	return (0);
1475}
1476
1477/*
1478 * Add an initiator to the initiator map.
1479 * Returns iid for success, < 0 for failure.
1480 */
1481int
1482ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1483{
1484	struct ctl_softc *softc = control_softc;
1485	time_t best_time;
1486	int i, best;
1487
1488	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1489
1490	if (iid >= CTL_MAX_INIT_PER_PORT) {
1491		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1492		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1493		free(name, M_CTL);
1494		return (-1);
1495	}
1496
1497	mtx_lock(&softc->ctl_lock);
1498
1499	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1500		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1501			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1502				iid = i;
1503				break;
1504			}
1505			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1506			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1507				iid = i;
1508				break;
1509			}
1510		}
1511	}
1512
1513	if (iid < 0) {
1514		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1515			if (port->wwpn_iid[i].in_use == 0 &&
1516			    port->wwpn_iid[i].wwpn == 0 &&
1517			    port->wwpn_iid[i].name == NULL) {
1518				iid = i;
1519				break;
1520			}
1521		}
1522	}
1523
1524	if (iid < 0) {
1525		best = -1;
1526		best_time = INT32_MAX;
1527		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1528			if (port->wwpn_iid[i].in_use == 0) {
1529				if (port->wwpn_iid[i].last_use < best_time) {
1530					best = i;
1531					best_time = port->wwpn_iid[i].last_use;
1532				}
1533			}
1534		}
1535		iid = best;
1536	}
1537
1538	if (iid < 0) {
1539		mtx_unlock(&softc->ctl_lock);
1540		free(name, M_CTL);
1541		return (-2);
1542	}
1543
1544	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1545		/*
1546		 * This is not an error yet.
1547		 */
1548		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1549#if 0
1550			printf("%s: port %d iid %u WWPN %#jx arrived"
1551			    " again\n", __func__, port->targ_port,
1552			    iid, (uintmax_t)wwpn);
1553#endif
1554			goto take;
1555		}
1556		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1557		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1558#if 0
1559			printf("%s: port %d iid %u name '%s' arrived"
1560			    " again\n", __func__, port->targ_port,
1561			    iid, name);
1562#endif
1563			goto take;
1564		}
1565
1566		/*
1567		 * This is an error, but what do we do about it?  The
1568		 * driver is telling us we have a new WWPN for this
1569		 * initiator ID, so we pretty much need to use it.
1570		 */
1571		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1572		    " but WWPN %#jx '%s' is still at that address\n",
1573		    __func__, port->targ_port, iid, wwpn, name,
1574		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1575		    port->wwpn_iid[iid].name);
1576
1577		/*
1578		 * XXX KDM clear have_ca and ua_pending on each LUN for
1579		 * this initiator.
1580		 */
1581	}
1582take:
1583	free(port->wwpn_iid[iid].name, M_CTL);
1584	port->wwpn_iid[iid].name = name;
1585	port->wwpn_iid[iid].wwpn = wwpn;
1586	port->wwpn_iid[iid].in_use++;
1587	mtx_unlock(&softc->ctl_lock);
1588
1589	return (iid);
1590}
1591
1592static int
1593ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1594{
1595	int len;
1596
1597	switch (port->port_type) {
1598	case CTL_PORT_FC:
1599	{
1600		struct scsi_transportid_fcp *id =
1601		    (struct scsi_transportid_fcp *)buf;
1602		if (port->wwpn_iid[iid].wwpn == 0)
1603			return (0);
1604		memset(id, 0, sizeof(*id));
1605		id->format_protocol = SCSI_PROTO_FC;
1606		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1607		return (sizeof(*id));
1608	}
1609	case CTL_PORT_ISCSI:
1610	{
1611		struct scsi_transportid_iscsi_port *id =
1612		    (struct scsi_transportid_iscsi_port *)buf;
1613		if (port->wwpn_iid[iid].name == NULL)
1614			return (0);
1615		memset(id, 0, 256);
1616		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1617		    SCSI_PROTO_ISCSI;
1618		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1619		len = roundup2(min(len, 252), 4);
1620		scsi_ulto2b(len, id->additional_length);
1621		return (sizeof(*id) + len);
1622	}
1623	case CTL_PORT_SAS:
1624	{
1625		struct scsi_transportid_sas *id =
1626		    (struct scsi_transportid_sas *)buf;
1627		if (port->wwpn_iid[iid].wwpn == 0)
1628			return (0);
1629		memset(id, 0, sizeof(*id));
1630		id->format_protocol = SCSI_PROTO_SAS;
1631		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1632		return (sizeof(*id));
1633	}
1634	default:
1635	{
1636		struct scsi_transportid_spi *id =
1637		    (struct scsi_transportid_spi *)buf;
1638		memset(id, 0, sizeof(*id));
1639		id->format_protocol = SCSI_PROTO_SPI;
1640		scsi_ulto2b(iid, id->scsi_addr);
1641		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1642		return (sizeof(*id));
1643	}
1644	}
1645}
1646
1647static int
1648ctl_ioctl_lun_enable(void *arg, struct ctl_id targ_id, int lun_id)
1649{
1650	return (0);
1651}
1652
1653static int
1654ctl_ioctl_lun_disable(void *arg, struct ctl_id targ_id, int lun_id)
1655{
1656	return (0);
1657}
1658
1659/*
1660 * Data movement routine for the CTL ioctl frontend port.
1661 */
1662static int
1663ctl_ioctl_do_datamove(struct ctl_scsiio *ctsio)
1664{
1665	struct ctl_sg_entry *ext_sglist, *kern_sglist;
1666	struct ctl_sg_entry ext_entry, kern_entry;
1667	int ext_sglen, ext_sg_entries, kern_sg_entries;
1668	int ext_sg_start, ext_offset;
1669	int len_to_copy, len_copied;
1670	int kern_watermark, ext_watermark;
1671	int ext_sglist_malloced;
1672	int i, j;
1673
1674	ext_sglist_malloced = 0;
1675	ext_sg_start = 0;
1676	ext_offset = 0;
1677
1678	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove\n"));
1679
1680	/*
1681	 * If this flag is set, fake the data transfer.
1682	 */
1683	if (ctsio->io_hdr.flags & CTL_FLAG_NO_DATAMOVE) {
1684		ctsio->ext_data_filled = ctsio->ext_data_len;
1685		goto bailout;
1686	}
1687
1688	/*
1689	 * To simplify things here, if we have a single buffer, stick it in
1690	 * a S/G entry and just make it a single entry S/G list.
1691	 */
1692	if (ctsio->io_hdr.flags & CTL_FLAG_EDPTR_SGLIST) {
1693		int len_seen;
1694
1695		ext_sglen = ctsio->ext_sg_entries * sizeof(*ext_sglist);
1696
1697		ext_sglist = (struct ctl_sg_entry *)malloc(ext_sglen, M_CTL,
1698							   M_WAITOK);
1699		ext_sglist_malloced = 1;
1700		if (copyin(ctsio->ext_data_ptr, ext_sglist,
1701				   ext_sglen) != 0) {
1702			ctl_set_internal_failure(ctsio,
1703						 /*sks_valid*/ 0,
1704						 /*retry_count*/ 0);
1705			goto bailout;
1706		}
1707		ext_sg_entries = ctsio->ext_sg_entries;
1708		len_seen = 0;
1709		for (i = 0; i < ext_sg_entries; i++) {
1710			if ((len_seen + ext_sglist[i].len) >=
1711			     ctsio->ext_data_filled) {
1712				ext_sg_start = i;
1713				ext_offset = ctsio->ext_data_filled - len_seen;
1714				break;
1715			}
1716			len_seen += ext_sglist[i].len;
1717		}
1718	} else {
1719		ext_sglist = &ext_entry;
1720		ext_sglist->addr = ctsio->ext_data_ptr;
1721		ext_sglist->len = ctsio->ext_data_len;
1722		ext_sg_entries = 1;
1723		ext_sg_start = 0;
1724		ext_offset = ctsio->ext_data_filled;
1725	}
1726
1727	if (ctsio->kern_sg_entries > 0) {
1728		kern_sglist = (struct ctl_sg_entry *)ctsio->kern_data_ptr;
1729		kern_sg_entries = ctsio->kern_sg_entries;
1730	} else {
1731		kern_sglist = &kern_entry;
1732		kern_sglist->addr = ctsio->kern_data_ptr;
1733		kern_sglist->len = ctsio->kern_data_len;
1734		kern_sg_entries = 1;
1735	}
1736
1737
1738	kern_watermark = 0;
1739	ext_watermark = ext_offset;
1740	len_copied = 0;
1741	for (i = ext_sg_start, j = 0;
1742	     i < ext_sg_entries && j < kern_sg_entries;) {
1743		uint8_t *ext_ptr, *kern_ptr;
1744
1745		len_to_copy = ctl_min(ext_sglist[i].len - ext_watermark,
1746				      kern_sglist[j].len - kern_watermark);
1747
1748		ext_ptr = (uint8_t *)ext_sglist[i].addr;
1749		ext_ptr = ext_ptr + ext_watermark;
1750		if (ctsio->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
1751			/*
1752			 * XXX KDM fix this!
1753			 */
1754			panic("need to implement bus address support");
1755#if 0
1756			kern_ptr = bus_to_virt(kern_sglist[j].addr);
1757#endif
1758		} else
1759			kern_ptr = (uint8_t *)kern_sglist[j].addr;
1760		kern_ptr = kern_ptr + kern_watermark;
1761
1762		kern_watermark += len_to_copy;
1763		ext_watermark += len_to_copy;
1764
1765		if ((ctsio->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
1766		     CTL_FLAG_DATA_IN) {
1767			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1768					 "bytes to user\n", len_to_copy));
1769			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1770					 "to %p\n", kern_ptr, ext_ptr));
1771			if (copyout(kern_ptr, ext_ptr, len_to_copy) != 0) {
1772				ctl_set_internal_failure(ctsio,
1773							 /*sks_valid*/ 0,
1774							 /*retry_count*/ 0);
1775				goto bailout;
1776			}
1777		} else {
1778			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: copying %d "
1779					 "bytes from user\n", len_to_copy));
1780			CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: from %p "
1781					 "to %p\n", ext_ptr, kern_ptr));
1782			if (copyin(ext_ptr, kern_ptr, len_to_copy)!= 0){
1783				ctl_set_internal_failure(ctsio,
1784							 /*sks_valid*/ 0,
1785							 /*retry_count*/0);
1786				goto bailout;
1787			}
1788		}
1789
1790		len_copied += len_to_copy;
1791
1792		if (ext_sglist[i].len == ext_watermark) {
1793			i++;
1794			ext_watermark = 0;
1795		}
1796
1797		if (kern_sglist[j].len == kern_watermark) {
1798			j++;
1799			kern_watermark = 0;
1800		}
1801	}
1802
1803	ctsio->ext_data_filled += len_copied;
1804
1805	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_sg_entries: %d, "
1806			 "kern_sg_entries: %d\n", ext_sg_entries,
1807			 kern_sg_entries));
1808	CTL_DEBUG_PRINT(("ctl_ioctl_do_datamove: ext_data_len = %d, "
1809			 "kern_data_len = %d\n", ctsio->ext_data_len,
1810			 ctsio->kern_data_len));
1811
1812
1813	/* XXX KDM set residual?? */
1814bailout:
1815
1816	if (ext_sglist_malloced != 0)
1817		free(ext_sglist, M_CTL);
1818
1819	return (CTL_RETVAL_COMPLETE);
1820}
1821
1822/*
1823 * Serialize a command that went down the "wrong" side, and so was sent to
1824 * this controller for execution.  The logic is a little different than the
1825 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1826 * sent back to the other side, but in the success case, we execute the
1827 * command on this side (XFER mode) or tell the other side to execute it
1828 * (SER_ONLY mode).
1829 */
1830static int
1831ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1832{
1833	struct ctl_softc *ctl_softc;
1834	union ctl_ha_msg msg_info;
1835	struct ctl_lun *lun;
1836	int retval = 0;
1837	uint32_t targ_lun;
1838
1839	ctl_softc = control_softc;
1840
1841	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1842	lun = ctl_softc->ctl_luns[targ_lun];
1843	if (lun==NULL)
1844	{
1845		/*
1846		 * Why isn't LUN defined? The other side wouldn't
1847		 * send a cmd if the LUN is undefined.
1848		 */
1849		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1850
1851		/* "Logical unit not supported" */
1852		ctl_set_sense_data(&msg_info.scsi.sense_data,
1853				   lun,
1854				   /*sense_format*/SSD_TYPE_NONE,
1855				   /*current_error*/ 1,
1856				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1857				   /*asc*/ 0x25,
1858				   /*ascq*/ 0x00,
1859				   SSD_ELEM_NONE);
1860
1861		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1862		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1863		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1864		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1865		msg_info.hdr.serializing_sc = NULL;
1866		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1867	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1868				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1869		}
1870		return(1);
1871
1872	}
1873
1874	mtx_lock(&lun->lun_lock);
1875    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1876
1877	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1878		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1879		 ooa_links))) {
1880	case CTL_ACTION_BLOCK:
1881		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1882		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1883				  blocked_links);
1884		break;
1885	case CTL_ACTION_PASS:
1886	case CTL_ACTION_SKIP:
1887		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
1888			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1889			ctl_enqueue_rtr((union ctl_io *)ctsio);
1890		} else {
1891
1892			/* send msg back to other side */
1893			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1894			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1895			msg_info.hdr.msg_type = CTL_MSG_R2R;
1896#if 0
1897			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1898#endif
1899		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1900			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1901			}
1902		}
1903		break;
1904	case CTL_ACTION_OVERLAP:
1905		/* OVERLAPPED COMMANDS ATTEMPTED */
1906		ctl_set_sense_data(&msg_info.scsi.sense_data,
1907				   lun,
1908				   /*sense_format*/SSD_TYPE_NONE,
1909				   /*current_error*/ 1,
1910				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1911				   /*asc*/ 0x4E,
1912				   /*ascq*/ 0x00,
1913				   SSD_ELEM_NONE);
1914
1915		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1916		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1917		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1918		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1919		msg_info.hdr.serializing_sc = NULL;
1920		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1921#if 0
1922		printf("BAD JUJU:Major Bummer Overlap\n");
1923#endif
1924		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1925		retval = 1;
1926		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1927		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1928		}
1929		break;
1930	case CTL_ACTION_OVERLAP_TAG:
1931		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1932		ctl_set_sense_data(&msg_info.scsi.sense_data,
1933				   lun,
1934				   /*sense_format*/SSD_TYPE_NONE,
1935				   /*current_error*/ 1,
1936				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1937				   /*asc*/ 0x4D,
1938				   /*ascq*/ ctsio->tag_num & 0xff,
1939				   SSD_ELEM_NONE);
1940
1941		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1942		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1943		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1944		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1945		msg_info.hdr.serializing_sc = NULL;
1946		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1947#if 0
1948		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1949#endif
1950		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1951		retval = 1;
1952		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1953		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1954		}
1955		break;
1956	case CTL_ACTION_ERROR:
1957	default:
1958		/* "Internal target failure" */
1959		ctl_set_sense_data(&msg_info.scsi.sense_data,
1960				   lun,
1961				   /*sense_format*/SSD_TYPE_NONE,
1962				   /*current_error*/ 1,
1963				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1964				   /*asc*/ 0x44,
1965				   /*ascq*/ 0x00,
1966				   SSD_ELEM_NONE);
1967
1968		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1969		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1970		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1971		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1972		msg_info.hdr.serializing_sc = NULL;
1973		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1974#if 0
1975		printf("BAD JUJU:Major Bummer HW Error\n");
1976#endif
1977		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1978		retval = 1;
1979		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1980		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1981		}
1982		break;
1983	}
1984	mtx_unlock(&lun->lun_lock);
1985	return (retval);
1986}
1987
1988static int
1989ctl_ioctl_submit_wait(union ctl_io *io)
1990{
1991	struct ctl_fe_ioctl_params params;
1992	ctl_fe_ioctl_state last_state;
1993	int done, retval;
1994
1995	retval = 0;
1996
1997	bzero(&params, sizeof(params));
1998
1999	mtx_init(&params.ioctl_mtx, "ctliocmtx", NULL, MTX_DEF);
2000	cv_init(&params.sem, "ctlioccv");
2001	params.state = CTL_IOCTL_INPROG;
2002	last_state = params.state;
2003
2004	io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr = &params;
2005
2006	CTL_DEBUG_PRINT(("ctl_ioctl_submit_wait\n"));
2007
2008	/* This shouldn't happen */
2009	if ((retval = ctl_queue(io)) != CTL_RETVAL_COMPLETE)
2010		return (retval);
2011
2012	done = 0;
2013
2014	do {
2015		mtx_lock(&params.ioctl_mtx);
2016		/*
2017		 * Check the state here, and don't sleep if the state has
2018		 * already changed (i.e. wakeup has already occured, but we
2019		 * weren't waiting yet).
2020		 */
2021		if (params.state == last_state) {
2022			/* XXX KDM cv_wait_sig instead? */
2023			cv_wait(&params.sem, &params.ioctl_mtx);
2024		}
2025		last_state = params.state;
2026
2027		switch (params.state) {
2028		case CTL_IOCTL_INPROG:
2029			/* Why did we wake up? */
2030			/* XXX KDM error here? */
2031			mtx_unlock(&params.ioctl_mtx);
2032			break;
2033		case CTL_IOCTL_DATAMOVE:
2034			CTL_DEBUG_PRINT(("got CTL_IOCTL_DATAMOVE\n"));
2035
2036			/*
2037			 * change last_state back to INPROG to avoid
2038			 * deadlock on subsequent data moves.
2039			 */
2040			params.state = last_state = CTL_IOCTL_INPROG;
2041
2042			mtx_unlock(&params.ioctl_mtx);
2043			ctl_ioctl_do_datamove(&io->scsiio);
2044			/*
2045			 * Note that in some cases, most notably writes,
2046			 * this will queue the I/O and call us back later.
2047			 * In other cases, generally reads, this routine
2048			 * will immediately call back and wake us up,
2049			 * probably using our own context.
2050			 */
2051			io->scsiio.be_move_done(io);
2052			break;
2053		case CTL_IOCTL_DONE:
2054			mtx_unlock(&params.ioctl_mtx);
2055			CTL_DEBUG_PRINT(("got CTL_IOCTL_DONE\n"));
2056			done = 1;
2057			break;
2058		default:
2059			mtx_unlock(&params.ioctl_mtx);
2060			/* XXX KDM error here? */
2061			break;
2062		}
2063	} while (done == 0);
2064
2065	mtx_destroy(&params.ioctl_mtx);
2066	cv_destroy(&params.sem);
2067
2068	return (CTL_RETVAL_COMPLETE);
2069}
2070
2071static void
2072ctl_ioctl_datamove(union ctl_io *io)
2073{
2074	struct ctl_fe_ioctl_params *params;
2075
2076	params = (struct ctl_fe_ioctl_params *)
2077		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2078
2079	mtx_lock(&params->ioctl_mtx);
2080	params->state = CTL_IOCTL_DATAMOVE;
2081	cv_broadcast(&params->sem);
2082	mtx_unlock(&params->ioctl_mtx);
2083}
2084
2085static void
2086ctl_ioctl_done(union ctl_io *io)
2087{
2088	struct ctl_fe_ioctl_params *params;
2089
2090	params = (struct ctl_fe_ioctl_params *)
2091		io->io_hdr.ctl_private[CTL_PRIV_FRONTEND].ptr;
2092
2093	mtx_lock(&params->ioctl_mtx);
2094	params->state = CTL_IOCTL_DONE;
2095	cv_broadcast(&params->sem);
2096	mtx_unlock(&params->ioctl_mtx);
2097}
2098
2099static void
2100ctl_ioctl_hard_startstop_callback(void *arg, struct cfi_metatask *metatask)
2101{
2102	struct ctl_fe_ioctl_startstop_info *sd_info;
2103
2104	sd_info = (struct ctl_fe_ioctl_startstop_info *)arg;
2105
2106	sd_info->hs_info.status = metatask->status;
2107	sd_info->hs_info.total_luns = metatask->taskinfo.startstop.total_luns;
2108	sd_info->hs_info.luns_complete =
2109		metatask->taskinfo.startstop.luns_complete;
2110	sd_info->hs_info.luns_failed = metatask->taskinfo.startstop.luns_failed;
2111
2112	cv_broadcast(&sd_info->sem);
2113}
2114
2115static void
2116ctl_ioctl_bbrread_callback(void *arg, struct cfi_metatask *metatask)
2117{
2118	struct ctl_fe_ioctl_bbrread_info *fe_bbr_info;
2119
2120	fe_bbr_info = (struct ctl_fe_ioctl_bbrread_info *)arg;
2121
2122	mtx_lock(fe_bbr_info->lock);
2123	fe_bbr_info->bbr_info->status = metatask->status;
2124	fe_bbr_info->bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2125	fe_bbr_info->wakeup_done = 1;
2126	mtx_unlock(fe_bbr_info->lock);
2127
2128	cv_broadcast(&fe_bbr_info->sem);
2129}
2130
2131/*
2132 * Returns 0 for success, errno for failure.
2133 */
2134static int
2135ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2136		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2137{
2138	union ctl_io *io;
2139	int retval;
2140
2141	retval = 0;
2142
2143	mtx_lock(&lun->lun_lock);
2144	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2145	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2146	     ooa_links)) {
2147		struct ctl_ooa_entry *entry;
2148
2149		/*
2150		 * If we've got more than we can fit, just count the
2151		 * remaining entries.
2152		 */
2153		if (*cur_fill_num >= ooa_hdr->alloc_num)
2154			continue;
2155
2156		entry = &kern_entries[*cur_fill_num];
2157
2158		entry->tag_num = io->scsiio.tag_num;
2159		entry->lun_num = lun->lun;
2160#ifdef CTL_TIME_IO
2161		entry->start_bt = io->io_hdr.start_bt;
2162#endif
2163		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2164		entry->cdb_len = io->scsiio.cdb_len;
2165		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2166			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2167
2168		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2169			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2170
2171		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2172			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2173
2174		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2175			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2176
2177		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2178			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2179	}
2180	mtx_unlock(&lun->lun_lock);
2181
2182	return (retval);
2183}
2184
2185static void *
2186ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2187		 size_t error_str_len)
2188{
2189	void *kptr;
2190
2191	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2192
2193	if (copyin(user_addr, kptr, len) != 0) {
2194		snprintf(error_str, error_str_len, "Error copying %d bytes "
2195			 "from user address %p to kernel address %p", len,
2196			 user_addr, kptr);
2197		free(kptr, M_CTL);
2198		return (NULL);
2199	}
2200
2201	return (kptr);
2202}
2203
2204static void
2205ctl_free_args(int num_args, struct ctl_be_arg *args)
2206{
2207	int i;
2208
2209	if (args == NULL)
2210		return;
2211
2212	for (i = 0; i < num_args; i++) {
2213		free(args[i].kname, M_CTL);
2214		free(args[i].kvalue, M_CTL);
2215	}
2216
2217	free(args, M_CTL);
2218}
2219
2220static struct ctl_be_arg *
2221ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2222		char *error_str, size_t error_str_len)
2223{
2224	struct ctl_be_arg *args;
2225	int i;
2226
2227	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2228				error_str, error_str_len);
2229
2230	if (args == NULL)
2231		goto bailout;
2232
2233	for (i = 0; i < num_args; i++) {
2234		args[i].kname = NULL;
2235		args[i].kvalue = NULL;
2236	}
2237
2238	for (i = 0; i < num_args; i++) {
2239		uint8_t *tmpptr;
2240
2241		args[i].kname = ctl_copyin_alloc(args[i].name,
2242			args[i].namelen, error_str, error_str_len);
2243		if (args[i].kname == NULL)
2244			goto bailout;
2245
2246		if (args[i].kname[args[i].namelen - 1] != '\0') {
2247			snprintf(error_str, error_str_len, "Argument %d "
2248				 "name is not NUL-terminated", i);
2249			goto bailout;
2250		}
2251
2252		if (args[i].flags & CTL_BEARG_RD) {
2253			tmpptr = ctl_copyin_alloc(args[i].value,
2254				args[i].vallen, error_str, error_str_len);
2255			if (tmpptr == NULL)
2256				goto bailout;
2257			if ((args[i].flags & CTL_BEARG_ASCII)
2258			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2259				snprintf(error_str, error_str_len, "Argument "
2260				    "%d value is not NUL-terminated", i);
2261				goto bailout;
2262			}
2263			args[i].kvalue = tmpptr;
2264		} else {
2265			args[i].kvalue = malloc(args[i].vallen,
2266			    M_CTL, M_WAITOK | M_ZERO);
2267		}
2268	}
2269
2270	return (args);
2271bailout:
2272
2273	ctl_free_args(num_args, args);
2274
2275	return (NULL);
2276}
2277
2278static void
2279ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2280{
2281	int i;
2282
2283	for (i = 0; i < num_args; i++) {
2284		if (args[i].flags & CTL_BEARG_WR)
2285			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2286	}
2287}
2288
2289/*
2290 * Escape characters that are illegal or not recommended in XML.
2291 */
2292int
2293ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2294{
2295	char *end = str + size;
2296	int retval;
2297
2298	retval = 0;
2299
2300	for (; *str && str < end; str++) {
2301		switch (*str) {
2302		case '&':
2303			retval = sbuf_printf(sb, "&amp;");
2304			break;
2305		case '>':
2306			retval = sbuf_printf(sb, "&gt;");
2307			break;
2308		case '<':
2309			retval = sbuf_printf(sb, "&lt;");
2310			break;
2311		default:
2312			retval = sbuf_putc(sb, *str);
2313			break;
2314		}
2315
2316		if (retval != 0)
2317			break;
2318
2319	}
2320
2321	return (retval);
2322}
2323
2324static void
2325ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2326{
2327	struct scsi_vpd_id_descriptor *desc;
2328	int i;
2329
2330	if (id == NULL || id->len < 4)
2331		return;
2332	desc = (struct scsi_vpd_id_descriptor *)id->data;
2333	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2334	case SVPD_ID_TYPE_T10:
2335		sbuf_printf(sb, "t10.");
2336		break;
2337	case SVPD_ID_TYPE_EUI64:
2338		sbuf_printf(sb, "eui.");
2339		break;
2340	case SVPD_ID_TYPE_NAA:
2341		sbuf_printf(sb, "naa.");
2342		break;
2343	case SVPD_ID_TYPE_SCSI_NAME:
2344		break;
2345	}
2346	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2347	case SVPD_ID_CODESET_BINARY:
2348		for (i = 0; i < desc->length; i++)
2349			sbuf_printf(sb, "%02x", desc->identifier[i]);
2350		break;
2351	case SVPD_ID_CODESET_ASCII:
2352		sbuf_printf(sb, "%.*s", (int)desc->length,
2353		    (char *)desc->identifier);
2354		break;
2355	case SVPD_ID_CODESET_UTF8:
2356		sbuf_printf(sb, "%s", (char *)desc->identifier);
2357		break;
2358	}
2359}
2360
2361static int
2362ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2363	  struct thread *td)
2364{
2365	struct ctl_softc *softc;
2366	int retval;
2367
2368	softc = control_softc;
2369
2370	retval = 0;
2371
2372	switch (cmd) {
2373	case CTL_IO: {
2374		union ctl_io *io;
2375		void *pool_tmp;
2376
2377		/*
2378		 * If we haven't been "enabled", don't allow any SCSI I/O
2379		 * to this FETD.
2380		 */
2381		if ((softc->ioctl_info.flags & CTL_IOCTL_FLAG_ENABLED) == 0) {
2382			retval = EPERM;
2383			break;
2384		}
2385
2386		io = ctl_alloc_io(softc->ioctl_info.port.ctl_pool_ref);
2387
2388		/*
2389		 * Need to save the pool reference so it doesn't get
2390		 * spammed by the user's ctl_io.
2391		 */
2392		pool_tmp = io->io_hdr.pool;
2393		memcpy(io, (void *)addr, sizeof(*io));
2394		io->io_hdr.pool = pool_tmp;
2395
2396		/*
2397		 * No status yet, so make sure the status is set properly.
2398		 */
2399		io->io_hdr.status = CTL_STATUS_NONE;
2400
2401		/*
2402		 * The user sets the initiator ID, target and LUN IDs.
2403		 */
2404		io->io_hdr.nexus.targ_port = softc->ioctl_info.port.targ_port;
2405		io->io_hdr.flags |= CTL_FLAG_USER_REQ;
2406		if ((io->io_hdr.io_type == CTL_IO_SCSI)
2407		 && (io->scsiio.tag_type != CTL_TAG_UNTAGGED))
2408			io->scsiio.tag_num = softc->ioctl_info.cur_tag_num++;
2409
2410		retval = ctl_ioctl_submit_wait(io);
2411
2412		if (retval != 0) {
2413			ctl_free_io(io);
2414			break;
2415		}
2416
2417		memcpy((void *)addr, io, sizeof(*io));
2418
2419		/* return this to our pool */
2420		ctl_free_io(io);
2421
2422		break;
2423	}
2424	case CTL_ENABLE_PORT:
2425	case CTL_DISABLE_PORT:
2426	case CTL_SET_PORT_WWNS: {
2427		struct ctl_port *port;
2428		struct ctl_port_entry *entry;
2429
2430		entry = (struct ctl_port_entry *)addr;
2431
2432		mtx_lock(&softc->ctl_lock);
2433		STAILQ_FOREACH(port, &softc->port_list, links) {
2434			int action, done;
2435
2436			action = 0;
2437			done = 0;
2438
2439			if ((entry->port_type == CTL_PORT_NONE)
2440			 && (entry->targ_port == port->targ_port)) {
2441				/*
2442				 * If the user only wants to enable or
2443				 * disable or set WWNs on a specific port,
2444				 * do the operation and we're done.
2445				 */
2446				action = 1;
2447				done = 1;
2448			} else if (entry->port_type & port->port_type) {
2449				/*
2450				 * Compare the user's type mask with the
2451				 * particular frontend type to see if we
2452				 * have a match.
2453				 */
2454				action = 1;
2455				done = 0;
2456
2457				/*
2458				 * Make sure the user isn't trying to set
2459				 * WWNs on multiple ports at the same time.
2460				 */
2461				if (cmd == CTL_SET_PORT_WWNS) {
2462					printf("%s: Can't set WWNs on "
2463					       "multiple ports\n", __func__);
2464					retval = EINVAL;
2465					break;
2466				}
2467			}
2468			if (action != 0) {
2469				/*
2470				 * XXX KDM we have to drop the lock here,
2471				 * because the online/offline operations
2472				 * can potentially block.  We need to
2473				 * reference count the frontends so they
2474				 * can't go away,
2475				 */
2476				mtx_unlock(&softc->ctl_lock);
2477
2478				if (cmd == CTL_ENABLE_PORT) {
2479					struct ctl_lun *lun;
2480
2481					STAILQ_FOREACH(lun, &softc->lun_list,
2482						       links) {
2483						port->lun_enable(port->targ_lun_arg,
2484						    lun->target,
2485						    lun->lun);
2486					}
2487
2488					ctl_port_online(port);
2489				} else if (cmd == CTL_DISABLE_PORT) {
2490					struct ctl_lun *lun;
2491
2492					ctl_port_offline(port);
2493
2494					STAILQ_FOREACH(lun, &softc->lun_list,
2495						       links) {
2496						port->lun_disable(
2497						    port->targ_lun_arg,
2498						    lun->target,
2499						    lun->lun);
2500					}
2501				}
2502
2503				mtx_lock(&softc->ctl_lock);
2504
2505				if (cmd == CTL_SET_PORT_WWNS)
2506					ctl_port_set_wwns(port,
2507					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2508					    1 : 0, entry->wwnn,
2509					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2510					    1 : 0, entry->wwpn);
2511			}
2512			if (done != 0)
2513				break;
2514		}
2515		mtx_unlock(&softc->ctl_lock);
2516		break;
2517	}
2518	case CTL_GET_PORT_LIST: {
2519		struct ctl_port *port;
2520		struct ctl_port_list *list;
2521		int i;
2522
2523		list = (struct ctl_port_list *)addr;
2524
2525		if (list->alloc_len != (list->alloc_num *
2526		    sizeof(struct ctl_port_entry))) {
2527			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2528			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2529			       "%zu\n", __func__, list->alloc_len,
2530			       list->alloc_num, sizeof(struct ctl_port_entry));
2531			retval = EINVAL;
2532			break;
2533		}
2534		list->fill_len = 0;
2535		list->fill_num = 0;
2536		list->dropped_num = 0;
2537		i = 0;
2538		mtx_lock(&softc->ctl_lock);
2539		STAILQ_FOREACH(port, &softc->port_list, links) {
2540			struct ctl_port_entry entry, *list_entry;
2541
2542			if (list->fill_num >= list->alloc_num) {
2543				list->dropped_num++;
2544				continue;
2545			}
2546
2547			entry.port_type = port->port_type;
2548			strlcpy(entry.port_name, port->port_name,
2549				sizeof(entry.port_name));
2550			entry.targ_port = port->targ_port;
2551			entry.physical_port = port->physical_port;
2552			entry.virtual_port = port->virtual_port;
2553			entry.wwnn = port->wwnn;
2554			entry.wwpn = port->wwpn;
2555			if (port->status & CTL_PORT_STATUS_ONLINE)
2556				entry.online = 1;
2557			else
2558				entry.online = 0;
2559
2560			list_entry = &list->entries[i];
2561
2562			retval = copyout(&entry, list_entry, sizeof(entry));
2563			if (retval != 0) {
2564				printf("%s: CTL_GET_PORT_LIST: copyout "
2565				       "returned %d\n", __func__, retval);
2566				break;
2567			}
2568			i++;
2569			list->fill_num++;
2570			list->fill_len += sizeof(entry);
2571		}
2572		mtx_unlock(&softc->ctl_lock);
2573
2574		/*
2575		 * If this is non-zero, we had a copyout fault, so there's
2576		 * probably no point in attempting to set the status inside
2577		 * the structure.
2578		 */
2579		if (retval != 0)
2580			break;
2581
2582		if (list->dropped_num > 0)
2583			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2584		else
2585			list->status = CTL_PORT_LIST_OK;
2586		break;
2587	}
2588	case CTL_DUMP_OOA: {
2589		struct ctl_lun *lun;
2590		union ctl_io *io;
2591		char printbuf[128];
2592		struct sbuf sb;
2593
2594		mtx_lock(&softc->ctl_lock);
2595		printf("Dumping OOA queues:\n");
2596		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2597			mtx_lock(&lun->lun_lock);
2598			for (io = (union ctl_io *)TAILQ_FIRST(
2599			     &lun->ooa_queue); io != NULL;
2600			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2601			     ooa_links)) {
2602				sbuf_new(&sb, printbuf, sizeof(printbuf),
2603					 SBUF_FIXEDLEN);
2604				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2605					    (intmax_t)lun->lun,
2606					    io->scsiio.tag_num,
2607					    (io->io_hdr.flags &
2608					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2609					    (io->io_hdr.flags &
2610					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2611					    (io->io_hdr.flags &
2612					    CTL_FLAG_ABORT) ? " ABORT" : "",
2613			                    (io->io_hdr.flags &
2614		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2615				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2616				sbuf_finish(&sb);
2617				printf("%s\n", sbuf_data(&sb));
2618			}
2619			mtx_unlock(&lun->lun_lock);
2620		}
2621		printf("OOA queues dump done\n");
2622		mtx_unlock(&softc->ctl_lock);
2623		break;
2624	}
2625	case CTL_GET_OOA: {
2626		struct ctl_lun *lun;
2627		struct ctl_ooa *ooa_hdr;
2628		struct ctl_ooa_entry *entries;
2629		uint32_t cur_fill_num;
2630
2631		ooa_hdr = (struct ctl_ooa *)addr;
2632
2633		if ((ooa_hdr->alloc_len == 0)
2634		 || (ooa_hdr->alloc_num == 0)) {
2635			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2636			       "must be non-zero\n", __func__,
2637			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2638			retval = EINVAL;
2639			break;
2640		}
2641
2642		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2643		    sizeof(struct ctl_ooa_entry))) {
2644			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2645			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2646			       __func__, ooa_hdr->alloc_len,
2647			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2648			retval = EINVAL;
2649			break;
2650		}
2651
2652		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2653		if (entries == NULL) {
2654			printf("%s: could not allocate %d bytes for OOA "
2655			       "dump\n", __func__, ooa_hdr->alloc_len);
2656			retval = ENOMEM;
2657			break;
2658		}
2659
2660		mtx_lock(&softc->ctl_lock);
2661		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2662		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2663		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2664			mtx_unlock(&softc->ctl_lock);
2665			free(entries, M_CTL);
2666			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2667			       __func__, (uintmax_t)ooa_hdr->lun_num);
2668			retval = EINVAL;
2669			break;
2670		}
2671
2672		cur_fill_num = 0;
2673
2674		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2675			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2676				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2677					ooa_hdr, entries);
2678				if (retval != 0)
2679					break;
2680			}
2681			if (retval != 0) {
2682				mtx_unlock(&softc->ctl_lock);
2683				free(entries, M_CTL);
2684				break;
2685			}
2686		} else {
2687			lun = softc->ctl_luns[ooa_hdr->lun_num];
2688
2689			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2690						    entries);
2691		}
2692		mtx_unlock(&softc->ctl_lock);
2693
2694		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2695		ooa_hdr->fill_len = ooa_hdr->fill_num *
2696			sizeof(struct ctl_ooa_entry);
2697		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2698		if (retval != 0) {
2699			printf("%s: error copying out %d bytes for OOA dump\n",
2700			       __func__, ooa_hdr->fill_len);
2701		}
2702
2703		getbintime(&ooa_hdr->cur_bt);
2704
2705		if (cur_fill_num > ooa_hdr->alloc_num) {
2706			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2707			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2708		} else {
2709			ooa_hdr->dropped_num = 0;
2710			ooa_hdr->status = CTL_OOA_OK;
2711		}
2712
2713		free(entries, M_CTL);
2714		break;
2715	}
2716	case CTL_CHECK_OOA: {
2717		union ctl_io *io;
2718		struct ctl_lun *lun;
2719		struct ctl_ooa_info *ooa_info;
2720
2721
2722		ooa_info = (struct ctl_ooa_info *)addr;
2723
2724		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2725			ooa_info->status = CTL_OOA_INVALID_LUN;
2726			break;
2727		}
2728		mtx_lock(&softc->ctl_lock);
2729		lun = softc->ctl_luns[ooa_info->lun_id];
2730		if (lun == NULL) {
2731			mtx_unlock(&softc->ctl_lock);
2732			ooa_info->status = CTL_OOA_INVALID_LUN;
2733			break;
2734		}
2735		mtx_lock(&lun->lun_lock);
2736		mtx_unlock(&softc->ctl_lock);
2737		ooa_info->num_entries = 0;
2738		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2739		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2740		     &io->io_hdr, ooa_links)) {
2741			ooa_info->num_entries++;
2742		}
2743		mtx_unlock(&lun->lun_lock);
2744
2745		ooa_info->status = CTL_OOA_SUCCESS;
2746
2747		break;
2748	}
2749	case CTL_HARD_START:
2750	case CTL_HARD_STOP: {
2751		struct ctl_fe_ioctl_startstop_info ss_info;
2752		struct cfi_metatask *metatask;
2753		struct mtx hs_mtx;
2754
2755		mtx_init(&hs_mtx, "HS Mutex", NULL, MTX_DEF);
2756
2757		cv_init(&ss_info.sem, "hard start/stop cv" );
2758
2759		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2760		if (metatask == NULL) {
2761			retval = ENOMEM;
2762			mtx_destroy(&hs_mtx);
2763			break;
2764		}
2765
2766		if (cmd == CTL_HARD_START)
2767			metatask->tasktype = CFI_TASK_STARTUP;
2768		else
2769			metatask->tasktype = CFI_TASK_SHUTDOWN;
2770
2771		metatask->callback = ctl_ioctl_hard_startstop_callback;
2772		metatask->callback_arg = &ss_info;
2773
2774		cfi_action(metatask);
2775
2776		/* Wait for the callback */
2777		mtx_lock(&hs_mtx);
2778		cv_wait_sig(&ss_info.sem, &hs_mtx);
2779		mtx_unlock(&hs_mtx);
2780
2781		/*
2782		 * All information has been copied from the metatask by the
2783		 * time cv_broadcast() is called, so we free the metatask here.
2784		 */
2785		cfi_free_metatask(metatask);
2786
2787		memcpy((void *)addr, &ss_info.hs_info, sizeof(ss_info.hs_info));
2788
2789		mtx_destroy(&hs_mtx);
2790		break;
2791	}
2792	case CTL_BBRREAD: {
2793		struct ctl_bbrread_info *bbr_info;
2794		struct ctl_fe_ioctl_bbrread_info fe_bbr_info;
2795		struct mtx bbr_mtx;
2796		struct cfi_metatask *metatask;
2797
2798		bbr_info = (struct ctl_bbrread_info *)addr;
2799
2800		bzero(&fe_bbr_info, sizeof(fe_bbr_info));
2801
2802		bzero(&bbr_mtx, sizeof(bbr_mtx));
2803		mtx_init(&bbr_mtx, "BBR Mutex", NULL, MTX_DEF);
2804
2805		fe_bbr_info.bbr_info = bbr_info;
2806		fe_bbr_info.lock = &bbr_mtx;
2807
2808		cv_init(&fe_bbr_info.sem, "BBR read cv");
2809		metatask = cfi_alloc_metatask(/*can_wait*/ 1);
2810
2811		if (metatask == NULL) {
2812			mtx_destroy(&bbr_mtx);
2813			cv_destroy(&fe_bbr_info.sem);
2814			retval = ENOMEM;
2815			break;
2816		}
2817		metatask->tasktype = CFI_TASK_BBRREAD;
2818		metatask->callback = ctl_ioctl_bbrread_callback;
2819		metatask->callback_arg = &fe_bbr_info;
2820		metatask->taskinfo.bbrread.lun_num = bbr_info->lun_num;
2821		metatask->taskinfo.bbrread.lba = bbr_info->lba;
2822		metatask->taskinfo.bbrread.len = bbr_info->len;
2823
2824		cfi_action(metatask);
2825
2826		mtx_lock(&bbr_mtx);
2827		while (fe_bbr_info.wakeup_done == 0)
2828			cv_wait_sig(&fe_bbr_info.sem, &bbr_mtx);
2829		mtx_unlock(&bbr_mtx);
2830
2831		bbr_info->status = metatask->status;
2832		bbr_info->bbr_status = metatask->taskinfo.bbrread.status;
2833		bbr_info->scsi_status = metatask->taskinfo.bbrread.scsi_status;
2834		memcpy(&bbr_info->sense_data,
2835		       &metatask->taskinfo.bbrread.sense_data,
2836		       ctl_min(sizeof(bbr_info->sense_data),
2837			       sizeof(metatask->taskinfo.bbrread.sense_data)));
2838
2839		cfi_free_metatask(metatask);
2840
2841		mtx_destroy(&bbr_mtx);
2842		cv_destroy(&fe_bbr_info.sem);
2843
2844		break;
2845	}
2846	case CTL_DELAY_IO: {
2847		struct ctl_io_delay_info *delay_info;
2848#ifdef CTL_IO_DELAY
2849		struct ctl_lun *lun;
2850#endif /* CTL_IO_DELAY */
2851
2852		delay_info = (struct ctl_io_delay_info *)addr;
2853
2854#ifdef CTL_IO_DELAY
2855		mtx_lock(&softc->ctl_lock);
2856
2857		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2858		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2859			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2860		} else {
2861			lun = softc->ctl_luns[delay_info->lun_id];
2862			mtx_lock(&lun->lun_lock);
2863
2864			delay_info->status = CTL_DELAY_STATUS_OK;
2865
2866			switch (delay_info->delay_type) {
2867			case CTL_DELAY_TYPE_CONT:
2868				break;
2869			case CTL_DELAY_TYPE_ONESHOT:
2870				break;
2871			default:
2872				delay_info->status =
2873					CTL_DELAY_STATUS_INVALID_TYPE;
2874				break;
2875			}
2876
2877			switch (delay_info->delay_loc) {
2878			case CTL_DELAY_LOC_DATAMOVE:
2879				lun->delay_info.datamove_type =
2880					delay_info->delay_type;
2881				lun->delay_info.datamove_delay =
2882					delay_info->delay_secs;
2883				break;
2884			case CTL_DELAY_LOC_DONE:
2885				lun->delay_info.done_type =
2886					delay_info->delay_type;
2887				lun->delay_info.done_delay =
2888					delay_info->delay_secs;
2889				break;
2890			default:
2891				delay_info->status =
2892					CTL_DELAY_STATUS_INVALID_LOC;
2893				break;
2894			}
2895			mtx_unlock(&lun->lun_lock);
2896		}
2897
2898		mtx_unlock(&softc->ctl_lock);
2899#else
2900		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2901#endif /* CTL_IO_DELAY */
2902		break;
2903	}
2904	case CTL_REALSYNC_SET: {
2905		int *syncstate;
2906
2907		syncstate = (int *)addr;
2908
2909		mtx_lock(&softc->ctl_lock);
2910		switch (*syncstate) {
2911		case 0:
2912			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2913			break;
2914		case 1:
2915			softc->flags |= CTL_FLAG_REAL_SYNC;
2916			break;
2917		default:
2918			retval = EINVAL;
2919			break;
2920		}
2921		mtx_unlock(&softc->ctl_lock);
2922		break;
2923	}
2924	case CTL_REALSYNC_GET: {
2925		int *syncstate;
2926
2927		syncstate = (int*)addr;
2928
2929		mtx_lock(&softc->ctl_lock);
2930		if (softc->flags & CTL_FLAG_REAL_SYNC)
2931			*syncstate = 1;
2932		else
2933			*syncstate = 0;
2934		mtx_unlock(&softc->ctl_lock);
2935
2936		break;
2937	}
2938	case CTL_SETSYNC:
2939	case CTL_GETSYNC: {
2940		struct ctl_sync_info *sync_info;
2941		struct ctl_lun *lun;
2942
2943		sync_info = (struct ctl_sync_info *)addr;
2944
2945		mtx_lock(&softc->ctl_lock);
2946		lun = softc->ctl_luns[sync_info->lun_id];
2947		if (lun == NULL) {
2948			mtx_unlock(&softc->ctl_lock);
2949			sync_info->status = CTL_GS_SYNC_NO_LUN;
2950		}
2951		/*
2952		 * Get or set the sync interval.  We're not bounds checking
2953		 * in the set case, hopefully the user won't do something
2954		 * silly.
2955		 */
2956		mtx_lock(&lun->lun_lock);
2957		mtx_unlock(&softc->ctl_lock);
2958		if (cmd == CTL_GETSYNC)
2959			sync_info->sync_interval = lun->sync_interval;
2960		else
2961			lun->sync_interval = sync_info->sync_interval;
2962		mtx_unlock(&lun->lun_lock);
2963
2964		sync_info->status = CTL_GS_SYNC_OK;
2965
2966		break;
2967	}
2968	case CTL_GETSTATS: {
2969		struct ctl_stats *stats;
2970		struct ctl_lun *lun;
2971		int i;
2972
2973		stats = (struct ctl_stats *)addr;
2974
2975		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2976		     stats->alloc_len) {
2977			stats->status = CTL_SS_NEED_MORE_SPACE;
2978			stats->num_luns = softc->num_luns;
2979			break;
2980		}
2981		/*
2982		 * XXX KDM no locking here.  If the LUN list changes,
2983		 * things can blow up.
2984		 */
2985		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2986		     i++, lun = STAILQ_NEXT(lun, links)) {
2987			retval = copyout(&lun->stats, &stats->lun_stats[i],
2988					 sizeof(lun->stats));
2989			if (retval != 0)
2990				break;
2991		}
2992		stats->num_luns = softc->num_luns;
2993		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2994				 softc->num_luns;
2995		stats->status = CTL_SS_OK;
2996#ifdef CTL_TIME_IO
2997		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2998#else
2999		stats->flags = CTL_STATS_FLAG_NONE;
3000#endif
3001		getnanouptime(&stats->timestamp);
3002		break;
3003	}
3004	case CTL_ERROR_INJECT: {
3005		struct ctl_error_desc *err_desc, *new_err_desc;
3006		struct ctl_lun *lun;
3007
3008		err_desc = (struct ctl_error_desc *)addr;
3009
3010		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
3011				      M_WAITOK | M_ZERO);
3012		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
3013
3014		mtx_lock(&softc->ctl_lock);
3015		lun = softc->ctl_luns[err_desc->lun_id];
3016		if (lun == NULL) {
3017			mtx_unlock(&softc->ctl_lock);
3018			free(new_err_desc, M_CTL);
3019			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
3020			       __func__, (uintmax_t)err_desc->lun_id);
3021			retval = EINVAL;
3022			break;
3023		}
3024		mtx_lock(&lun->lun_lock);
3025		mtx_unlock(&softc->ctl_lock);
3026
3027		/*
3028		 * We could do some checking here to verify the validity
3029		 * of the request, but given the complexity of error
3030		 * injection requests, the checking logic would be fairly
3031		 * complex.
3032		 *
3033		 * For now, if the request is invalid, it just won't get
3034		 * executed and might get deleted.
3035		 */
3036		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
3037
3038		/*
3039		 * XXX KDM check to make sure the serial number is unique,
3040		 * in case we somehow manage to wrap.  That shouldn't
3041		 * happen for a very long time, but it's the right thing to
3042		 * do.
3043		 */
3044		new_err_desc->serial = lun->error_serial;
3045		err_desc->serial = lun->error_serial;
3046		lun->error_serial++;
3047
3048		mtx_unlock(&lun->lun_lock);
3049		break;
3050	}
3051	case CTL_ERROR_INJECT_DELETE: {
3052		struct ctl_error_desc *delete_desc, *desc, *desc2;
3053		struct ctl_lun *lun;
3054		int delete_done;
3055
3056		delete_desc = (struct ctl_error_desc *)addr;
3057		delete_done = 0;
3058
3059		mtx_lock(&softc->ctl_lock);
3060		lun = softc->ctl_luns[delete_desc->lun_id];
3061		if (lun == NULL) {
3062			mtx_unlock(&softc->ctl_lock);
3063			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
3064			       __func__, (uintmax_t)delete_desc->lun_id);
3065			retval = EINVAL;
3066			break;
3067		}
3068		mtx_lock(&lun->lun_lock);
3069		mtx_unlock(&softc->ctl_lock);
3070		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
3071			if (desc->serial != delete_desc->serial)
3072				continue;
3073
3074			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
3075				      links);
3076			free(desc, M_CTL);
3077			delete_done = 1;
3078		}
3079		mtx_unlock(&lun->lun_lock);
3080		if (delete_done == 0) {
3081			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
3082			       "error serial %ju on LUN %u\n", __func__,
3083			       delete_desc->serial, delete_desc->lun_id);
3084			retval = EINVAL;
3085			break;
3086		}
3087		break;
3088	}
3089	case CTL_DUMP_STRUCTS: {
3090		int i, j, k;
3091		struct ctl_port *port;
3092		struct ctl_frontend *fe;
3093
3094		mtx_lock(&softc->ctl_lock);
3095		printf("CTL Persistent Reservation information start:\n");
3096		for (i = 0; i < CTL_MAX_LUNS; i++) {
3097			struct ctl_lun *lun;
3098
3099			lun = softc->ctl_luns[i];
3100
3101			if ((lun == NULL)
3102			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3103				continue;
3104
3105			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
3106				if (lun->pr_keys[j] == NULL)
3107					continue;
3108				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3109					if (lun->pr_keys[j][k] == 0)
3110						continue;
3111					printf("  LUN %d port %d iid %d key "
3112					       "%#jx\n", i, j, k,
3113					       (uintmax_t)lun->pr_keys[j][k]);
3114				}
3115			}
3116		}
3117		printf("CTL Persistent Reservation information end\n");
3118		printf("CTL Ports:\n");
3119		STAILQ_FOREACH(port, &softc->port_list, links) {
3120			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3121			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3122			       port->frontend->name, port->port_type,
3123			       port->physical_port, port->virtual_port,
3124			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3125			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3126				if (port->wwpn_iid[j].in_use == 0 &&
3127				    port->wwpn_iid[j].wwpn == 0 &&
3128				    port->wwpn_iid[j].name == NULL)
3129					continue;
3130
3131				printf("    iid %u use %d WWPN %#jx '%s'\n",
3132				    j, port->wwpn_iid[j].in_use,
3133				    (uintmax_t)port->wwpn_iid[j].wwpn,
3134				    port->wwpn_iid[j].name);
3135			}
3136		}
3137		printf("CTL Port information end\n");
3138		mtx_unlock(&softc->ctl_lock);
3139		/*
3140		 * XXX KDM calling this without a lock.  We'd likely want
3141		 * to drop the lock before calling the frontend's dump
3142		 * routine anyway.
3143		 */
3144		printf("CTL Frontends:\n");
3145		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3146			printf("  Frontend '%s'\n", fe->name);
3147			if (fe->fe_dump != NULL)
3148				fe->fe_dump();
3149		}
3150		printf("CTL Frontend information end\n");
3151		break;
3152	}
3153	case CTL_LUN_REQ: {
3154		struct ctl_lun_req *lun_req;
3155		struct ctl_backend_driver *backend;
3156
3157		lun_req = (struct ctl_lun_req *)addr;
3158
3159		backend = ctl_backend_find(lun_req->backend);
3160		if (backend == NULL) {
3161			lun_req->status = CTL_LUN_ERROR;
3162			snprintf(lun_req->error_str,
3163				 sizeof(lun_req->error_str),
3164				 "Backend \"%s\" not found.",
3165				 lun_req->backend);
3166			break;
3167		}
3168		if (lun_req->num_be_args > 0) {
3169			lun_req->kern_be_args = ctl_copyin_args(
3170				lun_req->num_be_args,
3171				lun_req->be_args,
3172				lun_req->error_str,
3173				sizeof(lun_req->error_str));
3174			if (lun_req->kern_be_args == NULL) {
3175				lun_req->status = CTL_LUN_ERROR;
3176				break;
3177			}
3178		}
3179
3180		retval = backend->ioctl(dev, cmd, addr, flag, td);
3181
3182		if (lun_req->num_be_args > 0) {
3183			ctl_copyout_args(lun_req->num_be_args,
3184				      lun_req->kern_be_args);
3185			ctl_free_args(lun_req->num_be_args,
3186				      lun_req->kern_be_args);
3187		}
3188		break;
3189	}
3190	case CTL_LUN_LIST: {
3191		struct sbuf *sb;
3192		struct ctl_lun *lun;
3193		struct ctl_lun_list *list;
3194		struct ctl_option *opt;
3195
3196		list = (struct ctl_lun_list *)addr;
3197
3198		/*
3199		 * Allocate a fixed length sbuf here, based on the length
3200		 * of the user's buffer.  We could allocate an auto-extending
3201		 * buffer, and then tell the user how much larger our
3202		 * amount of data is than his buffer, but that presents
3203		 * some problems:
3204		 *
3205		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3206		 *     we can't hold a lock while calling them with an
3207		 *     auto-extending buffer.
3208 		 *
3209		 * 2.  There is not currently a LUN reference counting
3210		 *     mechanism, outside of outstanding transactions on
3211		 *     the LUN's OOA queue.  So a LUN could go away on us
3212		 *     while we're getting the LUN number, backend-specific
3213		 *     information, etc.  Thus, given the way things
3214		 *     currently work, we need to hold the CTL lock while
3215		 *     grabbing LUN information.
3216		 *
3217		 * So, from the user's standpoint, the best thing to do is
3218		 * allocate what he thinks is a reasonable buffer length,
3219		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3220		 * double the buffer length and try again.  (And repeat
3221		 * that until he succeeds.)
3222		 */
3223		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3224		if (sb == NULL) {
3225			list->status = CTL_LUN_LIST_ERROR;
3226			snprintf(list->error_str, sizeof(list->error_str),
3227				 "Unable to allocate %d bytes for LUN list",
3228				 list->alloc_len);
3229			break;
3230		}
3231
3232		sbuf_printf(sb, "<ctllunlist>\n");
3233
3234		mtx_lock(&softc->ctl_lock);
3235		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3236			mtx_lock(&lun->lun_lock);
3237			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3238					     (uintmax_t)lun->lun);
3239
3240			/*
3241			 * Bail out as soon as we see that we've overfilled
3242			 * the buffer.
3243			 */
3244			if (retval != 0)
3245				break;
3246
3247			retval = sbuf_printf(sb, "\t<backend_type>%s"
3248					     "</backend_type>\n",
3249					     (lun->backend == NULL) ?  "none" :
3250					     lun->backend->name);
3251
3252			if (retval != 0)
3253				break;
3254
3255			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3256					     lun->be_lun->lun_type);
3257
3258			if (retval != 0)
3259				break;
3260
3261			if (lun->backend == NULL) {
3262				retval = sbuf_printf(sb, "</lun>\n");
3263				if (retval != 0)
3264					break;
3265				continue;
3266			}
3267
3268			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3269					     (lun->be_lun->maxlba > 0) ?
3270					     lun->be_lun->maxlba + 1 : 0);
3271
3272			if (retval != 0)
3273				break;
3274
3275			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3276					     lun->be_lun->blocksize);
3277
3278			if (retval != 0)
3279				break;
3280
3281			retval = sbuf_printf(sb, "\t<serial_number>");
3282
3283			if (retval != 0)
3284				break;
3285
3286			retval = ctl_sbuf_printf_esc(sb,
3287			    lun->be_lun->serial_num,
3288			    sizeof(lun->be_lun->serial_num));
3289
3290			if (retval != 0)
3291				break;
3292
3293			retval = sbuf_printf(sb, "</serial_number>\n");
3294
3295			if (retval != 0)
3296				break;
3297
3298			retval = sbuf_printf(sb, "\t<device_id>");
3299
3300			if (retval != 0)
3301				break;
3302
3303			retval = ctl_sbuf_printf_esc(sb,
3304			    lun->be_lun->device_id,
3305			    sizeof(lun->be_lun->device_id));
3306
3307			if (retval != 0)
3308				break;
3309
3310			retval = sbuf_printf(sb, "</device_id>\n");
3311
3312			if (retval != 0)
3313				break;
3314
3315			if (lun->backend->lun_info != NULL) {
3316				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3317				if (retval != 0)
3318					break;
3319			}
3320			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3321				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3322				    opt->name, opt->value, opt->name);
3323				if (retval != 0)
3324					break;
3325			}
3326
3327			retval = sbuf_printf(sb, "</lun>\n");
3328
3329			if (retval != 0)
3330				break;
3331			mtx_unlock(&lun->lun_lock);
3332		}
3333		if (lun != NULL)
3334			mtx_unlock(&lun->lun_lock);
3335		mtx_unlock(&softc->ctl_lock);
3336
3337		if ((retval != 0)
3338		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3339			retval = 0;
3340			sbuf_delete(sb);
3341			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3342			snprintf(list->error_str, sizeof(list->error_str),
3343				 "Out of space, %d bytes is too small",
3344				 list->alloc_len);
3345			break;
3346		}
3347
3348		sbuf_finish(sb);
3349
3350		retval = copyout(sbuf_data(sb), list->lun_xml,
3351				 sbuf_len(sb) + 1);
3352
3353		list->fill_len = sbuf_len(sb) + 1;
3354		list->status = CTL_LUN_LIST_OK;
3355		sbuf_delete(sb);
3356		break;
3357	}
3358	case CTL_ISCSI: {
3359		struct ctl_iscsi *ci;
3360		struct ctl_frontend *fe;
3361
3362		ci = (struct ctl_iscsi *)addr;
3363
3364		fe = ctl_frontend_find("iscsi");
3365		if (fe == NULL) {
3366			ci->status = CTL_ISCSI_ERROR;
3367			snprintf(ci->error_str, sizeof(ci->error_str),
3368			    "Frontend \"iscsi\" not found.");
3369			break;
3370		}
3371
3372		retval = fe->ioctl(dev, cmd, addr, flag, td);
3373		break;
3374	}
3375	case CTL_PORT_REQ: {
3376		struct ctl_req *req;
3377		struct ctl_frontend *fe;
3378
3379		req = (struct ctl_req *)addr;
3380
3381		fe = ctl_frontend_find(req->driver);
3382		if (fe == NULL) {
3383			req->status = CTL_LUN_ERROR;
3384			snprintf(req->error_str, sizeof(req->error_str),
3385			    "Frontend \"%s\" not found.", req->driver);
3386			break;
3387		}
3388		if (req->num_args > 0) {
3389			req->kern_args = ctl_copyin_args(req->num_args,
3390			    req->args, req->error_str, sizeof(req->error_str));
3391			if (req->kern_args == NULL) {
3392				req->status = CTL_LUN_ERROR;
3393				break;
3394			}
3395		}
3396
3397		retval = fe->ioctl(dev, cmd, addr, flag, td);
3398
3399		if (req->num_args > 0) {
3400			ctl_copyout_args(req->num_args, req->kern_args);
3401			ctl_free_args(req->num_args, req->kern_args);
3402		}
3403		break;
3404	}
3405	case CTL_PORT_LIST: {
3406		struct sbuf *sb;
3407		struct ctl_port *port;
3408		struct ctl_lun_list *list;
3409		struct ctl_option *opt;
3410		int j;
3411
3412		list = (struct ctl_lun_list *)addr;
3413
3414		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3415		if (sb == NULL) {
3416			list->status = CTL_LUN_LIST_ERROR;
3417			snprintf(list->error_str, sizeof(list->error_str),
3418				 "Unable to allocate %d bytes for LUN list",
3419				 list->alloc_len);
3420			break;
3421		}
3422
3423		sbuf_printf(sb, "<ctlportlist>\n");
3424
3425		mtx_lock(&softc->ctl_lock);
3426		STAILQ_FOREACH(port, &softc->port_list, links) {
3427			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3428					     (uintmax_t)port->targ_port);
3429
3430			/*
3431			 * Bail out as soon as we see that we've overfilled
3432			 * the buffer.
3433			 */
3434			if (retval != 0)
3435				break;
3436
3437			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3438			    "</frontend_type>\n", port->frontend->name);
3439			if (retval != 0)
3440				break;
3441
3442			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3443					     port->port_type);
3444			if (retval != 0)
3445				break;
3446
3447			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3448			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3449			if (retval != 0)
3450				break;
3451
3452			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3453			    port->port_name);
3454			if (retval != 0)
3455				break;
3456
3457			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3458			    port->physical_port);
3459			if (retval != 0)
3460				break;
3461
3462			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3463			    port->virtual_port);
3464			if (retval != 0)
3465				break;
3466
3467			if (port->target_devid != NULL) {
3468				sbuf_printf(sb, "\t<target>");
3469				ctl_id_sbuf(port->target_devid, sb);
3470				sbuf_printf(sb, "</target>\n");
3471			}
3472
3473			if (port->port_devid != NULL) {
3474				sbuf_printf(sb, "\t<port>");
3475				ctl_id_sbuf(port->port_devid, sb);
3476				sbuf_printf(sb, "</port>\n");
3477			}
3478
3479			if (port->port_info != NULL) {
3480				retval = port->port_info(port->onoff_arg, sb);
3481				if (retval != 0)
3482					break;
3483			}
3484			STAILQ_FOREACH(opt, &port->options, links) {
3485				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3486				    opt->name, opt->value, opt->name);
3487				if (retval != 0)
3488					break;
3489			}
3490
3491			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3492				if (port->wwpn_iid[j].in_use == 0 ||
3493				    (port->wwpn_iid[j].wwpn == 0 &&
3494				     port->wwpn_iid[j].name == NULL))
3495					continue;
3496
3497				if (port->wwpn_iid[j].name != NULL)
3498					retval = sbuf_printf(sb,
3499					    "\t<initiator>%u %s</initiator>\n",
3500					    j, port->wwpn_iid[j].name);
3501				else
3502					retval = sbuf_printf(sb,
3503					    "\t<initiator>%u naa.%08jx</initiator>\n",
3504					    j, port->wwpn_iid[j].wwpn);
3505				if (retval != 0)
3506					break;
3507			}
3508			if (retval != 0)
3509				break;
3510
3511			retval = sbuf_printf(sb, "</targ_port>\n");
3512			if (retval != 0)
3513				break;
3514		}
3515		mtx_unlock(&softc->ctl_lock);
3516
3517		if ((retval != 0)
3518		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3519			retval = 0;
3520			sbuf_delete(sb);
3521			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3522			snprintf(list->error_str, sizeof(list->error_str),
3523				 "Out of space, %d bytes is too small",
3524				 list->alloc_len);
3525			break;
3526		}
3527
3528		sbuf_finish(sb);
3529
3530		retval = copyout(sbuf_data(sb), list->lun_xml,
3531				 sbuf_len(sb) + 1);
3532
3533		list->fill_len = sbuf_len(sb) + 1;
3534		list->status = CTL_LUN_LIST_OK;
3535		sbuf_delete(sb);
3536		break;
3537	}
3538	default: {
3539		/* XXX KDM should we fix this? */
3540#if 0
3541		struct ctl_backend_driver *backend;
3542		unsigned int type;
3543		int found;
3544
3545		found = 0;
3546
3547		/*
3548		 * We encode the backend type as the ioctl type for backend
3549		 * ioctls.  So parse it out here, and then search for a
3550		 * backend of this type.
3551		 */
3552		type = _IOC_TYPE(cmd);
3553
3554		STAILQ_FOREACH(backend, &softc->be_list, links) {
3555			if (backend->type == type) {
3556				found = 1;
3557				break;
3558			}
3559		}
3560		if (found == 0) {
3561			printf("ctl: unknown ioctl command %#lx or backend "
3562			       "%d\n", cmd, type);
3563			retval = EINVAL;
3564			break;
3565		}
3566		retval = backend->ioctl(dev, cmd, addr, flag, td);
3567#endif
3568		retval = ENOTTY;
3569		break;
3570	}
3571	}
3572	return (retval);
3573}
3574
3575uint32_t
3576ctl_get_initindex(struct ctl_nexus *nexus)
3577{
3578	if (nexus->targ_port < CTL_MAX_PORTS)
3579		return (nexus->initid.id +
3580			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3581	else
3582		return (nexus->initid.id +
3583		       ((nexus->targ_port - CTL_MAX_PORTS) *
3584			CTL_MAX_INIT_PER_PORT));
3585}
3586
3587uint32_t
3588ctl_get_resindex(struct ctl_nexus *nexus)
3589{
3590	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3591}
3592
3593uint32_t
3594ctl_port_idx(int port_num)
3595{
3596	if (port_num < CTL_MAX_PORTS)
3597		return(port_num);
3598	else
3599		return(port_num - CTL_MAX_PORTS);
3600}
3601
3602static uint32_t
3603ctl_map_lun(int port_num, uint32_t lun_id)
3604{
3605	struct ctl_port *port;
3606
3607	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3608	if (port == NULL)
3609		return (UINT32_MAX);
3610	if (port->lun_map == NULL)
3611		return (lun_id);
3612	return (port->lun_map(port->targ_lun_arg, lun_id));
3613}
3614
3615static uint32_t
3616ctl_map_lun_back(int port_num, uint32_t lun_id)
3617{
3618	struct ctl_port *port;
3619	uint32_t i;
3620
3621	port = control_softc->ctl_ports[ctl_port_idx(port_num)];
3622	if (port->lun_map == NULL)
3623		return (lun_id);
3624	for (i = 0; i < CTL_MAX_LUNS; i++) {
3625		if (port->lun_map(port->targ_lun_arg, i) == lun_id)
3626			return (i);
3627	}
3628	return (UINT32_MAX);
3629}
3630
3631/*
3632 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3633 * that are a power of 2.
3634 */
3635int
3636ctl_ffz(uint32_t *mask, uint32_t size)
3637{
3638	uint32_t num_chunks, num_pieces;
3639	int i, j;
3640
3641	num_chunks = (size >> 5);
3642	if (num_chunks == 0)
3643		num_chunks++;
3644	num_pieces = ctl_min((sizeof(uint32_t) * 8), size);
3645
3646	for (i = 0; i < num_chunks; i++) {
3647		for (j = 0; j < num_pieces; j++) {
3648			if ((mask[i] & (1 << j)) == 0)
3649				return ((i << 5) + j);
3650		}
3651	}
3652
3653	return (-1);
3654}
3655
3656int
3657ctl_set_mask(uint32_t *mask, uint32_t bit)
3658{
3659	uint32_t chunk, piece;
3660
3661	chunk = bit >> 5;
3662	piece = bit % (sizeof(uint32_t) * 8);
3663
3664	if ((mask[chunk] & (1 << piece)) != 0)
3665		return (-1);
3666	else
3667		mask[chunk] |= (1 << piece);
3668
3669	return (0);
3670}
3671
3672int
3673ctl_clear_mask(uint32_t *mask, uint32_t bit)
3674{
3675	uint32_t chunk, piece;
3676
3677	chunk = bit >> 5;
3678	piece = bit % (sizeof(uint32_t) * 8);
3679
3680	if ((mask[chunk] & (1 << piece)) == 0)
3681		return (-1);
3682	else
3683		mask[chunk] &= ~(1 << piece);
3684
3685	return (0);
3686}
3687
3688int
3689ctl_is_set(uint32_t *mask, uint32_t bit)
3690{
3691	uint32_t chunk, piece;
3692
3693	chunk = bit >> 5;
3694	piece = bit % (sizeof(uint32_t) * 8);
3695
3696	if ((mask[chunk] & (1 << piece)) == 0)
3697		return (0);
3698	else
3699		return (1);
3700}
3701
3702static uint64_t
3703ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3704{
3705	uint64_t *t;
3706
3707	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3708	if (t == NULL)
3709		return (0);
3710	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3711}
3712
3713static void
3714ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3715{
3716	uint64_t *t;
3717
3718	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3719	if (t == NULL)
3720		return;
3721	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3722}
3723
3724static void
3725ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3726{
3727	uint64_t *p;
3728	u_int i;
3729
3730	i = residx/CTL_MAX_INIT_PER_PORT;
3731	if (lun->pr_keys[i] != NULL)
3732		return;
3733	mtx_unlock(&lun->lun_lock);
3734	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3735	    M_WAITOK | M_ZERO);
3736	mtx_lock(&lun->lun_lock);
3737	if (lun->pr_keys[i] == NULL)
3738		lun->pr_keys[i] = p;
3739	else
3740		free(p, M_CTL);
3741}
3742
3743static void
3744ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3745{
3746	uint64_t *t;
3747
3748	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3749	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3750	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3751}
3752
3753/*
3754 * ctl_softc, pool_name, total_ctl_io are passed in.
3755 * npool is passed out.
3756 */
3757int
3758ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3759		uint32_t total_ctl_io, void **npool)
3760{
3761#ifdef IO_POOLS
3762	struct ctl_io_pool *pool;
3763
3764	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3765					    M_NOWAIT | M_ZERO);
3766	if (pool == NULL)
3767		return (ENOMEM);
3768
3769	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3770	pool->ctl_softc = ctl_softc;
3771	pool->zone = uma_zsecond_create(pool->name, NULL,
3772	    NULL, NULL, NULL, ctl_softc->io_zone);
3773	/* uma_prealloc(pool->zone, total_ctl_io); */
3774
3775	*npool = pool;
3776#else
3777	*npool = ctl_softc->io_zone;
3778#endif
3779	return (0);
3780}
3781
3782void
3783ctl_pool_free(struct ctl_io_pool *pool)
3784{
3785
3786	if (pool == NULL)
3787		return;
3788
3789#ifdef IO_POOLS
3790	uma_zdestroy(pool->zone);
3791	free(pool, M_CTL);
3792#endif
3793}
3794
3795union ctl_io *
3796ctl_alloc_io(void *pool_ref)
3797{
3798	union ctl_io *io;
3799#ifdef IO_POOLS
3800	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3801
3802	io = uma_zalloc(pool->zone, M_WAITOK);
3803#else
3804	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3805#endif
3806	if (io != NULL)
3807		io->io_hdr.pool = pool_ref;
3808	return (io);
3809}
3810
3811union ctl_io *
3812ctl_alloc_io_nowait(void *pool_ref)
3813{
3814	union ctl_io *io;
3815#ifdef IO_POOLS
3816	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3817
3818	io = uma_zalloc(pool->zone, M_NOWAIT);
3819#else
3820	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3821#endif
3822	if (io != NULL)
3823		io->io_hdr.pool = pool_ref;
3824	return (io);
3825}
3826
3827void
3828ctl_free_io(union ctl_io *io)
3829{
3830#ifdef IO_POOLS
3831	struct ctl_io_pool *pool;
3832#endif
3833
3834	if (io == NULL)
3835		return;
3836
3837#ifdef IO_POOLS
3838	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3839	uma_zfree(pool->zone, io);
3840#else
3841	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3842#endif
3843}
3844
3845void
3846ctl_zero_io(union ctl_io *io)
3847{
3848	void *pool_ref;
3849
3850	if (io == NULL)
3851		return;
3852
3853	/*
3854	 * May need to preserve linked list pointers at some point too.
3855	 */
3856	pool_ref = io->io_hdr.pool;
3857	memset(io, 0, sizeof(*io));
3858	io->io_hdr.pool = pool_ref;
3859}
3860
3861/*
3862 * This routine is currently used for internal copies of ctl_ios that need
3863 * to persist for some reason after we've already returned status to the
3864 * FETD.  (Thus the flag set.)
3865 *
3866 * XXX XXX
3867 * Note that this makes a blind copy of all fields in the ctl_io, except
3868 * for the pool reference.  This includes any memory that has been
3869 * allocated!  That memory will no longer be valid after done has been
3870 * called, so this would be VERY DANGEROUS for command that actually does
3871 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3872 * start and stop commands, which don't transfer any data, so this is not a
3873 * problem.  If it is used for anything else, the caller would also need to
3874 * allocate data buffer space and this routine would need to be modified to
3875 * copy the data buffer(s) as well.
3876 */
3877void
3878ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3879{
3880	void *pool_ref;
3881
3882	if ((src == NULL)
3883	 || (dest == NULL))
3884		return;
3885
3886	/*
3887	 * May need to preserve linked list pointers at some point too.
3888	 */
3889	pool_ref = dest->io_hdr.pool;
3890
3891	memcpy(dest, src, ctl_min(sizeof(*src), sizeof(*dest)));
3892
3893	dest->io_hdr.pool = pool_ref;
3894	/*
3895	 * We need to know that this is an internal copy, and doesn't need
3896	 * to get passed back to the FETD that allocated it.
3897	 */
3898	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3899}
3900
3901static int
3902ctl_expand_number(const char *buf, uint64_t *num)
3903{
3904	char *endptr;
3905	uint64_t number;
3906	unsigned shift;
3907
3908	number = strtoq(buf, &endptr, 0);
3909
3910	switch (tolower((unsigned char)*endptr)) {
3911	case 'e':
3912		shift = 60;
3913		break;
3914	case 'p':
3915		shift = 50;
3916		break;
3917	case 't':
3918		shift = 40;
3919		break;
3920	case 'g':
3921		shift = 30;
3922		break;
3923	case 'm':
3924		shift = 20;
3925		break;
3926	case 'k':
3927		shift = 10;
3928		break;
3929	case 'b':
3930	case '\0': /* No unit. */
3931		*num = number;
3932		return (0);
3933	default:
3934		/* Unrecognized unit. */
3935		return (-1);
3936	}
3937
3938	if ((number << shift) >> shift != number) {
3939		/* Overflow */
3940		return (-1);
3941	}
3942	*num = number << shift;
3943	return (0);
3944}
3945
3946
3947/*
3948 * This routine could be used in the future to load default and/or saved
3949 * mode page parameters for a particuar lun.
3950 */
3951static int
3952ctl_init_page_index(struct ctl_lun *lun)
3953{
3954	int i;
3955	struct ctl_page_index *page_index;
3956	const char *value;
3957	uint64_t ival;
3958
3959	memcpy(&lun->mode_pages.index, page_index_template,
3960	       sizeof(page_index_template));
3961
3962	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3963
3964		page_index = &lun->mode_pages.index[i];
3965		/*
3966		 * If this is a disk-only mode page, there's no point in
3967		 * setting it up.  For some pages, we have to have some
3968		 * basic information about the disk in order to calculate the
3969		 * mode page data.
3970		 */
3971		if ((lun->be_lun->lun_type != T_DIRECT)
3972		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3973			continue;
3974
3975		switch (page_index->page_code & SMPH_PC_MASK) {
3976		case SMS_RW_ERROR_RECOVERY_PAGE: {
3977			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3978				panic("subpage is incorrect!");
3979			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3980			       &rw_er_page_default,
3981			       sizeof(rw_er_page_default));
3982			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3983			       &rw_er_page_changeable,
3984			       sizeof(rw_er_page_changeable));
3985			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3986			       &rw_er_page_default,
3987			       sizeof(rw_er_page_default));
3988			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3989			       &rw_er_page_default,
3990			       sizeof(rw_er_page_default));
3991			page_index->page_data =
3992				(uint8_t *)lun->mode_pages.rw_er_page;
3993			break;
3994		}
3995		case SMS_FORMAT_DEVICE_PAGE: {
3996			struct scsi_format_page *format_page;
3997
3998			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3999				panic("subpage is incorrect!");
4000
4001			/*
4002			 * Sectors per track are set above.  Bytes per
4003			 * sector need to be set here on a per-LUN basis.
4004			 */
4005			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4006			       &format_page_default,
4007			       sizeof(format_page_default));
4008			memcpy(&lun->mode_pages.format_page[
4009			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4010			       sizeof(format_page_changeable));
4011			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4012			       &format_page_default,
4013			       sizeof(format_page_default));
4014			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4015			       &format_page_default,
4016			       sizeof(format_page_default));
4017
4018			format_page = &lun->mode_pages.format_page[
4019				CTL_PAGE_CURRENT];
4020			scsi_ulto2b(lun->be_lun->blocksize,
4021				    format_page->bytes_per_sector);
4022
4023			format_page = &lun->mode_pages.format_page[
4024				CTL_PAGE_DEFAULT];
4025			scsi_ulto2b(lun->be_lun->blocksize,
4026				    format_page->bytes_per_sector);
4027
4028			format_page = &lun->mode_pages.format_page[
4029				CTL_PAGE_SAVED];
4030			scsi_ulto2b(lun->be_lun->blocksize,
4031				    format_page->bytes_per_sector);
4032
4033			page_index->page_data =
4034				(uint8_t *)lun->mode_pages.format_page;
4035			break;
4036		}
4037		case SMS_RIGID_DISK_PAGE: {
4038			struct scsi_rigid_disk_page *rigid_disk_page;
4039			uint32_t sectors_per_cylinder;
4040			uint64_t cylinders;
4041#ifndef	__XSCALE__
4042			int shift;
4043#endif /* !__XSCALE__ */
4044
4045			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4046				panic("invalid subpage value %d",
4047				      page_index->subpage);
4048
4049			/*
4050			 * Rotation rate and sectors per track are set
4051			 * above.  We calculate the cylinders here based on
4052			 * capacity.  Due to the number of heads and
4053			 * sectors per track we're using, smaller arrays
4054			 * may turn out to have 0 cylinders.  Linux and
4055			 * FreeBSD don't pay attention to these mode pages
4056			 * to figure out capacity, but Solaris does.  It
4057			 * seems to deal with 0 cylinders just fine, and
4058			 * works out a fake geometry based on the capacity.
4059			 */
4060			memcpy(&lun->mode_pages.rigid_disk_page[
4061			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4062			       sizeof(rigid_disk_page_default));
4063			memcpy(&lun->mode_pages.rigid_disk_page[
4064			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4065			       sizeof(rigid_disk_page_changeable));
4066
4067			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4068				CTL_DEFAULT_HEADS;
4069
4070			/*
4071			 * The divide method here will be more accurate,
4072			 * probably, but results in floating point being
4073			 * used in the kernel on i386 (__udivdi3()).  On the
4074			 * XScale, though, __udivdi3() is implemented in
4075			 * software.
4076			 *
4077			 * The shift method for cylinder calculation is
4078			 * accurate if sectors_per_cylinder is a power of
4079			 * 2.  Otherwise it might be slightly off -- you
4080			 * might have a bit of a truncation problem.
4081			 */
4082#ifdef	__XSCALE__
4083			cylinders = (lun->be_lun->maxlba + 1) /
4084				sectors_per_cylinder;
4085#else
4086			for (shift = 31; shift > 0; shift--) {
4087				if (sectors_per_cylinder & (1 << shift))
4088					break;
4089			}
4090			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4091#endif
4092
4093			/*
4094			 * We've basically got 3 bytes, or 24 bits for the
4095			 * cylinder size in the mode page.  If we're over,
4096			 * just round down to 2^24.
4097			 */
4098			if (cylinders > 0xffffff)
4099				cylinders = 0xffffff;
4100
4101			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4102				CTL_PAGE_DEFAULT];
4103			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4104
4105			if ((value = ctl_get_opt(&lun->be_lun->options,
4106			    "rpm")) != NULL) {
4107				scsi_ulto2b(strtol(value, NULL, 0),
4108				     rigid_disk_page->rotation_rate);
4109			}
4110
4111			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4112			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4113			       sizeof(rigid_disk_page_default));
4114			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4115			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4116			       sizeof(rigid_disk_page_default));
4117
4118			page_index->page_data =
4119				(uint8_t *)lun->mode_pages.rigid_disk_page;
4120			break;
4121		}
4122		case SMS_CACHING_PAGE: {
4123			struct scsi_caching_page *caching_page;
4124
4125			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4126				panic("invalid subpage value %d",
4127				      page_index->subpage);
4128			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4129			       &caching_page_default,
4130			       sizeof(caching_page_default));
4131			memcpy(&lun->mode_pages.caching_page[
4132			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4133			       sizeof(caching_page_changeable));
4134			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4135			       &caching_page_default,
4136			       sizeof(caching_page_default));
4137			caching_page = &lun->mode_pages.caching_page[
4138			    CTL_PAGE_SAVED];
4139			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4140			if (value != NULL && strcmp(value, "off") == 0)
4141				caching_page->flags1 &= ~SCP_WCE;
4142			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4143			if (value != NULL && strcmp(value, "off") == 0)
4144				caching_page->flags1 |= SCP_RCD;
4145			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4146			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4147			       sizeof(caching_page_default));
4148			page_index->page_data =
4149				(uint8_t *)lun->mode_pages.caching_page;
4150			break;
4151		}
4152		case SMS_CONTROL_MODE_PAGE: {
4153			struct scsi_control_page *control_page;
4154
4155			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4156				panic("invalid subpage value %d",
4157				      page_index->subpage);
4158
4159			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
4160			       &control_page_default,
4161			       sizeof(control_page_default));
4162			memcpy(&lun->mode_pages.control_page[
4163			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
4164			       sizeof(control_page_changeable));
4165			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
4166			       &control_page_default,
4167			       sizeof(control_page_default));
4168			control_page = &lun->mode_pages.control_page[
4169			    CTL_PAGE_SAVED];
4170			value = ctl_get_opt(&lun->be_lun->options, "reordering");
4171			if (value != NULL && strcmp(value, "unrestricted") == 0) {
4172				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
4173				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
4174			}
4175			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
4176			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
4177			       sizeof(control_page_default));
4178			page_index->page_data =
4179				(uint8_t *)lun->mode_pages.control_page;
4180			break;
4181
4182		}
4183		case SMS_INFO_EXCEPTIONS_PAGE: {
4184			switch (page_index->subpage) {
4185			case SMS_SUBPAGE_PAGE_0:
4186				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4187				       &ie_page_default,
4188				       sizeof(ie_page_default));
4189				memcpy(&lun->mode_pages.ie_page[
4190				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4191				       sizeof(ie_page_changeable));
4192				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4193				       &ie_page_default,
4194				       sizeof(ie_page_default));
4195				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4196				       &ie_page_default,
4197				       sizeof(ie_page_default));
4198				page_index->page_data =
4199					(uint8_t *)lun->mode_pages.ie_page;
4200				break;
4201			case 0x02: {
4202				struct ctl_logical_block_provisioning_page *page;
4203
4204				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4205				       &lbp_page_default,
4206				       sizeof(lbp_page_default));
4207				memcpy(&lun->mode_pages.lbp_page[
4208				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4209				       sizeof(lbp_page_changeable));
4210				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4211				       &lbp_page_default,
4212				       sizeof(lbp_page_default));
4213				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4214				value = ctl_get_opt(&lun->be_lun->options,
4215				    "avail-threshold");
4216				if (value != NULL &&
4217				    ctl_expand_number(value, &ival) == 0) {
4218					page->descr[0].flags |= SLBPPD_ENABLED |
4219					    SLBPPD_ARMING_DEC;
4220					if (lun->be_lun->blocksize)
4221						ival /= lun->be_lun->blocksize;
4222					else
4223						ival /= 512;
4224					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4225					    page->descr[0].count);
4226				}
4227				value = ctl_get_opt(&lun->be_lun->options,
4228				    "used-threshold");
4229				if (value != NULL &&
4230				    ctl_expand_number(value, &ival) == 0) {
4231					page->descr[1].flags |= SLBPPD_ENABLED |
4232					    SLBPPD_ARMING_INC;
4233					if (lun->be_lun->blocksize)
4234						ival /= lun->be_lun->blocksize;
4235					else
4236						ival /= 512;
4237					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4238					    page->descr[1].count);
4239				}
4240				value = ctl_get_opt(&lun->be_lun->options,
4241				    "pool-avail-threshold");
4242				if (value != NULL &&
4243				    ctl_expand_number(value, &ival) == 0) {
4244					page->descr[2].flags |= SLBPPD_ENABLED |
4245					    SLBPPD_ARMING_DEC;
4246					if (lun->be_lun->blocksize)
4247						ival /= lun->be_lun->blocksize;
4248					else
4249						ival /= 512;
4250					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4251					    page->descr[2].count);
4252				}
4253				value = ctl_get_opt(&lun->be_lun->options,
4254				    "pool-used-threshold");
4255				if (value != NULL &&
4256				    ctl_expand_number(value, &ival) == 0) {
4257					page->descr[3].flags |= SLBPPD_ENABLED |
4258					    SLBPPD_ARMING_INC;
4259					if (lun->be_lun->blocksize)
4260						ival /= lun->be_lun->blocksize;
4261					else
4262						ival /= 512;
4263					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4264					    page->descr[3].count);
4265				}
4266				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4267				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4268				       sizeof(lbp_page_default));
4269				page_index->page_data =
4270					(uint8_t *)lun->mode_pages.lbp_page;
4271			}}
4272			break;
4273		}
4274		case SMS_VENDOR_SPECIFIC_PAGE:{
4275			switch (page_index->subpage) {
4276			case DBGCNF_SUBPAGE_CODE: {
4277				struct copan_debugconf_subpage *current_page,
4278							       *saved_page;
4279
4280				memcpy(&lun->mode_pages.debugconf_subpage[
4281				       CTL_PAGE_CURRENT],
4282				       &debugconf_page_default,
4283				       sizeof(debugconf_page_default));
4284				memcpy(&lun->mode_pages.debugconf_subpage[
4285				       CTL_PAGE_CHANGEABLE],
4286				       &debugconf_page_changeable,
4287				       sizeof(debugconf_page_changeable));
4288				memcpy(&lun->mode_pages.debugconf_subpage[
4289				       CTL_PAGE_DEFAULT],
4290				       &debugconf_page_default,
4291				       sizeof(debugconf_page_default));
4292				memcpy(&lun->mode_pages.debugconf_subpage[
4293				       CTL_PAGE_SAVED],
4294				       &debugconf_page_default,
4295				       sizeof(debugconf_page_default));
4296				page_index->page_data =
4297					(uint8_t *)lun->mode_pages.debugconf_subpage;
4298
4299				current_page = (struct copan_debugconf_subpage *)
4300					(page_index->page_data +
4301					 (page_index->page_len *
4302					  CTL_PAGE_CURRENT));
4303				saved_page = (struct copan_debugconf_subpage *)
4304					(page_index->page_data +
4305					 (page_index->page_len *
4306					  CTL_PAGE_SAVED));
4307				break;
4308			}
4309			default:
4310				panic("invalid subpage value %d",
4311				      page_index->subpage);
4312				break;
4313			}
4314   			break;
4315		}
4316		default:
4317			panic("invalid page value %d",
4318			      page_index->page_code & SMPH_PC_MASK);
4319			break;
4320    	}
4321	}
4322
4323	return (CTL_RETVAL_COMPLETE);
4324}
4325
4326static int
4327ctl_init_log_page_index(struct ctl_lun *lun)
4328{
4329	struct ctl_page_index *page_index;
4330	int i, j, k, prev;
4331
4332	memcpy(&lun->log_pages.index, log_page_index_template,
4333	       sizeof(log_page_index_template));
4334
4335	prev = -1;
4336	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4337
4338		page_index = &lun->log_pages.index[i];
4339		/*
4340		 * If this is a disk-only mode page, there's no point in
4341		 * setting it up.  For some pages, we have to have some
4342		 * basic information about the disk in order to calculate the
4343		 * mode page data.
4344		 */
4345		if ((lun->be_lun->lun_type != T_DIRECT)
4346		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4347			continue;
4348
4349		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4350		    ((lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) == 0 ||
4351		     lun->backend->lun_attr == NULL))
4352			continue;
4353
4354		if (page_index->page_code != prev) {
4355			lun->log_pages.pages_page[j] = page_index->page_code;
4356			prev = page_index->page_code;
4357			j++;
4358		}
4359		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4360		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4361		k++;
4362	}
4363	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4364	lun->log_pages.index[0].page_len = j;
4365	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4366	lun->log_pages.index[1].page_len = k * 2;
4367	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4368	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4369
4370	return (CTL_RETVAL_COMPLETE);
4371}
4372
4373static int
4374hex2bin(const char *str, uint8_t *buf, int buf_size)
4375{
4376	int i;
4377	u_char c;
4378
4379	memset(buf, 0, buf_size);
4380	while (isspace(str[0]))
4381		str++;
4382	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4383		str += 2;
4384	buf_size *= 2;
4385	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4386		c = str[i];
4387		if (isdigit(c))
4388			c -= '0';
4389		else if (isalpha(c))
4390			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4391		else
4392			break;
4393		if (c >= 16)
4394			break;
4395		if ((i & 1) == 0)
4396			buf[i / 2] |= (c << 4);
4397		else
4398			buf[i / 2] |= c;
4399	}
4400	return ((i + 1) / 2);
4401}
4402
4403/*
4404 * LUN allocation.
4405 *
4406 * Requirements:
4407 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4408 *   wants us to allocate the LUN and he can block.
4409 * - ctl_softc is always set
4410 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4411 *
4412 * Returns 0 for success, non-zero (errno) for failure.
4413 */
4414static int
4415ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4416	      struct ctl_be_lun *const be_lun, struct ctl_id target_id)
4417{
4418	struct ctl_lun *nlun, *lun;
4419	struct ctl_port *port;
4420	struct scsi_vpd_id_descriptor *desc;
4421	struct scsi_vpd_id_t10 *t10id;
4422	const char *eui, *naa, *scsiname, *vendor, *value;
4423	int lun_number, i, lun_malloced;
4424	int devidlen, idlen1, idlen2 = 0, len;
4425
4426	if (be_lun == NULL)
4427		return (EINVAL);
4428
4429	/*
4430	 * We currently only support Direct Access or Processor LUN types.
4431	 */
4432	switch (be_lun->lun_type) {
4433	case T_DIRECT:
4434		break;
4435	case T_PROCESSOR:
4436		break;
4437	case T_SEQUENTIAL:
4438	case T_CHANGER:
4439	default:
4440		be_lun->lun_config_status(be_lun->be_lun,
4441					  CTL_LUN_CONFIG_FAILURE);
4442		break;
4443	}
4444	if (ctl_lun == NULL) {
4445		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4446		lun_malloced = 1;
4447	} else {
4448		lun_malloced = 0;
4449		lun = ctl_lun;
4450	}
4451
4452	memset(lun, 0, sizeof(*lun));
4453	if (lun_malloced)
4454		lun->flags = CTL_LUN_MALLOCED;
4455
4456	/* Generate LUN ID. */
4457	devidlen = max(CTL_DEVID_MIN_LEN,
4458	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4459	idlen1 = sizeof(*t10id) + devidlen;
4460	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4461	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4462	if (scsiname != NULL) {
4463		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4464		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4465	}
4466	eui = ctl_get_opt(&be_lun->options, "eui");
4467	if (eui != NULL) {
4468		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4469	}
4470	naa = ctl_get_opt(&be_lun->options, "naa");
4471	if (naa != NULL) {
4472		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4473	}
4474	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4475	    M_CTL, M_WAITOK | M_ZERO);
4476	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4477	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4478	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4479	desc->length = idlen1;
4480	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4481	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4482	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4483		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4484	} else {
4485		strncpy(t10id->vendor, vendor,
4486		    min(sizeof(t10id->vendor), strlen(vendor)));
4487	}
4488	strncpy((char *)t10id->vendor_spec_id,
4489	    (char *)be_lun->device_id, devidlen);
4490	if (scsiname != NULL) {
4491		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4492		    desc->length);
4493		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4494		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4495		    SVPD_ID_TYPE_SCSI_NAME;
4496		desc->length = idlen2;
4497		strlcpy(desc->identifier, scsiname, idlen2);
4498	}
4499	if (eui != NULL) {
4500		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4501		    desc->length);
4502		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4503		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4504		    SVPD_ID_TYPE_EUI64;
4505		desc->length = hex2bin(eui, desc->identifier, 16);
4506		desc->length = desc->length > 12 ? 16 :
4507		    (desc->length > 8 ? 12 : 8);
4508		len -= 16 - desc->length;
4509	}
4510	if (naa != NULL) {
4511		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4512		    desc->length);
4513		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4514		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4515		    SVPD_ID_TYPE_NAA;
4516		desc->length = hex2bin(naa, desc->identifier, 16);
4517		desc->length = desc->length > 8 ? 16 : 8;
4518		len -= 16 - desc->length;
4519	}
4520	lun->lun_devid->len = len;
4521
4522	mtx_lock(&ctl_softc->ctl_lock);
4523	/*
4524	 * See if the caller requested a particular LUN number.  If so, see
4525	 * if it is available.  Otherwise, allocate the first available LUN.
4526	 */
4527	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4528		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4529		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4530			mtx_unlock(&ctl_softc->ctl_lock);
4531			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4532				printf("ctl: requested LUN ID %d is higher "
4533				       "than CTL_MAX_LUNS - 1 (%d)\n",
4534				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4535			} else {
4536				/*
4537				 * XXX KDM return an error, or just assign
4538				 * another LUN ID in this case??
4539				 */
4540				printf("ctl: requested LUN ID %d is already "
4541				       "in use\n", be_lun->req_lun_id);
4542			}
4543			if (lun->flags & CTL_LUN_MALLOCED)
4544				free(lun, M_CTL);
4545			be_lun->lun_config_status(be_lun->be_lun,
4546						  CTL_LUN_CONFIG_FAILURE);
4547			return (ENOSPC);
4548		}
4549		lun_number = be_lun->req_lun_id;
4550	} else {
4551		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4552		if (lun_number == -1) {
4553			mtx_unlock(&ctl_softc->ctl_lock);
4554			printf("ctl: can't allocate LUN on target %ju, out of "
4555			       "LUNs\n", (uintmax_t)target_id.id);
4556			if (lun->flags & CTL_LUN_MALLOCED)
4557				free(lun, M_CTL);
4558			be_lun->lun_config_status(be_lun->be_lun,
4559						  CTL_LUN_CONFIG_FAILURE);
4560			return (ENOSPC);
4561		}
4562	}
4563	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4564
4565	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4566	lun->target = target_id;
4567	lun->lun = lun_number;
4568	lun->be_lun = be_lun;
4569	/*
4570	 * The processor LUN is always enabled.  Disk LUNs come on line
4571	 * disabled, and must be enabled by the backend.
4572	 */
4573	lun->flags |= CTL_LUN_DISABLED;
4574	lun->backend = be_lun->be;
4575	be_lun->ctl_lun = lun;
4576	be_lun->lun_id = lun_number;
4577	atomic_add_int(&be_lun->be->num_luns, 1);
4578	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4579		lun->flags |= CTL_LUN_OFFLINE;
4580
4581	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4582		lun->flags |= CTL_LUN_STOPPED;
4583
4584	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4585		lun->flags |= CTL_LUN_INOPERABLE;
4586
4587	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4588		lun->flags |= CTL_LUN_PRIMARY_SC;
4589
4590	value = ctl_get_opt(&be_lun->options, "readonly");
4591	if (value != NULL && strcmp(value, "on") == 0)
4592		lun->flags |= CTL_LUN_READONLY;
4593
4594	lun->ctl_softc = ctl_softc;
4595	TAILQ_INIT(&lun->ooa_queue);
4596	TAILQ_INIT(&lun->blocked_queue);
4597	STAILQ_INIT(&lun->error_list);
4598	ctl_tpc_lun_init(lun);
4599
4600	/*
4601	 * Initialize the mode and log page index.
4602	 */
4603	ctl_init_page_index(lun);
4604	ctl_init_log_page_index(lun);
4605
4606	/*
4607	 * Now, before we insert this lun on the lun list, set the lun
4608	 * inventory changed UA for all other luns.
4609	 */
4610	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4611		mtx_lock(&nlun->lun_lock);
4612		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4613		mtx_unlock(&nlun->lun_lock);
4614	}
4615
4616	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4617
4618	ctl_softc->ctl_luns[lun_number] = lun;
4619
4620	ctl_softc->num_luns++;
4621
4622	/* Setup statistics gathering */
4623	lun->stats.device_type = be_lun->lun_type;
4624	lun->stats.lun_number = lun_number;
4625	if (lun->stats.device_type == T_DIRECT)
4626		lun->stats.blocksize = be_lun->blocksize;
4627	else
4628		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4629	for (i = 0;i < CTL_MAX_PORTS;i++)
4630		lun->stats.ports[i].targ_port = i;
4631
4632	mtx_unlock(&ctl_softc->ctl_lock);
4633
4634	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4635
4636	/*
4637	 * Run through each registered FETD and bring it online if it isn't
4638	 * already.  Enable the target ID if it hasn't been enabled, and
4639	 * enable this particular LUN.
4640	 */
4641	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4642		int retval;
4643
4644		retval = port->lun_enable(port->targ_lun_arg, target_id,lun_number);
4645		if (retval != 0) {
4646			printf("ctl_alloc_lun: FETD %s port %d returned error "
4647			       "%d for lun_enable on target %ju lun %d\n",
4648			       port->port_name, port->targ_port, retval,
4649			       (uintmax_t)target_id.id, lun_number);
4650		} else
4651			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4652	}
4653	return (0);
4654}
4655
4656/*
4657 * Delete a LUN.
4658 * Assumptions:
4659 * - LUN has already been marked invalid and any pending I/O has been taken
4660 *   care of.
4661 */
4662static int
4663ctl_free_lun(struct ctl_lun *lun)
4664{
4665	struct ctl_softc *softc;
4666#if 0
4667	struct ctl_port *port;
4668#endif
4669	struct ctl_lun *nlun;
4670	int i;
4671
4672	softc = lun->ctl_softc;
4673
4674	mtx_assert(&softc->ctl_lock, MA_OWNED);
4675
4676	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4677
4678	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4679
4680	softc->ctl_luns[lun->lun] = NULL;
4681
4682	if (!TAILQ_EMPTY(&lun->ooa_queue))
4683		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4684
4685	softc->num_luns--;
4686
4687	/*
4688	 * XXX KDM this scheme only works for a single target/multiple LUN
4689	 * setup.  It needs to be revamped for a multiple target scheme.
4690	 *
4691	 * XXX KDM this results in port->lun_disable() getting called twice,
4692	 * once when ctl_disable_lun() is called, and a second time here.
4693	 * We really need to re-think the LUN disable semantics.  There
4694	 * should probably be several steps/levels to LUN removal:
4695	 *  - disable
4696	 *  - invalidate
4697	 *  - free
4698 	 *
4699	 * Right now we only have a disable method when communicating to
4700	 * the front end ports, at least for individual LUNs.
4701	 */
4702#if 0
4703	STAILQ_FOREACH(port, &softc->port_list, links) {
4704		int retval;
4705
4706		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4707					 lun->lun);
4708		if (retval != 0) {
4709			printf("ctl_free_lun: FETD %s port %d returned error "
4710			       "%d for lun_disable on target %ju lun %jd\n",
4711			       port->port_name, port->targ_port, retval,
4712			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4713		}
4714
4715		if (STAILQ_FIRST(&softc->lun_list) == NULL) {
4716			port->status &= ~CTL_PORT_STATUS_LUN_ONLINE;
4717
4718			retval = port->targ_disable(port->targ_lun_arg,lun->target);
4719			if (retval != 0) {
4720				printf("ctl_free_lun: FETD %s port %d "
4721				       "returned error %d for targ_disable on "
4722				       "target %ju\n", port->port_name,
4723				       port->targ_port, retval,
4724				       (uintmax_t)lun->target.id);
4725			} else
4726				port->status &= ~CTL_PORT_STATUS_TARG_ONLINE;
4727
4728			if ((port->status & CTL_PORT_STATUS_TARG_ONLINE) != 0)
4729				continue;
4730
4731#if 0
4732			port->port_offline(port->onoff_arg);
4733			port->status &= ~CTL_PORT_STATUS_ONLINE;
4734#endif
4735		}
4736	}
4737#endif
4738
4739	/*
4740	 * Tell the backend to free resources, if this LUN has a backend.
4741	 */
4742	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4743	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4744
4745	ctl_tpc_lun_shutdown(lun);
4746	mtx_destroy(&lun->lun_lock);
4747	free(lun->lun_devid, M_CTL);
4748	for (i = 0; i < CTL_MAX_PORTS; i++)
4749		free(lun->pending_ua[i], M_CTL);
4750	for (i = 0; i < 2 * CTL_MAX_PORTS; i++)
4751		free(lun->pr_keys[i], M_CTL);
4752	free(lun->write_buffer, M_CTL);
4753	if (lun->flags & CTL_LUN_MALLOCED)
4754		free(lun, M_CTL);
4755
4756	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4757		mtx_lock(&nlun->lun_lock);
4758		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4759		mtx_unlock(&nlun->lun_lock);
4760	}
4761
4762	return (0);
4763}
4764
4765static void
4766ctl_create_lun(struct ctl_be_lun *be_lun)
4767{
4768	struct ctl_softc *ctl_softc;
4769
4770	ctl_softc = control_softc;
4771
4772	/*
4773	 * ctl_alloc_lun() should handle all potential failure cases.
4774	 */
4775	ctl_alloc_lun(ctl_softc, NULL, be_lun, ctl_softc->target);
4776}
4777
4778int
4779ctl_add_lun(struct ctl_be_lun *be_lun)
4780{
4781	struct ctl_softc *ctl_softc = control_softc;
4782
4783	mtx_lock(&ctl_softc->ctl_lock);
4784	STAILQ_INSERT_TAIL(&ctl_softc->pending_lun_queue, be_lun, links);
4785	mtx_unlock(&ctl_softc->ctl_lock);
4786	wakeup(&ctl_softc->pending_lun_queue);
4787
4788	return (0);
4789}
4790
4791int
4792ctl_enable_lun(struct ctl_be_lun *be_lun)
4793{
4794	struct ctl_softc *ctl_softc;
4795	struct ctl_port *port, *nport;
4796	struct ctl_lun *lun;
4797	int retval;
4798
4799	ctl_softc = control_softc;
4800
4801	lun = (struct ctl_lun *)be_lun->ctl_lun;
4802
4803	mtx_lock(&ctl_softc->ctl_lock);
4804	mtx_lock(&lun->lun_lock);
4805	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4806		/*
4807		 * eh?  Why did we get called if the LUN is already
4808		 * enabled?
4809		 */
4810		mtx_unlock(&lun->lun_lock);
4811		mtx_unlock(&ctl_softc->ctl_lock);
4812		return (0);
4813	}
4814	lun->flags &= ~CTL_LUN_DISABLED;
4815	mtx_unlock(&lun->lun_lock);
4816
4817	for (port = STAILQ_FIRST(&ctl_softc->port_list); port != NULL; port = nport) {
4818		nport = STAILQ_NEXT(port, links);
4819
4820		/*
4821		 * Drop the lock while we call the FETD's enable routine.
4822		 * This can lead to a callback into CTL (at least in the
4823		 * case of the internal initiator frontend.
4824		 */
4825		mtx_unlock(&ctl_softc->ctl_lock);
4826		retval = port->lun_enable(port->targ_lun_arg, lun->target,lun->lun);
4827		mtx_lock(&ctl_softc->ctl_lock);
4828		if (retval != 0) {
4829			printf("%s: FETD %s port %d returned error "
4830			       "%d for lun_enable on target %ju lun %jd\n",
4831			       __func__, port->port_name, port->targ_port, retval,
4832			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4833		}
4834#if 0
4835		 else {
4836            /* NOTE:  TODO:  why does lun enable affect port status? */
4837			port->status |= CTL_PORT_STATUS_LUN_ONLINE;
4838		}
4839#endif
4840	}
4841
4842	mtx_unlock(&ctl_softc->ctl_lock);
4843
4844	return (0);
4845}
4846
4847int
4848ctl_disable_lun(struct ctl_be_lun *be_lun)
4849{
4850	struct ctl_softc *ctl_softc;
4851	struct ctl_port *port;
4852	struct ctl_lun *lun;
4853	int retval;
4854
4855	ctl_softc = control_softc;
4856
4857	lun = (struct ctl_lun *)be_lun->ctl_lun;
4858
4859	mtx_lock(&ctl_softc->ctl_lock);
4860	mtx_lock(&lun->lun_lock);
4861	if (lun->flags & CTL_LUN_DISABLED) {
4862		mtx_unlock(&lun->lun_lock);
4863		mtx_unlock(&ctl_softc->ctl_lock);
4864		return (0);
4865	}
4866	lun->flags |= CTL_LUN_DISABLED;
4867	mtx_unlock(&lun->lun_lock);
4868
4869	STAILQ_FOREACH(port, &ctl_softc->port_list, links) {
4870		mtx_unlock(&ctl_softc->ctl_lock);
4871		/*
4872		 * Drop the lock before we call the frontend's disable
4873		 * routine, to avoid lock order reversals.
4874		 *
4875		 * XXX KDM what happens if the frontend list changes while
4876		 * we're traversing it?  It's unlikely, but should be handled.
4877		 */
4878		retval = port->lun_disable(port->targ_lun_arg, lun->target,
4879					 lun->lun);
4880		mtx_lock(&ctl_softc->ctl_lock);
4881		if (retval != 0) {
4882			printf("ctl_alloc_lun: FETD %s port %d returned error "
4883			       "%d for lun_disable on target %ju lun %jd\n",
4884			       port->port_name, port->targ_port, retval,
4885			       (uintmax_t)lun->target.id, (intmax_t)lun->lun);
4886		}
4887	}
4888
4889	mtx_unlock(&ctl_softc->ctl_lock);
4890
4891	return (0);
4892}
4893
4894int
4895ctl_start_lun(struct ctl_be_lun *be_lun)
4896{
4897	struct ctl_softc *ctl_softc;
4898	struct ctl_lun *lun;
4899
4900	ctl_softc = control_softc;
4901
4902	lun = (struct ctl_lun *)be_lun->ctl_lun;
4903
4904	mtx_lock(&lun->lun_lock);
4905	lun->flags &= ~CTL_LUN_STOPPED;
4906	mtx_unlock(&lun->lun_lock);
4907
4908	return (0);
4909}
4910
4911int
4912ctl_stop_lun(struct ctl_be_lun *be_lun)
4913{
4914	struct ctl_softc *ctl_softc;
4915	struct ctl_lun *lun;
4916
4917	ctl_softc = control_softc;
4918
4919	lun = (struct ctl_lun *)be_lun->ctl_lun;
4920
4921	mtx_lock(&lun->lun_lock);
4922	lun->flags |= CTL_LUN_STOPPED;
4923	mtx_unlock(&lun->lun_lock);
4924
4925	return (0);
4926}
4927
4928int
4929ctl_lun_offline(struct ctl_be_lun *be_lun)
4930{
4931	struct ctl_softc *ctl_softc;
4932	struct ctl_lun *lun;
4933
4934	ctl_softc = control_softc;
4935
4936	lun = (struct ctl_lun *)be_lun->ctl_lun;
4937
4938	mtx_lock(&lun->lun_lock);
4939	lun->flags |= CTL_LUN_OFFLINE;
4940	mtx_unlock(&lun->lun_lock);
4941
4942	return (0);
4943}
4944
4945int
4946ctl_lun_online(struct ctl_be_lun *be_lun)
4947{
4948	struct ctl_softc *ctl_softc;
4949	struct ctl_lun *lun;
4950
4951	ctl_softc = control_softc;
4952
4953	lun = (struct ctl_lun *)be_lun->ctl_lun;
4954
4955	mtx_lock(&lun->lun_lock);
4956	lun->flags &= ~CTL_LUN_OFFLINE;
4957	mtx_unlock(&lun->lun_lock);
4958
4959	return (0);
4960}
4961
4962int
4963ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4964{
4965	struct ctl_softc *ctl_softc;
4966	struct ctl_lun *lun;
4967
4968	ctl_softc = control_softc;
4969
4970	lun = (struct ctl_lun *)be_lun->ctl_lun;
4971
4972	mtx_lock(&lun->lun_lock);
4973
4974	/*
4975	 * The LUN needs to be disabled before it can be marked invalid.
4976	 */
4977	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4978		mtx_unlock(&lun->lun_lock);
4979		return (-1);
4980	}
4981	/*
4982	 * Mark the LUN invalid.
4983	 */
4984	lun->flags |= CTL_LUN_INVALID;
4985
4986	/*
4987	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4988	 * If we have something in the OOA queue, we'll free it when the
4989	 * last I/O completes.
4990	 */
4991	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4992		mtx_unlock(&lun->lun_lock);
4993		mtx_lock(&ctl_softc->ctl_lock);
4994		ctl_free_lun(lun);
4995		mtx_unlock(&ctl_softc->ctl_lock);
4996	} else
4997		mtx_unlock(&lun->lun_lock);
4998
4999	return (0);
5000}
5001
5002int
5003ctl_lun_inoperable(struct ctl_be_lun *be_lun)
5004{
5005	struct ctl_softc *ctl_softc;
5006	struct ctl_lun *lun;
5007
5008	ctl_softc = control_softc;
5009	lun = (struct ctl_lun *)be_lun->ctl_lun;
5010
5011	mtx_lock(&lun->lun_lock);
5012	lun->flags |= CTL_LUN_INOPERABLE;
5013	mtx_unlock(&lun->lun_lock);
5014
5015	return (0);
5016}
5017
5018int
5019ctl_lun_operable(struct ctl_be_lun *be_lun)
5020{
5021	struct ctl_softc *ctl_softc;
5022	struct ctl_lun *lun;
5023
5024	ctl_softc = control_softc;
5025	lun = (struct ctl_lun *)be_lun->ctl_lun;
5026
5027	mtx_lock(&lun->lun_lock);
5028	lun->flags &= ~CTL_LUN_INOPERABLE;
5029	mtx_unlock(&lun->lun_lock);
5030
5031	return (0);
5032}
5033
5034void
5035ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5036{
5037	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5038
5039	mtx_lock(&lun->lun_lock);
5040	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
5041	mtx_unlock(&lun->lun_lock);
5042}
5043
5044/*
5045 * Backend "memory move is complete" callback for requests that never
5046 * make it down to say RAIDCore's configuration code.
5047 */
5048int
5049ctl_config_move_done(union ctl_io *io)
5050{
5051	int retval;
5052
5053	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5054	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
5055	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
5056
5057	if ((io->io_hdr.port_status != 0) &&
5058	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5059	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5060		/*
5061		 * For hardware error sense keys, the sense key
5062		 * specific value is defined to be a retry count,
5063		 * but we use it to pass back an internal FETD
5064		 * error code.  XXX KDM  Hopefully the FETD is only
5065		 * using 16 bits for an error code, since that's
5066		 * all the space we have in the sks field.
5067		 */
5068		ctl_set_internal_failure(&io->scsiio,
5069					 /*sks_valid*/ 1,
5070					 /*retry_count*/
5071					 io->io_hdr.port_status);
5072	}
5073
5074	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
5075	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5076	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
5077	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5078		/*
5079		 * XXX KDM just assuming a single pointer here, and not a
5080		 * S/G list.  If we start using S/G lists for config data,
5081		 * we'll need to know how to clean them up here as well.
5082		 */
5083		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5084			free(io->scsiio.kern_data_ptr, M_CTL);
5085		ctl_done(io);
5086		retval = CTL_RETVAL_COMPLETE;
5087	} else {
5088		/*
5089		 * XXX KDM now we need to continue data movement.  Some
5090		 * options:
5091		 * - call ctl_scsiio() again?  We don't do this for data
5092		 *   writes, because for those at least we know ahead of
5093		 *   time where the write will go and how long it is.  For
5094		 *   config writes, though, that information is largely
5095		 *   contained within the write itself, thus we need to
5096		 *   parse out the data again.
5097		 *
5098		 * - Call some other function once the data is in?
5099		 */
5100		if (ctl_debug & CTL_DEBUG_CDB_DATA)
5101			ctl_data_print(io);
5102
5103		/*
5104		 * XXX KDM call ctl_scsiio() again for now, and check flag
5105		 * bits to see whether we're allocated or not.
5106		 */
5107		retval = ctl_scsiio(&io->scsiio);
5108	}
5109	return (retval);
5110}
5111
5112/*
5113 * This gets called by a backend driver when it is done with a
5114 * data_submit method.
5115 */
5116void
5117ctl_data_submit_done(union ctl_io *io)
5118{
5119	/*
5120	 * If the IO_CONT flag is set, we need to call the supplied
5121	 * function to continue processing the I/O, instead of completing
5122	 * the I/O just yet.
5123	 *
5124	 * If there is an error, though, we don't want to keep processing.
5125	 * Instead, just send status back to the initiator.
5126	 */
5127	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5128	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5129	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5130	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5131		io->scsiio.io_cont(io);
5132		return;
5133	}
5134	ctl_done(io);
5135}
5136
5137/*
5138 * This gets called by a backend driver when it is done with a
5139 * configuration write.
5140 */
5141void
5142ctl_config_write_done(union ctl_io *io)
5143{
5144	uint8_t *buf;
5145
5146	/*
5147	 * If the IO_CONT flag is set, we need to call the supplied
5148	 * function to continue processing the I/O, instead of completing
5149	 * the I/O just yet.
5150	 *
5151	 * If there is an error, though, we don't want to keep processing.
5152	 * Instead, just send status back to the initiator.
5153	 */
5154	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5155	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5156	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5157	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5158		io->scsiio.io_cont(io);
5159		return;
5160	}
5161	/*
5162	 * Since a configuration write can be done for commands that actually
5163	 * have data allocated, like write buffer, and commands that have
5164	 * no data, like start/stop unit, we need to check here.
5165	 */
5166	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5167		buf = io->scsiio.kern_data_ptr;
5168	else
5169		buf = NULL;
5170	ctl_done(io);
5171	if (buf)
5172		free(buf, M_CTL);
5173}
5174
5175void
5176ctl_config_read_done(union ctl_io *io)
5177{
5178	uint8_t *buf;
5179
5180	/*
5181	 * If there is some error -- we are done, skip data transfer.
5182	 */
5183	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5184	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5185	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5186		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5187			buf = io->scsiio.kern_data_ptr;
5188		else
5189			buf = NULL;
5190		ctl_done(io);
5191		if (buf)
5192			free(buf, M_CTL);
5193		return;
5194	}
5195
5196	/*
5197	 * If the IO_CONT flag is set, we need to call the supplied
5198	 * function to continue processing the I/O, instead of completing
5199	 * the I/O just yet.
5200	 */
5201	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5202		io->scsiio.io_cont(io);
5203		return;
5204	}
5205
5206	ctl_datamove(io);
5207}
5208
5209/*
5210 * SCSI release command.
5211 */
5212int
5213ctl_scsi_release(struct ctl_scsiio *ctsio)
5214{
5215	int length, longid, thirdparty_id, resv_id;
5216	struct ctl_softc *ctl_softc;
5217	struct ctl_lun *lun;
5218	uint32_t residx;
5219
5220	length = 0;
5221	resv_id = 0;
5222
5223	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5224
5225	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5226	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5227	ctl_softc = control_softc;
5228
5229	switch (ctsio->cdb[0]) {
5230	case RELEASE_10: {
5231		struct scsi_release_10 *cdb;
5232
5233		cdb = (struct scsi_release_10 *)ctsio->cdb;
5234
5235		if (cdb->byte2 & SR10_LONGID)
5236			longid = 1;
5237		else
5238			thirdparty_id = cdb->thirdparty_id;
5239
5240		resv_id = cdb->resv_id;
5241		length = scsi_2btoul(cdb->length);
5242		break;
5243	}
5244	}
5245
5246
5247	/*
5248	 * XXX KDM right now, we only support LUN reservation.  We don't
5249	 * support 3rd party reservations, or extent reservations, which
5250	 * might actually need the parameter list.  If we've gotten this
5251	 * far, we've got a LUN reservation.  Anything else got kicked out
5252	 * above.  So, according to SPC, ignore the length.
5253	 */
5254	length = 0;
5255
5256	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5257	 && (length > 0)) {
5258		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5259		ctsio->kern_data_len = length;
5260		ctsio->kern_total_len = length;
5261		ctsio->kern_data_resid = 0;
5262		ctsio->kern_rel_offset = 0;
5263		ctsio->kern_sg_entries = 0;
5264		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5265		ctsio->be_move_done = ctl_config_move_done;
5266		ctl_datamove((union ctl_io *)ctsio);
5267
5268		return (CTL_RETVAL_COMPLETE);
5269	}
5270
5271	if (length > 0)
5272		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5273
5274	mtx_lock(&lun->lun_lock);
5275
5276	/*
5277	 * According to SPC, it is not an error for an intiator to attempt
5278	 * to release a reservation on a LUN that isn't reserved, or that
5279	 * is reserved by another initiator.  The reservation can only be
5280	 * released, though, by the initiator who made it or by one of
5281	 * several reset type events.
5282	 */
5283	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5284			lun->flags &= ~CTL_LUN_RESERVED;
5285
5286	mtx_unlock(&lun->lun_lock);
5287
5288	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5289		free(ctsio->kern_data_ptr, M_CTL);
5290		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5291	}
5292
5293	ctl_set_success(ctsio);
5294	ctl_done((union ctl_io *)ctsio);
5295	return (CTL_RETVAL_COMPLETE);
5296}
5297
5298int
5299ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5300{
5301	int extent, thirdparty, longid;
5302	int resv_id, length;
5303	uint64_t thirdparty_id;
5304	struct ctl_softc *ctl_softc;
5305	struct ctl_lun *lun;
5306	uint32_t residx;
5307
5308	extent = 0;
5309	thirdparty = 0;
5310	longid = 0;
5311	resv_id = 0;
5312	length = 0;
5313	thirdparty_id = 0;
5314
5315	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5316
5317	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5318	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5319	ctl_softc = control_softc;
5320
5321	switch (ctsio->cdb[0]) {
5322	case RESERVE_10: {
5323		struct scsi_reserve_10 *cdb;
5324
5325		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5326
5327		if (cdb->byte2 & SR10_LONGID)
5328			longid = 1;
5329		else
5330			thirdparty_id = cdb->thirdparty_id;
5331
5332		resv_id = cdb->resv_id;
5333		length = scsi_2btoul(cdb->length);
5334		break;
5335	}
5336	}
5337
5338	/*
5339	 * XXX KDM right now, we only support LUN reservation.  We don't
5340	 * support 3rd party reservations, or extent reservations, which
5341	 * might actually need the parameter list.  If we've gotten this
5342	 * far, we've got a LUN reservation.  Anything else got kicked out
5343	 * above.  So, according to SPC, ignore the length.
5344	 */
5345	length = 0;
5346
5347	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5348	 && (length > 0)) {
5349		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5350		ctsio->kern_data_len = length;
5351		ctsio->kern_total_len = length;
5352		ctsio->kern_data_resid = 0;
5353		ctsio->kern_rel_offset = 0;
5354		ctsio->kern_sg_entries = 0;
5355		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5356		ctsio->be_move_done = ctl_config_move_done;
5357		ctl_datamove((union ctl_io *)ctsio);
5358
5359		return (CTL_RETVAL_COMPLETE);
5360	}
5361
5362	if (length > 0)
5363		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5364
5365	mtx_lock(&lun->lun_lock);
5366	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5367		ctl_set_reservation_conflict(ctsio);
5368		goto bailout;
5369	}
5370
5371	lun->flags |= CTL_LUN_RESERVED;
5372	lun->res_idx = residx;
5373
5374	ctl_set_success(ctsio);
5375
5376bailout:
5377	mtx_unlock(&lun->lun_lock);
5378
5379	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5380		free(ctsio->kern_data_ptr, M_CTL);
5381		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5382	}
5383
5384	ctl_done((union ctl_io *)ctsio);
5385	return (CTL_RETVAL_COMPLETE);
5386}
5387
5388int
5389ctl_start_stop(struct ctl_scsiio *ctsio)
5390{
5391	struct scsi_start_stop_unit *cdb;
5392	struct ctl_lun *lun;
5393	struct ctl_softc *ctl_softc;
5394	int retval;
5395
5396	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5397
5398	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5399	ctl_softc = control_softc;
5400	retval = 0;
5401
5402	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5403
5404	/*
5405	 * XXX KDM
5406	 * We don't support the immediate bit on a stop unit.  In order to
5407	 * do that, we would need to code up a way to know that a stop is
5408	 * pending, and hold off any new commands until it completes, one
5409	 * way or another.  Then we could accept or reject those commands
5410	 * depending on its status.  We would almost need to do the reverse
5411	 * of what we do below for an immediate start -- return the copy of
5412	 * the ctl_io to the FETD with status to send to the host (and to
5413	 * free the copy!) and then free the original I/O once the stop
5414	 * actually completes.  That way, the OOA queue mechanism can work
5415	 * to block commands that shouldn't proceed.  Another alternative
5416	 * would be to put the copy in the queue in place of the original,
5417	 * and return the original back to the caller.  That could be
5418	 * slightly safer..
5419	 */
5420	if ((cdb->byte2 & SSS_IMMED)
5421	 && ((cdb->how & SSS_START) == 0)) {
5422		ctl_set_invalid_field(ctsio,
5423				      /*sks_valid*/ 1,
5424				      /*command*/ 1,
5425				      /*field*/ 1,
5426				      /*bit_valid*/ 1,
5427				      /*bit*/ 0);
5428		ctl_done((union ctl_io *)ctsio);
5429		return (CTL_RETVAL_COMPLETE);
5430	}
5431
5432	if ((lun->flags & CTL_LUN_PR_RESERVED)
5433	 && ((cdb->how & SSS_START)==0)) {
5434		uint32_t residx;
5435
5436		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
5437		if (ctl_get_prkey(lun, residx) == 0
5438		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5439
5440			ctl_set_reservation_conflict(ctsio);
5441			ctl_done((union ctl_io *)ctsio);
5442			return (CTL_RETVAL_COMPLETE);
5443		}
5444	}
5445
5446	/*
5447	 * If there is no backend on this device, we can't start or stop
5448	 * it.  In theory we shouldn't get any start/stop commands in the
5449	 * first place at this level if the LUN doesn't have a backend.
5450	 * That should get stopped by the command decode code.
5451	 */
5452	if (lun->backend == NULL) {
5453		ctl_set_invalid_opcode(ctsio);
5454		ctl_done((union ctl_io *)ctsio);
5455		return (CTL_RETVAL_COMPLETE);
5456	}
5457
5458	/*
5459	 * XXX KDM Copan-specific offline behavior.
5460	 * Figure out a reasonable way to port this?
5461	 */
5462#ifdef NEEDTOPORT
5463	mtx_lock(&lun->lun_lock);
5464
5465	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5466	 && (lun->flags & CTL_LUN_OFFLINE)) {
5467		/*
5468		 * If the LUN is offline, and the on/offline bit isn't set,
5469		 * reject the start or stop.  Otherwise, let it through.
5470		 */
5471		mtx_unlock(&lun->lun_lock);
5472		ctl_set_lun_not_ready(ctsio);
5473		ctl_done((union ctl_io *)ctsio);
5474	} else {
5475		mtx_unlock(&lun->lun_lock);
5476#endif /* NEEDTOPORT */
5477		/*
5478		 * This could be a start or a stop when we're online,
5479		 * or a stop/offline or start/online.  A start or stop when
5480		 * we're offline is covered in the case above.
5481		 */
5482		/*
5483		 * In the non-immediate case, we send the request to
5484		 * the backend and return status to the user when
5485		 * it is done.
5486		 *
5487		 * In the immediate case, we allocate a new ctl_io
5488		 * to hold a copy of the request, and send that to
5489		 * the backend.  We then set good status on the
5490		 * user's request and return it immediately.
5491		 */
5492		if (cdb->byte2 & SSS_IMMED) {
5493			union ctl_io *new_io;
5494
5495			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5496			ctl_copy_io((union ctl_io *)ctsio, new_io);
5497			retval = lun->backend->config_write(new_io);
5498			ctl_set_success(ctsio);
5499			ctl_done((union ctl_io *)ctsio);
5500		} else {
5501			retval = lun->backend->config_write(
5502				(union ctl_io *)ctsio);
5503		}
5504#ifdef NEEDTOPORT
5505	}
5506#endif
5507	return (retval);
5508}
5509
5510/*
5511 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5512 * we don't really do anything with the LBA and length fields if the user
5513 * passes them in.  Instead we'll just flush out the cache for the entire
5514 * LUN.
5515 */
5516int
5517ctl_sync_cache(struct ctl_scsiio *ctsio)
5518{
5519	struct ctl_lun *lun;
5520	struct ctl_softc *ctl_softc;
5521	uint64_t starting_lba;
5522	uint32_t block_count;
5523	int retval;
5524
5525	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5526
5527	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5528	ctl_softc = control_softc;
5529	retval = 0;
5530
5531	switch (ctsio->cdb[0]) {
5532	case SYNCHRONIZE_CACHE: {
5533		struct scsi_sync_cache *cdb;
5534		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5535
5536		starting_lba = scsi_4btoul(cdb->begin_lba);
5537		block_count = scsi_2btoul(cdb->lb_count);
5538		break;
5539	}
5540	case SYNCHRONIZE_CACHE_16: {
5541		struct scsi_sync_cache_16 *cdb;
5542		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5543
5544		starting_lba = scsi_8btou64(cdb->begin_lba);
5545		block_count = scsi_4btoul(cdb->lb_count);
5546		break;
5547	}
5548	default:
5549		ctl_set_invalid_opcode(ctsio);
5550		ctl_done((union ctl_io *)ctsio);
5551		goto bailout;
5552		break; /* NOTREACHED */
5553	}
5554
5555	/*
5556	 * We check the LBA and length, but don't do anything with them.
5557	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5558	 * get flushed.  This check will just help satisfy anyone who wants
5559	 * to see an error for an out of range LBA.
5560	 */
5561	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5562		ctl_set_lba_out_of_range(ctsio);
5563		ctl_done((union ctl_io *)ctsio);
5564		goto bailout;
5565	}
5566
5567	/*
5568	 * If this LUN has no backend, we can't flush the cache anyway.
5569	 */
5570	if (lun->backend == NULL) {
5571		ctl_set_invalid_opcode(ctsio);
5572		ctl_done((union ctl_io *)ctsio);
5573		goto bailout;
5574	}
5575
5576	/*
5577	 * Check to see whether we're configured to send the SYNCHRONIZE
5578	 * CACHE command directly to the back end.
5579	 */
5580	mtx_lock(&lun->lun_lock);
5581	if ((ctl_softc->flags & CTL_FLAG_REAL_SYNC)
5582	 && (++(lun->sync_count) >= lun->sync_interval)) {
5583		lun->sync_count = 0;
5584		mtx_unlock(&lun->lun_lock);
5585		retval = lun->backend->config_write((union ctl_io *)ctsio);
5586	} else {
5587		mtx_unlock(&lun->lun_lock);
5588		ctl_set_success(ctsio);
5589		ctl_done((union ctl_io *)ctsio);
5590	}
5591
5592bailout:
5593
5594	return (retval);
5595}
5596
5597int
5598ctl_format(struct ctl_scsiio *ctsio)
5599{
5600	struct scsi_format *cdb;
5601	struct ctl_lun *lun;
5602	struct ctl_softc *ctl_softc;
5603	int length, defect_list_len;
5604
5605	CTL_DEBUG_PRINT(("ctl_format\n"));
5606
5607	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5608	ctl_softc = control_softc;
5609
5610	cdb = (struct scsi_format *)ctsio->cdb;
5611
5612	length = 0;
5613	if (cdb->byte2 & SF_FMTDATA) {
5614		if (cdb->byte2 & SF_LONGLIST)
5615			length = sizeof(struct scsi_format_header_long);
5616		else
5617			length = sizeof(struct scsi_format_header_short);
5618	}
5619
5620	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5621	 && (length > 0)) {
5622		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5623		ctsio->kern_data_len = length;
5624		ctsio->kern_total_len = length;
5625		ctsio->kern_data_resid = 0;
5626		ctsio->kern_rel_offset = 0;
5627		ctsio->kern_sg_entries = 0;
5628		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5629		ctsio->be_move_done = ctl_config_move_done;
5630		ctl_datamove((union ctl_io *)ctsio);
5631
5632		return (CTL_RETVAL_COMPLETE);
5633	}
5634
5635	defect_list_len = 0;
5636
5637	if (cdb->byte2 & SF_FMTDATA) {
5638		if (cdb->byte2 & SF_LONGLIST) {
5639			struct scsi_format_header_long *header;
5640
5641			header = (struct scsi_format_header_long *)
5642				ctsio->kern_data_ptr;
5643
5644			defect_list_len = scsi_4btoul(header->defect_list_len);
5645			if (defect_list_len != 0) {
5646				ctl_set_invalid_field(ctsio,
5647						      /*sks_valid*/ 1,
5648						      /*command*/ 0,
5649						      /*field*/ 2,
5650						      /*bit_valid*/ 0,
5651						      /*bit*/ 0);
5652				goto bailout;
5653			}
5654		} else {
5655			struct scsi_format_header_short *header;
5656
5657			header = (struct scsi_format_header_short *)
5658				ctsio->kern_data_ptr;
5659
5660			defect_list_len = scsi_2btoul(header->defect_list_len);
5661			if (defect_list_len != 0) {
5662				ctl_set_invalid_field(ctsio,
5663						      /*sks_valid*/ 1,
5664						      /*command*/ 0,
5665						      /*field*/ 2,
5666						      /*bit_valid*/ 0,
5667						      /*bit*/ 0);
5668				goto bailout;
5669			}
5670		}
5671	}
5672
5673	/*
5674	 * The format command will clear out the "Medium format corrupted"
5675	 * status if set by the configuration code.  That status is really
5676	 * just a way to notify the host that we have lost the media, and
5677	 * get them to issue a command that will basically make them think
5678	 * they're blowing away the media.
5679	 */
5680	mtx_lock(&lun->lun_lock);
5681	lun->flags &= ~CTL_LUN_INOPERABLE;
5682	mtx_unlock(&lun->lun_lock);
5683
5684	ctl_set_success(ctsio);
5685bailout:
5686
5687	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5688		free(ctsio->kern_data_ptr, M_CTL);
5689		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5690	}
5691
5692	ctl_done((union ctl_io *)ctsio);
5693	return (CTL_RETVAL_COMPLETE);
5694}
5695
5696int
5697ctl_read_buffer(struct ctl_scsiio *ctsio)
5698{
5699	struct scsi_read_buffer *cdb;
5700	struct ctl_lun *lun;
5701	int buffer_offset, len;
5702	static uint8_t descr[4];
5703	static uint8_t echo_descr[4] = { 0 };
5704
5705	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5706
5707	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5708	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5709
5710	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5711	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5712	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5713		ctl_set_invalid_field(ctsio,
5714				      /*sks_valid*/ 1,
5715				      /*command*/ 1,
5716				      /*field*/ 1,
5717				      /*bit_valid*/ 1,
5718				      /*bit*/ 4);
5719		ctl_done((union ctl_io *)ctsio);
5720		return (CTL_RETVAL_COMPLETE);
5721	}
5722
5723	len = scsi_3btoul(cdb->length);
5724	buffer_offset = scsi_3btoul(cdb->offset);
5725
5726	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5727		ctl_set_invalid_field(ctsio,
5728				      /*sks_valid*/ 1,
5729				      /*command*/ 1,
5730				      /*field*/ 6,
5731				      /*bit_valid*/ 0,
5732				      /*bit*/ 0);
5733		ctl_done((union ctl_io *)ctsio);
5734		return (CTL_RETVAL_COMPLETE);
5735	}
5736
5737	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5738		descr[0] = 0;
5739		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5740		ctsio->kern_data_ptr = descr;
5741		len = min(len, sizeof(descr));
5742	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5743		ctsio->kern_data_ptr = echo_descr;
5744		len = min(len, sizeof(echo_descr));
5745	} else {
5746		if (lun->write_buffer == NULL) {
5747			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5748			    M_CTL, M_WAITOK);
5749		}
5750		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5751	}
5752	ctsio->kern_data_len = len;
5753	ctsio->kern_total_len = len;
5754	ctsio->kern_data_resid = 0;
5755	ctsio->kern_rel_offset = 0;
5756	ctsio->kern_sg_entries = 0;
5757	ctl_set_success(ctsio);
5758	ctsio->be_move_done = ctl_config_move_done;
5759	ctl_datamove((union ctl_io *)ctsio);
5760	return (CTL_RETVAL_COMPLETE);
5761}
5762
5763int
5764ctl_write_buffer(struct ctl_scsiio *ctsio)
5765{
5766	struct scsi_write_buffer *cdb;
5767	struct ctl_lun *lun;
5768	int buffer_offset, len;
5769
5770	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5771
5772	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5773	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5774
5775	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5776		ctl_set_invalid_field(ctsio,
5777				      /*sks_valid*/ 1,
5778				      /*command*/ 1,
5779				      /*field*/ 1,
5780				      /*bit_valid*/ 1,
5781				      /*bit*/ 4);
5782		ctl_done((union ctl_io *)ctsio);
5783		return (CTL_RETVAL_COMPLETE);
5784	}
5785
5786	len = scsi_3btoul(cdb->length);
5787	buffer_offset = scsi_3btoul(cdb->offset);
5788
5789	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5790		ctl_set_invalid_field(ctsio,
5791				      /*sks_valid*/ 1,
5792				      /*command*/ 1,
5793				      /*field*/ 6,
5794				      /*bit_valid*/ 0,
5795				      /*bit*/ 0);
5796		ctl_done((union ctl_io *)ctsio);
5797		return (CTL_RETVAL_COMPLETE);
5798	}
5799
5800	/*
5801	 * If we've got a kernel request that hasn't been malloced yet,
5802	 * malloc it and tell the caller the data buffer is here.
5803	 */
5804	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5805		if (lun->write_buffer == NULL) {
5806			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5807			    M_CTL, M_WAITOK);
5808		}
5809		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5810		ctsio->kern_data_len = len;
5811		ctsio->kern_total_len = len;
5812		ctsio->kern_data_resid = 0;
5813		ctsio->kern_rel_offset = 0;
5814		ctsio->kern_sg_entries = 0;
5815		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5816		ctsio->be_move_done = ctl_config_move_done;
5817		ctl_datamove((union ctl_io *)ctsio);
5818
5819		return (CTL_RETVAL_COMPLETE);
5820	}
5821
5822	ctl_set_success(ctsio);
5823	ctl_done((union ctl_io *)ctsio);
5824	return (CTL_RETVAL_COMPLETE);
5825}
5826
5827int
5828ctl_write_same(struct ctl_scsiio *ctsio)
5829{
5830	struct ctl_lun *lun;
5831	struct ctl_lba_len_flags *lbalen;
5832	uint64_t lba;
5833	uint32_t num_blocks;
5834	int len, retval;
5835	uint8_t byte2;
5836
5837	retval = CTL_RETVAL_COMPLETE;
5838
5839	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5840
5841	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5842
5843	switch (ctsio->cdb[0]) {
5844	case WRITE_SAME_10: {
5845		struct scsi_write_same_10 *cdb;
5846
5847		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5848
5849		lba = scsi_4btoul(cdb->addr);
5850		num_blocks = scsi_2btoul(cdb->length);
5851		byte2 = cdb->byte2;
5852		break;
5853	}
5854	case WRITE_SAME_16: {
5855		struct scsi_write_same_16 *cdb;
5856
5857		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5858
5859		lba = scsi_8btou64(cdb->addr);
5860		num_blocks = scsi_4btoul(cdb->length);
5861		byte2 = cdb->byte2;
5862		break;
5863	}
5864	default:
5865		/*
5866		 * We got a command we don't support.  This shouldn't
5867		 * happen, commands should be filtered out above us.
5868		 */
5869		ctl_set_invalid_opcode(ctsio);
5870		ctl_done((union ctl_io *)ctsio);
5871
5872		return (CTL_RETVAL_COMPLETE);
5873		break; /* NOTREACHED */
5874	}
5875
5876	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5877	if ((byte2 & SWS_UNMAP) == 0 &&
5878	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5879		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5880		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5881		ctl_done((union ctl_io *)ctsio);
5882		return (CTL_RETVAL_COMPLETE);
5883	}
5884
5885	/*
5886	 * The first check is to make sure we're in bounds, the second
5887	 * check is to catch wrap-around problems.  If the lba + num blocks
5888	 * is less than the lba, then we've wrapped around and the block
5889	 * range is invalid anyway.
5890	 */
5891	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5892	 || ((lba + num_blocks) < lba)) {
5893		ctl_set_lba_out_of_range(ctsio);
5894		ctl_done((union ctl_io *)ctsio);
5895		return (CTL_RETVAL_COMPLETE);
5896	}
5897
5898	/* Zero number of blocks means "to the last logical block" */
5899	if (num_blocks == 0) {
5900		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5901			ctl_set_invalid_field(ctsio,
5902					      /*sks_valid*/ 0,
5903					      /*command*/ 1,
5904					      /*field*/ 0,
5905					      /*bit_valid*/ 0,
5906					      /*bit*/ 0);
5907			ctl_done((union ctl_io *)ctsio);
5908			return (CTL_RETVAL_COMPLETE);
5909		}
5910		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5911	}
5912
5913	len = lun->be_lun->blocksize;
5914
5915	/*
5916	 * If we've got a kernel request that hasn't been malloced yet,
5917	 * malloc it and tell the caller the data buffer is here.
5918	 */
5919	if ((byte2 & SWS_NDOB) == 0 &&
5920	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5921		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5922		ctsio->kern_data_len = len;
5923		ctsio->kern_total_len = len;
5924		ctsio->kern_data_resid = 0;
5925		ctsio->kern_rel_offset = 0;
5926		ctsio->kern_sg_entries = 0;
5927		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5928		ctsio->be_move_done = ctl_config_move_done;
5929		ctl_datamove((union ctl_io *)ctsio);
5930
5931		return (CTL_RETVAL_COMPLETE);
5932	}
5933
5934	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5935	lbalen->lba = lba;
5936	lbalen->len = num_blocks;
5937	lbalen->flags = byte2;
5938	retval = lun->backend->config_write((union ctl_io *)ctsio);
5939
5940	return (retval);
5941}
5942
5943int
5944ctl_unmap(struct ctl_scsiio *ctsio)
5945{
5946	struct ctl_lun *lun;
5947	struct scsi_unmap *cdb;
5948	struct ctl_ptr_len_flags *ptrlen;
5949	struct scsi_unmap_header *hdr;
5950	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5951	uint64_t lba;
5952	uint32_t num_blocks;
5953	int len, retval;
5954	uint8_t byte2;
5955
5956	retval = CTL_RETVAL_COMPLETE;
5957
5958	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5959
5960	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5961	cdb = (struct scsi_unmap *)ctsio->cdb;
5962
5963	len = scsi_2btoul(cdb->length);
5964	byte2 = cdb->byte2;
5965
5966	/*
5967	 * If we've got a kernel request that hasn't been malloced yet,
5968	 * malloc it and tell the caller the data buffer is here.
5969	 */
5970	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5971		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5972		ctsio->kern_data_len = len;
5973		ctsio->kern_total_len = len;
5974		ctsio->kern_data_resid = 0;
5975		ctsio->kern_rel_offset = 0;
5976		ctsio->kern_sg_entries = 0;
5977		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5978		ctsio->be_move_done = ctl_config_move_done;
5979		ctl_datamove((union ctl_io *)ctsio);
5980
5981		return (CTL_RETVAL_COMPLETE);
5982	}
5983
5984	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5985	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5986	if (len < sizeof (*hdr) ||
5987	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5988	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5989	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5990		ctl_set_invalid_field(ctsio,
5991				      /*sks_valid*/ 0,
5992				      /*command*/ 0,
5993				      /*field*/ 0,
5994				      /*bit_valid*/ 0,
5995				      /*bit*/ 0);
5996		goto done;
5997	}
5998	len = scsi_2btoul(hdr->desc_length);
5999	buf = (struct scsi_unmap_desc *)(hdr + 1);
6000	end = buf + len / sizeof(*buf);
6001
6002	endnz = buf;
6003	for (range = buf; range < end; range++) {
6004		lba = scsi_8btou64(range->lba);
6005		num_blocks = scsi_4btoul(range->length);
6006		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
6007		 || ((lba + num_blocks) < lba)) {
6008			ctl_set_lba_out_of_range(ctsio);
6009			ctl_done((union ctl_io *)ctsio);
6010			return (CTL_RETVAL_COMPLETE);
6011		}
6012		if (num_blocks != 0)
6013			endnz = range + 1;
6014	}
6015
6016	/*
6017	 * Block backend can not handle zero last range.
6018	 * Filter it out and return if there is nothing left.
6019	 */
6020	len = (uint8_t *)endnz - (uint8_t *)buf;
6021	if (len == 0) {
6022		ctl_set_success(ctsio);
6023		goto done;
6024	}
6025
6026	mtx_lock(&lun->lun_lock);
6027	ptrlen = (struct ctl_ptr_len_flags *)
6028	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6029	ptrlen->ptr = (void *)buf;
6030	ptrlen->len = len;
6031	ptrlen->flags = byte2;
6032	ctl_check_blocked(lun);
6033	mtx_unlock(&lun->lun_lock);
6034
6035	retval = lun->backend->config_write((union ctl_io *)ctsio);
6036	return (retval);
6037
6038done:
6039	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
6040		free(ctsio->kern_data_ptr, M_CTL);
6041		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
6042	}
6043	ctl_done((union ctl_io *)ctsio);
6044	return (CTL_RETVAL_COMPLETE);
6045}
6046
6047/*
6048 * Note that this function currently doesn't actually do anything inside
6049 * CTL to enforce things if the DQue bit is turned on.
6050 *
6051 * Also note that this function can't be used in the default case, because
6052 * the DQue bit isn't set in the changeable mask for the control mode page
6053 * anyway.  This is just here as an example for how to implement a page
6054 * handler, and a placeholder in case we want to allow the user to turn
6055 * tagged queueing on and off.
6056 *
6057 * The D_SENSE bit handling is functional, however, and will turn
6058 * descriptor sense on and off for a given LUN.
6059 */
6060int
6061ctl_control_page_handler(struct ctl_scsiio *ctsio,
6062			 struct ctl_page_index *page_index, uint8_t *page_ptr)
6063{
6064	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
6065	struct ctl_lun *lun;
6066	struct ctl_softc *softc;
6067	int set_ua;
6068	uint32_t initidx;
6069
6070	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6071	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6072	set_ua = 0;
6073
6074	user_cp = (struct scsi_control_page *)page_ptr;
6075	current_cp = (struct scsi_control_page *)
6076		(page_index->page_data + (page_index->page_len *
6077		CTL_PAGE_CURRENT));
6078	saved_cp = (struct scsi_control_page *)
6079		(page_index->page_data + (page_index->page_len *
6080		CTL_PAGE_SAVED));
6081
6082	softc = control_softc;
6083
6084	mtx_lock(&lun->lun_lock);
6085	if (((current_cp->rlec & SCP_DSENSE) == 0)
6086	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6087		/*
6088		 * Descriptor sense is currently turned off and the user
6089		 * wants to turn it on.
6090		 */
6091		current_cp->rlec |= SCP_DSENSE;
6092		saved_cp->rlec |= SCP_DSENSE;
6093		lun->flags |= CTL_LUN_SENSE_DESC;
6094		set_ua = 1;
6095	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6096		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6097		/*
6098		 * Descriptor sense is currently turned on, and the user
6099		 * wants to turn it off.
6100		 */
6101		current_cp->rlec &= ~SCP_DSENSE;
6102		saved_cp->rlec &= ~SCP_DSENSE;
6103		lun->flags &= ~CTL_LUN_SENSE_DESC;
6104		set_ua = 1;
6105	}
6106	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6107	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6108		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6109		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6110		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6111		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6112		set_ua = 1;
6113	}
6114	if ((current_cp->eca_and_aen & SCP_SWP) !=
6115	    (user_cp->eca_and_aen & SCP_SWP)) {
6116		current_cp->eca_and_aen &= ~SCP_SWP;
6117		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6118		saved_cp->eca_and_aen &= ~SCP_SWP;
6119		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6120		set_ua = 1;
6121	}
6122	if (set_ua != 0)
6123		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6124	mtx_unlock(&lun->lun_lock);
6125
6126	return (0);
6127}
6128
6129int
6130ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6131		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6132{
6133	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6134	struct ctl_lun *lun;
6135	int set_ua;
6136	uint32_t initidx;
6137
6138	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6139	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6140	set_ua = 0;
6141
6142	user_cp = (struct scsi_caching_page *)page_ptr;
6143	current_cp = (struct scsi_caching_page *)
6144		(page_index->page_data + (page_index->page_len *
6145		CTL_PAGE_CURRENT));
6146	saved_cp = (struct scsi_caching_page *)
6147		(page_index->page_data + (page_index->page_len *
6148		CTL_PAGE_SAVED));
6149
6150	mtx_lock(&lun->lun_lock);
6151	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6152	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6153		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6154		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6155		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6156		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6157		set_ua = 1;
6158	}
6159	if (set_ua != 0)
6160		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6161	mtx_unlock(&lun->lun_lock);
6162
6163	return (0);
6164}
6165
6166int
6167ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6168				struct ctl_page_index *page_index,
6169				uint8_t *page_ptr)
6170{
6171	uint8_t *c;
6172	int i;
6173
6174	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6175	ctl_time_io_secs =
6176		(c[0] << 8) |
6177		(c[1] << 0) |
6178		0;
6179	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6180	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6181	printf("page data:");
6182	for (i=0; i<8; i++)
6183		printf(" %.2x",page_ptr[i]);
6184	printf("\n");
6185	return (0);
6186}
6187
6188int
6189ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6190			       struct ctl_page_index *page_index,
6191			       int pc)
6192{
6193	struct copan_debugconf_subpage *page;
6194
6195	page = (struct copan_debugconf_subpage *)page_index->page_data +
6196		(page_index->page_len * pc);
6197
6198	switch (pc) {
6199	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6200	case SMS_PAGE_CTRL_DEFAULT >> 6:
6201	case SMS_PAGE_CTRL_SAVED >> 6:
6202		/*
6203		 * We don't update the changable or default bits for this page.
6204		 */
6205		break;
6206	case SMS_PAGE_CTRL_CURRENT >> 6:
6207		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6208		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6209		break;
6210	default:
6211#ifdef NEEDTOPORT
6212		EPRINT(0, "Invalid PC %d!!", pc);
6213#endif /* NEEDTOPORT */
6214		break;
6215	}
6216	return (0);
6217}
6218
6219
6220static int
6221ctl_do_mode_select(union ctl_io *io)
6222{
6223	struct scsi_mode_page_header *page_header;
6224	struct ctl_page_index *page_index;
6225	struct ctl_scsiio *ctsio;
6226	int control_dev, page_len;
6227	int page_len_offset, page_len_size;
6228	union ctl_modepage_info *modepage_info;
6229	struct ctl_lun *lun;
6230	int *len_left, *len_used;
6231	int retval, i;
6232
6233	ctsio = &io->scsiio;
6234	page_index = NULL;
6235	page_len = 0;
6236	retval = CTL_RETVAL_COMPLETE;
6237
6238	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6239
6240	if (lun->be_lun->lun_type != T_DIRECT)
6241		control_dev = 1;
6242	else
6243		control_dev = 0;
6244
6245	modepage_info = (union ctl_modepage_info *)
6246		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6247	len_left = &modepage_info->header.len_left;
6248	len_used = &modepage_info->header.len_used;
6249
6250do_next_page:
6251
6252	page_header = (struct scsi_mode_page_header *)
6253		(ctsio->kern_data_ptr + *len_used);
6254
6255	if (*len_left == 0) {
6256		free(ctsio->kern_data_ptr, M_CTL);
6257		ctl_set_success(ctsio);
6258		ctl_done((union ctl_io *)ctsio);
6259		return (CTL_RETVAL_COMPLETE);
6260	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6261
6262		free(ctsio->kern_data_ptr, M_CTL);
6263		ctl_set_param_len_error(ctsio);
6264		ctl_done((union ctl_io *)ctsio);
6265		return (CTL_RETVAL_COMPLETE);
6266
6267	} else if ((page_header->page_code & SMPH_SPF)
6268		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6269
6270		free(ctsio->kern_data_ptr, M_CTL);
6271		ctl_set_param_len_error(ctsio);
6272		ctl_done((union ctl_io *)ctsio);
6273		return (CTL_RETVAL_COMPLETE);
6274	}
6275
6276
6277	/*
6278	 * XXX KDM should we do something with the block descriptor?
6279	 */
6280	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6281
6282		if ((control_dev != 0)
6283		 && (lun->mode_pages.index[i].page_flags &
6284		     CTL_PAGE_FLAG_DISK_ONLY))
6285			continue;
6286
6287		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6288		    (page_header->page_code & SMPH_PC_MASK))
6289			continue;
6290
6291		/*
6292		 * If neither page has a subpage code, then we've got a
6293		 * match.
6294		 */
6295		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6296		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6297			page_index = &lun->mode_pages.index[i];
6298			page_len = page_header->page_length;
6299			break;
6300		}
6301
6302		/*
6303		 * If both pages have subpages, then the subpage numbers
6304		 * have to match.
6305		 */
6306		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6307		  && (page_header->page_code & SMPH_SPF)) {
6308			struct scsi_mode_page_header_sp *sph;
6309
6310			sph = (struct scsi_mode_page_header_sp *)page_header;
6311
6312			if (lun->mode_pages.index[i].subpage ==
6313			    sph->subpage) {
6314				page_index = &lun->mode_pages.index[i];
6315				page_len = scsi_2btoul(sph->page_length);
6316				break;
6317			}
6318		}
6319	}
6320
6321	/*
6322	 * If we couldn't find the page, or if we don't have a mode select
6323	 * handler for it, send back an error to the user.
6324	 */
6325	if ((page_index == NULL)
6326	 || (page_index->select_handler == NULL)) {
6327		ctl_set_invalid_field(ctsio,
6328				      /*sks_valid*/ 1,
6329				      /*command*/ 0,
6330				      /*field*/ *len_used,
6331				      /*bit_valid*/ 0,
6332				      /*bit*/ 0);
6333		free(ctsio->kern_data_ptr, M_CTL);
6334		ctl_done((union ctl_io *)ctsio);
6335		return (CTL_RETVAL_COMPLETE);
6336	}
6337
6338	if (page_index->page_code & SMPH_SPF) {
6339		page_len_offset = 2;
6340		page_len_size = 2;
6341	} else {
6342		page_len_size = 1;
6343		page_len_offset = 1;
6344	}
6345
6346	/*
6347	 * If the length the initiator gives us isn't the one we specify in
6348	 * the mode page header, or if they didn't specify enough data in
6349	 * the CDB to avoid truncating this page, kick out the request.
6350	 */
6351	if ((page_len != (page_index->page_len - page_len_offset -
6352			  page_len_size))
6353	 || (*len_left < page_index->page_len)) {
6354
6355
6356		ctl_set_invalid_field(ctsio,
6357				      /*sks_valid*/ 1,
6358				      /*command*/ 0,
6359				      /*field*/ *len_used + page_len_offset,
6360				      /*bit_valid*/ 0,
6361				      /*bit*/ 0);
6362		free(ctsio->kern_data_ptr, M_CTL);
6363		ctl_done((union ctl_io *)ctsio);
6364		return (CTL_RETVAL_COMPLETE);
6365	}
6366
6367	/*
6368	 * Run through the mode page, checking to make sure that the bits
6369	 * the user changed are actually legal for him to change.
6370	 */
6371	for (i = 0; i < page_index->page_len; i++) {
6372		uint8_t *user_byte, *change_mask, *current_byte;
6373		int bad_bit;
6374		int j;
6375
6376		user_byte = (uint8_t *)page_header + i;
6377		change_mask = page_index->page_data +
6378			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6379		current_byte = page_index->page_data +
6380			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6381
6382		/*
6383		 * Check to see whether the user set any bits in this byte
6384		 * that he is not allowed to set.
6385		 */
6386		if ((*user_byte & ~(*change_mask)) ==
6387		    (*current_byte & ~(*change_mask)))
6388			continue;
6389
6390		/*
6391		 * Go through bit by bit to determine which one is illegal.
6392		 */
6393		bad_bit = 0;
6394		for (j = 7; j >= 0; j--) {
6395			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6396			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6397				bad_bit = i;
6398				break;
6399			}
6400		}
6401		ctl_set_invalid_field(ctsio,
6402				      /*sks_valid*/ 1,
6403				      /*command*/ 0,
6404				      /*field*/ *len_used + i,
6405				      /*bit_valid*/ 1,
6406				      /*bit*/ bad_bit);
6407		free(ctsio->kern_data_ptr, M_CTL);
6408		ctl_done((union ctl_io *)ctsio);
6409		return (CTL_RETVAL_COMPLETE);
6410	}
6411
6412	/*
6413	 * Decrement these before we call the page handler, since we may
6414	 * end up getting called back one way or another before the handler
6415	 * returns to this context.
6416	 */
6417	*len_left -= page_index->page_len;
6418	*len_used += page_index->page_len;
6419
6420	retval = page_index->select_handler(ctsio, page_index,
6421					    (uint8_t *)page_header);
6422
6423	/*
6424	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6425	 * wait until this queued command completes to finish processing
6426	 * the mode page.  If it returns anything other than
6427	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6428	 * already set the sense information, freed the data pointer, and
6429	 * completed the io for us.
6430	 */
6431	if (retval != CTL_RETVAL_COMPLETE)
6432		goto bailout_no_done;
6433
6434	/*
6435	 * If the initiator sent us more than one page, parse the next one.
6436	 */
6437	if (*len_left > 0)
6438		goto do_next_page;
6439
6440	ctl_set_success(ctsio);
6441	free(ctsio->kern_data_ptr, M_CTL);
6442	ctl_done((union ctl_io *)ctsio);
6443
6444bailout_no_done:
6445
6446	return (CTL_RETVAL_COMPLETE);
6447
6448}
6449
6450int
6451ctl_mode_select(struct ctl_scsiio *ctsio)
6452{
6453	int param_len, pf, sp;
6454	int header_size, bd_len;
6455	int len_left, len_used;
6456	struct ctl_page_index *page_index;
6457	struct ctl_lun *lun;
6458	int control_dev, page_len;
6459	union ctl_modepage_info *modepage_info;
6460	int retval;
6461
6462	pf = 0;
6463	sp = 0;
6464	page_len = 0;
6465	len_used = 0;
6466	len_left = 0;
6467	retval = 0;
6468	bd_len = 0;
6469	page_index = NULL;
6470
6471	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6472
6473	if (lun->be_lun->lun_type != T_DIRECT)
6474		control_dev = 1;
6475	else
6476		control_dev = 0;
6477
6478	switch (ctsio->cdb[0]) {
6479	case MODE_SELECT_6: {
6480		struct scsi_mode_select_6 *cdb;
6481
6482		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6483
6484		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6485		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6486
6487		param_len = cdb->length;
6488		header_size = sizeof(struct scsi_mode_header_6);
6489		break;
6490	}
6491	case MODE_SELECT_10: {
6492		struct scsi_mode_select_10 *cdb;
6493
6494		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6495
6496		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6497		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6498
6499		param_len = scsi_2btoul(cdb->length);
6500		header_size = sizeof(struct scsi_mode_header_10);
6501		break;
6502	}
6503	default:
6504		ctl_set_invalid_opcode(ctsio);
6505		ctl_done((union ctl_io *)ctsio);
6506		return (CTL_RETVAL_COMPLETE);
6507		break; /* NOTREACHED */
6508	}
6509
6510	/*
6511	 * From SPC-3:
6512	 * "A parameter list length of zero indicates that the Data-Out Buffer
6513	 * shall be empty. This condition shall not be considered as an error."
6514	 */
6515	if (param_len == 0) {
6516		ctl_set_success(ctsio);
6517		ctl_done((union ctl_io *)ctsio);
6518		return (CTL_RETVAL_COMPLETE);
6519	}
6520
6521	/*
6522	 * Since we'll hit this the first time through, prior to
6523	 * allocation, we don't need to free a data buffer here.
6524	 */
6525	if (param_len < header_size) {
6526		ctl_set_param_len_error(ctsio);
6527		ctl_done((union ctl_io *)ctsio);
6528		return (CTL_RETVAL_COMPLETE);
6529	}
6530
6531	/*
6532	 * Allocate the data buffer and grab the user's data.  In theory,
6533	 * we shouldn't have to sanity check the parameter list length here
6534	 * because the maximum size is 64K.  We should be able to malloc
6535	 * that much without too many problems.
6536	 */
6537	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6538		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6539		ctsio->kern_data_len = param_len;
6540		ctsio->kern_total_len = param_len;
6541		ctsio->kern_data_resid = 0;
6542		ctsio->kern_rel_offset = 0;
6543		ctsio->kern_sg_entries = 0;
6544		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6545		ctsio->be_move_done = ctl_config_move_done;
6546		ctl_datamove((union ctl_io *)ctsio);
6547
6548		return (CTL_RETVAL_COMPLETE);
6549	}
6550
6551	switch (ctsio->cdb[0]) {
6552	case MODE_SELECT_6: {
6553		struct scsi_mode_header_6 *mh6;
6554
6555		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6556		bd_len = mh6->blk_desc_len;
6557		break;
6558	}
6559	case MODE_SELECT_10: {
6560		struct scsi_mode_header_10 *mh10;
6561
6562		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6563		bd_len = scsi_2btoul(mh10->blk_desc_len);
6564		break;
6565	}
6566	default:
6567		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6568		break;
6569	}
6570
6571	if (param_len < (header_size + bd_len)) {
6572		free(ctsio->kern_data_ptr, M_CTL);
6573		ctl_set_param_len_error(ctsio);
6574		ctl_done((union ctl_io *)ctsio);
6575		return (CTL_RETVAL_COMPLETE);
6576	}
6577
6578	/*
6579	 * Set the IO_CONT flag, so that if this I/O gets passed to
6580	 * ctl_config_write_done(), it'll get passed back to
6581	 * ctl_do_mode_select() for further processing, or completion if
6582	 * we're all done.
6583	 */
6584	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6585	ctsio->io_cont = ctl_do_mode_select;
6586
6587	modepage_info = (union ctl_modepage_info *)
6588		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6589
6590	memset(modepage_info, 0, sizeof(*modepage_info));
6591
6592	len_left = param_len - header_size - bd_len;
6593	len_used = header_size + bd_len;
6594
6595	modepage_info->header.len_left = len_left;
6596	modepage_info->header.len_used = len_used;
6597
6598	return (ctl_do_mode_select((union ctl_io *)ctsio));
6599}
6600
6601int
6602ctl_mode_sense(struct ctl_scsiio *ctsio)
6603{
6604	struct ctl_lun *lun;
6605	int pc, page_code, dbd, llba, subpage;
6606	int alloc_len, page_len, header_len, total_len;
6607	struct scsi_mode_block_descr *block_desc;
6608	struct ctl_page_index *page_index;
6609	int control_dev;
6610
6611	dbd = 0;
6612	llba = 0;
6613	block_desc = NULL;
6614	page_index = NULL;
6615
6616	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6617
6618	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6619
6620	if (lun->be_lun->lun_type != T_DIRECT)
6621		control_dev = 1;
6622	else
6623		control_dev = 0;
6624
6625	switch (ctsio->cdb[0]) {
6626	case MODE_SENSE_6: {
6627		struct scsi_mode_sense_6 *cdb;
6628
6629		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6630
6631		header_len = sizeof(struct scsi_mode_hdr_6);
6632		if (cdb->byte2 & SMS_DBD)
6633			dbd = 1;
6634		else
6635			header_len += sizeof(struct scsi_mode_block_descr);
6636
6637		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6638		page_code = cdb->page & SMS_PAGE_CODE;
6639		subpage = cdb->subpage;
6640		alloc_len = cdb->length;
6641		break;
6642	}
6643	case MODE_SENSE_10: {
6644		struct scsi_mode_sense_10 *cdb;
6645
6646		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6647
6648		header_len = sizeof(struct scsi_mode_hdr_10);
6649
6650		if (cdb->byte2 & SMS_DBD)
6651			dbd = 1;
6652		else
6653			header_len += sizeof(struct scsi_mode_block_descr);
6654		if (cdb->byte2 & SMS10_LLBAA)
6655			llba = 1;
6656		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6657		page_code = cdb->page & SMS_PAGE_CODE;
6658		subpage = cdb->subpage;
6659		alloc_len = scsi_2btoul(cdb->length);
6660		break;
6661	}
6662	default:
6663		ctl_set_invalid_opcode(ctsio);
6664		ctl_done((union ctl_io *)ctsio);
6665		return (CTL_RETVAL_COMPLETE);
6666		break; /* NOTREACHED */
6667	}
6668
6669	/*
6670	 * We have to make a first pass through to calculate the size of
6671	 * the pages that match the user's query.  Then we allocate enough
6672	 * memory to hold it, and actually copy the data into the buffer.
6673	 */
6674	switch (page_code) {
6675	case SMS_ALL_PAGES_PAGE: {
6676		int i;
6677
6678		page_len = 0;
6679
6680		/*
6681		 * At the moment, values other than 0 and 0xff here are
6682		 * reserved according to SPC-3.
6683		 */
6684		if ((subpage != SMS_SUBPAGE_PAGE_0)
6685		 && (subpage != SMS_SUBPAGE_ALL)) {
6686			ctl_set_invalid_field(ctsio,
6687					      /*sks_valid*/ 1,
6688					      /*command*/ 1,
6689					      /*field*/ 3,
6690					      /*bit_valid*/ 0,
6691					      /*bit*/ 0);
6692			ctl_done((union ctl_io *)ctsio);
6693			return (CTL_RETVAL_COMPLETE);
6694		}
6695
6696		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6697			if ((control_dev != 0)
6698			 && (lun->mode_pages.index[i].page_flags &
6699			     CTL_PAGE_FLAG_DISK_ONLY))
6700				continue;
6701
6702			/*
6703			 * We don't use this subpage if the user didn't
6704			 * request all subpages.
6705			 */
6706			if ((lun->mode_pages.index[i].subpage != 0)
6707			 && (subpage == SMS_SUBPAGE_PAGE_0))
6708				continue;
6709
6710#if 0
6711			printf("found page %#x len %d\n",
6712			       lun->mode_pages.index[i].page_code &
6713			       SMPH_PC_MASK,
6714			       lun->mode_pages.index[i].page_len);
6715#endif
6716			page_len += lun->mode_pages.index[i].page_len;
6717		}
6718		break;
6719	}
6720	default: {
6721		int i;
6722
6723		page_len = 0;
6724
6725		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6726			/* Look for the right page code */
6727			if ((lun->mode_pages.index[i].page_code &
6728			     SMPH_PC_MASK) != page_code)
6729				continue;
6730
6731			/* Look for the right subpage or the subpage wildcard*/
6732			if ((lun->mode_pages.index[i].subpage != subpage)
6733			 && (subpage != SMS_SUBPAGE_ALL))
6734				continue;
6735
6736			/* Make sure the page is supported for this dev type */
6737			if ((control_dev != 0)
6738			 && (lun->mode_pages.index[i].page_flags &
6739			     CTL_PAGE_FLAG_DISK_ONLY))
6740				continue;
6741
6742#if 0
6743			printf("found page %#x len %d\n",
6744			       lun->mode_pages.index[i].page_code &
6745			       SMPH_PC_MASK,
6746			       lun->mode_pages.index[i].page_len);
6747#endif
6748
6749			page_len += lun->mode_pages.index[i].page_len;
6750		}
6751
6752		if (page_len == 0) {
6753			ctl_set_invalid_field(ctsio,
6754					      /*sks_valid*/ 1,
6755					      /*command*/ 1,
6756					      /*field*/ 2,
6757					      /*bit_valid*/ 1,
6758					      /*bit*/ 5);
6759			ctl_done((union ctl_io *)ctsio);
6760			return (CTL_RETVAL_COMPLETE);
6761		}
6762		break;
6763	}
6764	}
6765
6766	total_len = header_len + page_len;
6767#if 0
6768	printf("header_len = %d, page_len = %d, total_len = %d\n",
6769	       header_len, page_len, total_len);
6770#endif
6771
6772	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6773	ctsio->kern_sg_entries = 0;
6774	ctsio->kern_data_resid = 0;
6775	ctsio->kern_rel_offset = 0;
6776	if (total_len < alloc_len) {
6777		ctsio->residual = alloc_len - total_len;
6778		ctsio->kern_data_len = total_len;
6779		ctsio->kern_total_len = total_len;
6780	} else {
6781		ctsio->residual = 0;
6782		ctsio->kern_data_len = alloc_len;
6783		ctsio->kern_total_len = alloc_len;
6784	}
6785
6786	switch (ctsio->cdb[0]) {
6787	case MODE_SENSE_6: {
6788		struct scsi_mode_hdr_6 *header;
6789
6790		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6791
6792		header->datalen = ctl_min(total_len - 1, 254);
6793		if (control_dev == 0) {
6794			header->dev_specific = 0x10; /* DPOFUA */
6795			if ((lun->flags & CTL_LUN_READONLY) ||
6796			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6797			    .eca_and_aen & SCP_SWP) != 0)
6798				    header->dev_specific |= 0x80; /* WP */
6799		}
6800		if (dbd)
6801			header->block_descr_len = 0;
6802		else
6803			header->block_descr_len =
6804				sizeof(struct scsi_mode_block_descr);
6805		block_desc = (struct scsi_mode_block_descr *)&header[1];
6806		break;
6807	}
6808	case MODE_SENSE_10: {
6809		struct scsi_mode_hdr_10 *header;
6810		int datalen;
6811
6812		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6813
6814		datalen = ctl_min(total_len - 2, 65533);
6815		scsi_ulto2b(datalen, header->datalen);
6816		if (control_dev == 0) {
6817			header->dev_specific = 0x10; /* DPOFUA */
6818			if ((lun->flags & CTL_LUN_READONLY) ||
6819			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6820			    .eca_and_aen & SCP_SWP) != 0)
6821				    header->dev_specific |= 0x80; /* WP */
6822		}
6823		if (dbd)
6824			scsi_ulto2b(0, header->block_descr_len);
6825		else
6826			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6827				    header->block_descr_len);
6828		block_desc = (struct scsi_mode_block_descr *)&header[1];
6829		break;
6830	}
6831	default:
6832		panic("invalid CDB type %#x", ctsio->cdb[0]);
6833		break; /* NOTREACHED */
6834	}
6835
6836	/*
6837	 * If we've got a disk, use its blocksize in the block
6838	 * descriptor.  Otherwise, just set it to 0.
6839	 */
6840	if (dbd == 0) {
6841		if (control_dev == 0)
6842			scsi_ulto3b(lun->be_lun->blocksize,
6843				    block_desc->block_len);
6844		else
6845			scsi_ulto3b(0, block_desc->block_len);
6846	}
6847
6848	switch (page_code) {
6849	case SMS_ALL_PAGES_PAGE: {
6850		int i, data_used;
6851
6852		data_used = header_len;
6853		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6854			struct ctl_page_index *page_index;
6855
6856			page_index = &lun->mode_pages.index[i];
6857
6858			if ((control_dev != 0)
6859			 && (page_index->page_flags &
6860			    CTL_PAGE_FLAG_DISK_ONLY))
6861				continue;
6862
6863			/*
6864			 * We don't use this subpage if the user didn't
6865			 * request all subpages.  We already checked (above)
6866			 * to make sure the user only specified a subpage
6867			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6868			 */
6869			if ((page_index->subpage != 0)
6870			 && (subpage == SMS_SUBPAGE_PAGE_0))
6871				continue;
6872
6873			/*
6874			 * Call the handler, if it exists, to update the
6875			 * page to the latest values.
6876			 */
6877			if (page_index->sense_handler != NULL)
6878				page_index->sense_handler(ctsio, page_index,pc);
6879
6880			memcpy(ctsio->kern_data_ptr + data_used,
6881			       page_index->page_data +
6882			       (page_index->page_len * pc),
6883			       page_index->page_len);
6884			data_used += page_index->page_len;
6885		}
6886		break;
6887	}
6888	default: {
6889		int i, data_used;
6890
6891		data_used = header_len;
6892
6893		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6894			struct ctl_page_index *page_index;
6895
6896			page_index = &lun->mode_pages.index[i];
6897
6898			/* Look for the right page code */
6899			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6900				continue;
6901
6902			/* Look for the right subpage or the subpage wildcard*/
6903			if ((page_index->subpage != subpage)
6904			 && (subpage != SMS_SUBPAGE_ALL))
6905				continue;
6906
6907			/* Make sure the page is supported for this dev type */
6908			if ((control_dev != 0)
6909			 && (page_index->page_flags &
6910			     CTL_PAGE_FLAG_DISK_ONLY))
6911				continue;
6912
6913			/*
6914			 * Call the handler, if it exists, to update the
6915			 * page to the latest values.
6916			 */
6917			if (page_index->sense_handler != NULL)
6918				page_index->sense_handler(ctsio, page_index,pc);
6919
6920			memcpy(ctsio->kern_data_ptr + data_used,
6921			       page_index->page_data +
6922			       (page_index->page_len * pc),
6923			       page_index->page_len);
6924			data_used += page_index->page_len;
6925		}
6926		break;
6927	}
6928	}
6929
6930	ctl_set_success(ctsio);
6931	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6932	ctsio->be_move_done = ctl_config_move_done;
6933	ctl_datamove((union ctl_io *)ctsio);
6934	return (CTL_RETVAL_COMPLETE);
6935}
6936
6937int
6938ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6939			       struct ctl_page_index *page_index,
6940			       int pc)
6941{
6942	struct ctl_lun *lun;
6943	struct scsi_log_param_header *phdr;
6944	uint8_t *data;
6945	uint64_t val;
6946
6947	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6948	data = page_index->page_data;
6949
6950	if (lun->backend->lun_attr != NULL &&
6951	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6952	     != UINT64_MAX) {
6953		phdr = (struct scsi_log_param_header *)data;
6954		scsi_ulto2b(0x0001, phdr->param_code);
6955		phdr->param_control = SLP_LBIN | SLP_LP;
6956		phdr->param_len = 8;
6957		data = (uint8_t *)(phdr + 1);
6958		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6959		data[4] = 0x02; /* per-pool */
6960		data += phdr->param_len;
6961	}
6962
6963	if (lun->backend->lun_attr != NULL &&
6964	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6965	     != UINT64_MAX) {
6966		phdr = (struct scsi_log_param_header *)data;
6967		scsi_ulto2b(0x0002, phdr->param_code);
6968		phdr->param_control = SLP_LBIN | SLP_LP;
6969		phdr->param_len = 8;
6970		data = (uint8_t *)(phdr + 1);
6971		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6972		data[4] = 0x01; /* per-LUN */
6973		data += phdr->param_len;
6974	}
6975
6976	if (lun->backend->lun_attr != NULL &&
6977	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6978	     != UINT64_MAX) {
6979		phdr = (struct scsi_log_param_header *)data;
6980		scsi_ulto2b(0x00f1, phdr->param_code);
6981		phdr->param_control = SLP_LBIN | SLP_LP;
6982		phdr->param_len = 8;
6983		data = (uint8_t *)(phdr + 1);
6984		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6985		data[4] = 0x02; /* per-pool */
6986		data += phdr->param_len;
6987	}
6988
6989	if (lun->backend->lun_attr != NULL &&
6990	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6991	     != UINT64_MAX) {
6992		phdr = (struct scsi_log_param_header *)data;
6993		scsi_ulto2b(0x00f2, phdr->param_code);
6994		phdr->param_control = SLP_LBIN | SLP_LP;
6995		phdr->param_len = 8;
6996		data = (uint8_t *)(phdr + 1);
6997		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6998		data[4] = 0x02; /* per-pool */
6999		data += phdr->param_len;
7000	}
7001
7002	page_index->page_len = data - page_index->page_data;
7003	return (0);
7004}
7005
7006int
7007ctl_log_sense(struct ctl_scsiio *ctsio)
7008{
7009	struct ctl_lun *lun;
7010	int i, pc, page_code, subpage;
7011	int alloc_len, total_len;
7012	struct ctl_page_index *page_index;
7013	struct scsi_log_sense *cdb;
7014	struct scsi_log_header *header;
7015
7016	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
7017
7018	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7019	cdb = (struct scsi_log_sense *)ctsio->cdb;
7020	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
7021	page_code = cdb->page & SLS_PAGE_CODE;
7022	subpage = cdb->subpage;
7023	alloc_len = scsi_2btoul(cdb->length);
7024
7025	page_index = NULL;
7026	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
7027		page_index = &lun->log_pages.index[i];
7028
7029		/* Look for the right page code */
7030		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
7031			continue;
7032
7033		/* Look for the right subpage or the subpage wildcard*/
7034		if (page_index->subpage != subpage)
7035			continue;
7036
7037		break;
7038	}
7039	if (i >= CTL_NUM_LOG_PAGES) {
7040		ctl_set_invalid_field(ctsio,
7041				      /*sks_valid*/ 1,
7042				      /*command*/ 1,
7043				      /*field*/ 2,
7044				      /*bit_valid*/ 0,
7045				      /*bit*/ 0);
7046		ctl_done((union ctl_io *)ctsio);
7047		return (CTL_RETVAL_COMPLETE);
7048	}
7049
7050	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7051
7052	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7053	ctsio->kern_sg_entries = 0;
7054	ctsio->kern_data_resid = 0;
7055	ctsio->kern_rel_offset = 0;
7056	if (total_len < alloc_len) {
7057		ctsio->residual = alloc_len - total_len;
7058		ctsio->kern_data_len = total_len;
7059		ctsio->kern_total_len = total_len;
7060	} else {
7061		ctsio->residual = 0;
7062		ctsio->kern_data_len = alloc_len;
7063		ctsio->kern_total_len = alloc_len;
7064	}
7065
7066	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7067	header->page = page_index->page_code;
7068	if (page_index->subpage) {
7069		header->page |= SL_SPF;
7070		header->subpage = page_index->subpage;
7071	}
7072	scsi_ulto2b(page_index->page_len, header->datalen);
7073
7074	/*
7075	 * Call the handler, if it exists, to update the
7076	 * page to the latest values.
7077	 */
7078	if (page_index->sense_handler != NULL)
7079		page_index->sense_handler(ctsio, page_index, pc);
7080
7081	memcpy(header + 1, page_index->page_data, page_index->page_len);
7082
7083	ctl_set_success(ctsio);
7084	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7085	ctsio->be_move_done = ctl_config_move_done;
7086	ctl_datamove((union ctl_io *)ctsio);
7087	return (CTL_RETVAL_COMPLETE);
7088}
7089
7090int
7091ctl_read_capacity(struct ctl_scsiio *ctsio)
7092{
7093	struct scsi_read_capacity *cdb;
7094	struct scsi_read_capacity_data *data;
7095	struct ctl_lun *lun;
7096	uint32_t lba;
7097
7098	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7099
7100	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7101
7102	lba = scsi_4btoul(cdb->addr);
7103	if (((cdb->pmi & SRC_PMI) == 0)
7104	 && (lba != 0)) {
7105		ctl_set_invalid_field(/*ctsio*/ ctsio,
7106				      /*sks_valid*/ 1,
7107				      /*command*/ 1,
7108				      /*field*/ 2,
7109				      /*bit_valid*/ 0,
7110				      /*bit*/ 0);
7111		ctl_done((union ctl_io *)ctsio);
7112		return (CTL_RETVAL_COMPLETE);
7113	}
7114
7115	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7116
7117	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7118	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7119	ctsio->residual = 0;
7120	ctsio->kern_data_len = sizeof(*data);
7121	ctsio->kern_total_len = sizeof(*data);
7122	ctsio->kern_data_resid = 0;
7123	ctsio->kern_rel_offset = 0;
7124	ctsio->kern_sg_entries = 0;
7125
7126	/*
7127	 * If the maximum LBA is greater than 0xfffffffe, the user must
7128	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7129	 * serivce action set.
7130	 */
7131	if (lun->be_lun->maxlba > 0xfffffffe)
7132		scsi_ulto4b(0xffffffff, data->addr);
7133	else
7134		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7135
7136	/*
7137	 * XXX KDM this may not be 512 bytes...
7138	 */
7139	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7140
7141	ctl_set_success(ctsio);
7142	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7143	ctsio->be_move_done = ctl_config_move_done;
7144	ctl_datamove((union ctl_io *)ctsio);
7145	return (CTL_RETVAL_COMPLETE);
7146}
7147
7148int
7149ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7150{
7151	struct scsi_read_capacity_16 *cdb;
7152	struct scsi_read_capacity_data_long *data;
7153	struct ctl_lun *lun;
7154	uint64_t lba;
7155	uint32_t alloc_len;
7156
7157	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7158
7159	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7160
7161	alloc_len = scsi_4btoul(cdb->alloc_len);
7162	lba = scsi_8btou64(cdb->addr);
7163
7164	if ((cdb->reladr & SRC16_PMI)
7165	 && (lba != 0)) {
7166		ctl_set_invalid_field(/*ctsio*/ ctsio,
7167				      /*sks_valid*/ 1,
7168				      /*command*/ 1,
7169				      /*field*/ 2,
7170				      /*bit_valid*/ 0,
7171				      /*bit*/ 0);
7172		ctl_done((union ctl_io *)ctsio);
7173		return (CTL_RETVAL_COMPLETE);
7174	}
7175
7176	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7177
7178	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7179	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7180
7181	if (sizeof(*data) < alloc_len) {
7182		ctsio->residual = alloc_len - sizeof(*data);
7183		ctsio->kern_data_len = sizeof(*data);
7184		ctsio->kern_total_len = sizeof(*data);
7185	} else {
7186		ctsio->residual = 0;
7187		ctsio->kern_data_len = alloc_len;
7188		ctsio->kern_total_len = alloc_len;
7189	}
7190	ctsio->kern_data_resid = 0;
7191	ctsio->kern_rel_offset = 0;
7192	ctsio->kern_sg_entries = 0;
7193
7194	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7195	/* XXX KDM this may not be 512 bytes... */
7196	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7197	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7198	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7199	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7200		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7201
7202	ctl_set_success(ctsio);
7203	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7204	ctsio->be_move_done = ctl_config_move_done;
7205	ctl_datamove((union ctl_io *)ctsio);
7206	return (CTL_RETVAL_COMPLETE);
7207}
7208
7209int
7210ctl_get_lba_status(struct ctl_scsiio *ctsio)
7211{
7212	struct scsi_get_lba_status *cdb;
7213	struct scsi_get_lba_status_data *data;
7214	struct ctl_lun *lun;
7215	struct ctl_lba_len_flags *lbalen;
7216	uint64_t lba;
7217	uint32_t alloc_len, total_len;
7218	int retval;
7219
7220	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7221
7222	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7223	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7224	lba = scsi_8btou64(cdb->addr);
7225	alloc_len = scsi_4btoul(cdb->alloc_len);
7226
7227	if (lba > lun->be_lun->maxlba) {
7228		ctl_set_lba_out_of_range(ctsio);
7229		ctl_done((union ctl_io *)ctsio);
7230		return (CTL_RETVAL_COMPLETE);
7231	}
7232
7233	total_len = sizeof(*data) + sizeof(data->descr[0]);
7234	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7235	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7236
7237	if (total_len < alloc_len) {
7238		ctsio->residual = alloc_len - total_len;
7239		ctsio->kern_data_len = total_len;
7240		ctsio->kern_total_len = total_len;
7241	} else {
7242		ctsio->residual = 0;
7243		ctsio->kern_data_len = alloc_len;
7244		ctsio->kern_total_len = alloc_len;
7245	}
7246	ctsio->kern_data_resid = 0;
7247	ctsio->kern_rel_offset = 0;
7248	ctsio->kern_sg_entries = 0;
7249
7250	/* Fill dummy data in case backend can't tell anything. */
7251	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7252	scsi_u64to8b(lba, data->descr[0].addr);
7253	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7254	    data->descr[0].length);
7255	data->descr[0].status = 0; /* Mapped or unknown. */
7256
7257	ctl_set_success(ctsio);
7258	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7259	ctsio->be_move_done = ctl_config_move_done;
7260
7261	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7262	lbalen->lba = lba;
7263	lbalen->len = total_len;
7264	lbalen->flags = 0;
7265	retval = lun->backend->config_read((union ctl_io *)ctsio);
7266	return (CTL_RETVAL_COMPLETE);
7267}
7268
7269int
7270ctl_read_defect(struct ctl_scsiio *ctsio)
7271{
7272	struct scsi_read_defect_data_10 *ccb10;
7273	struct scsi_read_defect_data_12 *ccb12;
7274	struct scsi_read_defect_data_hdr_10 *data10;
7275	struct scsi_read_defect_data_hdr_12 *data12;
7276	uint32_t alloc_len, data_len;
7277	uint8_t format;
7278
7279	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7280
7281	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7282		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7283		format = ccb10->format;
7284		alloc_len = scsi_2btoul(ccb10->alloc_length);
7285		data_len = sizeof(*data10);
7286	} else {
7287		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7288		format = ccb12->format;
7289		alloc_len = scsi_4btoul(ccb12->alloc_length);
7290		data_len = sizeof(*data12);
7291	}
7292	if (alloc_len == 0) {
7293		ctl_set_success(ctsio);
7294		ctl_done((union ctl_io *)ctsio);
7295		return (CTL_RETVAL_COMPLETE);
7296	}
7297
7298	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7299	if (data_len < alloc_len) {
7300		ctsio->residual = alloc_len - data_len;
7301		ctsio->kern_data_len = data_len;
7302		ctsio->kern_total_len = data_len;
7303	} else {
7304		ctsio->residual = 0;
7305		ctsio->kern_data_len = alloc_len;
7306		ctsio->kern_total_len = alloc_len;
7307	}
7308	ctsio->kern_data_resid = 0;
7309	ctsio->kern_rel_offset = 0;
7310	ctsio->kern_sg_entries = 0;
7311
7312	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7313		data10 = (struct scsi_read_defect_data_hdr_10 *)
7314		    ctsio->kern_data_ptr;
7315		data10->format = format;
7316		scsi_ulto2b(0, data10->length);
7317	} else {
7318		data12 = (struct scsi_read_defect_data_hdr_12 *)
7319		    ctsio->kern_data_ptr;
7320		data12->format = format;
7321		scsi_ulto2b(0, data12->generation);
7322		scsi_ulto4b(0, data12->length);
7323	}
7324
7325	ctl_set_success(ctsio);
7326	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7327	ctsio->be_move_done = ctl_config_move_done;
7328	ctl_datamove((union ctl_io *)ctsio);
7329	return (CTL_RETVAL_COMPLETE);
7330}
7331
7332int
7333ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7334{
7335	struct scsi_maintenance_in *cdb;
7336	int retval;
7337	int alloc_len, ext, total_len = 0, g, p, pc, pg, gs, os;
7338	int num_target_port_groups, num_target_ports;
7339	struct ctl_lun *lun;
7340	struct ctl_softc *softc;
7341	struct ctl_port *port;
7342	struct scsi_target_group_data *rtg_ptr;
7343	struct scsi_target_group_data_extended *rtg_ext_ptr;
7344	struct scsi_target_port_group_descriptor *tpg_desc;
7345
7346	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7347
7348	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7349	softc = control_softc;
7350	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7351
7352	retval = CTL_RETVAL_COMPLETE;
7353
7354	switch (cdb->byte2 & STG_PDF_MASK) {
7355	case STG_PDF_LENGTH:
7356		ext = 0;
7357		break;
7358	case STG_PDF_EXTENDED:
7359		ext = 1;
7360		break;
7361	default:
7362		ctl_set_invalid_field(/*ctsio*/ ctsio,
7363				      /*sks_valid*/ 1,
7364				      /*command*/ 1,
7365				      /*field*/ 2,
7366				      /*bit_valid*/ 1,
7367				      /*bit*/ 5);
7368		ctl_done((union ctl_io *)ctsio);
7369		return(retval);
7370	}
7371
7372	if (softc->is_single)
7373		num_target_port_groups = 1;
7374	else
7375		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7376	num_target_ports = 0;
7377	mtx_lock(&softc->ctl_lock);
7378	STAILQ_FOREACH(port, &softc->port_list, links) {
7379		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7380			continue;
7381		if (ctl_map_lun_back(port->targ_port, lun->lun) >= CTL_MAX_LUNS)
7382			continue;
7383		num_target_ports++;
7384	}
7385	mtx_unlock(&softc->ctl_lock);
7386
7387	if (ext)
7388		total_len = sizeof(struct scsi_target_group_data_extended);
7389	else
7390		total_len = sizeof(struct scsi_target_group_data);
7391	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7392		num_target_port_groups +
7393	    sizeof(struct scsi_target_port_descriptor) *
7394		num_target_ports * num_target_port_groups;
7395
7396	alloc_len = scsi_4btoul(cdb->length);
7397
7398	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7399
7400	ctsio->kern_sg_entries = 0;
7401
7402	if (total_len < alloc_len) {
7403		ctsio->residual = alloc_len - total_len;
7404		ctsio->kern_data_len = total_len;
7405		ctsio->kern_total_len = total_len;
7406	} else {
7407		ctsio->residual = 0;
7408		ctsio->kern_data_len = alloc_len;
7409		ctsio->kern_total_len = alloc_len;
7410	}
7411	ctsio->kern_data_resid = 0;
7412	ctsio->kern_rel_offset = 0;
7413
7414	if (ext) {
7415		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7416		    ctsio->kern_data_ptr;
7417		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7418		rtg_ext_ptr->format_type = 0x10;
7419		rtg_ext_ptr->implicit_transition_time = 0;
7420		tpg_desc = &rtg_ext_ptr->groups[0];
7421	} else {
7422		rtg_ptr = (struct scsi_target_group_data *)
7423		    ctsio->kern_data_ptr;
7424		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7425		tpg_desc = &rtg_ptr->groups[0];
7426	}
7427
7428	mtx_lock(&softc->ctl_lock);
7429	pg = softc->port_offset / CTL_MAX_PORTS;
7430	if (softc->flags & CTL_FLAG_ACTIVE_SHELF) {
7431		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY) {
7432			gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7433			os = TPG_ASYMMETRIC_ACCESS_STANDBY;
7434		} else if (lun->flags & CTL_LUN_PRIMARY_SC) {
7435			gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7436			os = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7437		} else {
7438			gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7439			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7440		}
7441	} else {
7442		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7443		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7444	}
7445	for (g = 0; g < num_target_port_groups; g++) {
7446		tpg_desc->pref_state = (g == pg) ? gs : os;
7447		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP;
7448		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7449		tpg_desc->status = TPG_IMPLICIT;
7450		pc = 0;
7451		STAILQ_FOREACH(port, &softc->port_list, links) {
7452			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7453				continue;
7454			if (ctl_map_lun_back(port->targ_port, lun->lun) >=
7455			    CTL_MAX_LUNS)
7456				continue;
7457			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
7458			scsi_ulto2b(p, tpg_desc->descriptors[pc].
7459			    relative_target_port_identifier);
7460			pc++;
7461		}
7462		tpg_desc->target_port_count = pc;
7463		tpg_desc = (struct scsi_target_port_group_descriptor *)
7464		    &tpg_desc->descriptors[pc];
7465	}
7466	mtx_unlock(&softc->ctl_lock);
7467
7468	ctl_set_success(ctsio);
7469	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7470	ctsio->be_move_done = ctl_config_move_done;
7471	ctl_datamove((union ctl_io *)ctsio);
7472	return(retval);
7473}
7474
7475int
7476ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7477{
7478	struct ctl_lun *lun;
7479	struct scsi_report_supported_opcodes *cdb;
7480	const struct ctl_cmd_entry *entry, *sentry;
7481	struct scsi_report_supported_opcodes_all *all;
7482	struct scsi_report_supported_opcodes_descr *descr;
7483	struct scsi_report_supported_opcodes_one *one;
7484	int retval;
7485	int alloc_len, total_len;
7486	int opcode, service_action, i, j, num;
7487
7488	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7489
7490	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7491	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7492
7493	retval = CTL_RETVAL_COMPLETE;
7494
7495	opcode = cdb->requested_opcode;
7496	service_action = scsi_2btoul(cdb->requested_service_action);
7497	switch (cdb->options & RSO_OPTIONS_MASK) {
7498	case RSO_OPTIONS_ALL:
7499		num = 0;
7500		for (i = 0; i < 256; i++) {
7501			entry = &ctl_cmd_table[i];
7502			if (entry->flags & CTL_CMD_FLAG_SA5) {
7503				for (j = 0; j < 32; j++) {
7504					sentry = &((const struct ctl_cmd_entry *)
7505					    entry->execute)[j];
7506					if (ctl_cmd_applicable(
7507					    lun->be_lun->lun_type, sentry))
7508						num++;
7509				}
7510			} else {
7511				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7512				    entry))
7513					num++;
7514			}
7515		}
7516		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7517		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7518		break;
7519	case RSO_OPTIONS_OC:
7520		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7521			ctl_set_invalid_field(/*ctsio*/ ctsio,
7522					      /*sks_valid*/ 1,
7523					      /*command*/ 1,
7524					      /*field*/ 2,
7525					      /*bit_valid*/ 1,
7526					      /*bit*/ 2);
7527			ctl_done((union ctl_io *)ctsio);
7528			return (CTL_RETVAL_COMPLETE);
7529		}
7530		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7531		break;
7532	case RSO_OPTIONS_OC_SA:
7533		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7534		    service_action >= 32) {
7535			ctl_set_invalid_field(/*ctsio*/ ctsio,
7536					      /*sks_valid*/ 1,
7537					      /*command*/ 1,
7538					      /*field*/ 2,
7539					      /*bit_valid*/ 1,
7540					      /*bit*/ 2);
7541			ctl_done((union ctl_io *)ctsio);
7542			return (CTL_RETVAL_COMPLETE);
7543		}
7544		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7545		break;
7546	default:
7547		ctl_set_invalid_field(/*ctsio*/ ctsio,
7548				      /*sks_valid*/ 1,
7549				      /*command*/ 1,
7550				      /*field*/ 2,
7551				      /*bit_valid*/ 1,
7552				      /*bit*/ 2);
7553		ctl_done((union ctl_io *)ctsio);
7554		return (CTL_RETVAL_COMPLETE);
7555	}
7556
7557	alloc_len = scsi_4btoul(cdb->length);
7558
7559	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7560
7561	ctsio->kern_sg_entries = 0;
7562
7563	if (total_len < alloc_len) {
7564		ctsio->residual = alloc_len - total_len;
7565		ctsio->kern_data_len = total_len;
7566		ctsio->kern_total_len = total_len;
7567	} else {
7568		ctsio->residual = 0;
7569		ctsio->kern_data_len = alloc_len;
7570		ctsio->kern_total_len = alloc_len;
7571	}
7572	ctsio->kern_data_resid = 0;
7573	ctsio->kern_rel_offset = 0;
7574
7575	switch (cdb->options & RSO_OPTIONS_MASK) {
7576	case RSO_OPTIONS_ALL:
7577		all = (struct scsi_report_supported_opcodes_all *)
7578		    ctsio->kern_data_ptr;
7579		num = 0;
7580		for (i = 0; i < 256; i++) {
7581			entry = &ctl_cmd_table[i];
7582			if (entry->flags & CTL_CMD_FLAG_SA5) {
7583				for (j = 0; j < 32; j++) {
7584					sentry = &((const struct ctl_cmd_entry *)
7585					    entry->execute)[j];
7586					if (!ctl_cmd_applicable(
7587					    lun->be_lun->lun_type, sentry))
7588						continue;
7589					descr = &all->descr[num++];
7590					descr->opcode = i;
7591					scsi_ulto2b(j, descr->service_action);
7592					descr->flags = RSO_SERVACTV;
7593					scsi_ulto2b(sentry->length,
7594					    descr->cdb_length);
7595				}
7596			} else {
7597				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7598				    entry))
7599					continue;
7600				descr = &all->descr[num++];
7601				descr->opcode = i;
7602				scsi_ulto2b(0, descr->service_action);
7603				descr->flags = 0;
7604				scsi_ulto2b(entry->length, descr->cdb_length);
7605			}
7606		}
7607		scsi_ulto4b(
7608		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7609		    all->length);
7610		break;
7611	case RSO_OPTIONS_OC:
7612		one = (struct scsi_report_supported_opcodes_one *)
7613		    ctsio->kern_data_ptr;
7614		entry = &ctl_cmd_table[opcode];
7615		goto fill_one;
7616	case RSO_OPTIONS_OC_SA:
7617		one = (struct scsi_report_supported_opcodes_one *)
7618		    ctsio->kern_data_ptr;
7619		entry = &ctl_cmd_table[opcode];
7620		entry = &((const struct ctl_cmd_entry *)
7621		    entry->execute)[service_action];
7622fill_one:
7623		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7624			one->support = 3;
7625			scsi_ulto2b(entry->length, one->cdb_length);
7626			one->cdb_usage[0] = opcode;
7627			memcpy(&one->cdb_usage[1], entry->usage,
7628			    entry->length - 1);
7629		} else
7630			one->support = 1;
7631		break;
7632	}
7633
7634	ctl_set_success(ctsio);
7635	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7636	ctsio->be_move_done = ctl_config_move_done;
7637	ctl_datamove((union ctl_io *)ctsio);
7638	return(retval);
7639}
7640
7641int
7642ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7643{
7644	struct scsi_report_supported_tmf *cdb;
7645	struct scsi_report_supported_tmf_data *data;
7646	int retval;
7647	int alloc_len, total_len;
7648
7649	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7650
7651	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7652
7653	retval = CTL_RETVAL_COMPLETE;
7654
7655	total_len = sizeof(struct scsi_report_supported_tmf_data);
7656	alloc_len = scsi_4btoul(cdb->length);
7657
7658	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7659
7660	ctsio->kern_sg_entries = 0;
7661
7662	if (total_len < alloc_len) {
7663		ctsio->residual = alloc_len - total_len;
7664		ctsio->kern_data_len = total_len;
7665		ctsio->kern_total_len = total_len;
7666	} else {
7667		ctsio->residual = 0;
7668		ctsio->kern_data_len = alloc_len;
7669		ctsio->kern_total_len = alloc_len;
7670	}
7671	ctsio->kern_data_resid = 0;
7672	ctsio->kern_rel_offset = 0;
7673
7674	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7675	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7676	data->byte2 |= RST_ITNRS;
7677
7678	ctl_set_success(ctsio);
7679	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7680	ctsio->be_move_done = ctl_config_move_done;
7681	ctl_datamove((union ctl_io *)ctsio);
7682	return (retval);
7683}
7684
7685int
7686ctl_report_timestamp(struct ctl_scsiio *ctsio)
7687{
7688	struct scsi_report_timestamp *cdb;
7689	struct scsi_report_timestamp_data *data;
7690	struct timeval tv;
7691	int64_t timestamp;
7692	int retval;
7693	int alloc_len, total_len;
7694
7695	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7696
7697	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7698
7699	retval = CTL_RETVAL_COMPLETE;
7700
7701	total_len = sizeof(struct scsi_report_timestamp_data);
7702	alloc_len = scsi_4btoul(cdb->length);
7703
7704	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7705
7706	ctsio->kern_sg_entries = 0;
7707
7708	if (total_len < alloc_len) {
7709		ctsio->residual = alloc_len - total_len;
7710		ctsio->kern_data_len = total_len;
7711		ctsio->kern_total_len = total_len;
7712	} else {
7713		ctsio->residual = 0;
7714		ctsio->kern_data_len = alloc_len;
7715		ctsio->kern_total_len = alloc_len;
7716	}
7717	ctsio->kern_data_resid = 0;
7718	ctsio->kern_rel_offset = 0;
7719
7720	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7721	scsi_ulto2b(sizeof(*data) - 2, data->length);
7722	data->origin = RTS_ORIG_OUTSIDE;
7723	getmicrotime(&tv);
7724	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7725	scsi_ulto4b(timestamp >> 16, data->timestamp);
7726	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7727
7728	ctl_set_success(ctsio);
7729	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7730	ctsio->be_move_done = ctl_config_move_done;
7731	ctl_datamove((union ctl_io *)ctsio);
7732	return (retval);
7733}
7734
7735int
7736ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7737{
7738	struct scsi_per_res_in *cdb;
7739	int alloc_len, total_len = 0;
7740	/* struct scsi_per_res_in_rsrv in_data; */
7741	struct ctl_lun *lun;
7742	struct ctl_softc *softc;
7743	uint64_t key;
7744
7745	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7746
7747	softc = control_softc;
7748
7749	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7750
7751	alloc_len = scsi_2btoul(cdb->length);
7752
7753	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7754
7755retry:
7756	mtx_lock(&lun->lun_lock);
7757	switch (cdb->action) {
7758	case SPRI_RK: /* read keys */
7759		total_len = sizeof(struct scsi_per_res_in_keys) +
7760			lun->pr_key_count *
7761			sizeof(struct scsi_per_res_key);
7762		break;
7763	case SPRI_RR: /* read reservation */
7764		if (lun->flags & CTL_LUN_PR_RESERVED)
7765			total_len = sizeof(struct scsi_per_res_in_rsrv);
7766		else
7767			total_len = sizeof(struct scsi_per_res_in_header);
7768		break;
7769	case SPRI_RC: /* report capabilities */
7770		total_len = sizeof(struct scsi_per_res_cap);
7771		break;
7772	case SPRI_RS: /* read full status */
7773		total_len = sizeof(struct scsi_per_res_in_header) +
7774		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7775		    lun->pr_key_count;
7776		break;
7777	default:
7778		panic("Invalid PR type %x", cdb->action);
7779	}
7780	mtx_unlock(&lun->lun_lock);
7781
7782	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7783
7784	if (total_len < alloc_len) {
7785		ctsio->residual = alloc_len - total_len;
7786		ctsio->kern_data_len = total_len;
7787		ctsio->kern_total_len = total_len;
7788	} else {
7789		ctsio->residual = 0;
7790		ctsio->kern_data_len = alloc_len;
7791		ctsio->kern_total_len = alloc_len;
7792	}
7793
7794	ctsio->kern_data_resid = 0;
7795	ctsio->kern_rel_offset = 0;
7796	ctsio->kern_sg_entries = 0;
7797
7798	mtx_lock(&lun->lun_lock);
7799	switch (cdb->action) {
7800	case SPRI_RK: { // read keys
7801        struct scsi_per_res_in_keys *res_keys;
7802		int i, key_count;
7803
7804		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7805
7806		/*
7807		 * We had to drop the lock to allocate our buffer, which
7808		 * leaves time for someone to come in with another
7809		 * persistent reservation.  (That is unlikely, though,
7810		 * since this should be the only persistent reservation
7811		 * command active right now.)
7812		 */
7813		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7814		    (lun->pr_key_count *
7815		     sizeof(struct scsi_per_res_key)))){
7816			mtx_unlock(&lun->lun_lock);
7817			free(ctsio->kern_data_ptr, M_CTL);
7818			printf("%s: reservation length changed, retrying\n",
7819			       __func__);
7820			goto retry;
7821		}
7822
7823		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7824
7825		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7826			     lun->pr_key_count, res_keys->header.length);
7827
7828		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7829			if ((key = ctl_get_prkey(lun, i)) == 0)
7830				continue;
7831
7832			/*
7833			 * We used lun->pr_key_count to calculate the
7834			 * size to allocate.  If it turns out the number of
7835			 * initiators with the registered flag set is
7836			 * larger than that (i.e. they haven't been kept in
7837			 * sync), we've got a problem.
7838			 */
7839			if (key_count >= lun->pr_key_count) {
7840#ifdef NEEDTOPORT
7841				csevent_log(CSC_CTL | CSC_SHELF_SW |
7842					    CTL_PR_ERROR,
7843					    csevent_LogType_Fault,
7844					    csevent_AlertLevel_Yellow,
7845					    csevent_FRU_ShelfController,
7846					    csevent_FRU_Firmware,
7847				        csevent_FRU_Unknown,
7848					    "registered keys %d >= key "
7849					    "count %d", key_count,
7850					    lun->pr_key_count);
7851#endif
7852				key_count++;
7853				continue;
7854			}
7855			scsi_u64to8b(key, res_keys->keys[key_count].key);
7856			key_count++;
7857		}
7858		break;
7859	}
7860	case SPRI_RR: { // read reservation
7861		struct scsi_per_res_in_rsrv *res;
7862		int tmp_len, header_only;
7863
7864		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7865
7866		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7867
7868		if (lun->flags & CTL_LUN_PR_RESERVED)
7869		{
7870			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7871			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7872				    res->header.length);
7873			header_only = 0;
7874		} else {
7875			tmp_len = sizeof(struct scsi_per_res_in_header);
7876			scsi_ulto4b(0, res->header.length);
7877			header_only = 1;
7878		}
7879
7880		/*
7881		 * We had to drop the lock to allocate our buffer, which
7882		 * leaves time for someone to come in with another
7883		 * persistent reservation.  (That is unlikely, though,
7884		 * since this should be the only persistent reservation
7885		 * command active right now.)
7886		 */
7887		if (tmp_len != total_len) {
7888			mtx_unlock(&lun->lun_lock);
7889			free(ctsio->kern_data_ptr, M_CTL);
7890			printf("%s: reservation status changed, retrying\n",
7891			       __func__);
7892			goto retry;
7893		}
7894
7895		/*
7896		 * No reservation held, so we're done.
7897		 */
7898		if (header_only != 0)
7899			break;
7900
7901		/*
7902		 * If the registration is an All Registrants type, the key
7903		 * is 0, since it doesn't really matter.
7904		 */
7905		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7906			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7907			    res->data.reservation);
7908		}
7909		res->data.scopetype = lun->res_type;
7910		break;
7911	}
7912	case SPRI_RC:     //report capabilities
7913	{
7914		struct scsi_per_res_cap *res_cap;
7915		uint16_t type_mask;
7916
7917		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7918		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7919		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7920		type_mask = SPRI_TM_WR_EX_AR |
7921			    SPRI_TM_EX_AC_RO |
7922			    SPRI_TM_WR_EX_RO |
7923			    SPRI_TM_EX_AC |
7924			    SPRI_TM_WR_EX |
7925			    SPRI_TM_EX_AC_AR;
7926		scsi_ulto2b(type_mask, res_cap->type_mask);
7927		break;
7928	}
7929	case SPRI_RS: { // read full status
7930		struct scsi_per_res_in_full *res_status;
7931		struct scsi_per_res_in_full_desc *res_desc;
7932		struct ctl_port *port;
7933		int i, len;
7934
7935		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7936
7937		/*
7938		 * We had to drop the lock to allocate our buffer, which
7939		 * leaves time for someone to come in with another
7940		 * persistent reservation.  (That is unlikely, though,
7941		 * since this should be the only persistent reservation
7942		 * command active right now.)
7943		 */
7944		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7945		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7946		     lun->pr_key_count)){
7947			mtx_unlock(&lun->lun_lock);
7948			free(ctsio->kern_data_ptr, M_CTL);
7949			printf("%s: reservation length changed, retrying\n",
7950			       __func__);
7951			goto retry;
7952		}
7953
7954		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7955
7956		res_desc = &res_status->desc[0];
7957		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7958			if ((key = ctl_get_prkey(lun, i)) == 0)
7959				continue;
7960
7961			scsi_u64to8b(key, res_desc->res_key.key);
7962			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7963			    (lun->pr_res_idx == i ||
7964			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7965				res_desc->flags = SPRI_FULL_R_HOLDER;
7966				res_desc->scopetype = lun->res_type;
7967			}
7968			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7969			    res_desc->rel_trgt_port_id);
7970			len = 0;
7971			port = softc->ctl_ports[
7972			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
7973			if (port != NULL)
7974				len = ctl_create_iid(port,
7975				    i % CTL_MAX_INIT_PER_PORT,
7976				    res_desc->transport_id);
7977			scsi_ulto4b(len, res_desc->additional_length);
7978			res_desc = (struct scsi_per_res_in_full_desc *)
7979			    &res_desc->transport_id[len];
7980		}
7981		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7982		    res_status->header.length);
7983		break;
7984	}
7985	default:
7986		/*
7987		 * This is a bug, because we just checked for this above,
7988		 * and should have returned an error.
7989		 */
7990		panic("Invalid PR type %x", cdb->action);
7991		break; /* NOTREACHED */
7992	}
7993	mtx_unlock(&lun->lun_lock);
7994
7995	ctl_set_success(ctsio);
7996	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7997	ctsio->be_move_done = ctl_config_move_done;
7998	ctl_datamove((union ctl_io *)ctsio);
7999	return (CTL_RETVAL_COMPLETE);
8000}
8001
8002static void
8003ctl_est_res_ua(struct ctl_lun *lun, uint32_t residx, ctl_ua_type ua)
8004{
8005	int off = lun->ctl_softc->persis_offset;
8006
8007	if (residx >= off && residx < off + CTL_MAX_INITIATORS)
8008		ctl_est_ua(lun, residx - off, ua);
8009}
8010
8011/*
8012 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
8013 * it should return.
8014 */
8015static int
8016ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
8017		uint64_t sa_res_key, uint8_t type, uint32_t residx,
8018		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
8019		struct scsi_per_res_out_parms* param)
8020{
8021	union ctl_ha_msg persis_io;
8022	int retval, i;
8023	int isc_retval;
8024
8025	retval = 0;
8026
8027	mtx_lock(&lun->lun_lock);
8028	if (sa_res_key == 0) {
8029		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8030			/* validate scope and type */
8031			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8032			     SPR_LU_SCOPE) {
8033				mtx_unlock(&lun->lun_lock);
8034				ctl_set_invalid_field(/*ctsio*/ ctsio,
8035						      /*sks_valid*/ 1,
8036						      /*command*/ 1,
8037						      /*field*/ 2,
8038						      /*bit_valid*/ 1,
8039						      /*bit*/ 4);
8040				ctl_done((union ctl_io *)ctsio);
8041				return (1);
8042			}
8043
8044		        if (type>8 || type==2 || type==4 || type==0) {
8045				mtx_unlock(&lun->lun_lock);
8046				ctl_set_invalid_field(/*ctsio*/ ctsio,
8047       	           				      /*sks_valid*/ 1,
8048						      /*command*/ 1,
8049						      /*field*/ 2,
8050						      /*bit_valid*/ 1,
8051						      /*bit*/ 0);
8052				ctl_done((union ctl_io *)ctsio);
8053				return (1);
8054		        }
8055
8056			/*
8057			 * Unregister everybody else and build UA for
8058			 * them
8059			 */
8060			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8061				if (i == residx || ctl_get_prkey(lun, i) == 0)
8062					continue;
8063
8064				ctl_clr_prkey(lun, i);
8065				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8066			}
8067			lun->pr_key_count = 1;
8068			lun->res_type = type;
8069			if (lun->res_type != SPR_TYPE_WR_EX_AR
8070			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8071				lun->pr_res_idx = residx;
8072
8073			/* send msg to other side */
8074			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8075			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8076			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8077			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8078			persis_io.pr.pr_info.res_type = type;
8079			memcpy(persis_io.pr.pr_info.sa_res_key,
8080			       param->serv_act_res_key,
8081			       sizeof(param->serv_act_res_key));
8082			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8083			     &persis_io, sizeof(persis_io), 0)) >
8084			     CTL_HA_STATUS_SUCCESS) {
8085				printf("CTL:Persis Out error returned "
8086				       "from ctl_ha_msg_send %d\n",
8087				       isc_retval);
8088			}
8089		} else {
8090			/* not all registrants */
8091			mtx_unlock(&lun->lun_lock);
8092			free(ctsio->kern_data_ptr, M_CTL);
8093			ctl_set_invalid_field(ctsio,
8094					      /*sks_valid*/ 1,
8095					      /*command*/ 0,
8096					      /*field*/ 8,
8097					      /*bit_valid*/ 0,
8098					      /*bit*/ 0);
8099			ctl_done((union ctl_io *)ctsio);
8100			return (1);
8101		}
8102	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8103		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8104		int found = 0;
8105
8106		if (res_key == sa_res_key) {
8107			/* special case */
8108			/*
8109			 * The spec implies this is not good but doesn't
8110			 * say what to do. There are two choices either
8111			 * generate a res conflict or check condition
8112			 * with illegal field in parameter data. Since
8113			 * that is what is done when the sa_res_key is
8114			 * zero I'll take that approach since this has
8115			 * to do with the sa_res_key.
8116			 */
8117			mtx_unlock(&lun->lun_lock);
8118			free(ctsio->kern_data_ptr, M_CTL);
8119			ctl_set_invalid_field(ctsio,
8120					      /*sks_valid*/ 1,
8121					      /*command*/ 0,
8122					      /*field*/ 8,
8123					      /*bit_valid*/ 0,
8124					      /*bit*/ 0);
8125			ctl_done((union ctl_io *)ctsio);
8126			return (1);
8127		}
8128
8129		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8130			if (ctl_get_prkey(lun, i) != sa_res_key)
8131				continue;
8132
8133			found = 1;
8134			ctl_clr_prkey(lun, i);
8135			lun->pr_key_count--;
8136			ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8137		}
8138		if (!found) {
8139			mtx_unlock(&lun->lun_lock);
8140			free(ctsio->kern_data_ptr, M_CTL);
8141			ctl_set_reservation_conflict(ctsio);
8142			ctl_done((union ctl_io *)ctsio);
8143			return (CTL_RETVAL_COMPLETE);
8144		}
8145		/* send msg to other side */
8146		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8147		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8148		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8149		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8150		persis_io.pr.pr_info.res_type = type;
8151		memcpy(persis_io.pr.pr_info.sa_res_key,
8152		       param->serv_act_res_key,
8153		       sizeof(param->serv_act_res_key));
8154		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8155		     &persis_io, sizeof(persis_io), 0)) >
8156		     CTL_HA_STATUS_SUCCESS) {
8157			printf("CTL:Persis Out error returned from "
8158			       "ctl_ha_msg_send %d\n", isc_retval);
8159		}
8160	} else {
8161		/* Reserved but not all registrants */
8162		/* sa_res_key is res holder */
8163		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
8164			/* validate scope and type */
8165			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8166			     SPR_LU_SCOPE) {
8167				mtx_unlock(&lun->lun_lock);
8168				ctl_set_invalid_field(/*ctsio*/ ctsio,
8169						      /*sks_valid*/ 1,
8170						      /*command*/ 1,
8171						      /*field*/ 2,
8172						      /*bit_valid*/ 1,
8173						      /*bit*/ 4);
8174				ctl_done((union ctl_io *)ctsio);
8175				return (1);
8176			}
8177
8178			if (type>8 || type==2 || type==4 || type==0) {
8179				mtx_unlock(&lun->lun_lock);
8180				ctl_set_invalid_field(/*ctsio*/ ctsio,
8181						      /*sks_valid*/ 1,
8182						      /*command*/ 1,
8183						      /*field*/ 2,
8184						      /*bit_valid*/ 1,
8185						      /*bit*/ 0);
8186				ctl_done((union ctl_io *)ctsio);
8187				return (1);
8188			}
8189
8190			/*
8191			 * Do the following:
8192			 * if sa_res_key != res_key remove all
8193			 * registrants w/sa_res_key and generate UA
8194			 * for these registrants(Registrations
8195			 * Preempted) if it wasn't an exclusive
8196			 * reservation generate UA(Reservations
8197			 * Preempted) for all other registered nexuses
8198			 * if the type has changed. Establish the new
8199			 * reservation and holder. If res_key and
8200			 * sa_res_key are the same do the above
8201			 * except don't unregister the res holder.
8202			 */
8203
8204			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8205				if (i == residx || ctl_get_prkey(lun, i) == 0)
8206					continue;
8207
8208				if (sa_res_key == ctl_get_prkey(lun, i)) {
8209					ctl_clr_prkey(lun, i);
8210					lun->pr_key_count--;
8211					ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8212				} else if (type != lun->res_type
8213					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8214					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8215					ctl_est_res_ua(lun, i, CTL_UA_RES_RELEASE);
8216				}
8217			}
8218			lun->res_type = type;
8219			if (lun->res_type != SPR_TYPE_WR_EX_AR
8220			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8221				lun->pr_res_idx = residx;
8222			else
8223				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8224
8225			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8226			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8227			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8228			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8229			persis_io.pr.pr_info.res_type = type;
8230			memcpy(persis_io.pr.pr_info.sa_res_key,
8231			       param->serv_act_res_key,
8232			       sizeof(param->serv_act_res_key));
8233			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8234			     &persis_io, sizeof(persis_io), 0)) >
8235			     CTL_HA_STATUS_SUCCESS) {
8236				printf("CTL:Persis Out error returned "
8237				       "from ctl_ha_msg_send %d\n",
8238				       isc_retval);
8239			}
8240		} else {
8241			/*
8242			 * sa_res_key is not the res holder just
8243			 * remove registrants
8244			 */
8245			int found=0;
8246
8247			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8248				if (sa_res_key != ctl_get_prkey(lun, i))
8249					continue;
8250
8251				found = 1;
8252				ctl_clr_prkey(lun, i);
8253				lun->pr_key_count--;
8254				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8255			}
8256
8257			if (!found) {
8258				mtx_unlock(&lun->lun_lock);
8259				free(ctsio->kern_data_ptr, M_CTL);
8260				ctl_set_reservation_conflict(ctsio);
8261				ctl_done((union ctl_io *)ctsio);
8262		        	return (1);
8263			}
8264			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8265			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8266			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8267			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8268			persis_io.pr.pr_info.res_type = type;
8269			memcpy(persis_io.pr.pr_info.sa_res_key,
8270			       param->serv_act_res_key,
8271			       sizeof(param->serv_act_res_key));
8272			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8273			     &persis_io, sizeof(persis_io), 0)) >
8274			     CTL_HA_STATUS_SUCCESS) {
8275				printf("CTL:Persis Out error returned "
8276				       "from ctl_ha_msg_send %d\n",
8277				isc_retval);
8278			}
8279		}
8280	}
8281
8282	lun->PRGeneration++;
8283	mtx_unlock(&lun->lun_lock);
8284
8285	return (retval);
8286}
8287
8288static void
8289ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8290{
8291	uint64_t sa_res_key;
8292	int i;
8293
8294	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8295
8296	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8297	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8298	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8299		if (sa_res_key == 0) {
8300			/*
8301			 * Unregister everybody else and build UA for
8302			 * them
8303			 */
8304			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8305				if (i == msg->pr.pr_info.residx ||
8306				    ctl_get_prkey(lun, i) == 0)
8307					continue;
8308
8309				ctl_clr_prkey(lun, i);
8310				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8311			}
8312
8313			lun->pr_key_count = 1;
8314			lun->res_type = msg->pr.pr_info.res_type;
8315			if (lun->res_type != SPR_TYPE_WR_EX_AR
8316			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8317				lun->pr_res_idx = msg->pr.pr_info.residx;
8318		} else {
8319		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8320				if (sa_res_key == ctl_get_prkey(lun, i))
8321					continue;
8322
8323				ctl_clr_prkey(lun, i);
8324				lun->pr_key_count--;
8325				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8326			}
8327		}
8328	} else {
8329		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8330			if (i == msg->pr.pr_info.residx ||
8331			    ctl_get_prkey(lun, i) == 0)
8332				continue;
8333
8334			if (sa_res_key == ctl_get_prkey(lun, i)) {
8335				ctl_clr_prkey(lun, i);
8336				lun->pr_key_count--;
8337				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8338			} else if (msg->pr.pr_info.res_type != lun->res_type
8339				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8340				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8341				ctl_est_res_ua(lun, i, CTL_UA_RES_RELEASE);
8342			}
8343		}
8344		lun->res_type = msg->pr.pr_info.res_type;
8345		if (lun->res_type != SPR_TYPE_WR_EX_AR
8346		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8347			lun->pr_res_idx = msg->pr.pr_info.residx;
8348		else
8349			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8350	}
8351	lun->PRGeneration++;
8352
8353}
8354
8355
8356int
8357ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8358{
8359	int retval;
8360	int isc_retval;
8361	u_int32_t param_len;
8362	struct scsi_per_res_out *cdb;
8363	struct ctl_lun *lun;
8364	struct scsi_per_res_out_parms* param;
8365	struct ctl_softc *softc;
8366	uint32_t residx;
8367	uint64_t res_key, sa_res_key, key;
8368	uint8_t type;
8369	union ctl_ha_msg persis_io;
8370	int    i;
8371
8372	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8373
8374	retval = CTL_RETVAL_COMPLETE;
8375
8376	softc = control_softc;
8377
8378	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8379	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8380
8381	/*
8382	 * We only support whole-LUN scope.  The scope & type are ignored for
8383	 * register, register and ignore existing key and clear.
8384	 * We sometimes ignore scope and type on preempts too!!
8385	 * Verify reservation type here as well.
8386	 */
8387	type = cdb->scope_type & SPR_TYPE_MASK;
8388	if ((cdb->action == SPRO_RESERVE)
8389	 || (cdb->action == SPRO_RELEASE)) {
8390		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8391			ctl_set_invalid_field(/*ctsio*/ ctsio,
8392					      /*sks_valid*/ 1,
8393					      /*command*/ 1,
8394					      /*field*/ 2,
8395					      /*bit_valid*/ 1,
8396					      /*bit*/ 4);
8397			ctl_done((union ctl_io *)ctsio);
8398			return (CTL_RETVAL_COMPLETE);
8399		}
8400
8401		if (type>8 || type==2 || type==4 || type==0) {
8402			ctl_set_invalid_field(/*ctsio*/ ctsio,
8403					      /*sks_valid*/ 1,
8404					      /*command*/ 1,
8405					      /*field*/ 2,
8406					      /*bit_valid*/ 1,
8407					      /*bit*/ 0);
8408			ctl_done((union ctl_io *)ctsio);
8409			return (CTL_RETVAL_COMPLETE);
8410		}
8411	}
8412
8413	param_len = scsi_4btoul(cdb->length);
8414
8415	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8416		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8417		ctsio->kern_data_len = param_len;
8418		ctsio->kern_total_len = param_len;
8419		ctsio->kern_data_resid = 0;
8420		ctsio->kern_rel_offset = 0;
8421		ctsio->kern_sg_entries = 0;
8422		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8423		ctsio->be_move_done = ctl_config_move_done;
8424		ctl_datamove((union ctl_io *)ctsio);
8425
8426		return (CTL_RETVAL_COMPLETE);
8427	}
8428
8429	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8430
8431	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
8432	res_key = scsi_8btou64(param->res_key.key);
8433	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8434
8435	/*
8436	 * Validate the reservation key here except for SPRO_REG_IGNO
8437	 * This must be done for all other service actions
8438	 */
8439	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8440		mtx_lock(&lun->lun_lock);
8441		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8442			if (res_key != key) {
8443				/*
8444				 * The current key passed in doesn't match
8445				 * the one the initiator previously
8446				 * registered.
8447				 */
8448				mtx_unlock(&lun->lun_lock);
8449				free(ctsio->kern_data_ptr, M_CTL);
8450				ctl_set_reservation_conflict(ctsio);
8451				ctl_done((union ctl_io *)ctsio);
8452				return (CTL_RETVAL_COMPLETE);
8453			}
8454		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8455			/*
8456			 * We are not registered
8457			 */
8458			mtx_unlock(&lun->lun_lock);
8459			free(ctsio->kern_data_ptr, M_CTL);
8460			ctl_set_reservation_conflict(ctsio);
8461			ctl_done((union ctl_io *)ctsio);
8462			return (CTL_RETVAL_COMPLETE);
8463		} else if (res_key != 0) {
8464			/*
8465			 * We are not registered and trying to register but
8466			 * the register key isn't zero.
8467			 */
8468			mtx_unlock(&lun->lun_lock);
8469			free(ctsio->kern_data_ptr, M_CTL);
8470			ctl_set_reservation_conflict(ctsio);
8471			ctl_done((union ctl_io *)ctsio);
8472			return (CTL_RETVAL_COMPLETE);
8473		}
8474		mtx_unlock(&lun->lun_lock);
8475	}
8476
8477	switch (cdb->action & SPRO_ACTION_MASK) {
8478	case SPRO_REGISTER:
8479	case SPRO_REG_IGNO: {
8480
8481#if 0
8482		printf("Registration received\n");
8483#endif
8484
8485		/*
8486		 * We don't support any of these options, as we report in
8487		 * the read capabilities request (see
8488		 * ctl_persistent_reserve_in(), above).
8489		 */
8490		if ((param->flags & SPR_SPEC_I_PT)
8491		 || (param->flags & SPR_ALL_TG_PT)
8492		 || (param->flags & SPR_APTPL)) {
8493			int bit_ptr;
8494
8495			if (param->flags & SPR_APTPL)
8496				bit_ptr = 0;
8497			else if (param->flags & SPR_ALL_TG_PT)
8498				bit_ptr = 2;
8499			else /* SPR_SPEC_I_PT */
8500				bit_ptr = 3;
8501
8502			free(ctsio->kern_data_ptr, M_CTL);
8503			ctl_set_invalid_field(ctsio,
8504					      /*sks_valid*/ 1,
8505					      /*command*/ 0,
8506					      /*field*/ 20,
8507					      /*bit_valid*/ 1,
8508					      /*bit*/ bit_ptr);
8509			ctl_done((union ctl_io *)ctsio);
8510			return (CTL_RETVAL_COMPLETE);
8511		}
8512
8513		mtx_lock(&lun->lun_lock);
8514
8515		/*
8516		 * The initiator wants to clear the
8517		 * key/unregister.
8518		 */
8519		if (sa_res_key == 0) {
8520			if ((res_key == 0
8521			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8522			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8523			  && ctl_get_prkey(lun, residx) == 0)) {
8524				mtx_unlock(&lun->lun_lock);
8525				goto done;
8526			}
8527
8528			ctl_clr_prkey(lun, residx);
8529			lun->pr_key_count--;
8530
8531			if (residx == lun->pr_res_idx) {
8532				lun->flags &= ~CTL_LUN_PR_RESERVED;
8533				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8534
8535				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8536				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8537				 && lun->pr_key_count) {
8538					/*
8539					 * If the reservation is a registrants
8540					 * only type we need to generate a UA
8541					 * for other registered inits.  The
8542					 * sense code should be RESERVATIONS
8543					 * RELEASED
8544					 */
8545
8546					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8547						if (ctl_get_prkey(lun, i +
8548						    softc->persis_offset) == 0)
8549							continue;
8550						ctl_est_ua(lun, i,
8551						    CTL_UA_RES_RELEASE);
8552					}
8553				}
8554				lun->res_type = 0;
8555			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8556				if (lun->pr_key_count==0) {
8557					lun->flags &= ~CTL_LUN_PR_RESERVED;
8558					lun->res_type = 0;
8559					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8560				}
8561			}
8562			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8563			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8564			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8565			persis_io.pr.pr_info.residx = residx;
8566			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8567			     &persis_io, sizeof(persis_io), 0 )) >
8568			     CTL_HA_STATUS_SUCCESS) {
8569				printf("CTL:Persis Out error returned from "
8570				       "ctl_ha_msg_send %d\n", isc_retval);
8571			}
8572		} else /* sa_res_key != 0 */ {
8573
8574			/*
8575			 * If we aren't registered currently then increment
8576			 * the key count and set the registered flag.
8577			 */
8578			ctl_alloc_prkey(lun, residx);
8579			if (ctl_get_prkey(lun, residx) == 0)
8580				lun->pr_key_count++;
8581			ctl_set_prkey(lun, residx, sa_res_key);
8582
8583			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8584			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8585			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8586			persis_io.pr.pr_info.residx = residx;
8587			memcpy(persis_io.pr.pr_info.sa_res_key,
8588			       param->serv_act_res_key,
8589			       sizeof(param->serv_act_res_key));
8590			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8591			     &persis_io, sizeof(persis_io), 0)) >
8592			     CTL_HA_STATUS_SUCCESS) {
8593				printf("CTL:Persis Out error returned from "
8594				       "ctl_ha_msg_send %d\n", isc_retval);
8595			}
8596		}
8597		lun->PRGeneration++;
8598		mtx_unlock(&lun->lun_lock);
8599
8600		break;
8601	}
8602	case SPRO_RESERVE:
8603#if 0
8604                printf("Reserve executed type %d\n", type);
8605#endif
8606		mtx_lock(&lun->lun_lock);
8607		if (lun->flags & CTL_LUN_PR_RESERVED) {
8608			/*
8609			 * if this isn't the reservation holder and it's
8610			 * not a "all registrants" type or if the type is
8611			 * different then we have a conflict
8612			 */
8613			if ((lun->pr_res_idx != residx
8614			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8615			 || lun->res_type != type) {
8616				mtx_unlock(&lun->lun_lock);
8617				free(ctsio->kern_data_ptr, M_CTL);
8618				ctl_set_reservation_conflict(ctsio);
8619				ctl_done((union ctl_io *)ctsio);
8620				return (CTL_RETVAL_COMPLETE);
8621			}
8622			mtx_unlock(&lun->lun_lock);
8623		} else /* create a reservation */ {
8624			/*
8625			 * If it's not an "all registrants" type record
8626			 * reservation holder
8627			 */
8628			if (type != SPR_TYPE_WR_EX_AR
8629			 && type != SPR_TYPE_EX_AC_AR)
8630				lun->pr_res_idx = residx; /* Res holder */
8631			else
8632				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8633
8634			lun->flags |= CTL_LUN_PR_RESERVED;
8635			lun->res_type = type;
8636
8637			mtx_unlock(&lun->lun_lock);
8638
8639			/* send msg to other side */
8640			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8641			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8642			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8643			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8644			persis_io.pr.pr_info.res_type = type;
8645			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8646			     &persis_io, sizeof(persis_io), 0)) >
8647			     CTL_HA_STATUS_SUCCESS) {
8648				printf("CTL:Persis Out error returned from "
8649				       "ctl_ha_msg_send %d\n", isc_retval);
8650			}
8651		}
8652		break;
8653
8654	case SPRO_RELEASE:
8655		mtx_lock(&lun->lun_lock);
8656		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8657			/* No reservation exists return good status */
8658			mtx_unlock(&lun->lun_lock);
8659			goto done;
8660		}
8661		/*
8662		 * Is this nexus a reservation holder?
8663		 */
8664		if (lun->pr_res_idx != residx
8665		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8666			/*
8667			 * not a res holder return good status but
8668			 * do nothing
8669			 */
8670			mtx_unlock(&lun->lun_lock);
8671			goto done;
8672		}
8673
8674		if (lun->res_type != type) {
8675			mtx_unlock(&lun->lun_lock);
8676			free(ctsio->kern_data_ptr, M_CTL);
8677			ctl_set_illegal_pr_release(ctsio);
8678			ctl_done((union ctl_io *)ctsio);
8679			return (CTL_RETVAL_COMPLETE);
8680		}
8681
8682		/* okay to release */
8683		lun->flags &= ~CTL_LUN_PR_RESERVED;
8684		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8685		lun->res_type = 0;
8686
8687		/*
8688		 * if this isn't an exclusive access
8689		 * res generate UA for all other
8690		 * registrants.
8691		 */
8692		if (type != SPR_TYPE_EX_AC
8693		 && type != SPR_TYPE_WR_EX) {
8694			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8695				if (i == residx ||
8696				    ctl_get_prkey(lun,
8697				     i + softc->persis_offset) == 0)
8698					continue;
8699				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8700			}
8701		}
8702		mtx_unlock(&lun->lun_lock);
8703		/* Send msg to other side */
8704		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8705		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8706		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8707		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8708		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8709			printf("CTL:Persis Out error returned from "
8710			       "ctl_ha_msg_send %d\n", isc_retval);
8711		}
8712		break;
8713
8714	case SPRO_CLEAR:
8715		/* send msg to other side */
8716
8717		mtx_lock(&lun->lun_lock);
8718		lun->flags &= ~CTL_LUN_PR_RESERVED;
8719		lun->res_type = 0;
8720		lun->pr_key_count = 0;
8721		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8722
8723		ctl_clr_prkey(lun, residx);
8724		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8725			if (ctl_get_prkey(lun, i) != 0) {
8726				ctl_clr_prkey(lun, i);
8727				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8728			}
8729		lun->PRGeneration++;
8730		mtx_unlock(&lun->lun_lock);
8731		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8732		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8733		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8734		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8735		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8736			printf("CTL:Persis Out error returned from "
8737			       "ctl_ha_msg_send %d\n", isc_retval);
8738		}
8739		break;
8740
8741	case SPRO_PREEMPT:
8742	case SPRO_PRE_ABO: {
8743		int nretval;
8744
8745		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8746					  residx, ctsio, cdb, param);
8747		if (nretval != 0)
8748			return (CTL_RETVAL_COMPLETE);
8749		break;
8750	}
8751	default:
8752		panic("Invalid PR type %x", cdb->action);
8753	}
8754
8755done:
8756	free(ctsio->kern_data_ptr, M_CTL);
8757	ctl_set_success(ctsio);
8758	ctl_done((union ctl_io *)ctsio);
8759
8760	return (retval);
8761}
8762
8763/*
8764 * This routine is for handling a message from the other SC pertaining to
8765 * persistent reserve out. All the error checking will have been done
8766 * so only perorming the action need be done here to keep the two
8767 * in sync.
8768 */
8769static void
8770ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8771{
8772	struct ctl_lun *lun;
8773	struct ctl_softc *softc;
8774	int i;
8775	uint32_t targ_lun;
8776
8777	softc = control_softc;
8778
8779	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8780	lun = softc->ctl_luns[targ_lun];
8781	mtx_lock(&lun->lun_lock);
8782	switch(msg->pr.pr_info.action) {
8783	case CTL_PR_REG_KEY:
8784		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8785		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8786			lun->pr_key_count++;
8787		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8788		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8789		lun->PRGeneration++;
8790		break;
8791
8792	case CTL_PR_UNREG_KEY:
8793		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8794		lun->pr_key_count--;
8795
8796		/* XXX Need to see if the reservation has been released */
8797		/* if so do we need to generate UA? */
8798		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8799			lun->flags &= ~CTL_LUN_PR_RESERVED;
8800			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8801
8802			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8803			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8804			 && lun->pr_key_count) {
8805				/*
8806				 * If the reservation is a registrants
8807				 * only type we need to generate a UA
8808				 * for other registered inits.  The
8809				 * sense code should be RESERVATIONS
8810				 * RELEASED
8811				 */
8812
8813				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8814					if (ctl_get_prkey(lun, i +
8815					    softc->persis_offset) == 0)
8816						continue;
8817
8818					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8819				}
8820			}
8821			lun->res_type = 0;
8822		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8823			if (lun->pr_key_count==0) {
8824				lun->flags &= ~CTL_LUN_PR_RESERVED;
8825				lun->res_type = 0;
8826				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8827			}
8828		}
8829		lun->PRGeneration++;
8830		break;
8831
8832	case CTL_PR_RESERVE:
8833		lun->flags |= CTL_LUN_PR_RESERVED;
8834		lun->res_type = msg->pr.pr_info.res_type;
8835		lun->pr_res_idx = msg->pr.pr_info.residx;
8836
8837		break;
8838
8839	case CTL_PR_RELEASE:
8840		/*
8841		 * if this isn't an exclusive access res generate UA for all
8842		 * other registrants.
8843		 */
8844		if (lun->res_type != SPR_TYPE_EX_AC
8845		 && lun->res_type != SPR_TYPE_WR_EX) {
8846			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8847				if (ctl_get_prkey(lun, i + softc->persis_offset) != 0)
8848					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8849		}
8850
8851		lun->flags &= ~CTL_LUN_PR_RESERVED;
8852		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8853		lun->res_type = 0;
8854		break;
8855
8856	case CTL_PR_PREEMPT:
8857		ctl_pro_preempt_other(lun, msg);
8858		break;
8859	case CTL_PR_CLEAR:
8860		lun->flags &= ~CTL_LUN_PR_RESERVED;
8861		lun->res_type = 0;
8862		lun->pr_key_count = 0;
8863		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8864
8865		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8866			if (ctl_get_prkey(lun, i) == 0)
8867				continue;
8868			ctl_clr_prkey(lun, i);
8869			ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8870		}
8871		lun->PRGeneration++;
8872		break;
8873	}
8874
8875	mtx_unlock(&lun->lun_lock);
8876}
8877
8878int
8879ctl_read_write(struct ctl_scsiio *ctsio)
8880{
8881	struct ctl_lun *lun;
8882	struct ctl_lba_len_flags *lbalen;
8883	uint64_t lba;
8884	uint32_t num_blocks;
8885	int flags, retval;
8886	int isread;
8887
8888	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8889
8890	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8891
8892	flags = 0;
8893	retval = CTL_RETVAL_COMPLETE;
8894
8895	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8896	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8897	switch (ctsio->cdb[0]) {
8898	case READ_6:
8899	case WRITE_6: {
8900		struct scsi_rw_6 *cdb;
8901
8902		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8903
8904		lba = scsi_3btoul(cdb->addr);
8905		/* only 5 bits are valid in the most significant address byte */
8906		lba &= 0x1fffff;
8907		num_blocks = cdb->length;
8908		/*
8909		 * This is correct according to SBC-2.
8910		 */
8911		if (num_blocks == 0)
8912			num_blocks = 256;
8913		break;
8914	}
8915	case READ_10:
8916	case WRITE_10: {
8917		struct scsi_rw_10 *cdb;
8918
8919		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8920		if (cdb->byte2 & SRW10_FUA)
8921			flags |= CTL_LLF_FUA;
8922		if (cdb->byte2 & SRW10_DPO)
8923			flags |= CTL_LLF_DPO;
8924		lba = scsi_4btoul(cdb->addr);
8925		num_blocks = scsi_2btoul(cdb->length);
8926		break;
8927	}
8928	case WRITE_VERIFY_10: {
8929		struct scsi_write_verify_10 *cdb;
8930
8931		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8932		flags |= CTL_LLF_FUA;
8933		if (cdb->byte2 & SWV_DPO)
8934			flags |= CTL_LLF_DPO;
8935		lba = scsi_4btoul(cdb->addr);
8936		num_blocks = scsi_2btoul(cdb->length);
8937		break;
8938	}
8939	case READ_12:
8940	case WRITE_12: {
8941		struct scsi_rw_12 *cdb;
8942
8943		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8944		if (cdb->byte2 & SRW12_FUA)
8945			flags |= CTL_LLF_FUA;
8946		if (cdb->byte2 & SRW12_DPO)
8947			flags |= CTL_LLF_DPO;
8948		lba = scsi_4btoul(cdb->addr);
8949		num_blocks = scsi_4btoul(cdb->length);
8950		break;
8951	}
8952	case WRITE_VERIFY_12: {
8953		struct scsi_write_verify_12 *cdb;
8954
8955		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8956		flags |= CTL_LLF_FUA;
8957		if (cdb->byte2 & SWV_DPO)
8958			flags |= CTL_LLF_DPO;
8959		lba = scsi_4btoul(cdb->addr);
8960		num_blocks = scsi_4btoul(cdb->length);
8961		break;
8962	}
8963	case READ_16:
8964	case WRITE_16: {
8965		struct scsi_rw_16 *cdb;
8966
8967		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8968		if (cdb->byte2 & SRW12_FUA)
8969			flags |= CTL_LLF_FUA;
8970		if (cdb->byte2 & SRW12_DPO)
8971			flags |= CTL_LLF_DPO;
8972		lba = scsi_8btou64(cdb->addr);
8973		num_blocks = scsi_4btoul(cdb->length);
8974		break;
8975	}
8976	case WRITE_ATOMIC_16: {
8977		struct scsi_rw_16 *cdb;
8978
8979		if (lun->be_lun->atomicblock == 0) {
8980			ctl_set_invalid_opcode(ctsio);
8981			ctl_done((union ctl_io *)ctsio);
8982			return (CTL_RETVAL_COMPLETE);
8983		}
8984
8985		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8986		if (cdb->byte2 & SRW12_FUA)
8987			flags |= CTL_LLF_FUA;
8988		if (cdb->byte2 & SRW12_DPO)
8989			flags |= CTL_LLF_DPO;
8990		lba = scsi_8btou64(cdb->addr);
8991		num_blocks = scsi_4btoul(cdb->length);
8992		if (num_blocks > lun->be_lun->atomicblock) {
8993			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8994			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8995			    /*bit*/ 0);
8996			ctl_done((union ctl_io *)ctsio);
8997			return (CTL_RETVAL_COMPLETE);
8998		}
8999		break;
9000	}
9001	case WRITE_VERIFY_16: {
9002		struct scsi_write_verify_16 *cdb;
9003
9004		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
9005		flags |= CTL_LLF_FUA;
9006		if (cdb->byte2 & SWV_DPO)
9007			flags |= CTL_LLF_DPO;
9008		lba = scsi_8btou64(cdb->addr);
9009		num_blocks = scsi_4btoul(cdb->length);
9010		break;
9011	}
9012	default:
9013		/*
9014		 * We got a command we don't support.  This shouldn't
9015		 * happen, commands should be filtered out above us.
9016		 */
9017		ctl_set_invalid_opcode(ctsio);
9018		ctl_done((union ctl_io *)ctsio);
9019
9020		return (CTL_RETVAL_COMPLETE);
9021		break; /* NOTREACHED */
9022	}
9023
9024	/*
9025	 * The first check is to make sure we're in bounds, the second
9026	 * check is to catch wrap-around problems.  If the lba + num blocks
9027	 * is less than the lba, then we've wrapped around and the block
9028	 * range is invalid anyway.
9029	 */
9030	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9031	 || ((lba + num_blocks) < lba)) {
9032		ctl_set_lba_out_of_range(ctsio);
9033		ctl_done((union ctl_io *)ctsio);
9034		return (CTL_RETVAL_COMPLETE);
9035	}
9036
9037	/*
9038	 * According to SBC-3, a transfer length of 0 is not an error.
9039	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
9040	 * translates to 256 blocks for those commands.
9041	 */
9042	if (num_blocks == 0) {
9043		ctl_set_success(ctsio);
9044		ctl_done((union ctl_io *)ctsio);
9045		return (CTL_RETVAL_COMPLETE);
9046	}
9047
9048	/* Set FUA and/or DPO if caches are disabled. */
9049	if (isread) {
9050		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9051		    SCP_RCD) != 0)
9052			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9053	} else {
9054		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9055		    SCP_WCE) == 0)
9056			flags |= CTL_LLF_FUA;
9057	}
9058
9059	lbalen = (struct ctl_lba_len_flags *)
9060	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9061	lbalen->lba = lba;
9062	lbalen->len = num_blocks;
9063	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9064
9065	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9066	ctsio->kern_rel_offset = 0;
9067
9068	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9069
9070	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9071
9072	return (retval);
9073}
9074
9075static int
9076ctl_cnw_cont(union ctl_io *io)
9077{
9078	struct ctl_scsiio *ctsio;
9079	struct ctl_lun *lun;
9080	struct ctl_lba_len_flags *lbalen;
9081	int retval;
9082
9083	ctsio = &io->scsiio;
9084	ctsio->io_hdr.status = CTL_STATUS_NONE;
9085	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9086	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9087	lbalen = (struct ctl_lba_len_flags *)
9088	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9089	lbalen->flags &= ~CTL_LLF_COMPARE;
9090	lbalen->flags |= CTL_LLF_WRITE;
9091
9092	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9093	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9094	return (retval);
9095}
9096
9097int
9098ctl_cnw(struct ctl_scsiio *ctsio)
9099{
9100	struct ctl_lun *lun;
9101	struct ctl_lba_len_flags *lbalen;
9102	uint64_t lba;
9103	uint32_t num_blocks;
9104	int flags, retval;
9105
9106	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9107
9108	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9109
9110	flags = 0;
9111	retval = CTL_RETVAL_COMPLETE;
9112
9113	switch (ctsio->cdb[0]) {
9114	case COMPARE_AND_WRITE: {
9115		struct scsi_compare_and_write *cdb;
9116
9117		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9118		if (cdb->byte2 & SRW10_FUA)
9119			flags |= CTL_LLF_FUA;
9120		if (cdb->byte2 & SRW10_DPO)
9121			flags |= CTL_LLF_DPO;
9122		lba = scsi_8btou64(cdb->addr);
9123		num_blocks = cdb->length;
9124		break;
9125	}
9126	default:
9127		/*
9128		 * We got a command we don't support.  This shouldn't
9129		 * happen, commands should be filtered out above us.
9130		 */
9131		ctl_set_invalid_opcode(ctsio);
9132		ctl_done((union ctl_io *)ctsio);
9133
9134		return (CTL_RETVAL_COMPLETE);
9135		break; /* NOTREACHED */
9136	}
9137
9138	/*
9139	 * The first check is to make sure we're in bounds, the second
9140	 * check is to catch wrap-around problems.  If the lba + num blocks
9141	 * is less than the lba, then we've wrapped around and the block
9142	 * range is invalid anyway.
9143	 */
9144	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9145	 || ((lba + num_blocks) < lba)) {
9146		ctl_set_lba_out_of_range(ctsio);
9147		ctl_done((union ctl_io *)ctsio);
9148		return (CTL_RETVAL_COMPLETE);
9149	}
9150
9151	/*
9152	 * According to SBC-3, a transfer length of 0 is not an error.
9153	 */
9154	if (num_blocks == 0) {
9155		ctl_set_success(ctsio);
9156		ctl_done((union ctl_io *)ctsio);
9157		return (CTL_RETVAL_COMPLETE);
9158	}
9159
9160	/* Set FUA if write cache is disabled. */
9161	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9162	    SCP_WCE) == 0)
9163		flags |= CTL_LLF_FUA;
9164
9165	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9166	ctsio->kern_rel_offset = 0;
9167
9168	/*
9169	 * Set the IO_CONT flag, so that if this I/O gets passed to
9170	 * ctl_data_submit_done(), it'll get passed back to
9171	 * ctl_ctl_cnw_cont() for further processing.
9172	 */
9173	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9174	ctsio->io_cont = ctl_cnw_cont;
9175
9176	lbalen = (struct ctl_lba_len_flags *)
9177	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9178	lbalen->lba = lba;
9179	lbalen->len = num_blocks;
9180	lbalen->flags = CTL_LLF_COMPARE | flags;
9181
9182	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9183	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9184	return (retval);
9185}
9186
9187int
9188ctl_verify(struct ctl_scsiio *ctsio)
9189{
9190	struct ctl_lun *lun;
9191	struct ctl_lba_len_flags *lbalen;
9192	uint64_t lba;
9193	uint32_t num_blocks;
9194	int bytchk, flags;
9195	int retval;
9196
9197	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9198
9199	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9200
9201	bytchk = 0;
9202	flags = CTL_LLF_FUA;
9203	retval = CTL_RETVAL_COMPLETE;
9204
9205	switch (ctsio->cdb[0]) {
9206	case VERIFY_10: {
9207		struct scsi_verify_10 *cdb;
9208
9209		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9210		if (cdb->byte2 & SVFY_BYTCHK)
9211			bytchk = 1;
9212		if (cdb->byte2 & SVFY_DPO)
9213			flags |= CTL_LLF_DPO;
9214		lba = scsi_4btoul(cdb->addr);
9215		num_blocks = scsi_2btoul(cdb->length);
9216		break;
9217	}
9218	case VERIFY_12: {
9219		struct scsi_verify_12 *cdb;
9220
9221		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9222		if (cdb->byte2 & SVFY_BYTCHK)
9223			bytchk = 1;
9224		if (cdb->byte2 & SVFY_DPO)
9225			flags |= CTL_LLF_DPO;
9226		lba = scsi_4btoul(cdb->addr);
9227		num_blocks = scsi_4btoul(cdb->length);
9228		break;
9229	}
9230	case VERIFY_16: {
9231		struct scsi_rw_16 *cdb;
9232
9233		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9234		if (cdb->byte2 & SVFY_BYTCHK)
9235			bytchk = 1;
9236		if (cdb->byte2 & SVFY_DPO)
9237			flags |= CTL_LLF_DPO;
9238		lba = scsi_8btou64(cdb->addr);
9239		num_blocks = scsi_4btoul(cdb->length);
9240		break;
9241	}
9242	default:
9243		/*
9244		 * We got a command we don't support.  This shouldn't
9245		 * happen, commands should be filtered out above us.
9246		 */
9247		ctl_set_invalid_opcode(ctsio);
9248		ctl_done((union ctl_io *)ctsio);
9249		return (CTL_RETVAL_COMPLETE);
9250	}
9251
9252	/*
9253	 * The first check is to make sure we're in bounds, the second
9254	 * check is to catch wrap-around problems.  If the lba + num blocks
9255	 * is less than the lba, then we've wrapped around and the block
9256	 * range is invalid anyway.
9257	 */
9258	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9259	 || ((lba + num_blocks) < lba)) {
9260		ctl_set_lba_out_of_range(ctsio);
9261		ctl_done((union ctl_io *)ctsio);
9262		return (CTL_RETVAL_COMPLETE);
9263	}
9264
9265	/*
9266	 * According to SBC-3, a transfer length of 0 is not an error.
9267	 */
9268	if (num_blocks == 0) {
9269		ctl_set_success(ctsio);
9270		ctl_done((union ctl_io *)ctsio);
9271		return (CTL_RETVAL_COMPLETE);
9272	}
9273
9274	lbalen = (struct ctl_lba_len_flags *)
9275	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9276	lbalen->lba = lba;
9277	lbalen->len = num_blocks;
9278	if (bytchk) {
9279		lbalen->flags = CTL_LLF_COMPARE | flags;
9280		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9281	} else {
9282		lbalen->flags = CTL_LLF_VERIFY | flags;
9283		ctsio->kern_total_len = 0;
9284	}
9285	ctsio->kern_rel_offset = 0;
9286
9287	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9288	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9289	return (retval);
9290}
9291
9292int
9293ctl_report_luns(struct ctl_scsiio *ctsio)
9294{
9295	struct scsi_report_luns *cdb;
9296	struct scsi_report_luns_data *lun_data;
9297	struct ctl_lun *lun, *request_lun;
9298	int num_luns, retval;
9299	uint32_t alloc_len, lun_datalen;
9300	int num_filled, well_known;
9301	uint32_t initidx, targ_lun_id, lun_id;
9302
9303	retval = CTL_RETVAL_COMPLETE;
9304	well_known = 0;
9305
9306	cdb = (struct scsi_report_luns *)ctsio->cdb;
9307
9308	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9309
9310	mtx_lock(&control_softc->ctl_lock);
9311	num_luns = control_softc->num_luns;
9312	mtx_unlock(&control_softc->ctl_lock);
9313
9314	switch (cdb->select_report) {
9315	case RPL_REPORT_DEFAULT:
9316	case RPL_REPORT_ALL:
9317		break;
9318	case RPL_REPORT_WELLKNOWN:
9319		well_known = 1;
9320		num_luns = 0;
9321		break;
9322	default:
9323		ctl_set_invalid_field(ctsio,
9324				      /*sks_valid*/ 1,
9325				      /*command*/ 1,
9326				      /*field*/ 2,
9327				      /*bit_valid*/ 0,
9328				      /*bit*/ 0);
9329		ctl_done((union ctl_io *)ctsio);
9330		return (retval);
9331		break; /* NOTREACHED */
9332	}
9333
9334	alloc_len = scsi_4btoul(cdb->length);
9335	/*
9336	 * The initiator has to allocate at least 16 bytes for this request,
9337	 * so he can at least get the header and the first LUN.  Otherwise
9338	 * we reject the request (per SPC-3 rev 14, section 6.21).
9339	 */
9340	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9341	    sizeof(struct scsi_report_luns_lundata))) {
9342		ctl_set_invalid_field(ctsio,
9343				      /*sks_valid*/ 1,
9344				      /*command*/ 1,
9345				      /*field*/ 6,
9346				      /*bit_valid*/ 0,
9347				      /*bit*/ 0);
9348		ctl_done((union ctl_io *)ctsio);
9349		return (retval);
9350	}
9351
9352	request_lun = (struct ctl_lun *)
9353		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9354
9355	lun_datalen = sizeof(*lun_data) +
9356		(num_luns * sizeof(struct scsi_report_luns_lundata));
9357
9358	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9359	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9360	ctsio->kern_sg_entries = 0;
9361
9362	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9363
9364	mtx_lock(&control_softc->ctl_lock);
9365	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9366		lun_id = ctl_map_lun(ctsio->io_hdr.nexus.targ_port, targ_lun_id);
9367		if (lun_id >= CTL_MAX_LUNS)
9368			continue;
9369		lun = control_softc->ctl_luns[lun_id];
9370		if (lun == NULL)
9371			continue;
9372
9373		if (targ_lun_id <= 0xff) {
9374			/*
9375			 * Peripheral addressing method, bus number 0.
9376			 */
9377			lun_data->luns[num_filled].lundata[0] =
9378				RPL_LUNDATA_ATYP_PERIPH;
9379			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9380			num_filled++;
9381		} else if (targ_lun_id <= 0x3fff) {
9382			/*
9383			 * Flat addressing method.
9384			 */
9385			lun_data->luns[num_filled].lundata[0] =
9386				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9387			lun_data->luns[num_filled].lundata[1] =
9388				(targ_lun_id & 0xff);
9389			num_filled++;
9390		} else if (targ_lun_id <= 0xffffff) {
9391			/*
9392			 * Extended flat addressing method.
9393			 */
9394			lun_data->luns[num_filled].lundata[0] =
9395			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9396			scsi_ulto3b(targ_lun_id,
9397			    &lun_data->luns[num_filled].lundata[1]);
9398			num_filled++;
9399		} else {
9400			printf("ctl_report_luns: bogus LUN number %jd, "
9401			       "skipping\n", (intmax_t)targ_lun_id);
9402		}
9403		/*
9404		 * According to SPC-3, rev 14 section 6.21:
9405		 *
9406		 * "The execution of a REPORT LUNS command to any valid and
9407		 * installed logical unit shall clear the REPORTED LUNS DATA
9408		 * HAS CHANGED unit attention condition for all logical
9409		 * units of that target with respect to the requesting
9410		 * initiator. A valid and installed logical unit is one
9411		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9412		 * INQUIRY data (see 6.4.2)."
9413		 *
9414		 * If request_lun is NULL, the LUN this report luns command
9415		 * was issued to is either disabled or doesn't exist. In that
9416		 * case, we shouldn't clear any pending lun change unit
9417		 * attention.
9418		 */
9419		if (request_lun != NULL) {
9420			mtx_lock(&lun->lun_lock);
9421			ctl_clr_ua(lun, initidx, CTL_UA_RES_RELEASE);
9422			mtx_unlock(&lun->lun_lock);
9423		}
9424	}
9425	mtx_unlock(&control_softc->ctl_lock);
9426
9427	/*
9428	 * It's quite possible that we've returned fewer LUNs than we allocated
9429	 * space for.  Trim it.
9430	 */
9431	lun_datalen = sizeof(*lun_data) +
9432		(num_filled * sizeof(struct scsi_report_luns_lundata));
9433
9434	if (lun_datalen < alloc_len) {
9435		ctsio->residual = alloc_len - lun_datalen;
9436		ctsio->kern_data_len = lun_datalen;
9437		ctsio->kern_total_len = lun_datalen;
9438	} else {
9439		ctsio->residual = 0;
9440		ctsio->kern_data_len = alloc_len;
9441		ctsio->kern_total_len = alloc_len;
9442	}
9443	ctsio->kern_data_resid = 0;
9444	ctsio->kern_rel_offset = 0;
9445	ctsio->kern_sg_entries = 0;
9446
9447	/*
9448	 * We set this to the actual data length, regardless of how much
9449	 * space we actually have to return results.  If the user looks at
9450	 * this value, he'll know whether or not he allocated enough space
9451	 * and reissue the command if necessary.  We don't support well
9452	 * known logical units, so if the user asks for that, return none.
9453	 */
9454	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9455
9456	/*
9457	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9458	 * this request.
9459	 */
9460	ctl_set_success(ctsio);
9461	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9462	ctsio->be_move_done = ctl_config_move_done;
9463	ctl_datamove((union ctl_io *)ctsio);
9464	return (retval);
9465}
9466
9467int
9468ctl_request_sense(struct ctl_scsiio *ctsio)
9469{
9470	struct scsi_request_sense *cdb;
9471	struct scsi_sense_data *sense_ptr;
9472	struct ctl_lun *lun;
9473	uint32_t initidx;
9474	int have_error;
9475	scsi_sense_data_type sense_format;
9476	ctl_ua_type ua_type;
9477
9478	cdb = (struct scsi_request_sense *)ctsio->cdb;
9479
9480	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9481
9482	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9483
9484	/*
9485	 * Determine which sense format the user wants.
9486	 */
9487	if (cdb->byte2 & SRS_DESC)
9488		sense_format = SSD_TYPE_DESC;
9489	else
9490		sense_format = SSD_TYPE_FIXED;
9491
9492	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9493	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9494	ctsio->kern_sg_entries = 0;
9495
9496	/*
9497	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9498	 * larger than the largest allowed value for the length field in the
9499	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9500	 */
9501	ctsio->residual = 0;
9502	ctsio->kern_data_len = cdb->length;
9503	ctsio->kern_total_len = cdb->length;
9504
9505	ctsio->kern_data_resid = 0;
9506	ctsio->kern_rel_offset = 0;
9507	ctsio->kern_sg_entries = 0;
9508
9509	/*
9510	 * If we don't have a LUN, we don't have any pending sense.
9511	 */
9512	if (lun == NULL)
9513		goto no_sense;
9514
9515	have_error = 0;
9516	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9517	/*
9518	 * Check for pending sense, and then for pending unit attentions.
9519	 * Pending sense gets returned first, then pending unit attentions.
9520	 */
9521	mtx_lock(&lun->lun_lock);
9522#ifdef CTL_WITH_CA
9523	if (ctl_is_set(lun->have_ca, initidx)) {
9524		scsi_sense_data_type stored_format;
9525
9526		/*
9527		 * Check to see which sense format was used for the stored
9528		 * sense data.
9529		 */
9530		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9531
9532		/*
9533		 * If the user requested a different sense format than the
9534		 * one we stored, then we need to convert it to the other
9535		 * format.  If we're going from descriptor to fixed format
9536		 * sense data, we may lose things in translation, depending
9537		 * on what options were used.
9538		 *
9539		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9540		 * for some reason we'll just copy it out as-is.
9541		 */
9542		if ((stored_format == SSD_TYPE_FIXED)
9543		 && (sense_format == SSD_TYPE_DESC))
9544			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9545			    &lun->pending_sense[initidx],
9546			    (struct scsi_sense_data_desc *)sense_ptr);
9547		else if ((stored_format == SSD_TYPE_DESC)
9548		      && (sense_format == SSD_TYPE_FIXED))
9549			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9550			    &lun->pending_sense[initidx],
9551			    (struct scsi_sense_data_fixed *)sense_ptr);
9552		else
9553			memcpy(sense_ptr, &lun->pending_sense[initidx],
9554			       ctl_min(sizeof(*sense_ptr),
9555			       sizeof(lun->pending_sense[initidx])));
9556
9557		ctl_clear_mask(lun->have_ca, initidx);
9558		have_error = 1;
9559	} else
9560#endif
9561	{
9562		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9563		if (ua_type != CTL_UA_NONE)
9564			have_error = 1;
9565	}
9566	mtx_unlock(&lun->lun_lock);
9567
9568	/*
9569	 * We already have a pending error, return it.
9570	 */
9571	if (have_error != 0) {
9572		/*
9573		 * We report the SCSI status as OK, since the status of the
9574		 * request sense command itself is OK.
9575		 * We report 0 for the sense length, because we aren't doing
9576		 * autosense in this case.  We're reporting sense as
9577		 * parameter data.
9578		 */
9579		ctl_set_success(ctsio);
9580		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9581		ctsio->be_move_done = ctl_config_move_done;
9582		ctl_datamove((union ctl_io *)ctsio);
9583		return (CTL_RETVAL_COMPLETE);
9584	}
9585
9586no_sense:
9587
9588	/*
9589	 * No sense information to report, so we report that everything is
9590	 * okay.
9591	 */
9592	ctl_set_sense_data(sense_ptr,
9593			   lun,
9594			   sense_format,
9595			   /*current_error*/ 1,
9596			   /*sense_key*/ SSD_KEY_NO_SENSE,
9597			   /*asc*/ 0x00,
9598			   /*ascq*/ 0x00,
9599			   SSD_ELEM_NONE);
9600
9601	/*
9602	 * We report 0 for the sense length, because we aren't doing
9603	 * autosense in this case.  We're reporting sense as parameter data.
9604	 */
9605	ctl_set_success(ctsio);
9606	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9607	ctsio->be_move_done = ctl_config_move_done;
9608	ctl_datamove((union ctl_io *)ctsio);
9609	return (CTL_RETVAL_COMPLETE);
9610}
9611
9612int
9613ctl_tur(struct ctl_scsiio *ctsio)
9614{
9615
9616	CTL_DEBUG_PRINT(("ctl_tur\n"));
9617
9618	ctl_set_success(ctsio);
9619	ctl_done((union ctl_io *)ctsio);
9620
9621	return (CTL_RETVAL_COMPLETE);
9622}
9623
9624#ifdef notyet
9625static int
9626ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9627{
9628
9629}
9630#endif
9631
9632static int
9633ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9634{
9635	struct scsi_vpd_supported_pages *pages;
9636	int sup_page_size;
9637	struct ctl_lun *lun;
9638
9639	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9640
9641	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9642	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9643	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9644	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9645	ctsio->kern_sg_entries = 0;
9646
9647	if (sup_page_size < alloc_len) {
9648		ctsio->residual = alloc_len - sup_page_size;
9649		ctsio->kern_data_len = sup_page_size;
9650		ctsio->kern_total_len = sup_page_size;
9651	} else {
9652		ctsio->residual = 0;
9653		ctsio->kern_data_len = alloc_len;
9654		ctsio->kern_total_len = alloc_len;
9655	}
9656	ctsio->kern_data_resid = 0;
9657	ctsio->kern_rel_offset = 0;
9658	ctsio->kern_sg_entries = 0;
9659
9660	/*
9661	 * The control device is always connected.  The disk device, on the
9662	 * other hand, may not be online all the time.  Need to change this
9663	 * to figure out whether the disk device is actually online or not.
9664	 */
9665	if (lun != NULL)
9666		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9667				lun->be_lun->lun_type;
9668	else
9669		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9670
9671	pages->length = SCSI_EVPD_NUM_SUPPORTED_PAGES;
9672	/* Supported VPD pages */
9673	pages->page_list[0] = SVPD_SUPPORTED_PAGES;
9674	/* Serial Number */
9675	pages->page_list[1] = SVPD_UNIT_SERIAL_NUMBER;
9676	/* Device Identification */
9677	pages->page_list[2] = SVPD_DEVICE_ID;
9678	/* Extended INQUIRY Data */
9679	pages->page_list[3] = SVPD_EXTENDED_INQUIRY_DATA;
9680	/* Mode Page Policy */
9681	pages->page_list[4] = SVPD_MODE_PAGE_POLICY;
9682	/* SCSI Ports */
9683	pages->page_list[5] = SVPD_SCSI_PORTS;
9684	/* Third-party Copy */
9685	pages->page_list[6] = SVPD_SCSI_TPC;
9686	/* Block limits */
9687	pages->page_list[7] = SVPD_BLOCK_LIMITS;
9688	/* Block Device Characteristics */
9689	pages->page_list[8] = SVPD_BDC;
9690	/* Logical Block Provisioning */
9691	pages->page_list[9] = SVPD_LBP;
9692
9693	ctl_set_success(ctsio);
9694	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9695	ctsio->be_move_done = ctl_config_move_done;
9696	ctl_datamove((union ctl_io *)ctsio);
9697	return (CTL_RETVAL_COMPLETE);
9698}
9699
9700static int
9701ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9702{
9703	struct scsi_vpd_unit_serial_number *sn_ptr;
9704	struct ctl_lun *lun;
9705	int data_len;
9706
9707	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9708
9709	data_len = 4 + CTL_SN_LEN;
9710	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9711	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9712	if (data_len < alloc_len) {
9713		ctsio->residual = alloc_len - data_len;
9714		ctsio->kern_data_len = data_len;
9715		ctsio->kern_total_len = data_len;
9716	} else {
9717		ctsio->residual = 0;
9718		ctsio->kern_data_len = alloc_len;
9719		ctsio->kern_total_len = alloc_len;
9720	}
9721	ctsio->kern_data_resid = 0;
9722	ctsio->kern_rel_offset = 0;
9723	ctsio->kern_sg_entries = 0;
9724
9725	/*
9726	 * The control device is always connected.  The disk device, on the
9727	 * other hand, may not be online all the time.  Need to change this
9728	 * to figure out whether the disk device is actually online or not.
9729	 */
9730	if (lun != NULL)
9731		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9732				  lun->be_lun->lun_type;
9733	else
9734		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9735
9736	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9737	sn_ptr->length = CTL_SN_LEN;
9738	/*
9739	 * If we don't have a LUN, we just leave the serial number as
9740	 * all spaces.
9741	 */
9742	if (lun != NULL) {
9743		strncpy((char *)sn_ptr->serial_num,
9744			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9745	} else
9746		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9747
9748	ctl_set_success(ctsio);
9749	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9750	ctsio->be_move_done = ctl_config_move_done;
9751	ctl_datamove((union ctl_io *)ctsio);
9752	return (CTL_RETVAL_COMPLETE);
9753}
9754
9755
9756static int
9757ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9758{
9759	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9760	struct ctl_lun *lun;
9761	int data_len;
9762
9763	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9764
9765	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9766	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9767	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9768	ctsio->kern_sg_entries = 0;
9769
9770	if (data_len < alloc_len) {
9771		ctsio->residual = alloc_len - data_len;
9772		ctsio->kern_data_len = data_len;
9773		ctsio->kern_total_len = data_len;
9774	} else {
9775		ctsio->residual = 0;
9776		ctsio->kern_data_len = alloc_len;
9777		ctsio->kern_total_len = alloc_len;
9778	}
9779	ctsio->kern_data_resid = 0;
9780	ctsio->kern_rel_offset = 0;
9781	ctsio->kern_sg_entries = 0;
9782
9783	/*
9784	 * The control device is always connected.  The disk device, on the
9785	 * other hand, may not be online all the time.
9786	 */
9787	if (lun != NULL)
9788		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9789				     lun->be_lun->lun_type;
9790	else
9791		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9792	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9793	eid_ptr->page_length = data_len - 4;
9794	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9795	eid_ptr->flags3 = SVPD_EID_V_SUP;
9796
9797	ctl_set_success(ctsio);
9798	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9799	ctsio->be_move_done = ctl_config_move_done;
9800	ctl_datamove((union ctl_io *)ctsio);
9801	return (CTL_RETVAL_COMPLETE);
9802}
9803
9804static int
9805ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9806{
9807	struct scsi_vpd_mode_page_policy *mpp_ptr;
9808	struct ctl_lun *lun;
9809	int data_len;
9810
9811	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9812
9813	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9814	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9815
9816	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9817	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9818	ctsio->kern_sg_entries = 0;
9819
9820	if (data_len < alloc_len) {
9821		ctsio->residual = alloc_len - data_len;
9822		ctsio->kern_data_len = data_len;
9823		ctsio->kern_total_len = data_len;
9824	} else {
9825		ctsio->residual = 0;
9826		ctsio->kern_data_len = alloc_len;
9827		ctsio->kern_total_len = alloc_len;
9828	}
9829	ctsio->kern_data_resid = 0;
9830	ctsio->kern_rel_offset = 0;
9831	ctsio->kern_sg_entries = 0;
9832
9833	/*
9834	 * The control device is always connected.  The disk device, on the
9835	 * other hand, may not be online all the time.
9836	 */
9837	if (lun != NULL)
9838		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9839				     lun->be_lun->lun_type;
9840	else
9841		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9842	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9843	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9844	mpp_ptr->descr[0].page_code = 0x3f;
9845	mpp_ptr->descr[0].subpage_code = 0xff;
9846	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9847
9848	ctl_set_success(ctsio);
9849	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9850	ctsio->be_move_done = ctl_config_move_done;
9851	ctl_datamove((union ctl_io *)ctsio);
9852	return (CTL_RETVAL_COMPLETE);
9853}
9854
9855static int
9856ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9857{
9858	struct scsi_vpd_device_id *devid_ptr;
9859	struct scsi_vpd_id_descriptor *desc;
9860	struct ctl_softc *ctl_softc;
9861	struct ctl_lun *lun;
9862	struct ctl_port *port;
9863	int data_len;
9864	uint8_t proto;
9865
9866	ctl_softc = control_softc;
9867
9868	port = ctl_softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9869	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9870
9871	data_len = sizeof(struct scsi_vpd_device_id) +
9872	    sizeof(struct scsi_vpd_id_descriptor) +
9873		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9874	    sizeof(struct scsi_vpd_id_descriptor) +
9875		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9876	if (lun && lun->lun_devid)
9877		data_len += lun->lun_devid->len;
9878	if (port->port_devid)
9879		data_len += port->port_devid->len;
9880	if (port->target_devid)
9881		data_len += port->target_devid->len;
9882
9883	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9884	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9885	ctsio->kern_sg_entries = 0;
9886
9887	if (data_len < alloc_len) {
9888		ctsio->residual = alloc_len - data_len;
9889		ctsio->kern_data_len = data_len;
9890		ctsio->kern_total_len = data_len;
9891	} else {
9892		ctsio->residual = 0;
9893		ctsio->kern_data_len = alloc_len;
9894		ctsio->kern_total_len = alloc_len;
9895	}
9896	ctsio->kern_data_resid = 0;
9897	ctsio->kern_rel_offset = 0;
9898	ctsio->kern_sg_entries = 0;
9899
9900	/*
9901	 * The control device is always connected.  The disk device, on the
9902	 * other hand, may not be online all the time.
9903	 */
9904	if (lun != NULL)
9905		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9906				     lun->be_lun->lun_type;
9907	else
9908		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9909	devid_ptr->page_code = SVPD_DEVICE_ID;
9910	scsi_ulto2b(data_len - 4, devid_ptr->length);
9911
9912	if (port->port_type == CTL_PORT_FC)
9913		proto = SCSI_PROTO_FC << 4;
9914	else if (port->port_type == CTL_PORT_ISCSI)
9915		proto = SCSI_PROTO_ISCSI << 4;
9916	else
9917		proto = SCSI_PROTO_SPI << 4;
9918	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9919
9920	/*
9921	 * We're using a LUN association here.  i.e., this device ID is a
9922	 * per-LUN identifier.
9923	 */
9924	if (lun && lun->lun_devid) {
9925		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9926		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9927		    lun->lun_devid->len);
9928	}
9929
9930	/*
9931	 * This is for the WWPN which is a port association.
9932	 */
9933	if (port->port_devid) {
9934		memcpy(desc, port->port_devid->data, port->port_devid->len);
9935		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9936		    port->port_devid->len);
9937	}
9938
9939	/*
9940	 * This is for the Relative Target Port(type 4h) identifier
9941	 */
9942	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9943	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9944	    SVPD_ID_TYPE_RELTARG;
9945	desc->length = 4;
9946	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9947	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9948	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9949
9950	/*
9951	 * This is for the Target Port Group(type 5h) identifier
9952	 */
9953	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9954	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9955	    SVPD_ID_TYPE_TPORTGRP;
9956	desc->length = 4;
9957	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
9958	    &desc->identifier[2]);
9959	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9960	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9961
9962	/*
9963	 * This is for the Target identifier
9964	 */
9965	if (port->target_devid) {
9966		memcpy(desc, port->target_devid->data, port->target_devid->len);
9967	}
9968
9969	ctl_set_success(ctsio);
9970	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9971	ctsio->be_move_done = ctl_config_move_done;
9972	ctl_datamove((union ctl_io *)ctsio);
9973	return (CTL_RETVAL_COMPLETE);
9974}
9975
9976static int
9977ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9978{
9979	struct ctl_softc *softc = control_softc;
9980	struct scsi_vpd_scsi_ports *sp;
9981	struct scsi_vpd_port_designation *pd;
9982	struct scsi_vpd_port_designation_cont *pdc;
9983	struct ctl_lun *lun;
9984	struct ctl_port *port;
9985	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
9986	int num_target_port_groups;
9987
9988	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9989
9990	if (softc->is_single)
9991		num_target_port_groups = 1;
9992	else
9993		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
9994	num_target_ports = 0;
9995	iid_len = 0;
9996	id_len = 0;
9997	mtx_lock(&softc->ctl_lock);
9998	STAILQ_FOREACH(port, &softc->port_list, links) {
9999		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10000			continue;
10001		if (lun != NULL &&
10002		    ctl_map_lun_back(port->targ_port, lun->lun) >=
10003		    CTL_MAX_LUNS)
10004			continue;
10005		num_target_ports++;
10006		if (port->init_devid)
10007			iid_len += port->init_devid->len;
10008		if (port->port_devid)
10009			id_len += port->port_devid->len;
10010	}
10011	mtx_unlock(&softc->ctl_lock);
10012
10013	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
10014	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10015	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10016	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10017	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10018	ctsio->kern_sg_entries = 0;
10019
10020	if (data_len < alloc_len) {
10021		ctsio->residual = alloc_len - data_len;
10022		ctsio->kern_data_len = data_len;
10023		ctsio->kern_total_len = data_len;
10024	} else {
10025		ctsio->residual = 0;
10026		ctsio->kern_data_len = alloc_len;
10027		ctsio->kern_total_len = alloc_len;
10028	}
10029	ctsio->kern_data_resid = 0;
10030	ctsio->kern_rel_offset = 0;
10031	ctsio->kern_sg_entries = 0;
10032
10033	/*
10034	 * The control device is always connected.  The disk device, on the
10035	 * other hand, may not be online all the time.  Need to change this
10036	 * to figure out whether the disk device is actually online or not.
10037	 */
10038	if (lun != NULL)
10039		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10040				  lun->be_lun->lun_type;
10041	else
10042		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10043
10044	sp->page_code = SVPD_SCSI_PORTS;
10045	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10046	    sp->page_length);
10047	pd = &sp->design[0];
10048
10049	mtx_lock(&softc->ctl_lock);
10050	pg = softc->port_offset / CTL_MAX_PORTS;
10051	for (g = 0; g < num_target_port_groups; g++) {
10052		STAILQ_FOREACH(port, &softc->port_list, links) {
10053			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10054				continue;
10055			if (lun != NULL &&
10056			    ctl_map_lun_back(port->targ_port, lun->lun) >=
10057			    CTL_MAX_LUNS)
10058				continue;
10059			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
10060			scsi_ulto2b(p, pd->relative_port_id);
10061			if (port->init_devid && g == pg) {
10062				iid_len = port->init_devid->len;
10063				memcpy(pd->initiator_transportid,
10064				    port->init_devid->data, port->init_devid->len);
10065			} else
10066				iid_len = 0;
10067			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10068			pdc = (struct scsi_vpd_port_designation_cont *)
10069			    (&pd->initiator_transportid[iid_len]);
10070			if (port->port_devid && g == pg) {
10071				id_len = port->port_devid->len;
10072				memcpy(pdc->target_port_descriptors,
10073				    port->port_devid->data, port->port_devid->len);
10074			} else
10075				id_len = 0;
10076			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10077			pd = (struct scsi_vpd_port_designation *)
10078			    ((uint8_t *)pdc->target_port_descriptors + id_len);
10079		}
10080	}
10081	mtx_unlock(&softc->ctl_lock);
10082
10083	ctl_set_success(ctsio);
10084	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10085	ctsio->be_move_done = ctl_config_move_done;
10086	ctl_datamove((union ctl_io *)ctsio);
10087	return (CTL_RETVAL_COMPLETE);
10088}
10089
10090static int
10091ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10092{
10093	struct scsi_vpd_block_limits *bl_ptr;
10094	struct ctl_lun *lun;
10095	int bs;
10096
10097	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10098
10099	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10100	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10101	ctsio->kern_sg_entries = 0;
10102
10103	if (sizeof(*bl_ptr) < alloc_len) {
10104		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10105		ctsio->kern_data_len = sizeof(*bl_ptr);
10106		ctsio->kern_total_len = sizeof(*bl_ptr);
10107	} else {
10108		ctsio->residual = 0;
10109		ctsio->kern_data_len = alloc_len;
10110		ctsio->kern_total_len = alloc_len;
10111	}
10112	ctsio->kern_data_resid = 0;
10113	ctsio->kern_rel_offset = 0;
10114	ctsio->kern_sg_entries = 0;
10115
10116	/*
10117	 * The control device is always connected.  The disk device, on the
10118	 * other hand, may not be online all the time.  Need to change this
10119	 * to figure out whether the disk device is actually online or not.
10120	 */
10121	if (lun != NULL)
10122		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10123				  lun->be_lun->lun_type;
10124	else
10125		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10126
10127	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10128	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10129	bl_ptr->max_cmp_write_len = 0xff;
10130	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10131	if (lun != NULL) {
10132		bs = lun->be_lun->blocksize;
10133		scsi_ulto4b(MAXPHYS / bs, bl_ptr->opt_txfer_len);
10134		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10135			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10136			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10137			if (lun->be_lun->pblockexp != 0) {
10138				scsi_ulto4b((1 << lun->be_lun->pblockexp),
10139				    bl_ptr->opt_unmap_grain);
10140				scsi_ulto4b(0x80000000 | lun->be_lun->pblockoff,
10141				    bl_ptr->unmap_grain_align);
10142			}
10143		}
10144		scsi_ulto4b(lun->be_lun->atomicblock,
10145		    bl_ptr->max_atomic_transfer_length);
10146		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10147		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10148	}
10149	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10150
10151	ctl_set_success(ctsio);
10152	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10153	ctsio->be_move_done = ctl_config_move_done;
10154	ctl_datamove((union ctl_io *)ctsio);
10155	return (CTL_RETVAL_COMPLETE);
10156}
10157
10158static int
10159ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10160{
10161	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10162	struct ctl_lun *lun;
10163	const char *value;
10164	u_int i;
10165
10166	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10167
10168	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10169	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10170	ctsio->kern_sg_entries = 0;
10171
10172	if (sizeof(*bdc_ptr) < alloc_len) {
10173		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10174		ctsio->kern_data_len = sizeof(*bdc_ptr);
10175		ctsio->kern_total_len = sizeof(*bdc_ptr);
10176	} else {
10177		ctsio->residual = 0;
10178		ctsio->kern_data_len = alloc_len;
10179		ctsio->kern_total_len = alloc_len;
10180	}
10181	ctsio->kern_data_resid = 0;
10182	ctsio->kern_rel_offset = 0;
10183	ctsio->kern_sg_entries = 0;
10184
10185	/*
10186	 * The control device is always connected.  The disk device, on the
10187	 * other hand, may not be online all the time.  Need to change this
10188	 * to figure out whether the disk device is actually online or not.
10189	 */
10190	if (lun != NULL)
10191		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10192				  lun->be_lun->lun_type;
10193	else
10194		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10195	bdc_ptr->page_code = SVPD_BDC;
10196	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10197	if (lun != NULL &&
10198	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10199		i = strtol(value, NULL, 0);
10200	else
10201		i = CTL_DEFAULT_ROTATION_RATE;
10202	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10203	if (lun != NULL &&
10204	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10205		i = strtol(value, NULL, 0);
10206	else
10207		i = 0;
10208	bdc_ptr->wab_wac_ff = (i & 0x0f);
10209	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10210
10211	ctl_set_success(ctsio);
10212	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10213	ctsio->be_move_done = ctl_config_move_done;
10214	ctl_datamove((union ctl_io *)ctsio);
10215	return (CTL_RETVAL_COMPLETE);
10216}
10217
10218static int
10219ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10220{
10221	struct scsi_vpd_logical_block_prov *lbp_ptr;
10222	struct ctl_lun *lun;
10223
10224	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10225
10226	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10227	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10228	ctsio->kern_sg_entries = 0;
10229
10230	if (sizeof(*lbp_ptr) < alloc_len) {
10231		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10232		ctsio->kern_data_len = sizeof(*lbp_ptr);
10233		ctsio->kern_total_len = sizeof(*lbp_ptr);
10234	} else {
10235		ctsio->residual = 0;
10236		ctsio->kern_data_len = alloc_len;
10237		ctsio->kern_total_len = alloc_len;
10238	}
10239	ctsio->kern_data_resid = 0;
10240	ctsio->kern_rel_offset = 0;
10241	ctsio->kern_sg_entries = 0;
10242
10243	/*
10244	 * The control device is always connected.  The disk device, on the
10245	 * other hand, may not be online all the time.  Need to change this
10246	 * to figure out whether the disk device is actually online or not.
10247	 */
10248	if (lun != NULL)
10249		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10250				  lun->be_lun->lun_type;
10251	else
10252		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10253
10254	lbp_ptr->page_code = SVPD_LBP;
10255	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10256	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10257		lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10258		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10259		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10260		lbp_ptr->prov_type = SVPD_LBP_THIN;
10261	}
10262
10263	ctl_set_success(ctsio);
10264	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10265	ctsio->be_move_done = ctl_config_move_done;
10266	ctl_datamove((union ctl_io *)ctsio);
10267	return (CTL_RETVAL_COMPLETE);
10268}
10269
10270static int
10271ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10272{
10273	struct scsi_inquiry *cdb;
10274	int alloc_len, retval;
10275
10276	cdb = (struct scsi_inquiry *)ctsio->cdb;
10277
10278	retval = CTL_RETVAL_COMPLETE;
10279
10280	alloc_len = scsi_2btoul(cdb->length);
10281
10282	switch (cdb->page_code) {
10283	case SVPD_SUPPORTED_PAGES:
10284		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10285		break;
10286	case SVPD_UNIT_SERIAL_NUMBER:
10287		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10288		break;
10289	case SVPD_DEVICE_ID:
10290		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10291		break;
10292	case SVPD_EXTENDED_INQUIRY_DATA:
10293		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10294		break;
10295	case SVPD_MODE_PAGE_POLICY:
10296		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10297		break;
10298	case SVPD_SCSI_PORTS:
10299		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10300		break;
10301	case SVPD_SCSI_TPC:
10302		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10303		break;
10304	case SVPD_BLOCK_LIMITS:
10305		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10306		break;
10307	case SVPD_BDC:
10308		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10309		break;
10310	case SVPD_LBP:
10311		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10312		break;
10313	default:
10314		ctl_set_invalid_field(ctsio,
10315				      /*sks_valid*/ 1,
10316				      /*command*/ 1,
10317				      /*field*/ 2,
10318				      /*bit_valid*/ 0,
10319				      /*bit*/ 0);
10320		ctl_done((union ctl_io *)ctsio);
10321		retval = CTL_RETVAL_COMPLETE;
10322		break;
10323	}
10324
10325	return (retval);
10326}
10327
10328static int
10329ctl_inquiry_std(struct ctl_scsiio *ctsio)
10330{
10331	struct scsi_inquiry_data *inq_ptr;
10332	struct scsi_inquiry *cdb;
10333	struct ctl_softc *ctl_softc;
10334	struct ctl_lun *lun;
10335	char *val;
10336	uint32_t alloc_len, data_len;
10337	ctl_port_type port_type;
10338
10339	ctl_softc = control_softc;
10340
10341	/*
10342	 * Figure out whether we're talking to a Fibre Channel port or not.
10343	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10344	 * SCSI front ends.
10345	 */
10346	port_type = ctl_softc->ctl_ports[
10347	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
10348	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10349		port_type = CTL_PORT_SCSI;
10350
10351	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10352	cdb = (struct scsi_inquiry *)ctsio->cdb;
10353	alloc_len = scsi_2btoul(cdb->length);
10354
10355	/*
10356	 * We malloc the full inquiry data size here and fill it
10357	 * in.  If the user only asks for less, we'll give him
10358	 * that much.
10359	 */
10360	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10361	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10362	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10363	ctsio->kern_sg_entries = 0;
10364	ctsio->kern_data_resid = 0;
10365	ctsio->kern_rel_offset = 0;
10366
10367	if (data_len < alloc_len) {
10368		ctsio->residual = alloc_len - data_len;
10369		ctsio->kern_data_len = data_len;
10370		ctsio->kern_total_len = data_len;
10371	} else {
10372		ctsio->residual = 0;
10373		ctsio->kern_data_len = alloc_len;
10374		ctsio->kern_total_len = alloc_len;
10375	}
10376
10377	/*
10378	 * If we have a LUN configured, report it as connected.  Otherwise,
10379	 * report that it is offline or no device is supported, depending
10380	 * on the value of inquiry_pq_no_lun.
10381	 *
10382	 * According to the spec (SPC-4 r34), the peripheral qualifier
10383	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
10384	 *
10385	 * "A peripheral device having the specified peripheral device type
10386	 * is not connected to this logical unit. However, the device
10387	 * server is capable of supporting the specified peripheral device
10388	 * type on this logical unit."
10389	 *
10390	 * According to the same spec, the peripheral qualifier
10391	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
10392	 *
10393	 * "The device server is not capable of supporting a peripheral
10394	 * device on this logical unit. For this peripheral qualifier the
10395	 * peripheral device type shall be set to 1Fh. All other peripheral
10396	 * device type values are reserved for this peripheral qualifier."
10397	 *
10398	 * Given the text, it would seem that we probably want to report that
10399	 * the LUN is offline here.  There is no LUN connected, but we can
10400	 * support a LUN at the given LUN number.
10401	 *
10402	 * In the real world, though, it sounds like things are a little
10403	 * different:
10404	 *
10405	 * - Linux, when presented with a LUN with the offline peripheral
10406	 *   qualifier, will create an sg driver instance for it.  So when
10407	 *   you attach it to CTL, you wind up with a ton of sg driver
10408	 *   instances.  (One for every LUN that Linux bothered to probe.)
10409	 *   Linux does this despite the fact that it issues a REPORT LUNs
10410	 *   to LUN 0 to get the inventory of supported LUNs.
10411	 *
10412	 * - There is other anecdotal evidence (from Emulex folks) about
10413	 *   arrays that use the offline peripheral qualifier for LUNs that
10414	 *   are on the "passive" path in an active/passive array.
10415	 *
10416	 * So the solution is provide a hopefully reasonable default
10417	 * (return bad/no LUN) and allow the user to change the behavior
10418	 * with a tunable/sysctl variable.
10419	 */
10420	if (lun != NULL)
10421		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10422				  lun->be_lun->lun_type;
10423	else if (ctl_softc->inquiry_pq_no_lun == 0)
10424		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10425	else
10426		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10427
10428	/* RMB in byte 2 is 0 */
10429	inq_ptr->version = SCSI_REV_SPC4;
10430
10431	/*
10432	 * According to SAM-3, even if a device only supports a single
10433	 * level of LUN addressing, it should still set the HISUP bit:
10434	 *
10435	 * 4.9.1 Logical unit numbers overview
10436	 *
10437	 * All logical unit number formats described in this standard are
10438	 * hierarchical in structure even when only a single level in that
10439	 * hierarchy is used. The HISUP bit shall be set to one in the
10440	 * standard INQUIRY data (see SPC-2) when any logical unit number
10441	 * format described in this standard is used.  Non-hierarchical
10442	 * formats are outside the scope of this standard.
10443	 *
10444	 * Therefore we set the HiSup bit here.
10445	 *
10446	 * The reponse format is 2, per SPC-3.
10447	 */
10448	inq_ptr->response_format = SID_HiSup | 2;
10449
10450	inq_ptr->additional_length = data_len -
10451	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10452	CTL_DEBUG_PRINT(("additional_length = %d\n",
10453			 inq_ptr->additional_length));
10454
10455	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10456	/* 16 bit addressing */
10457	if (port_type == CTL_PORT_SCSI)
10458		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10459	/* XXX set the SID_MultiP bit here if we're actually going to
10460	   respond on multiple ports */
10461	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10462
10463	/* 16 bit data bus, synchronous transfers */
10464	if (port_type == CTL_PORT_SCSI)
10465		inq_ptr->flags = SID_WBus16 | SID_Sync;
10466	/*
10467	 * XXX KDM do we want to support tagged queueing on the control
10468	 * device at all?
10469	 */
10470	if ((lun == NULL)
10471	 || (lun->be_lun->lun_type != T_PROCESSOR))
10472		inq_ptr->flags |= SID_CmdQue;
10473	/*
10474	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10475	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10476	 * name and 4 bytes for the revision.
10477	 */
10478	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10479	    "vendor")) == NULL) {
10480		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10481	} else {
10482		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10483		strncpy(inq_ptr->vendor, val,
10484		    min(sizeof(inq_ptr->vendor), strlen(val)));
10485	}
10486	if (lun == NULL) {
10487		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10488		    sizeof(inq_ptr->product));
10489	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10490		switch (lun->be_lun->lun_type) {
10491		case T_DIRECT:
10492			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10493			    sizeof(inq_ptr->product));
10494			break;
10495		case T_PROCESSOR:
10496			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10497			    sizeof(inq_ptr->product));
10498			break;
10499		default:
10500			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10501			    sizeof(inq_ptr->product));
10502			break;
10503		}
10504	} else {
10505		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10506		strncpy(inq_ptr->product, val,
10507		    min(sizeof(inq_ptr->product), strlen(val)));
10508	}
10509
10510	/*
10511	 * XXX make this a macro somewhere so it automatically gets
10512	 * incremented when we make changes.
10513	 */
10514	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10515	    "revision")) == NULL) {
10516		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10517	} else {
10518		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10519		strncpy(inq_ptr->revision, val,
10520		    min(sizeof(inq_ptr->revision), strlen(val)));
10521	}
10522
10523	/*
10524	 * For parallel SCSI, we support double transition and single
10525	 * transition clocking.  We also support QAS (Quick Arbitration
10526	 * and Selection) and Information Unit transfers on both the
10527	 * control and array devices.
10528	 */
10529	if (port_type == CTL_PORT_SCSI)
10530		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10531				    SID_SPI_IUS;
10532
10533	/* SAM-5 (no version claimed) */
10534	scsi_ulto2b(0x00A0, inq_ptr->version1);
10535	/* SPC-4 (no version claimed) */
10536	scsi_ulto2b(0x0460, inq_ptr->version2);
10537	if (port_type == CTL_PORT_FC) {
10538		/* FCP-2 ANSI INCITS.350:2003 */
10539		scsi_ulto2b(0x0917, inq_ptr->version3);
10540	} else if (port_type == CTL_PORT_SCSI) {
10541		/* SPI-4 ANSI INCITS.362:200x */
10542		scsi_ulto2b(0x0B56, inq_ptr->version3);
10543	} else if (port_type == CTL_PORT_ISCSI) {
10544		/* iSCSI (no version claimed) */
10545		scsi_ulto2b(0x0960, inq_ptr->version3);
10546	} else if (port_type == CTL_PORT_SAS) {
10547		/* SAS (no version claimed) */
10548		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10549	}
10550
10551	if (lun == NULL) {
10552		/* SBC-4 (no version claimed) */
10553		scsi_ulto2b(0x0600, inq_ptr->version4);
10554	} else {
10555		switch (lun->be_lun->lun_type) {
10556		case T_DIRECT:
10557			/* SBC-4 (no version claimed) */
10558			scsi_ulto2b(0x0600, inq_ptr->version4);
10559			break;
10560		case T_PROCESSOR:
10561		default:
10562			break;
10563		}
10564	}
10565
10566	ctl_set_success(ctsio);
10567	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10568	ctsio->be_move_done = ctl_config_move_done;
10569	ctl_datamove((union ctl_io *)ctsio);
10570	return (CTL_RETVAL_COMPLETE);
10571}
10572
10573int
10574ctl_inquiry(struct ctl_scsiio *ctsio)
10575{
10576	struct scsi_inquiry *cdb;
10577	int retval;
10578
10579	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10580
10581	cdb = (struct scsi_inquiry *)ctsio->cdb;
10582	if (cdb->byte2 & SI_EVPD)
10583		retval = ctl_inquiry_evpd(ctsio);
10584	else if (cdb->page_code == 0)
10585		retval = ctl_inquiry_std(ctsio);
10586	else {
10587		ctl_set_invalid_field(ctsio,
10588				      /*sks_valid*/ 1,
10589				      /*command*/ 1,
10590				      /*field*/ 2,
10591				      /*bit_valid*/ 0,
10592				      /*bit*/ 0);
10593		ctl_done((union ctl_io *)ctsio);
10594		return (CTL_RETVAL_COMPLETE);
10595	}
10596
10597	return (retval);
10598}
10599
10600/*
10601 * For known CDB types, parse the LBA and length.
10602 */
10603static int
10604ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10605{
10606	if (io->io_hdr.io_type != CTL_IO_SCSI)
10607		return (1);
10608
10609	switch (io->scsiio.cdb[0]) {
10610	case COMPARE_AND_WRITE: {
10611		struct scsi_compare_and_write *cdb;
10612
10613		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10614
10615		*lba = scsi_8btou64(cdb->addr);
10616		*len = cdb->length;
10617		break;
10618	}
10619	case READ_6:
10620	case WRITE_6: {
10621		struct scsi_rw_6 *cdb;
10622
10623		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10624
10625		*lba = scsi_3btoul(cdb->addr);
10626		/* only 5 bits are valid in the most significant address byte */
10627		*lba &= 0x1fffff;
10628		*len = cdb->length;
10629		break;
10630	}
10631	case READ_10:
10632	case WRITE_10: {
10633		struct scsi_rw_10 *cdb;
10634
10635		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10636
10637		*lba = scsi_4btoul(cdb->addr);
10638		*len = scsi_2btoul(cdb->length);
10639		break;
10640	}
10641	case WRITE_VERIFY_10: {
10642		struct scsi_write_verify_10 *cdb;
10643
10644		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10645
10646		*lba = scsi_4btoul(cdb->addr);
10647		*len = scsi_2btoul(cdb->length);
10648		break;
10649	}
10650	case READ_12:
10651	case WRITE_12: {
10652		struct scsi_rw_12 *cdb;
10653
10654		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10655
10656		*lba = scsi_4btoul(cdb->addr);
10657		*len = scsi_4btoul(cdb->length);
10658		break;
10659	}
10660	case WRITE_VERIFY_12: {
10661		struct scsi_write_verify_12 *cdb;
10662
10663		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10664
10665		*lba = scsi_4btoul(cdb->addr);
10666		*len = scsi_4btoul(cdb->length);
10667		break;
10668	}
10669	case READ_16:
10670	case WRITE_16:
10671	case WRITE_ATOMIC_16: {
10672		struct scsi_rw_16 *cdb;
10673
10674		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10675
10676		*lba = scsi_8btou64(cdb->addr);
10677		*len = scsi_4btoul(cdb->length);
10678		break;
10679	}
10680	case WRITE_VERIFY_16: {
10681		struct scsi_write_verify_16 *cdb;
10682
10683		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10684
10685		*lba = scsi_8btou64(cdb->addr);
10686		*len = scsi_4btoul(cdb->length);
10687		break;
10688	}
10689	case WRITE_SAME_10: {
10690		struct scsi_write_same_10 *cdb;
10691
10692		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10693
10694		*lba = scsi_4btoul(cdb->addr);
10695		*len = scsi_2btoul(cdb->length);
10696		break;
10697	}
10698	case WRITE_SAME_16: {
10699		struct scsi_write_same_16 *cdb;
10700
10701		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10702
10703		*lba = scsi_8btou64(cdb->addr);
10704		*len = scsi_4btoul(cdb->length);
10705		break;
10706	}
10707	case VERIFY_10: {
10708		struct scsi_verify_10 *cdb;
10709
10710		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10711
10712		*lba = scsi_4btoul(cdb->addr);
10713		*len = scsi_2btoul(cdb->length);
10714		break;
10715	}
10716	case VERIFY_12: {
10717		struct scsi_verify_12 *cdb;
10718
10719		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10720
10721		*lba = scsi_4btoul(cdb->addr);
10722		*len = scsi_4btoul(cdb->length);
10723		break;
10724	}
10725	case VERIFY_16: {
10726		struct scsi_verify_16 *cdb;
10727
10728		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10729
10730		*lba = scsi_8btou64(cdb->addr);
10731		*len = scsi_4btoul(cdb->length);
10732		break;
10733	}
10734	case UNMAP: {
10735		*lba = 0;
10736		*len = UINT64_MAX;
10737		break;
10738	}
10739	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10740		struct scsi_get_lba_status *cdb;
10741
10742		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10743		*lba = scsi_8btou64(cdb->addr);
10744		*len = UINT32_MAX;
10745		break;
10746	}
10747	default:
10748		return (1);
10749		break; /* NOTREACHED */
10750	}
10751
10752	return (0);
10753}
10754
10755static ctl_action
10756ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2)
10757{
10758	uint64_t endlba1, endlba2;
10759
10760	endlba1 = lba1 + len1 - 1;
10761	endlba2 = lba2 + len2 - 1;
10762
10763	if ((endlba1 < lba2)
10764	 || (endlba2 < lba1))
10765		return (CTL_ACTION_PASS);
10766	else
10767		return (CTL_ACTION_BLOCK);
10768}
10769
10770static int
10771ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10772{
10773	struct ctl_ptr_len_flags *ptrlen;
10774	struct scsi_unmap_desc *buf, *end, *range;
10775	uint64_t lba;
10776	uint32_t len;
10777
10778	/* If not UNMAP -- go other way. */
10779	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10780	    io->scsiio.cdb[0] != UNMAP)
10781		return (CTL_ACTION_ERROR);
10782
10783	/* If UNMAP without data -- block and wait for data. */
10784	ptrlen = (struct ctl_ptr_len_flags *)
10785	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10786	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10787	    ptrlen->ptr == NULL)
10788		return (CTL_ACTION_BLOCK);
10789
10790	/* UNMAP with data -- check for collision. */
10791	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10792	end = buf + ptrlen->len / sizeof(*buf);
10793	for (range = buf; range < end; range++) {
10794		lba = scsi_8btou64(range->lba);
10795		len = scsi_4btoul(range->length);
10796		if ((lba < lba2 + len2) && (lba + len > lba2))
10797			return (CTL_ACTION_BLOCK);
10798	}
10799	return (CTL_ACTION_PASS);
10800}
10801
10802static ctl_action
10803ctl_extent_check(union ctl_io *io1, union ctl_io *io2)
10804{
10805	uint64_t lba1, lba2;
10806	uint64_t len1, len2;
10807	int retval;
10808
10809	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10810		return (CTL_ACTION_ERROR);
10811
10812	retval = ctl_extent_check_unmap(io2, lba1, len1);
10813	if (retval != CTL_ACTION_ERROR)
10814		return (retval);
10815
10816	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10817		return (CTL_ACTION_ERROR);
10818
10819	return (ctl_extent_check_lba(lba1, len1, lba2, len2));
10820}
10821
10822static ctl_action
10823ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10824    union ctl_io *ooa_io)
10825{
10826	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10827	ctl_serialize_action *serialize_row;
10828
10829	/*
10830	 * The initiator attempted multiple untagged commands at the same
10831	 * time.  Can't do that.
10832	 */
10833	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10834	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10835	 && ((pending_io->io_hdr.nexus.targ_port ==
10836	      ooa_io->io_hdr.nexus.targ_port)
10837	  && (pending_io->io_hdr.nexus.initid.id ==
10838	      ooa_io->io_hdr.nexus.initid.id))
10839	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10840		return (CTL_ACTION_OVERLAP);
10841
10842	/*
10843	 * The initiator attempted to send multiple tagged commands with
10844	 * the same ID.  (It's fine if different initiators have the same
10845	 * tag ID.)
10846	 *
10847	 * Even if all of those conditions are true, we don't kill the I/O
10848	 * if the command ahead of us has been aborted.  We won't end up
10849	 * sending it to the FETD, and it's perfectly legal to resend a
10850	 * command with the same tag number as long as the previous
10851	 * instance of this tag number has been aborted somehow.
10852	 */
10853	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10854	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10855	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10856	 && ((pending_io->io_hdr.nexus.targ_port ==
10857	      ooa_io->io_hdr.nexus.targ_port)
10858	  && (pending_io->io_hdr.nexus.initid.id ==
10859	      ooa_io->io_hdr.nexus.initid.id))
10860	 && ((ooa_io->io_hdr.flags & CTL_FLAG_ABORT) == 0))
10861		return (CTL_ACTION_OVERLAP_TAG);
10862
10863	/*
10864	 * If we get a head of queue tag, SAM-3 says that we should
10865	 * immediately execute it.
10866	 *
10867	 * What happens if this command would normally block for some other
10868	 * reason?  e.g. a request sense with a head of queue tag
10869	 * immediately after a write.  Normally that would block, but this
10870	 * will result in its getting executed immediately...
10871	 *
10872	 * We currently return "pass" instead of "skip", so we'll end up
10873	 * going through the rest of the queue to check for overlapped tags.
10874	 *
10875	 * XXX KDM check for other types of blockage first??
10876	 */
10877	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10878		return (CTL_ACTION_PASS);
10879
10880	/*
10881	 * Ordered tags have to block until all items ahead of them
10882	 * have completed.  If we get called with an ordered tag, we always
10883	 * block, if something else is ahead of us in the queue.
10884	 */
10885	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10886		return (CTL_ACTION_BLOCK);
10887
10888	/*
10889	 * Simple tags get blocked until all head of queue and ordered tags
10890	 * ahead of them have completed.  I'm lumping untagged commands in
10891	 * with simple tags here.  XXX KDM is that the right thing to do?
10892	 */
10893	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10894	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10895	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10896	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10897		return (CTL_ACTION_BLOCK);
10898
10899	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10900	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10901
10902	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10903
10904	switch (serialize_row[pending_entry->seridx]) {
10905	case CTL_SER_BLOCK:
10906		return (CTL_ACTION_BLOCK);
10907	case CTL_SER_EXTENT:
10908		return (ctl_extent_check(pending_io, ooa_io));
10909	case CTL_SER_EXTENTOPT:
10910		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10911		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10912			return (ctl_extent_check(pending_io, ooa_io));
10913		/* FALLTHROUGH */
10914	case CTL_SER_PASS:
10915		return (CTL_ACTION_PASS);
10916	case CTL_SER_BLOCKOPT:
10917		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10918		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10919			return (CTL_ACTION_BLOCK);
10920		return (CTL_ACTION_PASS);
10921	case CTL_SER_SKIP:
10922		return (CTL_ACTION_SKIP);
10923	default:
10924		panic("invalid serialization value %d",
10925		      serialize_row[pending_entry->seridx]);
10926	}
10927
10928	return (CTL_ACTION_ERROR);
10929}
10930
10931/*
10932 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10933 * Assumptions:
10934 * - pending_io is generally either incoming, or on the blocked queue
10935 * - starting I/O is the I/O we want to start the check with.
10936 */
10937static ctl_action
10938ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10939	      union ctl_io *starting_io)
10940{
10941	union ctl_io *ooa_io;
10942	ctl_action action;
10943
10944	mtx_assert(&lun->lun_lock, MA_OWNED);
10945
10946	/*
10947	 * Run back along the OOA queue, starting with the current
10948	 * blocked I/O and going through every I/O before it on the
10949	 * queue.  If starting_io is NULL, we'll just end up returning
10950	 * CTL_ACTION_PASS.
10951	 */
10952	for (ooa_io = starting_io; ooa_io != NULL;
10953	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10954	     ooa_links)){
10955
10956		/*
10957		 * This routine just checks to see whether
10958		 * cur_blocked is blocked by ooa_io, which is ahead
10959		 * of it in the queue.  It doesn't queue/dequeue
10960		 * cur_blocked.
10961		 */
10962		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10963		switch (action) {
10964		case CTL_ACTION_BLOCK:
10965		case CTL_ACTION_OVERLAP:
10966		case CTL_ACTION_OVERLAP_TAG:
10967		case CTL_ACTION_SKIP:
10968		case CTL_ACTION_ERROR:
10969			return (action);
10970			break; /* NOTREACHED */
10971		case CTL_ACTION_PASS:
10972			break;
10973		default:
10974			panic("invalid action %d", action);
10975			break;  /* NOTREACHED */
10976		}
10977	}
10978
10979	return (CTL_ACTION_PASS);
10980}
10981
10982/*
10983 * Assumptions:
10984 * - An I/O has just completed, and has been removed from the per-LUN OOA
10985 *   queue, so some items on the blocked queue may now be unblocked.
10986 */
10987static int
10988ctl_check_blocked(struct ctl_lun *lun)
10989{
10990	union ctl_io *cur_blocked, *next_blocked;
10991
10992	mtx_assert(&lun->lun_lock, MA_OWNED);
10993
10994	/*
10995	 * Run forward from the head of the blocked queue, checking each
10996	 * entry against the I/Os prior to it on the OOA queue to see if
10997	 * there is still any blockage.
10998	 *
10999	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11000	 * with our removing a variable on it while it is traversing the
11001	 * list.
11002	 */
11003	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11004	     cur_blocked != NULL; cur_blocked = next_blocked) {
11005		union ctl_io *prev_ooa;
11006		ctl_action action;
11007
11008		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11009							  blocked_links);
11010
11011		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11012						      ctl_ooaq, ooa_links);
11013
11014		/*
11015		 * If cur_blocked happens to be the first item in the OOA
11016		 * queue now, prev_ooa will be NULL, and the action
11017		 * returned will just be CTL_ACTION_PASS.
11018		 */
11019		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11020
11021		switch (action) {
11022		case CTL_ACTION_BLOCK:
11023			/* Nothing to do here, still blocked */
11024			break;
11025		case CTL_ACTION_OVERLAP:
11026		case CTL_ACTION_OVERLAP_TAG:
11027			/*
11028			 * This shouldn't happen!  In theory we've already
11029			 * checked this command for overlap...
11030			 */
11031			break;
11032		case CTL_ACTION_PASS:
11033		case CTL_ACTION_SKIP: {
11034			struct ctl_softc *softc;
11035			const struct ctl_cmd_entry *entry;
11036			int isc_retval;
11037
11038			/*
11039			 * The skip case shouldn't happen, this transaction
11040			 * should have never made it onto the blocked queue.
11041			 */
11042			/*
11043			 * This I/O is no longer blocked, we can remove it
11044			 * from the blocked queue.  Since this is a TAILQ
11045			 * (doubly linked list), we can do O(1) removals
11046			 * from any place on the list.
11047			 */
11048			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11049				     blocked_links);
11050			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11051
11052			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
11053				/*
11054				 * Need to send IO back to original side to
11055				 * run
11056				 */
11057				union ctl_ha_msg msg_info;
11058
11059				msg_info.hdr.original_sc =
11060					cur_blocked->io_hdr.original_sc;
11061				msg_info.hdr.serializing_sc = cur_blocked;
11062				msg_info.hdr.msg_type = CTL_MSG_R2R;
11063				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11064				     &msg_info, sizeof(msg_info), 0)) >
11065				     CTL_HA_STATUS_SUCCESS) {
11066					printf("CTL:Check Blocked error from "
11067					       "ctl_ha_msg_send %d\n",
11068					       isc_retval);
11069				}
11070				break;
11071			}
11072			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11073			softc = control_softc;
11074
11075			/*
11076			 * Check this I/O for LUN state changes that may
11077			 * have happened while this command was blocked.
11078			 * The LUN state may have been changed by a command
11079			 * ahead of us in the queue, so we need to re-check
11080			 * for any states that can be caused by SCSI
11081			 * commands.
11082			 */
11083			if (ctl_scsiio_lun_check(softc, lun, entry,
11084						 &cur_blocked->scsiio) == 0) {
11085				cur_blocked->io_hdr.flags |=
11086				                      CTL_FLAG_IS_WAS_ON_RTR;
11087				ctl_enqueue_rtr(cur_blocked);
11088			} else
11089				ctl_done(cur_blocked);
11090			break;
11091		}
11092		default:
11093			/*
11094			 * This probably shouldn't happen -- we shouldn't
11095			 * get CTL_ACTION_ERROR, or anything else.
11096			 */
11097			break;
11098		}
11099	}
11100
11101	return (CTL_RETVAL_COMPLETE);
11102}
11103
11104/*
11105 * This routine (with one exception) checks LUN flags that can be set by
11106 * commands ahead of us in the OOA queue.  These flags have to be checked
11107 * when a command initially comes in, and when we pull a command off the
11108 * blocked queue and are preparing to execute it.  The reason we have to
11109 * check these flags for commands on the blocked queue is that the LUN
11110 * state may have been changed by a command ahead of us while we're on the
11111 * blocked queue.
11112 *
11113 * Ordering is somewhat important with these checks, so please pay
11114 * careful attention to the placement of any new checks.
11115 */
11116static int
11117ctl_scsiio_lun_check(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
11118    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11119{
11120	int retval;
11121	uint32_t residx;
11122
11123	retval = 0;
11124
11125	mtx_assert(&lun->lun_lock, MA_OWNED);
11126
11127	/*
11128	 * If this shelf is a secondary shelf controller, we have to reject
11129	 * any media access commands.
11130	 */
11131	if ((ctl_softc->flags & CTL_FLAG_ACTIVE_SHELF) == 0 &&
11132	    (entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0) {
11133		ctl_set_lun_standby(ctsio);
11134		retval = 1;
11135		goto bailout;
11136	}
11137
11138	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11139		if (lun->flags & CTL_LUN_READONLY) {
11140			ctl_set_sense(ctsio, /*current_error*/ 1,
11141			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11142			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
11143			retval = 1;
11144			goto bailout;
11145		}
11146		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11147		    .eca_and_aen & SCP_SWP) != 0) {
11148			ctl_set_sense(ctsio, /*current_error*/ 1,
11149			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11150			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11151			retval = 1;
11152			goto bailout;
11153		}
11154	}
11155
11156	/*
11157	 * Check for a reservation conflict.  If this command isn't allowed
11158	 * even on reserved LUNs, and if this initiator isn't the one who
11159	 * reserved us, reject the command with a reservation conflict.
11160	 */
11161	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
11162	if ((lun->flags & CTL_LUN_RESERVED)
11163	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11164		if (lun->res_idx != residx) {
11165			ctl_set_reservation_conflict(ctsio);
11166			retval = 1;
11167			goto bailout;
11168		}
11169	}
11170
11171	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11172	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11173		/* No reservation or command is allowed. */;
11174	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11175	    (lun->res_type == SPR_TYPE_WR_EX ||
11176	     lun->res_type == SPR_TYPE_WR_EX_RO ||
11177	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
11178		/* The command is allowed for Write Exclusive resv. */;
11179	} else {
11180		/*
11181		 * if we aren't registered or it's a res holder type
11182		 * reservation and this isn't the res holder then set a
11183		 * conflict.
11184		 */
11185		if (ctl_get_prkey(lun, residx) == 0
11186		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11187			ctl_set_reservation_conflict(ctsio);
11188			retval = 1;
11189			goto bailout;
11190		}
11191
11192	}
11193
11194	if ((lun->flags & CTL_LUN_OFFLINE)
11195	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
11196		ctl_set_lun_not_ready(ctsio);
11197		retval = 1;
11198		goto bailout;
11199	}
11200
11201	/*
11202	 * If the LUN is stopped, see if this particular command is allowed
11203	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
11204	 */
11205	if ((lun->flags & CTL_LUN_STOPPED)
11206	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11207		/* "Logical unit not ready, initializing cmd. required" */
11208		ctl_set_lun_stopped(ctsio);
11209		retval = 1;
11210		goto bailout;
11211	}
11212
11213	if ((lun->flags & CTL_LUN_INOPERABLE)
11214	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11215		/* "Medium format corrupted" */
11216		ctl_set_medium_format_corrupted(ctsio);
11217		retval = 1;
11218		goto bailout;
11219	}
11220
11221bailout:
11222	return (retval);
11223
11224}
11225
11226static void
11227ctl_failover_io(union ctl_io *io, int have_lock)
11228{
11229	ctl_set_busy(&io->scsiio);
11230	ctl_done(io);
11231}
11232
11233static void
11234ctl_failover(void)
11235{
11236	struct ctl_lun *lun;
11237	struct ctl_softc *ctl_softc;
11238	union ctl_io *next_io, *pending_io;
11239	union ctl_io *io;
11240	int lun_idx;
11241
11242	ctl_softc = control_softc;
11243
11244	mtx_lock(&ctl_softc->ctl_lock);
11245	/*
11246	 * Remove any cmds from the other SC from the rtr queue.  These
11247	 * will obviously only be for LUNs for which we're the primary.
11248	 * We can't send status or get/send data for these commands.
11249	 * Since they haven't been executed yet, we can just remove them.
11250	 * We'll either abort them or delete them below, depending on
11251	 * which HA mode we're in.
11252	 */
11253#ifdef notyet
11254	mtx_lock(&ctl_softc->queue_lock);
11255	for (io = (union ctl_io *)STAILQ_FIRST(&ctl_softc->rtr_queue);
11256	     io != NULL; io = next_io) {
11257		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
11258		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11259			STAILQ_REMOVE(&ctl_softc->rtr_queue, &io->io_hdr,
11260				      ctl_io_hdr, links);
11261	}
11262	mtx_unlock(&ctl_softc->queue_lock);
11263#endif
11264
11265	for (lun_idx=0; lun_idx < ctl_softc->num_luns; lun_idx++) {
11266		lun = ctl_softc->ctl_luns[lun_idx];
11267		if (lun==NULL)
11268			continue;
11269
11270		/*
11271		 * Processor LUNs are primary on both sides.
11272		 * XXX will this always be true?
11273		 */
11274		if (lun->be_lun->lun_type == T_PROCESSOR)
11275			continue;
11276
11277		if ((lun->flags & CTL_LUN_PRIMARY_SC)
11278		 && (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11279			printf("FAILOVER: primary lun %d\n", lun_idx);
11280		        /*
11281			 * Remove all commands from the other SC. First from the
11282			 * blocked queue then from the ooa queue. Once we have
11283			 * removed them. Call ctl_check_blocked to see if there
11284			 * is anything that can run.
11285			 */
11286			for (io = (union ctl_io *)TAILQ_FIRST(
11287			     &lun->blocked_queue); io != NULL; io = next_io) {
11288
11289		        	next_io = (union ctl_io *)TAILQ_NEXT(
11290				    &io->io_hdr, blocked_links);
11291
11292				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11293					TAILQ_REMOVE(&lun->blocked_queue,
11294						     &io->io_hdr,blocked_links);
11295					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11296					TAILQ_REMOVE(&lun->ooa_queue,
11297						     &io->io_hdr, ooa_links);
11298
11299					ctl_free_io(io);
11300				}
11301			}
11302
11303			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11304	     		     io != NULL; io = next_io) {
11305
11306		        	next_io = (union ctl_io *)TAILQ_NEXT(
11307				    &io->io_hdr, ooa_links);
11308
11309				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
11310
11311					TAILQ_REMOVE(&lun->ooa_queue,
11312						&io->io_hdr,
11313					     	ooa_links);
11314
11315					ctl_free_io(io);
11316				}
11317			}
11318			ctl_check_blocked(lun);
11319		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
11320			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11321
11322			printf("FAILOVER: primary lun %d\n", lun_idx);
11323			/*
11324			 * Abort all commands from the other SC.  We can't
11325			 * send status back for them now.  These should get
11326			 * cleaned up when they are completed or come out
11327			 * for a datamove operation.
11328			 */
11329			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
11330	     		     io != NULL; io = next_io) {
11331		        	next_io = (union ctl_io *)TAILQ_NEXT(
11332					&io->io_hdr, ooa_links);
11333
11334				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
11335					io->io_hdr.flags |= CTL_FLAG_ABORT;
11336			}
11337		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11338			&& (ctl_softc->ha_mode == CTL_HA_MODE_XFER)) {
11339
11340			printf("FAILOVER: secondary lun %d\n", lun_idx);
11341
11342			lun->flags |= CTL_LUN_PRIMARY_SC;
11343
11344			/*
11345			 * We send all I/O that was sent to this controller
11346			 * and redirected to the other side back with
11347			 * busy status, and have the initiator retry it.
11348			 * Figuring out how much data has been transferred,
11349			 * etc. and picking up where we left off would be
11350			 * very tricky.
11351			 *
11352			 * XXX KDM need to remove I/O from the blocked
11353			 * queue as well!
11354			 */
11355			for (pending_io = (union ctl_io *)TAILQ_FIRST(
11356			     &lun->ooa_queue); pending_io != NULL;
11357			     pending_io = next_io) {
11358
11359				next_io =  (union ctl_io *)TAILQ_NEXT(
11360					&pending_io->io_hdr, ooa_links);
11361
11362				pending_io->io_hdr.flags &=
11363					~CTL_FLAG_SENT_2OTHER_SC;
11364
11365				if (pending_io->io_hdr.flags &
11366				    CTL_FLAG_IO_ACTIVE) {
11367					pending_io->io_hdr.flags |=
11368						CTL_FLAG_FAILOVER;
11369				} else {
11370					ctl_set_busy(&pending_io->scsiio);
11371					ctl_done(pending_io);
11372				}
11373			}
11374
11375			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
11376		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
11377			&& (ctl_softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
11378			printf("FAILOVER: secondary lun %d\n", lun_idx);
11379			/*
11380			 * if the first io on the OOA is not on the RtR queue
11381			 * add it.
11382			 */
11383			lun->flags |= CTL_LUN_PRIMARY_SC;
11384
11385			pending_io = (union ctl_io *)TAILQ_FIRST(
11386			    &lun->ooa_queue);
11387			if (pending_io==NULL) {
11388				printf("Nothing on OOA queue\n");
11389				continue;
11390			}
11391
11392			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11393			if ((pending_io->io_hdr.flags &
11394			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11395				pending_io->io_hdr.flags |=
11396				    CTL_FLAG_IS_WAS_ON_RTR;
11397				ctl_enqueue_rtr(pending_io);
11398			}
11399#if 0
11400			else
11401			{
11402				printf("Tag 0x%04x is running\n",
11403				      pending_io->scsiio.tag_num);
11404			}
11405#endif
11406
11407			next_io = (union ctl_io *)TAILQ_NEXT(
11408			    &pending_io->io_hdr, ooa_links);
11409			for (pending_io=next_io; pending_io != NULL;
11410			     pending_io = next_io) {
11411				pending_io->io_hdr.flags &=
11412				    ~CTL_FLAG_SENT_2OTHER_SC;
11413				next_io = (union ctl_io *)TAILQ_NEXT(
11414					&pending_io->io_hdr, ooa_links);
11415				if (pending_io->io_hdr.flags &
11416				    CTL_FLAG_IS_WAS_ON_RTR) {
11417#if 0
11418				        printf("Tag 0x%04x is running\n",
11419				      		pending_io->scsiio.tag_num);
11420#endif
11421					continue;
11422				}
11423
11424				switch (ctl_check_ooa(lun, pending_io,
11425			            (union ctl_io *)TAILQ_PREV(
11426				    &pending_io->io_hdr, ctl_ooaq,
11427				    ooa_links))) {
11428
11429				case CTL_ACTION_BLOCK:
11430					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11431							  &pending_io->io_hdr,
11432							  blocked_links);
11433					pending_io->io_hdr.flags |=
11434					    CTL_FLAG_BLOCKED;
11435					break;
11436				case CTL_ACTION_PASS:
11437				case CTL_ACTION_SKIP:
11438					pending_io->io_hdr.flags |=
11439					    CTL_FLAG_IS_WAS_ON_RTR;
11440					ctl_enqueue_rtr(pending_io);
11441					break;
11442				case CTL_ACTION_OVERLAP:
11443					ctl_set_overlapped_cmd(
11444					    (struct ctl_scsiio *)pending_io);
11445					ctl_done(pending_io);
11446					break;
11447				case CTL_ACTION_OVERLAP_TAG:
11448					ctl_set_overlapped_tag(
11449					    (struct ctl_scsiio *)pending_io,
11450					    pending_io->scsiio.tag_num & 0xff);
11451					ctl_done(pending_io);
11452					break;
11453				case CTL_ACTION_ERROR:
11454				default:
11455					ctl_set_internal_failure(
11456						(struct ctl_scsiio *)pending_io,
11457						0,  // sks_valid
11458						0); //retry count
11459					ctl_done(pending_io);
11460					break;
11461				}
11462			}
11463
11464			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
11465		} else {
11466			panic("Unhandled HA mode failover, LUN flags = %#x, "
11467			      "ha_mode = #%x", lun->flags, ctl_softc->ha_mode);
11468		}
11469	}
11470	ctl_pause_rtr = 0;
11471	mtx_unlock(&ctl_softc->ctl_lock);
11472}
11473
11474static int
11475ctl_scsiio_precheck(struct ctl_softc *ctl_softc, struct ctl_scsiio *ctsio)
11476{
11477	struct ctl_lun *lun;
11478	const struct ctl_cmd_entry *entry;
11479	uint32_t initidx, targ_lun;
11480	int retval;
11481
11482	retval = 0;
11483
11484	lun = NULL;
11485
11486	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11487	if ((targ_lun < CTL_MAX_LUNS)
11488	 && ((lun = ctl_softc->ctl_luns[targ_lun]) != NULL)) {
11489		/*
11490		 * If the LUN is invalid, pretend that it doesn't exist.
11491		 * It will go away as soon as all pending I/O has been
11492		 * completed.
11493		 */
11494		mtx_lock(&lun->lun_lock);
11495		if (lun->flags & CTL_LUN_DISABLED) {
11496			mtx_unlock(&lun->lun_lock);
11497			lun = NULL;
11498			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11499			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11500		} else {
11501			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11502			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11503				lun->be_lun;
11504			if (lun->be_lun->lun_type == T_PROCESSOR) {
11505				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11506			}
11507
11508			/*
11509			 * Every I/O goes into the OOA queue for a
11510			 * particular LUN, and stays there until completion.
11511			 */
11512			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11513			    ooa_links);
11514		}
11515	} else {
11516		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11517		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11518	}
11519
11520	/* Get command entry and return error if it is unsuppotyed. */
11521	entry = ctl_validate_command(ctsio);
11522	if (entry == NULL) {
11523		if (lun)
11524			mtx_unlock(&lun->lun_lock);
11525		return (retval);
11526	}
11527
11528	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11529	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11530
11531	/*
11532	 * Check to see whether we can send this command to LUNs that don't
11533	 * exist.  This should pretty much only be the case for inquiry
11534	 * and request sense.  Further checks, below, really require having
11535	 * a LUN, so we can't really check the command anymore.  Just put
11536	 * it on the rtr queue.
11537	 */
11538	if (lun == NULL) {
11539		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11540			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11541			ctl_enqueue_rtr((union ctl_io *)ctsio);
11542			return (retval);
11543		}
11544
11545		ctl_set_unsupported_lun(ctsio);
11546		ctl_done((union ctl_io *)ctsio);
11547		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11548		return (retval);
11549	} else {
11550		/*
11551		 * Make sure we support this particular command on this LUN.
11552		 * e.g., we don't support writes to the control LUN.
11553		 */
11554		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11555			mtx_unlock(&lun->lun_lock);
11556			ctl_set_invalid_opcode(ctsio);
11557			ctl_done((union ctl_io *)ctsio);
11558			return (retval);
11559		}
11560	}
11561
11562	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11563
11564#ifdef CTL_WITH_CA
11565	/*
11566	 * If we've got a request sense, it'll clear the contingent
11567	 * allegiance condition.  Otherwise, if we have a CA condition for
11568	 * this initiator, clear it, because it sent down a command other
11569	 * than request sense.
11570	 */
11571	if ((ctsio->cdb[0] != REQUEST_SENSE)
11572	 && (ctl_is_set(lun->have_ca, initidx)))
11573		ctl_clear_mask(lun->have_ca, initidx);
11574#endif
11575
11576	/*
11577	 * If the command has this flag set, it handles its own unit
11578	 * attention reporting, we shouldn't do anything.  Otherwise we
11579	 * check for any pending unit attentions, and send them back to the
11580	 * initiator.  We only do this when a command initially comes in,
11581	 * not when we pull it off the blocked queue.
11582	 *
11583	 * According to SAM-3, section 5.3.2, the order that things get
11584	 * presented back to the host is basically unit attentions caused
11585	 * by some sort of reset event, busy status, reservation conflicts
11586	 * or task set full, and finally any other status.
11587	 *
11588	 * One issue here is that some of the unit attentions we report
11589	 * don't fall into the "reset" category (e.g. "reported luns data
11590	 * has changed").  So reporting it here, before the reservation
11591	 * check, may be technically wrong.  I guess the only thing to do
11592	 * would be to check for and report the reset events here, and then
11593	 * check for the other unit attention types after we check for a
11594	 * reservation conflict.
11595	 *
11596	 * XXX KDM need to fix this
11597	 */
11598	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11599		ctl_ua_type ua_type;
11600		scsi_sense_data_type sense_format;
11601
11602		if (lun->flags & CTL_LUN_SENSE_DESC)
11603			sense_format = SSD_TYPE_DESC;
11604		else
11605			sense_format = SSD_TYPE_FIXED;
11606
11607		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11608		    sense_format);
11609		if (ua_type != CTL_UA_NONE) {
11610			mtx_unlock(&lun->lun_lock);
11611			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11612			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11613			ctsio->sense_len = SSD_FULL_SIZE;
11614			ctl_done((union ctl_io *)ctsio);
11615			return (retval);
11616		}
11617	}
11618
11619
11620	if (ctl_scsiio_lun_check(ctl_softc, lun, entry, ctsio) != 0) {
11621		mtx_unlock(&lun->lun_lock);
11622		ctl_done((union ctl_io *)ctsio);
11623		return (retval);
11624	}
11625
11626	/*
11627	 * XXX CHD this is where we want to send IO to other side if
11628	 * this LUN is secondary on this SC. We will need to make a copy
11629	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11630	 * the copy we send as FROM_OTHER.
11631	 * We also need to stuff the address of the original IO so we can
11632	 * find it easily. Something similar will need be done on the other
11633	 * side so when we are done we can find the copy.
11634	 */
11635	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11636		union ctl_ha_msg msg_info;
11637		int isc_retval;
11638
11639		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11640
11641		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11642		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11643#if 0
11644		printf("1. ctsio %p\n", ctsio);
11645#endif
11646		msg_info.hdr.serializing_sc = NULL;
11647		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11648		msg_info.scsi.tag_num = ctsio->tag_num;
11649		msg_info.scsi.tag_type = ctsio->tag_type;
11650		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11651
11652		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11653
11654		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11655		    (void *)&msg_info, sizeof(msg_info), 0)) >
11656		    CTL_HA_STATUS_SUCCESS) {
11657			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11658			       isc_retval);
11659			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11660		} else {
11661#if 0
11662			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11663#endif
11664		}
11665
11666		/*
11667		 * XXX KDM this I/O is off the incoming queue, but hasn't
11668		 * been inserted on any other queue.  We may need to come
11669		 * up with a holding queue while we wait for serialization
11670		 * so that we have an idea of what we're waiting for from
11671		 * the other side.
11672		 */
11673		mtx_unlock(&lun->lun_lock);
11674		return (retval);
11675	}
11676
11677	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11678			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11679			      ctl_ooaq, ooa_links))) {
11680	case CTL_ACTION_BLOCK:
11681		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11682		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11683				  blocked_links);
11684		mtx_unlock(&lun->lun_lock);
11685		return (retval);
11686	case CTL_ACTION_PASS:
11687	case CTL_ACTION_SKIP:
11688		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11689		mtx_unlock(&lun->lun_lock);
11690		ctl_enqueue_rtr((union ctl_io *)ctsio);
11691		break;
11692	case CTL_ACTION_OVERLAP:
11693		mtx_unlock(&lun->lun_lock);
11694		ctl_set_overlapped_cmd(ctsio);
11695		ctl_done((union ctl_io *)ctsio);
11696		break;
11697	case CTL_ACTION_OVERLAP_TAG:
11698		mtx_unlock(&lun->lun_lock);
11699		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11700		ctl_done((union ctl_io *)ctsio);
11701		break;
11702	case CTL_ACTION_ERROR:
11703	default:
11704		mtx_unlock(&lun->lun_lock);
11705		ctl_set_internal_failure(ctsio,
11706					 /*sks_valid*/ 0,
11707					 /*retry_count*/ 0);
11708		ctl_done((union ctl_io *)ctsio);
11709		break;
11710	}
11711	return (retval);
11712}
11713
11714const struct ctl_cmd_entry *
11715ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11716{
11717	const struct ctl_cmd_entry *entry;
11718	int service_action;
11719
11720	entry = &ctl_cmd_table[ctsio->cdb[0]];
11721	if (sa)
11722		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11723	if (entry->flags & CTL_CMD_FLAG_SA5) {
11724		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11725		entry = &((const struct ctl_cmd_entry *)
11726		    entry->execute)[service_action];
11727	}
11728	return (entry);
11729}
11730
11731const struct ctl_cmd_entry *
11732ctl_validate_command(struct ctl_scsiio *ctsio)
11733{
11734	const struct ctl_cmd_entry *entry;
11735	int i, sa;
11736	uint8_t diff;
11737
11738	entry = ctl_get_cmd_entry(ctsio, &sa);
11739	if (entry->execute == NULL) {
11740		if (sa)
11741			ctl_set_invalid_field(ctsio,
11742					      /*sks_valid*/ 1,
11743					      /*command*/ 1,
11744					      /*field*/ 1,
11745					      /*bit_valid*/ 1,
11746					      /*bit*/ 4);
11747		else
11748			ctl_set_invalid_opcode(ctsio);
11749		ctl_done((union ctl_io *)ctsio);
11750		return (NULL);
11751	}
11752	KASSERT(entry->length > 0,
11753	    ("Not defined length for command 0x%02x/0x%02x",
11754	     ctsio->cdb[0], ctsio->cdb[1]));
11755	for (i = 1; i < entry->length; i++) {
11756		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11757		if (diff == 0)
11758			continue;
11759		ctl_set_invalid_field(ctsio,
11760				      /*sks_valid*/ 1,
11761				      /*command*/ 1,
11762				      /*field*/ i,
11763				      /*bit_valid*/ 1,
11764				      /*bit*/ fls(diff) - 1);
11765		ctl_done((union ctl_io *)ctsio);
11766		return (NULL);
11767	}
11768	return (entry);
11769}
11770
11771static int
11772ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11773{
11774
11775	switch (lun_type) {
11776	case T_PROCESSOR:
11777		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11778		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11779			return (0);
11780		break;
11781	case T_DIRECT:
11782		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11783		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11784			return (0);
11785		break;
11786	default:
11787		return (0);
11788	}
11789	return (1);
11790}
11791
11792static int
11793ctl_scsiio(struct ctl_scsiio *ctsio)
11794{
11795	int retval;
11796	const struct ctl_cmd_entry *entry;
11797
11798	retval = CTL_RETVAL_COMPLETE;
11799
11800	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11801
11802	entry = ctl_get_cmd_entry(ctsio, NULL);
11803
11804	/*
11805	 * If this I/O has been aborted, just send it straight to
11806	 * ctl_done() without executing it.
11807	 */
11808	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11809		ctl_done((union ctl_io *)ctsio);
11810		goto bailout;
11811	}
11812
11813	/*
11814	 * All the checks should have been handled by ctl_scsiio_precheck().
11815	 * We should be clear now to just execute the I/O.
11816	 */
11817	retval = entry->execute(ctsio);
11818
11819bailout:
11820	return (retval);
11821}
11822
11823/*
11824 * Since we only implement one target right now, a bus reset simply resets
11825 * our single target.
11826 */
11827static int
11828ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io)
11829{
11830	return(ctl_target_reset(ctl_softc, io, CTL_UA_BUS_RESET));
11831}
11832
11833static int
11834ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
11835		 ctl_ua_type ua_type)
11836{
11837	struct ctl_lun *lun;
11838	int retval;
11839
11840	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11841		union ctl_ha_msg msg_info;
11842
11843		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11844		msg_info.hdr.nexus = io->io_hdr.nexus;
11845		if (ua_type==CTL_UA_TARG_RESET)
11846			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11847		else
11848			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11849		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11850		msg_info.hdr.original_sc = NULL;
11851		msg_info.hdr.serializing_sc = NULL;
11852		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11853		    (void *)&msg_info, sizeof(msg_info), 0)) {
11854		}
11855	}
11856	retval = 0;
11857
11858	mtx_lock(&ctl_softc->ctl_lock);
11859	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links)
11860		retval += ctl_lun_reset(lun, io, ua_type);
11861	mtx_unlock(&ctl_softc->ctl_lock);
11862
11863	return (retval);
11864}
11865
11866/*
11867 * The LUN should always be set.  The I/O is optional, and is used to
11868 * distinguish between I/Os sent by this initiator, and by other
11869 * initiators.  We set unit attention for initiators other than this one.
11870 * SAM-3 is vague on this point.  It does say that a unit attention should
11871 * be established for other initiators when a LUN is reset (see section
11872 * 5.7.3), but it doesn't specifically say that the unit attention should
11873 * be established for this particular initiator when a LUN is reset.  Here
11874 * is the relevant text, from SAM-3 rev 8:
11875 *
11876 * 5.7.2 When a SCSI initiator port aborts its own tasks
11877 *
11878 * When a SCSI initiator port causes its own task(s) to be aborted, no
11879 * notification that the task(s) have been aborted shall be returned to
11880 * the SCSI initiator port other than the completion response for the
11881 * command or task management function action that caused the task(s) to
11882 * be aborted and notification(s) associated with related effects of the
11883 * action (e.g., a reset unit attention condition).
11884 *
11885 * XXX KDM for now, we're setting unit attention for all initiators.
11886 */
11887static int
11888ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11889{
11890	union ctl_io *xio;
11891#if 0
11892	uint32_t initidx;
11893#endif
11894#ifdef CTL_WITH_CA
11895	int i;
11896#endif
11897
11898	mtx_lock(&lun->lun_lock);
11899	/*
11900	 * Run through the OOA queue and abort each I/O.
11901	 */
11902#if 0
11903	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
11904#endif
11905	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11906	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11907		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11908	}
11909
11910	/*
11911	 * This version sets unit attention for every
11912	 */
11913#if 0
11914	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11915	ctl_est_ua_all(lun, initidx, ua_type);
11916#else
11917	ctl_est_ua_all(lun, -1, ua_type);
11918#endif
11919
11920	/*
11921	 * A reset (any kind, really) clears reservations established with
11922	 * RESERVE/RELEASE.  It does not clear reservations established
11923	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11924	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11925	 * reservations made with the RESERVE/RELEASE commands, because
11926	 * those commands are obsolete in SPC-3.
11927	 */
11928	lun->flags &= ~CTL_LUN_RESERVED;
11929
11930#ifdef CTL_WITH_CA
11931	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11932		ctl_clear_mask(lun->have_ca, i);
11933#endif
11934	mtx_unlock(&lun->lun_lock);
11935
11936	return (0);
11937}
11938
11939static void
11940ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11941    int other_sc)
11942{
11943	union ctl_io *xio;
11944
11945	mtx_assert(&lun->lun_lock, MA_OWNED);
11946
11947	/*
11948	 * Run through the OOA queue and attempt to find the given I/O.
11949	 * The target port, initiator ID, tag type and tag number have to
11950	 * match the values that we got from the initiator.  If we have an
11951	 * untagged command to abort, simply abort the first untagged command
11952	 * we come to.  We only allow one untagged command at a time of course.
11953	 */
11954	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11955	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11956
11957		if ((targ_port == UINT32_MAX ||
11958		     targ_port == xio->io_hdr.nexus.targ_port) &&
11959		    (init_id == UINT32_MAX ||
11960		     init_id == xio->io_hdr.nexus.initid.id)) {
11961			if (targ_port != xio->io_hdr.nexus.targ_port ||
11962			    init_id != xio->io_hdr.nexus.initid.id)
11963				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11964			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11965			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11966				union ctl_ha_msg msg_info;
11967
11968				msg_info.hdr.nexus = xio->io_hdr.nexus;
11969				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11970				msg_info.task.tag_num = xio->scsiio.tag_num;
11971				msg_info.task.tag_type = xio->scsiio.tag_type;
11972				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11973				msg_info.hdr.original_sc = NULL;
11974				msg_info.hdr.serializing_sc = NULL;
11975				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11976				    (void *)&msg_info, sizeof(msg_info), 0);
11977			}
11978		}
11979	}
11980}
11981
11982static int
11983ctl_abort_task_set(union ctl_io *io)
11984{
11985	struct ctl_softc *softc = control_softc;
11986	struct ctl_lun *lun;
11987	uint32_t targ_lun;
11988
11989	/*
11990	 * Look up the LUN.
11991	 */
11992	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11993	mtx_lock(&softc->ctl_lock);
11994	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
11995		lun = softc->ctl_luns[targ_lun];
11996	else {
11997		mtx_unlock(&softc->ctl_lock);
11998		return (1);
11999	}
12000
12001	mtx_lock(&lun->lun_lock);
12002	mtx_unlock(&softc->ctl_lock);
12003	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
12004		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12005		    io->io_hdr.nexus.initid.id,
12006		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12007	} else { /* CTL_TASK_CLEAR_TASK_SET */
12008		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
12009		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12010	}
12011	mtx_unlock(&lun->lun_lock);
12012	return (0);
12013}
12014
12015static int
12016ctl_i_t_nexus_reset(union ctl_io *io)
12017{
12018	struct ctl_softc *softc = control_softc;
12019	struct ctl_lun *lun;
12020	uint32_t initidx, residx;
12021
12022	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12023	residx = ctl_get_resindex(&io->io_hdr.nexus);
12024	mtx_lock(&softc->ctl_lock);
12025	STAILQ_FOREACH(lun, &softc->lun_list, links) {
12026		mtx_lock(&lun->lun_lock);
12027		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
12028		    io->io_hdr.nexus.initid.id,
12029		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
12030#ifdef CTL_WITH_CA
12031		ctl_clear_mask(lun->have_ca, initidx);
12032#endif
12033		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
12034			lun->flags &= ~CTL_LUN_RESERVED;
12035		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
12036		mtx_unlock(&lun->lun_lock);
12037	}
12038	mtx_unlock(&softc->ctl_lock);
12039	return (0);
12040}
12041
12042static int
12043ctl_abort_task(union ctl_io *io)
12044{
12045	union ctl_io *xio;
12046	struct ctl_lun *lun;
12047	struct ctl_softc *ctl_softc;
12048#if 0
12049	struct sbuf sb;
12050	char printbuf[128];
12051#endif
12052	int found;
12053	uint32_t targ_lun;
12054
12055	ctl_softc = control_softc;
12056	found = 0;
12057
12058	/*
12059	 * Look up the LUN.
12060	 */
12061	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12062	mtx_lock(&ctl_softc->ctl_lock);
12063	if ((targ_lun < CTL_MAX_LUNS)
12064	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12065		lun = ctl_softc->ctl_luns[targ_lun];
12066	else {
12067		mtx_unlock(&ctl_softc->ctl_lock);
12068		return (1);
12069	}
12070
12071#if 0
12072	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
12073	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
12074#endif
12075
12076	mtx_lock(&lun->lun_lock);
12077	mtx_unlock(&ctl_softc->ctl_lock);
12078	/*
12079	 * Run through the OOA queue and attempt to find the given I/O.
12080	 * The target port, initiator ID, tag type and tag number have to
12081	 * match the values that we got from the initiator.  If we have an
12082	 * untagged command to abort, simply abort the first untagged command
12083	 * we come to.  We only allow one untagged command at a time of course.
12084	 */
12085#if 0
12086	TAILQ_FOREACH((struct ctl_io_hdr *)xio, &lun->ooa_queue, ooa_links) {
12087#endif
12088	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12089	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12090#if 0
12091		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
12092
12093		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
12094			    lun->lun, xio->scsiio.tag_num,
12095			    xio->scsiio.tag_type,
12096			    (xio->io_hdr.blocked_links.tqe_prev
12097			    == NULL) ? "" : " BLOCKED",
12098			    (xio->io_hdr.flags &
12099			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
12100			    (xio->io_hdr.flags &
12101			    CTL_FLAG_ABORT) ? " ABORT" : "",
12102			    (xio->io_hdr.flags &
12103			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
12104		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
12105		sbuf_finish(&sb);
12106		printf("%s\n", sbuf_data(&sb));
12107#endif
12108
12109		if ((xio->io_hdr.nexus.targ_port == io->io_hdr.nexus.targ_port)
12110		 && (xio->io_hdr.nexus.initid.id ==
12111		     io->io_hdr.nexus.initid.id)) {
12112			/*
12113			 * If the abort says that the task is untagged, the
12114			 * task in the queue must be untagged.  Otherwise,
12115			 * we just check to see whether the tag numbers
12116			 * match.  This is because the QLogic firmware
12117			 * doesn't pass back the tag type in an abort
12118			 * request.
12119			 */
12120#if 0
12121			if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
12122			  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
12123			 || (xio->scsiio.tag_num == io->taskio.tag_num)) {
12124#endif
12125			/*
12126			 * XXX KDM we've got problems with FC, because it
12127			 * doesn't send down a tag type with aborts.  So we
12128			 * can only really go by the tag number...
12129			 * This may cause problems with parallel SCSI.
12130			 * Need to figure that out!!
12131			 */
12132			if (xio->scsiio.tag_num == io->taskio.tag_num) {
12133				xio->io_hdr.flags |= CTL_FLAG_ABORT;
12134				found = 1;
12135				if ((io->io_hdr.flags &
12136				     CTL_FLAG_FROM_OTHER_SC) == 0 &&
12137				    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
12138					union ctl_ha_msg msg_info;
12139
12140					io->io_hdr.flags |=
12141					                CTL_FLAG_SENT_2OTHER_SC;
12142					msg_info.hdr.nexus = io->io_hdr.nexus;
12143					msg_info.task.task_action =
12144						CTL_TASK_ABORT_TASK;
12145					msg_info.task.tag_num =
12146						io->taskio.tag_num;
12147					msg_info.task.tag_type =
12148						io->taskio.tag_type;
12149					msg_info.hdr.msg_type =
12150						CTL_MSG_MANAGE_TASKS;
12151					msg_info.hdr.original_sc = NULL;
12152					msg_info.hdr.serializing_sc = NULL;
12153#if 0
12154					printf("Sent Abort to other side\n");
12155#endif
12156					if (CTL_HA_STATUS_SUCCESS !=
12157					        ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12158		    				(void *)&msg_info,
12159						sizeof(msg_info), 0)) {
12160					}
12161				}
12162#if 0
12163				printf("ctl_abort_task: found I/O to abort\n");
12164#endif
12165				break;
12166			}
12167		}
12168	}
12169	mtx_unlock(&lun->lun_lock);
12170
12171	if (found == 0) {
12172		/*
12173		 * This isn't really an error.  It's entirely possible for
12174		 * the abort and command completion to cross on the wire.
12175		 * This is more of an informative/diagnostic error.
12176		 */
12177#if 0
12178		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12179		       "%d:%d:%d:%d tag %d type %d\n",
12180		       io->io_hdr.nexus.initid.id,
12181		       io->io_hdr.nexus.targ_port,
12182		       io->io_hdr.nexus.targ_target.id,
12183		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12184		       io->taskio.tag_type);
12185#endif
12186	}
12187	return (0);
12188}
12189
12190static void
12191ctl_run_task(union ctl_io *io)
12192{
12193	struct ctl_softc *ctl_softc = control_softc;
12194	int retval = 1;
12195	const char *task_desc;
12196
12197	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12198
12199	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12200	    ("ctl_run_task: Unextected io_type %d\n",
12201	     io->io_hdr.io_type));
12202
12203	task_desc = ctl_scsi_task_string(&io->taskio);
12204	if (task_desc != NULL) {
12205#ifdef NEEDTOPORT
12206		csevent_log(CSC_CTL | CSC_SHELF_SW |
12207			    CTL_TASK_REPORT,
12208			    csevent_LogType_Trace,
12209			    csevent_Severity_Information,
12210			    csevent_AlertLevel_Green,
12211			    csevent_FRU_Firmware,
12212			    csevent_FRU_Unknown,
12213			    "CTL: received task: %s",task_desc);
12214#endif
12215	} else {
12216#ifdef NEEDTOPORT
12217		csevent_log(CSC_CTL | CSC_SHELF_SW |
12218			    CTL_TASK_REPORT,
12219			    csevent_LogType_Trace,
12220			    csevent_Severity_Information,
12221			    csevent_AlertLevel_Green,
12222			    csevent_FRU_Firmware,
12223			    csevent_FRU_Unknown,
12224			    "CTL: received unknown task "
12225			    "type: %d (%#x)",
12226			    io->taskio.task_action,
12227			    io->taskio.task_action);
12228#endif
12229	}
12230	switch (io->taskio.task_action) {
12231	case CTL_TASK_ABORT_TASK:
12232		retval = ctl_abort_task(io);
12233		break;
12234	case CTL_TASK_ABORT_TASK_SET:
12235	case CTL_TASK_CLEAR_TASK_SET:
12236		retval = ctl_abort_task_set(io);
12237		break;
12238	case CTL_TASK_CLEAR_ACA:
12239		break;
12240	case CTL_TASK_I_T_NEXUS_RESET:
12241		retval = ctl_i_t_nexus_reset(io);
12242		break;
12243	case CTL_TASK_LUN_RESET: {
12244		struct ctl_lun *lun;
12245		uint32_t targ_lun;
12246
12247		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12248		mtx_lock(&ctl_softc->ctl_lock);
12249		if ((targ_lun < CTL_MAX_LUNS)
12250		 && (ctl_softc->ctl_luns[targ_lun] != NULL))
12251			lun = ctl_softc->ctl_luns[targ_lun];
12252		else {
12253			mtx_unlock(&ctl_softc->ctl_lock);
12254			retval = 1;
12255			break;
12256		}
12257
12258		if (!(io->io_hdr.flags &
12259		    CTL_FLAG_FROM_OTHER_SC)) {
12260			union ctl_ha_msg msg_info;
12261
12262			io->io_hdr.flags |=
12263				CTL_FLAG_SENT_2OTHER_SC;
12264			msg_info.hdr.msg_type =
12265				CTL_MSG_MANAGE_TASKS;
12266			msg_info.hdr.nexus = io->io_hdr.nexus;
12267			msg_info.task.task_action =
12268				CTL_TASK_LUN_RESET;
12269			msg_info.hdr.original_sc = NULL;
12270			msg_info.hdr.serializing_sc = NULL;
12271			if (CTL_HA_STATUS_SUCCESS !=
12272			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
12273			    (void *)&msg_info,
12274			    sizeof(msg_info), 0)) {
12275			}
12276		}
12277
12278		retval = ctl_lun_reset(lun, io,
12279				       CTL_UA_LUN_RESET);
12280		mtx_unlock(&ctl_softc->ctl_lock);
12281		break;
12282	}
12283	case CTL_TASK_TARGET_RESET:
12284		retval = ctl_target_reset(ctl_softc, io, CTL_UA_TARG_RESET);
12285		break;
12286	case CTL_TASK_BUS_RESET:
12287		retval = ctl_bus_reset(ctl_softc, io);
12288		break;
12289	case CTL_TASK_PORT_LOGIN:
12290		break;
12291	case CTL_TASK_PORT_LOGOUT:
12292		break;
12293	default:
12294		printf("ctl_run_task: got unknown task management event %d\n",
12295		       io->taskio.task_action);
12296		break;
12297	}
12298	if (retval == 0)
12299		io->io_hdr.status = CTL_SUCCESS;
12300	else
12301		io->io_hdr.status = CTL_ERROR;
12302	ctl_done(io);
12303}
12304
12305/*
12306 * For HA operation.  Handle commands that come in from the other
12307 * controller.
12308 */
12309static void
12310ctl_handle_isc(union ctl_io *io)
12311{
12312	int free_io;
12313	struct ctl_lun *lun;
12314	struct ctl_softc *ctl_softc;
12315	uint32_t targ_lun;
12316
12317	ctl_softc = control_softc;
12318
12319	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12320	lun = ctl_softc->ctl_luns[targ_lun];
12321
12322	switch (io->io_hdr.msg_type) {
12323	case CTL_MSG_SERIALIZE:
12324		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12325		break;
12326	case CTL_MSG_R2R: {
12327		const struct ctl_cmd_entry *entry;
12328
12329		/*
12330		 * This is only used in SER_ONLY mode.
12331		 */
12332		free_io = 0;
12333		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12334		mtx_lock(&lun->lun_lock);
12335		if (ctl_scsiio_lun_check(ctl_softc, lun,
12336		    entry, (struct ctl_scsiio *)io) != 0) {
12337			mtx_unlock(&lun->lun_lock);
12338			ctl_done(io);
12339			break;
12340		}
12341		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12342		mtx_unlock(&lun->lun_lock);
12343		ctl_enqueue_rtr(io);
12344		break;
12345	}
12346	case CTL_MSG_FINISH_IO:
12347		if (ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
12348			free_io = 0;
12349			ctl_done(io);
12350		} else {
12351			free_io = 1;
12352			mtx_lock(&lun->lun_lock);
12353			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12354				     ooa_links);
12355			ctl_check_blocked(lun);
12356			mtx_unlock(&lun->lun_lock);
12357		}
12358		break;
12359	case CTL_MSG_PERS_ACTION:
12360		ctl_hndl_per_res_out_on_other_sc(
12361			(union ctl_ha_msg *)&io->presio.pr_msg);
12362		free_io = 1;
12363		break;
12364	case CTL_MSG_BAD_JUJU:
12365		free_io = 0;
12366		ctl_done(io);
12367		break;
12368	case CTL_MSG_DATAMOVE:
12369		/* Only used in XFER mode */
12370		free_io = 0;
12371		ctl_datamove_remote(io);
12372		break;
12373	case CTL_MSG_DATAMOVE_DONE:
12374		/* Only used in XFER mode */
12375		free_io = 0;
12376		io->scsiio.be_move_done(io);
12377		break;
12378	default:
12379		free_io = 1;
12380		printf("%s: Invalid message type %d\n",
12381		       __func__, io->io_hdr.msg_type);
12382		break;
12383	}
12384	if (free_io)
12385		ctl_free_io(io);
12386
12387}
12388
12389
12390/*
12391 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12392 * there is no match.
12393 */
12394static ctl_lun_error_pattern
12395ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12396{
12397	const struct ctl_cmd_entry *entry;
12398	ctl_lun_error_pattern filtered_pattern, pattern;
12399
12400	pattern = desc->error_pattern;
12401
12402	/*
12403	 * XXX KDM we need more data passed into this function to match a
12404	 * custom pattern, and we actually need to implement custom pattern
12405	 * matching.
12406	 */
12407	if (pattern & CTL_LUN_PAT_CMD)
12408		return (CTL_LUN_PAT_CMD);
12409
12410	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12411		return (CTL_LUN_PAT_ANY);
12412
12413	entry = ctl_get_cmd_entry(ctsio, NULL);
12414
12415	filtered_pattern = entry->pattern & pattern;
12416
12417	/*
12418	 * If the user requested specific flags in the pattern (e.g.
12419	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12420	 * flags.
12421	 *
12422	 * If the user did not specify any flags, it doesn't matter whether
12423	 * or not the command supports the flags.
12424	 */
12425	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12426	     (pattern & ~CTL_LUN_PAT_MASK))
12427		return (CTL_LUN_PAT_NONE);
12428
12429	/*
12430	 * If the user asked for a range check, see if the requested LBA
12431	 * range overlaps with this command's LBA range.
12432	 */
12433	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12434		uint64_t lba1;
12435		uint64_t len1;
12436		ctl_action action;
12437		int retval;
12438
12439		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12440		if (retval != 0)
12441			return (CTL_LUN_PAT_NONE);
12442
12443		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12444					      desc->lba_range.len);
12445		/*
12446		 * A "pass" means that the LBA ranges don't overlap, so
12447		 * this doesn't match the user's range criteria.
12448		 */
12449		if (action == CTL_ACTION_PASS)
12450			return (CTL_LUN_PAT_NONE);
12451	}
12452
12453	return (filtered_pattern);
12454}
12455
12456static void
12457ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12458{
12459	struct ctl_error_desc *desc, *desc2;
12460
12461	mtx_assert(&lun->lun_lock, MA_OWNED);
12462
12463	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12464		ctl_lun_error_pattern pattern;
12465		/*
12466		 * Check to see whether this particular command matches
12467		 * the pattern in the descriptor.
12468		 */
12469		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12470		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12471			continue;
12472
12473		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12474		case CTL_LUN_INJ_ABORTED:
12475			ctl_set_aborted(&io->scsiio);
12476			break;
12477		case CTL_LUN_INJ_MEDIUM_ERR:
12478			ctl_set_medium_error(&io->scsiio);
12479			break;
12480		case CTL_LUN_INJ_UA:
12481			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12482			 * OCCURRED */
12483			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12484			break;
12485		case CTL_LUN_INJ_CUSTOM:
12486			/*
12487			 * We're assuming the user knows what he is doing.
12488			 * Just copy the sense information without doing
12489			 * checks.
12490			 */
12491			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12492			      ctl_min(sizeof(desc->custom_sense),
12493				      sizeof(io->scsiio.sense_data)));
12494			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12495			io->scsiio.sense_len = SSD_FULL_SIZE;
12496			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12497			break;
12498		case CTL_LUN_INJ_NONE:
12499		default:
12500			/*
12501			 * If this is an error injection type we don't know
12502			 * about, clear the continuous flag (if it is set)
12503			 * so it will get deleted below.
12504			 */
12505			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12506			break;
12507		}
12508		/*
12509		 * By default, each error injection action is a one-shot
12510		 */
12511		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12512			continue;
12513
12514		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12515
12516		free(desc, M_CTL);
12517	}
12518}
12519
12520#ifdef CTL_IO_DELAY
12521static void
12522ctl_datamove_timer_wakeup(void *arg)
12523{
12524	union ctl_io *io;
12525
12526	io = (union ctl_io *)arg;
12527
12528	ctl_datamove(io);
12529}
12530#endif /* CTL_IO_DELAY */
12531
12532void
12533ctl_datamove(union ctl_io *io)
12534{
12535	void (*fe_datamove)(union ctl_io *io);
12536
12537	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12538
12539	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12540
12541#ifdef CTL_TIME_IO
12542	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12543		char str[256];
12544		char path_str[64];
12545		struct sbuf sb;
12546
12547		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12548		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12549
12550		sbuf_cat(&sb, path_str);
12551		switch (io->io_hdr.io_type) {
12552		case CTL_IO_SCSI:
12553			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12554			sbuf_printf(&sb, "\n");
12555			sbuf_cat(&sb, path_str);
12556			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12557				    io->scsiio.tag_num, io->scsiio.tag_type);
12558			break;
12559		case CTL_IO_TASK:
12560			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12561				    "Tag Type: %d\n", io->taskio.task_action,
12562				    io->taskio.tag_num, io->taskio.tag_type);
12563			break;
12564		default:
12565			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12566			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12567			break;
12568		}
12569		sbuf_cat(&sb, path_str);
12570		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12571			    (intmax_t)time_uptime - io->io_hdr.start_time);
12572		sbuf_finish(&sb);
12573		printf("%s", sbuf_data(&sb));
12574	}
12575#endif /* CTL_TIME_IO */
12576
12577#ifdef CTL_IO_DELAY
12578	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12579		struct ctl_lun *lun;
12580
12581		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12582
12583		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12584	} else {
12585		struct ctl_lun *lun;
12586
12587		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12588		if ((lun != NULL)
12589		 && (lun->delay_info.datamove_delay > 0)) {
12590			struct callout *callout;
12591
12592			callout = (struct callout *)&io->io_hdr.timer_bytes;
12593			callout_init(callout, /*mpsafe*/ 1);
12594			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12595			callout_reset(callout,
12596				      lun->delay_info.datamove_delay * hz,
12597				      ctl_datamove_timer_wakeup, io);
12598			if (lun->delay_info.datamove_type ==
12599			    CTL_DELAY_TYPE_ONESHOT)
12600				lun->delay_info.datamove_delay = 0;
12601			return;
12602		}
12603	}
12604#endif
12605
12606	/*
12607	 * This command has been aborted.  Set the port status, so we fail
12608	 * the data move.
12609	 */
12610	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12611		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12612		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12613		       io->io_hdr.nexus.targ_port,
12614		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12615		       io->io_hdr.nexus.targ_lun);
12616		io->io_hdr.port_status = 31337;
12617		/*
12618		 * Note that the backend, in this case, will get the
12619		 * callback in its context.  In other cases it may get
12620		 * called in the frontend's interrupt thread context.
12621		 */
12622		io->scsiio.be_move_done(io);
12623		return;
12624	}
12625
12626	/* Don't confuse frontend with zero length data move. */
12627	if (io->scsiio.kern_data_len == 0) {
12628		io->scsiio.be_move_done(io);
12629		return;
12630	}
12631
12632	/*
12633	 * If we're in XFER mode and this I/O is from the other shelf
12634	 * controller, we need to send the DMA to the other side to
12635	 * actually transfer the data to/from the host.  In serialize only
12636	 * mode the transfer happens below CTL and ctl_datamove() is only
12637	 * called on the machine that originally received the I/O.
12638	 */
12639	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12640	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12641		union ctl_ha_msg msg;
12642		uint32_t sg_entries_sent;
12643		int do_sg_copy;
12644		int i;
12645
12646		memset(&msg, 0, sizeof(msg));
12647		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12648		msg.hdr.original_sc = io->io_hdr.original_sc;
12649		msg.hdr.serializing_sc = io;
12650		msg.hdr.nexus = io->io_hdr.nexus;
12651		msg.dt.flags = io->io_hdr.flags;
12652		/*
12653		 * We convert everything into a S/G list here.  We can't
12654		 * pass by reference, only by value between controllers.
12655		 * So we can't pass a pointer to the S/G list, only as many
12656		 * S/G entries as we can fit in here.  If it's possible for
12657		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12658		 * then we need to break this up into multiple transfers.
12659		 */
12660		if (io->scsiio.kern_sg_entries == 0) {
12661			msg.dt.kern_sg_entries = 1;
12662			/*
12663			 * If this is in cached memory, flush the cache
12664			 * before we send the DMA request to the other
12665			 * controller.  We want to do this in either the
12666			 * read or the write case.  The read case is
12667			 * straightforward.  In the write case, we want to
12668			 * make sure nothing is in the local cache that
12669			 * could overwrite the DMAed data.
12670			 */
12671			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12672				/*
12673				 * XXX KDM use bus_dmamap_sync() here.
12674				 */
12675			}
12676
12677			/*
12678			 * Convert to a physical address if this is a
12679			 * virtual address.
12680			 */
12681			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12682				msg.dt.sg_list[0].addr =
12683					io->scsiio.kern_data_ptr;
12684			} else {
12685				/*
12686				 * XXX KDM use busdma here!
12687				 */
12688#if 0
12689				msg.dt.sg_list[0].addr = (void *)
12690					vtophys(io->scsiio.kern_data_ptr);
12691#endif
12692			}
12693
12694			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12695			do_sg_copy = 0;
12696		} else {
12697			struct ctl_sg_entry *sgl;
12698
12699			do_sg_copy = 1;
12700			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12701			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12702			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12703				/*
12704				 * XXX KDM use bus_dmamap_sync() here.
12705				 */
12706			}
12707		}
12708
12709		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12710		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12711		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12712		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12713		msg.dt.sg_sequence = 0;
12714
12715		/*
12716		 * Loop until we've sent all of the S/G entries.  On the
12717		 * other end, we'll recompose these S/G entries into one
12718		 * contiguous list before passing it to the
12719		 */
12720		for (sg_entries_sent = 0; sg_entries_sent <
12721		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12722			msg.dt.cur_sg_entries = ctl_min((sizeof(msg.dt.sg_list)/
12723				sizeof(msg.dt.sg_list[0])),
12724				msg.dt.kern_sg_entries - sg_entries_sent);
12725
12726			if (do_sg_copy != 0) {
12727				struct ctl_sg_entry *sgl;
12728				int j;
12729
12730				sgl = (struct ctl_sg_entry *)
12731					io->scsiio.kern_data_ptr;
12732				/*
12733				 * If this is in cached memory, flush the cache
12734				 * before we send the DMA request to the other
12735				 * controller.  We want to do this in either
12736				 * the * read or the write case.  The read
12737				 * case is straightforward.  In the write
12738				 * case, we want to make sure nothing is
12739				 * in the local cache that could overwrite
12740				 * the DMAed data.
12741				 */
12742
12743				for (i = sg_entries_sent, j = 0;
12744				     i < msg.dt.cur_sg_entries; i++, j++) {
12745					if ((io->io_hdr.flags &
12746					     CTL_FLAG_NO_DATASYNC) == 0) {
12747						/*
12748						 * XXX KDM use bus_dmamap_sync()
12749						 */
12750					}
12751					if ((io->io_hdr.flags &
12752					     CTL_FLAG_BUS_ADDR) == 0) {
12753						/*
12754						 * XXX KDM use busdma.
12755						 */
12756#if 0
12757						msg.dt.sg_list[j].addr =(void *)
12758						       vtophys(sgl[i].addr);
12759#endif
12760					} else {
12761						msg.dt.sg_list[j].addr =
12762							sgl[i].addr;
12763					}
12764					msg.dt.sg_list[j].len = sgl[i].len;
12765				}
12766			}
12767
12768			sg_entries_sent += msg.dt.cur_sg_entries;
12769			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12770				msg.dt.sg_last = 1;
12771			else
12772				msg.dt.sg_last = 0;
12773
12774			/*
12775			 * XXX KDM drop and reacquire the lock here?
12776			 */
12777			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12778			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12779				/*
12780				 * XXX do something here.
12781				 */
12782			}
12783
12784			msg.dt.sent_sg_entries = sg_entries_sent;
12785		}
12786		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12787		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12788			ctl_failover_io(io, /*have_lock*/ 0);
12789
12790	} else {
12791
12792		/*
12793		 * Lookup the fe_datamove() function for this particular
12794		 * front end.
12795		 */
12796		fe_datamove =
12797		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12798
12799		fe_datamove(io);
12800	}
12801}
12802
12803static void
12804ctl_send_datamove_done(union ctl_io *io, int have_lock)
12805{
12806	union ctl_ha_msg msg;
12807	int isc_status;
12808
12809	memset(&msg, 0, sizeof(msg));
12810
12811	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12812	msg.hdr.original_sc = io;
12813	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12814	msg.hdr.nexus = io->io_hdr.nexus;
12815	msg.hdr.status = io->io_hdr.status;
12816	msg.scsi.tag_num = io->scsiio.tag_num;
12817	msg.scsi.tag_type = io->scsiio.tag_type;
12818	msg.scsi.scsi_status = io->scsiio.scsi_status;
12819	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12820	       sizeof(io->scsiio.sense_data));
12821	msg.scsi.sense_len = io->scsiio.sense_len;
12822	msg.scsi.sense_residual = io->scsiio.sense_residual;
12823	msg.scsi.fetd_status = io->io_hdr.port_status;
12824	msg.scsi.residual = io->scsiio.residual;
12825	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12826
12827	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12828		ctl_failover_io(io, /*have_lock*/ have_lock);
12829		return;
12830	}
12831
12832	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12833	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12834		/* XXX do something if this fails */
12835	}
12836
12837}
12838
12839/*
12840 * The DMA to the remote side is done, now we need to tell the other side
12841 * we're done so it can continue with its data movement.
12842 */
12843static void
12844ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12845{
12846	union ctl_io *io;
12847
12848	io = rq->context;
12849
12850	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12851		printf("%s: ISC DMA write failed with error %d", __func__,
12852		       rq->ret);
12853		ctl_set_internal_failure(&io->scsiio,
12854					 /*sks_valid*/ 1,
12855					 /*retry_count*/ rq->ret);
12856	}
12857
12858	ctl_dt_req_free(rq);
12859
12860	/*
12861	 * In this case, we had to malloc the memory locally.  Free it.
12862	 */
12863	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12864		int i;
12865		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12866			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12867	}
12868	/*
12869	 * The data is in local and remote memory, so now we need to send
12870	 * status (good or back) back to the other side.
12871	 */
12872	ctl_send_datamove_done(io, /*have_lock*/ 0);
12873}
12874
12875/*
12876 * We've moved the data from the host/controller into local memory.  Now we
12877 * need to push it over to the remote controller's memory.
12878 */
12879static int
12880ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12881{
12882	int retval;
12883
12884	retval = 0;
12885
12886	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12887					  ctl_datamove_remote_write_cb);
12888
12889	return (retval);
12890}
12891
12892static void
12893ctl_datamove_remote_write(union ctl_io *io)
12894{
12895	int retval;
12896	void (*fe_datamove)(union ctl_io *io);
12897
12898	/*
12899	 * - Get the data from the host/HBA into local memory.
12900	 * - DMA memory from the local controller to the remote controller.
12901	 * - Send status back to the remote controller.
12902	 */
12903
12904	retval = ctl_datamove_remote_sgl_setup(io);
12905	if (retval != 0)
12906		return;
12907
12908	/* Switch the pointer over so the FETD knows what to do */
12909	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12910
12911	/*
12912	 * Use a custom move done callback, since we need to send completion
12913	 * back to the other controller, not to the backend on this side.
12914	 */
12915	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12916
12917	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12918
12919	fe_datamove(io);
12920
12921	return;
12922
12923}
12924
12925static int
12926ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12927{
12928#if 0
12929	char str[256];
12930	char path_str[64];
12931	struct sbuf sb;
12932#endif
12933
12934	/*
12935	 * In this case, we had to malloc the memory locally.  Free it.
12936	 */
12937	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12938		int i;
12939		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12940			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12941	}
12942
12943#if 0
12944	scsi_path_string(io, path_str, sizeof(path_str));
12945	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12946	sbuf_cat(&sb, path_str);
12947	scsi_command_string(&io->scsiio, NULL, &sb);
12948	sbuf_printf(&sb, "\n");
12949	sbuf_cat(&sb, path_str);
12950	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12951		    io->scsiio.tag_num, io->scsiio.tag_type);
12952	sbuf_cat(&sb, path_str);
12953	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12954		    io->io_hdr.flags, io->io_hdr.status);
12955	sbuf_finish(&sb);
12956	printk("%s", sbuf_data(&sb));
12957#endif
12958
12959
12960	/*
12961	 * The read is done, now we need to send status (good or bad) back
12962	 * to the other side.
12963	 */
12964	ctl_send_datamove_done(io, /*have_lock*/ 0);
12965
12966	return (0);
12967}
12968
12969static void
12970ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12971{
12972	union ctl_io *io;
12973	void (*fe_datamove)(union ctl_io *io);
12974
12975	io = rq->context;
12976
12977	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12978		printf("%s: ISC DMA read failed with error %d", __func__,
12979		       rq->ret);
12980		ctl_set_internal_failure(&io->scsiio,
12981					 /*sks_valid*/ 1,
12982					 /*retry_count*/ rq->ret);
12983	}
12984
12985	ctl_dt_req_free(rq);
12986
12987	/* Switch the pointer over so the FETD knows what to do */
12988	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12989
12990	/*
12991	 * Use a custom move done callback, since we need to send completion
12992	 * back to the other controller, not to the backend on this side.
12993	 */
12994	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12995
12996	/* XXX KDM add checks like the ones in ctl_datamove? */
12997
12998	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12999
13000	fe_datamove(io);
13001}
13002
13003static int
13004ctl_datamove_remote_sgl_setup(union ctl_io *io)
13005{
13006	struct ctl_sg_entry *local_sglist, *remote_sglist;
13007	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
13008	struct ctl_softc *softc;
13009	int retval;
13010	int i;
13011
13012	retval = 0;
13013	softc = control_softc;
13014
13015	local_sglist = io->io_hdr.local_sglist;
13016	local_dma_sglist = io->io_hdr.local_dma_sglist;
13017	remote_sglist = io->io_hdr.remote_sglist;
13018	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13019
13020	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
13021		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
13022			local_sglist[i].len = remote_sglist[i].len;
13023
13024			/*
13025			 * XXX Detect the situation where the RS-level I/O
13026			 * redirector on the other side has already read the
13027			 * data off of the AOR RS on this side, and
13028			 * transferred it to remote (mirror) memory on the
13029			 * other side.  Since we already have the data in
13030			 * memory here, we just need to use it.
13031			 *
13032			 * XXX KDM this can probably be removed once we
13033			 * get the cache device code in and take the
13034			 * current AOR implementation out.
13035			 */
13036#ifdef NEEDTOPORT
13037			if ((remote_sglist[i].addr >=
13038			     (void *)vtophys(softc->mirr->addr))
13039			 && (remote_sglist[i].addr <
13040			     ((void *)vtophys(softc->mirr->addr) +
13041			     CacheMirrorOffset))) {
13042				local_sglist[i].addr = remote_sglist[i].addr -
13043					CacheMirrorOffset;
13044				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13045				     CTL_FLAG_DATA_IN)
13046					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
13047			} else {
13048				local_sglist[i].addr = remote_sglist[i].addr +
13049					CacheMirrorOffset;
13050			}
13051#endif
13052#if 0
13053			printf("%s: local %p, remote %p, len %d\n",
13054			       __func__, local_sglist[i].addr,
13055			       remote_sglist[i].addr, local_sglist[i].len);
13056#endif
13057		}
13058	} else {
13059		uint32_t len_to_go;
13060
13061		/*
13062		 * In this case, we don't have automatically allocated
13063		 * memory for this I/O on this controller.  This typically
13064		 * happens with internal CTL I/O -- e.g. inquiry, mode
13065		 * sense, etc.  Anything coming from RAIDCore will have
13066		 * a mirror area available.
13067		 */
13068		len_to_go = io->scsiio.kern_data_len;
13069
13070		/*
13071		 * Clear the no datasync flag, we have to use malloced
13072		 * buffers.
13073		 */
13074		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
13075
13076		/*
13077		 * The difficult thing here is that the size of the various
13078		 * S/G segments may be different than the size from the
13079		 * remote controller.  That'll make it harder when DMAing
13080		 * the data back to the other side.
13081		 */
13082		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
13083		     sizeof(io->io_hdr.remote_sglist[0])) &&
13084		     (len_to_go > 0); i++) {
13085			local_sglist[i].len = ctl_min(len_to_go, 131072);
13086			CTL_SIZE_8B(local_dma_sglist[i].len,
13087				    local_sglist[i].len);
13088			local_sglist[i].addr =
13089				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
13090
13091			local_dma_sglist[i].addr = local_sglist[i].addr;
13092
13093			if (local_sglist[i].addr == NULL) {
13094				int j;
13095
13096				printf("malloc failed for %zd bytes!",
13097				       local_dma_sglist[i].len);
13098				for (j = 0; j < i; j++) {
13099					free(local_sglist[j].addr, M_CTL);
13100				}
13101				ctl_set_internal_failure(&io->scsiio,
13102							 /*sks_valid*/ 1,
13103							 /*retry_count*/ 4857);
13104				retval = 1;
13105				goto bailout_error;
13106
13107			}
13108			/* XXX KDM do we need a sync here? */
13109
13110			len_to_go -= local_sglist[i].len;
13111		}
13112		/*
13113		 * Reset the number of S/G entries accordingly.  The
13114		 * original number of S/G entries is available in
13115		 * rem_sg_entries.
13116		 */
13117		io->scsiio.kern_sg_entries = i;
13118
13119#if 0
13120		printf("%s: kern_sg_entries = %d\n", __func__,
13121		       io->scsiio.kern_sg_entries);
13122		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13123			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
13124			       local_sglist[i].addr, local_sglist[i].len,
13125			       local_dma_sglist[i].len);
13126#endif
13127	}
13128
13129
13130	return (retval);
13131
13132bailout_error:
13133
13134	ctl_send_datamove_done(io, /*have_lock*/ 0);
13135
13136	return (retval);
13137}
13138
13139static int
13140ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
13141			 ctl_ha_dt_cb callback)
13142{
13143	struct ctl_ha_dt_req *rq;
13144	struct ctl_sg_entry *remote_sglist, *local_sglist;
13145	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
13146	uint32_t local_used, remote_used, total_used;
13147	int retval;
13148	int i, j;
13149
13150	retval = 0;
13151
13152	rq = ctl_dt_req_alloc();
13153
13154	/*
13155	 * If we failed to allocate the request, and if the DMA didn't fail
13156	 * anyway, set busy status.  This is just a resource allocation
13157	 * failure.
13158	 */
13159	if ((rq == NULL)
13160	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
13161		ctl_set_busy(&io->scsiio);
13162
13163	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
13164
13165		if (rq != NULL)
13166			ctl_dt_req_free(rq);
13167
13168		/*
13169		 * The data move failed.  We need to return status back
13170		 * to the other controller.  No point in trying to DMA
13171		 * data to the remote controller.
13172		 */
13173
13174		ctl_send_datamove_done(io, /*have_lock*/ 0);
13175
13176		retval = 1;
13177
13178		goto bailout;
13179	}
13180
13181	local_sglist = io->io_hdr.local_sglist;
13182	local_dma_sglist = io->io_hdr.local_dma_sglist;
13183	remote_sglist = io->io_hdr.remote_sglist;
13184	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
13185	local_used = 0;
13186	remote_used = 0;
13187	total_used = 0;
13188
13189	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
13190		rq->ret = CTL_HA_STATUS_SUCCESS;
13191		rq->context = io;
13192		callback(rq);
13193		goto bailout;
13194	}
13195
13196	/*
13197	 * Pull/push the data over the wire from/to the other controller.
13198	 * This takes into account the possibility that the local and
13199	 * remote sglists may not be identical in terms of the size of
13200	 * the elements and the number of elements.
13201	 *
13202	 * One fundamental assumption here is that the length allocated for
13203	 * both the local and remote sglists is identical.  Otherwise, we've
13204	 * essentially got a coding error of some sort.
13205	 */
13206	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
13207		int isc_ret;
13208		uint32_t cur_len, dma_length;
13209		uint8_t *tmp_ptr;
13210
13211		rq->id = CTL_HA_DATA_CTL;
13212		rq->command = command;
13213		rq->context = io;
13214
13215		/*
13216		 * Both pointers should be aligned.  But it is possible
13217		 * that the allocation length is not.  They should both
13218		 * also have enough slack left over at the end, though,
13219		 * to round up to the next 8 byte boundary.
13220		 */
13221		cur_len = ctl_min(local_sglist[i].len - local_used,
13222				  remote_sglist[j].len - remote_used);
13223
13224		/*
13225		 * In this case, we have a size issue and need to decrease
13226		 * the size, except in the case where we actually have less
13227		 * than 8 bytes left.  In that case, we need to increase
13228		 * the DMA length to get the last bit.
13229		 */
13230		if ((cur_len & 0x7) != 0) {
13231			if (cur_len > 0x7) {
13232				cur_len = cur_len - (cur_len & 0x7);
13233				dma_length = cur_len;
13234			} else {
13235				CTL_SIZE_8B(dma_length, cur_len);
13236			}
13237
13238		} else
13239			dma_length = cur_len;
13240
13241		/*
13242		 * If we had to allocate memory for this I/O, instead of using
13243		 * the non-cached mirror memory, we'll need to flush the cache
13244		 * before trying to DMA to the other controller.
13245		 *
13246		 * We could end up doing this multiple times for the same
13247		 * segment if we have a larger local segment than remote
13248		 * segment.  That shouldn't be an issue.
13249		 */
13250		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
13251			/*
13252			 * XXX KDM use bus_dmamap_sync() here.
13253			 */
13254		}
13255
13256		rq->size = dma_length;
13257
13258		tmp_ptr = (uint8_t *)local_sglist[i].addr;
13259		tmp_ptr += local_used;
13260
13261		/* Use physical addresses when talking to ISC hardware */
13262		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
13263			/* XXX KDM use busdma */
13264#if 0
13265			rq->local = vtophys(tmp_ptr);
13266#endif
13267		} else
13268			rq->local = tmp_ptr;
13269
13270		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
13271		tmp_ptr += remote_used;
13272		rq->remote = tmp_ptr;
13273
13274		rq->callback = NULL;
13275
13276		local_used += cur_len;
13277		if (local_used >= local_sglist[i].len) {
13278			i++;
13279			local_used = 0;
13280		}
13281
13282		remote_used += cur_len;
13283		if (remote_used >= remote_sglist[j].len) {
13284			j++;
13285			remote_used = 0;
13286		}
13287		total_used += cur_len;
13288
13289		if (total_used >= io->scsiio.kern_data_len)
13290			rq->callback = callback;
13291
13292		if ((rq->size & 0x7) != 0) {
13293			printf("%s: warning: size %d is not on 8b boundary\n",
13294			       __func__, rq->size);
13295		}
13296		if (((uintptr_t)rq->local & 0x7) != 0) {
13297			printf("%s: warning: local %p not on 8b boundary\n",
13298			       __func__, rq->local);
13299		}
13300		if (((uintptr_t)rq->remote & 0x7) != 0) {
13301			printf("%s: warning: remote %p not on 8b boundary\n",
13302			       __func__, rq->local);
13303		}
13304#if 0
13305		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
13306		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
13307		       rq->local, rq->remote, rq->size);
13308#endif
13309
13310		isc_ret = ctl_dt_single(rq);
13311		if (isc_ret == CTL_HA_STATUS_WAIT)
13312			continue;
13313
13314		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
13315			rq->ret = CTL_HA_STATUS_SUCCESS;
13316		} else {
13317			rq->ret = isc_ret;
13318		}
13319		callback(rq);
13320		goto bailout;
13321	}
13322
13323bailout:
13324	return (retval);
13325
13326}
13327
13328static void
13329ctl_datamove_remote_read(union ctl_io *io)
13330{
13331	int retval;
13332	int i;
13333
13334	/*
13335	 * This will send an error to the other controller in the case of a
13336	 * failure.
13337	 */
13338	retval = ctl_datamove_remote_sgl_setup(io);
13339	if (retval != 0)
13340		return;
13341
13342	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13343					  ctl_datamove_remote_read_cb);
13344	if ((retval != 0)
13345	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
13346		/*
13347		 * Make sure we free memory if there was an error..  The
13348		 * ctl_datamove_remote_xfer() function will send the
13349		 * datamove done message, or call the callback with an
13350		 * error if there is a problem.
13351		 */
13352		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13353			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13354	}
13355
13356	return;
13357}
13358
13359/*
13360 * Process a datamove request from the other controller.  This is used for
13361 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13362 * first.  Once that is complete, the data gets DMAed into the remote
13363 * controller's memory.  For reads, we DMA from the remote controller's
13364 * memory into our memory first, and then move it out to the FETD.
13365 */
13366static void
13367ctl_datamove_remote(union ctl_io *io)
13368{
13369	struct ctl_softc *softc;
13370
13371	softc = control_softc;
13372
13373	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13374
13375	/*
13376	 * Note that we look for an aborted I/O here, but don't do some of
13377	 * the other checks that ctl_datamove() normally does.
13378	 * We don't need to run the datamove delay code, since that should
13379	 * have been done if need be on the other controller.
13380	 */
13381	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13382		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13383		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13384		       io->io_hdr.nexus.targ_port,
13385		       io->io_hdr.nexus.targ_target.id,
13386		       io->io_hdr.nexus.targ_lun);
13387		io->io_hdr.port_status = 31338;
13388		ctl_send_datamove_done(io, /*have_lock*/ 0);
13389		return;
13390	}
13391
13392	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13393		ctl_datamove_remote_write(io);
13394	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13395		ctl_datamove_remote_read(io);
13396	} else {
13397		union ctl_ha_msg msg;
13398		struct scsi_sense_data *sense;
13399		uint8_t sks[3];
13400		int retry_count;
13401
13402		memset(&msg, 0, sizeof(msg));
13403
13404		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13405		msg.hdr.status = CTL_SCSI_ERROR;
13406		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13407
13408		retry_count = 4243;
13409
13410		sense = &msg.scsi.sense_data;
13411		sks[0] = SSD_SCS_VALID;
13412		sks[1] = (retry_count >> 8) & 0xff;
13413		sks[2] = retry_count & 0xff;
13414
13415		/* "Internal target failure" */
13416		scsi_set_sense_data(sense,
13417				    /*sense_format*/ SSD_TYPE_NONE,
13418				    /*current_error*/ 1,
13419				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13420				    /*asc*/ 0x44,
13421				    /*ascq*/ 0x00,
13422				    /*type*/ SSD_ELEM_SKS,
13423				    /*size*/ sizeof(sks),
13424				    /*data*/ sks,
13425				    SSD_ELEM_NONE);
13426
13427		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13428		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13429			ctl_failover_io(io, /*have_lock*/ 1);
13430			return;
13431		}
13432
13433		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13434		    CTL_HA_STATUS_SUCCESS) {
13435			/* XXX KDM what to do if this fails? */
13436		}
13437		return;
13438	}
13439
13440}
13441
13442static int
13443ctl_process_done(union ctl_io *io)
13444{
13445	struct ctl_lun *lun;
13446	struct ctl_softc *ctl_softc = control_softc;
13447	void (*fe_done)(union ctl_io *io);
13448	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13449
13450	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13451
13452	fe_done =
13453	    control_softc->ctl_ports[targ_port]->fe_done;
13454
13455#ifdef CTL_TIME_IO
13456	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13457		char str[256];
13458		char path_str[64];
13459		struct sbuf sb;
13460
13461		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13462		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13463
13464		sbuf_cat(&sb, path_str);
13465		switch (io->io_hdr.io_type) {
13466		case CTL_IO_SCSI:
13467			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13468			sbuf_printf(&sb, "\n");
13469			sbuf_cat(&sb, path_str);
13470			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13471				    io->scsiio.tag_num, io->scsiio.tag_type);
13472			break;
13473		case CTL_IO_TASK:
13474			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13475				    "Tag Type: %d\n", io->taskio.task_action,
13476				    io->taskio.tag_num, io->taskio.tag_type);
13477			break;
13478		default:
13479			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13480			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13481			break;
13482		}
13483		sbuf_cat(&sb, path_str);
13484		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13485			    (intmax_t)time_uptime - io->io_hdr.start_time);
13486		sbuf_finish(&sb);
13487		printf("%s", sbuf_data(&sb));
13488	}
13489#endif /* CTL_TIME_IO */
13490
13491	switch (io->io_hdr.io_type) {
13492	case CTL_IO_SCSI:
13493		break;
13494	case CTL_IO_TASK:
13495		if (bootverbose || (ctl_debug & CTL_DEBUG_INFO))
13496			ctl_io_error_print(io, NULL);
13497		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13498			ctl_free_io(io);
13499		else
13500			fe_done(io);
13501		return (CTL_RETVAL_COMPLETE);
13502	default:
13503		panic("ctl_process_done: invalid io type %d\n",
13504		      io->io_hdr.io_type);
13505		break; /* NOTREACHED */
13506	}
13507
13508	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13509	if (lun == NULL) {
13510		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13511				 io->io_hdr.nexus.targ_mapped_lun));
13512		goto bailout;
13513	}
13514
13515	mtx_lock(&lun->lun_lock);
13516
13517	/*
13518	 * Check to see if we have any errors to inject here.  We only
13519	 * inject errors for commands that don't already have errors set.
13520	 */
13521	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
13522	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13523	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13524		ctl_inject_error(lun, io);
13525
13526	/*
13527	 * XXX KDM how do we treat commands that aren't completed
13528	 * successfully?
13529	 *
13530	 * XXX KDM should we also track I/O latency?
13531	 */
13532	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13533	    io->io_hdr.io_type == CTL_IO_SCSI) {
13534#ifdef CTL_TIME_IO
13535		struct bintime cur_bt;
13536#endif
13537		int type;
13538
13539		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13540		    CTL_FLAG_DATA_IN)
13541			type = CTL_STATS_READ;
13542		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13543		    CTL_FLAG_DATA_OUT)
13544			type = CTL_STATS_WRITE;
13545		else
13546			type = CTL_STATS_NO_IO;
13547
13548		lun->stats.ports[targ_port].bytes[type] +=
13549		    io->scsiio.kern_total_len;
13550		lun->stats.ports[targ_port].operations[type]++;
13551#ifdef CTL_TIME_IO
13552		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13553		   &io->io_hdr.dma_bt);
13554		lun->stats.ports[targ_port].num_dmas[type] +=
13555		    io->io_hdr.num_dmas;
13556		getbintime(&cur_bt);
13557		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13558		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13559#endif
13560	}
13561
13562	/*
13563	 * Remove this from the OOA queue.
13564	 */
13565	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13566
13567	/*
13568	 * Run through the blocked queue on this LUN and see if anything
13569	 * has become unblocked, now that this transaction is done.
13570	 */
13571	ctl_check_blocked(lun);
13572
13573	/*
13574	 * If the LUN has been invalidated, free it if there is nothing
13575	 * left on its OOA queue.
13576	 */
13577	if ((lun->flags & CTL_LUN_INVALID)
13578	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13579		mtx_unlock(&lun->lun_lock);
13580		mtx_lock(&ctl_softc->ctl_lock);
13581		ctl_free_lun(lun);
13582		mtx_unlock(&ctl_softc->ctl_lock);
13583	} else
13584		mtx_unlock(&lun->lun_lock);
13585
13586bailout:
13587
13588	/*
13589	 * If this command has been aborted, make sure we set the status
13590	 * properly.  The FETD is responsible for freeing the I/O and doing
13591	 * whatever it needs to do to clean up its state.
13592	 */
13593	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13594		ctl_set_task_aborted(&io->scsiio);
13595
13596	/*
13597	 * If enabled, print command error status.
13598	 * We don't print UAs unless debugging was enabled explicitly.
13599	 */
13600	do {
13601		if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)
13602			break;
13603		if (!bootverbose && (ctl_debug & CTL_DEBUG_INFO) == 0)
13604			break;
13605		if ((ctl_debug & CTL_DEBUG_INFO) == 0 &&
13606		    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SCSI_ERROR) &&
13607		     (io->scsiio.scsi_status == SCSI_STATUS_CHECK_COND)) {
13608			int error_code, sense_key, asc, ascq;
13609
13610			scsi_extract_sense_len(&io->scsiio.sense_data,
13611			    io->scsiio.sense_len, &error_code, &sense_key,
13612			    &asc, &ascq, /*show_errors*/ 0);
13613			if (sense_key == SSD_KEY_UNIT_ATTENTION)
13614				break;
13615		}
13616
13617		ctl_io_error_print(io, NULL);
13618	} while (0);
13619
13620	/*
13621	 * Tell the FETD or the other shelf controller we're done with this
13622	 * command.  Note that only SCSI commands get to this point.  Task
13623	 * management commands are completed above.
13624	 *
13625	 * We only send status to the other controller if we're in XFER
13626	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13627	 * received the I/O (from CTL's perspective), and so the status is
13628	 * generated there.
13629	 *
13630	 * XXX KDM if we hold the lock here, we could cause a deadlock
13631	 * if the frontend comes back in in this context to queue
13632	 * something.
13633	 */
13634	if ((ctl_softc->ha_mode == CTL_HA_MODE_XFER)
13635	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13636		union ctl_ha_msg msg;
13637
13638		memset(&msg, 0, sizeof(msg));
13639		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13640		msg.hdr.original_sc = io->io_hdr.original_sc;
13641		msg.hdr.nexus = io->io_hdr.nexus;
13642		msg.hdr.status = io->io_hdr.status;
13643		msg.scsi.scsi_status = io->scsiio.scsi_status;
13644		msg.scsi.tag_num = io->scsiio.tag_num;
13645		msg.scsi.tag_type = io->scsiio.tag_type;
13646		msg.scsi.sense_len = io->scsiio.sense_len;
13647		msg.scsi.sense_residual = io->scsiio.sense_residual;
13648		msg.scsi.residual = io->scsiio.residual;
13649		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13650		       sizeof(io->scsiio.sense_data));
13651		/*
13652		 * We copy this whether or not this is an I/O-related
13653		 * command.  Otherwise, we'd have to go and check to see
13654		 * whether it's a read/write command, and it really isn't
13655		 * worth it.
13656		 */
13657		memcpy(&msg.scsi.lbalen,
13658		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13659		       sizeof(msg.scsi.lbalen));
13660
13661		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13662				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13663			/* XXX do something here */
13664		}
13665
13666		ctl_free_io(io);
13667	} else
13668		fe_done(io);
13669
13670	return (CTL_RETVAL_COMPLETE);
13671}
13672
13673#ifdef CTL_WITH_CA
13674/*
13675 * Front end should call this if it doesn't do autosense.  When the request
13676 * sense comes back in from the initiator, we'll dequeue this and send it.
13677 */
13678int
13679ctl_queue_sense(union ctl_io *io)
13680{
13681	struct ctl_lun *lun;
13682	struct ctl_softc *ctl_softc;
13683	uint32_t initidx, targ_lun;
13684
13685	ctl_softc = control_softc;
13686
13687	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13688
13689	/*
13690	 * LUN lookup will likely move to the ctl_work_thread() once we
13691	 * have our new queueing infrastructure (that doesn't put things on
13692	 * a per-LUN queue initially).  That is so that we can handle
13693	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13694	 * can't deal with that right now.
13695	 */
13696	mtx_lock(&ctl_softc->ctl_lock);
13697
13698	/*
13699	 * If we don't have a LUN for this, just toss the sense
13700	 * information.
13701	 */
13702	targ_lun = io->io_hdr.nexus.targ_lun;
13703	targ_lun = ctl_map_lun(io->io_hdr.nexus.targ_port, targ_lun);
13704	if ((targ_lun < CTL_MAX_LUNS)
13705	 && (ctl_softc->ctl_luns[targ_lun] != NULL))
13706		lun = ctl_softc->ctl_luns[targ_lun];
13707	else
13708		goto bailout;
13709
13710	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13711
13712	mtx_lock(&lun->lun_lock);
13713	/*
13714	 * Already have CA set for this LUN...toss the sense information.
13715	 */
13716	if (ctl_is_set(lun->have_ca, initidx)) {
13717		mtx_unlock(&lun->lun_lock);
13718		goto bailout;
13719	}
13720
13721	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13722	       ctl_min(sizeof(lun->pending_sense[initidx]),
13723	       sizeof(io->scsiio.sense_data)));
13724	ctl_set_mask(lun->have_ca, initidx);
13725	mtx_unlock(&lun->lun_lock);
13726
13727bailout:
13728	mtx_unlock(&ctl_softc->ctl_lock);
13729
13730	ctl_free_io(io);
13731
13732	return (CTL_RETVAL_COMPLETE);
13733}
13734#endif
13735
13736/*
13737 * Primary command inlet from frontend ports.  All SCSI and task I/O
13738 * requests must go through this function.
13739 */
13740int
13741ctl_queue(union ctl_io *io)
13742{
13743	struct ctl_softc *ctl_softc;
13744
13745	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13746
13747	ctl_softc = control_softc;
13748
13749#ifdef CTL_TIME_IO
13750	io->io_hdr.start_time = time_uptime;
13751	getbintime(&io->io_hdr.start_bt);
13752#endif /* CTL_TIME_IO */
13753
13754	/* Map FE-specific LUN ID into global one. */
13755	io->io_hdr.nexus.targ_mapped_lun =
13756	    ctl_map_lun(io->io_hdr.nexus.targ_port, io->io_hdr.nexus.targ_lun);
13757
13758	switch (io->io_hdr.io_type) {
13759	case CTL_IO_SCSI:
13760	case CTL_IO_TASK:
13761		if (ctl_debug & CTL_DEBUG_CDB)
13762			ctl_io_print(io);
13763		ctl_enqueue_incoming(io);
13764		break;
13765	default:
13766		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13767		return (EINVAL);
13768	}
13769
13770	return (CTL_RETVAL_COMPLETE);
13771}
13772
13773#ifdef CTL_IO_DELAY
13774static void
13775ctl_done_timer_wakeup(void *arg)
13776{
13777	union ctl_io *io;
13778
13779	io = (union ctl_io *)arg;
13780	ctl_done(io);
13781}
13782#endif /* CTL_IO_DELAY */
13783
13784void
13785ctl_done(union ctl_io *io)
13786{
13787	struct ctl_softc *ctl_softc;
13788
13789	ctl_softc = control_softc;
13790
13791	/*
13792	 * Enable this to catch duplicate completion issues.
13793	 */
13794#if 0
13795	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13796		printf("%s: type %d msg %d cdb %x iptl: "
13797		       "%d:%d:%d:%d tag 0x%04x "
13798		       "flag %#x status %x\n",
13799			__func__,
13800			io->io_hdr.io_type,
13801			io->io_hdr.msg_type,
13802			io->scsiio.cdb[0],
13803			io->io_hdr.nexus.initid.id,
13804			io->io_hdr.nexus.targ_port,
13805			io->io_hdr.nexus.targ_target.id,
13806			io->io_hdr.nexus.targ_lun,
13807			(io->io_hdr.io_type ==
13808			CTL_IO_TASK) ?
13809			io->taskio.tag_num :
13810			io->scsiio.tag_num,
13811		        io->io_hdr.flags,
13812			io->io_hdr.status);
13813	} else
13814		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13815#endif
13816
13817	/*
13818	 * This is an internal copy of an I/O, and should not go through
13819	 * the normal done processing logic.
13820	 */
13821	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13822		return;
13823
13824	/*
13825	 * We need to send a msg to the serializing shelf to finish the IO
13826	 * as well.  We don't send a finish message to the other shelf if
13827	 * this is a task management command.  Task management commands
13828	 * aren't serialized in the OOA queue, but rather just executed on
13829	 * both shelf controllers for commands that originated on that
13830	 * controller.
13831	 */
13832	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13833	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13834		union ctl_ha_msg msg_io;
13835
13836		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13837		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13838		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13839		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13840		}
13841		/* continue on to finish IO */
13842	}
13843#ifdef CTL_IO_DELAY
13844	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13845		struct ctl_lun *lun;
13846
13847		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13848
13849		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13850	} else {
13851		struct ctl_lun *lun;
13852
13853		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13854
13855		if ((lun != NULL)
13856		 && (lun->delay_info.done_delay > 0)) {
13857			struct callout *callout;
13858
13859			callout = (struct callout *)&io->io_hdr.timer_bytes;
13860			callout_init(callout, /*mpsafe*/ 1);
13861			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13862			callout_reset(callout,
13863				      lun->delay_info.done_delay * hz,
13864				      ctl_done_timer_wakeup, io);
13865			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13866				lun->delay_info.done_delay = 0;
13867			return;
13868		}
13869	}
13870#endif /* CTL_IO_DELAY */
13871
13872	ctl_enqueue_done(io);
13873}
13874
13875int
13876ctl_isc(struct ctl_scsiio *ctsio)
13877{
13878	struct ctl_lun *lun;
13879	int retval;
13880
13881	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13882
13883	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13884
13885	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13886
13887	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13888
13889	return (retval);
13890}
13891
13892
13893static void
13894ctl_work_thread(void *arg)
13895{
13896	struct ctl_thread *thr = (struct ctl_thread *)arg;
13897	struct ctl_softc *softc = thr->ctl_softc;
13898	union ctl_io *io;
13899	int retval;
13900
13901	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13902
13903	for (;;) {
13904		retval = 0;
13905
13906		/*
13907		 * We handle the queues in this order:
13908		 * - ISC
13909		 * - done queue (to free up resources, unblock other commands)
13910		 * - RtR queue
13911		 * - incoming queue
13912		 *
13913		 * If those queues are empty, we break out of the loop and
13914		 * go to sleep.
13915		 */
13916		mtx_lock(&thr->queue_lock);
13917		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13918		if (io != NULL) {
13919			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13920			mtx_unlock(&thr->queue_lock);
13921			ctl_handle_isc(io);
13922			continue;
13923		}
13924		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13925		if (io != NULL) {
13926			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13927			/* clear any blocked commands, call fe_done */
13928			mtx_unlock(&thr->queue_lock);
13929			retval = ctl_process_done(io);
13930			continue;
13931		}
13932		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13933		if (io != NULL) {
13934			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13935			mtx_unlock(&thr->queue_lock);
13936			if (io->io_hdr.io_type == CTL_IO_TASK)
13937				ctl_run_task(io);
13938			else
13939				ctl_scsiio_precheck(softc, &io->scsiio);
13940			continue;
13941		}
13942		if (!ctl_pause_rtr) {
13943			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13944			if (io != NULL) {
13945				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13946				mtx_unlock(&thr->queue_lock);
13947				retval = ctl_scsiio(&io->scsiio);
13948				if (retval != CTL_RETVAL_COMPLETE)
13949					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13950				continue;
13951			}
13952		}
13953
13954		/* Sleep until we have something to do. */
13955		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13956	}
13957}
13958
13959static void
13960ctl_lun_thread(void *arg)
13961{
13962	struct ctl_softc *softc = (struct ctl_softc *)arg;
13963	struct ctl_be_lun *be_lun;
13964	int retval;
13965
13966	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13967
13968	for (;;) {
13969		retval = 0;
13970		mtx_lock(&softc->ctl_lock);
13971		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13972		if (be_lun != NULL) {
13973			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13974			mtx_unlock(&softc->ctl_lock);
13975			ctl_create_lun(be_lun);
13976			continue;
13977		}
13978
13979		/* Sleep until we have something to do. */
13980		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13981		    PDROP | PRIBIO, "-", 0);
13982	}
13983}
13984
13985static void
13986ctl_thresh_thread(void *arg)
13987{
13988	struct ctl_softc *softc = (struct ctl_softc *)arg;
13989	struct ctl_lun *lun;
13990	struct ctl_be_lun *be_lun;
13991	struct scsi_da_rw_recovery_page *rwpage;
13992	struct ctl_logical_block_provisioning_page *page;
13993	const char *attr;
13994	uint64_t thres, val;
13995	int i, e;
13996
13997	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13998
13999	for (;;) {
14000		mtx_lock(&softc->ctl_lock);
14001		STAILQ_FOREACH(lun, &softc->lun_list, links) {
14002			be_lun = lun->be_lun;
14003			if ((lun->flags & CTL_LUN_DISABLED) ||
14004			    (lun->flags & CTL_LUN_OFFLINE) ||
14005			    (be_lun->flags & CTL_LUN_FLAG_UNMAP) == 0 ||
14006			    lun->backend->lun_attr == NULL)
14007				continue;
14008			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
14009			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
14010				continue;
14011			e = 0;
14012			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
14013			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
14014				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
14015					continue;
14016				thres = scsi_4btoul(page->descr[i].count);
14017				thres <<= CTL_LBP_EXPONENT;
14018				switch (page->descr[i].resource) {
14019				case 0x01:
14020					attr = "blocksavail";
14021					break;
14022				case 0x02:
14023					attr = "blocksused";
14024					break;
14025				case 0xf1:
14026					attr = "poolblocksavail";
14027					break;
14028				case 0xf2:
14029					attr = "poolblocksused";
14030					break;
14031				default:
14032					continue;
14033				}
14034				mtx_unlock(&softc->ctl_lock); // XXX
14035				val = lun->backend->lun_attr(
14036				    lun->be_lun->be_lun, attr);
14037				mtx_lock(&softc->ctl_lock);
14038				if (val == UINT64_MAX)
14039					continue;
14040				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
14041				    == SLBPPD_ARMING_INC)
14042					e |= (val >= thres);
14043				else
14044					e |= (val <= thres);
14045			}
14046			mtx_lock(&lun->lun_lock);
14047			if (e) {
14048				if (lun->lasttpt == 0 ||
14049				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
14050					lun->lasttpt = time_uptime;
14051					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
14052				}
14053			} else {
14054				lun->lasttpt = 0;
14055				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
14056			}
14057			mtx_unlock(&lun->lun_lock);
14058		}
14059		mtx_unlock(&softc->ctl_lock);
14060		pause("-", CTL_LBP_PERIOD * hz);
14061	}
14062}
14063
14064static void
14065ctl_enqueue_incoming(union ctl_io *io)
14066{
14067	struct ctl_softc *softc = control_softc;
14068	struct ctl_thread *thr;
14069	u_int idx;
14070
14071	idx = (io->io_hdr.nexus.targ_port * 127 +
14072	       io->io_hdr.nexus.initid.id) % worker_threads;
14073	thr = &softc->threads[idx];
14074	mtx_lock(&thr->queue_lock);
14075	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
14076	mtx_unlock(&thr->queue_lock);
14077	wakeup(thr);
14078}
14079
14080static void
14081ctl_enqueue_rtr(union ctl_io *io)
14082{
14083	struct ctl_softc *softc = control_softc;
14084	struct ctl_thread *thr;
14085
14086	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14087	mtx_lock(&thr->queue_lock);
14088	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
14089	mtx_unlock(&thr->queue_lock);
14090	wakeup(thr);
14091}
14092
14093static void
14094ctl_enqueue_done(union ctl_io *io)
14095{
14096	struct ctl_softc *softc = control_softc;
14097	struct ctl_thread *thr;
14098
14099	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14100	mtx_lock(&thr->queue_lock);
14101	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
14102	mtx_unlock(&thr->queue_lock);
14103	wakeup(thr);
14104}
14105
14106static void
14107ctl_enqueue_isc(union ctl_io *io)
14108{
14109	struct ctl_softc *softc = control_softc;
14110	struct ctl_thread *thr;
14111
14112	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
14113	mtx_lock(&thr->queue_lock);
14114	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
14115	mtx_unlock(&thr->queue_lock);
14116	wakeup(thr);
14117}
14118
14119/* Initialization and failover */
14120
14121void
14122ctl_init_isc_msg(void)
14123{
14124	printf("CTL: Still calling this thing\n");
14125}
14126
14127/*
14128 * Init component
14129 * 	Initializes component into configuration defined by bootMode
14130 *	(see hasc-sv.c)
14131 *  	returns hasc_Status:
14132 * 		OK
14133 *		ERROR - fatal error
14134 */
14135static ctl_ha_comp_status
14136ctl_isc_init(struct ctl_ha_component *c)
14137{
14138	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14139
14140	c->status = ret;
14141	return ret;
14142}
14143
14144/* Start component
14145 * 	Starts component in state requested. If component starts successfully,
14146 *	it must set its own state to the requestrd state
14147 *	When requested state is HASC_STATE_HA, the component may refine it
14148 * 	by adding _SLAVE or _MASTER flags.
14149 *	Currently allowed state transitions are:
14150 *	UNKNOWN->HA		- initial startup
14151 *	UNKNOWN->SINGLE - initial startup when no parter detected
14152 *	HA->SINGLE		- failover
14153 * returns ctl_ha_comp_status:
14154 * 		OK	- component successfully started in requested state
14155 *		FAILED  - could not start the requested state, failover may
14156 * 			  be possible
14157 *		ERROR	- fatal error detected, no future startup possible
14158 */
14159static ctl_ha_comp_status
14160ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
14161{
14162	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
14163
14164	printf("%s: go\n", __func__);
14165
14166	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
14167	if (c->state == CTL_HA_STATE_UNKNOWN ) {
14168		control_softc->is_single = 0;
14169		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
14170		    != CTL_HA_STATUS_SUCCESS) {
14171			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
14172			ret = CTL_HA_COMP_STATUS_ERROR;
14173		}
14174	} else if (CTL_HA_STATE_IS_HA(c->state)
14175		&& CTL_HA_STATE_IS_SINGLE(state)){
14176		// HA->SINGLE transition
14177	        ctl_failover();
14178		control_softc->is_single = 1;
14179	} else {
14180		printf("ctl_isc_start:Invalid state transition %X->%X\n",
14181		       c->state, state);
14182		ret = CTL_HA_COMP_STATUS_ERROR;
14183	}
14184	if (CTL_HA_STATE_IS_SINGLE(state))
14185		control_softc->is_single = 1;
14186
14187	c->state = state;
14188	c->status = ret;
14189	return ret;
14190}
14191
14192/*
14193 * Quiesce component
14194 * The component must clear any error conditions (set status to OK) and
14195 * prepare itself to another Start call
14196 * returns ctl_ha_comp_status:
14197 * 	OK
14198 *	ERROR
14199 */
14200static ctl_ha_comp_status
14201ctl_isc_quiesce(struct ctl_ha_component *c)
14202{
14203	int ret = CTL_HA_COMP_STATUS_OK;
14204
14205	ctl_pause_rtr = 1;
14206	c->status = ret;
14207	return ret;
14208}
14209
14210struct ctl_ha_component ctl_ha_component_ctlisc =
14211{
14212	.name = "CTL ISC",
14213	.state = CTL_HA_STATE_UNKNOWN,
14214	.init = ctl_isc_init,
14215	.start = ctl_isc_start,
14216	.quiesce = ctl_isc_quiesce
14217};
14218
14219/*
14220 *  vim: ts=8
14221 */
14222