ctl.c revision 287372 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * All rights reserved.
5 *
6 * Portions of this software were developed by Edward Tomasz Napierala
7 * under sponsorship from the FreeBSD Foundation.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions, and the following disclaimer,
14 *    without modification.
15 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
16 *    substantially similar to the "NO WARRANTY" disclaimer below
17 *    ("Disclaimer") and any redistribution must be conditioned upon
18 *    including a substantially similar Disclaimer requirement for further
19 *    binary redistribution.
20 *
21 * NO WARRANTY
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
23 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
24 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
25 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
26 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
31 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 * POSSIBILITY OF SUCH DAMAGES.
33 *
34 * $Id$
35 */
36/*
37 * CAM Target Layer, a SCSI device emulation subsystem.
38 *
39 * Author: Ken Merry <ken@FreeBSD.org>
40 */
41
42#define _CTL_C
43
44#include <sys/cdefs.h>
45__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 287372 2015-09-01 16:28:06Z mav $");
46
47#include <sys/param.h>
48#include <sys/systm.h>
49#include <sys/ctype.h>
50#include <sys/kernel.h>
51#include <sys/types.h>
52#include <sys/kthread.h>
53#include <sys/bio.h>
54#include <sys/fcntl.h>
55#include <sys/lock.h>
56#include <sys/module.h>
57#include <sys/mutex.h>
58#include <sys/condvar.h>
59#include <sys/malloc.h>
60#include <sys/conf.h>
61#include <sys/ioccom.h>
62#include <sys/queue.h>
63#include <sys/sbuf.h>
64#include <sys/smp.h>
65#include <sys/endian.h>
66#include <sys/sysctl.h>
67#include <vm/uma.h>
68
69#include <cam/cam.h>
70#include <cam/scsi/scsi_all.h>
71#include <cam/scsi/scsi_da.h>
72#include <cam/ctl/ctl_io.h>
73#include <cam/ctl/ctl.h>
74#include <cam/ctl/ctl_frontend.h>
75#include <cam/ctl/ctl_util.h>
76#include <cam/ctl/ctl_backend.h>
77#include <cam/ctl/ctl_ioctl.h>
78#include <cam/ctl/ctl_ha.h>
79#include <cam/ctl/ctl_private.h>
80#include <cam/ctl/ctl_debug.h>
81#include <cam/ctl/ctl_scsi_all.h>
82#include <cam/ctl/ctl_error.h>
83
84struct ctl_softc *control_softc = NULL;
85
86/*
87 * Size and alignment macros needed for Copan-specific HA hardware.  These
88 * can go away when the HA code is re-written, and uses busdma for any
89 * hardware.
90 */
91#define	CTL_ALIGN_8B(target, source, type)				\
92	if (((uint32_t)source & 0x7) != 0)				\
93		target = (type)(source + (0x8 - ((uint32_t)source & 0x7)));\
94	else								\
95		target = (type)source;
96
97#define	CTL_SIZE_8B(target, size)					\
98	if ((size & 0x7) != 0)						\
99		target = size + (0x8 - (size & 0x7));			\
100	else								\
101		target = size;
102
103#define CTL_ALIGN_8B_MARGIN	16
104
105/*
106 * Template mode pages.
107 */
108
109/*
110 * Note that these are default values only.  The actual values will be
111 * filled in when the user does a mode sense.
112 */
113const static struct copan_debugconf_subpage debugconf_page_default = {
114	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
115	DBGCNF_SUBPAGE_CODE,		/* subpage */
116	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
117	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
118	DBGCNF_VERSION,			/* page_version */
119	{CTL_TIME_IO_DEFAULT_SECS>>8,
120	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
121};
122
123const static struct copan_debugconf_subpage debugconf_page_changeable = {
124	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
125	DBGCNF_SUBPAGE_CODE,		/* subpage */
126	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
127	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
128	0,				/* page_version */
129	{0xff,0xff},			/* ctl_time_io_secs */
130};
131
132const static struct scsi_da_rw_recovery_page rw_er_page_default = {
133	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
134	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
135	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
136	/*read_retry_count*/0,
137	/*correction_span*/0,
138	/*head_offset_count*/0,
139	/*data_strobe_offset_cnt*/0,
140	/*byte8*/SMS_RWER_LBPERE,
141	/*write_retry_count*/0,
142	/*reserved2*/0,
143	/*recovery_time_limit*/{0, 0},
144};
145
146const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
147	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
148	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
149	/*byte3*/0,
150	/*read_retry_count*/0,
151	/*correction_span*/0,
152	/*head_offset_count*/0,
153	/*data_strobe_offset_cnt*/0,
154	/*byte8*/0,
155	/*write_retry_count*/0,
156	/*reserved2*/0,
157	/*recovery_time_limit*/{0, 0},
158};
159
160const static struct scsi_format_page format_page_default = {
161	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
162	/*page_length*/sizeof(struct scsi_format_page) - 2,
163	/*tracks_per_zone*/ {0, 0},
164	/*alt_sectors_per_zone*/ {0, 0},
165	/*alt_tracks_per_zone*/ {0, 0},
166	/*alt_tracks_per_lun*/ {0, 0},
167	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
168			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
169	/*bytes_per_sector*/ {0, 0},
170	/*interleave*/ {0, 0},
171	/*track_skew*/ {0, 0},
172	/*cylinder_skew*/ {0, 0},
173	/*flags*/ SFP_HSEC,
174	/*reserved*/ {0, 0, 0}
175};
176
177const static struct scsi_format_page format_page_changeable = {
178	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
179	/*page_length*/sizeof(struct scsi_format_page) - 2,
180	/*tracks_per_zone*/ {0, 0},
181	/*alt_sectors_per_zone*/ {0, 0},
182	/*alt_tracks_per_zone*/ {0, 0},
183	/*alt_tracks_per_lun*/ {0, 0},
184	/*sectors_per_track*/ {0, 0},
185	/*bytes_per_sector*/ {0, 0},
186	/*interleave*/ {0, 0},
187	/*track_skew*/ {0, 0},
188	/*cylinder_skew*/ {0, 0},
189	/*flags*/ 0,
190	/*reserved*/ {0, 0, 0}
191};
192
193const static struct scsi_rigid_disk_page rigid_disk_page_default = {
194	/*page_code*/SMS_RIGID_DISK_PAGE,
195	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
196	/*cylinders*/ {0, 0, 0},
197	/*heads*/ CTL_DEFAULT_HEADS,
198	/*start_write_precomp*/ {0, 0, 0},
199	/*start_reduced_current*/ {0, 0, 0},
200	/*step_rate*/ {0, 0},
201	/*landing_zone_cylinder*/ {0, 0, 0},
202	/*rpl*/ SRDP_RPL_DISABLED,
203	/*rotational_offset*/ 0,
204	/*reserved1*/ 0,
205	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
206			   CTL_DEFAULT_ROTATION_RATE & 0xff},
207	/*reserved2*/ {0, 0}
208};
209
210const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
211	/*page_code*/SMS_RIGID_DISK_PAGE,
212	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
213	/*cylinders*/ {0, 0, 0},
214	/*heads*/ 0,
215	/*start_write_precomp*/ {0, 0, 0},
216	/*start_reduced_current*/ {0, 0, 0},
217	/*step_rate*/ {0, 0},
218	/*landing_zone_cylinder*/ {0, 0, 0},
219	/*rpl*/ 0,
220	/*rotational_offset*/ 0,
221	/*reserved1*/ 0,
222	/*rotation_rate*/ {0, 0},
223	/*reserved2*/ {0, 0}
224};
225
226const static struct scsi_caching_page caching_page_default = {
227	/*page_code*/SMS_CACHING_PAGE,
228	/*page_length*/sizeof(struct scsi_caching_page) - 2,
229	/*flags1*/ SCP_DISC | SCP_WCE,
230	/*ret_priority*/ 0,
231	/*disable_pf_transfer_len*/ {0xff, 0xff},
232	/*min_prefetch*/ {0, 0},
233	/*max_prefetch*/ {0xff, 0xff},
234	/*max_pf_ceiling*/ {0xff, 0xff},
235	/*flags2*/ 0,
236	/*cache_segments*/ 0,
237	/*cache_seg_size*/ {0, 0},
238	/*reserved*/ 0,
239	/*non_cache_seg_size*/ {0, 0, 0}
240};
241
242const static struct scsi_caching_page caching_page_changeable = {
243	/*page_code*/SMS_CACHING_PAGE,
244	/*page_length*/sizeof(struct scsi_caching_page) - 2,
245	/*flags1*/ SCP_WCE | SCP_RCD,
246	/*ret_priority*/ 0,
247	/*disable_pf_transfer_len*/ {0, 0},
248	/*min_prefetch*/ {0, 0},
249	/*max_prefetch*/ {0, 0},
250	/*max_pf_ceiling*/ {0, 0},
251	/*flags2*/ 0,
252	/*cache_segments*/ 0,
253	/*cache_seg_size*/ {0, 0},
254	/*reserved*/ 0,
255	/*non_cache_seg_size*/ {0, 0, 0}
256};
257
258const static struct scsi_control_page control_page_default = {
259	/*page_code*/SMS_CONTROL_MODE_PAGE,
260	/*page_length*/sizeof(struct scsi_control_page) - 2,
261	/*rlec*/0,
262	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
263	/*eca_and_aen*/0,
264	/*flags4*/SCP_TAS,
265	/*aen_holdoff_period*/{0, 0},
266	/*busy_timeout_period*/{0, 0},
267	/*extended_selftest_completion_time*/{0, 0}
268};
269
270const static struct scsi_control_page control_page_changeable = {
271	/*page_code*/SMS_CONTROL_MODE_PAGE,
272	/*page_length*/sizeof(struct scsi_control_page) - 2,
273	/*rlec*/SCP_DSENSE,
274	/*queue_flags*/SCP_QUEUE_ALG_MASK,
275	/*eca_and_aen*/SCP_SWP,
276	/*flags4*/0,
277	/*aen_holdoff_period*/{0, 0},
278	/*busy_timeout_period*/{0, 0},
279	/*extended_selftest_completion_time*/{0, 0}
280};
281
282const static struct scsi_info_exceptions_page ie_page_default = {
283	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
284	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
285	/*info_flags*/SIEP_FLAGS_DEXCPT,
286	/*mrie*/0,
287	/*interval_timer*/{0, 0, 0, 0},
288	/*report_count*/{0, 0, 0, 0}
289};
290
291const static struct scsi_info_exceptions_page ie_page_changeable = {
292	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
293	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
294	/*info_flags*/0,
295	/*mrie*/0,
296	/*interval_timer*/{0, 0, 0, 0},
297	/*report_count*/{0, 0, 0, 0}
298};
299
300#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
301
302const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
303	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
304	/*subpage_code*/0x02,
305	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
306	/*flags*/0,
307	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
308	/*descr*/{}},
309	{{/*flags*/0,
310	  /*resource*/0x01,
311	  /*reserved*/{0, 0},
312	  /*count*/{0, 0, 0, 0}},
313	 {/*flags*/0,
314	  /*resource*/0x02,
315	  /*reserved*/{0, 0},
316	  /*count*/{0, 0, 0, 0}},
317	 {/*flags*/0,
318	  /*resource*/0xf1,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0xf2,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}}
325	}
326};
327
328const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
329	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
330	/*subpage_code*/0x02,
331	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
332	/*flags*/0,
333	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
334	/*descr*/{}},
335	{{/*flags*/0,
336	  /*resource*/0,
337	  /*reserved*/{0, 0},
338	  /*count*/{0, 0, 0, 0}},
339	 {/*flags*/0,
340	  /*resource*/0,
341	  /*reserved*/{0, 0},
342	  /*count*/{0, 0, 0, 0}},
343	 {/*flags*/0,
344	  /*resource*/0,
345	  /*reserved*/{0, 0},
346	  /*count*/{0, 0, 0, 0}},
347	 {/*flags*/0,
348	  /*resource*/0,
349	  /*reserved*/{0, 0},
350	  /*count*/{0, 0, 0, 0}}
351	}
352};
353
354/*
355 * XXX KDM move these into the softc.
356 */
357static int rcv_sync_msg;
358static uint8_t ctl_pause_rtr;
359
360SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
361static int worker_threads = -1;
362SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
363    &worker_threads, 1, "Number of worker threads");
364static int ctl_debug = CTL_DEBUG_NONE;
365SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
366    &ctl_debug, 0, "Enabled debug flags");
367
368/*
369 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
370 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
371 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
372 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
373 */
374#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
375
376#ifdef notyet
377static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
378				  int param);
379static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
380#endif
381static int ctl_init(void);
382void ctl_shutdown(void);
383static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
384static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
385static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
386static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
387			      struct ctl_ooa *ooa_hdr,
388			      struct ctl_ooa_entry *kern_entries);
389static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
390		     struct thread *td);
391static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
392			 struct ctl_be_lun *be_lun);
393static int ctl_free_lun(struct ctl_lun *lun);
394static void ctl_create_lun(struct ctl_be_lun *be_lun);
395static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
396/**
397static void ctl_failover_change_pages(struct ctl_softc *softc,
398				      struct ctl_scsiio *ctsio, int master);
399**/
400
401static int ctl_do_mode_select(union ctl_io *io);
402static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
403			   uint64_t res_key, uint64_t sa_res_key,
404			   uint8_t type, uint32_t residx,
405			   struct ctl_scsiio *ctsio,
406			   struct scsi_per_res_out *cdb,
407			   struct scsi_per_res_out_parms* param);
408static void ctl_pro_preempt_other(struct ctl_lun *lun,
409				  union ctl_ha_msg *msg);
410static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
411static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
412static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
413static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
414static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
415static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
416static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
417					 int alloc_len);
418static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
419					 int alloc_len);
420static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
421static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
422static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
423static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
424static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
425static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
426    bool seq);
427static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
428static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
429    union ctl_io *pending_io, union ctl_io *ooa_io);
430static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
431				union ctl_io *starting_io);
432static int ctl_check_blocked(struct ctl_lun *lun);
433static int ctl_scsiio_lun_check(struct ctl_lun *lun,
434				const struct ctl_cmd_entry *entry,
435				struct ctl_scsiio *ctsio);
436//static int ctl_check_rtr(union ctl_io *pending_io, struct ctl_softc *softc);
437#ifdef notyet
438static void ctl_failover(void);
439#endif
440static void ctl_clear_ua(struct ctl_softc *ctl_softc, uint32_t initidx,
441			 ctl_ua_type ua_type);
442static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
443			       struct ctl_scsiio *ctsio);
444static int ctl_scsiio(struct ctl_scsiio *ctsio);
445
446static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
447static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
448			    ctl_ua_type ua_type);
449static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
450			 ctl_ua_type ua_type);
451static int ctl_abort_task(union ctl_io *io);
452static int ctl_abort_task_set(union ctl_io *io);
453static int ctl_i_t_nexus_reset(union ctl_io *io);
454static void ctl_run_task(union ctl_io *io);
455#ifdef CTL_IO_DELAY
456static void ctl_datamove_timer_wakeup(void *arg);
457static void ctl_done_timer_wakeup(void *arg);
458#endif /* CTL_IO_DELAY */
459
460static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
461static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
462static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
463static void ctl_datamove_remote_write(union ctl_io *io);
464static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
465static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
466static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
467static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
468				    ctl_ha_dt_cb callback);
469static void ctl_datamove_remote_read(union ctl_io *io);
470static void ctl_datamove_remote(union ctl_io *io);
471static int ctl_process_done(union ctl_io *io);
472static void ctl_lun_thread(void *arg);
473static void ctl_thresh_thread(void *arg);
474static void ctl_work_thread(void *arg);
475static void ctl_enqueue_incoming(union ctl_io *io);
476static void ctl_enqueue_rtr(union ctl_io *io);
477static void ctl_enqueue_done(union ctl_io *io);
478#ifdef notyet
479static void ctl_enqueue_isc(union ctl_io *io);
480#endif
481static const struct ctl_cmd_entry *
482    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
483static const struct ctl_cmd_entry *
484    ctl_validate_command(struct ctl_scsiio *ctsio);
485static int ctl_cmd_applicable(uint8_t lun_type,
486    const struct ctl_cmd_entry *entry);
487
488/*
489 * Load the serialization table.  This isn't very pretty, but is probably
490 * the easiest way to do it.
491 */
492#include "ctl_ser_table.c"
493
494/*
495 * We only need to define open, close and ioctl routines for this driver.
496 */
497static struct cdevsw ctl_cdevsw = {
498	.d_version =	D_VERSION,
499	.d_flags =	0,
500	.d_open =	ctl_open,
501	.d_close =	ctl_close,
502	.d_ioctl =	ctl_ioctl,
503	.d_name =	"ctl",
504};
505
506
507MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
508
509static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
510
511static moduledata_t ctl_moduledata = {
512	"ctl",
513	ctl_module_event_handler,
514	NULL
515};
516
517DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
518MODULE_VERSION(ctl, 1);
519
520#ifdef notyet
521static void
522ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
523			    union ctl_ha_msg *msg_info)
524{
525	struct ctl_scsiio *ctsio;
526
527	if (msg_info->hdr.original_sc == NULL) {
528		printf("%s: original_sc == NULL!\n", __func__);
529		/* XXX KDM now what? */
530		return;
531	}
532
533	ctsio = &msg_info->hdr.original_sc->scsiio;
534	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
535	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
536	ctsio->io_hdr.status = msg_info->hdr.status;
537	ctsio->scsi_status = msg_info->scsi.scsi_status;
538	ctsio->sense_len = msg_info->scsi.sense_len;
539	ctsio->sense_residual = msg_info->scsi.sense_residual;
540	ctsio->residual = msg_info->scsi.residual;
541	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
542	       sizeof(ctsio->sense_data));
543	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
544	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
545	ctl_enqueue_isc((union ctl_io *)ctsio);
546}
547
548static void
549ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
550				union ctl_ha_msg *msg_info)
551{
552	struct ctl_scsiio *ctsio;
553
554	if (msg_info->hdr.serializing_sc == NULL) {
555		printf("%s: serializing_sc == NULL!\n", __func__);
556		/* XXX KDM now what? */
557		return;
558	}
559
560	ctsio = &msg_info->hdr.serializing_sc->scsiio;
561#if 0
562	/*
563	 * Attempt to catch the situation where an I/O has
564	 * been freed, and we're using it again.
565	 */
566	if (ctsio->io_hdr.io_type == 0xff) {
567		union ctl_io *tmp_io;
568		tmp_io = (union ctl_io *)ctsio;
569		printf("%s: %p use after free!\n", __func__,
570		       ctsio);
571		printf("%s: type %d msg %d cdb %x iptl: "
572		       "%d:%d:%d:%d tag 0x%04x "
573		       "flag %#x status %x\n",
574			__func__,
575			tmp_io->io_hdr.io_type,
576			tmp_io->io_hdr.msg_type,
577			tmp_io->scsiio.cdb[0],
578			tmp_io->io_hdr.nexus.initid.id,
579			tmp_io->io_hdr.nexus.targ_port,
580			tmp_io->io_hdr.nexus.targ_target.id,
581			tmp_io->io_hdr.nexus.targ_lun,
582			(tmp_io->io_hdr.io_type ==
583			CTL_IO_TASK) ?
584			tmp_io->taskio.tag_num :
585			tmp_io->scsiio.tag_num,
586		        tmp_io->io_hdr.flags,
587			tmp_io->io_hdr.status);
588	}
589#endif
590	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
591	ctl_enqueue_isc((union ctl_io *)ctsio);
592}
593
594/*
595 * ISC (Inter Shelf Communication) event handler.  Events from the HA
596 * subsystem come in here.
597 */
598static void
599ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
600{
601	struct ctl_softc *softc;
602	union ctl_io *io;
603	struct ctl_prio *presio;
604	ctl_ha_status isc_status;
605
606	softc = control_softc;
607	io = NULL;
608
609
610#if 0
611	printf("CTL: Isc Msg event %d\n", event);
612#endif
613	if (event == CTL_HA_EVT_MSG_RECV) {
614		union ctl_ha_msg msg_info;
615
616		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
617					     sizeof(msg_info), /*wait*/ 0);
618#if 0
619		printf("CTL: msg_type %d\n", msg_info.msg_type);
620#endif
621		if (isc_status != 0) {
622			printf("Error receiving message, status = %d\n",
623			       isc_status);
624			return;
625		}
626
627		switch (msg_info.hdr.msg_type) {
628		case CTL_MSG_SERIALIZE:
629#if 0
630			printf("Serialize\n");
631#endif
632			io = ctl_alloc_io_nowait(softc->othersc_pool);
633			if (io == NULL) {
634				printf("ctl_isc_event_handler: can't allocate "
635				       "ctl_io!\n");
636				/* Bad Juju */
637				/* Need to set busy and send msg back */
638				msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
639				msg_info.hdr.status = CTL_SCSI_ERROR;
640				msg_info.scsi.scsi_status = SCSI_STATUS_BUSY;
641				msg_info.scsi.sense_len = 0;
642			        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
643				    sizeof(msg_info), 0) > CTL_HA_STATUS_SUCCESS){
644				}
645				goto bailout;
646			}
647			ctl_zero_io(io);
648			// populate ctsio from msg_info
649			io->io_hdr.io_type = CTL_IO_SCSI;
650			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
651			io->io_hdr.original_sc = msg_info.hdr.original_sc;
652#if 0
653			printf("pOrig %x\n", (int)msg_info.original_sc);
654#endif
655			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
656					    CTL_FLAG_IO_ACTIVE;
657			/*
658			 * If we're in serialization-only mode, we don't
659			 * want to go through full done processing.  Thus
660			 * the COPY flag.
661			 *
662			 * XXX KDM add another flag that is more specific.
663			 */
664			if (softc->ha_mode == CTL_HA_MODE_SER_ONLY)
665				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
666			io->io_hdr.nexus = msg_info.hdr.nexus;
667#if 0
668			printf("targ %d, port %d, iid %d, lun %d\n",
669			       io->io_hdr.nexus.targ_target.id,
670			       io->io_hdr.nexus.targ_port,
671			       io->io_hdr.nexus.initid.id,
672			       io->io_hdr.nexus.targ_lun);
673#endif
674			io->scsiio.tag_num = msg_info.scsi.tag_num;
675			io->scsiio.tag_type = msg_info.scsi.tag_type;
676			memcpy(io->scsiio.cdb, msg_info.scsi.cdb,
677			       CTL_MAX_CDBLEN);
678			if (softc->ha_mode == CTL_HA_MODE_XFER) {
679				const struct ctl_cmd_entry *entry;
680
681				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
682				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
683				io->io_hdr.flags |=
684					entry->flags & CTL_FLAG_DATA_MASK;
685			}
686			ctl_enqueue_isc(io);
687			break;
688
689		/* Performed on the Originating SC, XFER mode only */
690		case CTL_MSG_DATAMOVE: {
691			struct ctl_sg_entry *sgl;
692			int i, j;
693
694			io = msg_info.hdr.original_sc;
695			if (io == NULL) {
696				printf("%s: original_sc == NULL!\n", __func__);
697				/* XXX KDM do something here */
698				break;
699			}
700			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
701			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
702			/*
703			 * Keep track of this, we need to send it back over
704			 * when the datamove is complete.
705			 */
706			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
707
708			if (msg_info.dt.sg_sequence == 0) {
709				/*
710				 * XXX KDM we use the preallocated S/G list
711				 * here, but we'll need to change this to
712				 * dynamic allocation if we need larger S/G
713				 * lists.
714				 */
715				if (msg_info.dt.kern_sg_entries >
716				    sizeof(io->io_hdr.remote_sglist) /
717				    sizeof(io->io_hdr.remote_sglist[0])) {
718					printf("%s: number of S/G entries "
719					    "needed %u > allocated num %zd\n",
720					    __func__,
721					    msg_info.dt.kern_sg_entries,
722					    sizeof(io->io_hdr.remote_sglist)/
723					    sizeof(io->io_hdr.remote_sglist[0]));
724
725					/*
726					 * XXX KDM send a message back to
727					 * the other side to shut down the
728					 * DMA.  The error will come back
729					 * through via the normal channel.
730					 */
731					break;
732				}
733				sgl = io->io_hdr.remote_sglist;
734				memset(sgl, 0,
735				       sizeof(io->io_hdr.remote_sglist));
736
737				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
738
739				io->scsiio.kern_sg_entries =
740					msg_info.dt.kern_sg_entries;
741				io->scsiio.rem_sg_entries =
742					msg_info.dt.kern_sg_entries;
743				io->scsiio.kern_data_len =
744					msg_info.dt.kern_data_len;
745				io->scsiio.kern_total_len =
746					msg_info.dt.kern_total_len;
747				io->scsiio.kern_data_resid =
748					msg_info.dt.kern_data_resid;
749				io->scsiio.kern_rel_offset =
750					msg_info.dt.kern_rel_offset;
751				/*
752				 * Clear out per-DMA flags.
753				 */
754				io->io_hdr.flags &= ~CTL_FLAG_RDMA_MASK;
755				/*
756				 * Add per-DMA flags that are set for this
757				 * particular DMA request.
758				 */
759				io->io_hdr.flags |= msg_info.dt.flags &
760						    CTL_FLAG_RDMA_MASK;
761			} else
762				sgl = (struct ctl_sg_entry *)
763					io->scsiio.kern_data_ptr;
764
765			for (i = msg_info.dt.sent_sg_entries, j = 0;
766			     i < (msg_info.dt.sent_sg_entries +
767			     msg_info.dt.cur_sg_entries); i++, j++) {
768				sgl[i].addr = msg_info.dt.sg_list[j].addr;
769				sgl[i].len = msg_info.dt.sg_list[j].len;
770
771#if 0
772				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
773				       __func__,
774				       msg_info.dt.sg_list[j].addr,
775				       msg_info.dt.sg_list[j].len,
776				       sgl[i].addr, sgl[i].len, j, i);
777#endif
778			}
779#if 0
780			memcpy(&sgl[msg_info.dt.sent_sg_entries],
781			       msg_info.dt.sg_list,
782			       sizeof(*sgl) * msg_info.dt.cur_sg_entries);
783#endif
784
785			/*
786			 * If this is the last piece of the I/O, we've got
787			 * the full S/G list.  Queue processing in the thread.
788			 * Otherwise wait for the next piece.
789			 */
790			if (msg_info.dt.sg_last != 0)
791				ctl_enqueue_isc(io);
792			break;
793		}
794		/* Performed on the Serializing (primary) SC, XFER mode only */
795		case CTL_MSG_DATAMOVE_DONE: {
796			if (msg_info.hdr.serializing_sc == NULL) {
797				printf("%s: serializing_sc == NULL!\n",
798				       __func__);
799				/* XXX KDM now what? */
800				break;
801			}
802			/*
803			 * We grab the sense information here in case
804			 * there was a failure, so we can return status
805			 * back to the initiator.
806			 */
807			io = msg_info.hdr.serializing_sc;
808			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
809			io->io_hdr.status = msg_info.hdr.status;
810			io->scsiio.scsi_status = msg_info.scsi.scsi_status;
811			io->scsiio.sense_len = msg_info.scsi.sense_len;
812			io->scsiio.sense_residual =msg_info.scsi.sense_residual;
813			io->io_hdr.port_status = msg_info.scsi.fetd_status;
814			io->scsiio.residual = msg_info.scsi.residual;
815			memcpy(&io->scsiio.sense_data,&msg_info.scsi.sense_data,
816			       sizeof(io->scsiio.sense_data));
817			ctl_enqueue_isc(io);
818			break;
819		}
820
821		/* Preformed on Originating SC, SER_ONLY mode */
822		case CTL_MSG_R2R:
823			io = msg_info.hdr.original_sc;
824			if (io == NULL) {
825				printf("%s: Major Bummer\n", __func__);
826				return;
827			} else {
828#if 0
829				printf("pOrig %x\n",(int) ctsio);
830#endif
831			}
832			io->io_hdr.msg_type = CTL_MSG_R2R;
833			io->io_hdr.serializing_sc = msg_info.hdr.serializing_sc;
834			ctl_enqueue_isc(io);
835			break;
836
837		/*
838		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
839		 * mode.
840		 * Performed on the Originating (i.e. secondary) SC in XFER
841		 * mode
842		 */
843		case CTL_MSG_FINISH_IO:
844			if (softc->ha_mode == CTL_HA_MODE_XFER)
845				ctl_isc_handler_finish_xfer(softc,
846							    &msg_info);
847			else
848				ctl_isc_handler_finish_ser_only(softc,
849								&msg_info);
850			break;
851
852		/* Preformed on Originating SC */
853		case CTL_MSG_BAD_JUJU:
854			io = msg_info.hdr.original_sc;
855			if (io == NULL) {
856				printf("%s: Bad JUJU!, original_sc is NULL!\n",
857				       __func__);
858				break;
859			}
860			ctl_copy_sense_data(&msg_info, io);
861			/*
862			 * IO should have already been cleaned up on other
863			 * SC so clear this flag so we won't send a message
864			 * back to finish the IO there.
865			 */
866			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
867			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
868
869			/* io = msg_info.hdr.serializing_sc; */
870			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
871			ctl_enqueue_isc(io);
872			break;
873
874		/* Handle resets sent from the other side */
875		case CTL_MSG_MANAGE_TASKS: {
876			struct ctl_taskio *taskio;
877			taskio = (struct ctl_taskio *)ctl_alloc_io_nowait(
878			    softc->othersc_pool);
879			if (taskio == NULL) {
880				printf("ctl_isc_event_handler: can't allocate "
881				       "ctl_io!\n");
882				/* Bad Juju */
883				/* should I just call the proper reset func
884				   here??? */
885				goto bailout;
886			}
887			ctl_zero_io((union ctl_io *)taskio);
888			taskio->io_hdr.io_type = CTL_IO_TASK;
889			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
890			taskio->io_hdr.nexus = msg_info.hdr.nexus;
891			taskio->task_action = msg_info.task.task_action;
892			taskio->tag_num = msg_info.task.tag_num;
893			taskio->tag_type = msg_info.task.tag_type;
894#ifdef CTL_TIME_IO
895			taskio->io_hdr.start_time = time_uptime;
896			getbintime(&taskio->io_hdr.start_bt);
897#if 0
898			cs_prof_gettime(&taskio->io_hdr.start_ticks);
899#endif
900#endif /* CTL_TIME_IO */
901			ctl_run_task((union ctl_io *)taskio);
902			break;
903		}
904		/* Persistent Reserve action which needs attention */
905		case CTL_MSG_PERS_ACTION:
906			presio = (struct ctl_prio *)ctl_alloc_io_nowait(
907			    softc->othersc_pool);
908			if (presio == NULL) {
909				printf("ctl_isc_event_handler: can't allocate "
910				       "ctl_io!\n");
911				/* Bad Juju */
912				/* Need to set busy and send msg back */
913				goto bailout;
914			}
915			ctl_zero_io((union ctl_io *)presio);
916			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
917			presio->pr_msg = msg_info.pr;
918			ctl_enqueue_isc((union ctl_io *)presio);
919			break;
920		case CTL_MSG_SYNC_FE:
921			rcv_sync_msg = 1;
922			break;
923		default:
924		        printf("How did I get here?\n");
925		}
926	} else if (event == CTL_HA_EVT_MSG_SENT) {
927		if (param != CTL_HA_STATUS_SUCCESS) {
928			printf("Bad status from ctl_ha_msg_send status %d\n",
929			       param);
930		}
931		return;
932	} else if (event == CTL_HA_EVT_DISCONNECT) {
933		printf("CTL: Got a disconnect from Isc\n");
934		return;
935	} else {
936		printf("ctl_isc_event_handler: Unknown event %d\n", event);
937		return;
938	}
939
940bailout:
941	return;
942}
943
944static void
945ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
946{
947	struct scsi_sense_data *sense;
948
949	sense = &dest->scsiio.sense_data;
950	bcopy(&src->scsi.sense_data, sense, sizeof(*sense));
951	dest->scsiio.scsi_status = src->scsi.scsi_status;
952	dest->scsiio.sense_len = src->scsi.sense_len;
953	dest->io_hdr.status = src->hdr.status;
954}
955#endif
956
957static void
958ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
959{
960	ctl_ua_type *pu;
961
962	mtx_assert(&lun->lun_lock, MA_OWNED);
963	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
964	if (pu == NULL)
965		return;
966	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
967}
968
969static void
970ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
971{
972	int i, j;
973
974	mtx_assert(&lun->lun_lock, MA_OWNED);
975	for (i = 0; i < CTL_MAX_PORTS; i++) {
976		if (lun->pending_ua[i] == NULL)
977			continue;
978		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
979			if (i * CTL_MAX_INIT_PER_PORT + j == except)
980				continue;
981			lun->pending_ua[i][j] |= ua;
982		}
983	}
984}
985
986static void
987ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
988{
989	ctl_ua_type *pu;
990
991	mtx_assert(&lun->lun_lock, MA_OWNED);
992	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
993	if (pu == NULL)
994		return;
995	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
996}
997
998static void
999ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1000{
1001	int i, j;
1002
1003	mtx_assert(&lun->lun_lock, MA_OWNED);
1004	for (i = 0; i < CTL_MAX_PORTS; i++) {
1005		if (lun->pending_ua[i] == NULL)
1006			continue;
1007		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1008			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1009				continue;
1010			lun->pending_ua[i][j] &= ~ua;
1011		}
1012	}
1013}
1014
1015static int
1016ctl_ha_state_sysctl(SYSCTL_HANDLER_ARGS)
1017{
1018	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1019	struct ctl_lun *lun;
1020	int error, value;
1021
1022	if (softc->flags & CTL_FLAG_ACTIVE_SHELF)
1023		value = 0;
1024	else
1025		value = 1;
1026
1027	error = sysctl_handle_int(oidp, &value, 0, req);
1028	if ((error != 0) || (req->newptr == NULL))
1029		return (error);
1030
1031	mtx_lock(&softc->ctl_lock);
1032	if (value == 0)
1033		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1034	else
1035		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1036	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1037		mtx_lock(&lun->lun_lock);
1038		ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1039		mtx_unlock(&lun->lun_lock);
1040	}
1041	mtx_unlock(&softc->ctl_lock);
1042	return (0);
1043}
1044
1045static int
1046ctl_init(void)
1047{
1048	struct ctl_softc *softc;
1049	void *other_pool;
1050	int i, error, retval;
1051	//int isc_retval;
1052
1053	retval = 0;
1054	ctl_pause_rtr = 0;
1055        rcv_sync_msg = 0;
1056
1057	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1058			       M_WAITOK | M_ZERO);
1059	softc = control_softc;
1060
1061	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1062			      "cam/ctl");
1063
1064	softc->dev->si_drv1 = softc;
1065
1066	/*
1067	 * By default, return a "bad LUN" peripheral qualifier for unknown
1068	 * LUNs.  The user can override this default using the tunable or
1069	 * sysctl.  See the comment in ctl_inquiry_std() for more details.
1070	 */
1071	softc->inquiry_pq_no_lun = 1;
1072	TUNABLE_INT_FETCH("kern.cam.ctl.inquiry_pq_no_lun",
1073			  &softc->inquiry_pq_no_lun);
1074	sysctl_ctx_init(&softc->sysctl_ctx);
1075	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1076		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1077		CTLFLAG_RD, 0, "CAM Target Layer");
1078
1079	if (softc->sysctl_tree == NULL) {
1080		printf("%s: unable to allocate sysctl tree\n", __func__);
1081		destroy_dev(softc->dev);
1082		free(control_softc, M_DEVBUF);
1083		control_softc = NULL;
1084		return (ENOMEM);
1085	}
1086
1087	SYSCTL_ADD_INT(&softc->sysctl_ctx,
1088		       SYSCTL_CHILDREN(softc->sysctl_tree), OID_AUTO,
1089		       "inquiry_pq_no_lun", CTLFLAG_RW,
1090		       &softc->inquiry_pq_no_lun, 0,
1091		       "Report no lun possible for invalid LUNs");
1092
1093	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1094	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1095	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1096	softc->open_count = 0;
1097
1098	/*
1099	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1100	 * the drive.
1101	 */
1102	softc->flags = CTL_FLAG_REAL_SYNC;
1103
1104	/*
1105	 * In Copan's HA scheme, the "master" and "slave" roles are
1106	 * figured out through the slot the controller is in.  Although it
1107	 * is an active/active system, someone has to be in charge.
1108	 */
1109	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1110	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1111	    "HA head ID (0 - no HA)");
1112	if (softc->ha_id == 0) {
1113		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1114		softc->is_single = 1;
1115		softc->port_offset = 0;
1116	} else
1117		softc->port_offset = (softc->ha_id - 1) * CTL_MAX_PORTS;
1118	softc->persis_offset = softc->port_offset * CTL_MAX_INIT_PER_PORT;
1119
1120	STAILQ_INIT(&softc->lun_list);
1121	STAILQ_INIT(&softc->pending_lun_queue);
1122	STAILQ_INIT(&softc->fe_list);
1123	STAILQ_INIT(&softc->port_list);
1124	STAILQ_INIT(&softc->be_list);
1125	ctl_tpc_init(softc);
1126
1127	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1128	                    &other_pool) != 0)
1129	{
1130		printf("ctl: can't allocate %d entry other SC pool, "
1131		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1132		return (ENOMEM);
1133	}
1134	softc->othersc_pool = other_pool;
1135
1136	if (worker_threads <= 0)
1137		worker_threads = max(1, mp_ncpus / 4);
1138	if (worker_threads > CTL_MAX_THREADS)
1139		worker_threads = CTL_MAX_THREADS;
1140
1141	for (i = 0; i < worker_threads; i++) {
1142		struct ctl_thread *thr = &softc->threads[i];
1143
1144		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1145		thr->ctl_softc = softc;
1146		STAILQ_INIT(&thr->incoming_queue);
1147		STAILQ_INIT(&thr->rtr_queue);
1148		STAILQ_INIT(&thr->done_queue);
1149		STAILQ_INIT(&thr->isc_queue);
1150
1151		error = kproc_kthread_add(ctl_work_thread, thr,
1152		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1153		if (error != 0) {
1154			printf("error creating CTL work thread!\n");
1155			ctl_pool_free(other_pool);
1156			return (error);
1157		}
1158	}
1159	error = kproc_kthread_add(ctl_lun_thread, softc,
1160	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1161	if (error != 0) {
1162		printf("error creating CTL lun thread!\n");
1163		ctl_pool_free(other_pool);
1164		return (error);
1165	}
1166	error = kproc_kthread_add(ctl_thresh_thread, softc,
1167	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1168	if (error != 0) {
1169		printf("error creating CTL threshold thread!\n");
1170		ctl_pool_free(other_pool);
1171		return (error);
1172	}
1173
1174	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1175	    OID_AUTO, "ha_state", CTLTYPE_INT | CTLFLAG_RWTUN,
1176	    softc, 0, ctl_ha_state_sysctl, "I", "HA state for this head");
1177
1178#ifdef CTL_IO_DELAY
1179	if (sizeof(struct callout) > CTL_TIMER_BYTES) {
1180		printf("sizeof(struct callout) %zd > CTL_TIMER_BYTES %zd\n",
1181		       sizeof(struct callout), CTL_TIMER_BYTES);
1182		return (EINVAL);
1183	}
1184#endif /* CTL_IO_DELAY */
1185
1186	return (0);
1187}
1188
1189void
1190ctl_shutdown(void)
1191{
1192	struct ctl_softc *softc;
1193	struct ctl_lun *lun, *next_lun;
1194
1195	softc = (struct ctl_softc *)control_softc;
1196
1197	mtx_lock(&softc->ctl_lock);
1198
1199	/*
1200	 * Free up each LUN.
1201	 */
1202	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1203		next_lun = STAILQ_NEXT(lun, links);
1204		ctl_free_lun(lun);
1205	}
1206
1207	mtx_unlock(&softc->ctl_lock);
1208
1209#if 0
1210	ctl_shutdown_thread(softc->work_thread);
1211	mtx_destroy(&softc->queue_lock);
1212#endif
1213
1214	ctl_tpc_shutdown(softc);
1215	uma_zdestroy(softc->io_zone);
1216	mtx_destroy(&softc->ctl_lock);
1217
1218	destroy_dev(softc->dev);
1219
1220	sysctl_ctx_free(&softc->sysctl_ctx);
1221
1222	free(control_softc, M_DEVBUF);
1223	control_softc = NULL;
1224}
1225
1226static int
1227ctl_module_event_handler(module_t mod, int what, void *arg)
1228{
1229
1230	switch (what) {
1231	case MOD_LOAD:
1232		return (ctl_init());
1233	case MOD_UNLOAD:
1234		return (EBUSY);
1235	default:
1236		return (EOPNOTSUPP);
1237	}
1238}
1239
1240/*
1241 * XXX KDM should we do some access checks here?  Bump a reference count to
1242 * prevent a CTL module from being unloaded while someone has it open?
1243 */
1244static int
1245ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1246{
1247	return (0);
1248}
1249
1250static int
1251ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1252{
1253	return (0);
1254}
1255
1256int
1257ctl_port_enable(ctl_port_type port_type)
1258{
1259	struct ctl_softc *softc = control_softc;
1260	struct ctl_port *port;
1261
1262	if (softc->is_single == 0) {
1263		union ctl_ha_msg msg_info;
1264		int isc_retval;
1265
1266#if 0
1267		printf("%s: HA mode, synchronizing frontend enable\n",
1268		        __func__);
1269#endif
1270		msg_info.hdr.msg_type = CTL_MSG_SYNC_FE;
1271	        if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1272		        sizeof(msg_info), 1 )) > CTL_HA_STATUS_SUCCESS) {
1273			printf("Sync msg send error retval %d\n", isc_retval);
1274		}
1275		if (!rcv_sync_msg) {
1276			isc_retval=ctl_ha_msg_recv(CTL_HA_CHAN_CTL, &msg_info,
1277			        sizeof(msg_info), 1);
1278		}
1279#if 0
1280        	printf("CTL:Frontend Enable\n");
1281	} else {
1282		printf("%s: single mode, skipping frontend synchronization\n",
1283		        __func__);
1284#endif
1285	}
1286
1287	STAILQ_FOREACH(port, &softc->port_list, links) {
1288		if (port_type & port->port_type)
1289		{
1290#if 0
1291			printf("port %d\n", port->targ_port);
1292#endif
1293			ctl_port_online(port);
1294		}
1295	}
1296
1297	return (0);
1298}
1299
1300int
1301ctl_port_disable(ctl_port_type port_type)
1302{
1303	struct ctl_softc *softc;
1304	struct ctl_port *port;
1305
1306	softc = control_softc;
1307
1308	STAILQ_FOREACH(port, &softc->port_list, links) {
1309		if (port_type & port->port_type)
1310			ctl_port_offline(port);
1311	}
1312
1313	return (0);
1314}
1315
1316/*
1317 * Returns 0 for success, 1 for failure.
1318 * Currently the only failure mode is if there aren't enough entries
1319 * allocated.  So, in case of a failure, look at num_entries_dropped,
1320 * reallocate and try again.
1321 */
1322int
1323ctl_port_list(struct ctl_port_entry *entries, int num_entries_alloced,
1324	      int *num_entries_filled, int *num_entries_dropped,
1325	      ctl_port_type port_type, int no_virtual)
1326{
1327	struct ctl_softc *softc;
1328	struct ctl_port *port;
1329	int entries_dropped, entries_filled;
1330	int retval;
1331	int i;
1332
1333	softc = control_softc;
1334
1335	retval = 0;
1336	entries_filled = 0;
1337	entries_dropped = 0;
1338
1339	i = 0;
1340	mtx_lock(&softc->ctl_lock);
1341	STAILQ_FOREACH(port, &softc->port_list, links) {
1342		struct ctl_port_entry *entry;
1343
1344		if ((port->port_type & port_type) == 0)
1345			continue;
1346
1347		if ((no_virtual != 0)
1348		 && (port->virtual_port != 0))
1349			continue;
1350
1351		if (entries_filled >= num_entries_alloced) {
1352			entries_dropped++;
1353			continue;
1354		}
1355		entry = &entries[i];
1356
1357		entry->port_type = port->port_type;
1358		strlcpy(entry->port_name, port->port_name,
1359			sizeof(entry->port_name));
1360		entry->physical_port = port->physical_port;
1361		entry->virtual_port = port->virtual_port;
1362		entry->wwnn = port->wwnn;
1363		entry->wwpn = port->wwpn;
1364
1365		i++;
1366		entries_filled++;
1367	}
1368
1369	mtx_unlock(&softc->ctl_lock);
1370
1371	if (entries_dropped > 0)
1372		retval = 1;
1373
1374	*num_entries_dropped = entries_dropped;
1375	*num_entries_filled = entries_filled;
1376
1377	return (retval);
1378}
1379
1380/*
1381 * Remove an initiator by port number and initiator ID.
1382 * Returns 0 for success, -1 for failure.
1383 */
1384int
1385ctl_remove_initiator(struct ctl_port *port, int iid)
1386{
1387	struct ctl_softc *softc = control_softc;
1388
1389	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1390
1391	if (iid > CTL_MAX_INIT_PER_PORT) {
1392		printf("%s: initiator ID %u > maximun %u!\n",
1393		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1394		return (-1);
1395	}
1396
1397	mtx_lock(&softc->ctl_lock);
1398	port->wwpn_iid[iid].in_use--;
1399	port->wwpn_iid[iid].last_use = time_uptime;
1400	mtx_unlock(&softc->ctl_lock);
1401
1402	return (0);
1403}
1404
1405/*
1406 * Add an initiator to the initiator map.
1407 * Returns iid for success, < 0 for failure.
1408 */
1409int
1410ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1411{
1412	struct ctl_softc *softc = control_softc;
1413	time_t best_time;
1414	int i, best;
1415
1416	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1417
1418	if (iid >= CTL_MAX_INIT_PER_PORT) {
1419		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1420		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1421		free(name, M_CTL);
1422		return (-1);
1423	}
1424
1425	mtx_lock(&softc->ctl_lock);
1426
1427	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1428		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1429			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1430				iid = i;
1431				break;
1432			}
1433			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1434			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1435				iid = i;
1436				break;
1437			}
1438		}
1439	}
1440
1441	if (iid < 0) {
1442		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1443			if (port->wwpn_iid[i].in_use == 0 &&
1444			    port->wwpn_iid[i].wwpn == 0 &&
1445			    port->wwpn_iid[i].name == NULL) {
1446				iid = i;
1447				break;
1448			}
1449		}
1450	}
1451
1452	if (iid < 0) {
1453		best = -1;
1454		best_time = INT32_MAX;
1455		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1456			if (port->wwpn_iid[i].in_use == 0) {
1457				if (port->wwpn_iid[i].last_use < best_time) {
1458					best = i;
1459					best_time = port->wwpn_iid[i].last_use;
1460				}
1461			}
1462		}
1463		iid = best;
1464	}
1465
1466	if (iid < 0) {
1467		mtx_unlock(&softc->ctl_lock);
1468		free(name, M_CTL);
1469		return (-2);
1470	}
1471
1472	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1473		/*
1474		 * This is not an error yet.
1475		 */
1476		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1477#if 0
1478			printf("%s: port %d iid %u WWPN %#jx arrived"
1479			    " again\n", __func__, port->targ_port,
1480			    iid, (uintmax_t)wwpn);
1481#endif
1482			goto take;
1483		}
1484		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1485		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1486#if 0
1487			printf("%s: port %d iid %u name '%s' arrived"
1488			    " again\n", __func__, port->targ_port,
1489			    iid, name);
1490#endif
1491			goto take;
1492		}
1493
1494		/*
1495		 * This is an error, but what do we do about it?  The
1496		 * driver is telling us we have a new WWPN for this
1497		 * initiator ID, so we pretty much need to use it.
1498		 */
1499		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1500		    " but WWPN %#jx '%s' is still at that address\n",
1501		    __func__, port->targ_port, iid, wwpn, name,
1502		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1503		    port->wwpn_iid[iid].name);
1504
1505		/*
1506		 * XXX KDM clear have_ca and ua_pending on each LUN for
1507		 * this initiator.
1508		 */
1509	}
1510take:
1511	free(port->wwpn_iid[iid].name, M_CTL);
1512	port->wwpn_iid[iid].name = name;
1513	port->wwpn_iid[iid].wwpn = wwpn;
1514	port->wwpn_iid[iid].in_use++;
1515	mtx_unlock(&softc->ctl_lock);
1516
1517	return (iid);
1518}
1519
1520static int
1521ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1522{
1523	int len;
1524
1525	switch (port->port_type) {
1526	case CTL_PORT_FC:
1527	{
1528		struct scsi_transportid_fcp *id =
1529		    (struct scsi_transportid_fcp *)buf;
1530		if (port->wwpn_iid[iid].wwpn == 0)
1531			return (0);
1532		memset(id, 0, sizeof(*id));
1533		id->format_protocol = SCSI_PROTO_FC;
1534		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1535		return (sizeof(*id));
1536	}
1537	case CTL_PORT_ISCSI:
1538	{
1539		struct scsi_transportid_iscsi_port *id =
1540		    (struct scsi_transportid_iscsi_port *)buf;
1541		if (port->wwpn_iid[iid].name == NULL)
1542			return (0);
1543		memset(id, 0, 256);
1544		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1545		    SCSI_PROTO_ISCSI;
1546		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1547		len = roundup2(min(len, 252), 4);
1548		scsi_ulto2b(len, id->additional_length);
1549		return (sizeof(*id) + len);
1550	}
1551	case CTL_PORT_SAS:
1552	{
1553		struct scsi_transportid_sas *id =
1554		    (struct scsi_transportid_sas *)buf;
1555		if (port->wwpn_iid[iid].wwpn == 0)
1556			return (0);
1557		memset(id, 0, sizeof(*id));
1558		id->format_protocol = SCSI_PROTO_SAS;
1559		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1560		return (sizeof(*id));
1561	}
1562	default:
1563	{
1564		struct scsi_transportid_spi *id =
1565		    (struct scsi_transportid_spi *)buf;
1566		memset(id, 0, sizeof(*id));
1567		id->format_protocol = SCSI_PROTO_SPI;
1568		scsi_ulto2b(iid, id->scsi_addr);
1569		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1570		return (sizeof(*id));
1571	}
1572	}
1573}
1574
1575/*
1576 * Serialize a command that went down the "wrong" side, and so was sent to
1577 * this controller for execution.  The logic is a little different than the
1578 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1579 * sent back to the other side, but in the success case, we execute the
1580 * command on this side (XFER mode) or tell the other side to execute it
1581 * (SER_ONLY mode).
1582 */
1583static int
1584ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1585{
1586	struct ctl_softc *softc;
1587	union ctl_ha_msg msg_info;
1588	struct ctl_lun *lun;
1589	int retval = 0;
1590	uint32_t targ_lun;
1591
1592	softc = control_softc;
1593
1594	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1595	lun = softc->ctl_luns[targ_lun];
1596	if (lun==NULL)
1597	{
1598		/*
1599		 * Why isn't LUN defined? The other side wouldn't
1600		 * send a cmd if the LUN is undefined.
1601		 */
1602		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1603
1604		/* "Logical unit not supported" */
1605		ctl_set_sense_data(&msg_info.scsi.sense_data,
1606				   lun,
1607				   /*sense_format*/SSD_TYPE_NONE,
1608				   /*current_error*/ 1,
1609				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1610				   /*asc*/ 0x25,
1611				   /*ascq*/ 0x00,
1612				   SSD_ELEM_NONE);
1613
1614		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1615		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1616		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1617		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1618		msg_info.hdr.serializing_sc = NULL;
1619		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1620	        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1621				sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1622		}
1623		return(1);
1624
1625	}
1626
1627	mtx_lock(&lun->lun_lock);
1628    	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1629
1630	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1631		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1632		 ooa_links))) {
1633	case CTL_ACTION_BLOCK:
1634		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1635		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1636				  blocked_links);
1637		break;
1638	case CTL_ACTION_PASS:
1639	case CTL_ACTION_SKIP:
1640		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1641			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1642			ctl_enqueue_rtr((union ctl_io *)ctsio);
1643		} else {
1644
1645			/* send msg back to other side */
1646			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1647			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1648			msg_info.hdr.msg_type = CTL_MSG_R2R;
1649#if 0
1650			printf("2. pOrig %x\n", (int)msg_info.hdr.original_sc);
1651#endif
1652		        if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1653			    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1654			}
1655		}
1656		break;
1657	case CTL_ACTION_OVERLAP:
1658		/* OVERLAPPED COMMANDS ATTEMPTED */
1659		ctl_set_sense_data(&msg_info.scsi.sense_data,
1660				   lun,
1661				   /*sense_format*/SSD_TYPE_NONE,
1662				   /*current_error*/ 1,
1663				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1664				   /*asc*/ 0x4E,
1665				   /*ascq*/ 0x00,
1666				   SSD_ELEM_NONE);
1667
1668		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1669		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1670		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1671		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1672		msg_info.hdr.serializing_sc = NULL;
1673		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1674#if 0
1675		printf("BAD JUJU:Major Bummer Overlap\n");
1676#endif
1677		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1678		retval = 1;
1679		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1680		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1681		}
1682		break;
1683	case CTL_ACTION_OVERLAP_TAG:
1684		/* TAGGED OVERLAPPED COMMANDS (NN = QUEUE TAG) */
1685		ctl_set_sense_data(&msg_info.scsi.sense_data,
1686				   lun,
1687				   /*sense_format*/SSD_TYPE_NONE,
1688				   /*current_error*/ 1,
1689				   /*sense_key*/ SSD_KEY_ILLEGAL_REQUEST,
1690				   /*asc*/ 0x4D,
1691				   /*ascq*/ ctsio->tag_num & 0xff,
1692				   SSD_ELEM_NONE);
1693
1694		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1695		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1696		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1697		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1698		msg_info.hdr.serializing_sc = NULL;
1699		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1700#if 0
1701		printf("BAD JUJU:Major Bummer Overlap Tag\n");
1702#endif
1703		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1704		retval = 1;
1705		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1706		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1707		}
1708		break;
1709	case CTL_ACTION_ERROR:
1710	default:
1711		/* "Internal target failure" */
1712		ctl_set_sense_data(&msg_info.scsi.sense_data,
1713				   lun,
1714				   /*sense_format*/SSD_TYPE_NONE,
1715				   /*current_error*/ 1,
1716				   /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
1717				   /*asc*/ 0x44,
1718				   /*ascq*/ 0x00,
1719				   SSD_ELEM_NONE);
1720
1721		msg_info.scsi.sense_len = SSD_FULL_SIZE;
1722		msg_info.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
1723		msg_info.hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
1724		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1725		msg_info.hdr.serializing_sc = NULL;
1726		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1727#if 0
1728		printf("BAD JUJU:Major Bummer HW Error\n");
1729#endif
1730		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1731		retval = 1;
1732		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1733		    sizeof(msg_info), 0 ) > CTL_HA_STATUS_SUCCESS) {
1734		}
1735		break;
1736	}
1737	mtx_unlock(&lun->lun_lock);
1738	return (retval);
1739}
1740
1741/*
1742 * Returns 0 for success, errno for failure.
1743 */
1744static int
1745ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1746		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1747{
1748	union ctl_io *io;
1749	int retval;
1750
1751	retval = 0;
1752
1753	mtx_lock(&lun->lun_lock);
1754	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1755	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1756	     ooa_links)) {
1757		struct ctl_ooa_entry *entry;
1758
1759		/*
1760		 * If we've got more than we can fit, just count the
1761		 * remaining entries.
1762		 */
1763		if (*cur_fill_num >= ooa_hdr->alloc_num)
1764			continue;
1765
1766		entry = &kern_entries[*cur_fill_num];
1767
1768		entry->tag_num = io->scsiio.tag_num;
1769		entry->lun_num = lun->lun;
1770#ifdef CTL_TIME_IO
1771		entry->start_bt = io->io_hdr.start_bt;
1772#endif
1773		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
1774		entry->cdb_len = io->scsiio.cdb_len;
1775		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1776			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1777
1778		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1779			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
1780
1781		if (io->io_hdr.flags & CTL_FLAG_ABORT)
1782			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
1783
1784		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
1785			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
1786
1787		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
1788			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
1789	}
1790	mtx_unlock(&lun->lun_lock);
1791
1792	return (retval);
1793}
1794
1795static void *
1796ctl_copyin_alloc(void *user_addr, int len, char *error_str,
1797		 size_t error_str_len)
1798{
1799	void *kptr;
1800
1801	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
1802
1803	if (copyin(user_addr, kptr, len) != 0) {
1804		snprintf(error_str, error_str_len, "Error copying %d bytes "
1805			 "from user address %p to kernel address %p", len,
1806			 user_addr, kptr);
1807		free(kptr, M_CTL);
1808		return (NULL);
1809	}
1810
1811	return (kptr);
1812}
1813
1814static void
1815ctl_free_args(int num_args, struct ctl_be_arg *args)
1816{
1817	int i;
1818
1819	if (args == NULL)
1820		return;
1821
1822	for (i = 0; i < num_args; i++) {
1823		free(args[i].kname, M_CTL);
1824		free(args[i].kvalue, M_CTL);
1825	}
1826
1827	free(args, M_CTL);
1828}
1829
1830static struct ctl_be_arg *
1831ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
1832		char *error_str, size_t error_str_len)
1833{
1834	struct ctl_be_arg *args;
1835	int i;
1836
1837	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
1838				error_str, error_str_len);
1839
1840	if (args == NULL)
1841		goto bailout;
1842
1843	for (i = 0; i < num_args; i++) {
1844		args[i].kname = NULL;
1845		args[i].kvalue = NULL;
1846	}
1847
1848	for (i = 0; i < num_args; i++) {
1849		uint8_t *tmpptr;
1850
1851		args[i].kname = ctl_copyin_alloc(args[i].name,
1852			args[i].namelen, error_str, error_str_len);
1853		if (args[i].kname == NULL)
1854			goto bailout;
1855
1856		if (args[i].kname[args[i].namelen - 1] != '\0') {
1857			snprintf(error_str, error_str_len, "Argument %d "
1858				 "name is not NUL-terminated", i);
1859			goto bailout;
1860		}
1861
1862		if (args[i].flags & CTL_BEARG_RD) {
1863			tmpptr = ctl_copyin_alloc(args[i].value,
1864				args[i].vallen, error_str, error_str_len);
1865			if (tmpptr == NULL)
1866				goto bailout;
1867			if ((args[i].flags & CTL_BEARG_ASCII)
1868			 && (tmpptr[args[i].vallen - 1] != '\0')) {
1869				snprintf(error_str, error_str_len, "Argument "
1870				    "%d value is not NUL-terminated", i);
1871				goto bailout;
1872			}
1873			args[i].kvalue = tmpptr;
1874		} else {
1875			args[i].kvalue = malloc(args[i].vallen,
1876			    M_CTL, M_WAITOK | M_ZERO);
1877		}
1878	}
1879
1880	return (args);
1881bailout:
1882
1883	ctl_free_args(num_args, args);
1884
1885	return (NULL);
1886}
1887
1888static void
1889ctl_copyout_args(int num_args, struct ctl_be_arg *args)
1890{
1891	int i;
1892
1893	for (i = 0; i < num_args; i++) {
1894		if (args[i].flags & CTL_BEARG_WR)
1895			copyout(args[i].kvalue, args[i].value, args[i].vallen);
1896	}
1897}
1898
1899/*
1900 * Escape characters that are illegal or not recommended in XML.
1901 */
1902int
1903ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
1904{
1905	char *end = str + size;
1906	int retval;
1907
1908	retval = 0;
1909
1910	for (; *str && str < end; str++) {
1911		switch (*str) {
1912		case '&':
1913			retval = sbuf_printf(sb, "&amp;");
1914			break;
1915		case '>':
1916			retval = sbuf_printf(sb, "&gt;");
1917			break;
1918		case '<':
1919			retval = sbuf_printf(sb, "&lt;");
1920			break;
1921		default:
1922			retval = sbuf_putc(sb, *str);
1923			break;
1924		}
1925
1926		if (retval != 0)
1927			break;
1928
1929	}
1930
1931	return (retval);
1932}
1933
1934static void
1935ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
1936{
1937	struct scsi_vpd_id_descriptor *desc;
1938	int i;
1939
1940	if (id == NULL || id->len < 4)
1941		return;
1942	desc = (struct scsi_vpd_id_descriptor *)id->data;
1943	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
1944	case SVPD_ID_TYPE_T10:
1945		sbuf_printf(sb, "t10.");
1946		break;
1947	case SVPD_ID_TYPE_EUI64:
1948		sbuf_printf(sb, "eui.");
1949		break;
1950	case SVPD_ID_TYPE_NAA:
1951		sbuf_printf(sb, "naa.");
1952		break;
1953	case SVPD_ID_TYPE_SCSI_NAME:
1954		break;
1955	}
1956	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
1957	case SVPD_ID_CODESET_BINARY:
1958		for (i = 0; i < desc->length; i++)
1959			sbuf_printf(sb, "%02x", desc->identifier[i]);
1960		break;
1961	case SVPD_ID_CODESET_ASCII:
1962		sbuf_printf(sb, "%.*s", (int)desc->length,
1963		    (char *)desc->identifier);
1964		break;
1965	case SVPD_ID_CODESET_UTF8:
1966		sbuf_printf(sb, "%s", (char *)desc->identifier);
1967		break;
1968	}
1969}
1970
1971static int
1972ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
1973	  struct thread *td)
1974{
1975	struct ctl_softc *softc;
1976	int retval;
1977
1978	softc = control_softc;
1979
1980	retval = 0;
1981
1982	switch (cmd) {
1983	case CTL_IO:
1984		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
1985		break;
1986	case CTL_ENABLE_PORT:
1987	case CTL_DISABLE_PORT:
1988	case CTL_SET_PORT_WWNS: {
1989		struct ctl_port *port;
1990		struct ctl_port_entry *entry;
1991
1992		entry = (struct ctl_port_entry *)addr;
1993
1994		mtx_lock(&softc->ctl_lock);
1995		STAILQ_FOREACH(port, &softc->port_list, links) {
1996			int action, done;
1997
1998			action = 0;
1999			done = 0;
2000
2001			if ((entry->port_type == CTL_PORT_NONE)
2002			 && (entry->targ_port == port->targ_port)) {
2003				/*
2004				 * If the user only wants to enable or
2005				 * disable or set WWNs on a specific port,
2006				 * do the operation and we're done.
2007				 */
2008				action = 1;
2009				done = 1;
2010			} else if (entry->port_type & port->port_type) {
2011				/*
2012				 * Compare the user's type mask with the
2013				 * particular frontend type to see if we
2014				 * have a match.
2015				 */
2016				action = 1;
2017				done = 0;
2018
2019				/*
2020				 * Make sure the user isn't trying to set
2021				 * WWNs on multiple ports at the same time.
2022				 */
2023				if (cmd == CTL_SET_PORT_WWNS) {
2024					printf("%s: Can't set WWNs on "
2025					       "multiple ports\n", __func__);
2026					retval = EINVAL;
2027					break;
2028				}
2029			}
2030			if (action != 0) {
2031				/*
2032				 * XXX KDM we have to drop the lock here,
2033				 * because the online/offline operations
2034				 * can potentially block.  We need to
2035				 * reference count the frontends so they
2036				 * can't go away,
2037				 */
2038				mtx_unlock(&softc->ctl_lock);
2039
2040				if (cmd == CTL_ENABLE_PORT) {
2041					ctl_port_online(port);
2042				} else if (cmd == CTL_DISABLE_PORT) {
2043					ctl_port_offline(port);
2044				}
2045
2046				mtx_lock(&softc->ctl_lock);
2047
2048				if (cmd == CTL_SET_PORT_WWNS)
2049					ctl_port_set_wwns(port,
2050					    (entry->flags & CTL_PORT_WWNN_VALID) ?
2051					    1 : 0, entry->wwnn,
2052					    (entry->flags & CTL_PORT_WWPN_VALID) ?
2053					    1 : 0, entry->wwpn);
2054			}
2055			if (done != 0)
2056				break;
2057		}
2058		mtx_unlock(&softc->ctl_lock);
2059		break;
2060	}
2061	case CTL_GET_PORT_LIST: {
2062		struct ctl_port *port;
2063		struct ctl_port_list *list;
2064		int i;
2065
2066		list = (struct ctl_port_list *)addr;
2067
2068		if (list->alloc_len != (list->alloc_num *
2069		    sizeof(struct ctl_port_entry))) {
2070			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2071			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2072			       "%zu\n", __func__, list->alloc_len,
2073			       list->alloc_num, sizeof(struct ctl_port_entry));
2074			retval = EINVAL;
2075			break;
2076		}
2077		list->fill_len = 0;
2078		list->fill_num = 0;
2079		list->dropped_num = 0;
2080		i = 0;
2081		mtx_lock(&softc->ctl_lock);
2082		STAILQ_FOREACH(port, &softc->port_list, links) {
2083			struct ctl_port_entry entry, *list_entry;
2084
2085			if (list->fill_num >= list->alloc_num) {
2086				list->dropped_num++;
2087				continue;
2088			}
2089
2090			entry.port_type = port->port_type;
2091			strlcpy(entry.port_name, port->port_name,
2092				sizeof(entry.port_name));
2093			entry.targ_port = port->targ_port;
2094			entry.physical_port = port->physical_port;
2095			entry.virtual_port = port->virtual_port;
2096			entry.wwnn = port->wwnn;
2097			entry.wwpn = port->wwpn;
2098			if (port->status & CTL_PORT_STATUS_ONLINE)
2099				entry.online = 1;
2100			else
2101				entry.online = 0;
2102
2103			list_entry = &list->entries[i];
2104
2105			retval = copyout(&entry, list_entry, sizeof(entry));
2106			if (retval != 0) {
2107				printf("%s: CTL_GET_PORT_LIST: copyout "
2108				       "returned %d\n", __func__, retval);
2109				break;
2110			}
2111			i++;
2112			list->fill_num++;
2113			list->fill_len += sizeof(entry);
2114		}
2115		mtx_unlock(&softc->ctl_lock);
2116
2117		/*
2118		 * If this is non-zero, we had a copyout fault, so there's
2119		 * probably no point in attempting to set the status inside
2120		 * the structure.
2121		 */
2122		if (retval != 0)
2123			break;
2124
2125		if (list->dropped_num > 0)
2126			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2127		else
2128			list->status = CTL_PORT_LIST_OK;
2129		break;
2130	}
2131	case CTL_DUMP_OOA: {
2132		struct ctl_lun *lun;
2133		union ctl_io *io;
2134		char printbuf[128];
2135		struct sbuf sb;
2136
2137		mtx_lock(&softc->ctl_lock);
2138		printf("Dumping OOA queues:\n");
2139		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2140			mtx_lock(&lun->lun_lock);
2141			for (io = (union ctl_io *)TAILQ_FIRST(
2142			     &lun->ooa_queue); io != NULL;
2143			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2144			     ooa_links)) {
2145				sbuf_new(&sb, printbuf, sizeof(printbuf),
2146					 SBUF_FIXEDLEN);
2147				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2148					    (intmax_t)lun->lun,
2149					    io->scsiio.tag_num,
2150					    (io->io_hdr.flags &
2151					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2152					    (io->io_hdr.flags &
2153					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2154					    (io->io_hdr.flags &
2155					    CTL_FLAG_ABORT) ? " ABORT" : "",
2156			                    (io->io_hdr.flags &
2157		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2158				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2159				sbuf_finish(&sb);
2160				printf("%s\n", sbuf_data(&sb));
2161			}
2162			mtx_unlock(&lun->lun_lock);
2163		}
2164		printf("OOA queues dump done\n");
2165		mtx_unlock(&softc->ctl_lock);
2166		break;
2167	}
2168	case CTL_GET_OOA: {
2169		struct ctl_lun *lun;
2170		struct ctl_ooa *ooa_hdr;
2171		struct ctl_ooa_entry *entries;
2172		uint32_t cur_fill_num;
2173
2174		ooa_hdr = (struct ctl_ooa *)addr;
2175
2176		if ((ooa_hdr->alloc_len == 0)
2177		 || (ooa_hdr->alloc_num == 0)) {
2178			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2179			       "must be non-zero\n", __func__,
2180			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2181			retval = EINVAL;
2182			break;
2183		}
2184
2185		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2186		    sizeof(struct ctl_ooa_entry))) {
2187			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2188			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2189			       __func__, ooa_hdr->alloc_len,
2190			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2191			retval = EINVAL;
2192			break;
2193		}
2194
2195		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2196		if (entries == NULL) {
2197			printf("%s: could not allocate %d bytes for OOA "
2198			       "dump\n", __func__, ooa_hdr->alloc_len);
2199			retval = ENOMEM;
2200			break;
2201		}
2202
2203		mtx_lock(&softc->ctl_lock);
2204		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2205		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2206		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2207			mtx_unlock(&softc->ctl_lock);
2208			free(entries, M_CTL);
2209			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2210			       __func__, (uintmax_t)ooa_hdr->lun_num);
2211			retval = EINVAL;
2212			break;
2213		}
2214
2215		cur_fill_num = 0;
2216
2217		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2218			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2219				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2220					ooa_hdr, entries);
2221				if (retval != 0)
2222					break;
2223			}
2224			if (retval != 0) {
2225				mtx_unlock(&softc->ctl_lock);
2226				free(entries, M_CTL);
2227				break;
2228			}
2229		} else {
2230			lun = softc->ctl_luns[ooa_hdr->lun_num];
2231
2232			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2233						    entries);
2234		}
2235		mtx_unlock(&softc->ctl_lock);
2236
2237		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2238		ooa_hdr->fill_len = ooa_hdr->fill_num *
2239			sizeof(struct ctl_ooa_entry);
2240		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2241		if (retval != 0) {
2242			printf("%s: error copying out %d bytes for OOA dump\n",
2243			       __func__, ooa_hdr->fill_len);
2244		}
2245
2246		getbintime(&ooa_hdr->cur_bt);
2247
2248		if (cur_fill_num > ooa_hdr->alloc_num) {
2249			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2250			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2251		} else {
2252			ooa_hdr->dropped_num = 0;
2253			ooa_hdr->status = CTL_OOA_OK;
2254		}
2255
2256		free(entries, M_CTL);
2257		break;
2258	}
2259	case CTL_CHECK_OOA: {
2260		union ctl_io *io;
2261		struct ctl_lun *lun;
2262		struct ctl_ooa_info *ooa_info;
2263
2264
2265		ooa_info = (struct ctl_ooa_info *)addr;
2266
2267		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2268			ooa_info->status = CTL_OOA_INVALID_LUN;
2269			break;
2270		}
2271		mtx_lock(&softc->ctl_lock);
2272		lun = softc->ctl_luns[ooa_info->lun_id];
2273		if (lun == NULL) {
2274			mtx_unlock(&softc->ctl_lock);
2275			ooa_info->status = CTL_OOA_INVALID_LUN;
2276			break;
2277		}
2278		mtx_lock(&lun->lun_lock);
2279		mtx_unlock(&softc->ctl_lock);
2280		ooa_info->num_entries = 0;
2281		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2282		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2283		     &io->io_hdr, ooa_links)) {
2284			ooa_info->num_entries++;
2285		}
2286		mtx_unlock(&lun->lun_lock);
2287
2288		ooa_info->status = CTL_OOA_SUCCESS;
2289
2290		break;
2291	}
2292	case CTL_DELAY_IO: {
2293		struct ctl_io_delay_info *delay_info;
2294#ifdef CTL_IO_DELAY
2295		struct ctl_lun *lun;
2296#endif /* CTL_IO_DELAY */
2297
2298		delay_info = (struct ctl_io_delay_info *)addr;
2299
2300#ifdef CTL_IO_DELAY
2301		mtx_lock(&softc->ctl_lock);
2302
2303		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2304		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2305			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2306		} else {
2307			lun = softc->ctl_luns[delay_info->lun_id];
2308			mtx_lock(&lun->lun_lock);
2309
2310			delay_info->status = CTL_DELAY_STATUS_OK;
2311
2312			switch (delay_info->delay_type) {
2313			case CTL_DELAY_TYPE_CONT:
2314				break;
2315			case CTL_DELAY_TYPE_ONESHOT:
2316				break;
2317			default:
2318				delay_info->status =
2319					CTL_DELAY_STATUS_INVALID_TYPE;
2320				break;
2321			}
2322
2323			switch (delay_info->delay_loc) {
2324			case CTL_DELAY_LOC_DATAMOVE:
2325				lun->delay_info.datamove_type =
2326					delay_info->delay_type;
2327				lun->delay_info.datamove_delay =
2328					delay_info->delay_secs;
2329				break;
2330			case CTL_DELAY_LOC_DONE:
2331				lun->delay_info.done_type =
2332					delay_info->delay_type;
2333				lun->delay_info.done_delay =
2334					delay_info->delay_secs;
2335				break;
2336			default:
2337				delay_info->status =
2338					CTL_DELAY_STATUS_INVALID_LOC;
2339				break;
2340			}
2341			mtx_unlock(&lun->lun_lock);
2342		}
2343
2344		mtx_unlock(&softc->ctl_lock);
2345#else
2346		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2347#endif /* CTL_IO_DELAY */
2348		break;
2349	}
2350	case CTL_REALSYNC_SET: {
2351		int *syncstate;
2352
2353		syncstate = (int *)addr;
2354
2355		mtx_lock(&softc->ctl_lock);
2356		switch (*syncstate) {
2357		case 0:
2358			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2359			break;
2360		case 1:
2361			softc->flags |= CTL_FLAG_REAL_SYNC;
2362			break;
2363		default:
2364			retval = EINVAL;
2365			break;
2366		}
2367		mtx_unlock(&softc->ctl_lock);
2368		break;
2369	}
2370	case CTL_REALSYNC_GET: {
2371		int *syncstate;
2372
2373		syncstate = (int*)addr;
2374
2375		mtx_lock(&softc->ctl_lock);
2376		if (softc->flags & CTL_FLAG_REAL_SYNC)
2377			*syncstate = 1;
2378		else
2379			*syncstate = 0;
2380		mtx_unlock(&softc->ctl_lock);
2381
2382		break;
2383	}
2384	case CTL_SETSYNC:
2385	case CTL_GETSYNC: {
2386		struct ctl_sync_info *sync_info;
2387		struct ctl_lun *lun;
2388
2389		sync_info = (struct ctl_sync_info *)addr;
2390
2391		mtx_lock(&softc->ctl_lock);
2392		lun = softc->ctl_luns[sync_info->lun_id];
2393		if (lun == NULL) {
2394			mtx_unlock(&softc->ctl_lock);
2395			sync_info->status = CTL_GS_SYNC_NO_LUN;
2396		}
2397		/*
2398		 * Get or set the sync interval.  We're not bounds checking
2399		 * in the set case, hopefully the user won't do something
2400		 * silly.
2401		 */
2402		mtx_lock(&lun->lun_lock);
2403		mtx_unlock(&softc->ctl_lock);
2404		if (cmd == CTL_GETSYNC)
2405			sync_info->sync_interval = lun->sync_interval;
2406		else
2407			lun->sync_interval = sync_info->sync_interval;
2408		mtx_unlock(&lun->lun_lock);
2409
2410		sync_info->status = CTL_GS_SYNC_OK;
2411
2412		break;
2413	}
2414	case CTL_GETSTATS: {
2415		struct ctl_stats *stats;
2416		struct ctl_lun *lun;
2417		int i;
2418
2419		stats = (struct ctl_stats *)addr;
2420
2421		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2422		     stats->alloc_len) {
2423			stats->status = CTL_SS_NEED_MORE_SPACE;
2424			stats->num_luns = softc->num_luns;
2425			break;
2426		}
2427		/*
2428		 * XXX KDM no locking here.  If the LUN list changes,
2429		 * things can blow up.
2430		 */
2431		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2432		     i++, lun = STAILQ_NEXT(lun, links)) {
2433			retval = copyout(&lun->stats, &stats->lun_stats[i],
2434					 sizeof(lun->stats));
2435			if (retval != 0)
2436				break;
2437		}
2438		stats->num_luns = softc->num_luns;
2439		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2440				 softc->num_luns;
2441		stats->status = CTL_SS_OK;
2442#ifdef CTL_TIME_IO
2443		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2444#else
2445		stats->flags = CTL_STATS_FLAG_NONE;
2446#endif
2447		getnanouptime(&stats->timestamp);
2448		break;
2449	}
2450	case CTL_ERROR_INJECT: {
2451		struct ctl_error_desc *err_desc, *new_err_desc;
2452		struct ctl_lun *lun;
2453
2454		err_desc = (struct ctl_error_desc *)addr;
2455
2456		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2457				      M_WAITOK | M_ZERO);
2458		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2459
2460		mtx_lock(&softc->ctl_lock);
2461		lun = softc->ctl_luns[err_desc->lun_id];
2462		if (lun == NULL) {
2463			mtx_unlock(&softc->ctl_lock);
2464			free(new_err_desc, M_CTL);
2465			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2466			       __func__, (uintmax_t)err_desc->lun_id);
2467			retval = EINVAL;
2468			break;
2469		}
2470		mtx_lock(&lun->lun_lock);
2471		mtx_unlock(&softc->ctl_lock);
2472
2473		/*
2474		 * We could do some checking here to verify the validity
2475		 * of the request, but given the complexity of error
2476		 * injection requests, the checking logic would be fairly
2477		 * complex.
2478		 *
2479		 * For now, if the request is invalid, it just won't get
2480		 * executed and might get deleted.
2481		 */
2482		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2483
2484		/*
2485		 * XXX KDM check to make sure the serial number is unique,
2486		 * in case we somehow manage to wrap.  That shouldn't
2487		 * happen for a very long time, but it's the right thing to
2488		 * do.
2489		 */
2490		new_err_desc->serial = lun->error_serial;
2491		err_desc->serial = lun->error_serial;
2492		lun->error_serial++;
2493
2494		mtx_unlock(&lun->lun_lock);
2495		break;
2496	}
2497	case CTL_ERROR_INJECT_DELETE: {
2498		struct ctl_error_desc *delete_desc, *desc, *desc2;
2499		struct ctl_lun *lun;
2500		int delete_done;
2501
2502		delete_desc = (struct ctl_error_desc *)addr;
2503		delete_done = 0;
2504
2505		mtx_lock(&softc->ctl_lock);
2506		lun = softc->ctl_luns[delete_desc->lun_id];
2507		if (lun == NULL) {
2508			mtx_unlock(&softc->ctl_lock);
2509			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2510			       __func__, (uintmax_t)delete_desc->lun_id);
2511			retval = EINVAL;
2512			break;
2513		}
2514		mtx_lock(&lun->lun_lock);
2515		mtx_unlock(&softc->ctl_lock);
2516		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2517			if (desc->serial != delete_desc->serial)
2518				continue;
2519
2520			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2521				      links);
2522			free(desc, M_CTL);
2523			delete_done = 1;
2524		}
2525		mtx_unlock(&lun->lun_lock);
2526		if (delete_done == 0) {
2527			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2528			       "error serial %ju on LUN %u\n", __func__,
2529			       delete_desc->serial, delete_desc->lun_id);
2530			retval = EINVAL;
2531			break;
2532		}
2533		break;
2534	}
2535	case CTL_DUMP_STRUCTS: {
2536		int i, j, k;
2537		struct ctl_port *port;
2538		struct ctl_frontend *fe;
2539
2540		mtx_lock(&softc->ctl_lock);
2541		printf("CTL Persistent Reservation information start:\n");
2542		for (i = 0; i < CTL_MAX_LUNS; i++) {
2543			struct ctl_lun *lun;
2544
2545			lun = softc->ctl_luns[i];
2546
2547			if ((lun == NULL)
2548			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2549				continue;
2550
2551			for (j = 0; j < (CTL_MAX_PORTS * 2); j++) {
2552				if (lun->pr_keys[j] == NULL)
2553					continue;
2554				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2555					if (lun->pr_keys[j][k] == 0)
2556						continue;
2557					printf("  LUN %d port %d iid %d key "
2558					       "%#jx\n", i, j, k,
2559					       (uintmax_t)lun->pr_keys[j][k]);
2560				}
2561			}
2562		}
2563		printf("CTL Persistent Reservation information end\n");
2564		printf("CTL Ports:\n");
2565		STAILQ_FOREACH(port, &softc->port_list, links) {
2566			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2567			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2568			       port->frontend->name, port->port_type,
2569			       port->physical_port, port->virtual_port,
2570			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2571			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2572				if (port->wwpn_iid[j].in_use == 0 &&
2573				    port->wwpn_iid[j].wwpn == 0 &&
2574				    port->wwpn_iid[j].name == NULL)
2575					continue;
2576
2577				printf("    iid %u use %d WWPN %#jx '%s'\n",
2578				    j, port->wwpn_iid[j].in_use,
2579				    (uintmax_t)port->wwpn_iid[j].wwpn,
2580				    port->wwpn_iid[j].name);
2581			}
2582		}
2583		printf("CTL Port information end\n");
2584		mtx_unlock(&softc->ctl_lock);
2585		/*
2586		 * XXX KDM calling this without a lock.  We'd likely want
2587		 * to drop the lock before calling the frontend's dump
2588		 * routine anyway.
2589		 */
2590		printf("CTL Frontends:\n");
2591		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2592			printf("  Frontend '%s'\n", fe->name);
2593			if (fe->fe_dump != NULL)
2594				fe->fe_dump();
2595		}
2596		printf("CTL Frontend information end\n");
2597		break;
2598	}
2599	case CTL_LUN_REQ: {
2600		struct ctl_lun_req *lun_req;
2601		struct ctl_backend_driver *backend;
2602
2603		lun_req = (struct ctl_lun_req *)addr;
2604
2605		backend = ctl_backend_find(lun_req->backend);
2606		if (backend == NULL) {
2607			lun_req->status = CTL_LUN_ERROR;
2608			snprintf(lun_req->error_str,
2609				 sizeof(lun_req->error_str),
2610				 "Backend \"%s\" not found.",
2611				 lun_req->backend);
2612			break;
2613		}
2614		if (lun_req->num_be_args > 0) {
2615			lun_req->kern_be_args = ctl_copyin_args(
2616				lun_req->num_be_args,
2617				lun_req->be_args,
2618				lun_req->error_str,
2619				sizeof(lun_req->error_str));
2620			if (lun_req->kern_be_args == NULL) {
2621				lun_req->status = CTL_LUN_ERROR;
2622				break;
2623			}
2624		}
2625
2626		retval = backend->ioctl(dev, cmd, addr, flag, td);
2627
2628		if (lun_req->num_be_args > 0) {
2629			ctl_copyout_args(lun_req->num_be_args,
2630				      lun_req->kern_be_args);
2631			ctl_free_args(lun_req->num_be_args,
2632				      lun_req->kern_be_args);
2633		}
2634		break;
2635	}
2636	case CTL_LUN_LIST: {
2637		struct sbuf *sb;
2638		struct ctl_lun *lun;
2639		struct ctl_lun_list *list;
2640		struct ctl_option *opt;
2641
2642		list = (struct ctl_lun_list *)addr;
2643
2644		/*
2645		 * Allocate a fixed length sbuf here, based on the length
2646		 * of the user's buffer.  We could allocate an auto-extending
2647		 * buffer, and then tell the user how much larger our
2648		 * amount of data is than his buffer, but that presents
2649		 * some problems:
2650		 *
2651		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2652		 *     we can't hold a lock while calling them with an
2653		 *     auto-extending buffer.
2654 		 *
2655		 * 2.  There is not currently a LUN reference counting
2656		 *     mechanism, outside of outstanding transactions on
2657		 *     the LUN's OOA queue.  So a LUN could go away on us
2658		 *     while we're getting the LUN number, backend-specific
2659		 *     information, etc.  Thus, given the way things
2660		 *     currently work, we need to hold the CTL lock while
2661		 *     grabbing LUN information.
2662		 *
2663		 * So, from the user's standpoint, the best thing to do is
2664		 * allocate what he thinks is a reasonable buffer length,
2665		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2666		 * double the buffer length and try again.  (And repeat
2667		 * that until he succeeds.)
2668		 */
2669		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2670		if (sb == NULL) {
2671			list->status = CTL_LUN_LIST_ERROR;
2672			snprintf(list->error_str, sizeof(list->error_str),
2673				 "Unable to allocate %d bytes for LUN list",
2674				 list->alloc_len);
2675			break;
2676		}
2677
2678		sbuf_printf(sb, "<ctllunlist>\n");
2679
2680		mtx_lock(&softc->ctl_lock);
2681		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2682			mtx_lock(&lun->lun_lock);
2683			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2684					     (uintmax_t)lun->lun);
2685
2686			/*
2687			 * Bail out as soon as we see that we've overfilled
2688			 * the buffer.
2689			 */
2690			if (retval != 0)
2691				break;
2692
2693			retval = sbuf_printf(sb, "\t<backend_type>%s"
2694					     "</backend_type>\n",
2695					     (lun->backend == NULL) ?  "none" :
2696					     lun->backend->name);
2697
2698			if (retval != 0)
2699				break;
2700
2701			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
2702					     lun->be_lun->lun_type);
2703
2704			if (retval != 0)
2705				break;
2706
2707			if (lun->backend == NULL) {
2708				retval = sbuf_printf(sb, "</lun>\n");
2709				if (retval != 0)
2710					break;
2711				continue;
2712			}
2713
2714			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
2715					     (lun->be_lun->maxlba > 0) ?
2716					     lun->be_lun->maxlba + 1 : 0);
2717
2718			if (retval != 0)
2719				break;
2720
2721			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
2722					     lun->be_lun->blocksize);
2723
2724			if (retval != 0)
2725				break;
2726
2727			retval = sbuf_printf(sb, "\t<serial_number>");
2728
2729			if (retval != 0)
2730				break;
2731
2732			retval = ctl_sbuf_printf_esc(sb,
2733			    lun->be_lun->serial_num,
2734			    sizeof(lun->be_lun->serial_num));
2735
2736			if (retval != 0)
2737				break;
2738
2739			retval = sbuf_printf(sb, "</serial_number>\n");
2740
2741			if (retval != 0)
2742				break;
2743
2744			retval = sbuf_printf(sb, "\t<device_id>");
2745
2746			if (retval != 0)
2747				break;
2748
2749			retval = ctl_sbuf_printf_esc(sb,
2750			    lun->be_lun->device_id,
2751			    sizeof(lun->be_lun->device_id));
2752
2753			if (retval != 0)
2754				break;
2755
2756			retval = sbuf_printf(sb, "</device_id>\n");
2757
2758			if (retval != 0)
2759				break;
2760
2761			if (lun->backend->lun_info != NULL) {
2762				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
2763				if (retval != 0)
2764					break;
2765			}
2766			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
2767				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
2768				    opt->name, opt->value, opt->name);
2769				if (retval != 0)
2770					break;
2771			}
2772
2773			retval = sbuf_printf(sb, "</lun>\n");
2774
2775			if (retval != 0)
2776				break;
2777			mtx_unlock(&lun->lun_lock);
2778		}
2779		if (lun != NULL)
2780			mtx_unlock(&lun->lun_lock);
2781		mtx_unlock(&softc->ctl_lock);
2782
2783		if ((retval != 0)
2784		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
2785			retval = 0;
2786			sbuf_delete(sb);
2787			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
2788			snprintf(list->error_str, sizeof(list->error_str),
2789				 "Out of space, %d bytes is too small",
2790				 list->alloc_len);
2791			break;
2792		}
2793
2794		sbuf_finish(sb);
2795
2796		retval = copyout(sbuf_data(sb), list->lun_xml,
2797				 sbuf_len(sb) + 1);
2798
2799		list->fill_len = sbuf_len(sb) + 1;
2800		list->status = CTL_LUN_LIST_OK;
2801		sbuf_delete(sb);
2802		break;
2803	}
2804	case CTL_ISCSI: {
2805		struct ctl_iscsi *ci;
2806		struct ctl_frontend *fe;
2807
2808		ci = (struct ctl_iscsi *)addr;
2809
2810		fe = ctl_frontend_find("iscsi");
2811		if (fe == NULL) {
2812			ci->status = CTL_ISCSI_ERROR;
2813			snprintf(ci->error_str, sizeof(ci->error_str),
2814			    "Frontend \"iscsi\" not found.");
2815			break;
2816		}
2817
2818		retval = fe->ioctl(dev, cmd, addr, flag, td);
2819		break;
2820	}
2821	case CTL_PORT_REQ: {
2822		struct ctl_req *req;
2823		struct ctl_frontend *fe;
2824
2825		req = (struct ctl_req *)addr;
2826
2827		fe = ctl_frontend_find(req->driver);
2828		if (fe == NULL) {
2829			req->status = CTL_LUN_ERROR;
2830			snprintf(req->error_str, sizeof(req->error_str),
2831			    "Frontend \"%s\" not found.", req->driver);
2832			break;
2833		}
2834		if (req->num_args > 0) {
2835			req->kern_args = ctl_copyin_args(req->num_args,
2836			    req->args, req->error_str, sizeof(req->error_str));
2837			if (req->kern_args == NULL) {
2838				req->status = CTL_LUN_ERROR;
2839				break;
2840			}
2841		}
2842
2843		retval = fe->ioctl(dev, cmd, addr, flag, td);
2844
2845		if (req->num_args > 0) {
2846			ctl_copyout_args(req->num_args, req->kern_args);
2847			ctl_free_args(req->num_args, req->kern_args);
2848		}
2849		break;
2850	}
2851	case CTL_PORT_LIST: {
2852		struct sbuf *sb;
2853		struct ctl_port *port;
2854		struct ctl_lun_list *list;
2855		struct ctl_option *opt;
2856		int j;
2857		uint32_t plun;
2858
2859		list = (struct ctl_lun_list *)addr;
2860
2861		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2862		if (sb == NULL) {
2863			list->status = CTL_LUN_LIST_ERROR;
2864			snprintf(list->error_str, sizeof(list->error_str),
2865				 "Unable to allocate %d bytes for LUN list",
2866				 list->alloc_len);
2867			break;
2868		}
2869
2870		sbuf_printf(sb, "<ctlportlist>\n");
2871
2872		mtx_lock(&softc->ctl_lock);
2873		STAILQ_FOREACH(port, &softc->port_list, links) {
2874			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
2875					     (uintmax_t)port->targ_port);
2876
2877			/*
2878			 * Bail out as soon as we see that we've overfilled
2879			 * the buffer.
2880			 */
2881			if (retval != 0)
2882				break;
2883
2884			retval = sbuf_printf(sb, "\t<frontend_type>%s"
2885			    "</frontend_type>\n", port->frontend->name);
2886			if (retval != 0)
2887				break;
2888
2889			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
2890					     port->port_type);
2891			if (retval != 0)
2892				break;
2893
2894			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
2895			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
2896			if (retval != 0)
2897				break;
2898
2899			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
2900			    port->port_name);
2901			if (retval != 0)
2902				break;
2903
2904			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
2905			    port->physical_port);
2906			if (retval != 0)
2907				break;
2908
2909			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
2910			    port->virtual_port);
2911			if (retval != 0)
2912				break;
2913
2914			if (port->target_devid != NULL) {
2915				sbuf_printf(sb, "\t<target>");
2916				ctl_id_sbuf(port->target_devid, sb);
2917				sbuf_printf(sb, "</target>\n");
2918			}
2919
2920			if (port->port_devid != NULL) {
2921				sbuf_printf(sb, "\t<port>");
2922				ctl_id_sbuf(port->port_devid, sb);
2923				sbuf_printf(sb, "</port>\n");
2924			}
2925
2926			if (port->port_info != NULL) {
2927				retval = port->port_info(port->onoff_arg, sb);
2928				if (retval != 0)
2929					break;
2930			}
2931			STAILQ_FOREACH(opt, &port->options, links) {
2932				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
2933				    opt->name, opt->value, opt->name);
2934				if (retval != 0)
2935					break;
2936			}
2937
2938			if (port->lun_map != NULL) {
2939				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
2940				for (j = 0; j < CTL_MAX_LUNS; j++) {
2941					plun = ctl_lun_map_from_port(port, j);
2942					if (plun >= CTL_MAX_LUNS)
2943						continue;
2944					sbuf_printf(sb,
2945					    "\t<lun id=\"%u\">%u</lun>\n",
2946					    j, plun);
2947				}
2948			}
2949
2950			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2951				if (port->wwpn_iid[j].in_use == 0 ||
2952				    (port->wwpn_iid[j].wwpn == 0 &&
2953				     port->wwpn_iid[j].name == NULL))
2954					continue;
2955
2956				if (port->wwpn_iid[j].name != NULL)
2957					retval = sbuf_printf(sb,
2958					    "\t<initiator id=\"%u\">%s</initiator>\n",
2959					    j, port->wwpn_iid[j].name);
2960				else
2961					retval = sbuf_printf(sb,
2962					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
2963					    j, port->wwpn_iid[j].wwpn);
2964				if (retval != 0)
2965					break;
2966			}
2967			if (retval != 0)
2968				break;
2969
2970			retval = sbuf_printf(sb, "</targ_port>\n");
2971			if (retval != 0)
2972				break;
2973		}
2974		mtx_unlock(&softc->ctl_lock);
2975
2976		if ((retval != 0)
2977		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
2978			retval = 0;
2979			sbuf_delete(sb);
2980			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
2981			snprintf(list->error_str, sizeof(list->error_str),
2982				 "Out of space, %d bytes is too small",
2983				 list->alloc_len);
2984			break;
2985		}
2986
2987		sbuf_finish(sb);
2988
2989		retval = copyout(sbuf_data(sb), list->lun_xml,
2990				 sbuf_len(sb) + 1);
2991
2992		list->fill_len = sbuf_len(sb) + 1;
2993		list->status = CTL_LUN_LIST_OK;
2994		sbuf_delete(sb);
2995		break;
2996	}
2997	case CTL_LUN_MAP: {
2998		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
2999		struct ctl_port *port;
3000
3001		mtx_lock(&softc->ctl_lock);
3002		if (lm->port >= CTL_MAX_PORTS ||
3003		    (port = softc->ctl_ports[lm->port]) == NULL) {
3004			mtx_unlock(&softc->ctl_lock);
3005			return (ENXIO);
3006		}
3007		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3008		if (lm->plun < CTL_MAX_LUNS) {
3009			if (lm->lun == UINT32_MAX)
3010				retval = ctl_lun_map_unset(port, lm->plun);
3011			else if (lm->lun < CTL_MAX_LUNS &&
3012			    softc->ctl_luns[lm->lun] != NULL)
3013				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3014			else
3015				return (ENXIO);
3016		} else if (lm->plun == UINT32_MAX) {
3017			if (lm->lun == UINT32_MAX)
3018				retval = ctl_lun_map_deinit(port);
3019			else
3020				retval = ctl_lun_map_init(port);
3021		} else
3022			return (ENXIO);
3023		break;
3024	}
3025	default: {
3026		/* XXX KDM should we fix this? */
3027#if 0
3028		struct ctl_backend_driver *backend;
3029		unsigned int type;
3030		int found;
3031
3032		found = 0;
3033
3034		/*
3035		 * We encode the backend type as the ioctl type for backend
3036		 * ioctls.  So parse it out here, and then search for a
3037		 * backend of this type.
3038		 */
3039		type = _IOC_TYPE(cmd);
3040
3041		STAILQ_FOREACH(backend, &softc->be_list, links) {
3042			if (backend->type == type) {
3043				found = 1;
3044				break;
3045			}
3046		}
3047		if (found == 0) {
3048			printf("ctl: unknown ioctl command %#lx or backend "
3049			       "%d\n", cmd, type);
3050			retval = EINVAL;
3051			break;
3052		}
3053		retval = backend->ioctl(dev, cmd, addr, flag, td);
3054#endif
3055		retval = ENOTTY;
3056		break;
3057	}
3058	}
3059	return (retval);
3060}
3061
3062uint32_t
3063ctl_get_initindex(struct ctl_nexus *nexus)
3064{
3065	if (nexus->targ_port < CTL_MAX_PORTS)
3066		return (nexus->initid.id +
3067			(nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3068	else
3069		return (nexus->initid.id +
3070		       ((nexus->targ_port - CTL_MAX_PORTS) *
3071			CTL_MAX_INIT_PER_PORT));
3072}
3073
3074uint32_t
3075ctl_get_resindex(struct ctl_nexus *nexus)
3076{
3077	return (nexus->initid.id + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3078}
3079
3080uint32_t
3081ctl_port_idx(int port_num)
3082{
3083	if (port_num < CTL_MAX_PORTS)
3084		return(port_num);
3085	else
3086		return(port_num - CTL_MAX_PORTS);
3087}
3088
3089int
3090ctl_lun_map_init(struct ctl_port *port)
3091{
3092	struct ctl_softc *softc = control_softc;
3093	struct ctl_lun *lun;
3094	uint32_t i;
3095
3096	if (port->lun_map == NULL)
3097		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3098		    M_CTL, M_NOWAIT);
3099	if (port->lun_map == NULL)
3100		return (ENOMEM);
3101	for (i = 0; i < CTL_MAX_LUNS; i++)
3102		port->lun_map[i] = UINT32_MAX;
3103	if (port->status & CTL_PORT_STATUS_ONLINE &&
3104	    port->lun_disable != NULL) {
3105		STAILQ_FOREACH(lun, &softc->lun_list, links)
3106			port->lun_disable(port->targ_lun_arg, lun->lun);
3107	}
3108	return (0);
3109}
3110
3111int
3112ctl_lun_map_deinit(struct ctl_port *port)
3113{
3114	struct ctl_softc *softc = control_softc;
3115	struct ctl_lun *lun;
3116
3117	if (port->lun_map == NULL)
3118		return (0);
3119	free(port->lun_map, M_CTL);
3120	port->lun_map = NULL;
3121	if (port->status & CTL_PORT_STATUS_ONLINE &&
3122	    port->lun_enable != NULL) {
3123		STAILQ_FOREACH(lun, &softc->lun_list, links)
3124			port->lun_enable(port->targ_lun_arg, lun->lun);
3125	}
3126	return (0);
3127}
3128
3129int
3130ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3131{
3132	int status;
3133	uint32_t old;
3134
3135	if (port->lun_map == NULL) {
3136		status = ctl_lun_map_init(port);
3137		if (status != 0)
3138			return (status);
3139	}
3140	old = port->lun_map[plun];
3141	port->lun_map[plun] = glun;
3142	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS &&
3143	    port->lun_enable != NULL)
3144		port->lun_enable(port->targ_lun_arg, plun);
3145	return (0);
3146}
3147
3148int
3149ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3150{
3151	uint32_t old;
3152
3153	if (port->lun_map == NULL)
3154		return (0);
3155	old = port->lun_map[plun];
3156	port->lun_map[plun] = UINT32_MAX;
3157	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS &&
3158	    port->lun_disable != NULL)
3159		port->lun_disable(port->targ_lun_arg, plun);
3160	return (0);
3161}
3162
3163uint32_t
3164ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3165{
3166
3167	if (port == NULL)
3168		return (UINT32_MAX);
3169	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3170		return (lun_id);
3171	return (port->lun_map[lun_id]);
3172}
3173
3174uint32_t
3175ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3176{
3177	uint32_t i;
3178
3179	if (port == NULL)
3180		return (UINT32_MAX);
3181	if (port->lun_map == NULL)
3182		return (lun_id);
3183	for (i = 0; i < CTL_MAX_LUNS; i++) {
3184		if (port->lun_map[i] == lun_id)
3185			return (i);
3186	}
3187	return (UINT32_MAX);
3188}
3189
3190static struct ctl_port *
3191ctl_io_port(struct ctl_io_hdr *io_hdr)
3192{
3193	int port_num;
3194
3195	port_num = io_hdr->nexus.targ_port;
3196	return (control_softc->ctl_ports[ctl_port_idx(port_num)]);
3197}
3198
3199/*
3200 * Note:  This only works for bitmask sizes that are at least 32 bits, and
3201 * that are a power of 2.
3202 */
3203int
3204ctl_ffz(uint32_t *mask, uint32_t size)
3205{
3206	uint32_t num_chunks, num_pieces;
3207	int i, j;
3208
3209	num_chunks = (size >> 5);
3210	if (num_chunks == 0)
3211		num_chunks++;
3212	num_pieces = MIN((sizeof(uint32_t) * 8), size);
3213
3214	for (i = 0; i < num_chunks; i++) {
3215		for (j = 0; j < num_pieces; j++) {
3216			if ((mask[i] & (1 << j)) == 0)
3217				return ((i << 5) + j);
3218		}
3219	}
3220
3221	return (-1);
3222}
3223
3224int
3225ctl_set_mask(uint32_t *mask, uint32_t bit)
3226{
3227	uint32_t chunk, piece;
3228
3229	chunk = bit >> 5;
3230	piece = bit % (sizeof(uint32_t) * 8);
3231
3232	if ((mask[chunk] & (1 << piece)) != 0)
3233		return (-1);
3234	else
3235		mask[chunk] |= (1 << piece);
3236
3237	return (0);
3238}
3239
3240int
3241ctl_clear_mask(uint32_t *mask, uint32_t bit)
3242{
3243	uint32_t chunk, piece;
3244
3245	chunk = bit >> 5;
3246	piece = bit % (sizeof(uint32_t) * 8);
3247
3248	if ((mask[chunk] & (1 << piece)) == 0)
3249		return (-1);
3250	else
3251		mask[chunk] &= ~(1 << piece);
3252
3253	return (0);
3254}
3255
3256int
3257ctl_is_set(uint32_t *mask, uint32_t bit)
3258{
3259	uint32_t chunk, piece;
3260
3261	chunk = bit >> 5;
3262	piece = bit % (sizeof(uint32_t) * 8);
3263
3264	if ((mask[chunk] & (1 << piece)) == 0)
3265		return (0);
3266	else
3267		return (1);
3268}
3269
3270static uint64_t
3271ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3272{
3273	uint64_t *t;
3274
3275	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3276	if (t == NULL)
3277		return (0);
3278	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3279}
3280
3281static void
3282ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3283{
3284	uint64_t *t;
3285
3286	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3287	if (t == NULL)
3288		return;
3289	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3290}
3291
3292static void
3293ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3294{
3295	uint64_t *p;
3296	u_int i;
3297
3298	i = residx/CTL_MAX_INIT_PER_PORT;
3299	if (lun->pr_keys[i] != NULL)
3300		return;
3301	mtx_unlock(&lun->lun_lock);
3302	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3303	    M_WAITOK | M_ZERO);
3304	mtx_lock(&lun->lun_lock);
3305	if (lun->pr_keys[i] == NULL)
3306		lun->pr_keys[i] = p;
3307	else
3308		free(p, M_CTL);
3309}
3310
3311static void
3312ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3313{
3314	uint64_t *t;
3315
3316	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3317	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3318	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3319}
3320
3321/*
3322 * ctl_softc, pool_name, total_ctl_io are passed in.
3323 * npool is passed out.
3324 */
3325int
3326ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3327		uint32_t total_ctl_io, void **npool)
3328{
3329#ifdef IO_POOLS
3330	struct ctl_io_pool *pool;
3331
3332	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3333					    M_NOWAIT | M_ZERO);
3334	if (pool == NULL)
3335		return (ENOMEM);
3336
3337	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3338	pool->ctl_softc = ctl_softc;
3339	pool->zone = uma_zsecond_create(pool->name, NULL,
3340	    NULL, NULL, NULL, ctl_softc->io_zone);
3341	/* uma_prealloc(pool->zone, total_ctl_io); */
3342
3343	*npool = pool;
3344#else
3345	*npool = ctl_softc->io_zone;
3346#endif
3347	return (0);
3348}
3349
3350void
3351ctl_pool_free(struct ctl_io_pool *pool)
3352{
3353
3354	if (pool == NULL)
3355		return;
3356
3357#ifdef IO_POOLS
3358	uma_zdestroy(pool->zone);
3359	free(pool, M_CTL);
3360#endif
3361}
3362
3363union ctl_io *
3364ctl_alloc_io(void *pool_ref)
3365{
3366	union ctl_io *io;
3367#ifdef IO_POOLS
3368	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3369
3370	io = uma_zalloc(pool->zone, M_WAITOK);
3371#else
3372	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3373#endif
3374	if (io != NULL)
3375		io->io_hdr.pool = pool_ref;
3376	return (io);
3377}
3378
3379union ctl_io *
3380ctl_alloc_io_nowait(void *pool_ref)
3381{
3382	union ctl_io *io;
3383#ifdef IO_POOLS
3384	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3385
3386	io = uma_zalloc(pool->zone, M_NOWAIT);
3387#else
3388	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3389#endif
3390	if (io != NULL)
3391		io->io_hdr.pool = pool_ref;
3392	return (io);
3393}
3394
3395void
3396ctl_free_io(union ctl_io *io)
3397{
3398#ifdef IO_POOLS
3399	struct ctl_io_pool *pool;
3400#endif
3401
3402	if (io == NULL)
3403		return;
3404
3405#ifdef IO_POOLS
3406	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3407	uma_zfree(pool->zone, io);
3408#else
3409	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3410#endif
3411}
3412
3413void
3414ctl_zero_io(union ctl_io *io)
3415{
3416	void *pool_ref;
3417
3418	if (io == NULL)
3419		return;
3420
3421	/*
3422	 * May need to preserve linked list pointers at some point too.
3423	 */
3424	pool_ref = io->io_hdr.pool;
3425	memset(io, 0, sizeof(*io));
3426	io->io_hdr.pool = pool_ref;
3427}
3428
3429/*
3430 * This routine is currently used for internal copies of ctl_ios that need
3431 * to persist for some reason after we've already returned status to the
3432 * FETD.  (Thus the flag set.)
3433 *
3434 * XXX XXX
3435 * Note that this makes a blind copy of all fields in the ctl_io, except
3436 * for the pool reference.  This includes any memory that has been
3437 * allocated!  That memory will no longer be valid after done has been
3438 * called, so this would be VERY DANGEROUS for command that actually does
3439 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3440 * start and stop commands, which don't transfer any data, so this is not a
3441 * problem.  If it is used for anything else, the caller would also need to
3442 * allocate data buffer space and this routine would need to be modified to
3443 * copy the data buffer(s) as well.
3444 */
3445void
3446ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3447{
3448	void *pool_ref;
3449
3450	if ((src == NULL)
3451	 || (dest == NULL))
3452		return;
3453
3454	/*
3455	 * May need to preserve linked list pointers at some point too.
3456	 */
3457	pool_ref = dest->io_hdr.pool;
3458
3459	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3460
3461	dest->io_hdr.pool = pool_ref;
3462	/*
3463	 * We need to know that this is an internal copy, and doesn't need
3464	 * to get passed back to the FETD that allocated it.
3465	 */
3466	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3467}
3468
3469int
3470ctl_expand_number(const char *buf, uint64_t *num)
3471{
3472	char *endptr;
3473	uint64_t number;
3474	unsigned shift;
3475
3476	number = strtoq(buf, &endptr, 0);
3477
3478	switch (tolower((unsigned char)*endptr)) {
3479	case 'e':
3480		shift = 60;
3481		break;
3482	case 'p':
3483		shift = 50;
3484		break;
3485	case 't':
3486		shift = 40;
3487		break;
3488	case 'g':
3489		shift = 30;
3490		break;
3491	case 'm':
3492		shift = 20;
3493		break;
3494	case 'k':
3495		shift = 10;
3496		break;
3497	case 'b':
3498	case '\0': /* No unit. */
3499		*num = number;
3500		return (0);
3501	default:
3502		/* Unrecognized unit. */
3503		return (-1);
3504	}
3505
3506	if ((number << shift) >> shift != number) {
3507		/* Overflow */
3508		return (-1);
3509	}
3510	*num = number << shift;
3511	return (0);
3512}
3513
3514
3515/*
3516 * This routine could be used in the future to load default and/or saved
3517 * mode page parameters for a particuar lun.
3518 */
3519static int
3520ctl_init_page_index(struct ctl_lun *lun)
3521{
3522	int i;
3523	struct ctl_page_index *page_index;
3524	const char *value;
3525	uint64_t ival;
3526
3527	memcpy(&lun->mode_pages.index, page_index_template,
3528	       sizeof(page_index_template));
3529
3530	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3531
3532		page_index = &lun->mode_pages.index[i];
3533		/*
3534		 * If this is a disk-only mode page, there's no point in
3535		 * setting it up.  For some pages, we have to have some
3536		 * basic information about the disk in order to calculate the
3537		 * mode page data.
3538		 */
3539		if ((lun->be_lun->lun_type != T_DIRECT)
3540		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3541			continue;
3542
3543		switch (page_index->page_code & SMPH_PC_MASK) {
3544		case SMS_RW_ERROR_RECOVERY_PAGE: {
3545			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3546				panic("subpage is incorrect!");
3547			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3548			       &rw_er_page_default,
3549			       sizeof(rw_er_page_default));
3550			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3551			       &rw_er_page_changeable,
3552			       sizeof(rw_er_page_changeable));
3553			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3554			       &rw_er_page_default,
3555			       sizeof(rw_er_page_default));
3556			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3557			       &rw_er_page_default,
3558			       sizeof(rw_er_page_default));
3559			page_index->page_data =
3560				(uint8_t *)lun->mode_pages.rw_er_page;
3561			break;
3562		}
3563		case SMS_FORMAT_DEVICE_PAGE: {
3564			struct scsi_format_page *format_page;
3565
3566			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3567				panic("subpage is incorrect!");
3568
3569			/*
3570			 * Sectors per track are set above.  Bytes per
3571			 * sector need to be set here on a per-LUN basis.
3572			 */
3573			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3574			       &format_page_default,
3575			       sizeof(format_page_default));
3576			memcpy(&lun->mode_pages.format_page[
3577			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3578			       sizeof(format_page_changeable));
3579			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3580			       &format_page_default,
3581			       sizeof(format_page_default));
3582			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3583			       &format_page_default,
3584			       sizeof(format_page_default));
3585
3586			format_page = &lun->mode_pages.format_page[
3587				CTL_PAGE_CURRENT];
3588			scsi_ulto2b(lun->be_lun->blocksize,
3589				    format_page->bytes_per_sector);
3590
3591			format_page = &lun->mode_pages.format_page[
3592				CTL_PAGE_DEFAULT];
3593			scsi_ulto2b(lun->be_lun->blocksize,
3594				    format_page->bytes_per_sector);
3595
3596			format_page = &lun->mode_pages.format_page[
3597				CTL_PAGE_SAVED];
3598			scsi_ulto2b(lun->be_lun->blocksize,
3599				    format_page->bytes_per_sector);
3600
3601			page_index->page_data =
3602				(uint8_t *)lun->mode_pages.format_page;
3603			break;
3604		}
3605		case SMS_RIGID_DISK_PAGE: {
3606			struct scsi_rigid_disk_page *rigid_disk_page;
3607			uint32_t sectors_per_cylinder;
3608			uint64_t cylinders;
3609#ifndef	__XSCALE__
3610			int shift;
3611#endif /* !__XSCALE__ */
3612
3613			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3614				panic("invalid subpage value %d",
3615				      page_index->subpage);
3616
3617			/*
3618			 * Rotation rate and sectors per track are set
3619			 * above.  We calculate the cylinders here based on
3620			 * capacity.  Due to the number of heads and
3621			 * sectors per track we're using, smaller arrays
3622			 * may turn out to have 0 cylinders.  Linux and
3623			 * FreeBSD don't pay attention to these mode pages
3624			 * to figure out capacity, but Solaris does.  It
3625			 * seems to deal with 0 cylinders just fine, and
3626			 * works out a fake geometry based on the capacity.
3627			 */
3628			memcpy(&lun->mode_pages.rigid_disk_page[
3629			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3630			       sizeof(rigid_disk_page_default));
3631			memcpy(&lun->mode_pages.rigid_disk_page[
3632			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3633			       sizeof(rigid_disk_page_changeable));
3634
3635			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3636				CTL_DEFAULT_HEADS;
3637
3638			/*
3639			 * The divide method here will be more accurate,
3640			 * probably, but results in floating point being
3641			 * used in the kernel on i386 (__udivdi3()).  On the
3642			 * XScale, though, __udivdi3() is implemented in
3643			 * software.
3644			 *
3645			 * The shift method for cylinder calculation is
3646			 * accurate if sectors_per_cylinder is a power of
3647			 * 2.  Otherwise it might be slightly off -- you
3648			 * might have a bit of a truncation problem.
3649			 */
3650#ifdef	__XSCALE__
3651			cylinders = (lun->be_lun->maxlba + 1) /
3652				sectors_per_cylinder;
3653#else
3654			for (shift = 31; shift > 0; shift--) {
3655				if (sectors_per_cylinder & (1 << shift))
3656					break;
3657			}
3658			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3659#endif
3660
3661			/*
3662			 * We've basically got 3 bytes, or 24 bits for the
3663			 * cylinder size in the mode page.  If we're over,
3664			 * just round down to 2^24.
3665			 */
3666			if (cylinders > 0xffffff)
3667				cylinders = 0xffffff;
3668
3669			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3670				CTL_PAGE_DEFAULT];
3671			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3672
3673			if ((value = ctl_get_opt(&lun->be_lun->options,
3674			    "rpm")) != NULL) {
3675				scsi_ulto2b(strtol(value, NULL, 0),
3676				     rigid_disk_page->rotation_rate);
3677			}
3678
3679			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3680			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3681			       sizeof(rigid_disk_page_default));
3682			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3683			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3684			       sizeof(rigid_disk_page_default));
3685
3686			page_index->page_data =
3687				(uint8_t *)lun->mode_pages.rigid_disk_page;
3688			break;
3689		}
3690		case SMS_CACHING_PAGE: {
3691			struct scsi_caching_page *caching_page;
3692
3693			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3694				panic("invalid subpage value %d",
3695				      page_index->subpage);
3696			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3697			       &caching_page_default,
3698			       sizeof(caching_page_default));
3699			memcpy(&lun->mode_pages.caching_page[
3700			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3701			       sizeof(caching_page_changeable));
3702			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3703			       &caching_page_default,
3704			       sizeof(caching_page_default));
3705			caching_page = &lun->mode_pages.caching_page[
3706			    CTL_PAGE_SAVED];
3707			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3708			if (value != NULL && strcmp(value, "off") == 0)
3709				caching_page->flags1 &= ~SCP_WCE;
3710			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3711			if (value != NULL && strcmp(value, "off") == 0)
3712				caching_page->flags1 |= SCP_RCD;
3713			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3714			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3715			       sizeof(caching_page_default));
3716			page_index->page_data =
3717				(uint8_t *)lun->mode_pages.caching_page;
3718			break;
3719		}
3720		case SMS_CONTROL_MODE_PAGE: {
3721			struct scsi_control_page *control_page;
3722
3723			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3724				panic("invalid subpage value %d",
3725				      page_index->subpage);
3726
3727			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
3728			       &control_page_default,
3729			       sizeof(control_page_default));
3730			memcpy(&lun->mode_pages.control_page[
3731			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
3732			       sizeof(control_page_changeable));
3733			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
3734			       &control_page_default,
3735			       sizeof(control_page_default));
3736			control_page = &lun->mode_pages.control_page[
3737			    CTL_PAGE_SAVED];
3738			value = ctl_get_opt(&lun->be_lun->options, "reordering");
3739			if (value != NULL && strcmp(value, "unrestricted") == 0) {
3740				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
3741				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
3742			}
3743			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3744			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
3745			       sizeof(control_page_default));
3746			page_index->page_data =
3747				(uint8_t *)lun->mode_pages.control_page;
3748			break;
3749
3750		}
3751		case SMS_INFO_EXCEPTIONS_PAGE: {
3752			switch (page_index->subpage) {
3753			case SMS_SUBPAGE_PAGE_0:
3754				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
3755				       &ie_page_default,
3756				       sizeof(ie_page_default));
3757				memcpy(&lun->mode_pages.ie_page[
3758				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
3759				       sizeof(ie_page_changeable));
3760				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
3761				       &ie_page_default,
3762				       sizeof(ie_page_default));
3763				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
3764				       &ie_page_default,
3765				       sizeof(ie_page_default));
3766				page_index->page_data =
3767					(uint8_t *)lun->mode_pages.ie_page;
3768				break;
3769			case 0x02: {
3770				struct ctl_logical_block_provisioning_page *page;
3771
3772				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
3773				       &lbp_page_default,
3774				       sizeof(lbp_page_default));
3775				memcpy(&lun->mode_pages.lbp_page[
3776				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
3777				       sizeof(lbp_page_changeable));
3778				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3779				       &lbp_page_default,
3780				       sizeof(lbp_page_default));
3781				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
3782				value = ctl_get_opt(&lun->be_lun->options,
3783				    "avail-threshold");
3784				if (value != NULL &&
3785				    ctl_expand_number(value, &ival) == 0) {
3786					page->descr[0].flags |= SLBPPD_ENABLED |
3787					    SLBPPD_ARMING_DEC;
3788					if (lun->be_lun->blocksize)
3789						ival /= lun->be_lun->blocksize;
3790					else
3791						ival /= 512;
3792					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3793					    page->descr[0].count);
3794				}
3795				value = ctl_get_opt(&lun->be_lun->options,
3796				    "used-threshold");
3797				if (value != NULL &&
3798				    ctl_expand_number(value, &ival) == 0) {
3799					page->descr[1].flags |= SLBPPD_ENABLED |
3800					    SLBPPD_ARMING_INC;
3801					if (lun->be_lun->blocksize)
3802						ival /= lun->be_lun->blocksize;
3803					else
3804						ival /= 512;
3805					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3806					    page->descr[1].count);
3807				}
3808				value = ctl_get_opt(&lun->be_lun->options,
3809				    "pool-avail-threshold");
3810				if (value != NULL &&
3811				    ctl_expand_number(value, &ival) == 0) {
3812					page->descr[2].flags |= SLBPPD_ENABLED |
3813					    SLBPPD_ARMING_DEC;
3814					if (lun->be_lun->blocksize)
3815						ival /= lun->be_lun->blocksize;
3816					else
3817						ival /= 512;
3818					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3819					    page->descr[2].count);
3820				}
3821				value = ctl_get_opt(&lun->be_lun->options,
3822				    "pool-used-threshold");
3823				if (value != NULL &&
3824				    ctl_expand_number(value, &ival) == 0) {
3825					page->descr[3].flags |= SLBPPD_ENABLED |
3826					    SLBPPD_ARMING_INC;
3827					if (lun->be_lun->blocksize)
3828						ival /= lun->be_lun->blocksize;
3829					else
3830						ival /= 512;
3831					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3832					    page->descr[3].count);
3833				}
3834				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
3835				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3836				       sizeof(lbp_page_default));
3837				page_index->page_data =
3838					(uint8_t *)lun->mode_pages.lbp_page;
3839			}}
3840			break;
3841		}
3842		case SMS_VENDOR_SPECIFIC_PAGE:{
3843			switch (page_index->subpage) {
3844			case DBGCNF_SUBPAGE_CODE: {
3845				struct copan_debugconf_subpage *current_page,
3846							       *saved_page;
3847
3848				memcpy(&lun->mode_pages.debugconf_subpage[
3849				       CTL_PAGE_CURRENT],
3850				       &debugconf_page_default,
3851				       sizeof(debugconf_page_default));
3852				memcpy(&lun->mode_pages.debugconf_subpage[
3853				       CTL_PAGE_CHANGEABLE],
3854				       &debugconf_page_changeable,
3855				       sizeof(debugconf_page_changeable));
3856				memcpy(&lun->mode_pages.debugconf_subpage[
3857				       CTL_PAGE_DEFAULT],
3858				       &debugconf_page_default,
3859				       sizeof(debugconf_page_default));
3860				memcpy(&lun->mode_pages.debugconf_subpage[
3861				       CTL_PAGE_SAVED],
3862				       &debugconf_page_default,
3863				       sizeof(debugconf_page_default));
3864				page_index->page_data =
3865					(uint8_t *)lun->mode_pages.debugconf_subpage;
3866
3867				current_page = (struct copan_debugconf_subpage *)
3868					(page_index->page_data +
3869					 (page_index->page_len *
3870					  CTL_PAGE_CURRENT));
3871				saved_page = (struct copan_debugconf_subpage *)
3872					(page_index->page_data +
3873					 (page_index->page_len *
3874					  CTL_PAGE_SAVED));
3875				break;
3876			}
3877			default:
3878				panic("invalid subpage value %d",
3879				      page_index->subpage);
3880				break;
3881			}
3882   			break;
3883		}
3884		default:
3885			panic("invalid page value %d",
3886			      page_index->page_code & SMPH_PC_MASK);
3887			break;
3888    	}
3889	}
3890
3891	return (CTL_RETVAL_COMPLETE);
3892}
3893
3894static int
3895ctl_init_log_page_index(struct ctl_lun *lun)
3896{
3897	struct ctl_page_index *page_index;
3898	int i, j, k, prev;
3899
3900	memcpy(&lun->log_pages.index, log_page_index_template,
3901	       sizeof(log_page_index_template));
3902
3903	prev = -1;
3904	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
3905
3906		page_index = &lun->log_pages.index[i];
3907		/*
3908		 * If this is a disk-only mode page, there's no point in
3909		 * setting it up.  For some pages, we have to have some
3910		 * basic information about the disk in order to calculate the
3911		 * mode page data.
3912		 */
3913		if ((lun->be_lun->lun_type != T_DIRECT)
3914		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3915			continue;
3916
3917		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
3918		     lun->backend->lun_attr == NULL)
3919			continue;
3920
3921		if (page_index->page_code != prev) {
3922			lun->log_pages.pages_page[j] = page_index->page_code;
3923			prev = page_index->page_code;
3924			j++;
3925		}
3926		lun->log_pages.subpages_page[k*2] = page_index->page_code;
3927		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
3928		k++;
3929	}
3930	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
3931	lun->log_pages.index[0].page_len = j;
3932	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
3933	lun->log_pages.index[1].page_len = k * 2;
3934	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
3935	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
3936	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
3937	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
3938
3939	return (CTL_RETVAL_COMPLETE);
3940}
3941
3942static int
3943hex2bin(const char *str, uint8_t *buf, int buf_size)
3944{
3945	int i;
3946	u_char c;
3947
3948	memset(buf, 0, buf_size);
3949	while (isspace(str[0]))
3950		str++;
3951	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
3952		str += 2;
3953	buf_size *= 2;
3954	for (i = 0; str[i] != 0 && i < buf_size; i++) {
3955		c = str[i];
3956		if (isdigit(c))
3957			c -= '0';
3958		else if (isalpha(c))
3959			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
3960		else
3961			break;
3962		if (c >= 16)
3963			break;
3964		if ((i & 1) == 0)
3965			buf[i / 2] |= (c << 4);
3966		else
3967			buf[i / 2] |= c;
3968	}
3969	return ((i + 1) / 2);
3970}
3971
3972/*
3973 * LUN allocation.
3974 *
3975 * Requirements:
3976 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
3977 *   wants us to allocate the LUN and he can block.
3978 * - ctl_softc is always set
3979 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
3980 *
3981 * Returns 0 for success, non-zero (errno) for failure.
3982 */
3983static int
3984ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
3985	      struct ctl_be_lun *const be_lun)
3986{
3987	struct ctl_lun *nlun, *lun;
3988	struct scsi_vpd_id_descriptor *desc;
3989	struct scsi_vpd_id_t10 *t10id;
3990	const char *eui, *naa, *scsiname, *vendor, *value;
3991	int lun_number, i, lun_malloced;
3992	int devidlen, idlen1, idlen2 = 0, len;
3993
3994	if (be_lun == NULL)
3995		return (EINVAL);
3996
3997	/*
3998	 * We currently only support Direct Access or Processor LUN types.
3999	 */
4000	switch (be_lun->lun_type) {
4001	case T_DIRECT:
4002		break;
4003	case T_PROCESSOR:
4004		break;
4005	case T_SEQUENTIAL:
4006	case T_CHANGER:
4007	default:
4008		be_lun->lun_config_status(be_lun->be_lun,
4009					  CTL_LUN_CONFIG_FAILURE);
4010		break;
4011	}
4012	if (ctl_lun == NULL) {
4013		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4014		lun_malloced = 1;
4015	} else {
4016		lun_malloced = 0;
4017		lun = ctl_lun;
4018	}
4019
4020	memset(lun, 0, sizeof(*lun));
4021	if (lun_malloced)
4022		lun->flags = CTL_LUN_MALLOCED;
4023
4024	/* Generate LUN ID. */
4025	devidlen = max(CTL_DEVID_MIN_LEN,
4026	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4027	idlen1 = sizeof(*t10id) + devidlen;
4028	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4029	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4030	if (scsiname != NULL) {
4031		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4032		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4033	}
4034	eui = ctl_get_opt(&be_lun->options, "eui");
4035	if (eui != NULL) {
4036		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4037	}
4038	naa = ctl_get_opt(&be_lun->options, "naa");
4039	if (naa != NULL) {
4040		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4041	}
4042	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4043	    M_CTL, M_WAITOK | M_ZERO);
4044	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4045	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4046	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4047	desc->length = idlen1;
4048	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4049	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4050	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4051		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4052	} else {
4053		strncpy(t10id->vendor, vendor,
4054		    min(sizeof(t10id->vendor), strlen(vendor)));
4055	}
4056	strncpy((char *)t10id->vendor_spec_id,
4057	    (char *)be_lun->device_id, devidlen);
4058	if (scsiname != NULL) {
4059		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4060		    desc->length);
4061		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4062		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4063		    SVPD_ID_TYPE_SCSI_NAME;
4064		desc->length = idlen2;
4065		strlcpy(desc->identifier, scsiname, idlen2);
4066	}
4067	if (eui != NULL) {
4068		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4069		    desc->length);
4070		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4071		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4072		    SVPD_ID_TYPE_EUI64;
4073		desc->length = hex2bin(eui, desc->identifier, 16);
4074		desc->length = desc->length > 12 ? 16 :
4075		    (desc->length > 8 ? 12 : 8);
4076		len -= 16 - desc->length;
4077	}
4078	if (naa != NULL) {
4079		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4080		    desc->length);
4081		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4082		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4083		    SVPD_ID_TYPE_NAA;
4084		desc->length = hex2bin(naa, desc->identifier, 16);
4085		desc->length = desc->length > 8 ? 16 : 8;
4086		len -= 16 - desc->length;
4087	}
4088	lun->lun_devid->len = len;
4089
4090	mtx_lock(&ctl_softc->ctl_lock);
4091	/*
4092	 * See if the caller requested a particular LUN number.  If so, see
4093	 * if it is available.  Otherwise, allocate the first available LUN.
4094	 */
4095	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4096		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4097		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4098			mtx_unlock(&ctl_softc->ctl_lock);
4099			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4100				printf("ctl: requested LUN ID %d is higher "
4101				       "than CTL_MAX_LUNS - 1 (%d)\n",
4102				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4103			} else {
4104				/*
4105				 * XXX KDM return an error, or just assign
4106				 * another LUN ID in this case??
4107				 */
4108				printf("ctl: requested LUN ID %d is already "
4109				       "in use\n", be_lun->req_lun_id);
4110			}
4111			if (lun->flags & CTL_LUN_MALLOCED)
4112				free(lun, M_CTL);
4113			be_lun->lun_config_status(be_lun->be_lun,
4114						  CTL_LUN_CONFIG_FAILURE);
4115			return (ENOSPC);
4116		}
4117		lun_number = be_lun->req_lun_id;
4118	} else {
4119		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, CTL_MAX_LUNS);
4120		if (lun_number == -1) {
4121			mtx_unlock(&ctl_softc->ctl_lock);
4122			printf("ctl: can't allocate LUN, out of LUNs\n");
4123			if (lun->flags & CTL_LUN_MALLOCED)
4124				free(lun, M_CTL);
4125			be_lun->lun_config_status(be_lun->be_lun,
4126						  CTL_LUN_CONFIG_FAILURE);
4127			return (ENOSPC);
4128		}
4129	}
4130	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4131
4132	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4133	lun->lun = lun_number;
4134	lun->be_lun = be_lun;
4135	/*
4136	 * The processor LUN is always enabled.  Disk LUNs come on line
4137	 * disabled, and must be enabled by the backend.
4138	 */
4139	lun->flags |= CTL_LUN_DISABLED;
4140	lun->backend = be_lun->be;
4141	be_lun->ctl_lun = lun;
4142	be_lun->lun_id = lun_number;
4143	atomic_add_int(&be_lun->be->num_luns, 1);
4144	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4145		lun->flags |= CTL_LUN_OFFLINE;
4146
4147	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4148		lun->flags |= CTL_LUN_STOPPED;
4149
4150	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4151		lun->flags |= CTL_LUN_INOPERABLE;
4152
4153	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4154		lun->flags |= CTL_LUN_PRIMARY_SC;
4155
4156	value = ctl_get_opt(&be_lun->options, "readonly");
4157	if (value != NULL && strcmp(value, "on") == 0)
4158		lun->flags |= CTL_LUN_READONLY;
4159
4160	lun->serseq = CTL_LUN_SERSEQ_OFF;
4161	if (be_lun->flags & CTL_LUN_FLAG_SERSEQ_READ)
4162		lun->serseq = CTL_LUN_SERSEQ_READ;
4163	value = ctl_get_opt(&be_lun->options, "serseq");
4164	if (value != NULL && strcmp(value, "on") == 0)
4165		lun->serseq = CTL_LUN_SERSEQ_ON;
4166	else if (value != NULL && strcmp(value, "read") == 0)
4167		lun->serseq = CTL_LUN_SERSEQ_READ;
4168	else if (value != NULL && strcmp(value, "off") == 0)
4169		lun->serseq = CTL_LUN_SERSEQ_OFF;
4170
4171	lun->ctl_softc = ctl_softc;
4172#ifdef CTL_TIME_IO
4173	lun->last_busy = getsbinuptime();
4174#endif
4175	TAILQ_INIT(&lun->ooa_queue);
4176	TAILQ_INIT(&lun->blocked_queue);
4177	STAILQ_INIT(&lun->error_list);
4178	ctl_tpc_lun_init(lun);
4179
4180	/*
4181	 * Initialize the mode and log page index.
4182	 */
4183	ctl_init_page_index(lun);
4184	ctl_init_log_page_index(lun);
4185
4186	/*
4187	 * Now, before we insert this lun on the lun list, set the lun
4188	 * inventory changed UA for all other luns.
4189	 */
4190	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4191		mtx_lock(&nlun->lun_lock);
4192		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4193		mtx_unlock(&nlun->lun_lock);
4194	}
4195
4196	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4197
4198	ctl_softc->ctl_luns[lun_number] = lun;
4199
4200	ctl_softc->num_luns++;
4201
4202	/* Setup statistics gathering */
4203	lun->stats.device_type = be_lun->lun_type;
4204	lun->stats.lun_number = lun_number;
4205	if (lun->stats.device_type == T_DIRECT)
4206		lun->stats.blocksize = be_lun->blocksize;
4207	else
4208		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4209	for (i = 0;i < CTL_MAX_PORTS;i++)
4210		lun->stats.ports[i].targ_port = i;
4211
4212	mtx_unlock(&ctl_softc->ctl_lock);
4213
4214	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4215	return (0);
4216}
4217
4218/*
4219 * Delete a LUN.
4220 * Assumptions:
4221 * - LUN has already been marked invalid and any pending I/O has been taken
4222 *   care of.
4223 */
4224static int
4225ctl_free_lun(struct ctl_lun *lun)
4226{
4227	struct ctl_softc *softc;
4228	struct ctl_lun *nlun;
4229	int i;
4230
4231	softc = lun->ctl_softc;
4232
4233	mtx_assert(&softc->ctl_lock, MA_OWNED);
4234
4235	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4236
4237	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4238
4239	softc->ctl_luns[lun->lun] = NULL;
4240
4241	if (!TAILQ_EMPTY(&lun->ooa_queue))
4242		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4243
4244	softc->num_luns--;
4245
4246	/*
4247	 * Tell the backend to free resources, if this LUN has a backend.
4248	 */
4249	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4250	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4251
4252	ctl_tpc_lun_shutdown(lun);
4253	mtx_destroy(&lun->lun_lock);
4254	free(lun->lun_devid, M_CTL);
4255	for (i = 0; i < CTL_MAX_PORTS; i++)
4256		free(lun->pending_ua[i], M_CTL);
4257	for (i = 0; i < 2 * CTL_MAX_PORTS; i++)
4258		free(lun->pr_keys[i], M_CTL);
4259	free(lun->write_buffer, M_CTL);
4260	if (lun->flags & CTL_LUN_MALLOCED)
4261		free(lun, M_CTL);
4262
4263	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4264		mtx_lock(&nlun->lun_lock);
4265		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4266		mtx_unlock(&nlun->lun_lock);
4267	}
4268
4269	return (0);
4270}
4271
4272static void
4273ctl_create_lun(struct ctl_be_lun *be_lun)
4274{
4275	struct ctl_softc *softc;
4276
4277	softc = control_softc;
4278
4279	/*
4280	 * ctl_alloc_lun() should handle all potential failure cases.
4281	 */
4282	ctl_alloc_lun(softc, NULL, be_lun);
4283}
4284
4285int
4286ctl_add_lun(struct ctl_be_lun *be_lun)
4287{
4288	struct ctl_softc *softc = control_softc;
4289
4290	mtx_lock(&softc->ctl_lock);
4291	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4292	mtx_unlock(&softc->ctl_lock);
4293	wakeup(&softc->pending_lun_queue);
4294
4295	return (0);
4296}
4297
4298int
4299ctl_enable_lun(struct ctl_be_lun *be_lun)
4300{
4301	struct ctl_softc *softc;
4302	struct ctl_port *port, *nport;
4303	struct ctl_lun *lun;
4304	int retval;
4305
4306	lun = (struct ctl_lun *)be_lun->ctl_lun;
4307	softc = lun->ctl_softc;
4308
4309	mtx_lock(&softc->ctl_lock);
4310	mtx_lock(&lun->lun_lock);
4311	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4312		/*
4313		 * eh?  Why did we get called if the LUN is already
4314		 * enabled?
4315		 */
4316		mtx_unlock(&lun->lun_lock);
4317		mtx_unlock(&softc->ctl_lock);
4318		return (0);
4319	}
4320	lun->flags &= ~CTL_LUN_DISABLED;
4321	mtx_unlock(&lun->lun_lock);
4322
4323	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4324		nport = STAILQ_NEXT(port, links);
4325		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4326		    port->lun_map != NULL || port->lun_enable == NULL)
4327			continue;
4328
4329		/*
4330		 * Drop the lock while we call the FETD's enable routine.
4331		 * This can lead to a callback into CTL (at least in the
4332		 * case of the internal initiator frontend.
4333		 */
4334		mtx_unlock(&softc->ctl_lock);
4335		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4336		mtx_lock(&softc->ctl_lock);
4337		if (retval != 0) {
4338			printf("%s: FETD %s port %d returned error "
4339			       "%d for lun_enable on lun %jd\n",
4340			       __func__, port->port_name, port->targ_port,
4341			       retval, (intmax_t)lun->lun);
4342		}
4343	}
4344
4345	mtx_unlock(&softc->ctl_lock);
4346
4347	return (0);
4348}
4349
4350int
4351ctl_disable_lun(struct ctl_be_lun *be_lun)
4352{
4353	struct ctl_softc *softc;
4354	struct ctl_port *port;
4355	struct ctl_lun *lun;
4356	int retval;
4357
4358	lun = (struct ctl_lun *)be_lun->ctl_lun;
4359	softc = lun->ctl_softc;
4360
4361	mtx_lock(&softc->ctl_lock);
4362	mtx_lock(&lun->lun_lock);
4363	if (lun->flags & CTL_LUN_DISABLED) {
4364		mtx_unlock(&lun->lun_lock);
4365		mtx_unlock(&softc->ctl_lock);
4366		return (0);
4367	}
4368	lun->flags |= CTL_LUN_DISABLED;
4369	mtx_unlock(&lun->lun_lock);
4370
4371	STAILQ_FOREACH(port, &softc->port_list, links) {
4372		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4373		    port->lun_map != NULL || port->lun_disable == NULL)
4374			continue;
4375
4376		/*
4377		 * Drop the lock before we call the frontend's disable
4378		 * routine, to avoid lock order reversals.
4379		 *
4380		 * XXX KDM what happens if the frontend list changes while
4381		 * we're traversing it?  It's unlikely, but should be handled.
4382		 */
4383		mtx_unlock(&softc->ctl_lock);
4384		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4385		mtx_lock(&softc->ctl_lock);
4386		if (retval != 0) {
4387			printf("%s: FETD %s port %d returned error "
4388			       "%d for lun_disable on lun %jd\n",
4389			       __func__, port->port_name, port->targ_port,
4390			       retval, (intmax_t)lun->lun);
4391		}
4392	}
4393
4394	mtx_unlock(&softc->ctl_lock);
4395
4396	return (0);
4397}
4398
4399int
4400ctl_start_lun(struct ctl_be_lun *be_lun)
4401{
4402	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4403
4404	mtx_lock(&lun->lun_lock);
4405	lun->flags &= ~CTL_LUN_STOPPED;
4406	mtx_unlock(&lun->lun_lock);
4407	return (0);
4408}
4409
4410int
4411ctl_stop_lun(struct ctl_be_lun *be_lun)
4412{
4413	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4414
4415	mtx_lock(&lun->lun_lock);
4416	lun->flags |= CTL_LUN_STOPPED;
4417	mtx_unlock(&lun->lun_lock);
4418	return (0);
4419}
4420
4421int
4422ctl_lun_offline(struct ctl_be_lun *be_lun)
4423{
4424	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4425
4426	mtx_lock(&lun->lun_lock);
4427	lun->flags |= CTL_LUN_OFFLINE;
4428	mtx_unlock(&lun->lun_lock);
4429	return (0);
4430}
4431
4432int
4433ctl_lun_online(struct ctl_be_lun *be_lun)
4434{
4435	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4436
4437	mtx_lock(&lun->lun_lock);
4438	lun->flags &= ~CTL_LUN_OFFLINE;
4439	mtx_unlock(&lun->lun_lock);
4440	return (0);
4441}
4442
4443int
4444ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4445{
4446	struct ctl_softc *softc;
4447	struct ctl_lun *lun;
4448
4449	lun = (struct ctl_lun *)be_lun->ctl_lun;
4450	softc = lun->ctl_softc;
4451
4452	mtx_lock(&lun->lun_lock);
4453
4454	/*
4455	 * The LUN needs to be disabled before it can be marked invalid.
4456	 */
4457	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4458		mtx_unlock(&lun->lun_lock);
4459		return (-1);
4460	}
4461	/*
4462	 * Mark the LUN invalid.
4463	 */
4464	lun->flags |= CTL_LUN_INVALID;
4465
4466	/*
4467	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4468	 * If we have something in the OOA queue, we'll free it when the
4469	 * last I/O completes.
4470	 */
4471	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4472		mtx_unlock(&lun->lun_lock);
4473		mtx_lock(&softc->ctl_lock);
4474		ctl_free_lun(lun);
4475		mtx_unlock(&softc->ctl_lock);
4476	} else
4477		mtx_unlock(&lun->lun_lock);
4478
4479	return (0);
4480}
4481
4482int
4483ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4484{
4485	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4486
4487	mtx_lock(&lun->lun_lock);
4488	lun->flags |= CTL_LUN_INOPERABLE;
4489	mtx_unlock(&lun->lun_lock);
4490	return (0);
4491}
4492
4493int
4494ctl_lun_operable(struct ctl_be_lun *be_lun)
4495{
4496	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4497
4498	mtx_lock(&lun->lun_lock);
4499	lun->flags &= ~CTL_LUN_INOPERABLE;
4500	mtx_unlock(&lun->lun_lock);
4501	return (0);
4502}
4503
4504void
4505ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4506{
4507	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4508
4509	mtx_lock(&lun->lun_lock);
4510	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4511	mtx_unlock(&lun->lun_lock);
4512}
4513
4514/*
4515 * Backend "memory move is complete" callback for requests that never
4516 * make it down to say RAIDCore's configuration code.
4517 */
4518int
4519ctl_config_move_done(union ctl_io *io)
4520{
4521	int retval;
4522
4523	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4524	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4525	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4526
4527	if ((io->io_hdr.port_status != 0) &&
4528	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4529	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4530		/*
4531		 * For hardware error sense keys, the sense key
4532		 * specific value is defined to be a retry count,
4533		 * but we use it to pass back an internal FETD
4534		 * error code.  XXX KDM  Hopefully the FETD is only
4535		 * using 16 bits for an error code, since that's
4536		 * all the space we have in the sks field.
4537		 */
4538		ctl_set_internal_failure(&io->scsiio,
4539					 /*sks_valid*/ 1,
4540					 /*retry_count*/
4541					 io->io_hdr.port_status);
4542	}
4543
4544	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4545	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4546	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4547	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4548		/*
4549		 * XXX KDM just assuming a single pointer here, and not a
4550		 * S/G list.  If we start using S/G lists for config data,
4551		 * we'll need to know how to clean them up here as well.
4552		 */
4553		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4554			free(io->scsiio.kern_data_ptr, M_CTL);
4555		ctl_done(io);
4556		retval = CTL_RETVAL_COMPLETE;
4557	} else {
4558		/*
4559		 * XXX KDM now we need to continue data movement.  Some
4560		 * options:
4561		 * - call ctl_scsiio() again?  We don't do this for data
4562		 *   writes, because for those at least we know ahead of
4563		 *   time where the write will go and how long it is.  For
4564		 *   config writes, though, that information is largely
4565		 *   contained within the write itself, thus we need to
4566		 *   parse out the data again.
4567		 *
4568		 * - Call some other function once the data is in?
4569		 */
4570		if (ctl_debug & CTL_DEBUG_CDB_DATA)
4571			ctl_data_print(io);
4572
4573		/*
4574		 * XXX KDM call ctl_scsiio() again for now, and check flag
4575		 * bits to see whether we're allocated or not.
4576		 */
4577		retval = ctl_scsiio(&io->scsiio);
4578	}
4579	return (retval);
4580}
4581
4582/*
4583 * This gets called by a backend driver when it is done with a
4584 * data_submit method.
4585 */
4586void
4587ctl_data_submit_done(union ctl_io *io)
4588{
4589	/*
4590	 * If the IO_CONT flag is set, we need to call the supplied
4591	 * function to continue processing the I/O, instead of completing
4592	 * the I/O just yet.
4593	 *
4594	 * If there is an error, though, we don't want to keep processing.
4595	 * Instead, just send status back to the initiator.
4596	 */
4597	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4598	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4599	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4600	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4601		io->scsiio.io_cont(io);
4602		return;
4603	}
4604	ctl_done(io);
4605}
4606
4607/*
4608 * This gets called by a backend driver when it is done with a
4609 * configuration write.
4610 */
4611void
4612ctl_config_write_done(union ctl_io *io)
4613{
4614	uint8_t *buf;
4615
4616	/*
4617	 * If the IO_CONT flag is set, we need to call the supplied
4618	 * function to continue processing the I/O, instead of completing
4619	 * the I/O just yet.
4620	 *
4621	 * If there is an error, though, we don't want to keep processing.
4622	 * Instead, just send status back to the initiator.
4623	 */
4624	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4625	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4626	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4627	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4628		io->scsiio.io_cont(io);
4629		return;
4630	}
4631	/*
4632	 * Since a configuration write can be done for commands that actually
4633	 * have data allocated, like write buffer, and commands that have
4634	 * no data, like start/stop unit, we need to check here.
4635	 */
4636	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4637		buf = io->scsiio.kern_data_ptr;
4638	else
4639		buf = NULL;
4640	ctl_done(io);
4641	if (buf)
4642		free(buf, M_CTL);
4643}
4644
4645void
4646ctl_config_read_done(union ctl_io *io)
4647{
4648	uint8_t *buf;
4649
4650	/*
4651	 * If there is some error -- we are done, skip data transfer.
4652	 */
4653	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4654	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4655	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4656		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4657			buf = io->scsiio.kern_data_ptr;
4658		else
4659			buf = NULL;
4660		ctl_done(io);
4661		if (buf)
4662			free(buf, M_CTL);
4663		return;
4664	}
4665
4666	/*
4667	 * If the IO_CONT flag is set, we need to call the supplied
4668	 * function to continue processing the I/O, instead of completing
4669	 * the I/O just yet.
4670	 */
4671	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4672		io->scsiio.io_cont(io);
4673		return;
4674	}
4675
4676	ctl_datamove(io);
4677}
4678
4679/*
4680 * SCSI release command.
4681 */
4682int
4683ctl_scsi_release(struct ctl_scsiio *ctsio)
4684{
4685	int length, longid, thirdparty_id, resv_id;
4686	struct ctl_lun *lun;
4687	uint32_t residx;
4688
4689	length = 0;
4690	resv_id = 0;
4691
4692	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4693
4694	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
4695	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4696
4697	switch (ctsio->cdb[0]) {
4698	case RELEASE_10: {
4699		struct scsi_release_10 *cdb;
4700
4701		cdb = (struct scsi_release_10 *)ctsio->cdb;
4702
4703		if (cdb->byte2 & SR10_LONGID)
4704			longid = 1;
4705		else
4706			thirdparty_id = cdb->thirdparty_id;
4707
4708		resv_id = cdb->resv_id;
4709		length = scsi_2btoul(cdb->length);
4710		break;
4711	}
4712	}
4713
4714
4715	/*
4716	 * XXX KDM right now, we only support LUN reservation.  We don't
4717	 * support 3rd party reservations, or extent reservations, which
4718	 * might actually need the parameter list.  If we've gotten this
4719	 * far, we've got a LUN reservation.  Anything else got kicked out
4720	 * above.  So, according to SPC, ignore the length.
4721	 */
4722	length = 0;
4723
4724	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4725	 && (length > 0)) {
4726		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4727		ctsio->kern_data_len = length;
4728		ctsio->kern_total_len = length;
4729		ctsio->kern_data_resid = 0;
4730		ctsio->kern_rel_offset = 0;
4731		ctsio->kern_sg_entries = 0;
4732		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4733		ctsio->be_move_done = ctl_config_move_done;
4734		ctl_datamove((union ctl_io *)ctsio);
4735
4736		return (CTL_RETVAL_COMPLETE);
4737	}
4738
4739	if (length > 0)
4740		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4741
4742	mtx_lock(&lun->lun_lock);
4743
4744	/*
4745	 * According to SPC, it is not an error for an intiator to attempt
4746	 * to release a reservation on a LUN that isn't reserved, or that
4747	 * is reserved by another initiator.  The reservation can only be
4748	 * released, though, by the initiator who made it or by one of
4749	 * several reset type events.
4750	 */
4751	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
4752			lun->flags &= ~CTL_LUN_RESERVED;
4753
4754	mtx_unlock(&lun->lun_lock);
4755
4756	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4757		free(ctsio->kern_data_ptr, M_CTL);
4758		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4759	}
4760
4761	ctl_set_success(ctsio);
4762	ctl_done((union ctl_io *)ctsio);
4763	return (CTL_RETVAL_COMPLETE);
4764}
4765
4766int
4767ctl_scsi_reserve(struct ctl_scsiio *ctsio)
4768{
4769	int extent, thirdparty, longid;
4770	int resv_id, length;
4771	uint64_t thirdparty_id;
4772	struct ctl_lun *lun;
4773	uint32_t residx;
4774
4775	extent = 0;
4776	thirdparty = 0;
4777	longid = 0;
4778	resv_id = 0;
4779	length = 0;
4780	thirdparty_id = 0;
4781
4782	CTL_DEBUG_PRINT(("ctl_reserve\n"));
4783
4784	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
4785	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4786
4787	switch (ctsio->cdb[0]) {
4788	case RESERVE_10: {
4789		struct scsi_reserve_10 *cdb;
4790
4791		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
4792
4793		if (cdb->byte2 & SR10_LONGID)
4794			longid = 1;
4795		else
4796			thirdparty_id = cdb->thirdparty_id;
4797
4798		resv_id = cdb->resv_id;
4799		length = scsi_2btoul(cdb->length);
4800		break;
4801	}
4802	}
4803
4804	/*
4805	 * XXX KDM right now, we only support LUN reservation.  We don't
4806	 * support 3rd party reservations, or extent reservations, which
4807	 * might actually need the parameter list.  If we've gotten this
4808	 * far, we've got a LUN reservation.  Anything else got kicked out
4809	 * above.  So, according to SPC, ignore the length.
4810	 */
4811	length = 0;
4812
4813	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4814	 && (length > 0)) {
4815		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4816		ctsio->kern_data_len = length;
4817		ctsio->kern_total_len = length;
4818		ctsio->kern_data_resid = 0;
4819		ctsio->kern_rel_offset = 0;
4820		ctsio->kern_sg_entries = 0;
4821		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4822		ctsio->be_move_done = ctl_config_move_done;
4823		ctl_datamove((union ctl_io *)ctsio);
4824
4825		return (CTL_RETVAL_COMPLETE);
4826	}
4827
4828	if (length > 0)
4829		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4830
4831	mtx_lock(&lun->lun_lock);
4832	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
4833		ctl_set_reservation_conflict(ctsio);
4834		goto bailout;
4835	}
4836
4837	lun->flags |= CTL_LUN_RESERVED;
4838	lun->res_idx = residx;
4839
4840	ctl_set_success(ctsio);
4841
4842bailout:
4843	mtx_unlock(&lun->lun_lock);
4844
4845	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4846		free(ctsio->kern_data_ptr, M_CTL);
4847		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4848	}
4849
4850	ctl_done((union ctl_io *)ctsio);
4851	return (CTL_RETVAL_COMPLETE);
4852}
4853
4854int
4855ctl_start_stop(struct ctl_scsiio *ctsio)
4856{
4857	struct scsi_start_stop_unit *cdb;
4858	struct ctl_lun *lun;
4859	int retval;
4860
4861	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
4862
4863	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4864	retval = 0;
4865
4866	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
4867
4868	/*
4869	 * XXX KDM
4870	 * We don't support the immediate bit on a stop unit.  In order to
4871	 * do that, we would need to code up a way to know that a stop is
4872	 * pending, and hold off any new commands until it completes, one
4873	 * way or another.  Then we could accept or reject those commands
4874	 * depending on its status.  We would almost need to do the reverse
4875	 * of what we do below for an immediate start -- return the copy of
4876	 * the ctl_io to the FETD with status to send to the host (and to
4877	 * free the copy!) and then free the original I/O once the stop
4878	 * actually completes.  That way, the OOA queue mechanism can work
4879	 * to block commands that shouldn't proceed.  Another alternative
4880	 * would be to put the copy in the queue in place of the original,
4881	 * and return the original back to the caller.  That could be
4882	 * slightly safer..
4883	 */
4884	if ((cdb->byte2 & SSS_IMMED)
4885	 && ((cdb->how & SSS_START) == 0)) {
4886		ctl_set_invalid_field(ctsio,
4887				      /*sks_valid*/ 1,
4888				      /*command*/ 1,
4889				      /*field*/ 1,
4890				      /*bit_valid*/ 1,
4891				      /*bit*/ 0);
4892		ctl_done((union ctl_io *)ctsio);
4893		return (CTL_RETVAL_COMPLETE);
4894	}
4895
4896	if ((lun->flags & CTL_LUN_PR_RESERVED)
4897	 && ((cdb->how & SSS_START)==0)) {
4898		uint32_t residx;
4899
4900		residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
4901		if (ctl_get_prkey(lun, residx) == 0
4902		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
4903
4904			ctl_set_reservation_conflict(ctsio);
4905			ctl_done((union ctl_io *)ctsio);
4906			return (CTL_RETVAL_COMPLETE);
4907		}
4908	}
4909
4910	/*
4911	 * If there is no backend on this device, we can't start or stop
4912	 * it.  In theory we shouldn't get any start/stop commands in the
4913	 * first place at this level if the LUN doesn't have a backend.
4914	 * That should get stopped by the command decode code.
4915	 */
4916	if (lun->backend == NULL) {
4917		ctl_set_invalid_opcode(ctsio);
4918		ctl_done((union ctl_io *)ctsio);
4919		return (CTL_RETVAL_COMPLETE);
4920	}
4921
4922	/*
4923	 * XXX KDM Copan-specific offline behavior.
4924	 * Figure out a reasonable way to port this?
4925	 */
4926#ifdef NEEDTOPORT
4927	mtx_lock(&lun->lun_lock);
4928
4929	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
4930	 && (lun->flags & CTL_LUN_OFFLINE)) {
4931		/*
4932		 * If the LUN is offline, and the on/offline bit isn't set,
4933		 * reject the start or stop.  Otherwise, let it through.
4934		 */
4935		mtx_unlock(&lun->lun_lock);
4936		ctl_set_lun_not_ready(ctsio);
4937		ctl_done((union ctl_io *)ctsio);
4938	} else {
4939		mtx_unlock(&lun->lun_lock);
4940#endif /* NEEDTOPORT */
4941		/*
4942		 * This could be a start or a stop when we're online,
4943		 * or a stop/offline or start/online.  A start or stop when
4944		 * we're offline is covered in the case above.
4945		 */
4946		/*
4947		 * In the non-immediate case, we send the request to
4948		 * the backend and return status to the user when
4949		 * it is done.
4950		 *
4951		 * In the immediate case, we allocate a new ctl_io
4952		 * to hold a copy of the request, and send that to
4953		 * the backend.  We then set good status on the
4954		 * user's request and return it immediately.
4955		 */
4956		if (cdb->byte2 & SSS_IMMED) {
4957			union ctl_io *new_io;
4958
4959			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
4960			ctl_copy_io((union ctl_io *)ctsio, new_io);
4961			retval = lun->backend->config_write(new_io);
4962			ctl_set_success(ctsio);
4963			ctl_done((union ctl_io *)ctsio);
4964		} else {
4965			retval = lun->backend->config_write(
4966				(union ctl_io *)ctsio);
4967		}
4968#ifdef NEEDTOPORT
4969	}
4970#endif
4971	return (retval);
4972}
4973
4974/*
4975 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
4976 * we don't really do anything with the LBA and length fields if the user
4977 * passes them in.  Instead we'll just flush out the cache for the entire
4978 * LUN.
4979 */
4980int
4981ctl_sync_cache(struct ctl_scsiio *ctsio)
4982{
4983	struct ctl_lun *lun;
4984	struct ctl_softc *softc;
4985	struct ctl_lba_len_flags *lbalen;
4986	uint64_t starting_lba;
4987	uint32_t block_count;
4988	int retval;
4989	uint8_t byte2;
4990
4991	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
4992
4993	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4994	softc = lun->ctl_softc;
4995	retval = 0;
4996
4997	switch (ctsio->cdb[0]) {
4998	case SYNCHRONIZE_CACHE: {
4999		struct scsi_sync_cache *cdb;
5000		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5001
5002		starting_lba = scsi_4btoul(cdb->begin_lba);
5003		block_count = scsi_2btoul(cdb->lb_count);
5004		byte2 = cdb->byte2;
5005		break;
5006	}
5007	case SYNCHRONIZE_CACHE_16: {
5008		struct scsi_sync_cache_16 *cdb;
5009		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5010
5011		starting_lba = scsi_8btou64(cdb->begin_lba);
5012		block_count = scsi_4btoul(cdb->lb_count);
5013		byte2 = cdb->byte2;
5014		break;
5015	}
5016	default:
5017		ctl_set_invalid_opcode(ctsio);
5018		ctl_done((union ctl_io *)ctsio);
5019		goto bailout;
5020		break; /* NOTREACHED */
5021	}
5022
5023	/*
5024	 * We check the LBA and length, but don't do anything with them.
5025	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5026	 * get flushed.  This check will just help satisfy anyone who wants
5027	 * to see an error for an out of range LBA.
5028	 */
5029	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5030		ctl_set_lba_out_of_range(ctsio);
5031		ctl_done((union ctl_io *)ctsio);
5032		goto bailout;
5033	}
5034
5035	/*
5036	 * If this LUN has no backend, we can't flush the cache anyway.
5037	 */
5038	if (lun->backend == NULL) {
5039		ctl_set_invalid_opcode(ctsio);
5040		ctl_done((union ctl_io *)ctsio);
5041		goto bailout;
5042	}
5043
5044	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5045	lbalen->lba = starting_lba;
5046	lbalen->len = block_count;
5047	lbalen->flags = byte2;
5048
5049	/*
5050	 * Check to see whether we're configured to send the SYNCHRONIZE
5051	 * CACHE command directly to the back end.
5052	 */
5053	mtx_lock(&lun->lun_lock);
5054	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5055	 && (++(lun->sync_count) >= lun->sync_interval)) {
5056		lun->sync_count = 0;
5057		mtx_unlock(&lun->lun_lock);
5058		retval = lun->backend->config_write((union ctl_io *)ctsio);
5059	} else {
5060		mtx_unlock(&lun->lun_lock);
5061		ctl_set_success(ctsio);
5062		ctl_done((union ctl_io *)ctsio);
5063	}
5064
5065bailout:
5066
5067	return (retval);
5068}
5069
5070int
5071ctl_format(struct ctl_scsiio *ctsio)
5072{
5073	struct scsi_format *cdb;
5074	struct ctl_lun *lun;
5075	int length, defect_list_len;
5076
5077	CTL_DEBUG_PRINT(("ctl_format\n"));
5078
5079	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5080
5081	cdb = (struct scsi_format *)ctsio->cdb;
5082
5083	length = 0;
5084	if (cdb->byte2 & SF_FMTDATA) {
5085		if (cdb->byte2 & SF_LONGLIST)
5086			length = sizeof(struct scsi_format_header_long);
5087		else
5088			length = sizeof(struct scsi_format_header_short);
5089	}
5090
5091	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5092	 && (length > 0)) {
5093		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5094		ctsio->kern_data_len = length;
5095		ctsio->kern_total_len = length;
5096		ctsio->kern_data_resid = 0;
5097		ctsio->kern_rel_offset = 0;
5098		ctsio->kern_sg_entries = 0;
5099		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5100		ctsio->be_move_done = ctl_config_move_done;
5101		ctl_datamove((union ctl_io *)ctsio);
5102
5103		return (CTL_RETVAL_COMPLETE);
5104	}
5105
5106	defect_list_len = 0;
5107
5108	if (cdb->byte2 & SF_FMTDATA) {
5109		if (cdb->byte2 & SF_LONGLIST) {
5110			struct scsi_format_header_long *header;
5111
5112			header = (struct scsi_format_header_long *)
5113				ctsio->kern_data_ptr;
5114
5115			defect_list_len = scsi_4btoul(header->defect_list_len);
5116			if (defect_list_len != 0) {
5117				ctl_set_invalid_field(ctsio,
5118						      /*sks_valid*/ 1,
5119						      /*command*/ 0,
5120						      /*field*/ 2,
5121						      /*bit_valid*/ 0,
5122						      /*bit*/ 0);
5123				goto bailout;
5124			}
5125		} else {
5126			struct scsi_format_header_short *header;
5127
5128			header = (struct scsi_format_header_short *)
5129				ctsio->kern_data_ptr;
5130
5131			defect_list_len = scsi_2btoul(header->defect_list_len);
5132			if (defect_list_len != 0) {
5133				ctl_set_invalid_field(ctsio,
5134						      /*sks_valid*/ 1,
5135						      /*command*/ 0,
5136						      /*field*/ 2,
5137						      /*bit_valid*/ 0,
5138						      /*bit*/ 0);
5139				goto bailout;
5140			}
5141		}
5142	}
5143
5144	/*
5145	 * The format command will clear out the "Medium format corrupted"
5146	 * status if set by the configuration code.  That status is really
5147	 * just a way to notify the host that we have lost the media, and
5148	 * get them to issue a command that will basically make them think
5149	 * they're blowing away the media.
5150	 */
5151	mtx_lock(&lun->lun_lock);
5152	lun->flags &= ~CTL_LUN_INOPERABLE;
5153	mtx_unlock(&lun->lun_lock);
5154
5155	ctl_set_success(ctsio);
5156bailout:
5157
5158	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5159		free(ctsio->kern_data_ptr, M_CTL);
5160		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5161	}
5162
5163	ctl_done((union ctl_io *)ctsio);
5164	return (CTL_RETVAL_COMPLETE);
5165}
5166
5167int
5168ctl_read_buffer(struct ctl_scsiio *ctsio)
5169{
5170	struct scsi_read_buffer *cdb;
5171	struct ctl_lun *lun;
5172	int buffer_offset, len;
5173	static uint8_t descr[4];
5174	static uint8_t echo_descr[4] = { 0 };
5175
5176	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5177
5178	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5179	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5180
5181	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5182	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5183	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5184		ctl_set_invalid_field(ctsio,
5185				      /*sks_valid*/ 1,
5186				      /*command*/ 1,
5187				      /*field*/ 1,
5188				      /*bit_valid*/ 1,
5189				      /*bit*/ 4);
5190		ctl_done((union ctl_io *)ctsio);
5191		return (CTL_RETVAL_COMPLETE);
5192	}
5193
5194	len = scsi_3btoul(cdb->length);
5195	buffer_offset = scsi_3btoul(cdb->offset);
5196
5197	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5198		ctl_set_invalid_field(ctsio,
5199				      /*sks_valid*/ 1,
5200				      /*command*/ 1,
5201				      /*field*/ 6,
5202				      /*bit_valid*/ 0,
5203				      /*bit*/ 0);
5204		ctl_done((union ctl_io *)ctsio);
5205		return (CTL_RETVAL_COMPLETE);
5206	}
5207
5208	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5209		descr[0] = 0;
5210		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5211		ctsio->kern_data_ptr = descr;
5212		len = min(len, sizeof(descr));
5213	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5214		ctsio->kern_data_ptr = echo_descr;
5215		len = min(len, sizeof(echo_descr));
5216	} else {
5217		if (lun->write_buffer == NULL) {
5218			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5219			    M_CTL, M_WAITOK);
5220		}
5221		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5222	}
5223	ctsio->kern_data_len = len;
5224	ctsio->kern_total_len = len;
5225	ctsio->kern_data_resid = 0;
5226	ctsio->kern_rel_offset = 0;
5227	ctsio->kern_sg_entries = 0;
5228	ctl_set_success(ctsio);
5229	ctsio->be_move_done = ctl_config_move_done;
5230	ctl_datamove((union ctl_io *)ctsio);
5231	return (CTL_RETVAL_COMPLETE);
5232}
5233
5234int
5235ctl_write_buffer(struct ctl_scsiio *ctsio)
5236{
5237	struct scsi_write_buffer *cdb;
5238	struct ctl_lun *lun;
5239	int buffer_offset, len;
5240
5241	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5242
5243	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5244	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5245
5246	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5247		ctl_set_invalid_field(ctsio,
5248				      /*sks_valid*/ 1,
5249				      /*command*/ 1,
5250				      /*field*/ 1,
5251				      /*bit_valid*/ 1,
5252				      /*bit*/ 4);
5253		ctl_done((union ctl_io *)ctsio);
5254		return (CTL_RETVAL_COMPLETE);
5255	}
5256
5257	len = scsi_3btoul(cdb->length);
5258	buffer_offset = scsi_3btoul(cdb->offset);
5259
5260	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5261		ctl_set_invalid_field(ctsio,
5262				      /*sks_valid*/ 1,
5263				      /*command*/ 1,
5264				      /*field*/ 6,
5265				      /*bit_valid*/ 0,
5266				      /*bit*/ 0);
5267		ctl_done((union ctl_io *)ctsio);
5268		return (CTL_RETVAL_COMPLETE);
5269	}
5270
5271	/*
5272	 * If we've got a kernel request that hasn't been malloced yet,
5273	 * malloc it and tell the caller the data buffer is here.
5274	 */
5275	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5276		if (lun->write_buffer == NULL) {
5277			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5278			    M_CTL, M_WAITOK);
5279		}
5280		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5281		ctsio->kern_data_len = len;
5282		ctsio->kern_total_len = len;
5283		ctsio->kern_data_resid = 0;
5284		ctsio->kern_rel_offset = 0;
5285		ctsio->kern_sg_entries = 0;
5286		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5287		ctsio->be_move_done = ctl_config_move_done;
5288		ctl_datamove((union ctl_io *)ctsio);
5289
5290		return (CTL_RETVAL_COMPLETE);
5291	}
5292
5293	ctl_set_success(ctsio);
5294	ctl_done((union ctl_io *)ctsio);
5295	return (CTL_RETVAL_COMPLETE);
5296}
5297
5298int
5299ctl_write_same(struct ctl_scsiio *ctsio)
5300{
5301	struct ctl_lun *lun;
5302	struct ctl_lba_len_flags *lbalen;
5303	uint64_t lba;
5304	uint32_t num_blocks;
5305	int len, retval;
5306	uint8_t byte2;
5307
5308	retval = CTL_RETVAL_COMPLETE;
5309
5310	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5311
5312	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5313
5314	switch (ctsio->cdb[0]) {
5315	case WRITE_SAME_10: {
5316		struct scsi_write_same_10 *cdb;
5317
5318		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5319
5320		lba = scsi_4btoul(cdb->addr);
5321		num_blocks = scsi_2btoul(cdb->length);
5322		byte2 = cdb->byte2;
5323		break;
5324	}
5325	case WRITE_SAME_16: {
5326		struct scsi_write_same_16 *cdb;
5327
5328		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5329
5330		lba = scsi_8btou64(cdb->addr);
5331		num_blocks = scsi_4btoul(cdb->length);
5332		byte2 = cdb->byte2;
5333		break;
5334	}
5335	default:
5336		/*
5337		 * We got a command we don't support.  This shouldn't
5338		 * happen, commands should be filtered out above us.
5339		 */
5340		ctl_set_invalid_opcode(ctsio);
5341		ctl_done((union ctl_io *)ctsio);
5342
5343		return (CTL_RETVAL_COMPLETE);
5344		break; /* NOTREACHED */
5345	}
5346
5347	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5348	if ((byte2 & SWS_UNMAP) == 0 &&
5349	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5350		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5351		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5352		ctl_done((union ctl_io *)ctsio);
5353		return (CTL_RETVAL_COMPLETE);
5354	}
5355
5356	/*
5357	 * The first check is to make sure we're in bounds, the second
5358	 * check is to catch wrap-around problems.  If the lba + num blocks
5359	 * is less than the lba, then we've wrapped around and the block
5360	 * range is invalid anyway.
5361	 */
5362	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5363	 || ((lba + num_blocks) < lba)) {
5364		ctl_set_lba_out_of_range(ctsio);
5365		ctl_done((union ctl_io *)ctsio);
5366		return (CTL_RETVAL_COMPLETE);
5367	}
5368
5369	/* Zero number of blocks means "to the last logical block" */
5370	if (num_blocks == 0) {
5371		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5372			ctl_set_invalid_field(ctsio,
5373					      /*sks_valid*/ 0,
5374					      /*command*/ 1,
5375					      /*field*/ 0,
5376					      /*bit_valid*/ 0,
5377					      /*bit*/ 0);
5378			ctl_done((union ctl_io *)ctsio);
5379			return (CTL_RETVAL_COMPLETE);
5380		}
5381		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5382	}
5383
5384	len = lun->be_lun->blocksize;
5385
5386	/*
5387	 * If we've got a kernel request that hasn't been malloced yet,
5388	 * malloc it and tell the caller the data buffer is here.
5389	 */
5390	if ((byte2 & SWS_NDOB) == 0 &&
5391	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5392		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5393		ctsio->kern_data_len = len;
5394		ctsio->kern_total_len = len;
5395		ctsio->kern_data_resid = 0;
5396		ctsio->kern_rel_offset = 0;
5397		ctsio->kern_sg_entries = 0;
5398		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5399		ctsio->be_move_done = ctl_config_move_done;
5400		ctl_datamove((union ctl_io *)ctsio);
5401
5402		return (CTL_RETVAL_COMPLETE);
5403	}
5404
5405	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5406	lbalen->lba = lba;
5407	lbalen->len = num_blocks;
5408	lbalen->flags = byte2;
5409	retval = lun->backend->config_write((union ctl_io *)ctsio);
5410
5411	return (retval);
5412}
5413
5414int
5415ctl_unmap(struct ctl_scsiio *ctsio)
5416{
5417	struct ctl_lun *lun;
5418	struct scsi_unmap *cdb;
5419	struct ctl_ptr_len_flags *ptrlen;
5420	struct scsi_unmap_header *hdr;
5421	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5422	uint64_t lba;
5423	uint32_t num_blocks;
5424	int len, retval;
5425	uint8_t byte2;
5426
5427	retval = CTL_RETVAL_COMPLETE;
5428
5429	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5430
5431	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5432	cdb = (struct scsi_unmap *)ctsio->cdb;
5433
5434	len = scsi_2btoul(cdb->length);
5435	byte2 = cdb->byte2;
5436
5437	/*
5438	 * If we've got a kernel request that hasn't been malloced yet,
5439	 * malloc it and tell the caller the data buffer is here.
5440	 */
5441	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5442		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5443		ctsio->kern_data_len = len;
5444		ctsio->kern_total_len = len;
5445		ctsio->kern_data_resid = 0;
5446		ctsio->kern_rel_offset = 0;
5447		ctsio->kern_sg_entries = 0;
5448		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5449		ctsio->be_move_done = ctl_config_move_done;
5450		ctl_datamove((union ctl_io *)ctsio);
5451
5452		return (CTL_RETVAL_COMPLETE);
5453	}
5454
5455	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5456	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5457	if (len < sizeof (*hdr) ||
5458	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5459	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5460	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5461		ctl_set_invalid_field(ctsio,
5462				      /*sks_valid*/ 0,
5463				      /*command*/ 0,
5464				      /*field*/ 0,
5465				      /*bit_valid*/ 0,
5466				      /*bit*/ 0);
5467		goto done;
5468	}
5469	len = scsi_2btoul(hdr->desc_length);
5470	buf = (struct scsi_unmap_desc *)(hdr + 1);
5471	end = buf + len / sizeof(*buf);
5472
5473	endnz = buf;
5474	for (range = buf; range < end; range++) {
5475		lba = scsi_8btou64(range->lba);
5476		num_blocks = scsi_4btoul(range->length);
5477		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5478		 || ((lba + num_blocks) < lba)) {
5479			ctl_set_lba_out_of_range(ctsio);
5480			ctl_done((union ctl_io *)ctsio);
5481			return (CTL_RETVAL_COMPLETE);
5482		}
5483		if (num_blocks != 0)
5484			endnz = range + 1;
5485	}
5486
5487	/*
5488	 * Block backend can not handle zero last range.
5489	 * Filter it out and return if there is nothing left.
5490	 */
5491	len = (uint8_t *)endnz - (uint8_t *)buf;
5492	if (len == 0) {
5493		ctl_set_success(ctsio);
5494		goto done;
5495	}
5496
5497	mtx_lock(&lun->lun_lock);
5498	ptrlen = (struct ctl_ptr_len_flags *)
5499	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5500	ptrlen->ptr = (void *)buf;
5501	ptrlen->len = len;
5502	ptrlen->flags = byte2;
5503	ctl_check_blocked(lun);
5504	mtx_unlock(&lun->lun_lock);
5505
5506	retval = lun->backend->config_write((union ctl_io *)ctsio);
5507	return (retval);
5508
5509done:
5510	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5511		free(ctsio->kern_data_ptr, M_CTL);
5512		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5513	}
5514	ctl_done((union ctl_io *)ctsio);
5515	return (CTL_RETVAL_COMPLETE);
5516}
5517
5518/*
5519 * Note that this function currently doesn't actually do anything inside
5520 * CTL to enforce things if the DQue bit is turned on.
5521 *
5522 * Also note that this function can't be used in the default case, because
5523 * the DQue bit isn't set in the changeable mask for the control mode page
5524 * anyway.  This is just here as an example for how to implement a page
5525 * handler, and a placeholder in case we want to allow the user to turn
5526 * tagged queueing on and off.
5527 *
5528 * The D_SENSE bit handling is functional, however, and will turn
5529 * descriptor sense on and off for a given LUN.
5530 */
5531int
5532ctl_control_page_handler(struct ctl_scsiio *ctsio,
5533			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5534{
5535	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5536	struct ctl_lun *lun;
5537	int set_ua;
5538	uint32_t initidx;
5539
5540	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5541	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5542	set_ua = 0;
5543
5544	user_cp = (struct scsi_control_page *)page_ptr;
5545	current_cp = (struct scsi_control_page *)
5546		(page_index->page_data + (page_index->page_len *
5547		CTL_PAGE_CURRENT));
5548	saved_cp = (struct scsi_control_page *)
5549		(page_index->page_data + (page_index->page_len *
5550		CTL_PAGE_SAVED));
5551
5552	mtx_lock(&lun->lun_lock);
5553	if (((current_cp->rlec & SCP_DSENSE) == 0)
5554	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5555		/*
5556		 * Descriptor sense is currently turned off and the user
5557		 * wants to turn it on.
5558		 */
5559		current_cp->rlec |= SCP_DSENSE;
5560		saved_cp->rlec |= SCP_DSENSE;
5561		lun->flags |= CTL_LUN_SENSE_DESC;
5562		set_ua = 1;
5563	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5564		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5565		/*
5566		 * Descriptor sense is currently turned on, and the user
5567		 * wants to turn it off.
5568		 */
5569		current_cp->rlec &= ~SCP_DSENSE;
5570		saved_cp->rlec &= ~SCP_DSENSE;
5571		lun->flags &= ~CTL_LUN_SENSE_DESC;
5572		set_ua = 1;
5573	}
5574	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5575	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5576		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5577		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5578		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5579		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5580		set_ua = 1;
5581	}
5582	if ((current_cp->eca_and_aen & SCP_SWP) !=
5583	    (user_cp->eca_and_aen & SCP_SWP)) {
5584		current_cp->eca_and_aen &= ~SCP_SWP;
5585		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5586		saved_cp->eca_and_aen &= ~SCP_SWP;
5587		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5588		set_ua = 1;
5589	}
5590	if (set_ua != 0)
5591		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5592	mtx_unlock(&lun->lun_lock);
5593
5594	return (0);
5595}
5596
5597int
5598ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5599		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5600{
5601	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5602	struct ctl_lun *lun;
5603	int set_ua;
5604	uint32_t initidx;
5605
5606	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5607	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5608	set_ua = 0;
5609
5610	user_cp = (struct scsi_caching_page *)page_ptr;
5611	current_cp = (struct scsi_caching_page *)
5612		(page_index->page_data + (page_index->page_len *
5613		CTL_PAGE_CURRENT));
5614	saved_cp = (struct scsi_caching_page *)
5615		(page_index->page_data + (page_index->page_len *
5616		CTL_PAGE_SAVED));
5617
5618	mtx_lock(&lun->lun_lock);
5619	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5620	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5621		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5622		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5623		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5624		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5625		set_ua = 1;
5626	}
5627	if (set_ua != 0)
5628		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5629	mtx_unlock(&lun->lun_lock);
5630
5631	return (0);
5632}
5633
5634int
5635ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5636				struct ctl_page_index *page_index,
5637				uint8_t *page_ptr)
5638{
5639	uint8_t *c;
5640	int i;
5641
5642	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5643	ctl_time_io_secs =
5644		(c[0] << 8) |
5645		(c[1] << 0) |
5646		0;
5647	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5648	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5649	printf("page data:");
5650	for (i=0; i<8; i++)
5651		printf(" %.2x",page_ptr[i]);
5652	printf("\n");
5653	return (0);
5654}
5655
5656int
5657ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5658			       struct ctl_page_index *page_index,
5659			       int pc)
5660{
5661	struct copan_debugconf_subpage *page;
5662
5663	page = (struct copan_debugconf_subpage *)page_index->page_data +
5664		(page_index->page_len * pc);
5665
5666	switch (pc) {
5667	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5668	case SMS_PAGE_CTRL_DEFAULT >> 6:
5669	case SMS_PAGE_CTRL_SAVED >> 6:
5670		/*
5671		 * We don't update the changable or default bits for this page.
5672		 */
5673		break;
5674	case SMS_PAGE_CTRL_CURRENT >> 6:
5675		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5676		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5677		break;
5678	default:
5679#ifdef NEEDTOPORT
5680		EPRINT(0, "Invalid PC %d!!", pc);
5681#endif /* NEEDTOPORT */
5682		break;
5683	}
5684	return (0);
5685}
5686
5687
5688static int
5689ctl_do_mode_select(union ctl_io *io)
5690{
5691	struct scsi_mode_page_header *page_header;
5692	struct ctl_page_index *page_index;
5693	struct ctl_scsiio *ctsio;
5694	int control_dev, page_len;
5695	int page_len_offset, page_len_size;
5696	union ctl_modepage_info *modepage_info;
5697	struct ctl_lun *lun;
5698	int *len_left, *len_used;
5699	int retval, i;
5700
5701	ctsio = &io->scsiio;
5702	page_index = NULL;
5703	page_len = 0;
5704	retval = CTL_RETVAL_COMPLETE;
5705
5706	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5707
5708	if (lun->be_lun->lun_type != T_DIRECT)
5709		control_dev = 1;
5710	else
5711		control_dev = 0;
5712
5713	modepage_info = (union ctl_modepage_info *)
5714		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5715	len_left = &modepage_info->header.len_left;
5716	len_used = &modepage_info->header.len_used;
5717
5718do_next_page:
5719
5720	page_header = (struct scsi_mode_page_header *)
5721		(ctsio->kern_data_ptr + *len_used);
5722
5723	if (*len_left == 0) {
5724		free(ctsio->kern_data_ptr, M_CTL);
5725		ctl_set_success(ctsio);
5726		ctl_done((union ctl_io *)ctsio);
5727		return (CTL_RETVAL_COMPLETE);
5728	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5729
5730		free(ctsio->kern_data_ptr, M_CTL);
5731		ctl_set_param_len_error(ctsio);
5732		ctl_done((union ctl_io *)ctsio);
5733		return (CTL_RETVAL_COMPLETE);
5734
5735	} else if ((page_header->page_code & SMPH_SPF)
5736		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5737
5738		free(ctsio->kern_data_ptr, M_CTL);
5739		ctl_set_param_len_error(ctsio);
5740		ctl_done((union ctl_io *)ctsio);
5741		return (CTL_RETVAL_COMPLETE);
5742	}
5743
5744
5745	/*
5746	 * XXX KDM should we do something with the block descriptor?
5747	 */
5748	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5749
5750		if ((control_dev != 0)
5751		 && (lun->mode_pages.index[i].page_flags &
5752		     CTL_PAGE_FLAG_DISK_ONLY))
5753			continue;
5754
5755		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5756		    (page_header->page_code & SMPH_PC_MASK))
5757			continue;
5758
5759		/*
5760		 * If neither page has a subpage code, then we've got a
5761		 * match.
5762		 */
5763		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5764		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5765			page_index = &lun->mode_pages.index[i];
5766			page_len = page_header->page_length;
5767			break;
5768		}
5769
5770		/*
5771		 * If both pages have subpages, then the subpage numbers
5772		 * have to match.
5773		 */
5774		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5775		  && (page_header->page_code & SMPH_SPF)) {
5776			struct scsi_mode_page_header_sp *sph;
5777
5778			sph = (struct scsi_mode_page_header_sp *)page_header;
5779
5780			if (lun->mode_pages.index[i].subpage ==
5781			    sph->subpage) {
5782				page_index = &lun->mode_pages.index[i];
5783				page_len = scsi_2btoul(sph->page_length);
5784				break;
5785			}
5786		}
5787	}
5788
5789	/*
5790	 * If we couldn't find the page, or if we don't have a mode select
5791	 * handler for it, send back an error to the user.
5792	 */
5793	if ((page_index == NULL)
5794	 || (page_index->select_handler == NULL)) {
5795		ctl_set_invalid_field(ctsio,
5796				      /*sks_valid*/ 1,
5797				      /*command*/ 0,
5798				      /*field*/ *len_used,
5799				      /*bit_valid*/ 0,
5800				      /*bit*/ 0);
5801		free(ctsio->kern_data_ptr, M_CTL);
5802		ctl_done((union ctl_io *)ctsio);
5803		return (CTL_RETVAL_COMPLETE);
5804	}
5805
5806	if (page_index->page_code & SMPH_SPF) {
5807		page_len_offset = 2;
5808		page_len_size = 2;
5809	} else {
5810		page_len_size = 1;
5811		page_len_offset = 1;
5812	}
5813
5814	/*
5815	 * If the length the initiator gives us isn't the one we specify in
5816	 * the mode page header, or if they didn't specify enough data in
5817	 * the CDB to avoid truncating this page, kick out the request.
5818	 */
5819	if ((page_len != (page_index->page_len - page_len_offset -
5820			  page_len_size))
5821	 || (*len_left < page_index->page_len)) {
5822
5823
5824		ctl_set_invalid_field(ctsio,
5825				      /*sks_valid*/ 1,
5826				      /*command*/ 0,
5827				      /*field*/ *len_used + page_len_offset,
5828				      /*bit_valid*/ 0,
5829				      /*bit*/ 0);
5830		free(ctsio->kern_data_ptr, M_CTL);
5831		ctl_done((union ctl_io *)ctsio);
5832		return (CTL_RETVAL_COMPLETE);
5833	}
5834
5835	/*
5836	 * Run through the mode page, checking to make sure that the bits
5837	 * the user changed are actually legal for him to change.
5838	 */
5839	for (i = 0; i < page_index->page_len; i++) {
5840		uint8_t *user_byte, *change_mask, *current_byte;
5841		int bad_bit;
5842		int j;
5843
5844		user_byte = (uint8_t *)page_header + i;
5845		change_mask = page_index->page_data +
5846			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
5847		current_byte = page_index->page_data +
5848			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
5849
5850		/*
5851		 * Check to see whether the user set any bits in this byte
5852		 * that he is not allowed to set.
5853		 */
5854		if ((*user_byte & ~(*change_mask)) ==
5855		    (*current_byte & ~(*change_mask)))
5856			continue;
5857
5858		/*
5859		 * Go through bit by bit to determine which one is illegal.
5860		 */
5861		bad_bit = 0;
5862		for (j = 7; j >= 0; j--) {
5863			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
5864			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
5865				bad_bit = i;
5866				break;
5867			}
5868		}
5869		ctl_set_invalid_field(ctsio,
5870				      /*sks_valid*/ 1,
5871				      /*command*/ 0,
5872				      /*field*/ *len_used + i,
5873				      /*bit_valid*/ 1,
5874				      /*bit*/ bad_bit);
5875		free(ctsio->kern_data_ptr, M_CTL);
5876		ctl_done((union ctl_io *)ctsio);
5877		return (CTL_RETVAL_COMPLETE);
5878	}
5879
5880	/*
5881	 * Decrement these before we call the page handler, since we may
5882	 * end up getting called back one way or another before the handler
5883	 * returns to this context.
5884	 */
5885	*len_left -= page_index->page_len;
5886	*len_used += page_index->page_len;
5887
5888	retval = page_index->select_handler(ctsio, page_index,
5889					    (uint8_t *)page_header);
5890
5891	/*
5892	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
5893	 * wait until this queued command completes to finish processing
5894	 * the mode page.  If it returns anything other than
5895	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
5896	 * already set the sense information, freed the data pointer, and
5897	 * completed the io for us.
5898	 */
5899	if (retval != CTL_RETVAL_COMPLETE)
5900		goto bailout_no_done;
5901
5902	/*
5903	 * If the initiator sent us more than one page, parse the next one.
5904	 */
5905	if (*len_left > 0)
5906		goto do_next_page;
5907
5908	ctl_set_success(ctsio);
5909	free(ctsio->kern_data_ptr, M_CTL);
5910	ctl_done((union ctl_io *)ctsio);
5911
5912bailout_no_done:
5913
5914	return (CTL_RETVAL_COMPLETE);
5915
5916}
5917
5918int
5919ctl_mode_select(struct ctl_scsiio *ctsio)
5920{
5921	int param_len, pf, sp;
5922	int header_size, bd_len;
5923	int len_left, len_used;
5924	struct ctl_page_index *page_index;
5925	struct ctl_lun *lun;
5926	int control_dev, page_len;
5927	union ctl_modepage_info *modepage_info;
5928	int retval;
5929
5930	pf = 0;
5931	sp = 0;
5932	page_len = 0;
5933	len_used = 0;
5934	len_left = 0;
5935	retval = 0;
5936	bd_len = 0;
5937	page_index = NULL;
5938
5939	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5940
5941	if (lun->be_lun->lun_type != T_DIRECT)
5942		control_dev = 1;
5943	else
5944		control_dev = 0;
5945
5946	switch (ctsio->cdb[0]) {
5947	case MODE_SELECT_6: {
5948		struct scsi_mode_select_6 *cdb;
5949
5950		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
5951
5952		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
5953		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
5954
5955		param_len = cdb->length;
5956		header_size = sizeof(struct scsi_mode_header_6);
5957		break;
5958	}
5959	case MODE_SELECT_10: {
5960		struct scsi_mode_select_10 *cdb;
5961
5962		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
5963
5964		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
5965		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
5966
5967		param_len = scsi_2btoul(cdb->length);
5968		header_size = sizeof(struct scsi_mode_header_10);
5969		break;
5970	}
5971	default:
5972		ctl_set_invalid_opcode(ctsio);
5973		ctl_done((union ctl_io *)ctsio);
5974		return (CTL_RETVAL_COMPLETE);
5975		break; /* NOTREACHED */
5976	}
5977
5978	/*
5979	 * From SPC-3:
5980	 * "A parameter list length of zero indicates that the Data-Out Buffer
5981	 * shall be empty. This condition shall not be considered as an error."
5982	 */
5983	if (param_len == 0) {
5984		ctl_set_success(ctsio);
5985		ctl_done((union ctl_io *)ctsio);
5986		return (CTL_RETVAL_COMPLETE);
5987	}
5988
5989	/*
5990	 * Since we'll hit this the first time through, prior to
5991	 * allocation, we don't need to free a data buffer here.
5992	 */
5993	if (param_len < header_size) {
5994		ctl_set_param_len_error(ctsio);
5995		ctl_done((union ctl_io *)ctsio);
5996		return (CTL_RETVAL_COMPLETE);
5997	}
5998
5999	/*
6000	 * Allocate the data buffer and grab the user's data.  In theory,
6001	 * we shouldn't have to sanity check the parameter list length here
6002	 * because the maximum size is 64K.  We should be able to malloc
6003	 * that much without too many problems.
6004	 */
6005	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6006		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6007		ctsio->kern_data_len = param_len;
6008		ctsio->kern_total_len = param_len;
6009		ctsio->kern_data_resid = 0;
6010		ctsio->kern_rel_offset = 0;
6011		ctsio->kern_sg_entries = 0;
6012		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6013		ctsio->be_move_done = ctl_config_move_done;
6014		ctl_datamove((union ctl_io *)ctsio);
6015
6016		return (CTL_RETVAL_COMPLETE);
6017	}
6018
6019	switch (ctsio->cdb[0]) {
6020	case MODE_SELECT_6: {
6021		struct scsi_mode_header_6 *mh6;
6022
6023		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6024		bd_len = mh6->blk_desc_len;
6025		break;
6026	}
6027	case MODE_SELECT_10: {
6028		struct scsi_mode_header_10 *mh10;
6029
6030		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6031		bd_len = scsi_2btoul(mh10->blk_desc_len);
6032		break;
6033	}
6034	default:
6035		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6036		break;
6037	}
6038
6039	if (param_len < (header_size + bd_len)) {
6040		free(ctsio->kern_data_ptr, M_CTL);
6041		ctl_set_param_len_error(ctsio);
6042		ctl_done((union ctl_io *)ctsio);
6043		return (CTL_RETVAL_COMPLETE);
6044	}
6045
6046	/*
6047	 * Set the IO_CONT flag, so that if this I/O gets passed to
6048	 * ctl_config_write_done(), it'll get passed back to
6049	 * ctl_do_mode_select() for further processing, or completion if
6050	 * we're all done.
6051	 */
6052	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6053	ctsio->io_cont = ctl_do_mode_select;
6054
6055	modepage_info = (union ctl_modepage_info *)
6056		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6057
6058	memset(modepage_info, 0, sizeof(*modepage_info));
6059
6060	len_left = param_len - header_size - bd_len;
6061	len_used = header_size + bd_len;
6062
6063	modepage_info->header.len_left = len_left;
6064	modepage_info->header.len_used = len_used;
6065
6066	return (ctl_do_mode_select((union ctl_io *)ctsio));
6067}
6068
6069int
6070ctl_mode_sense(struct ctl_scsiio *ctsio)
6071{
6072	struct ctl_lun *lun;
6073	int pc, page_code, dbd, llba, subpage;
6074	int alloc_len, page_len, header_len, total_len;
6075	struct scsi_mode_block_descr *block_desc;
6076	struct ctl_page_index *page_index;
6077	int control_dev;
6078
6079	dbd = 0;
6080	llba = 0;
6081	block_desc = NULL;
6082	page_index = NULL;
6083
6084	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6085
6086	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6087
6088	if (lun->be_lun->lun_type != T_DIRECT)
6089		control_dev = 1;
6090	else
6091		control_dev = 0;
6092
6093	switch (ctsio->cdb[0]) {
6094	case MODE_SENSE_6: {
6095		struct scsi_mode_sense_6 *cdb;
6096
6097		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6098
6099		header_len = sizeof(struct scsi_mode_hdr_6);
6100		if (cdb->byte2 & SMS_DBD)
6101			dbd = 1;
6102		else
6103			header_len += sizeof(struct scsi_mode_block_descr);
6104
6105		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6106		page_code = cdb->page & SMS_PAGE_CODE;
6107		subpage = cdb->subpage;
6108		alloc_len = cdb->length;
6109		break;
6110	}
6111	case MODE_SENSE_10: {
6112		struct scsi_mode_sense_10 *cdb;
6113
6114		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6115
6116		header_len = sizeof(struct scsi_mode_hdr_10);
6117
6118		if (cdb->byte2 & SMS_DBD)
6119			dbd = 1;
6120		else
6121			header_len += sizeof(struct scsi_mode_block_descr);
6122		if (cdb->byte2 & SMS10_LLBAA)
6123			llba = 1;
6124		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6125		page_code = cdb->page & SMS_PAGE_CODE;
6126		subpage = cdb->subpage;
6127		alloc_len = scsi_2btoul(cdb->length);
6128		break;
6129	}
6130	default:
6131		ctl_set_invalid_opcode(ctsio);
6132		ctl_done((union ctl_io *)ctsio);
6133		return (CTL_RETVAL_COMPLETE);
6134		break; /* NOTREACHED */
6135	}
6136
6137	/*
6138	 * We have to make a first pass through to calculate the size of
6139	 * the pages that match the user's query.  Then we allocate enough
6140	 * memory to hold it, and actually copy the data into the buffer.
6141	 */
6142	switch (page_code) {
6143	case SMS_ALL_PAGES_PAGE: {
6144		int i;
6145
6146		page_len = 0;
6147
6148		/*
6149		 * At the moment, values other than 0 and 0xff here are
6150		 * reserved according to SPC-3.
6151		 */
6152		if ((subpage != SMS_SUBPAGE_PAGE_0)
6153		 && (subpage != SMS_SUBPAGE_ALL)) {
6154			ctl_set_invalid_field(ctsio,
6155					      /*sks_valid*/ 1,
6156					      /*command*/ 1,
6157					      /*field*/ 3,
6158					      /*bit_valid*/ 0,
6159					      /*bit*/ 0);
6160			ctl_done((union ctl_io *)ctsio);
6161			return (CTL_RETVAL_COMPLETE);
6162		}
6163
6164		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6165			if ((control_dev != 0)
6166			 && (lun->mode_pages.index[i].page_flags &
6167			     CTL_PAGE_FLAG_DISK_ONLY))
6168				continue;
6169
6170			/*
6171			 * We don't use this subpage if the user didn't
6172			 * request all subpages.
6173			 */
6174			if ((lun->mode_pages.index[i].subpage != 0)
6175			 && (subpage == SMS_SUBPAGE_PAGE_0))
6176				continue;
6177
6178#if 0
6179			printf("found page %#x len %d\n",
6180			       lun->mode_pages.index[i].page_code &
6181			       SMPH_PC_MASK,
6182			       lun->mode_pages.index[i].page_len);
6183#endif
6184			page_len += lun->mode_pages.index[i].page_len;
6185		}
6186		break;
6187	}
6188	default: {
6189		int i;
6190
6191		page_len = 0;
6192
6193		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6194			/* Look for the right page code */
6195			if ((lun->mode_pages.index[i].page_code &
6196			     SMPH_PC_MASK) != page_code)
6197				continue;
6198
6199			/* Look for the right subpage or the subpage wildcard*/
6200			if ((lun->mode_pages.index[i].subpage != subpage)
6201			 && (subpage != SMS_SUBPAGE_ALL))
6202				continue;
6203
6204			/* Make sure the page is supported for this dev type */
6205			if ((control_dev != 0)
6206			 && (lun->mode_pages.index[i].page_flags &
6207			     CTL_PAGE_FLAG_DISK_ONLY))
6208				continue;
6209
6210#if 0
6211			printf("found page %#x len %d\n",
6212			       lun->mode_pages.index[i].page_code &
6213			       SMPH_PC_MASK,
6214			       lun->mode_pages.index[i].page_len);
6215#endif
6216
6217			page_len += lun->mode_pages.index[i].page_len;
6218		}
6219
6220		if (page_len == 0) {
6221			ctl_set_invalid_field(ctsio,
6222					      /*sks_valid*/ 1,
6223					      /*command*/ 1,
6224					      /*field*/ 2,
6225					      /*bit_valid*/ 1,
6226					      /*bit*/ 5);
6227			ctl_done((union ctl_io *)ctsio);
6228			return (CTL_RETVAL_COMPLETE);
6229		}
6230		break;
6231	}
6232	}
6233
6234	total_len = header_len + page_len;
6235#if 0
6236	printf("header_len = %d, page_len = %d, total_len = %d\n",
6237	       header_len, page_len, total_len);
6238#endif
6239
6240	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6241	ctsio->kern_sg_entries = 0;
6242	ctsio->kern_data_resid = 0;
6243	ctsio->kern_rel_offset = 0;
6244	if (total_len < alloc_len) {
6245		ctsio->residual = alloc_len - total_len;
6246		ctsio->kern_data_len = total_len;
6247		ctsio->kern_total_len = total_len;
6248	} else {
6249		ctsio->residual = 0;
6250		ctsio->kern_data_len = alloc_len;
6251		ctsio->kern_total_len = alloc_len;
6252	}
6253
6254	switch (ctsio->cdb[0]) {
6255	case MODE_SENSE_6: {
6256		struct scsi_mode_hdr_6 *header;
6257
6258		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6259
6260		header->datalen = MIN(total_len - 1, 254);
6261		if (control_dev == 0) {
6262			header->dev_specific = 0x10; /* DPOFUA */
6263			if ((lun->flags & CTL_LUN_READONLY) ||
6264			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6265			    .eca_and_aen & SCP_SWP) != 0)
6266				    header->dev_specific |= 0x80; /* WP */
6267		}
6268		if (dbd)
6269			header->block_descr_len = 0;
6270		else
6271			header->block_descr_len =
6272				sizeof(struct scsi_mode_block_descr);
6273		block_desc = (struct scsi_mode_block_descr *)&header[1];
6274		break;
6275	}
6276	case MODE_SENSE_10: {
6277		struct scsi_mode_hdr_10 *header;
6278		int datalen;
6279
6280		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6281
6282		datalen = MIN(total_len - 2, 65533);
6283		scsi_ulto2b(datalen, header->datalen);
6284		if (control_dev == 0) {
6285			header->dev_specific = 0x10; /* DPOFUA */
6286			if ((lun->flags & CTL_LUN_READONLY) ||
6287			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6288			    .eca_and_aen & SCP_SWP) != 0)
6289				    header->dev_specific |= 0x80; /* WP */
6290		}
6291		if (dbd)
6292			scsi_ulto2b(0, header->block_descr_len);
6293		else
6294			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6295				    header->block_descr_len);
6296		block_desc = (struct scsi_mode_block_descr *)&header[1];
6297		break;
6298	}
6299	default:
6300		panic("invalid CDB type %#x", ctsio->cdb[0]);
6301		break; /* NOTREACHED */
6302	}
6303
6304	/*
6305	 * If we've got a disk, use its blocksize in the block
6306	 * descriptor.  Otherwise, just set it to 0.
6307	 */
6308	if (dbd == 0) {
6309		if (control_dev == 0)
6310			scsi_ulto3b(lun->be_lun->blocksize,
6311				    block_desc->block_len);
6312		else
6313			scsi_ulto3b(0, block_desc->block_len);
6314	}
6315
6316	switch (page_code) {
6317	case SMS_ALL_PAGES_PAGE: {
6318		int i, data_used;
6319
6320		data_used = header_len;
6321		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6322			struct ctl_page_index *page_index;
6323
6324			page_index = &lun->mode_pages.index[i];
6325
6326			if ((control_dev != 0)
6327			 && (page_index->page_flags &
6328			    CTL_PAGE_FLAG_DISK_ONLY))
6329				continue;
6330
6331			/*
6332			 * We don't use this subpage if the user didn't
6333			 * request all subpages.  We already checked (above)
6334			 * to make sure the user only specified a subpage
6335			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6336			 */
6337			if ((page_index->subpage != 0)
6338			 && (subpage == SMS_SUBPAGE_PAGE_0))
6339				continue;
6340
6341			/*
6342			 * Call the handler, if it exists, to update the
6343			 * page to the latest values.
6344			 */
6345			if (page_index->sense_handler != NULL)
6346				page_index->sense_handler(ctsio, page_index,pc);
6347
6348			memcpy(ctsio->kern_data_ptr + data_used,
6349			       page_index->page_data +
6350			       (page_index->page_len * pc),
6351			       page_index->page_len);
6352			data_used += page_index->page_len;
6353		}
6354		break;
6355	}
6356	default: {
6357		int i, data_used;
6358
6359		data_used = header_len;
6360
6361		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6362			struct ctl_page_index *page_index;
6363
6364			page_index = &lun->mode_pages.index[i];
6365
6366			/* Look for the right page code */
6367			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6368				continue;
6369
6370			/* Look for the right subpage or the subpage wildcard*/
6371			if ((page_index->subpage != subpage)
6372			 && (subpage != SMS_SUBPAGE_ALL))
6373				continue;
6374
6375			/* Make sure the page is supported for this dev type */
6376			if ((control_dev != 0)
6377			 && (page_index->page_flags &
6378			     CTL_PAGE_FLAG_DISK_ONLY))
6379				continue;
6380
6381			/*
6382			 * Call the handler, if it exists, to update the
6383			 * page to the latest values.
6384			 */
6385			if (page_index->sense_handler != NULL)
6386				page_index->sense_handler(ctsio, page_index,pc);
6387
6388			memcpy(ctsio->kern_data_ptr + data_used,
6389			       page_index->page_data +
6390			       (page_index->page_len * pc),
6391			       page_index->page_len);
6392			data_used += page_index->page_len;
6393		}
6394		break;
6395	}
6396	}
6397
6398	ctl_set_success(ctsio);
6399	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6400	ctsio->be_move_done = ctl_config_move_done;
6401	ctl_datamove((union ctl_io *)ctsio);
6402	return (CTL_RETVAL_COMPLETE);
6403}
6404
6405int
6406ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6407			       struct ctl_page_index *page_index,
6408			       int pc)
6409{
6410	struct ctl_lun *lun;
6411	struct scsi_log_param_header *phdr;
6412	uint8_t *data;
6413	uint64_t val;
6414
6415	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6416	data = page_index->page_data;
6417
6418	if (lun->backend->lun_attr != NULL &&
6419	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6420	     != UINT64_MAX) {
6421		phdr = (struct scsi_log_param_header *)data;
6422		scsi_ulto2b(0x0001, phdr->param_code);
6423		phdr->param_control = SLP_LBIN | SLP_LP;
6424		phdr->param_len = 8;
6425		data = (uint8_t *)(phdr + 1);
6426		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6427		data[4] = 0x02; /* per-pool */
6428		data += phdr->param_len;
6429	}
6430
6431	if (lun->backend->lun_attr != NULL &&
6432	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6433	     != UINT64_MAX) {
6434		phdr = (struct scsi_log_param_header *)data;
6435		scsi_ulto2b(0x0002, phdr->param_code);
6436		phdr->param_control = SLP_LBIN | SLP_LP;
6437		phdr->param_len = 8;
6438		data = (uint8_t *)(phdr + 1);
6439		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6440		data[4] = 0x01; /* per-LUN */
6441		data += phdr->param_len;
6442	}
6443
6444	if (lun->backend->lun_attr != NULL &&
6445	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6446	     != UINT64_MAX) {
6447		phdr = (struct scsi_log_param_header *)data;
6448		scsi_ulto2b(0x00f1, phdr->param_code);
6449		phdr->param_control = SLP_LBIN | SLP_LP;
6450		phdr->param_len = 8;
6451		data = (uint8_t *)(phdr + 1);
6452		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6453		data[4] = 0x02; /* per-pool */
6454		data += phdr->param_len;
6455	}
6456
6457	if (lun->backend->lun_attr != NULL &&
6458	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6459	     != UINT64_MAX) {
6460		phdr = (struct scsi_log_param_header *)data;
6461		scsi_ulto2b(0x00f2, phdr->param_code);
6462		phdr->param_control = SLP_LBIN | SLP_LP;
6463		phdr->param_len = 8;
6464		data = (uint8_t *)(phdr + 1);
6465		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6466		data[4] = 0x02; /* per-pool */
6467		data += phdr->param_len;
6468	}
6469
6470	page_index->page_len = data - page_index->page_data;
6471	return (0);
6472}
6473
6474int
6475ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6476			       struct ctl_page_index *page_index,
6477			       int pc)
6478{
6479	struct ctl_lun *lun;
6480	struct stat_page *data;
6481	uint64_t rn, wn, rb, wb;
6482	struct bintime rt, wt;
6483	int i;
6484
6485	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6486	data = (struct stat_page *)page_index->page_data;
6487
6488	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6489	data->sap.hdr.param_control = SLP_LBIN;
6490	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6491	    sizeof(struct scsi_log_param_header);
6492	rn = wn = rb = wb = 0;
6493	bintime_clear(&rt);
6494	bintime_clear(&wt);
6495	for (i = 0; i < CTL_MAX_PORTS; i++) {
6496		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6497		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6498		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6499		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6500		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6501		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6502	}
6503	scsi_u64to8b(rn, data->sap.read_num);
6504	scsi_u64to8b(wn, data->sap.write_num);
6505	if (lun->stats.blocksize > 0) {
6506		scsi_u64to8b(wb / lun->stats.blocksize,
6507		    data->sap.recvieved_lba);
6508		scsi_u64to8b(rb / lun->stats.blocksize,
6509		    data->sap.transmitted_lba);
6510	}
6511	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6512	    data->sap.read_int);
6513	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6514	    data->sap.write_int);
6515	scsi_u64to8b(0, data->sap.weighted_num);
6516	scsi_u64to8b(0, data->sap.weighted_int);
6517	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6518	data->it.hdr.param_control = SLP_LBIN;
6519	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6520	    sizeof(struct scsi_log_param_header);
6521#ifdef CTL_TIME_IO
6522	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6523#endif
6524	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6525	data->it.hdr.param_control = SLP_LBIN;
6526	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6527	    sizeof(struct scsi_log_param_header);
6528	scsi_ulto4b(3, data->ti.exponent);
6529	scsi_ulto4b(1, data->ti.integer);
6530
6531	page_index->page_len = sizeof(*data);
6532	return (0);
6533}
6534
6535int
6536ctl_log_sense(struct ctl_scsiio *ctsio)
6537{
6538	struct ctl_lun *lun;
6539	int i, pc, page_code, subpage;
6540	int alloc_len, total_len;
6541	struct ctl_page_index *page_index;
6542	struct scsi_log_sense *cdb;
6543	struct scsi_log_header *header;
6544
6545	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6546
6547	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6548	cdb = (struct scsi_log_sense *)ctsio->cdb;
6549	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6550	page_code = cdb->page & SLS_PAGE_CODE;
6551	subpage = cdb->subpage;
6552	alloc_len = scsi_2btoul(cdb->length);
6553
6554	page_index = NULL;
6555	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6556		page_index = &lun->log_pages.index[i];
6557
6558		/* Look for the right page code */
6559		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6560			continue;
6561
6562		/* Look for the right subpage or the subpage wildcard*/
6563		if (page_index->subpage != subpage)
6564			continue;
6565
6566		break;
6567	}
6568	if (i >= CTL_NUM_LOG_PAGES) {
6569		ctl_set_invalid_field(ctsio,
6570				      /*sks_valid*/ 1,
6571				      /*command*/ 1,
6572				      /*field*/ 2,
6573				      /*bit_valid*/ 0,
6574				      /*bit*/ 0);
6575		ctl_done((union ctl_io *)ctsio);
6576		return (CTL_RETVAL_COMPLETE);
6577	}
6578
6579	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6580
6581	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6582	ctsio->kern_sg_entries = 0;
6583	ctsio->kern_data_resid = 0;
6584	ctsio->kern_rel_offset = 0;
6585	if (total_len < alloc_len) {
6586		ctsio->residual = alloc_len - total_len;
6587		ctsio->kern_data_len = total_len;
6588		ctsio->kern_total_len = total_len;
6589	} else {
6590		ctsio->residual = 0;
6591		ctsio->kern_data_len = alloc_len;
6592		ctsio->kern_total_len = alloc_len;
6593	}
6594
6595	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6596	header->page = page_index->page_code;
6597	if (page_index->subpage) {
6598		header->page |= SL_SPF;
6599		header->subpage = page_index->subpage;
6600	}
6601	scsi_ulto2b(page_index->page_len, header->datalen);
6602
6603	/*
6604	 * Call the handler, if it exists, to update the
6605	 * page to the latest values.
6606	 */
6607	if (page_index->sense_handler != NULL)
6608		page_index->sense_handler(ctsio, page_index, pc);
6609
6610	memcpy(header + 1, page_index->page_data, page_index->page_len);
6611
6612	ctl_set_success(ctsio);
6613	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6614	ctsio->be_move_done = ctl_config_move_done;
6615	ctl_datamove((union ctl_io *)ctsio);
6616	return (CTL_RETVAL_COMPLETE);
6617}
6618
6619int
6620ctl_read_capacity(struct ctl_scsiio *ctsio)
6621{
6622	struct scsi_read_capacity *cdb;
6623	struct scsi_read_capacity_data *data;
6624	struct ctl_lun *lun;
6625	uint32_t lba;
6626
6627	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6628
6629	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6630
6631	lba = scsi_4btoul(cdb->addr);
6632	if (((cdb->pmi & SRC_PMI) == 0)
6633	 && (lba != 0)) {
6634		ctl_set_invalid_field(/*ctsio*/ ctsio,
6635				      /*sks_valid*/ 1,
6636				      /*command*/ 1,
6637				      /*field*/ 2,
6638				      /*bit_valid*/ 0,
6639				      /*bit*/ 0);
6640		ctl_done((union ctl_io *)ctsio);
6641		return (CTL_RETVAL_COMPLETE);
6642	}
6643
6644	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6645
6646	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6647	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6648	ctsio->residual = 0;
6649	ctsio->kern_data_len = sizeof(*data);
6650	ctsio->kern_total_len = sizeof(*data);
6651	ctsio->kern_data_resid = 0;
6652	ctsio->kern_rel_offset = 0;
6653	ctsio->kern_sg_entries = 0;
6654
6655	/*
6656	 * If the maximum LBA is greater than 0xfffffffe, the user must
6657	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6658	 * serivce action set.
6659	 */
6660	if (lun->be_lun->maxlba > 0xfffffffe)
6661		scsi_ulto4b(0xffffffff, data->addr);
6662	else
6663		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6664
6665	/*
6666	 * XXX KDM this may not be 512 bytes...
6667	 */
6668	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6669
6670	ctl_set_success(ctsio);
6671	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6672	ctsio->be_move_done = ctl_config_move_done;
6673	ctl_datamove((union ctl_io *)ctsio);
6674	return (CTL_RETVAL_COMPLETE);
6675}
6676
6677int
6678ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6679{
6680	struct scsi_read_capacity_16 *cdb;
6681	struct scsi_read_capacity_data_long *data;
6682	struct ctl_lun *lun;
6683	uint64_t lba;
6684	uint32_t alloc_len;
6685
6686	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6687
6688	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6689
6690	alloc_len = scsi_4btoul(cdb->alloc_len);
6691	lba = scsi_8btou64(cdb->addr);
6692
6693	if ((cdb->reladr & SRC16_PMI)
6694	 && (lba != 0)) {
6695		ctl_set_invalid_field(/*ctsio*/ ctsio,
6696				      /*sks_valid*/ 1,
6697				      /*command*/ 1,
6698				      /*field*/ 2,
6699				      /*bit_valid*/ 0,
6700				      /*bit*/ 0);
6701		ctl_done((union ctl_io *)ctsio);
6702		return (CTL_RETVAL_COMPLETE);
6703	}
6704
6705	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6706
6707	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6708	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6709
6710	if (sizeof(*data) < alloc_len) {
6711		ctsio->residual = alloc_len - sizeof(*data);
6712		ctsio->kern_data_len = sizeof(*data);
6713		ctsio->kern_total_len = sizeof(*data);
6714	} else {
6715		ctsio->residual = 0;
6716		ctsio->kern_data_len = alloc_len;
6717		ctsio->kern_total_len = alloc_len;
6718	}
6719	ctsio->kern_data_resid = 0;
6720	ctsio->kern_rel_offset = 0;
6721	ctsio->kern_sg_entries = 0;
6722
6723	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6724	/* XXX KDM this may not be 512 bytes... */
6725	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6726	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6727	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6728	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6729		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6730
6731	ctl_set_success(ctsio);
6732	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6733	ctsio->be_move_done = ctl_config_move_done;
6734	ctl_datamove((union ctl_io *)ctsio);
6735	return (CTL_RETVAL_COMPLETE);
6736}
6737
6738int
6739ctl_get_lba_status(struct ctl_scsiio *ctsio)
6740{
6741	struct scsi_get_lba_status *cdb;
6742	struct scsi_get_lba_status_data *data;
6743	struct ctl_lun *lun;
6744	struct ctl_lba_len_flags *lbalen;
6745	uint64_t lba;
6746	uint32_t alloc_len, total_len;
6747	int retval;
6748
6749	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6750
6751	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6752	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6753	lba = scsi_8btou64(cdb->addr);
6754	alloc_len = scsi_4btoul(cdb->alloc_len);
6755
6756	if (lba > lun->be_lun->maxlba) {
6757		ctl_set_lba_out_of_range(ctsio);
6758		ctl_done((union ctl_io *)ctsio);
6759		return (CTL_RETVAL_COMPLETE);
6760	}
6761
6762	total_len = sizeof(*data) + sizeof(data->descr[0]);
6763	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6764	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6765
6766	if (total_len < alloc_len) {
6767		ctsio->residual = alloc_len - total_len;
6768		ctsio->kern_data_len = total_len;
6769		ctsio->kern_total_len = total_len;
6770	} else {
6771		ctsio->residual = 0;
6772		ctsio->kern_data_len = alloc_len;
6773		ctsio->kern_total_len = alloc_len;
6774	}
6775	ctsio->kern_data_resid = 0;
6776	ctsio->kern_rel_offset = 0;
6777	ctsio->kern_sg_entries = 0;
6778
6779	/* Fill dummy data in case backend can't tell anything. */
6780	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6781	scsi_u64to8b(lba, data->descr[0].addr);
6782	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6783	    data->descr[0].length);
6784	data->descr[0].status = 0; /* Mapped or unknown. */
6785
6786	ctl_set_success(ctsio);
6787	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6788	ctsio->be_move_done = ctl_config_move_done;
6789
6790	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6791	lbalen->lba = lba;
6792	lbalen->len = total_len;
6793	lbalen->flags = 0;
6794	retval = lun->backend->config_read((union ctl_io *)ctsio);
6795	return (CTL_RETVAL_COMPLETE);
6796}
6797
6798int
6799ctl_read_defect(struct ctl_scsiio *ctsio)
6800{
6801	struct scsi_read_defect_data_10 *ccb10;
6802	struct scsi_read_defect_data_12 *ccb12;
6803	struct scsi_read_defect_data_hdr_10 *data10;
6804	struct scsi_read_defect_data_hdr_12 *data12;
6805	uint32_t alloc_len, data_len;
6806	uint8_t format;
6807
6808	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6809
6810	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6811		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6812		format = ccb10->format;
6813		alloc_len = scsi_2btoul(ccb10->alloc_length);
6814		data_len = sizeof(*data10);
6815	} else {
6816		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6817		format = ccb12->format;
6818		alloc_len = scsi_4btoul(ccb12->alloc_length);
6819		data_len = sizeof(*data12);
6820	}
6821	if (alloc_len == 0) {
6822		ctl_set_success(ctsio);
6823		ctl_done((union ctl_io *)ctsio);
6824		return (CTL_RETVAL_COMPLETE);
6825	}
6826
6827	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6828	if (data_len < alloc_len) {
6829		ctsio->residual = alloc_len - data_len;
6830		ctsio->kern_data_len = data_len;
6831		ctsio->kern_total_len = data_len;
6832	} else {
6833		ctsio->residual = 0;
6834		ctsio->kern_data_len = alloc_len;
6835		ctsio->kern_total_len = alloc_len;
6836	}
6837	ctsio->kern_data_resid = 0;
6838	ctsio->kern_rel_offset = 0;
6839	ctsio->kern_sg_entries = 0;
6840
6841	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6842		data10 = (struct scsi_read_defect_data_hdr_10 *)
6843		    ctsio->kern_data_ptr;
6844		data10->format = format;
6845		scsi_ulto2b(0, data10->length);
6846	} else {
6847		data12 = (struct scsi_read_defect_data_hdr_12 *)
6848		    ctsio->kern_data_ptr;
6849		data12->format = format;
6850		scsi_ulto2b(0, data12->generation);
6851		scsi_ulto4b(0, data12->length);
6852	}
6853
6854	ctl_set_success(ctsio);
6855	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6856	ctsio->be_move_done = ctl_config_move_done;
6857	ctl_datamove((union ctl_io *)ctsio);
6858	return (CTL_RETVAL_COMPLETE);
6859}
6860
6861int
6862ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
6863{
6864	struct scsi_maintenance_in *cdb;
6865	int retval;
6866	int alloc_len, ext, total_len = 0, g, p, pc, pg, gs, os;
6867	int num_target_port_groups, num_target_ports;
6868	struct ctl_lun *lun;
6869	struct ctl_softc *softc;
6870	struct ctl_port *port;
6871	struct scsi_target_group_data *rtg_ptr;
6872	struct scsi_target_group_data_extended *rtg_ext_ptr;
6873	struct scsi_target_port_group_descriptor *tpg_desc;
6874
6875	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
6876
6877	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
6878	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6879	softc = lun->ctl_softc;
6880
6881	retval = CTL_RETVAL_COMPLETE;
6882
6883	switch (cdb->byte2 & STG_PDF_MASK) {
6884	case STG_PDF_LENGTH:
6885		ext = 0;
6886		break;
6887	case STG_PDF_EXTENDED:
6888		ext = 1;
6889		break;
6890	default:
6891		ctl_set_invalid_field(/*ctsio*/ ctsio,
6892				      /*sks_valid*/ 1,
6893				      /*command*/ 1,
6894				      /*field*/ 2,
6895				      /*bit_valid*/ 1,
6896				      /*bit*/ 5);
6897		ctl_done((union ctl_io *)ctsio);
6898		return(retval);
6899	}
6900
6901	if (softc->is_single)
6902		num_target_port_groups = 1;
6903	else
6904		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
6905	num_target_ports = 0;
6906	mtx_lock(&softc->ctl_lock);
6907	STAILQ_FOREACH(port, &softc->port_list, links) {
6908		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
6909			continue;
6910		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
6911			continue;
6912		num_target_ports++;
6913	}
6914	mtx_unlock(&softc->ctl_lock);
6915
6916	if (ext)
6917		total_len = sizeof(struct scsi_target_group_data_extended);
6918	else
6919		total_len = sizeof(struct scsi_target_group_data);
6920	total_len += sizeof(struct scsi_target_port_group_descriptor) *
6921		num_target_port_groups +
6922	    sizeof(struct scsi_target_port_descriptor) *
6923		num_target_ports * num_target_port_groups;
6924
6925	alloc_len = scsi_4btoul(cdb->length);
6926
6927	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6928
6929	ctsio->kern_sg_entries = 0;
6930
6931	if (total_len < alloc_len) {
6932		ctsio->residual = alloc_len - total_len;
6933		ctsio->kern_data_len = total_len;
6934		ctsio->kern_total_len = total_len;
6935	} else {
6936		ctsio->residual = 0;
6937		ctsio->kern_data_len = alloc_len;
6938		ctsio->kern_total_len = alloc_len;
6939	}
6940	ctsio->kern_data_resid = 0;
6941	ctsio->kern_rel_offset = 0;
6942
6943	if (ext) {
6944		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
6945		    ctsio->kern_data_ptr;
6946		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
6947		rtg_ext_ptr->format_type = 0x10;
6948		rtg_ext_ptr->implicit_transition_time = 0;
6949		tpg_desc = &rtg_ext_ptr->groups[0];
6950	} else {
6951		rtg_ptr = (struct scsi_target_group_data *)
6952		    ctsio->kern_data_ptr;
6953		scsi_ulto4b(total_len - 4, rtg_ptr->length);
6954		tpg_desc = &rtg_ptr->groups[0];
6955	}
6956
6957	mtx_lock(&softc->ctl_lock);
6958	pg = softc->port_offset / CTL_MAX_PORTS;
6959	if (softc->flags & CTL_FLAG_ACTIVE_SHELF) {
6960		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY) {
6961			gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
6962			os = TPG_ASYMMETRIC_ACCESS_STANDBY;
6963		} else if (lun->flags & CTL_LUN_PRIMARY_SC) {
6964			gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
6965			os = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6966		} else {
6967			gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
6968			os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
6969		}
6970	} else {
6971		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
6972		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
6973	}
6974	for (g = 0; g < num_target_port_groups; g++) {
6975		tpg_desc->pref_state = (g == pg) ? gs : os;
6976		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP;
6977		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
6978		tpg_desc->status = TPG_IMPLICIT;
6979		pc = 0;
6980		STAILQ_FOREACH(port, &softc->port_list, links) {
6981			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
6982				continue;
6983			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
6984				continue;
6985			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
6986			scsi_ulto2b(p, tpg_desc->descriptors[pc].
6987			    relative_target_port_identifier);
6988			pc++;
6989		}
6990		tpg_desc->target_port_count = pc;
6991		tpg_desc = (struct scsi_target_port_group_descriptor *)
6992		    &tpg_desc->descriptors[pc];
6993	}
6994	mtx_unlock(&softc->ctl_lock);
6995
6996	ctl_set_success(ctsio);
6997	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6998	ctsio->be_move_done = ctl_config_move_done;
6999	ctl_datamove((union ctl_io *)ctsio);
7000	return(retval);
7001}
7002
7003int
7004ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7005{
7006	struct ctl_lun *lun;
7007	struct scsi_report_supported_opcodes *cdb;
7008	const struct ctl_cmd_entry *entry, *sentry;
7009	struct scsi_report_supported_opcodes_all *all;
7010	struct scsi_report_supported_opcodes_descr *descr;
7011	struct scsi_report_supported_opcodes_one *one;
7012	int retval;
7013	int alloc_len, total_len;
7014	int opcode, service_action, i, j, num;
7015
7016	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7017
7018	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7019	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7020
7021	retval = CTL_RETVAL_COMPLETE;
7022
7023	opcode = cdb->requested_opcode;
7024	service_action = scsi_2btoul(cdb->requested_service_action);
7025	switch (cdb->options & RSO_OPTIONS_MASK) {
7026	case RSO_OPTIONS_ALL:
7027		num = 0;
7028		for (i = 0; i < 256; i++) {
7029			entry = &ctl_cmd_table[i];
7030			if (entry->flags & CTL_CMD_FLAG_SA5) {
7031				for (j = 0; j < 32; j++) {
7032					sentry = &((const struct ctl_cmd_entry *)
7033					    entry->execute)[j];
7034					if (ctl_cmd_applicable(
7035					    lun->be_lun->lun_type, sentry))
7036						num++;
7037				}
7038			} else {
7039				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7040				    entry))
7041					num++;
7042			}
7043		}
7044		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7045		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7046		break;
7047	case RSO_OPTIONS_OC:
7048		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7049			ctl_set_invalid_field(/*ctsio*/ ctsio,
7050					      /*sks_valid*/ 1,
7051					      /*command*/ 1,
7052					      /*field*/ 2,
7053					      /*bit_valid*/ 1,
7054					      /*bit*/ 2);
7055			ctl_done((union ctl_io *)ctsio);
7056			return (CTL_RETVAL_COMPLETE);
7057		}
7058		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7059		break;
7060	case RSO_OPTIONS_OC_SA:
7061		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7062		    service_action >= 32) {
7063			ctl_set_invalid_field(/*ctsio*/ ctsio,
7064					      /*sks_valid*/ 1,
7065					      /*command*/ 1,
7066					      /*field*/ 2,
7067					      /*bit_valid*/ 1,
7068					      /*bit*/ 2);
7069			ctl_done((union ctl_io *)ctsio);
7070			return (CTL_RETVAL_COMPLETE);
7071		}
7072		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7073		break;
7074	default:
7075		ctl_set_invalid_field(/*ctsio*/ ctsio,
7076				      /*sks_valid*/ 1,
7077				      /*command*/ 1,
7078				      /*field*/ 2,
7079				      /*bit_valid*/ 1,
7080				      /*bit*/ 2);
7081		ctl_done((union ctl_io *)ctsio);
7082		return (CTL_RETVAL_COMPLETE);
7083	}
7084
7085	alloc_len = scsi_4btoul(cdb->length);
7086
7087	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7088
7089	ctsio->kern_sg_entries = 0;
7090
7091	if (total_len < alloc_len) {
7092		ctsio->residual = alloc_len - total_len;
7093		ctsio->kern_data_len = total_len;
7094		ctsio->kern_total_len = total_len;
7095	} else {
7096		ctsio->residual = 0;
7097		ctsio->kern_data_len = alloc_len;
7098		ctsio->kern_total_len = alloc_len;
7099	}
7100	ctsio->kern_data_resid = 0;
7101	ctsio->kern_rel_offset = 0;
7102
7103	switch (cdb->options & RSO_OPTIONS_MASK) {
7104	case RSO_OPTIONS_ALL:
7105		all = (struct scsi_report_supported_opcodes_all *)
7106		    ctsio->kern_data_ptr;
7107		num = 0;
7108		for (i = 0; i < 256; i++) {
7109			entry = &ctl_cmd_table[i];
7110			if (entry->flags & CTL_CMD_FLAG_SA5) {
7111				for (j = 0; j < 32; j++) {
7112					sentry = &((const struct ctl_cmd_entry *)
7113					    entry->execute)[j];
7114					if (!ctl_cmd_applicable(
7115					    lun->be_lun->lun_type, sentry))
7116						continue;
7117					descr = &all->descr[num++];
7118					descr->opcode = i;
7119					scsi_ulto2b(j, descr->service_action);
7120					descr->flags = RSO_SERVACTV;
7121					scsi_ulto2b(sentry->length,
7122					    descr->cdb_length);
7123				}
7124			} else {
7125				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7126				    entry))
7127					continue;
7128				descr = &all->descr[num++];
7129				descr->opcode = i;
7130				scsi_ulto2b(0, descr->service_action);
7131				descr->flags = 0;
7132				scsi_ulto2b(entry->length, descr->cdb_length);
7133			}
7134		}
7135		scsi_ulto4b(
7136		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7137		    all->length);
7138		break;
7139	case RSO_OPTIONS_OC:
7140		one = (struct scsi_report_supported_opcodes_one *)
7141		    ctsio->kern_data_ptr;
7142		entry = &ctl_cmd_table[opcode];
7143		goto fill_one;
7144	case RSO_OPTIONS_OC_SA:
7145		one = (struct scsi_report_supported_opcodes_one *)
7146		    ctsio->kern_data_ptr;
7147		entry = &ctl_cmd_table[opcode];
7148		entry = &((const struct ctl_cmd_entry *)
7149		    entry->execute)[service_action];
7150fill_one:
7151		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7152			one->support = 3;
7153			scsi_ulto2b(entry->length, one->cdb_length);
7154			one->cdb_usage[0] = opcode;
7155			memcpy(&one->cdb_usage[1], entry->usage,
7156			    entry->length - 1);
7157		} else
7158			one->support = 1;
7159		break;
7160	}
7161
7162	ctl_set_success(ctsio);
7163	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7164	ctsio->be_move_done = ctl_config_move_done;
7165	ctl_datamove((union ctl_io *)ctsio);
7166	return(retval);
7167}
7168
7169int
7170ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7171{
7172	struct scsi_report_supported_tmf *cdb;
7173	struct scsi_report_supported_tmf_data *data;
7174	int retval;
7175	int alloc_len, total_len;
7176
7177	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7178
7179	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7180
7181	retval = CTL_RETVAL_COMPLETE;
7182
7183	total_len = sizeof(struct scsi_report_supported_tmf_data);
7184	alloc_len = scsi_4btoul(cdb->length);
7185
7186	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7187
7188	ctsio->kern_sg_entries = 0;
7189
7190	if (total_len < alloc_len) {
7191		ctsio->residual = alloc_len - total_len;
7192		ctsio->kern_data_len = total_len;
7193		ctsio->kern_total_len = total_len;
7194	} else {
7195		ctsio->residual = 0;
7196		ctsio->kern_data_len = alloc_len;
7197		ctsio->kern_total_len = alloc_len;
7198	}
7199	ctsio->kern_data_resid = 0;
7200	ctsio->kern_rel_offset = 0;
7201
7202	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7203	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7204	data->byte2 |= RST_ITNRS;
7205
7206	ctl_set_success(ctsio);
7207	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7208	ctsio->be_move_done = ctl_config_move_done;
7209	ctl_datamove((union ctl_io *)ctsio);
7210	return (retval);
7211}
7212
7213int
7214ctl_report_timestamp(struct ctl_scsiio *ctsio)
7215{
7216	struct scsi_report_timestamp *cdb;
7217	struct scsi_report_timestamp_data *data;
7218	struct timeval tv;
7219	int64_t timestamp;
7220	int retval;
7221	int alloc_len, total_len;
7222
7223	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7224
7225	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7226
7227	retval = CTL_RETVAL_COMPLETE;
7228
7229	total_len = sizeof(struct scsi_report_timestamp_data);
7230	alloc_len = scsi_4btoul(cdb->length);
7231
7232	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7233
7234	ctsio->kern_sg_entries = 0;
7235
7236	if (total_len < alloc_len) {
7237		ctsio->residual = alloc_len - total_len;
7238		ctsio->kern_data_len = total_len;
7239		ctsio->kern_total_len = total_len;
7240	} else {
7241		ctsio->residual = 0;
7242		ctsio->kern_data_len = alloc_len;
7243		ctsio->kern_total_len = alloc_len;
7244	}
7245	ctsio->kern_data_resid = 0;
7246	ctsio->kern_rel_offset = 0;
7247
7248	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7249	scsi_ulto2b(sizeof(*data) - 2, data->length);
7250	data->origin = RTS_ORIG_OUTSIDE;
7251	getmicrotime(&tv);
7252	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7253	scsi_ulto4b(timestamp >> 16, data->timestamp);
7254	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7255
7256	ctl_set_success(ctsio);
7257	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7258	ctsio->be_move_done = ctl_config_move_done;
7259	ctl_datamove((union ctl_io *)ctsio);
7260	return (retval);
7261}
7262
7263int
7264ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7265{
7266	struct scsi_per_res_in *cdb;
7267	int alloc_len, total_len = 0;
7268	/* struct scsi_per_res_in_rsrv in_data; */
7269	struct ctl_lun *lun;
7270	struct ctl_softc *softc;
7271	uint64_t key;
7272
7273	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7274
7275	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7276
7277	alloc_len = scsi_2btoul(cdb->length);
7278
7279	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7280	softc = lun->ctl_softc;
7281
7282retry:
7283	mtx_lock(&lun->lun_lock);
7284	switch (cdb->action) {
7285	case SPRI_RK: /* read keys */
7286		total_len = sizeof(struct scsi_per_res_in_keys) +
7287			lun->pr_key_count *
7288			sizeof(struct scsi_per_res_key);
7289		break;
7290	case SPRI_RR: /* read reservation */
7291		if (lun->flags & CTL_LUN_PR_RESERVED)
7292			total_len = sizeof(struct scsi_per_res_in_rsrv);
7293		else
7294			total_len = sizeof(struct scsi_per_res_in_header);
7295		break;
7296	case SPRI_RC: /* report capabilities */
7297		total_len = sizeof(struct scsi_per_res_cap);
7298		break;
7299	case SPRI_RS: /* read full status */
7300		total_len = sizeof(struct scsi_per_res_in_header) +
7301		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7302		    lun->pr_key_count;
7303		break;
7304	default:
7305		panic("Invalid PR type %x", cdb->action);
7306	}
7307	mtx_unlock(&lun->lun_lock);
7308
7309	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7310
7311	if (total_len < alloc_len) {
7312		ctsio->residual = alloc_len - total_len;
7313		ctsio->kern_data_len = total_len;
7314		ctsio->kern_total_len = total_len;
7315	} else {
7316		ctsio->residual = 0;
7317		ctsio->kern_data_len = alloc_len;
7318		ctsio->kern_total_len = alloc_len;
7319	}
7320
7321	ctsio->kern_data_resid = 0;
7322	ctsio->kern_rel_offset = 0;
7323	ctsio->kern_sg_entries = 0;
7324
7325	mtx_lock(&lun->lun_lock);
7326	switch (cdb->action) {
7327	case SPRI_RK: { // read keys
7328        struct scsi_per_res_in_keys *res_keys;
7329		int i, key_count;
7330
7331		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7332
7333		/*
7334		 * We had to drop the lock to allocate our buffer, which
7335		 * leaves time for someone to come in with another
7336		 * persistent reservation.  (That is unlikely, though,
7337		 * since this should be the only persistent reservation
7338		 * command active right now.)
7339		 */
7340		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7341		    (lun->pr_key_count *
7342		     sizeof(struct scsi_per_res_key)))){
7343			mtx_unlock(&lun->lun_lock);
7344			free(ctsio->kern_data_ptr, M_CTL);
7345			printf("%s: reservation length changed, retrying\n",
7346			       __func__);
7347			goto retry;
7348		}
7349
7350		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7351
7352		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7353			     lun->pr_key_count, res_keys->header.length);
7354
7355		for (i = 0, key_count = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7356			if ((key = ctl_get_prkey(lun, i)) == 0)
7357				continue;
7358
7359			/*
7360			 * We used lun->pr_key_count to calculate the
7361			 * size to allocate.  If it turns out the number of
7362			 * initiators with the registered flag set is
7363			 * larger than that (i.e. they haven't been kept in
7364			 * sync), we've got a problem.
7365			 */
7366			if (key_count >= lun->pr_key_count) {
7367#ifdef NEEDTOPORT
7368				csevent_log(CSC_CTL | CSC_SHELF_SW |
7369					    CTL_PR_ERROR,
7370					    csevent_LogType_Fault,
7371					    csevent_AlertLevel_Yellow,
7372					    csevent_FRU_ShelfController,
7373					    csevent_FRU_Firmware,
7374				        csevent_FRU_Unknown,
7375					    "registered keys %d >= key "
7376					    "count %d", key_count,
7377					    lun->pr_key_count);
7378#endif
7379				key_count++;
7380				continue;
7381			}
7382			scsi_u64to8b(key, res_keys->keys[key_count].key);
7383			key_count++;
7384		}
7385		break;
7386	}
7387	case SPRI_RR: { // read reservation
7388		struct scsi_per_res_in_rsrv *res;
7389		int tmp_len, header_only;
7390
7391		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7392
7393		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7394
7395		if (lun->flags & CTL_LUN_PR_RESERVED)
7396		{
7397			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7398			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7399				    res->header.length);
7400			header_only = 0;
7401		} else {
7402			tmp_len = sizeof(struct scsi_per_res_in_header);
7403			scsi_ulto4b(0, res->header.length);
7404			header_only = 1;
7405		}
7406
7407		/*
7408		 * We had to drop the lock to allocate our buffer, which
7409		 * leaves time for someone to come in with another
7410		 * persistent reservation.  (That is unlikely, though,
7411		 * since this should be the only persistent reservation
7412		 * command active right now.)
7413		 */
7414		if (tmp_len != total_len) {
7415			mtx_unlock(&lun->lun_lock);
7416			free(ctsio->kern_data_ptr, M_CTL);
7417			printf("%s: reservation status changed, retrying\n",
7418			       __func__);
7419			goto retry;
7420		}
7421
7422		/*
7423		 * No reservation held, so we're done.
7424		 */
7425		if (header_only != 0)
7426			break;
7427
7428		/*
7429		 * If the registration is an All Registrants type, the key
7430		 * is 0, since it doesn't really matter.
7431		 */
7432		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7433			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7434			    res->data.reservation);
7435		}
7436		res->data.scopetype = lun->res_type;
7437		break;
7438	}
7439	case SPRI_RC:     //report capabilities
7440	{
7441		struct scsi_per_res_cap *res_cap;
7442		uint16_t type_mask;
7443
7444		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7445		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7446		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7447		type_mask = SPRI_TM_WR_EX_AR |
7448			    SPRI_TM_EX_AC_RO |
7449			    SPRI_TM_WR_EX_RO |
7450			    SPRI_TM_EX_AC |
7451			    SPRI_TM_WR_EX |
7452			    SPRI_TM_EX_AC_AR;
7453		scsi_ulto2b(type_mask, res_cap->type_mask);
7454		break;
7455	}
7456	case SPRI_RS: { // read full status
7457		struct scsi_per_res_in_full *res_status;
7458		struct scsi_per_res_in_full_desc *res_desc;
7459		struct ctl_port *port;
7460		int i, len;
7461
7462		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7463
7464		/*
7465		 * We had to drop the lock to allocate our buffer, which
7466		 * leaves time for someone to come in with another
7467		 * persistent reservation.  (That is unlikely, though,
7468		 * since this should be the only persistent reservation
7469		 * command active right now.)
7470		 */
7471		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7472		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7473		     lun->pr_key_count)){
7474			mtx_unlock(&lun->lun_lock);
7475			free(ctsio->kern_data_ptr, M_CTL);
7476			printf("%s: reservation length changed, retrying\n",
7477			       __func__);
7478			goto retry;
7479		}
7480
7481		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7482
7483		res_desc = &res_status->desc[0];
7484		for (i = 0; i < 2*CTL_MAX_INITIATORS; i++) {
7485			if ((key = ctl_get_prkey(lun, i)) == 0)
7486				continue;
7487
7488			scsi_u64to8b(key, res_desc->res_key.key);
7489			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7490			    (lun->pr_res_idx == i ||
7491			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7492				res_desc->flags = SPRI_FULL_R_HOLDER;
7493				res_desc->scopetype = lun->res_type;
7494			}
7495			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7496			    res_desc->rel_trgt_port_id);
7497			len = 0;
7498			port = softc->ctl_ports[
7499			    ctl_port_idx(i / CTL_MAX_INIT_PER_PORT)];
7500			if (port != NULL)
7501				len = ctl_create_iid(port,
7502				    i % CTL_MAX_INIT_PER_PORT,
7503				    res_desc->transport_id);
7504			scsi_ulto4b(len, res_desc->additional_length);
7505			res_desc = (struct scsi_per_res_in_full_desc *)
7506			    &res_desc->transport_id[len];
7507		}
7508		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7509		    res_status->header.length);
7510		break;
7511	}
7512	default:
7513		/*
7514		 * This is a bug, because we just checked for this above,
7515		 * and should have returned an error.
7516		 */
7517		panic("Invalid PR type %x", cdb->action);
7518		break; /* NOTREACHED */
7519	}
7520	mtx_unlock(&lun->lun_lock);
7521
7522	ctl_set_success(ctsio);
7523	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7524	ctsio->be_move_done = ctl_config_move_done;
7525	ctl_datamove((union ctl_io *)ctsio);
7526	return (CTL_RETVAL_COMPLETE);
7527}
7528
7529static void
7530ctl_est_res_ua(struct ctl_lun *lun, uint32_t residx, ctl_ua_type ua)
7531{
7532	int off = lun->ctl_softc->persis_offset;
7533
7534	if (residx >= off && residx < off + CTL_MAX_INITIATORS)
7535		ctl_est_ua(lun, residx - off, ua);
7536}
7537
7538/*
7539 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7540 * it should return.
7541 */
7542static int
7543ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7544		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7545		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7546		struct scsi_per_res_out_parms* param)
7547{
7548	union ctl_ha_msg persis_io;
7549	int retval, i;
7550	int isc_retval;
7551
7552	retval = 0;
7553
7554	mtx_lock(&lun->lun_lock);
7555	if (sa_res_key == 0) {
7556		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7557			/* validate scope and type */
7558			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7559			     SPR_LU_SCOPE) {
7560				mtx_unlock(&lun->lun_lock);
7561				ctl_set_invalid_field(/*ctsio*/ ctsio,
7562						      /*sks_valid*/ 1,
7563						      /*command*/ 1,
7564						      /*field*/ 2,
7565						      /*bit_valid*/ 1,
7566						      /*bit*/ 4);
7567				ctl_done((union ctl_io *)ctsio);
7568				return (1);
7569			}
7570
7571		        if (type>8 || type==2 || type==4 || type==0) {
7572				mtx_unlock(&lun->lun_lock);
7573				ctl_set_invalid_field(/*ctsio*/ ctsio,
7574       	           				      /*sks_valid*/ 1,
7575						      /*command*/ 1,
7576						      /*field*/ 2,
7577						      /*bit_valid*/ 1,
7578						      /*bit*/ 0);
7579				ctl_done((union ctl_io *)ctsio);
7580				return (1);
7581		        }
7582
7583			/*
7584			 * Unregister everybody else and build UA for
7585			 * them
7586			 */
7587			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7588				if (i == residx || ctl_get_prkey(lun, i) == 0)
7589					continue;
7590
7591				ctl_clr_prkey(lun, i);
7592				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7593			}
7594			lun->pr_key_count = 1;
7595			lun->res_type = type;
7596			if (lun->res_type != SPR_TYPE_WR_EX_AR
7597			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7598				lun->pr_res_idx = residx;
7599
7600			/* send msg to other side */
7601			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7602			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7603			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7604			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7605			persis_io.pr.pr_info.res_type = type;
7606			memcpy(persis_io.pr.pr_info.sa_res_key,
7607			       param->serv_act_res_key,
7608			       sizeof(param->serv_act_res_key));
7609			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7610			     &persis_io, sizeof(persis_io), 0)) >
7611			     CTL_HA_STATUS_SUCCESS) {
7612				printf("CTL:Persis Out error returned "
7613				       "from ctl_ha_msg_send %d\n",
7614				       isc_retval);
7615			}
7616		} else {
7617			/* not all registrants */
7618			mtx_unlock(&lun->lun_lock);
7619			free(ctsio->kern_data_ptr, M_CTL);
7620			ctl_set_invalid_field(ctsio,
7621					      /*sks_valid*/ 1,
7622					      /*command*/ 0,
7623					      /*field*/ 8,
7624					      /*bit_valid*/ 0,
7625					      /*bit*/ 0);
7626			ctl_done((union ctl_io *)ctsio);
7627			return (1);
7628		}
7629	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7630		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7631		int found = 0;
7632
7633		if (res_key == sa_res_key) {
7634			/* special case */
7635			/*
7636			 * The spec implies this is not good but doesn't
7637			 * say what to do. There are two choices either
7638			 * generate a res conflict or check condition
7639			 * with illegal field in parameter data. Since
7640			 * that is what is done when the sa_res_key is
7641			 * zero I'll take that approach since this has
7642			 * to do with the sa_res_key.
7643			 */
7644			mtx_unlock(&lun->lun_lock);
7645			free(ctsio->kern_data_ptr, M_CTL);
7646			ctl_set_invalid_field(ctsio,
7647					      /*sks_valid*/ 1,
7648					      /*command*/ 0,
7649					      /*field*/ 8,
7650					      /*bit_valid*/ 0,
7651					      /*bit*/ 0);
7652			ctl_done((union ctl_io *)ctsio);
7653			return (1);
7654		}
7655
7656		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7657			if (ctl_get_prkey(lun, i) != sa_res_key)
7658				continue;
7659
7660			found = 1;
7661			ctl_clr_prkey(lun, i);
7662			lun->pr_key_count--;
7663			ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7664		}
7665		if (!found) {
7666			mtx_unlock(&lun->lun_lock);
7667			free(ctsio->kern_data_ptr, M_CTL);
7668			ctl_set_reservation_conflict(ctsio);
7669			ctl_done((union ctl_io *)ctsio);
7670			return (CTL_RETVAL_COMPLETE);
7671		}
7672		/* send msg to other side */
7673		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7674		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7675		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7676		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7677		persis_io.pr.pr_info.res_type = type;
7678		memcpy(persis_io.pr.pr_info.sa_res_key,
7679		       param->serv_act_res_key,
7680		       sizeof(param->serv_act_res_key));
7681		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7682		     &persis_io, sizeof(persis_io), 0)) >
7683		     CTL_HA_STATUS_SUCCESS) {
7684			printf("CTL:Persis Out error returned from "
7685			       "ctl_ha_msg_send %d\n", isc_retval);
7686		}
7687	} else {
7688		/* Reserved but not all registrants */
7689		/* sa_res_key is res holder */
7690		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7691			/* validate scope and type */
7692			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7693			     SPR_LU_SCOPE) {
7694				mtx_unlock(&lun->lun_lock);
7695				ctl_set_invalid_field(/*ctsio*/ ctsio,
7696						      /*sks_valid*/ 1,
7697						      /*command*/ 1,
7698						      /*field*/ 2,
7699						      /*bit_valid*/ 1,
7700						      /*bit*/ 4);
7701				ctl_done((union ctl_io *)ctsio);
7702				return (1);
7703			}
7704
7705			if (type>8 || type==2 || type==4 || type==0) {
7706				mtx_unlock(&lun->lun_lock);
7707				ctl_set_invalid_field(/*ctsio*/ ctsio,
7708						      /*sks_valid*/ 1,
7709						      /*command*/ 1,
7710						      /*field*/ 2,
7711						      /*bit_valid*/ 1,
7712						      /*bit*/ 0);
7713				ctl_done((union ctl_io *)ctsio);
7714				return (1);
7715			}
7716
7717			/*
7718			 * Do the following:
7719			 * if sa_res_key != res_key remove all
7720			 * registrants w/sa_res_key and generate UA
7721			 * for these registrants(Registrations
7722			 * Preempted) if it wasn't an exclusive
7723			 * reservation generate UA(Reservations
7724			 * Preempted) for all other registered nexuses
7725			 * if the type has changed. Establish the new
7726			 * reservation and holder. If res_key and
7727			 * sa_res_key are the same do the above
7728			 * except don't unregister the res holder.
7729			 */
7730
7731			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7732				if (i == residx || ctl_get_prkey(lun, i) == 0)
7733					continue;
7734
7735				if (sa_res_key == ctl_get_prkey(lun, i)) {
7736					ctl_clr_prkey(lun, i);
7737					lun->pr_key_count--;
7738					ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7739				} else if (type != lun->res_type
7740					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7741					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7742					ctl_est_res_ua(lun, i, CTL_UA_RES_RELEASE);
7743				}
7744			}
7745			lun->res_type = type;
7746			if (lun->res_type != SPR_TYPE_WR_EX_AR
7747			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7748				lun->pr_res_idx = residx;
7749			else
7750				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7751
7752			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7753			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7754			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7755			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7756			persis_io.pr.pr_info.res_type = type;
7757			memcpy(persis_io.pr.pr_info.sa_res_key,
7758			       param->serv_act_res_key,
7759			       sizeof(param->serv_act_res_key));
7760			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7761			     &persis_io, sizeof(persis_io), 0)) >
7762			     CTL_HA_STATUS_SUCCESS) {
7763				printf("CTL:Persis Out error returned "
7764				       "from ctl_ha_msg_send %d\n",
7765				       isc_retval);
7766			}
7767		} else {
7768			/*
7769			 * sa_res_key is not the res holder just
7770			 * remove registrants
7771			 */
7772			int found=0;
7773
7774			for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7775				if (sa_res_key != ctl_get_prkey(lun, i))
7776					continue;
7777
7778				found = 1;
7779				ctl_clr_prkey(lun, i);
7780				lun->pr_key_count--;
7781				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7782			}
7783
7784			if (!found) {
7785				mtx_unlock(&lun->lun_lock);
7786				free(ctsio->kern_data_ptr, M_CTL);
7787				ctl_set_reservation_conflict(ctsio);
7788				ctl_done((union ctl_io *)ctsio);
7789		        	return (1);
7790			}
7791			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7792			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7793			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7794			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7795			persis_io.pr.pr_info.res_type = type;
7796			memcpy(persis_io.pr.pr_info.sa_res_key,
7797			       param->serv_act_res_key,
7798			       sizeof(param->serv_act_res_key));
7799			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
7800			     &persis_io, sizeof(persis_io), 0)) >
7801			     CTL_HA_STATUS_SUCCESS) {
7802				printf("CTL:Persis Out error returned "
7803				       "from ctl_ha_msg_send %d\n",
7804				isc_retval);
7805			}
7806		}
7807	}
7808
7809	lun->PRGeneration++;
7810	mtx_unlock(&lun->lun_lock);
7811
7812	return (retval);
7813}
7814
7815static void
7816ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7817{
7818	uint64_t sa_res_key;
7819	int i;
7820
7821	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7822
7823	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7824	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7825	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7826		if (sa_res_key == 0) {
7827			/*
7828			 * Unregister everybody else and build UA for
7829			 * them
7830			 */
7831			for(i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7832				if (i == msg->pr.pr_info.residx ||
7833				    ctl_get_prkey(lun, i) == 0)
7834					continue;
7835
7836				ctl_clr_prkey(lun, i);
7837				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7838			}
7839
7840			lun->pr_key_count = 1;
7841			lun->res_type = msg->pr.pr_info.res_type;
7842			if (lun->res_type != SPR_TYPE_WR_EX_AR
7843			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7844				lun->pr_res_idx = msg->pr.pr_info.residx;
7845		} else {
7846		        for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7847				if (sa_res_key == ctl_get_prkey(lun, i))
7848					continue;
7849
7850				ctl_clr_prkey(lun, i);
7851				lun->pr_key_count--;
7852				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7853			}
7854		}
7855	} else {
7856		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
7857			if (i == msg->pr.pr_info.residx ||
7858			    ctl_get_prkey(lun, i) == 0)
7859				continue;
7860
7861			if (sa_res_key == ctl_get_prkey(lun, i)) {
7862				ctl_clr_prkey(lun, i);
7863				lun->pr_key_count--;
7864				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
7865			} else if (msg->pr.pr_info.res_type != lun->res_type
7866				&& (lun->res_type == SPR_TYPE_WR_EX_RO
7867				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
7868				ctl_est_res_ua(lun, i, CTL_UA_RES_RELEASE);
7869			}
7870		}
7871		lun->res_type = msg->pr.pr_info.res_type;
7872		if (lun->res_type != SPR_TYPE_WR_EX_AR
7873		 && lun->res_type != SPR_TYPE_EX_AC_AR)
7874			lun->pr_res_idx = msg->pr.pr_info.residx;
7875		else
7876			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7877	}
7878	lun->PRGeneration++;
7879
7880}
7881
7882
7883int
7884ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
7885{
7886	int retval;
7887	int isc_retval;
7888	u_int32_t param_len;
7889	struct scsi_per_res_out *cdb;
7890	struct ctl_lun *lun;
7891	struct scsi_per_res_out_parms* param;
7892	struct ctl_softc *softc;
7893	uint32_t residx;
7894	uint64_t res_key, sa_res_key, key;
7895	uint8_t type;
7896	union ctl_ha_msg persis_io;
7897	int    i;
7898
7899	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
7900
7901	retval = CTL_RETVAL_COMPLETE;
7902
7903	cdb = (struct scsi_per_res_out *)ctsio->cdb;
7904	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7905	softc = lun->ctl_softc;
7906
7907	/*
7908	 * We only support whole-LUN scope.  The scope & type are ignored for
7909	 * register, register and ignore existing key and clear.
7910	 * We sometimes ignore scope and type on preempts too!!
7911	 * Verify reservation type here as well.
7912	 */
7913	type = cdb->scope_type & SPR_TYPE_MASK;
7914	if ((cdb->action == SPRO_RESERVE)
7915	 || (cdb->action == SPRO_RELEASE)) {
7916		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
7917			ctl_set_invalid_field(/*ctsio*/ ctsio,
7918					      /*sks_valid*/ 1,
7919					      /*command*/ 1,
7920					      /*field*/ 2,
7921					      /*bit_valid*/ 1,
7922					      /*bit*/ 4);
7923			ctl_done((union ctl_io *)ctsio);
7924			return (CTL_RETVAL_COMPLETE);
7925		}
7926
7927		if (type>8 || type==2 || type==4 || type==0) {
7928			ctl_set_invalid_field(/*ctsio*/ ctsio,
7929					      /*sks_valid*/ 1,
7930					      /*command*/ 1,
7931					      /*field*/ 2,
7932					      /*bit_valid*/ 1,
7933					      /*bit*/ 0);
7934			ctl_done((union ctl_io *)ctsio);
7935			return (CTL_RETVAL_COMPLETE);
7936		}
7937	}
7938
7939	param_len = scsi_4btoul(cdb->length);
7940
7941	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
7942		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
7943		ctsio->kern_data_len = param_len;
7944		ctsio->kern_total_len = param_len;
7945		ctsio->kern_data_resid = 0;
7946		ctsio->kern_rel_offset = 0;
7947		ctsio->kern_sg_entries = 0;
7948		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7949		ctsio->be_move_done = ctl_config_move_done;
7950		ctl_datamove((union ctl_io *)ctsio);
7951
7952		return (CTL_RETVAL_COMPLETE);
7953	}
7954
7955	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
7956
7957	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
7958	res_key = scsi_8btou64(param->res_key.key);
7959	sa_res_key = scsi_8btou64(param->serv_act_res_key);
7960
7961	/*
7962	 * Validate the reservation key here except for SPRO_REG_IGNO
7963	 * This must be done for all other service actions
7964	 */
7965	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
7966		mtx_lock(&lun->lun_lock);
7967		if ((key = ctl_get_prkey(lun, residx)) != 0) {
7968			if (res_key != key) {
7969				/*
7970				 * The current key passed in doesn't match
7971				 * the one the initiator previously
7972				 * registered.
7973				 */
7974				mtx_unlock(&lun->lun_lock);
7975				free(ctsio->kern_data_ptr, M_CTL);
7976				ctl_set_reservation_conflict(ctsio);
7977				ctl_done((union ctl_io *)ctsio);
7978				return (CTL_RETVAL_COMPLETE);
7979			}
7980		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
7981			/*
7982			 * We are not registered
7983			 */
7984			mtx_unlock(&lun->lun_lock);
7985			free(ctsio->kern_data_ptr, M_CTL);
7986			ctl_set_reservation_conflict(ctsio);
7987			ctl_done((union ctl_io *)ctsio);
7988			return (CTL_RETVAL_COMPLETE);
7989		} else if (res_key != 0) {
7990			/*
7991			 * We are not registered and trying to register but
7992			 * the register key isn't zero.
7993			 */
7994			mtx_unlock(&lun->lun_lock);
7995			free(ctsio->kern_data_ptr, M_CTL);
7996			ctl_set_reservation_conflict(ctsio);
7997			ctl_done((union ctl_io *)ctsio);
7998			return (CTL_RETVAL_COMPLETE);
7999		}
8000		mtx_unlock(&lun->lun_lock);
8001	}
8002
8003	switch (cdb->action & SPRO_ACTION_MASK) {
8004	case SPRO_REGISTER:
8005	case SPRO_REG_IGNO: {
8006
8007#if 0
8008		printf("Registration received\n");
8009#endif
8010
8011		/*
8012		 * We don't support any of these options, as we report in
8013		 * the read capabilities request (see
8014		 * ctl_persistent_reserve_in(), above).
8015		 */
8016		if ((param->flags & SPR_SPEC_I_PT)
8017		 || (param->flags & SPR_ALL_TG_PT)
8018		 || (param->flags & SPR_APTPL)) {
8019			int bit_ptr;
8020
8021			if (param->flags & SPR_APTPL)
8022				bit_ptr = 0;
8023			else if (param->flags & SPR_ALL_TG_PT)
8024				bit_ptr = 2;
8025			else /* SPR_SPEC_I_PT */
8026				bit_ptr = 3;
8027
8028			free(ctsio->kern_data_ptr, M_CTL);
8029			ctl_set_invalid_field(ctsio,
8030					      /*sks_valid*/ 1,
8031					      /*command*/ 0,
8032					      /*field*/ 20,
8033					      /*bit_valid*/ 1,
8034					      /*bit*/ bit_ptr);
8035			ctl_done((union ctl_io *)ctsio);
8036			return (CTL_RETVAL_COMPLETE);
8037		}
8038
8039		mtx_lock(&lun->lun_lock);
8040
8041		/*
8042		 * The initiator wants to clear the
8043		 * key/unregister.
8044		 */
8045		if (sa_res_key == 0) {
8046			if ((res_key == 0
8047			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8048			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8049			  && ctl_get_prkey(lun, residx) == 0)) {
8050				mtx_unlock(&lun->lun_lock);
8051				goto done;
8052			}
8053
8054			ctl_clr_prkey(lun, residx);
8055			lun->pr_key_count--;
8056
8057			if (residx == lun->pr_res_idx) {
8058				lun->flags &= ~CTL_LUN_PR_RESERVED;
8059				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8060
8061				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8062				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8063				 && lun->pr_key_count) {
8064					/*
8065					 * If the reservation is a registrants
8066					 * only type we need to generate a UA
8067					 * for other registered inits.  The
8068					 * sense code should be RESERVATIONS
8069					 * RELEASED
8070					 */
8071
8072					for (i = 0; i < CTL_MAX_INITIATORS;i++){
8073						if (ctl_get_prkey(lun, i +
8074						    softc->persis_offset) == 0)
8075							continue;
8076						ctl_est_ua(lun, i,
8077						    CTL_UA_RES_RELEASE);
8078					}
8079				}
8080				lun->res_type = 0;
8081			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8082				if (lun->pr_key_count==0) {
8083					lun->flags &= ~CTL_LUN_PR_RESERVED;
8084					lun->res_type = 0;
8085					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8086				}
8087			}
8088			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8089			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8090			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8091			persis_io.pr.pr_info.residx = residx;
8092			if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8093			     &persis_io, sizeof(persis_io), 0 )) >
8094			     CTL_HA_STATUS_SUCCESS) {
8095				printf("CTL:Persis Out error returned from "
8096				       "ctl_ha_msg_send %d\n", isc_retval);
8097			}
8098		} else /* sa_res_key != 0 */ {
8099
8100			/*
8101			 * If we aren't registered currently then increment
8102			 * the key count and set the registered flag.
8103			 */
8104			ctl_alloc_prkey(lun, residx);
8105			if (ctl_get_prkey(lun, residx) == 0)
8106				lun->pr_key_count++;
8107			ctl_set_prkey(lun, residx, sa_res_key);
8108
8109			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8110			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8111			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8112			persis_io.pr.pr_info.residx = residx;
8113			memcpy(persis_io.pr.pr_info.sa_res_key,
8114			       param->serv_act_res_key,
8115			       sizeof(param->serv_act_res_key));
8116			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8117			     &persis_io, sizeof(persis_io), 0)) >
8118			     CTL_HA_STATUS_SUCCESS) {
8119				printf("CTL:Persis Out error returned from "
8120				       "ctl_ha_msg_send %d\n", isc_retval);
8121			}
8122		}
8123		lun->PRGeneration++;
8124		mtx_unlock(&lun->lun_lock);
8125
8126		break;
8127	}
8128	case SPRO_RESERVE:
8129#if 0
8130                printf("Reserve executed type %d\n", type);
8131#endif
8132		mtx_lock(&lun->lun_lock);
8133		if (lun->flags & CTL_LUN_PR_RESERVED) {
8134			/*
8135			 * if this isn't the reservation holder and it's
8136			 * not a "all registrants" type or if the type is
8137			 * different then we have a conflict
8138			 */
8139			if ((lun->pr_res_idx != residx
8140			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8141			 || lun->res_type != type) {
8142				mtx_unlock(&lun->lun_lock);
8143				free(ctsio->kern_data_ptr, M_CTL);
8144				ctl_set_reservation_conflict(ctsio);
8145				ctl_done((union ctl_io *)ctsio);
8146				return (CTL_RETVAL_COMPLETE);
8147			}
8148			mtx_unlock(&lun->lun_lock);
8149		} else /* create a reservation */ {
8150			/*
8151			 * If it's not an "all registrants" type record
8152			 * reservation holder
8153			 */
8154			if (type != SPR_TYPE_WR_EX_AR
8155			 && type != SPR_TYPE_EX_AC_AR)
8156				lun->pr_res_idx = residx; /* Res holder */
8157			else
8158				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8159
8160			lun->flags |= CTL_LUN_PR_RESERVED;
8161			lun->res_type = type;
8162
8163			mtx_unlock(&lun->lun_lock);
8164
8165			/* send msg to other side */
8166			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8167			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8168			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8169			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8170			persis_io.pr.pr_info.res_type = type;
8171			if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
8172			     &persis_io, sizeof(persis_io), 0)) >
8173			     CTL_HA_STATUS_SUCCESS) {
8174				printf("CTL:Persis Out error returned from "
8175				       "ctl_ha_msg_send %d\n", isc_retval);
8176			}
8177		}
8178		break;
8179
8180	case SPRO_RELEASE:
8181		mtx_lock(&lun->lun_lock);
8182		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8183			/* No reservation exists return good status */
8184			mtx_unlock(&lun->lun_lock);
8185			goto done;
8186		}
8187		/*
8188		 * Is this nexus a reservation holder?
8189		 */
8190		if (lun->pr_res_idx != residx
8191		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8192			/*
8193			 * not a res holder return good status but
8194			 * do nothing
8195			 */
8196			mtx_unlock(&lun->lun_lock);
8197			goto done;
8198		}
8199
8200		if (lun->res_type != type) {
8201			mtx_unlock(&lun->lun_lock);
8202			free(ctsio->kern_data_ptr, M_CTL);
8203			ctl_set_illegal_pr_release(ctsio);
8204			ctl_done((union ctl_io *)ctsio);
8205			return (CTL_RETVAL_COMPLETE);
8206		}
8207
8208		/* okay to release */
8209		lun->flags &= ~CTL_LUN_PR_RESERVED;
8210		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8211		lun->res_type = 0;
8212
8213		/*
8214		 * if this isn't an exclusive access
8215		 * res generate UA for all other
8216		 * registrants.
8217		 */
8218		if (type != SPR_TYPE_EX_AC
8219		 && type != SPR_TYPE_WR_EX) {
8220			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8221				if (i == residx ||
8222				    ctl_get_prkey(lun,
8223				     i + softc->persis_offset) == 0)
8224					continue;
8225				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8226			}
8227		}
8228		mtx_unlock(&lun->lun_lock);
8229		/* Send msg to other side */
8230		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8231		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8232		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8233		if ((isc_retval=ctl_ha_msg_send( CTL_HA_CHAN_CTL, &persis_io,
8234		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8235			printf("CTL:Persis Out error returned from "
8236			       "ctl_ha_msg_send %d\n", isc_retval);
8237		}
8238		break;
8239
8240	case SPRO_CLEAR:
8241		/* send msg to other side */
8242
8243		mtx_lock(&lun->lun_lock);
8244		lun->flags &= ~CTL_LUN_PR_RESERVED;
8245		lun->res_type = 0;
8246		lun->pr_key_count = 0;
8247		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8248
8249		ctl_clr_prkey(lun, residx);
8250		for (i=0; i < 2*CTL_MAX_INITIATORS; i++)
8251			if (ctl_get_prkey(lun, i) != 0) {
8252				ctl_clr_prkey(lun, i);
8253				ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8254			}
8255		lun->PRGeneration++;
8256		mtx_unlock(&lun->lun_lock);
8257		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8258		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8259		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8260		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8261		     sizeof(persis_io), 0)) > CTL_HA_STATUS_SUCCESS) {
8262			printf("CTL:Persis Out error returned from "
8263			       "ctl_ha_msg_send %d\n", isc_retval);
8264		}
8265		break;
8266
8267	case SPRO_PREEMPT:
8268	case SPRO_PRE_ABO: {
8269		int nretval;
8270
8271		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8272					  residx, ctsio, cdb, param);
8273		if (nretval != 0)
8274			return (CTL_RETVAL_COMPLETE);
8275		break;
8276	}
8277	default:
8278		panic("Invalid PR type %x", cdb->action);
8279	}
8280
8281done:
8282	free(ctsio->kern_data_ptr, M_CTL);
8283	ctl_set_success(ctsio);
8284	ctl_done((union ctl_io *)ctsio);
8285
8286	return (retval);
8287}
8288
8289/*
8290 * This routine is for handling a message from the other SC pertaining to
8291 * persistent reserve out. All the error checking will have been done
8292 * so only perorming the action need be done here to keep the two
8293 * in sync.
8294 */
8295static void
8296ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8297{
8298	struct ctl_lun *lun;
8299	struct ctl_softc *softc;
8300	int i;
8301	uint32_t targ_lun;
8302
8303	softc = control_softc;
8304
8305	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8306	lun = softc->ctl_luns[targ_lun];
8307	mtx_lock(&lun->lun_lock);
8308	switch(msg->pr.pr_info.action) {
8309	case CTL_PR_REG_KEY:
8310		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8311		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8312			lun->pr_key_count++;
8313		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8314		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8315		lun->PRGeneration++;
8316		break;
8317
8318	case CTL_PR_UNREG_KEY:
8319		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8320		lun->pr_key_count--;
8321
8322		/* XXX Need to see if the reservation has been released */
8323		/* if so do we need to generate UA? */
8324		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8325			lun->flags &= ~CTL_LUN_PR_RESERVED;
8326			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8327
8328			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8329			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8330			 && lun->pr_key_count) {
8331				/*
8332				 * If the reservation is a registrants
8333				 * only type we need to generate a UA
8334				 * for other registered inits.  The
8335				 * sense code should be RESERVATIONS
8336				 * RELEASED
8337				 */
8338
8339				for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8340					if (ctl_get_prkey(lun, i +
8341					    softc->persis_offset) == 0)
8342						continue;
8343
8344					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8345				}
8346			}
8347			lun->res_type = 0;
8348		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8349			if (lun->pr_key_count==0) {
8350				lun->flags &= ~CTL_LUN_PR_RESERVED;
8351				lun->res_type = 0;
8352				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8353			}
8354		}
8355		lun->PRGeneration++;
8356		break;
8357
8358	case CTL_PR_RESERVE:
8359		lun->flags |= CTL_LUN_PR_RESERVED;
8360		lun->res_type = msg->pr.pr_info.res_type;
8361		lun->pr_res_idx = msg->pr.pr_info.residx;
8362
8363		break;
8364
8365	case CTL_PR_RELEASE:
8366		/*
8367		 * if this isn't an exclusive access res generate UA for all
8368		 * other registrants.
8369		 */
8370		if (lun->res_type != SPR_TYPE_EX_AC
8371		 && lun->res_type != SPR_TYPE_WR_EX) {
8372			for (i = 0; i < CTL_MAX_INITIATORS; i++)
8373				if (ctl_get_prkey(lun, i + softc->persis_offset) != 0)
8374					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8375		}
8376
8377		lun->flags &= ~CTL_LUN_PR_RESERVED;
8378		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8379		lun->res_type = 0;
8380		break;
8381
8382	case CTL_PR_PREEMPT:
8383		ctl_pro_preempt_other(lun, msg);
8384		break;
8385	case CTL_PR_CLEAR:
8386		lun->flags &= ~CTL_LUN_PR_RESERVED;
8387		lun->res_type = 0;
8388		lun->pr_key_count = 0;
8389		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8390
8391		for (i=0; i < 2*CTL_MAX_INITIATORS; i++) {
8392			if (ctl_get_prkey(lun, i) == 0)
8393				continue;
8394			ctl_clr_prkey(lun, i);
8395			ctl_est_res_ua(lun, i, CTL_UA_REG_PREEMPT);
8396		}
8397		lun->PRGeneration++;
8398		break;
8399	}
8400
8401	mtx_unlock(&lun->lun_lock);
8402}
8403
8404int
8405ctl_read_write(struct ctl_scsiio *ctsio)
8406{
8407	struct ctl_lun *lun;
8408	struct ctl_lba_len_flags *lbalen;
8409	uint64_t lba;
8410	uint32_t num_blocks;
8411	int flags, retval;
8412	int isread;
8413
8414	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8415
8416	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8417
8418	flags = 0;
8419	retval = CTL_RETVAL_COMPLETE;
8420
8421	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8422	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8423	switch (ctsio->cdb[0]) {
8424	case READ_6:
8425	case WRITE_6: {
8426		struct scsi_rw_6 *cdb;
8427
8428		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8429
8430		lba = scsi_3btoul(cdb->addr);
8431		/* only 5 bits are valid in the most significant address byte */
8432		lba &= 0x1fffff;
8433		num_blocks = cdb->length;
8434		/*
8435		 * This is correct according to SBC-2.
8436		 */
8437		if (num_blocks == 0)
8438			num_blocks = 256;
8439		break;
8440	}
8441	case READ_10:
8442	case WRITE_10: {
8443		struct scsi_rw_10 *cdb;
8444
8445		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8446		if (cdb->byte2 & SRW10_FUA)
8447			flags |= CTL_LLF_FUA;
8448		if (cdb->byte2 & SRW10_DPO)
8449			flags |= CTL_LLF_DPO;
8450		lba = scsi_4btoul(cdb->addr);
8451		num_blocks = scsi_2btoul(cdb->length);
8452		break;
8453	}
8454	case WRITE_VERIFY_10: {
8455		struct scsi_write_verify_10 *cdb;
8456
8457		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8458		flags |= CTL_LLF_FUA;
8459		if (cdb->byte2 & SWV_DPO)
8460			flags |= CTL_LLF_DPO;
8461		lba = scsi_4btoul(cdb->addr);
8462		num_blocks = scsi_2btoul(cdb->length);
8463		break;
8464	}
8465	case READ_12:
8466	case WRITE_12: {
8467		struct scsi_rw_12 *cdb;
8468
8469		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8470		if (cdb->byte2 & SRW12_FUA)
8471			flags |= CTL_LLF_FUA;
8472		if (cdb->byte2 & SRW12_DPO)
8473			flags |= CTL_LLF_DPO;
8474		lba = scsi_4btoul(cdb->addr);
8475		num_blocks = scsi_4btoul(cdb->length);
8476		break;
8477	}
8478	case WRITE_VERIFY_12: {
8479		struct scsi_write_verify_12 *cdb;
8480
8481		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8482		flags |= CTL_LLF_FUA;
8483		if (cdb->byte2 & SWV_DPO)
8484			flags |= CTL_LLF_DPO;
8485		lba = scsi_4btoul(cdb->addr);
8486		num_blocks = scsi_4btoul(cdb->length);
8487		break;
8488	}
8489	case READ_16:
8490	case WRITE_16: {
8491		struct scsi_rw_16 *cdb;
8492
8493		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8494		if (cdb->byte2 & SRW12_FUA)
8495			flags |= CTL_LLF_FUA;
8496		if (cdb->byte2 & SRW12_DPO)
8497			flags |= CTL_LLF_DPO;
8498		lba = scsi_8btou64(cdb->addr);
8499		num_blocks = scsi_4btoul(cdb->length);
8500		break;
8501	}
8502	case WRITE_ATOMIC_16: {
8503		struct scsi_rw_16 *cdb;
8504
8505		if (lun->be_lun->atomicblock == 0) {
8506			ctl_set_invalid_opcode(ctsio);
8507			ctl_done((union ctl_io *)ctsio);
8508			return (CTL_RETVAL_COMPLETE);
8509		}
8510
8511		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8512		if (cdb->byte2 & SRW12_FUA)
8513			flags |= CTL_LLF_FUA;
8514		if (cdb->byte2 & SRW12_DPO)
8515			flags |= CTL_LLF_DPO;
8516		lba = scsi_8btou64(cdb->addr);
8517		num_blocks = scsi_4btoul(cdb->length);
8518		if (num_blocks > lun->be_lun->atomicblock) {
8519			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8520			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8521			    /*bit*/ 0);
8522			ctl_done((union ctl_io *)ctsio);
8523			return (CTL_RETVAL_COMPLETE);
8524		}
8525		break;
8526	}
8527	case WRITE_VERIFY_16: {
8528		struct scsi_write_verify_16 *cdb;
8529
8530		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8531		flags |= CTL_LLF_FUA;
8532		if (cdb->byte2 & SWV_DPO)
8533			flags |= CTL_LLF_DPO;
8534		lba = scsi_8btou64(cdb->addr);
8535		num_blocks = scsi_4btoul(cdb->length);
8536		break;
8537	}
8538	default:
8539		/*
8540		 * We got a command we don't support.  This shouldn't
8541		 * happen, commands should be filtered out above us.
8542		 */
8543		ctl_set_invalid_opcode(ctsio);
8544		ctl_done((union ctl_io *)ctsio);
8545
8546		return (CTL_RETVAL_COMPLETE);
8547		break; /* NOTREACHED */
8548	}
8549
8550	/*
8551	 * The first check is to make sure we're in bounds, the second
8552	 * check is to catch wrap-around problems.  If the lba + num blocks
8553	 * is less than the lba, then we've wrapped around and the block
8554	 * range is invalid anyway.
8555	 */
8556	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8557	 || ((lba + num_blocks) < lba)) {
8558		ctl_set_lba_out_of_range(ctsio);
8559		ctl_done((union ctl_io *)ctsio);
8560		return (CTL_RETVAL_COMPLETE);
8561	}
8562
8563	/*
8564	 * According to SBC-3, a transfer length of 0 is not an error.
8565	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8566	 * translates to 256 blocks for those commands.
8567	 */
8568	if (num_blocks == 0) {
8569		ctl_set_success(ctsio);
8570		ctl_done((union ctl_io *)ctsio);
8571		return (CTL_RETVAL_COMPLETE);
8572	}
8573
8574	/* Set FUA and/or DPO if caches are disabled. */
8575	if (isread) {
8576		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8577		    SCP_RCD) != 0)
8578			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8579	} else {
8580		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8581		    SCP_WCE) == 0)
8582			flags |= CTL_LLF_FUA;
8583	}
8584
8585	lbalen = (struct ctl_lba_len_flags *)
8586	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8587	lbalen->lba = lba;
8588	lbalen->len = num_blocks;
8589	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8590
8591	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8592	ctsio->kern_rel_offset = 0;
8593
8594	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8595
8596	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8597
8598	return (retval);
8599}
8600
8601static int
8602ctl_cnw_cont(union ctl_io *io)
8603{
8604	struct ctl_scsiio *ctsio;
8605	struct ctl_lun *lun;
8606	struct ctl_lba_len_flags *lbalen;
8607	int retval;
8608
8609	ctsio = &io->scsiio;
8610	ctsio->io_hdr.status = CTL_STATUS_NONE;
8611	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8612	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8613	lbalen = (struct ctl_lba_len_flags *)
8614	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8615	lbalen->flags &= ~CTL_LLF_COMPARE;
8616	lbalen->flags |= CTL_LLF_WRITE;
8617
8618	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8619	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8620	return (retval);
8621}
8622
8623int
8624ctl_cnw(struct ctl_scsiio *ctsio)
8625{
8626	struct ctl_lun *lun;
8627	struct ctl_lba_len_flags *lbalen;
8628	uint64_t lba;
8629	uint32_t num_blocks;
8630	int flags, retval;
8631
8632	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8633
8634	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8635
8636	flags = 0;
8637	retval = CTL_RETVAL_COMPLETE;
8638
8639	switch (ctsio->cdb[0]) {
8640	case COMPARE_AND_WRITE: {
8641		struct scsi_compare_and_write *cdb;
8642
8643		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8644		if (cdb->byte2 & SRW10_FUA)
8645			flags |= CTL_LLF_FUA;
8646		if (cdb->byte2 & SRW10_DPO)
8647			flags |= CTL_LLF_DPO;
8648		lba = scsi_8btou64(cdb->addr);
8649		num_blocks = cdb->length;
8650		break;
8651	}
8652	default:
8653		/*
8654		 * We got a command we don't support.  This shouldn't
8655		 * happen, commands should be filtered out above us.
8656		 */
8657		ctl_set_invalid_opcode(ctsio);
8658		ctl_done((union ctl_io *)ctsio);
8659
8660		return (CTL_RETVAL_COMPLETE);
8661		break; /* NOTREACHED */
8662	}
8663
8664	/*
8665	 * The first check is to make sure we're in bounds, the second
8666	 * check is to catch wrap-around problems.  If the lba + num blocks
8667	 * is less than the lba, then we've wrapped around and the block
8668	 * range is invalid anyway.
8669	 */
8670	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8671	 || ((lba + num_blocks) < lba)) {
8672		ctl_set_lba_out_of_range(ctsio);
8673		ctl_done((union ctl_io *)ctsio);
8674		return (CTL_RETVAL_COMPLETE);
8675	}
8676
8677	/*
8678	 * According to SBC-3, a transfer length of 0 is not an error.
8679	 */
8680	if (num_blocks == 0) {
8681		ctl_set_success(ctsio);
8682		ctl_done((union ctl_io *)ctsio);
8683		return (CTL_RETVAL_COMPLETE);
8684	}
8685
8686	/* Set FUA if write cache is disabled. */
8687	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8688	    SCP_WCE) == 0)
8689		flags |= CTL_LLF_FUA;
8690
8691	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8692	ctsio->kern_rel_offset = 0;
8693
8694	/*
8695	 * Set the IO_CONT flag, so that if this I/O gets passed to
8696	 * ctl_data_submit_done(), it'll get passed back to
8697	 * ctl_ctl_cnw_cont() for further processing.
8698	 */
8699	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8700	ctsio->io_cont = ctl_cnw_cont;
8701
8702	lbalen = (struct ctl_lba_len_flags *)
8703	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8704	lbalen->lba = lba;
8705	lbalen->len = num_blocks;
8706	lbalen->flags = CTL_LLF_COMPARE | flags;
8707
8708	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8709	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8710	return (retval);
8711}
8712
8713int
8714ctl_verify(struct ctl_scsiio *ctsio)
8715{
8716	struct ctl_lun *lun;
8717	struct ctl_lba_len_flags *lbalen;
8718	uint64_t lba;
8719	uint32_t num_blocks;
8720	int bytchk, flags;
8721	int retval;
8722
8723	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8724
8725	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8726
8727	bytchk = 0;
8728	flags = CTL_LLF_FUA;
8729	retval = CTL_RETVAL_COMPLETE;
8730
8731	switch (ctsio->cdb[0]) {
8732	case VERIFY_10: {
8733		struct scsi_verify_10 *cdb;
8734
8735		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8736		if (cdb->byte2 & SVFY_BYTCHK)
8737			bytchk = 1;
8738		if (cdb->byte2 & SVFY_DPO)
8739			flags |= CTL_LLF_DPO;
8740		lba = scsi_4btoul(cdb->addr);
8741		num_blocks = scsi_2btoul(cdb->length);
8742		break;
8743	}
8744	case VERIFY_12: {
8745		struct scsi_verify_12 *cdb;
8746
8747		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8748		if (cdb->byte2 & SVFY_BYTCHK)
8749			bytchk = 1;
8750		if (cdb->byte2 & SVFY_DPO)
8751			flags |= CTL_LLF_DPO;
8752		lba = scsi_4btoul(cdb->addr);
8753		num_blocks = scsi_4btoul(cdb->length);
8754		break;
8755	}
8756	case VERIFY_16: {
8757		struct scsi_rw_16 *cdb;
8758
8759		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8760		if (cdb->byte2 & SVFY_BYTCHK)
8761			bytchk = 1;
8762		if (cdb->byte2 & SVFY_DPO)
8763			flags |= CTL_LLF_DPO;
8764		lba = scsi_8btou64(cdb->addr);
8765		num_blocks = scsi_4btoul(cdb->length);
8766		break;
8767	}
8768	default:
8769		/*
8770		 * We got a command we don't support.  This shouldn't
8771		 * happen, commands should be filtered out above us.
8772		 */
8773		ctl_set_invalid_opcode(ctsio);
8774		ctl_done((union ctl_io *)ctsio);
8775		return (CTL_RETVAL_COMPLETE);
8776	}
8777
8778	/*
8779	 * The first check is to make sure we're in bounds, the second
8780	 * check is to catch wrap-around problems.  If the lba + num blocks
8781	 * is less than the lba, then we've wrapped around and the block
8782	 * range is invalid anyway.
8783	 */
8784	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8785	 || ((lba + num_blocks) < lba)) {
8786		ctl_set_lba_out_of_range(ctsio);
8787		ctl_done((union ctl_io *)ctsio);
8788		return (CTL_RETVAL_COMPLETE);
8789	}
8790
8791	/*
8792	 * According to SBC-3, a transfer length of 0 is not an error.
8793	 */
8794	if (num_blocks == 0) {
8795		ctl_set_success(ctsio);
8796		ctl_done((union ctl_io *)ctsio);
8797		return (CTL_RETVAL_COMPLETE);
8798	}
8799
8800	lbalen = (struct ctl_lba_len_flags *)
8801	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8802	lbalen->lba = lba;
8803	lbalen->len = num_blocks;
8804	if (bytchk) {
8805		lbalen->flags = CTL_LLF_COMPARE | flags;
8806		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8807	} else {
8808		lbalen->flags = CTL_LLF_VERIFY | flags;
8809		ctsio->kern_total_len = 0;
8810	}
8811	ctsio->kern_rel_offset = 0;
8812
8813	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8814	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8815	return (retval);
8816}
8817
8818int
8819ctl_report_luns(struct ctl_scsiio *ctsio)
8820{
8821	struct ctl_softc *softc = control_softc;
8822	struct scsi_report_luns *cdb;
8823	struct scsi_report_luns_data *lun_data;
8824	struct ctl_lun *lun, *request_lun;
8825	struct ctl_port *port;
8826	int num_luns, retval;
8827	uint32_t alloc_len, lun_datalen;
8828	int num_filled, well_known;
8829	uint32_t initidx, targ_lun_id, lun_id;
8830
8831	retval = CTL_RETVAL_COMPLETE;
8832	well_known = 0;
8833
8834	cdb = (struct scsi_report_luns *)ctsio->cdb;
8835	port = ctl_io_port(&ctsio->io_hdr);
8836
8837	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8838
8839	mtx_lock(&softc->ctl_lock);
8840	num_luns = 0;
8841	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8842		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8843			num_luns++;
8844	}
8845	mtx_unlock(&softc->ctl_lock);
8846
8847	switch (cdb->select_report) {
8848	case RPL_REPORT_DEFAULT:
8849	case RPL_REPORT_ALL:
8850		break;
8851	case RPL_REPORT_WELLKNOWN:
8852		well_known = 1;
8853		num_luns = 0;
8854		break;
8855	default:
8856		ctl_set_invalid_field(ctsio,
8857				      /*sks_valid*/ 1,
8858				      /*command*/ 1,
8859				      /*field*/ 2,
8860				      /*bit_valid*/ 0,
8861				      /*bit*/ 0);
8862		ctl_done((union ctl_io *)ctsio);
8863		return (retval);
8864		break; /* NOTREACHED */
8865	}
8866
8867	alloc_len = scsi_4btoul(cdb->length);
8868	/*
8869	 * The initiator has to allocate at least 16 bytes for this request,
8870	 * so he can at least get the header and the first LUN.  Otherwise
8871	 * we reject the request (per SPC-3 rev 14, section 6.21).
8872	 */
8873	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
8874	    sizeof(struct scsi_report_luns_lundata))) {
8875		ctl_set_invalid_field(ctsio,
8876				      /*sks_valid*/ 1,
8877				      /*command*/ 1,
8878				      /*field*/ 6,
8879				      /*bit_valid*/ 0,
8880				      /*bit*/ 0);
8881		ctl_done((union ctl_io *)ctsio);
8882		return (retval);
8883	}
8884
8885	request_lun = (struct ctl_lun *)
8886		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8887
8888	lun_datalen = sizeof(*lun_data) +
8889		(num_luns * sizeof(struct scsi_report_luns_lundata));
8890
8891	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
8892	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
8893	ctsio->kern_sg_entries = 0;
8894
8895	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8896
8897	mtx_lock(&softc->ctl_lock);
8898	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
8899		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
8900		if (lun_id >= CTL_MAX_LUNS)
8901			continue;
8902		lun = softc->ctl_luns[lun_id];
8903		if (lun == NULL)
8904			continue;
8905
8906		if (targ_lun_id <= 0xff) {
8907			/*
8908			 * Peripheral addressing method, bus number 0.
8909			 */
8910			lun_data->luns[num_filled].lundata[0] =
8911				RPL_LUNDATA_ATYP_PERIPH;
8912			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
8913			num_filled++;
8914		} else if (targ_lun_id <= 0x3fff) {
8915			/*
8916			 * Flat addressing method.
8917			 */
8918			lun_data->luns[num_filled].lundata[0] =
8919				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
8920			lun_data->luns[num_filled].lundata[1] =
8921				(targ_lun_id & 0xff);
8922			num_filled++;
8923		} else if (targ_lun_id <= 0xffffff) {
8924			/*
8925			 * Extended flat addressing method.
8926			 */
8927			lun_data->luns[num_filled].lundata[0] =
8928			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
8929			scsi_ulto3b(targ_lun_id,
8930			    &lun_data->luns[num_filled].lundata[1]);
8931			num_filled++;
8932		} else {
8933			printf("ctl_report_luns: bogus LUN number %jd, "
8934			       "skipping\n", (intmax_t)targ_lun_id);
8935		}
8936		/*
8937		 * According to SPC-3, rev 14 section 6.21:
8938		 *
8939		 * "The execution of a REPORT LUNS command to any valid and
8940		 * installed logical unit shall clear the REPORTED LUNS DATA
8941		 * HAS CHANGED unit attention condition for all logical
8942		 * units of that target with respect to the requesting
8943		 * initiator. A valid and installed logical unit is one
8944		 * having a PERIPHERAL QUALIFIER of 000b in the standard
8945		 * INQUIRY data (see 6.4.2)."
8946		 *
8947		 * If request_lun is NULL, the LUN this report luns command
8948		 * was issued to is either disabled or doesn't exist. In that
8949		 * case, we shouldn't clear any pending lun change unit
8950		 * attention.
8951		 */
8952		if (request_lun != NULL) {
8953			mtx_lock(&lun->lun_lock);
8954			ctl_clr_ua(lun, initidx, CTL_UA_RES_RELEASE);
8955			mtx_unlock(&lun->lun_lock);
8956		}
8957	}
8958	mtx_unlock(&softc->ctl_lock);
8959
8960	/*
8961	 * It's quite possible that we've returned fewer LUNs than we allocated
8962	 * space for.  Trim it.
8963	 */
8964	lun_datalen = sizeof(*lun_data) +
8965		(num_filled * sizeof(struct scsi_report_luns_lundata));
8966
8967	if (lun_datalen < alloc_len) {
8968		ctsio->residual = alloc_len - lun_datalen;
8969		ctsio->kern_data_len = lun_datalen;
8970		ctsio->kern_total_len = lun_datalen;
8971	} else {
8972		ctsio->residual = 0;
8973		ctsio->kern_data_len = alloc_len;
8974		ctsio->kern_total_len = alloc_len;
8975	}
8976	ctsio->kern_data_resid = 0;
8977	ctsio->kern_rel_offset = 0;
8978	ctsio->kern_sg_entries = 0;
8979
8980	/*
8981	 * We set this to the actual data length, regardless of how much
8982	 * space we actually have to return results.  If the user looks at
8983	 * this value, he'll know whether or not he allocated enough space
8984	 * and reissue the command if necessary.  We don't support well
8985	 * known logical units, so if the user asks for that, return none.
8986	 */
8987	scsi_ulto4b(lun_datalen - 8, lun_data->length);
8988
8989	/*
8990	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
8991	 * this request.
8992	 */
8993	ctl_set_success(ctsio);
8994	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8995	ctsio->be_move_done = ctl_config_move_done;
8996	ctl_datamove((union ctl_io *)ctsio);
8997	return (retval);
8998}
8999
9000int
9001ctl_request_sense(struct ctl_scsiio *ctsio)
9002{
9003	struct scsi_request_sense *cdb;
9004	struct scsi_sense_data *sense_ptr;
9005	struct ctl_softc *ctl_softc;
9006	struct ctl_lun *lun;
9007	uint32_t initidx;
9008	int have_error;
9009	scsi_sense_data_type sense_format;
9010	ctl_ua_type ua_type;
9011
9012	cdb = (struct scsi_request_sense *)ctsio->cdb;
9013
9014	ctl_softc = control_softc;
9015	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9016
9017	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9018
9019	/*
9020	 * Determine which sense format the user wants.
9021	 */
9022	if (cdb->byte2 & SRS_DESC)
9023		sense_format = SSD_TYPE_DESC;
9024	else
9025		sense_format = SSD_TYPE_FIXED;
9026
9027	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9028	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9029	ctsio->kern_sg_entries = 0;
9030
9031	/*
9032	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9033	 * larger than the largest allowed value for the length field in the
9034	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9035	 */
9036	ctsio->residual = 0;
9037	ctsio->kern_data_len = cdb->length;
9038	ctsio->kern_total_len = cdb->length;
9039
9040	ctsio->kern_data_resid = 0;
9041	ctsio->kern_rel_offset = 0;
9042	ctsio->kern_sg_entries = 0;
9043
9044	/*
9045	 * If we don't have a LUN, we don't have any pending sense.
9046	 */
9047	if (lun == NULL)
9048		goto no_sense;
9049
9050	have_error = 0;
9051	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9052	/*
9053	 * Check for pending sense, and then for pending unit attentions.
9054	 * Pending sense gets returned first, then pending unit attentions.
9055	 */
9056	mtx_lock(&lun->lun_lock);
9057#ifdef CTL_WITH_CA
9058	if (ctl_is_set(lun->have_ca, initidx)) {
9059		scsi_sense_data_type stored_format;
9060
9061		/*
9062		 * Check to see which sense format was used for the stored
9063		 * sense data.
9064		 */
9065		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9066
9067		/*
9068		 * If the user requested a different sense format than the
9069		 * one we stored, then we need to convert it to the other
9070		 * format.  If we're going from descriptor to fixed format
9071		 * sense data, we may lose things in translation, depending
9072		 * on what options were used.
9073		 *
9074		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9075		 * for some reason we'll just copy it out as-is.
9076		 */
9077		if ((stored_format == SSD_TYPE_FIXED)
9078		 && (sense_format == SSD_TYPE_DESC))
9079			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9080			    &lun->pending_sense[initidx],
9081			    (struct scsi_sense_data_desc *)sense_ptr);
9082		else if ((stored_format == SSD_TYPE_DESC)
9083		      && (sense_format == SSD_TYPE_FIXED))
9084			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9085			    &lun->pending_sense[initidx],
9086			    (struct scsi_sense_data_fixed *)sense_ptr);
9087		else
9088			memcpy(sense_ptr, &lun->pending_sense[initidx],
9089			       MIN(sizeof(*sense_ptr),
9090			       sizeof(lun->pending_sense[initidx])));
9091
9092		ctl_clear_mask(lun->have_ca, initidx);
9093		have_error = 1;
9094	} else
9095#endif
9096	{
9097		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9098		if (ua_type != CTL_UA_NONE)
9099			have_error = 1;
9100		if (ua_type == CTL_UA_LUN_CHANGE) {
9101			mtx_unlock(&lun->lun_lock);
9102			mtx_lock(&ctl_softc->ctl_lock);
9103			ctl_clear_ua(ctl_softc, initidx, ua_type);
9104			mtx_unlock(&ctl_softc->ctl_lock);
9105			mtx_lock(&lun->lun_lock);
9106		}
9107
9108	}
9109	mtx_unlock(&lun->lun_lock);
9110
9111	/*
9112	 * We already have a pending error, return it.
9113	 */
9114	if (have_error != 0) {
9115		/*
9116		 * We report the SCSI status as OK, since the status of the
9117		 * request sense command itself is OK.
9118		 * We report 0 for the sense length, because we aren't doing
9119		 * autosense in this case.  We're reporting sense as
9120		 * parameter data.
9121		 */
9122		ctl_set_success(ctsio);
9123		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9124		ctsio->be_move_done = ctl_config_move_done;
9125		ctl_datamove((union ctl_io *)ctsio);
9126		return (CTL_RETVAL_COMPLETE);
9127	}
9128
9129no_sense:
9130
9131	/*
9132	 * No sense information to report, so we report that everything is
9133	 * okay.
9134	 */
9135	ctl_set_sense_data(sense_ptr,
9136			   lun,
9137			   sense_format,
9138			   /*current_error*/ 1,
9139			   /*sense_key*/ SSD_KEY_NO_SENSE,
9140			   /*asc*/ 0x00,
9141			   /*ascq*/ 0x00,
9142			   SSD_ELEM_NONE);
9143
9144	/*
9145	 * We report 0 for the sense length, because we aren't doing
9146	 * autosense in this case.  We're reporting sense as parameter data.
9147	 */
9148	ctl_set_success(ctsio);
9149	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9150	ctsio->be_move_done = ctl_config_move_done;
9151	ctl_datamove((union ctl_io *)ctsio);
9152	return (CTL_RETVAL_COMPLETE);
9153}
9154
9155int
9156ctl_tur(struct ctl_scsiio *ctsio)
9157{
9158
9159	CTL_DEBUG_PRINT(("ctl_tur\n"));
9160
9161	ctl_set_success(ctsio);
9162	ctl_done((union ctl_io *)ctsio);
9163
9164	return (CTL_RETVAL_COMPLETE);
9165}
9166
9167#ifdef notyet
9168static int
9169ctl_cmddt_inquiry(struct ctl_scsiio *ctsio)
9170{
9171
9172}
9173#endif
9174
9175/*
9176 * SCSI VPD page 0x00, the Supported VPD Pages page.
9177 */
9178static int
9179ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9180{
9181	struct scsi_vpd_supported_pages *pages;
9182	int sup_page_size;
9183	struct ctl_lun *lun;
9184	int p;
9185
9186	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9187
9188	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9189	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9190	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9191	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9192	ctsio->kern_sg_entries = 0;
9193
9194	if (sup_page_size < alloc_len) {
9195		ctsio->residual = alloc_len - sup_page_size;
9196		ctsio->kern_data_len = sup_page_size;
9197		ctsio->kern_total_len = sup_page_size;
9198	} else {
9199		ctsio->residual = 0;
9200		ctsio->kern_data_len = alloc_len;
9201		ctsio->kern_total_len = alloc_len;
9202	}
9203	ctsio->kern_data_resid = 0;
9204	ctsio->kern_rel_offset = 0;
9205	ctsio->kern_sg_entries = 0;
9206
9207	/*
9208	 * The control device is always connected.  The disk device, on the
9209	 * other hand, may not be online all the time.  Need to change this
9210	 * to figure out whether the disk device is actually online or not.
9211	 */
9212	if (lun != NULL)
9213		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9214				lun->be_lun->lun_type;
9215	else
9216		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9217
9218	p = 0;
9219	/* Supported VPD pages */
9220	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9221	/* Serial Number */
9222	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9223	/* Device Identification */
9224	pages->page_list[p++] = SVPD_DEVICE_ID;
9225	/* Extended INQUIRY Data */
9226	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9227	/* Mode Page Policy */
9228	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9229	/* SCSI Ports */
9230	pages->page_list[p++] = SVPD_SCSI_PORTS;
9231	/* Third-party Copy */
9232	pages->page_list[p++] = SVPD_SCSI_TPC;
9233	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9234		/* Block limits */
9235		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9236		/* Block Device Characteristics */
9237		pages->page_list[p++] = SVPD_BDC;
9238		/* Logical Block Provisioning */
9239		pages->page_list[p++] = SVPD_LBP;
9240	}
9241	pages->length = p;
9242
9243	ctl_set_success(ctsio);
9244	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9245	ctsio->be_move_done = ctl_config_move_done;
9246	ctl_datamove((union ctl_io *)ctsio);
9247	return (CTL_RETVAL_COMPLETE);
9248}
9249
9250/*
9251 * SCSI VPD page 0x80, the Unit Serial Number page.
9252 */
9253static int
9254ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9255{
9256	struct scsi_vpd_unit_serial_number *sn_ptr;
9257	struct ctl_lun *lun;
9258	int data_len;
9259
9260	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9261
9262	data_len = 4 + CTL_SN_LEN;
9263	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9264	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9265	if (data_len < alloc_len) {
9266		ctsio->residual = alloc_len - data_len;
9267		ctsio->kern_data_len = data_len;
9268		ctsio->kern_total_len = data_len;
9269	} else {
9270		ctsio->residual = 0;
9271		ctsio->kern_data_len = alloc_len;
9272		ctsio->kern_total_len = alloc_len;
9273	}
9274	ctsio->kern_data_resid = 0;
9275	ctsio->kern_rel_offset = 0;
9276	ctsio->kern_sg_entries = 0;
9277
9278	/*
9279	 * The control device is always connected.  The disk device, on the
9280	 * other hand, may not be online all the time.  Need to change this
9281	 * to figure out whether the disk device is actually online or not.
9282	 */
9283	if (lun != NULL)
9284		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9285				  lun->be_lun->lun_type;
9286	else
9287		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9288
9289	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9290	sn_ptr->length = CTL_SN_LEN;
9291	/*
9292	 * If we don't have a LUN, we just leave the serial number as
9293	 * all spaces.
9294	 */
9295	if (lun != NULL) {
9296		strncpy((char *)sn_ptr->serial_num,
9297			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9298	} else
9299		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9300
9301	ctl_set_success(ctsio);
9302	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9303	ctsio->be_move_done = ctl_config_move_done;
9304	ctl_datamove((union ctl_io *)ctsio);
9305	return (CTL_RETVAL_COMPLETE);
9306}
9307
9308
9309/*
9310 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9311 */
9312static int
9313ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9314{
9315	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9316	struct ctl_lun *lun;
9317	int data_len;
9318
9319	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9320
9321	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9322	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9323	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9324	ctsio->kern_sg_entries = 0;
9325
9326	if (data_len < alloc_len) {
9327		ctsio->residual = alloc_len - data_len;
9328		ctsio->kern_data_len = data_len;
9329		ctsio->kern_total_len = data_len;
9330	} else {
9331		ctsio->residual = 0;
9332		ctsio->kern_data_len = alloc_len;
9333		ctsio->kern_total_len = alloc_len;
9334	}
9335	ctsio->kern_data_resid = 0;
9336	ctsio->kern_rel_offset = 0;
9337	ctsio->kern_sg_entries = 0;
9338
9339	/*
9340	 * The control device is always connected.  The disk device, on the
9341	 * other hand, may not be online all the time.
9342	 */
9343	if (lun != NULL)
9344		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9345				     lun->be_lun->lun_type;
9346	else
9347		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9348	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9349	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9350	/*
9351	 * We support head of queue, ordered and simple tags.
9352	 */
9353	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9354	/*
9355	 * Volatile cache supported.
9356	 */
9357	eid_ptr->flags3 = SVPD_EID_V_SUP;
9358
9359	/*
9360	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9361	 * attention for a particular IT nexus on all LUNs once we report
9362	 * it to that nexus once.  This bit is required as of SPC-4.
9363	 */
9364	eid_ptr->flags4 = SVPD_EID_LUICLT;
9365
9366	/*
9367	 * XXX KDM in order to correctly answer this, we would need
9368	 * information from the SIM to determine how much sense data it
9369	 * can send.  So this would really be a path inquiry field, most
9370	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9371	 * but the hardware may or may not be able to support that much.
9372	 * 0 just means that the maximum sense data length is not reported.
9373	 */
9374	eid_ptr->max_sense_length = 0;
9375
9376	ctl_set_success(ctsio);
9377	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9378	ctsio->be_move_done = ctl_config_move_done;
9379	ctl_datamove((union ctl_io *)ctsio);
9380	return (CTL_RETVAL_COMPLETE);
9381}
9382
9383static int
9384ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9385{
9386	struct scsi_vpd_mode_page_policy *mpp_ptr;
9387	struct ctl_lun *lun;
9388	int data_len;
9389
9390	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9391
9392	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9393	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9394
9395	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9396	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9397	ctsio->kern_sg_entries = 0;
9398
9399	if (data_len < alloc_len) {
9400		ctsio->residual = alloc_len - data_len;
9401		ctsio->kern_data_len = data_len;
9402		ctsio->kern_total_len = data_len;
9403	} else {
9404		ctsio->residual = 0;
9405		ctsio->kern_data_len = alloc_len;
9406		ctsio->kern_total_len = alloc_len;
9407	}
9408	ctsio->kern_data_resid = 0;
9409	ctsio->kern_rel_offset = 0;
9410	ctsio->kern_sg_entries = 0;
9411
9412	/*
9413	 * The control device is always connected.  The disk device, on the
9414	 * other hand, may not be online all the time.
9415	 */
9416	if (lun != NULL)
9417		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9418				     lun->be_lun->lun_type;
9419	else
9420		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9421	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9422	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9423	mpp_ptr->descr[0].page_code = 0x3f;
9424	mpp_ptr->descr[0].subpage_code = 0xff;
9425	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9426
9427	ctl_set_success(ctsio);
9428	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9429	ctsio->be_move_done = ctl_config_move_done;
9430	ctl_datamove((union ctl_io *)ctsio);
9431	return (CTL_RETVAL_COMPLETE);
9432}
9433
9434/*
9435 * SCSI VPD page 0x83, the Device Identification page.
9436 */
9437static int
9438ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9439{
9440	struct scsi_vpd_device_id *devid_ptr;
9441	struct scsi_vpd_id_descriptor *desc;
9442	struct ctl_softc *softc;
9443	struct ctl_lun *lun;
9444	struct ctl_port *port;
9445	int data_len;
9446	uint8_t proto;
9447
9448	softc = control_softc;
9449
9450	port = softc->ctl_ports[ctl_port_idx(ctsio->io_hdr.nexus.targ_port)];
9451	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9452
9453	data_len = sizeof(struct scsi_vpd_device_id) +
9454	    sizeof(struct scsi_vpd_id_descriptor) +
9455		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9456	    sizeof(struct scsi_vpd_id_descriptor) +
9457		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9458	if (lun && lun->lun_devid)
9459		data_len += lun->lun_devid->len;
9460	if (port->port_devid)
9461		data_len += port->port_devid->len;
9462	if (port->target_devid)
9463		data_len += port->target_devid->len;
9464
9465	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9466	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9467	ctsio->kern_sg_entries = 0;
9468
9469	if (data_len < alloc_len) {
9470		ctsio->residual = alloc_len - data_len;
9471		ctsio->kern_data_len = data_len;
9472		ctsio->kern_total_len = data_len;
9473	} else {
9474		ctsio->residual = 0;
9475		ctsio->kern_data_len = alloc_len;
9476		ctsio->kern_total_len = alloc_len;
9477	}
9478	ctsio->kern_data_resid = 0;
9479	ctsio->kern_rel_offset = 0;
9480	ctsio->kern_sg_entries = 0;
9481
9482	/*
9483	 * The control device is always connected.  The disk device, on the
9484	 * other hand, may not be online all the time.
9485	 */
9486	if (lun != NULL)
9487		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9488				     lun->be_lun->lun_type;
9489	else
9490		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9491	devid_ptr->page_code = SVPD_DEVICE_ID;
9492	scsi_ulto2b(data_len - 4, devid_ptr->length);
9493
9494	if (port->port_type == CTL_PORT_FC)
9495		proto = SCSI_PROTO_FC << 4;
9496	else if (port->port_type == CTL_PORT_ISCSI)
9497		proto = SCSI_PROTO_ISCSI << 4;
9498	else
9499		proto = SCSI_PROTO_SPI << 4;
9500	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9501
9502	/*
9503	 * We're using a LUN association here.  i.e., this device ID is a
9504	 * per-LUN identifier.
9505	 */
9506	if (lun && lun->lun_devid) {
9507		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9508		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9509		    lun->lun_devid->len);
9510	}
9511
9512	/*
9513	 * This is for the WWPN which is a port association.
9514	 */
9515	if (port->port_devid) {
9516		memcpy(desc, port->port_devid->data, port->port_devid->len);
9517		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9518		    port->port_devid->len);
9519	}
9520
9521	/*
9522	 * This is for the Relative Target Port(type 4h) identifier
9523	 */
9524	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9525	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9526	    SVPD_ID_TYPE_RELTARG;
9527	desc->length = 4;
9528	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9529	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9530	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9531
9532	/*
9533	 * This is for the Target Port Group(type 5h) identifier
9534	 */
9535	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9536	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9537	    SVPD_ID_TYPE_TPORTGRP;
9538	desc->length = 4;
9539	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / CTL_MAX_PORTS + 1,
9540	    &desc->identifier[2]);
9541	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9542	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9543
9544	/*
9545	 * This is for the Target identifier
9546	 */
9547	if (port->target_devid) {
9548		memcpy(desc, port->target_devid->data, port->target_devid->len);
9549	}
9550
9551	ctl_set_success(ctsio);
9552	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9553	ctsio->be_move_done = ctl_config_move_done;
9554	ctl_datamove((union ctl_io *)ctsio);
9555	return (CTL_RETVAL_COMPLETE);
9556}
9557
9558static int
9559ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9560{
9561	struct ctl_softc *softc = control_softc;
9562	struct scsi_vpd_scsi_ports *sp;
9563	struct scsi_vpd_port_designation *pd;
9564	struct scsi_vpd_port_designation_cont *pdc;
9565	struct ctl_lun *lun;
9566	struct ctl_port *port;
9567	int data_len, num_target_ports, iid_len, id_len, g, pg, p;
9568	int num_target_port_groups;
9569
9570	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9571
9572	if (softc->is_single)
9573		num_target_port_groups = 1;
9574	else
9575		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
9576	num_target_ports = 0;
9577	iid_len = 0;
9578	id_len = 0;
9579	mtx_lock(&softc->ctl_lock);
9580	STAILQ_FOREACH(port, &softc->port_list, links) {
9581		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9582			continue;
9583		if (lun != NULL &&
9584		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9585			continue;
9586		num_target_ports++;
9587		if (port->init_devid)
9588			iid_len += port->init_devid->len;
9589		if (port->port_devid)
9590			id_len += port->port_devid->len;
9591	}
9592	mtx_unlock(&softc->ctl_lock);
9593
9594	data_len = sizeof(struct scsi_vpd_scsi_ports) + num_target_port_groups *
9595	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9596	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9597	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9598	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9599	ctsio->kern_sg_entries = 0;
9600
9601	if (data_len < alloc_len) {
9602		ctsio->residual = alloc_len - data_len;
9603		ctsio->kern_data_len = data_len;
9604		ctsio->kern_total_len = data_len;
9605	} else {
9606		ctsio->residual = 0;
9607		ctsio->kern_data_len = alloc_len;
9608		ctsio->kern_total_len = alloc_len;
9609	}
9610	ctsio->kern_data_resid = 0;
9611	ctsio->kern_rel_offset = 0;
9612	ctsio->kern_sg_entries = 0;
9613
9614	/*
9615	 * The control device is always connected.  The disk device, on the
9616	 * other hand, may not be online all the time.  Need to change this
9617	 * to figure out whether the disk device is actually online or not.
9618	 */
9619	if (lun != NULL)
9620		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9621				  lun->be_lun->lun_type;
9622	else
9623		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9624
9625	sp->page_code = SVPD_SCSI_PORTS;
9626	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9627	    sp->page_length);
9628	pd = &sp->design[0];
9629
9630	mtx_lock(&softc->ctl_lock);
9631	pg = softc->port_offset / CTL_MAX_PORTS;
9632	for (g = 0; g < num_target_port_groups; g++) {
9633		STAILQ_FOREACH(port, &softc->port_list, links) {
9634			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9635				continue;
9636			if (lun != NULL &&
9637			    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9638				continue;
9639			p = port->targ_port % CTL_MAX_PORTS + g * CTL_MAX_PORTS;
9640			scsi_ulto2b(p, pd->relative_port_id);
9641			if (port->init_devid && g == pg) {
9642				iid_len = port->init_devid->len;
9643				memcpy(pd->initiator_transportid,
9644				    port->init_devid->data, port->init_devid->len);
9645			} else
9646				iid_len = 0;
9647			scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9648			pdc = (struct scsi_vpd_port_designation_cont *)
9649			    (&pd->initiator_transportid[iid_len]);
9650			if (port->port_devid && g == pg) {
9651				id_len = port->port_devid->len;
9652				memcpy(pdc->target_port_descriptors,
9653				    port->port_devid->data, port->port_devid->len);
9654			} else
9655				id_len = 0;
9656			scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9657			pd = (struct scsi_vpd_port_designation *)
9658			    ((uint8_t *)pdc->target_port_descriptors + id_len);
9659		}
9660	}
9661	mtx_unlock(&softc->ctl_lock);
9662
9663	ctl_set_success(ctsio);
9664	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9665	ctsio->be_move_done = ctl_config_move_done;
9666	ctl_datamove((union ctl_io *)ctsio);
9667	return (CTL_RETVAL_COMPLETE);
9668}
9669
9670static int
9671ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9672{
9673	struct scsi_vpd_block_limits *bl_ptr;
9674	struct ctl_lun *lun;
9675	int bs;
9676
9677	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9678
9679	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9680	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9681	ctsio->kern_sg_entries = 0;
9682
9683	if (sizeof(*bl_ptr) < alloc_len) {
9684		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9685		ctsio->kern_data_len = sizeof(*bl_ptr);
9686		ctsio->kern_total_len = sizeof(*bl_ptr);
9687	} else {
9688		ctsio->residual = 0;
9689		ctsio->kern_data_len = alloc_len;
9690		ctsio->kern_total_len = alloc_len;
9691	}
9692	ctsio->kern_data_resid = 0;
9693	ctsio->kern_rel_offset = 0;
9694	ctsio->kern_sg_entries = 0;
9695
9696	/*
9697	 * The control device is always connected.  The disk device, on the
9698	 * other hand, may not be online all the time.  Need to change this
9699	 * to figure out whether the disk device is actually online or not.
9700	 */
9701	if (lun != NULL)
9702		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9703				  lun->be_lun->lun_type;
9704	else
9705		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9706
9707	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9708	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9709	bl_ptr->max_cmp_write_len = 0xff;
9710	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9711	if (lun != NULL) {
9712		bs = lun->be_lun->blocksize;
9713		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9714		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9715			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9716			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9717			if (lun->be_lun->ublockexp != 0) {
9718				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9719				    bl_ptr->opt_unmap_grain);
9720				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9721				    bl_ptr->unmap_grain_align);
9722			}
9723		}
9724		scsi_ulto4b(lun->be_lun->atomicblock,
9725		    bl_ptr->max_atomic_transfer_length);
9726		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9727		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9728	}
9729	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9730
9731	ctl_set_success(ctsio);
9732	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9733	ctsio->be_move_done = ctl_config_move_done;
9734	ctl_datamove((union ctl_io *)ctsio);
9735	return (CTL_RETVAL_COMPLETE);
9736}
9737
9738static int
9739ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9740{
9741	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9742	struct ctl_lun *lun;
9743	const char *value;
9744	u_int i;
9745
9746	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9747
9748	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9749	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9750	ctsio->kern_sg_entries = 0;
9751
9752	if (sizeof(*bdc_ptr) < alloc_len) {
9753		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9754		ctsio->kern_data_len = sizeof(*bdc_ptr);
9755		ctsio->kern_total_len = sizeof(*bdc_ptr);
9756	} else {
9757		ctsio->residual = 0;
9758		ctsio->kern_data_len = alloc_len;
9759		ctsio->kern_total_len = alloc_len;
9760	}
9761	ctsio->kern_data_resid = 0;
9762	ctsio->kern_rel_offset = 0;
9763	ctsio->kern_sg_entries = 0;
9764
9765	/*
9766	 * The control device is always connected.  The disk device, on the
9767	 * other hand, may not be online all the time.  Need to change this
9768	 * to figure out whether the disk device is actually online or not.
9769	 */
9770	if (lun != NULL)
9771		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9772				  lun->be_lun->lun_type;
9773	else
9774		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9775	bdc_ptr->page_code = SVPD_BDC;
9776	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9777	if (lun != NULL &&
9778	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9779		i = strtol(value, NULL, 0);
9780	else
9781		i = CTL_DEFAULT_ROTATION_RATE;
9782	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9783	if (lun != NULL &&
9784	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9785		i = strtol(value, NULL, 0);
9786	else
9787		i = 0;
9788	bdc_ptr->wab_wac_ff = (i & 0x0f);
9789	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9790
9791	ctl_set_success(ctsio);
9792	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9793	ctsio->be_move_done = ctl_config_move_done;
9794	ctl_datamove((union ctl_io *)ctsio);
9795	return (CTL_RETVAL_COMPLETE);
9796}
9797
9798static int
9799ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9800{
9801	struct scsi_vpd_logical_block_prov *lbp_ptr;
9802	struct ctl_lun *lun;
9803
9804	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9805
9806	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9807	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9808	ctsio->kern_sg_entries = 0;
9809
9810	if (sizeof(*lbp_ptr) < alloc_len) {
9811		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9812		ctsio->kern_data_len = sizeof(*lbp_ptr);
9813		ctsio->kern_total_len = sizeof(*lbp_ptr);
9814	} else {
9815		ctsio->residual = 0;
9816		ctsio->kern_data_len = alloc_len;
9817		ctsio->kern_total_len = alloc_len;
9818	}
9819	ctsio->kern_data_resid = 0;
9820	ctsio->kern_rel_offset = 0;
9821	ctsio->kern_sg_entries = 0;
9822
9823	/*
9824	 * The control device is always connected.  The disk device, on the
9825	 * other hand, may not be online all the time.  Need to change this
9826	 * to figure out whether the disk device is actually online or not.
9827	 */
9828	if (lun != NULL)
9829		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9830				  lun->be_lun->lun_type;
9831	else
9832		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9833
9834	lbp_ptr->page_code = SVPD_LBP;
9835	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9836	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9837	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9838		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9839		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9840		lbp_ptr->prov_type = SVPD_LBP_THIN;
9841	}
9842
9843	ctl_set_success(ctsio);
9844	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9845	ctsio->be_move_done = ctl_config_move_done;
9846	ctl_datamove((union ctl_io *)ctsio);
9847	return (CTL_RETVAL_COMPLETE);
9848}
9849
9850/*
9851 * INQUIRY with the EVPD bit set.
9852 */
9853static int
9854ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9855{
9856	struct ctl_lun *lun;
9857	struct scsi_inquiry *cdb;
9858	int alloc_len, retval;
9859
9860	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9861	cdb = (struct scsi_inquiry *)ctsio->cdb;
9862	alloc_len = scsi_2btoul(cdb->length);
9863
9864	switch (cdb->page_code) {
9865	case SVPD_SUPPORTED_PAGES:
9866		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9867		break;
9868	case SVPD_UNIT_SERIAL_NUMBER:
9869		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9870		break;
9871	case SVPD_DEVICE_ID:
9872		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9873		break;
9874	case SVPD_EXTENDED_INQUIRY_DATA:
9875		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9876		break;
9877	case SVPD_MODE_PAGE_POLICY:
9878		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9879		break;
9880	case SVPD_SCSI_PORTS:
9881		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9882		break;
9883	case SVPD_SCSI_TPC:
9884		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9885		break;
9886	case SVPD_BLOCK_LIMITS:
9887		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9888			goto err;
9889		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9890		break;
9891	case SVPD_BDC:
9892		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9893			goto err;
9894		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9895		break;
9896	case SVPD_LBP:
9897		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9898			goto err;
9899		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9900		break;
9901	default:
9902err:
9903		ctl_set_invalid_field(ctsio,
9904				      /*sks_valid*/ 1,
9905				      /*command*/ 1,
9906				      /*field*/ 2,
9907				      /*bit_valid*/ 0,
9908				      /*bit*/ 0);
9909		ctl_done((union ctl_io *)ctsio);
9910		retval = CTL_RETVAL_COMPLETE;
9911		break;
9912	}
9913
9914	return (retval);
9915}
9916
9917/*
9918 * Standard INQUIRY data.
9919 */
9920static int
9921ctl_inquiry_std(struct ctl_scsiio *ctsio)
9922{
9923	struct scsi_inquiry_data *inq_ptr;
9924	struct scsi_inquiry *cdb;
9925	struct ctl_softc *softc;
9926	struct ctl_lun *lun;
9927	char *val;
9928	uint32_t alloc_len, data_len;
9929	ctl_port_type port_type;
9930
9931	softc = control_softc;
9932
9933	/*
9934	 * Figure out whether we're talking to a Fibre Channel port or not.
9935	 * We treat the ioctl front end, and any SCSI adapters, as packetized
9936	 * SCSI front ends.
9937	 */
9938	port_type = softc->ctl_ports[
9939	    ctl_port_idx(ctsio->io_hdr.nexus.targ_port)]->port_type;
9940	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
9941		port_type = CTL_PORT_SCSI;
9942
9943	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9944	cdb = (struct scsi_inquiry *)ctsio->cdb;
9945	alloc_len = scsi_2btoul(cdb->length);
9946
9947	/*
9948	 * We malloc the full inquiry data size here and fill it
9949	 * in.  If the user only asks for less, we'll give him
9950	 * that much.
9951	 */
9952	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
9953	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9954	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
9955	ctsio->kern_sg_entries = 0;
9956	ctsio->kern_data_resid = 0;
9957	ctsio->kern_rel_offset = 0;
9958
9959	if (data_len < alloc_len) {
9960		ctsio->residual = alloc_len - data_len;
9961		ctsio->kern_data_len = data_len;
9962		ctsio->kern_total_len = data_len;
9963	} else {
9964		ctsio->residual = 0;
9965		ctsio->kern_data_len = alloc_len;
9966		ctsio->kern_total_len = alloc_len;
9967	}
9968
9969	/*
9970	 * If we have a LUN configured, report it as connected.  Otherwise,
9971	 * report that it is offline or no device is supported, depending
9972	 * on the value of inquiry_pq_no_lun.
9973	 *
9974	 * According to the spec (SPC-4 r34), the peripheral qualifier
9975	 * SID_QUAL_LU_OFFLINE (001b) is used in the following scenario:
9976	 *
9977	 * "A peripheral device having the specified peripheral device type
9978	 * is not connected to this logical unit. However, the device
9979	 * server is capable of supporting the specified peripheral device
9980	 * type on this logical unit."
9981	 *
9982	 * According to the same spec, the peripheral qualifier
9983	 * SID_QUAL_BAD_LU (011b) is used in this scenario:
9984	 *
9985	 * "The device server is not capable of supporting a peripheral
9986	 * device on this logical unit. For this peripheral qualifier the
9987	 * peripheral device type shall be set to 1Fh. All other peripheral
9988	 * device type values are reserved for this peripheral qualifier."
9989	 *
9990	 * Given the text, it would seem that we probably want to report that
9991	 * the LUN is offline here.  There is no LUN connected, but we can
9992	 * support a LUN at the given LUN number.
9993	 *
9994	 * In the real world, though, it sounds like things are a little
9995	 * different:
9996	 *
9997	 * - Linux, when presented with a LUN with the offline peripheral
9998	 *   qualifier, will create an sg driver instance for it.  So when
9999	 *   you attach it to CTL, you wind up with a ton of sg driver
10000	 *   instances.  (One for every LUN that Linux bothered to probe.)
10001	 *   Linux does this despite the fact that it issues a REPORT LUNs
10002	 *   to LUN 0 to get the inventory of supported LUNs.
10003	 *
10004	 * - There is other anecdotal evidence (from Emulex folks) about
10005	 *   arrays that use the offline peripheral qualifier for LUNs that
10006	 *   are on the "passive" path in an active/passive array.
10007	 *
10008	 * So the solution is provide a hopefully reasonable default
10009	 * (return bad/no LUN) and allow the user to change the behavior
10010	 * with a tunable/sysctl variable.
10011	 */
10012	if (lun != NULL)
10013		inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10014				  lun->be_lun->lun_type;
10015	else if (softc->inquiry_pq_no_lun == 0)
10016		inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10017	else
10018		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10019
10020	/* RMB in byte 2 is 0 */
10021	inq_ptr->version = SCSI_REV_SPC4;
10022
10023	/*
10024	 * According to SAM-3, even if a device only supports a single
10025	 * level of LUN addressing, it should still set the HISUP bit:
10026	 *
10027	 * 4.9.1 Logical unit numbers overview
10028	 *
10029	 * All logical unit number formats described in this standard are
10030	 * hierarchical in structure even when only a single level in that
10031	 * hierarchy is used. The HISUP bit shall be set to one in the
10032	 * standard INQUIRY data (see SPC-2) when any logical unit number
10033	 * format described in this standard is used.  Non-hierarchical
10034	 * formats are outside the scope of this standard.
10035	 *
10036	 * Therefore we set the HiSup bit here.
10037	 *
10038	 * The reponse format is 2, per SPC-3.
10039	 */
10040	inq_ptr->response_format = SID_HiSup | 2;
10041
10042	inq_ptr->additional_length = data_len -
10043	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10044	CTL_DEBUG_PRINT(("additional_length = %d\n",
10045			 inq_ptr->additional_length));
10046
10047	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10048	/* 16 bit addressing */
10049	if (port_type == CTL_PORT_SCSI)
10050		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10051	/* XXX set the SID_MultiP bit here if we're actually going to
10052	   respond on multiple ports */
10053	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10054
10055	/* 16 bit data bus, synchronous transfers */
10056	if (port_type == CTL_PORT_SCSI)
10057		inq_ptr->flags = SID_WBus16 | SID_Sync;
10058	/*
10059	 * XXX KDM do we want to support tagged queueing on the control
10060	 * device at all?
10061	 */
10062	if ((lun == NULL)
10063	 || (lun->be_lun->lun_type != T_PROCESSOR))
10064		inq_ptr->flags |= SID_CmdQue;
10065	/*
10066	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10067	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10068	 * name and 4 bytes for the revision.
10069	 */
10070	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10071	    "vendor")) == NULL) {
10072		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10073	} else {
10074		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10075		strncpy(inq_ptr->vendor, val,
10076		    min(sizeof(inq_ptr->vendor), strlen(val)));
10077	}
10078	if (lun == NULL) {
10079		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10080		    sizeof(inq_ptr->product));
10081	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10082		switch (lun->be_lun->lun_type) {
10083		case T_DIRECT:
10084			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10085			    sizeof(inq_ptr->product));
10086			break;
10087		case T_PROCESSOR:
10088			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10089			    sizeof(inq_ptr->product));
10090			break;
10091		default:
10092			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10093			    sizeof(inq_ptr->product));
10094			break;
10095		}
10096	} else {
10097		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10098		strncpy(inq_ptr->product, val,
10099		    min(sizeof(inq_ptr->product), strlen(val)));
10100	}
10101
10102	/*
10103	 * XXX make this a macro somewhere so it automatically gets
10104	 * incremented when we make changes.
10105	 */
10106	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10107	    "revision")) == NULL) {
10108		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10109	} else {
10110		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10111		strncpy(inq_ptr->revision, val,
10112		    min(sizeof(inq_ptr->revision), strlen(val)));
10113	}
10114
10115	/*
10116	 * For parallel SCSI, we support double transition and single
10117	 * transition clocking.  We also support QAS (Quick Arbitration
10118	 * and Selection) and Information Unit transfers on both the
10119	 * control and array devices.
10120	 */
10121	if (port_type == CTL_PORT_SCSI)
10122		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10123				    SID_SPI_IUS;
10124
10125	/* SAM-5 (no version claimed) */
10126	scsi_ulto2b(0x00A0, inq_ptr->version1);
10127	/* SPC-4 (no version claimed) */
10128	scsi_ulto2b(0x0460, inq_ptr->version2);
10129	if (port_type == CTL_PORT_FC) {
10130		/* FCP-2 ANSI INCITS.350:2003 */
10131		scsi_ulto2b(0x0917, inq_ptr->version3);
10132	} else if (port_type == CTL_PORT_SCSI) {
10133		/* SPI-4 ANSI INCITS.362:200x */
10134		scsi_ulto2b(0x0B56, inq_ptr->version3);
10135	} else if (port_type == CTL_PORT_ISCSI) {
10136		/* iSCSI (no version claimed) */
10137		scsi_ulto2b(0x0960, inq_ptr->version3);
10138	} else if (port_type == CTL_PORT_SAS) {
10139		/* SAS (no version claimed) */
10140		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10141	}
10142
10143	if (lun == NULL) {
10144		/* SBC-4 (no version claimed) */
10145		scsi_ulto2b(0x0600, inq_ptr->version4);
10146	} else {
10147		switch (lun->be_lun->lun_type) {
10148		case T_DIRECT:
10149			/* SBC-4 (no version claimed) */
10150			scsi_ulto2b(0x0600, inq_ptr->version4);
10151			break;
10152		case T_PROCESSOR:
10153		default:
10154			break;
10155		}
10156	}
10157
10158	ctl_set_success(ctsio);
10159	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10160	ctsio->be_move_done = ctl_config_move_done;
10161	ctl_datamove((union ctl_io *)ctsio);
10162	return (CTL_RETVAL_COMPLETE);
10163}
10164
10165int
10166ctl_inquiry(struct ctl_scsiio *ctsio)
10167{
10168	struct scsi_inquiry *cdb;
10169	int retval;
10170
10171	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10172
10173	cdb = (struct scsi_inquiry *)ctsio->cdb;
10174	if (cdb->byte2 & SI_EVPD)
10175		retval = ctl_inquiry_evpd(ctsio);
10176	else if (cdb->page_code == 0)
10177		retval = ctl_inquiry_std(ctsio);
10178	else {
10179		ctl_set_invalid_field(ctsio,
10180				      /*sks_valid*/ 1,
10181				      /*command*/ 1,
10182				      /*field*/ 2,
10183				      /*bit_valid*/ 0,
10184				      /*bit*/ 0);
10185		ctl_done((union ctl_io *)ctsio);
10186		return (CTL_RETVAL_COMPLETE);
10187	}
10188
10189	return (retval);
10190}
10191
10192/*
10193 * For known CDB types, parse the LBA and length.
10194 */
10195static int
10196ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10197{
10198	if (io->io_hdr.io_type != CTL_IO_SCSI)
10199		return (1);
10200
10201	switch (io->scsiio.cdb[0]) {
10202	case COMPARE_AND_WRITE: {
10203		struct scsi_compare_and_write *cdb;
10204
10205		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10206
10207		*lba = scsi_8btou64(cdb->addr);
10208		*len = cdb->length;
10209		break;
10210	}
10211	case READ_6:
10212	case WRITE_6: {
10213		struct scsi_rw_6 *cdb;
10214
10215		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10216
10217		*lba = scsi_3btoul(cdb->addr);
10218		/* only 5 bits are valid in the most significant address byte */
10219		*lba &= 0x1fffff;
10220		*len = cdb->length;
10221		break;
10222	}
10223	case READ_10:
10224	case WRITE_10: {
10225		struct scsi_rw_10 *cdb;
10226
10227		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10228
10229		*lba = scsi_4btoul(cdb->addr);
10230		*len = scsi_2btoul(cdb->length);
10231		break;
10232	}
10233	case WRITE_VERIFY_10: {
10234		struct scsi_write_verify_10 *cdb;
10235
10236		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10237
10238		*lba = scsi_4btoul(cdb->addr);
10239		*len = scsi_2btoul(cdb->length);
10240		break;
10241	}
10242	case READ_12:
10243	case WRITE_12: {
10244		struct scsi_rw_12 *cdb;
10245
10246		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10247
10248		*lba = scsi_4btoul(cdb->addr);
10249		*len = scsi_4btoul(cdb->length);
10250		break;
10251	}
10252	case WRITE_VERIFY_12: {
10253		struct scsi_write_verify_12 *cdb;
10254
10255		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10256
10257		*lba = scsi_4btoul(cdb->addr);
10258		*len = scsi_4btoul(cdb->length);
10259		break;
10260	}
10261	case READ_16:
10262	case WRITE_16:
10263	case WRITE_ATOMIC_16: {
10264		struct scsi_rw_16 *cdb;
10265
10266		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10267
10268		*lba = scsi_8btou64(cdb->addr);
10269		*len = scsi_4btoul(cdb->length);
10270		break;
10271	}
10272	case WRITE_VERIFY_16: {
10273		struct scsi_write_verify_16 *cdb;
10274
10275		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10276
10277		*lba = scsi_8btou64(cdb->addr);
10278		*len = scsi_4btoul(cdb->length);
10279		break;
10280	}
10281	case WRITE_SAME_10: {
10282		struct scsi_write_same_10 *cdb;
10283
10284		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10285
10286		*lba = scsi_4btoul(cdb->addr);
10287		*len = scsi_2btoul(cdb->length);
10288		break;
10289	}
10290	case WRITE_SAME_16: {
10291		struct scsi_write_same_16 *cdb;
10292
10293		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10294
10295		*lba = scsi_8btou64(cdb->addr);
10296		*len = scsi_4btoul(cdb->length);
10297		break;
10298	}
10299	case VERIFY_10: {
10300		struct scsi_verify_10 *cdb;
10301
10302		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10303
10304		*lba = scsi_4btoul(cdb->addr);
10305		*len = scsi_2btoul(cdb->length);
10306		break;
10307	}
10308	case VERIFY_12: {
10309		struct scsi_verify_12 *cdb;
10310
10311		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10312
10313		*lba = scsi_4btoul(cdb->addr);
10314		*len = scsi_4btoul(cdb->length);
10315		break;
10316	}
10317	case VERIFY_16: {
10318		struct scsi_verify_16 *cdb;
10319
10320		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10321
10322		*lba = scsi_8btou64(cdb->addr);
10323		*len = scsi_4btoul(cdb->length);
10324		break;
10325	}
10326	case UNMAP: {
10327		*lba = 0;
10328		*len = UINT64_MAX;
10329		break;
10330	}
10331	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10332		struct scsi_get_lba_status *cdb;
10333
10334		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10335		*lba = scsi_8btou64(cdb->addr);
10336		*len = UINT32_MAX;
10337		break;
10338	}
10339	default:
10340		return (1);
10341		break; /* NOTREACHED */
10342	}
10343
10344	return (0);
10345}
10346
10347static ctl_action
10348ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10349    bool seq)
10350{
10351	uint64_t endlba1, endlba2;
10352
10353	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10354	endlba2 = lba2 + len2 - 1;
10355
10356	if ((endlba1 < lba2) || (endlba2 < lba1))
10357		return (CTL_ACTION_PASS);
10358	else
10359		return (CTL_ACTION_BLOCK);
10360}
10361
10362static int
10363ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10364{
10365	struct ctl_ptr_len_flags *ptrlen;
10366	struct scsi_unmap_desc *buf, *end, *range;
10367	uint64_t lba;
10368	uint32_t len;
10369
10370	/* If not UNMAP -- go other way. */
10371	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10372	    io->scsiio.cdb[0] != UNMAP)
10373		return (CTL_ACTION_ERROR);
10374
10375	/* If UNMAP without data -- block and wait for data. */
10376	ptrlen = (struct ctl_ptr_len_flags *)
10377	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10378	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10379	    ptrlen->ptr == NULL)
10380		return (CTL_ACTION_BLOCK);
10381
10382	/* UNMAP with data -- check for collision. */
10383	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10384	end = buf + ptrlen->len / sizeof(*buf);
10385	for (range = buf; range < end; range++) {
10386		lba = scsi_8btou64(range->lba);
10387		len = scsi_4btoul(range->length);
10388		if ((lba < lba2 + len2) && (lba + len > lba2))
10389			return (CTL_ACTION_BLOCK);
10390	}
10391	return (CTL_ACTION_PASS);
10392}
10393
10394static ctl_action
10395ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10396{
10397	uint64_t lba1, lba2;
10398	uint64_t len1, len2;
10399	int retval;
10400
10401	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10402		return (CTL_ACTION_ERROR);
10403
10404	retval = ctl_extent_check_unmap(io1, lba2, len2);
10405	if (retval != CTL_ACTION_ERROR)
10406		return (retval);
10407
10408	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10409		return (CTL_ACTION_ERROR);
10410
10411	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10412}
10413
10414static ctl_action
10415ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10416{
10417	uint64_t lba1, lba2;
10418	uint64_t len1, len2;
10419
10420	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10421		return (CTL_ACTION_ERROR);
10422	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10423		return (CTL_ACTION_ERROR);
10424
10425	if (lba1 + len1 == lba2)
10426		return (CTL_ACTION_BLOCK);
10427	return (CTL_ACTION_PASS);
10428}
10429
10430static ctl_action
10431ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10432    union ctl_io *ooa_io)
10433{
10434	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10435	ctl_serialize_action *serialize_row;
10436
10437	/*
10438	 * The initiator attempted multiple untagged commands at the same
10439	 * time.  Can't do that.
10440	 */
10441	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10442	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10443	 && ((pending_io->io_hdr.nexus.targ_port ==
10444	      ooa_io->io_hdr.nexus.targ_port)
10445	  && (pending_io->io_hdr.nexus.initid.id ==
10446	      ooa_io->io_hdr.nexus.initid.id))
10447	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10448	      CTL_FLAG_STATUS_SENT)) == 0))
10449		return (CTL_ACTION_OVERLAP);
10450
10451	/*
10452	 * The initiator attempted to send multiple tagged commands with
10453	 * the same ID.  (It's fine if different initiators have the same
10454	 * tag ID.)
10455	 *
10456	 * Even if all of those conditions are true, we don't kill the I/O
10457	 * if the command ahead of us has been aborted.  We won't end up
10458	 * sending it to the FETD, and it's perfectly legal to resend a
10459	 * command with the same tag number as long as the previous
10460	 * instance of this tag number has been aborted somehow.
10461	 */
10462	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10463	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10464	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10465	 && ((pending_io->io_hdr.nexus.targ_port ==
10466	      ooa_io->io_hdr.nexus.targ_port)
10467	  && (pending_io->io_hdr.nexus.initid.id ==
10468	      ooa_io->io_hdr.nexus.initid.id))
10469	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10470	      CTL_FLAG_STATUS_SENT)) == 0))
10471		return (CTL_ACTION_OVERLAP_TAG);
10472
10473	/*
10474	 * If we get a head of queue tag, SAM-3 says that we should
10475	 * immediately execute it.
10476	 *
10477	 * What happens if this command would normally block for some other
10478	 * reason?  e.g. a request sense with a head of queue tag
10479	 * immediately after a write.  Normally that would block, but this
10480	 * will result in its getting executed immediately...
10481	 *
10482	 * We currently return "pass" instead of "skip", so we'll end up
10483	 * going through the rest of the queue to check for overlapped tags.
10484	 *
10485	 * XXX KDM check for other types of blockage first??
10486	 */
10487	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10488		return (CTL_ACTION_PASS);
10489
10490	/*
10491	 * Ordered tags have to block until all items ahead of them
10492	 * have completed.  If we get called with an ordered tag, we always
10493	 * block, if something else is ahead of us in the queue.
10494	 */
10495	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10496		return (CTL_ACTION_BLOCK);
10497
10498	/*
10499	 * Simple tags get blocked until all head of queue and ordered tags
10500	 * ahead of them have completed.  I'm lumping untagged commands in
10501	 * with simple tags here.  XXX KDM is that the right thing to do?
10502	 */
10503	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10504	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10505	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10506	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10507		return (CTL_ACTION_BLOCK);
10508
10509	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10510	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10511
10512	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10513
10514	switch (serialize_row[pending_entry->seridx]) {
10515	case CTL_SER_BLOCK:
10516		return (CTL_ACTION_BLOCK);
10517	case CTL_SER_EXTENT:
10518		return (ctl_extent_check(ooa_io, pending_io,
10519		    (lun->serseq == CTL_LUN_SERSEQ_ON)));
10520	case CTL_SER_EXTENTOPT:
10521		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10522		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10523			return (ctl_extent_check(ooa_io, pending_io,
10524			    (lun->serseq == CTL_LUN_SERSEQ_ON)));
10525		return (CTL_ACTION_PASS);
10526	case CTL_SER_EXTENTSEQ:
10527		if (lun->serseq != CTL_LUN_SERSEQ_OFF)
10528			return (ctl_extent_check_seq(ooa_io, pending_io));
10529		return (CTL_ACTION_PASS);
10530	case CTL_SER_PASS:
10531		return (CTL_ACTION_PASS);
10532	case CTL_SER_BLOCKOPT:
10533		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10534		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10535			return (CTL_ACTION_BLOCK);
10536		return (CTL_ACTION_PASS);
10537	case CTL_SER_SKIP:
10538		return (CTL_ACTION_SKIP);
10539	default:
10540		panic("invalid serialization value %d",
10541		      serialize_row[pending_entry->seridx]);
10542	}
10543
10544	return (CTL_ACTION_ERROR);
10545}
10546
10547/*
10548 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10549 * Assumptions:
10550 * - pending_io is generally either incoming, or on the blocked queue
10551 * - starting I/O is the I/O we want to start the check with.
10552 */
10553static ctl_action
10554ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10555	      union ctl_io *starting_io)
10556{
10557	union ctl_io *ooa_io;
10558	ctl_action action;
10559
10560	mtx_assert(&lun->lun_lock, MA_OWNED);
10561
10562	/*
10563	 * Run back along the OOA queue, starting with the current
10564	 * blocked I/O and going through every I/O before it on the
10565	 * queue.  If starting_io is NULL, we'll just end up returning
10566	 * CTL_ACTION_PASS.
10567	 */
10568	for (ooa_io = starting_io; ooa_io != NULL;
10569	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10570	     ooa_links)){
10571
10572		/*
10573		 * This routine just checks to see whether
10574		 * cur_blocked is blocked by ooa_io, which is ahead
10575		 * of it in the queue.  It doesn't queue/dequeue
10576		 * cur_blocked.
10577		 */
10578		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10579		switch (action) {
10580		case CTL_ACTION_BLOCK:
10581		case CTL_ACTION_OVERLAP:
10582		case CTL_ACTION_OVERLAP_TAG:
10583		case CTL_ACTION_SKIP:
10584		case CTL_ACTION_ERROR:
10585			return (action);
10586			break; /* NOTREACHED */
10587		case CTL_ACTION_PASS:
10588			break;
10589		default:
10590			panic("invalid action %d", action);
10591			break;  /* NOTREACHED */
10592		}
10593	}
10594
10595	return (CTL_ACTION_PASS);
10596}
10597
10598/*
10599 * Assumptions:
10600 * - An I/O has just completed, and has been removed from the per-LUN OOA
10601 *   queue, so some items on the blocked queue may now be unblocked.
10602 */
10603static int
10604ctl_check_blocked(struct ctl_lun *lun)
10605{
10606	union ctl_io *cur_blocked, *next_blocked;
10607
10608	mtx_assert(&lun->lun_lock, MA_OWNED);
10609
10610	/*
10611	 * Run forward from the head of the blocked queue, checking each
10612	 * entry against the I/Os prior to it on the OOA queue to see if
10613	 * there is still any blockage.
10614	 *
10615	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10616	 * with our removing a variable on it while it is traversing the
10617	 * list.
10618	 */
10619	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10620	     cur_blocked != NULL; cur_blocked = next_blocked) {
10621		union ctl_io *prev_ooa;
10622		ctl_action action;
10623
10624		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10625							  blocked_links);
10626
10627		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10628						      ctl_ooaq, ooa_links);
10629
10630		/*
10631		 * If cur_blocked happens to be the first item in the OOA
10632		 * queue now, prev_ooa will be NULL, and the action
10633		 * returned will just be CTL_ACTION_PASS.
10634		 */
10635		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10636
10637		switch (action) {
10638		case CTL_ACTION_BLOCK:
10639			/* Nothing to do here, still blocked */
10640			break;
10641		case CTL_ACTION_OVERLAP:
10642		case CTL_ACTION_OVERLAP_TAG:
10643			/*
10644			 * This shouldn't happen!  In theory we've already
10645			 * checked this command for overlap...
10646			 */
10647			break;
10648		case CTL_ACTION_PASS:
10649		case CTL_ACTION_SKIP: {
10650			const struct ctl_cmd_entry *entry;
10651			int isc_retval;
10652
10653			/*
10654			 * The skip case shouldn't happen, this transaction
10655			 * should have never made it onto the blocked queue.
10656			 */
10657			/*
10658			 * This I/O is no longer blocked, we can remove it
10659			 * from the blocked queue.  Since this is a TAILQ
10660			 * (doubly linked list), we can do O(1) removals
10661			 * from any place on the list.
10662			 */
10663			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10664				     blocked_links);
10665			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10666
10667			if (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC){
10668				/*
10669				 * Need to send IO back to original side to
10670				 * run
10671				 */
10672				union ctl_ha_msg msg_info;
10673
10674				msg_info.hdr.original_sc =
10675					cur_blocked->io_hdr.original_sc;
10676				msg_info.hdr.serializing_sc = cur_blocked;
10677				msg_info.hdr.msg_type = CTL_MSG_R2R;
10678				if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
10679				     &msg_info, sizeof(msg_info), 0)) >
10680				     CTL_HA_STATUS_SUCCESS) {
10681					printf("CTL:Check Blocked error from "
10682					       "ctl_ha_msg_send %d\n",
10683					       isc_retval);
10684				}
10685				break;
10686			}
10687			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10688
10689			/*
10690			 * Check this I/O for LUN state changes that may
10691			 * have happened while this command was blocked.
10692			 * The LUN state may have been changed by a command
10693			 * ahead of us in the queue, so we need to re-check
10694			 * for any states that can be caused by SCSI
10695			 * commands.
10696			 */
10697			if (ctl_scsiio_lun_check(lun, entry,
10698						 &cur_blocked->scsiio) == 0) {
10699				cur_blocked->io_hdr.flags |=
10700				                      CTL_FLAG_IS_WAS_ON_RTR;
10701				ctl_enqueue_rtr(cur_blocked);
10702			} else
10703				ctl_done(cur_blocked);
10704			break;
10705		}
10706		default:
10707			/*
10708			 * This probably shouldn't happen -- we shouldn't
10709			 * get CTL_ACTION_ERROR, or anything else.
10710			 */
10711			break;
10712		}
10713	}
10714
10715	return (CTL_RETVAL_COMPLETE);
10716}
10717
10718/*
10719 * This routine (with one exception) checks LUN flags that can be set by
10720 * commands ahead of us in the OOA queue.  These flags have to be checked
10721 * when a command initially comes in, and when we pull a command off the
10722 * blocked queue and are preparing to execute it.  The reason we have to
10723 * check these flags for commands on the blocked queue is that the LUN
10724 * state may have been changed by a command ahead of us while we're on the
10725 * blocked queue.
10726 *
10727 * Ordering is somewhat important with these checks, so please pay
10728 * careful attention to the placement of any new checks.
10729 */
10730static int
10731ctl_scsiio_lun_check(struct ctl_lun *lun,
10732    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10733{
10734	struct ctl_softc *softc = lun->ctl_softc;
10735	int retval;
10736	uint32_t residx;
10737
10738	retval = 0;
10739
10740	mtx_assert(&lun->lun_lock, MA_OWNED);
10741
10742	/*
10743	 * If this shelf is a secondary shelf controller, we have to reject
10744	 * any media access commands.
10745	 */
10746	if ((softc->flags & CTL_FLAG_ACTIVE_SHELF) == 0 &&
10747	    (entry->flags & CTL_CMD_FLAG_OK_ON_SECONDARY) == 0) {
10748		ctl_set_lun_standby(ctsio);
10749		retval = 1;
10750		goto bailout;
10751	}
10752
10753	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10754		if (lun->flags & CTL_LUN_READONLY) {
10755			ctl_set_sense(ctsio, /*current_error*/ 1,
10756			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10757			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
10758			retval = 1;
10759			goto bailout;
10760		}
10761		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10762		    .eca_and_aen & SCP_SWP) != 0) {
10763			ctl_set_sense(ctsio, /*current_error*/ 1,
10764			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10765			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10766			retval = 1;
10767			goto bailout;
10768		}
10769	}
10770
10771	/*
10772	 * Check for a reservation conflict.  If this command isn't allowed
10773	 * even on reserved LUNs, and if this initiator isn't the one who
10774	 * reserved us, reject the command with a reservation conflict.
10775	 */
10776	residx = ctl_get_resindex(&ctsio->io_hdr.nexus);
10777	if ((lun->flags & CTL_LUN_RESERVED)
10778	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10779		if (lun->res_idx != residx) {
10780			ctl_set_reservation_conflict(ctsio);
10781			retval = 1;
10782			goto bailout;
10783		}
10784	}
10785
10786	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10787	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10788		/* No reservation or command is allowed. */;
10789	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10790	    (lun->res_type == SPR_TYPE_WR_EX ||
10791	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10792	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10793		/* The command is allowed for Write Exclusive resv. */;
10794	} else {
10795		/*
10796		 * if we aren't registered or it's a res holder type
10797		 * reservation and this isn't the res holder then set a
10798		 * conflict.
10799		 */
10800		if (ctl_get_prkey(lun, residx) == 0
10801		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10802			ctl_set_reservation_conflict(ctsio);
10803			retval = 1;
10804			goto bailout;
10805		}
10806
10807	}
10808
10809	if ((lun->flags & CTL_LUN_OFFLINE)
10810	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_OFFLINE) == 0)) {
10811		ctl_set_lun_not_ready(ctsio);
10812		retval = 1;
10813		goto bailout;
10814	}
10815
10816	/*
10817	 * If the LUN is stopped, see if this particular command is allowed
10818	 * for a stopped lun.  Otherwise, reject it with 0x04,0x02.
10819	 */
10820	if ((lun->flags & CTL_LUN_STOPPED)
10821	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10822		/* "Logical unit not ready, initializing cmd. required" */
10823		ctl_set_lun_stopped(ctsio);
10824		retval = 1;
10825		goto bailout;
10826	}
10827
10828	if ((lun->flags & CTL_LUN_INOPERABLE)
10829	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10830		/* "Medium format corrupted" */
10831		ctl_set_medium_format_corrupted(ctsio);
10832		retval = 1;
10833		goto bailout;
10834	}
10835
10836bailout:
10837	return (retval);
10838
10839}
10840
10841static void
10842ctl_failover_io(union ctl_io *io, int have_lock)
10843{
10844	ctl_set_busy(&io->scsiio);
10845	ctl_done(io);
10846}
10847
10848#ifdef notyet
10849static void
10850ctl_failover(void)
10851{
10852	struct ctl_lun *lun;
10853	struct ctl_softc *softc;
10854	union ctl_io *next_io, *pending_io;
10855	union ctl_io *io;
10856	int lun_idx;
10857
10858	softc = control_softc;
10859
10860	mtx_lock(&softc->ctl_lock);
10861	/*
10862	 * Remove any cmds from the other SC from the rtr queue.  These
10863	 * will obviously only be for LUNs for which we're the primary.
10864	 * We can't send status or get/send data for these commands.
10865	 * Since they haven't been executed yet, we can just remove them.
10866	 * We'll either abort them or delete them below, depending on
10867	 * which HA mode we're in.
10868	 */
10869#ifdef notyet
10870	mtx_lock(&softc->queue_lock);
10871	for (io = (union ctl_io *)STAILQ_FIRST(&softc->rtr_queue);
10872	     io != NULL; io = next_io) {
10873		next_io = (union ctl_io *)STAILQ_NEXT(&io->io_hdr, links);
10874		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10875			STAILQ_REMOVE(&softc->rtr_queue, &io->io_hdr,
10876				      ctl_io_hdr, links);
10877	}
10878	mtx_unlock(&softc->queue_lock);
10879#endif
10880
10881	for (lun_idx=0; lun_idx < softc->num_luns; lun_idx++) {
10882		lun = softc->ctl_luns[lun_idx];
10883		if (lun==NULL)
10884			continue;
10885
10886		/*
10887		 * Processor LUNs are primary on both sides.
10888		 * XXX will this always be true?
10889		 */
10890		if (lun->be_lun->lun_type == T_PROCESSOR)
10891			continue;
10892
10893		if ((lun->flags & CTL_LUN_PRIMARY_SC)
10894		 && (softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10895			printf("FAILOVER: primary lun %d\n", lun_idx);
10896		        /*
10897			 * Remove all commands from the other SC. First from the
10898			 * blocked queue then from the ooa queue. Once we have
10899			 * removed them. Call ctl_check_blocked to see if there
10900			 * is anything that can run.
10901			 */
10902			for (io = (union ctl_io *)TAILQ_FIRST(
10903			     &lun->blocked_queue); io != NULL; io = next_io) {
10904
10905		        	next_io = (union ctl_io *)TAILQ_NEXT(
10906				    &io->io_hdr, blocked_links);
10907
10908				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10909					TAILQ_REMOVE(&lun->blocked_queue,
10910						     &io->io_hdr,blocked_links);
10911					io->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10912					TAILQ_REMOVE(&lun->ooa_queue,
10913						     &io->io_hdr, ooa_links);
10914
10915					ctl_free_io(io);
10916				}
10917			}
10918
10919			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10920	     		     io != NULL; io = next_io) {
10921
10922		        	next_io = (union ctl_io *)TAILQ_NEXT(
10923				    &io->io_hdr, ooa_links);
10924
10925				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) {
10926
10927					TAILQ_REMOVE(&lun->ooa_queue,
10928						&io->io_hdr,
10929					     	ooa_links);
10930
10931					ctl_free_io(io);
10932				}
10933			}
10934			ctl_check_blocked(lun);
10935		} else if ((lun->flags & CTL_LUN_PRIMARY_SC)
10936			&& (softc->ha_mode == CTL_HA_MODE_XFER)) {
10937
10938			printf("FAILOVER: primary lun %d\n", lun_idx);
10939			/*
10940			 * Abort all commands from the other SC.  We can't
10941			 * send status back for them now.  These should get
10942			 * cleaned up when they are completed or come out
10943			 * for a datamove operation.
10944			 */
10945			for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
10946	     		     io != NULL; io = next_io) {
10947		        	next_io = (union ctl_io *)TAILQ_NEXT(
10948					&io->io_hdr, ooa_links);
10949
10950				if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
10951					io->io_hdr.flags |= CTL_FLAG_ABORT;
10952			}
10953		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10954			&& (softc->ha_mode == CTL_HA_MODE_XFER)) {
10955
10956			printf("FAILOVER: secondary lun %d\n", lun_idx);
10957
10958			lun->flags |= CTL_LUN_PRIMARY_SC;
10959
10960			/*
10961			 * We send all I/O that was sent to this controller
10962			 * and redirected to the other side back with
10963			 * busy status, and have the initiator retry it.
10964			 * Figuring out how much data has been transferred,
10965			 * etc. and picking up where we left off would be
10966			 * very tricky.
10967			 *
10968			 * XXX KDM need to remove I/O from the blocked
10969			 * queue as well!
10970			 */
10971			for (pending_io = (union ctl_io *)TAILQ_FIRST(
10972			     &lun->ooa_queue); pending_io != NULL;
10973			     pending_io = next_io) {
10974
10975				next_io =  (union ctl_io *)TAILQ_NEXT(
10976					&pending_io->io_hdr, ooa_links);
10977
10978				pending_io->io_hdr.flags &=
10979					~CTL_FLAG_SENT_2OTHER_SC;
10980
10981				if (pending_io->io_hdr.flags &
10982				    CTL_FLAG_IO_ACTIVE) {
10983					pending_io->io_hdr.flags |=
10984						CTL_FLAG_FAILOVER;
10985				} else {
10986					ctl_set_busy(&pending_io->scsiio);
10987					ctl_done(pending_io);
10988				}
10989			}
10990
10991			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
10992		} else if (((lun->flags & CTL_LUN_PRIMARY_SC) == 0)
10993			&& (softc->ha_mode == CTL_HA_MODE_SER_ONLY)) {
10994			printf("FAILOVER: secondary lun %d\n", lun_idx);
10995			/*
10996			 * if the first io on the OOA is not on the RtR queue
10997			 * add it.
10998			 */
10999			lun->flags |= CTL_LUN_PRIMARY_SC;
11000
11001			pending_io = (union ctl_io *)TAILQ_FIRST(
11002			    &lun->ooa_queue);
11003			if (pending_io==NULL) {
11004				printf("Nothing on OOA queue\n");
11005				continue;
11006			}
11007
11008			pending_io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11009			if ((pending_io->io_hdr.flags &
11010			     CTL_FLAG_IS_WAS_ON_RTR) == 0) {
11011				pending_io->io_hdr.flags |=
11012				    CTL_FLAG_IS_WAS_ON_RTR;
11013				ctl_enqueue_rtr(pending_io);
11014			}
11015#if 0
11016			else
11017			{
11018				printf("Tag 0x%04x is running\n",
11019				      pending_io->scsiio.tag_num);
11020			}
11021#endif
11022
11023			next_io = (union ctl_io *)TAILQ_NEXT(
11024			    &pending_io->io_hdr, ooa_links);
11025			for (pending_io=next_io; pending_io != NULL;
11026			     pending_io = next_io) {
11027				pending_io->io_hdr.flags &=
11028				    ~CTL_FLAG_SENT_2OTHER_SC;
11029				next_io = (union ctl_io *)TAILQ_NEXT(
11030					&pending_io->io_hdr, ooa_links);
11031				if (pending_io->io_hdr.flags &
11032				    CTL_FLAG_IS_WAS_ON_RTR) {
11033#if 0
11034				        printf("Tag 0x%04x is running\n",
11035				      		pending_io->scsiio.tag_num);
11036#endif
11037					continue;
11038				}
11039
11040				switch (ctl_check_ooa(lun, pending_io,
11041			            (union ctl_io *)TAILQ_PREV(
11042				    &pending_io->io_hdr, ctl_ooaq,
11043				    ooa_links))) {
11044
11045				case CTL_ACTION_BLOCK:
11046					TAILQ_INSERT_TAIL(&lun->blocked_queue,
11047							  &pending_io->io_hdr,
11048							  blocked_links);
11049					pending_io->io_hdr.flags |=
11050					    CTL_FLAG_BLOCKED;
11051					break;
11052				case CTL_ACTION_PASS:
11053				case CTL_ACTION_SKIP:
11054					pending_io->io_hdr.flags |=
11055					    CTL_FLAG_IS_WAS_ON_RTR;
11056					ctl_enqueue_rtr(pending_io);
11057					break;
11058				case CTL_ACTION_OVERLAP:
11059					ctl_set_overlapped_cmd(
11060					    (struct ctl_scsiio *)pending_io);
11061					ctl_done(pending_io);
11062					break;
11063				case CTL_ACTION_OVERLAP_TAG:
11064					ctl_set_overlapped_tag(
11065					    (struct ctl_scsiio *)pending_io,
11066					    pending_io->scsiio.tag_num & 0xff);
11067					ctl_done(pending_io);
11068					break;
11069				case CTL_ACTION_ERROR:
11070				default:
11071					ctl_set_internal_failure(
11072						(struct ctl_scsiio *)pending_io,
11073						0,  // sks_valid
11074						0); //retry count
11075					ctl_done(pending_io);
11076					break;
11077				}
11078			}
11079
11080			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
11081		} else {
11082			panic("Unhandled HA mode failover, LUN flags = %#x, "
11083			      "ha_mode = #%x", lun->flags, softc->ha_mode);
11084		}
11085	}
11086	ctl_pause_rtr = 0;
11087	mtx_unlock(&softc->ctl_lock);
11088}
11089#endif
11090
11091static void
11092ctl_clear_ua(struct ctl_softc *ctl_softc, uint32_t initidx,
11093	     ctl_ua_type ua_type)
11094{
11095	struct ctl_lun *lun;
11096	ctl_ua_type *pu;
11097
11098	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
11099
11100	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
11101		mtx_lock(&lun->lun_lock);
11102		pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
11103		if (pu != NULL)
11104			pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua_type;
11105		mtx_unlock(&lun->lun_lock);
11106	}
11107}
11108
11109static int
11110ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11111{
11112	struct ctl_lun *lun;
11113	const struct ctl_cmd_entry *entry;
11114	uint32_t initidx, targ_lun;
11115	int retval;
11116
11117	retval = 0;
11118
11119	lun = NULL;
11120
11121	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11122	if ((targ_lun < CTL_MAX_LUNS)
11123	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11124		/*
11125		 * If the LUN is invalid, pretend that it doesn't exist.
11126		 * It will go away as soon as all pending I/O has been
11127		 * completed.
11128		 */
11129		mtx_lock(&lun->lun_lock);
11130		if (lun->flags & CTL_LUN_DISABLED) {
11131			mtx_unlock(&lun->lun_lock);
11132			lun = NULL;
11133			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11134			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11135		} else {
11136			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11137			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11138				lun->be_lun;
11139			if (lun->be_lun->lun_type == T_PROCESSOR) {
11140				ctsio->io_hdr.flags |= CTL_FLAG_CONTROL_DEV;
11141			}
11142
11143			/*
11144			 * Every I/O goes into the OOA queue for a
11145			 * particular LUN, and stays there until completion.
11146			 */
11147#ifdef CTL_TIME_IO
11148			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11149				lun->idle_time += getsbinuptime() -
11150				    lun->last_busy;
11151			}
11152#endif
11153			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11154			    ooa_links);
11155		}
11156	} else {
11157		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11158		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11159	}
11160
11161	/* Get command entry and return error if it is unsuppotyed. */
11162	entry = ctl_validate_command(ctsio);
11163	if (entry == NULL) {
11164		if (lun)
11165			mtx_unlock(&lun->lun_lock);
11166		return (retval);
11167	}
11168
11169	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11170	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11171
11172	/*
11173	 * Check to see whether we can send this command to LUNs that don't
11174	 * exist.  This should pretty much only be the case for inquiry
11175	 * and request sense.  Further checks, below, really require having
11176	 * a LUN, so we can't really check the command anymore.  Just put
11177	 * it on the rtr queue.
11178	 */
11179	if (lun == NULL) {
11180		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11181			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11182			ctl_enqueue_rtr((union ctl_io *)ctsio);
11183			return (retval);
11184		}
11185
11186		ctl_set_unsupported_lun(ctsio);
11187		ctl_done((union ctl_io *)ctsio);
11188		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11189		return (retval);
11190	} else {
11191		/*
11192		 * Make sure we support this particular command on this LUN.
11193		 * e.g., we don't support writes to the control LUN.
11194		 */
11195		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11196			mtx_unlock(&lun->lun_lock);
11197			ctl_set_invalid_opcode(ctsio);
11198			ctl_done((union ctl_io *)ctsio);
11199			return (retval);
11200		}
11201	}
11202
11203	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11204
11205#ifdef CTL_WITH_CA
11206	/*
11207	 * If we've got a request sense, it'll clear the contingent
11208	 * allegiance condition.  Otherwise, if we have a CA condition for
11209	 * this initiator, clear it, because it sent down a command other
11210	 * than request sense.
11211	 */
11212	if ((ctsio->cdb[0] != REQUEST_SENSE)
11213	 && (ctl_is_set(lun->have_ca, initidx)))
11214		ctl_clear_mask(lun->have_ca, initidx);
11215#endif
11216
11217	/*
11218	 * If the command has this flag set, it handles its own unit
11219	 * attention reporting, we shouldn't do anything.  Otherwise we
11220	 * check for any pending unit attentions, and send them back to the
11221	 * initiator.  We only do this when a command initially comes in,
11222	 * not when we pull it off the blocked queue.
11223	 *
11224	 * According to SAM-3, section 5.3.2, the order that things get
11225	 * presented back to the host is basically unit attentions caused
11226	 * by some sort of reset event, busy status, reservation conflicts
11227	 * or task set full, and finally any other status.
11228	 *
11229	 * One issue here is that some of the unit attentions we report
11230	 * don't fall into the "reset" category (e.g. "reported luns data
11231	 * has changed").  So reporting it here, before the reservation
11232	 * check, may be technically wrong.  I guess the only thing to do
11233	 * would be to check for and report the reset events here, and then
11234	 * check for the other unit attention types after we check for a
11235	 * reservation conflict.
11236	 *
11237	 * XXX KDM need to fix this
11238	 */
11239	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11240		ctl_ua_type ua_type;
11241		scsi_sense_data_type sense_format;
11242
11243		if (lun->flags & CTL_LUN_SENSE_DESC)
11244			sense_format = SSD_TYPE_DESC;
11245		else
11246			sense_format = SSD_TYPE_FIXED;
11247
11248		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11249		    sense_format);
11250		if (ua_type != CTL_UA_NONE) {
11251			mtx_unlock(&lun->lun_lock);
11252			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11253			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11254			ctsio->sense_len = SSD_FULL_SIZE;
11255			ctl_done((union ctl_io *)ctsio);
11256			return (retval);
11257		}
11258	}
11259
11260
11261	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11262		mtx_unlock(&lun->lun_lock);
11263		ctl_done((union ctl_io *)ctsio);
11264		return (retval);
11265	}
11266
11267	/*
11268	 * XXX CHD this is where we want to send IO to other side if
11269	 * this LUN is secondary on this SC. We will need to make a copy
11270	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11271	 * the copy we send as FROM_OTHER.
11272	 * We also need to stuff the address of the original IO so we can
11273	 * find it easily. Something similar will need be done on the other
11274	 * side so when we are done we can find the copy.
11275	 */
11276	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11277		union ctl_ha_msg msg_info;
11278		int isc_retval;
11279
11280		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11281
11282		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11283		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11284#if 0
11285		printf("1. ctsio %p\n", ctsio);
11286#endif
11287		msg_info.hdr.serializing_sc = NULL;
11288		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11289		msg_info.scsi.tag_num = ctsio->tag_num;
11290		msg_info.scsi.tag_type = ctsio->tag_type;
11291		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11292
11293		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11294
11295		if ((isc_retval=ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11296		    (void *)&msg_info, sizeof(msg_info), 0)) >
11297		    CTL_HA_STATUS_SUCCESS) {
11298			printf("CTL:precheck, ctl_ha_msg_send returned %d\n",
11299			       isc_retval);
11300			printf("CTL:opcode is %x\n", ctsio->cdb[0]);
11301		} else {
11302#if 0
11303			printf("CTL:Precheck sent msg, opcode is %x\n",opcode);
11304#endif
11305		}
11306
11307		/*
11308		 * XXX KDM this I/O is off the incoming queue, but hasn't
11309		 * been inserted on any other queue.  We may need to come
11310		 * up with a holding queue while we wait for serialization
11311		 * so that we have an idea of what we're waiting for from
11312		 * the other side.
11313		 */
11314		mtx_unlock(&lun->lun_lock);
11315		return (retval);
11316	}
11317
11318	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11319			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11320			      ctl_ooaq, ooa_links))) {
11321	case CTL_ACTION_BLOCK:
11322		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11323		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11324				  blocked_links);
11325		mtx_unlock(&lun->lun_lock);
11326		return (retval);
11327	case CTL_ACTION_PASS:
11328	case CTL_ACTION_SKIP:
11329		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11330		mtx_unlock(&lun->lun_lock);
11331		ctl_enqueue_rtr((union ctl_io *)ctsio);
11332		break;
11333	case CTL_ACTION_OVERLAP:
11334		mtx_unlock(&lun->lun_lock);
11335		ctl_set_overlapped_cmd(ctsio);
11336		ctl_done((union ctl_io *)ctsio);
11337		break;
11338	case CTL_ACTION_OVERLAP_TAG:
11339		mtx_unlock(&lun->lun_lock);
11340		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11341		ctl_done((union ctl_io *)ctsio);
11342		break;
11343	case CTL_ACTION_ERROR:
11344	default:
11345		mtx_unlock(&lun->lun_lock);
11346		ctl_set_internal_failure(ctsio,
11347					 /*sks_valid*/ 0,
11348					 /*retry_count*/ 0);
11349		ctl_done((union ctl_io *)ctsio);
11350		break;
11351	}
11352	return (retval);
11353}
11354
11355const struct ctl_cmd_entry *
11356ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11357{
11358	const struct ctl_cmd_entry *entry;
11359	int service_action;
11360
11361	entry = &ctl_cmd_table[ctsio->cdb[0]];
11362	if (sa)
11363		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11364	if (entry->flags & CTL_CMD_FLAG_SA5) {
11365		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11366		entry = &((const struct ctl_cmd_entry *)
11367		    entry->execute)[service_action];
11368	}
11369	return (entry);
11370}
11371
11372const struct ctl_cmd_entry *
11373ctl_validate_command(struct ctl_scsiio *ctsio)
11374{
11375	const struct ctl_cmd_entry *entry;
11376	int i, sa;
11377	uint8_t diff;
11378
11379	entry = ctl_get_cmd_entry(ctsio, &sa);
11380	if (entry->execute == NULL) {
11381		if (sa)
11382			ctl_set_invalid_field(ctsio,
11383					      /*sks_valid*/ 1,
11384					      /*command*/ 1,
11385					      /*field*/ 1,
11386					      /*bit_valid*/ 1,
11387					      /*bit*/ 4);
11388		else
11389			ctl_set_invalid_opcode(ctsio);
11390		ctl_done((union ctl_io *)ctsio);
11391		return (NULL);
11392	}
11393	KASSERT(entry->length > 0,
11394	    ("Not defined length for command 0x%02x/0x%02x",
11395	     ctsio->cdb[0], ctsio->cdb[1]));
11396	for (i = 1; i < entry->length; i++) {
11397		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11398		if (diff == 0)
11399			continue;
11400		ctl_set_invalid_field(ctsio,
11401				      /*sks_valid*/ 1,
11402				      /*command*/ 1,
11403				      /*field*/ i,
11404				      /*bit_valid*/ 1,
11405				      /*bit*/ fls(diff) - 1);
11406		ctl_done((union ctl_io *)ctsio);
11407		return (NULL);
11408	}
11409	return (entry);
11410}
11411
11412static int
11413ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11414{
11415
11416	switch (lun_type) {
11417	case T_PROCESSOR:
11418		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11419		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11420			return (0);
11421		break;
11422	case T_DIRECT:
11423		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11424		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11425			return (0);
11426		break;
11427	default:
11428		return (0);
11429	}
11430	return (1);
11431}
11432
11433static int
11434ctl_scsiio(struct ctl_scsiio *ctsio)
11435{
11436	int retval;
11437	const struct ctl_cmd_entry *entry;
11438
11439	retval = CTL_RETVAL_COMPLETE;
11440
11441	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11442
11443	entry = ctl_get_cmd_entry(ctsio, NULL);
11444
11445	/*
11446	 * If this I/O has been aborted, just send it straight to
11447	 * ctl_done() without executing it.
11448	 */
11449	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11450		ctl_done((union ctl_io *)ctsio);
11451		goto bailout;
11452	}
11453
11454	/*
11455	 * All the checks should have been handled by ctl_scsiio_precheck().
11456	 * We should be clear now to just execute the I/O.
11457	 */
11458	retval = entry->execute(ctsio);
11459
11460bailout:
11461	return (retval);
11462}
11463
11464/*
11465 * Since we only implement one target right now, a bus reset simply resets
11466 * our single target.
11467 */
11468static int
11469ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11470{
11471	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11472}
11473
11474static int
11475ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11476		 ctl_ua_type ua_type)
11477{
11478	struct ctl_lun *lun;
11479	int retval;
11480
11481	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11482		union ctl_ha_msg msg_info;
11483
11484		io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11485		msg_info.hdr.nexus = io->io_hdr.nexus;
11486		if (ua_type==CTL_UA_TARG_RESET)
11487			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11488		else
11489			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11490		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11491		msg_info.hdr.original_sc = NULL;
11492		msg_info.hdr.serializing_sc = NULL;
11493		if (CTL_HA_STATUS_SUCCESS != ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11494		    (void *)&msg_info, sizeof(msg_info), 0)) {
11495		}
11496	}
11497	retval = 0;
11498
11499	mtx_lock(&softc->ctl_lock);
11500	STAILQ_FOREACH(lun, &softc->lun_list, links)
11501		retval += ctl_lun_reset(lun, io, ua_type);
11502	mtx_unlock(&softc->ctl_lock);
11503
11504	return (retval);
11505}
11506
11507/*
11508 * The LUN should always be set.  The I/O is optional, and is used to
11509 * distinguish between I/Os sent by this initiator, and by other
11510 * initiators.  We set unit attention for initiators other than this one.
11511 * SAM-3 is vague on this point.  It does say that a unit attention should
11512 * be established for other initiators when a LUN is reset (see section
11513 * 5.7.3), but it doesn't specifically say that the unit attention should
11514 * be established for this particular initiator when a LUN is reset.  Here
11515 * is the relevant text, from SAM-3 rev 8:
11516 *
11517 * 5.7.2 When a SCSI initiator port aborts its own tasks
11518 *
11519 * When a SCSI initiator port causes its own task(s) to be aborted, no
11520 * notification that the task(s) have been aborted shall be returned to
11521 * the SCSI initiator port other than the completion response for the
11522 * command or task management function action that caused the task(s) to
11523 * be aborted and notification(s) associated with related effects of the
11524 * action (e.g., a reset unit attention condition).
11525 *
11526 * XXX KDM for now, we're setting unit attention for all initiators.
11527 */
11528static int
11529ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11530{
11531	union ctl_io *xio;
11532#if 0
11533	uint32_t initidx;
11534#endif
11535#ifdef CTL_WITH_CA
11536	int i;
11537#endif
11538
11539	mtx_lock(&lun->lun_lock);
11540	/*
11541	 * Run through the OOA queue and abort each I/O.
11542	 */
11543	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11544	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11545		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11546	}
11547
11548	/*
11549	 * This version sets unit attention for every
11550	 */
11551#if 0
11552	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11553	ctl_est_ua_all(lun, initidx, ua_type);
11554#else
11555	ctl_est_ua_all(lun, -1, ua_type);
11556#endif
11557
11558	/*
11559	 * A reset (any kind, really) clears reservations established with
11560	 * RESERVE/RELEASE.  It does not clear reservations established
11561	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11562	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11563	 * reservations made with the RESERVE/RELEASE commands, because
11564	 * those commands are obsolete in SPC-3.
11565	 */
11566	lun->flags &= ~CTL_LUN_RESERVED;
11567
11568#ifdef CTL_WITH_CA
11569	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11570		ctl_clear_mask(lun->have_ca, i);
11571#endif
11572	mtx_unlock(&lun->lun_lock);
11573
11574	return (0);
11575}
11576
11577static void
11578ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11579    int other_sc)
11580{
11581	union ctl_io *xio;
11582
11583	mtx_assert(&lun->lun_lock, MA_OWNED);
11584
11585	/*
11586	 * Run through the OOA queue and attempt to find the given I/O.
11587	 * The target port, initiator ID, tag type and tag number have to
11588	 * match the values that we got from the initiator.  If we have an
11589	 * untagged command to abort, simply abort the first untagged command
11590	 * we come to.  We only allow one untagged command at a time of course.
11591	 */
11592	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11593	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11594
11595		if ((targ_port == UINT32_MAX ||
11596		     targ_port == xio->io_hdr.nexus.targ_port) &&
11597		    (init_id == UINT32_MAX ||
11598		     init_id == xio->io_hdr.nexus.initid.id)) {
11599			if (targ_port != xio->io_hdr.nexus.targ_port ||
11600			    init_id != xio->io_hdr.nexus.initid.id)
11601				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11602			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11603			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11604				union ctl_ha_msg msg_info;
11605
11606				msg_info.hdr.nexus = xio->io_hdr.nexus;
11607				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11608				msg_info.task.tag_num = xio->scsiio.tag_num;
11609				msg_info.task.tag_type = xio->scsiio.tag_type;
11610				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11611				msg_info.hdr.original_sc = NULL;
11612				msg_info.hdr.serializing_sc = NULL;
11613				ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11614				    (void *)&msg_info, sizeof(msg_info), 0);
11615			}
11616		}
11617	}
11618}
11619
11620static int
11621ctl_abort_task_set(union ctl_io *io)
11622{
11623	struct ctl_softc *softc = control_softc;
11624	struct ctl_lun *lun;
11625	uint32_t targ_lun;
11626
11627	/*
11628	 * Look up the LUN.
11629	 */
11630	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11631	mtx_lock(&softc->ctl_lock);
11632	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
11633		lun = softc->ctl_luns[targ_lun];
11634	else {
11635		mtx_unlock(&softc->ctl_lock);
11636		return (1);
11637	}
11638
11639	mtx_lock(&lun->lun_lock);
11640	mtx_unlock(&softc->ctl_lock);
11641	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11642		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11643		    io->io_hdr.nexus.initid.id,
11644		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11645	} else { /* CTL_TASK_CLEAR_TASK_SET */
11646		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11647		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11648	}
11649	mtx_unlock(&lun->lun_lock);
11650	return (0);
11651}
11652
11653static int
11654ctl_i_t_nexus_reset(union ctl_io *io)
11655{
11656	struct ctl_softc *softc = control_softc;
11657	struct ctl_lun *lun;
11658	uint32_t initidx, residx;
11659
11660	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11661	residx = ctl_get_resindex(&io->io_hdr.nexus);
11662	mtx_lock(&softc->ctl_lock);
11663	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11664		mtx_lock(&lun->lun_lock);
11665		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11666		    io->io_hdr.nexus.initid.id,
11667		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11668#ifdef CTL_WITH_CA
11669		ctl_clear_mask(lun->have_ca, initidx);
11670#endif
11671		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
11672			lun->flags &= ~CTL_LUN_RESERVED;
11673		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11674		mtx_unlock(&lun->lun_lock);
11675	}
11676	mtx_unlock(&softc->ctl_lock);
11677	return (0);
11678}
11679
11680static int
11681ctl_abort_task(union ctl_io *io)
11682{
11683	union ctl_io *xio;
11684	struct ctl_lun *lun;
11685	struct ctl_softc *softc;
11686#if 0
11687	struct sbuf sb;
11688	char printbuf[128];
11689#endif
11690	int found;
11691	uint32_t targ_lun;
11692
11693	softc = control_softc;
11694	found = 0;
11695
11696	/*
11697	 * Look up the LUN.
11698	 */
11699	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11700	mtx_lock(&softc->ctl_lock);
11701	if ((targ_lun < CTL_MAX_LUNS)
11702	 && (softc->ctl_luns[targ_lun] != NULL))
11703		lun = softc->ctl_luns[targ_lun];
11704	else {
11705		mtx_unlock(&softc->ctl_lock);
11706		return (1);
11707	}
11708
11709#if 0
11710	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11711	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11712#endif
11713
11714	mtx_lock(&lun->lun_lock);
11715	mtx_unlock(&softc->ctl_lock);
11716	/*
11717	 * Run through the OOA queue and attempt to find the given I/O.
11718	 * The target port, initiator ID, tag type and tag number have to
11719	 * match the values that we got from the initiator.  If we have an
11720	 * untagged command to abort, simply abort the first untagged command
11721	 * we come to.  We only allow one untagged command at a time of course.
11722	 */
11723	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11724	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11725#if 0
11726		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11727
11728		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11729			    lun->lun, xio->scsiio.tag_num,
11730			    xio->scsiio.tag_type,
11731			    (xio->io_hdr.blocked_links.tqe_prev
11732			    == NULL) ? "" : " BLOCKED",
11733			    (xio->io_hdr.flags &
11734			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11735			    (xio->io_hdr.flags &
11736			    CTL_FLAG_ABORT) ? " ABORT" : "",
11737			    (xio->io_hdr.flags &
11738			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11739		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11740		sbuf_finish(&sb);
11741		printf("%s\n", sbuf_data(&sb));
11742#endif
11743
11744		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11745		 || (xio->io_hdr.nexus.initid.id != io->io_hdr.nexus.initid.id)
11746		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11747			continue;
11748
11749		/*
11750		 * If the abort says that the task is untagged, the
11751		 * task in the queue must be untagged.  Otherwise,
11752		 * we just check to see whether the tag numbers
11753		 * match.  This is because the QLogic firmware
11754		 * doesn't pass back the tag type in an abort
11755		 * request.
11756		 */
11757#if 0
11758		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11759		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11760		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11761#endif
11762		/*
11763		 * XXX KDM we've got problems with FC, because it
11764		 * doesn't send down a tag type with aborts.  So we
11765		 * can only really go by the tag number...
11766		 * This may cause problems with parallel SCSI.
11767		 * Need to figure that out!!
11768		 */
11769		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11770			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11771			found = 1;
11772			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11773			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11774				union ctl_ha_msg msg_info;
11775
11776				io->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11777				msg_info.hdr.nexus = io->io_hdr.nexus;
11778				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11779				msg_info.task.tag_num = io->taskio.tag_num;
11780				msg_info.task.tag_type = io->taskio.tag_type;
11781				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11782				msg_info.hdr.original_sc = NULL;
11783				msg_info.hdr.serializing_sc = NULL;
11784#if 0
11785				printf("Sent Abort to other side\n");
11786#endif
11787				if (ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11788				    (void *)&msg_info, sizeof(msg_info), 0) !=
11789				    CTL_HA_STATUS_SUCCESS) {
11790				}
11791			}
11792#if 0
11793			printf("ctl_abort_task: found I/O to abort\n");
11794#endif
11795		}
11796	}
11797	mtx_unlock(&lun->lun_lock);
11798
11799	if (found == 0) {
11800		/*
11801		 * This isn't really an error.  It's entirely possible for
11802		 * the abort and command completion to cross on the wire.
11803		 * This is more of an informative/diagnostic error.
11804		 */
11805#if 0
11806		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11807		       "%d:%d:%d:%d tag %d type %d\n",
11808		       io->io_hdr.nexus.initid.id,
11809		       io->io_hdr.nexus.targ_port,
11810		       io->io_hdr.nexus.targ_target.id,
11811		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11812		       io->taskio.tag_type);
11813#endif
11814	}
11815	return (0);
11816}
11817
11818static void
11819ctl_run_task(union ctl_io *io)
11820{
11821	struct ctl_softc *softc = control_softc;
11822	int retval = 1;
11823	const char *task_desc;
11824
11825	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11826
11827	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11828	    ("ctl_run_task: Unextected io_type %d\n",
11829	     io->io_hdr.io_type));
11830
11831	task_desc = ctl_scsi_task_string(&io->taskio);
11832	if (task_desc != NULL) {
11833#ifdef NEEDTOPORT
11834		csevent_log(CSC_CTL | CSC_SHELF_SW |
11835			    CTL_TASK_REPORT,
11836			    csevent_LogType_Trace,
11837			    csevent_Severity_Information,
11838			    csevent_AlertLevel_Green,
11839			    csevent_FRU_Firmware,
11840			    csevent_FRU_Unknown,
11841			    "CTL: received task: %s",task_desc);
11842#endif
11843	} else {
11844#ifdef NEEDTOPORT
11845		csevent_log(CSC_CTL | CSC_SHELF_SW |
11846			    CTL_TASK_REPORT,
11847			    csevent_LogType_Trace,
11848			    csevent_Severity_Information,
11849			    csevent_AlertLevel_Green,
11850			    csevent_FRU_Firmware,
11851			    csevent_FRU_Unknown,
11852			    "CTL: received unknown task "
11853			    "type: %d (%#x)",
11854			    io->taskio.task_action,
11855			    io->taskio.task_action);
11856#endif
11857	}
11858	switch (io->taskio.task_action) {
11859	case CTL_TASK_ABORT_TASK:
11860		retval = ctl_abort_task(io);
11861		break;
11862	case CTL_TASK_ABORT_TASK_SET:
11863	case CTL_TASK_CLEAR_TASK_SET:
11864		retval = ctl_abort_task_set(io);
11865		break;
11866	case CTL_TASK_CLEAR_ACA:
11867		break;
11868	case CTL_TASK_I_T_NEXUS_RESET:
11869		retval = ctl_i_t_nexus_reset(io);
11870		break;
11871	case CTL_TASK_LUN_RESET: {
11872		struct ctl_lun *lun;
11873		uint32_t targ_lun;
11874
11875		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11876		mtx_lock(&softc->ctl_lock);
11877		if ((targ_lun < CTL_MAX_LUNS)
11878		 && (softc->ctl_luns[targ_lun] != NULL))
11879			lun = softc->ctl_luns[targ_lun];
11880		else {
11881			mtx_unlock(&softc->ctl_lock);
11882			retval = 1;
11883			break;
11884		}
11885
11886		if (!(io->io_hdr.flags &
11887		    CTL_FLAG_FROM_OTHER_SC)) {
11888			union ctl_ha_msg msg_info;
11889
11890			io->io_hdr.flags |=
11891				CTL_FLAG_SENT_2OTHER_SC;
11892			msg_info.hdr.msg_type =
11893				CTL_MSG_MANAGE_TASKS;
11894			msg_info.hdr.nexus = io->io_hdr.nexus;
11895			msg_info.task.task_action =
11896				CTL_TASK_LUN_RESET;
11897			msg_info.hdr.original_sc = NULL;
11898			msg_info.hdr.serializing_sc = NULL;
11899			if (CTL_HA_STATUS_SUCCESS !=
11900			    ctl_ha_msg_send(CTL_HA_CHAN_CTL,
11901			    (void *)&msg_info,
11902			    sizeof(msg_info), 0)) {
11903			}
11904		}
11905
11906		retval = ctl_lun_reset(lun, io,
11907				       CTL_UA_LUN_RESET);
11908		mtx_unlock(&softc->ctl_lock);
11909		break;
11910	}
11911	case CTL_TASK_TARGET_RESET:
11912		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11913		break;
11914	case CTL_TASK_BUS_RESET:
11915		retval = ctl_bus_reset(softc, io);
11916		break;
11917	case CTL_TASK_PORT_LOGIN:
11918		break;
11919	case CTL_TASK_PORT_LOGOUT:
11920		break;
11921	default:
11922		printf("ctl_run_task: got unknown task management event %d\n",
11923		       io->taskio.task_action);
11924		break;
11925	}
11926	if (retval == 0)
11927		io->io_hdr.status = CTL_SUCCESS;
11928	else
11929		io->io_hdr.status = CTL_ERROR;
11930	ctl_done(io);
11931}
11932
11933/*
11934 * For HA operation.  Handle commands that come in from the other
11935 * controller.
11936 */
11937static void
11938ctl_handle_isc(union ctl_io *io)
11939{
11940	int free_io;
11941	struct ctl_lun *lun;
11942	struct ctl_softc *softc;
11943	uint32_t targ_lun;
11944
11945	softc = control_softc;
11946
11947	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11948	lun = softc->ctl_luns[targ_lun];
11949
11950	switch (io->io_hdr.msg_type) {
11951	case CTL_MSG_SERIALIZE:
11952		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11953		break;
11954	case CTL_MSG_R2R: {
11955		const struct ctl_cmd_entry *entry;
11956
11957		/*
11958		 * This is only used in SER_ONLY mode.
11959		 */
11960		free_io = 0;
11961		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11962		mtx_lock(&lun->lun_lock);
11963		if (ctl_scsiio_lun_check(lun,
11964		    entry, (struct ctl_scsiio *)io) != 0) {
11965			mtx_unlock(&lun->lun_lock);
11966			ctl_done(io);
11967			break;
11968		}
11969		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11970		mtx_unlock(&lun->lun_lock);
11971		ctl_enqueue_rtr(io);
11972		break;
11973	}
11974	case CTL_MSG_FINISH_IO:
11975		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11976			free_io = 0;
11977			ctl_done(io);
11978		} else {
11979			free_io = 1;
11980			mtx_lock(&lun->lun_lock);
11981			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11982				     ooa_links);
11983			ctl_check_blocked(lun);
11984			mtx_unlock(&lun->lun_lock);
11985		}
11986		break;
11987	case CTL_MSG_PERS_ACTION:
11988		ctl_hndl_per_res_out_on_other_sc(
11989			(union ctl_ha_msg *)&io->presio.pr_msg);
11990		free_io = 1;
11991		break;
11992	case CTL_MSG_BAD_JUJU:
11993		free_io = 0;
11994		ctl_done(io);
11995		break;
11996	case CTL_MSG_DATAMOVE:
11997		/* Only used in XFER mode */
11998		free_io = 0;
11999		ctl_datamove_remote(io);
12000		break;
12001	case CTL_MSG_DATAMOVE_DONE:
12002		/* Only used in XFER mode */
12003		free_io = 0;
12004		io->scsiio.be_move_done(io);
12005		break;
12006	default:
12007		free_io = 1;
12008		printf("%s: Invalid message type %d\n",
12009		       __func__, io->io_hdr.msg_type);
12010		break;
12011	}
12012	if (free_io)
12013		ctl_free_io(io);
12014
12015}
12016
12017
12018/*
12019 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12020 * there is no match.
12021 */
12022static ctl_lun_error_pattern
12023ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12024{
12025	const struct ctl_cmd_entry *entry;
12026	ctl_lun_error_pattern filtered_pattern, pattern;
12027
12028	pattern = desc->error_pattern;
12029
12030	/*
12031	 * XXX KDM we need more data passed into this function to match a
12032	 * custom pattern, and we actually need to implement custom pattern
12033	 * matching.
12034	 */
12035	if (pattern & CTL_LUN_PAT_CMD)
12036		return (CTL_LUN_PAT_CMD);
12037
12038	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12039		return (CTL_LUN_PAT_ANY);
12040
12041	entry = ctl_get_cmd_entry(ctsio, NULL);
12042
12043	filtered_pattern = entry->pattern & pattern;
12044
12045	/*
12046	 * If the user requested specific flags in the pattern (e.g.
12047	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12048	 * flags.
12049	 *
12050	 * If the user did not specify any flags, it doesn't matter whether
12051	 * or not the command supports the flags.
12052	 */
12053	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12054	     (pattern & ~CTL_LUN_PAT_MASK))
12055		return (CTL_LUN_PAT_NONE);
12056
12057	/*
12058	 * If the user asked for a range check, see if the requested LBA
12059	 * range overlaps with this command's LBA range.
12060	 */
12061	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12062		uint64_t lba1;
12063		uint64_t len1;
12064		ctl_action action;
12065		int retval;
12066
12067		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12068		if (retval != 0)
12069			return (CTL_LUN_PAT_NONE);
12070
12071		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12072					      desc->lba_range.len, FALSE);
12073		/*
12074		 * A "pass" means that the LBA ranges don't overlap, so
12075		 * this doesn't match the user's range criteria.
12076		 */
12077		if (action == CTL_ACTION_PASS)
12078			return (CTL_LUN_PAT_NONE);
12079	}
12080
12081	return (filtered_pattern);
12082}
12083
12084static void
12085ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12086{
12087	struct ctl_error_desc *desc, *desc2;
12088
12089	mtx_assert(&lun->lun_lock, MA_OWNED);
12090
12091	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12092		ctl_lun_error_pattern pattern;
12093		/*
12094		 * Check to see whether this particular command matches
12095		 * the pattern in the descriptor.
12096		 */
12097		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12098		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12099			continue;
12100
12101		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12102		case CTL_LUN_INJ_ABORTED:
12103			ctl_set_aborted(&io->scsiio);
12104			break;
12105		case CTL_LUN_INJ_MEDIUM_ERR:
12106			ctl_set_medium_error(&io->scsiio);
12107			break;
12108		case CTL_LUN_INJ_UA:
12109			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12110			 * OCCURRED */
12111			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12112			break;
12113		case CTL_LUN_INJ_CUSTOM:
12114			/*
12115			 * We're assuming the user knows what he is doing.
12116			 * Just copy the sense information without doing
12117			 * checks.
12118			 */
12119			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12120			      MIN(sizeof(desc->custom_sense),
12121				  sizeof(io->scsiio.sense_data)));
12122			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12123			io->scsiio.sense_len = SSD_FULL_SIZE;
12124			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12125			break;
12126		case CTL_LUN_INJ_NONE:
12127		default:
12128			/*
12129			 * If this is an error injection type we don't know
12130			 * about, clear the continuous flag (if it is set)
12131			 * so it will get deleted below.
12132			 */
12133			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12134			break;
12135		}
12136		/*
12137		 * By default, each error injection action is a one-shot
12138		 */
12139		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12140			continue;
12141
12142		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12143
12144		free(desc, M_CTL);
12145	}
12146}
12147
12148#ifdef CTL_IO_DELAY
12149static void
12150ctl_datamove_timer_wakeup(void *arg)
12151{
12152	union ctl_io *io;
12153
12154	io = (union ctl_io *)arg;
12155
12156	ctl_datamove(io);
12157}
12158#endif /* CTL_IO_DELAY */
12159
12160void
12161ctl_datamove(union ctl_io *io)
12162{
12163	void (*fe_datamove)(union ctl_io *io);
12164
12165	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12166
12167	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12168
12169#ifdef CTL_TIME_IO
12170	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12171		char str[256];
12172		char path_str[64];
12173		struct sbuf sb;
12174
12175		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12176		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12177
12178		sbuf_cat(&sb, path_str);
12179		switch (io->io_hdr.io_type) {
12180		case CTL_IO_SCSI:
12181			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12182			sbuf_printf(&sb, "\n");
12183			sbuf_cat(&sb, path_str);
12184			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12185				    io->scsiio.tag_num, io->scsiio.tag_type);
12186			break;
12187		case CTL_IO_TASK:
12188			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12189				    "Tag Type: %d\n", io->taskio.task_action,
12190				    io->taskio.tag_num, io->taskio.tag_type);
12191			break;
12192		default:
12193			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12194			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12195			break;
12196		}
12197		sbuf_cat(&sb, path_str);
12198		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12199			    (intmax_t)time_uptime - io->io_hdr.start_time);
12200		sbuf_finish(&sb);
12201		printf("%s", sbuf_data(&sb));
12202	}
12203#endif /* CTL_TIME_IO */
12204
12205#ifdef CTL_IO_DELAY
12206	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12207		struct ctl_lun *lun;
12208
12209		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12210
12211		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12212	} else {
12213		struct ctl_lun *lun;
12214
12215		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12216		if ((lun != NULL)
12217		 && (lun->delay_info.datamove_delay > 0)) {
12218			struct callout *callout;
12219
12220			callout = (struct callout *)&io->io_hdr.timer_bytes;
12221			callout_init(callout, /*mpsafe*/ 1);
12222			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12223			callout_reset(callout,
12224				      lun->delay_info.datamove_delay * hz,
12225				      ctl_datamove_timer_wakeup, io);
12226			if (lun->delay_info.datamove_type ==
12227			    CTL_DELAY_TYPE_ONESHOT)
12228				lun->delay_info.datamove_delay = 0;
12229			return;
12230		}
12231	}
12232#endif
12233
12234	/*
12235	 * This command has been aborted.  Set the port status, so we fail
12236	 * the data move.
12237	 */
12238	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12239		printf("ctl_datamove: tag 0x%04x on (%ju:%d:%ju:%d) aborted\n",
12240		       io->scsiio.tag_num,(uintmax_t)io->io_hdr.nexus.initid.id,
12241		       io->io_hdr.nexus.targ_port,
12242		       (uintmax_t)io->io_hdr.nexus.targ_target.id,
12243		       io->io_hdr.nexus.targ_lun);
12244		io->io_hdr.port_status = 31337;
12245		/*
12246		 * Note that the backend, in this case, will get the
12247		 * callback in its context.  In other cases it may get
12248		 * called in the frontend's interrupt thread context.
12249		 */
12250		io->scsiio.be_move_done(io);
12251		return;
12252	}
12253
12254	/* Don't confuse frontend with zero length data move. */
12255	if (io->scsiio.kern_data_len == 0) {
12256		io->scsiio.be_move_done(io);
12257		return;
12258	}
12259
12260	/*
12261	 * If we're in XFER mode and this I/O is from the other shelf
12262	 * controller, we need to send the DMA to the other side to
12263	 * actually transfer the data to/from the host.  In serialize only
12264	 * mode the transfer happens below CTL and ctl_datamove() is only
12265	 * called on the machine that originally received the I/O.
12266	 */
12267	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12268	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12269		union ctl_ha_msg msg;
12270		uint32_t sg_entries_sent;
12271		int do_sg_copy;
12272		int i;
12273
12274		memset(&msg, 0, sizeof(msg));
12275		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12276		msg.hdr.original_sc = io->io_hdr.original_sc;
12277		msg.hdr.serializing_sc = io;
12278		msg.hdr.nexus = io->io_hdr.nexus;
12279		msg.dt.flags = io->io_hdr.flags;
12280		/*
12281		 * We convert everything into a S/G list here.  We can't
12282		 * pass by reference, only by value between controllers.
12283		 * So we can't pass a pointer to the S/G list, only as many
12284		 * S/G entries as we can fit in here.  If it's possible for
12285		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12286		 * then we need to break this up into multiple transfers.
12287		 */
12288		if (io->scsiio.kern_sg_entries == 0) {
12289			msg.dt.kern_sg_entries = 1;
12290			/*
12291			 * If this is in cached memory, flush the cache
12292			 * before we send the DMA request to the other
12293			 * controller.  We want to do this in either the
12294			 * read or the write case.  The read case is
12295			 * straightforward.  In the write case, we want to
12296			 * make sure nothing is in the local cache that
12297			 * could overwrite the DMAed data.
12298			 */
12299			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12300				/*
12301				 * XXX KDM use bus_dmamap_sync() here.
12302				 */
12303			}
12304
12305			/*
12306			 * Convert to a physical address if this is a
12307			 * virtual address.
12308			 */
12309			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12310				msg.dt.sg_list[0].addr =
12311					io->scsiio.kern_data_ptr;
12312			} else {
12313				/*
12314				 * XXX KDM use busdma here!
12315				 */
12316#if 0
12317				msg.dt.sg_list[0].addr = (void *)
12318					vtophys(io->scsiio.kern_data_ptr);
12319#endif
12320			}
12321
12322			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12323			do_sg_copy = 0;
12324		} else {
12325			struct ctl_sg_entry *sgl;
12326
12327			do_sg_copy = 1;
12328			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12329			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
12330			if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12331				/*
12332				 * XXX KDM use bus_dmamap_sync() here.
12333				 */
12334			}
12335		}
12336
12337		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12338		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12339		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12340		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12341		msg.dt.sg_sequence = 0;
12342
12343		/*
12344		 * Loop until we've sent all of the S/G entries.  On the
12345		 * other end, we'll recompose these S/G entries into one
12346		 * contiguous list before passing it to the
12347		 */
12348		for (sg_entries_sent = 0; sg_entries_sent <
12349		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12350			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12351				sizeof(msg.dt.sg_list[0])),
12352				msg.dt.kern_sg_entries - sg_entries_sent);
12353
12354			if (do_sg_copy != 0) {
12355				struct ctl_sg_entry *sgl;
12356				int j;
12357
12358				sgl = (struct ctl_sg_entry *)
12359					io->scsiio.kern_data_ptr;
12360				/*
12361				 * If this is in cached memory, flush the cache
12362				 * before we send the DMA request to the other
12363				 * controller.  We want to do this in either
12364				 * the * read or the write case.  The read
12365				 * case is straightforward.  In the write
12366				 * case, we want to make sure nothing is
12367				 * in the local cache that could overwrite
12368				 * the DMAed data.
12369				 */
12370
12371				for (i = sg_entries_sent, j = 0;
12372				     i < msg.dt.cur_sg_entries; i++, j++) {
12373					if ((io->io_hdr.flags &
12374					     CTL_FLAG_NO_DATASYNC) == 0) {
12375						/*
12376						 * XXX KDM use bus_dmamap_sync()
12377						 */
12378					}
12379					if ((io->io_hdr.flags &
12380					     CTL_FLAG_BUS_ADDR) == 0) {
12381						/*
12382						 * XXX KDM use busdma.
12383						 */
12384#if 0
12385						msg.dt.sg_list[j].addr =(void *)
12386						       vtophys(sgl[i].addr);
12387#endif
12388					} else {
12389						msg.dt.sg_list[j].addr =
12390							sgl[i].addr;
12391					}
12392					msg.dt.sg_list[j].len = sgl[i].len;
12393				}
12394			}
12395
12396			sg_entries_sent += msg.dt.cur_sg_entries;
12397			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12398				msg.dt.sg_last = 1;
12399			else
12400				msg.dt.sg_last = 0;
12401
12402			/*
12403			 * XXX KDM drop and reacquire the lock here?
12404			 */
12405			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12406			    sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
12407				/*
12408				 * XXX do something here.
12409				 */
12410			}
12411
12412			msg.dt.sent_sg_entries = sg_entries_sent;
12413		}
12414		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12415		if (io->io_hdr.flags & CTL_FLAG_FAILOVER)
12416			ctl_failover_io(io, /*have_lock*/ 0);
12417
12418	} else {
12419
12420		/*
12421		 * Lookup the fe_datamove() function for this particular
12422		 * front end.
12423		 */
12424		fe_datamove =
12425		    control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12426
12427		fe_datamove(io);
12428	}
12429}
12430
12431static void
12432ctl_send_datamove_done(union ctl_io *io, int have_lock)
12433{
12434	union ctl_ha_msg msg;
12435	int isc_status;
12436
12437	memset(&msg, 0, sizeof(msg));
12438
12439	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12440	msg.hdr.original_sc = io;
12441	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12442	msg.hdr.nexus = io->io_hdr.nexus;
12443	msg.hdr.status = io->io_hdr.status;
12444	msg.scsi.tag_num = io->scsiio.tag_num;
12445	msg.scsi.tag_type = io->scsiio.tag_type;
12446	msg.scsi.scsi_status = io->scsiio.scsi_status;
12447	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12448	       sizeof(io->scsiio.sense_data));
12449	msg.scsi.sense_len = io->scsiio.sense_len;
12450	msg.scsi.sense_residual = io->scsiio.sense_residual;
12451	msg.scsi.fetd_status = io->io_hdr.port_status;
12452	msg.scsi.residual = io->scsiio.residual;
12453	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12454
12455	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12456		ctl_failover_io(io, /*have_lock*/ have_lock);
12457		return;
12458	}
12459
12460	isc_status = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0);
12461	if (isc_status > CTL_HA_STATUS_SUCCESS) {
12462		/* XXX do something if this fails */
12463	}
12464
12465}
12466
12467/*
12468 * The DMA to the remote side is done, now we need to tell the other side
12469 * we're done so it can continue with its data movement.
12470 */
12471static void
12472ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12473{
12474	union ctl_io *io;
12475
12476	io = rq->context;
12477
12478	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12479		printf("%s: ISC DMA write failed with error %d", __func__,
12480		       rq->ret);
12481		ctl_set_internal_failure(&io->scsiio,
12482					 /*sks_valid*/ 1,
12483					 /*retry_count*/ rq->ret);
12484	}
12485
12486	ctl_dt_req_free(rq);
12487
12488	/*
12489	 * In this case, we had to malloc the memory locally.  Free it.
12490	 */
12491	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12492		int i;
12493		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12494			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12495	}
12496	/*
12497	 * The data is in local and remote memory, so now we need to send
12498	 * status (good or back) back to the other side.
12499	 */
12500	ctl_send_datamove_done(io, /*have_lock*/ 0);
12501}
12502
12503/*
12504 * We've moved the data from the host/controller into local memory.  Now we
12505 * need to push it over to the remote controller's memory.
12506 */
12507static int
12508ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12509{
12510	int retval;
12511
12512	retval = 0;
12513
12514	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12515					  ctl_datamove_remote_write_cb);
12516
12517	return (retval);
12518}
12519
12520static void
12521ctl_datamove_remote_write(union ctl_io *io)
12522{
12523	int retval;
12524	void (*fe_datamove)(union ctl_io *io);
12525
12526	/*
12527	 * - Get the data from the host/HBA into local memory.
12528	 * - DMA memory from the local controller to the remote controller.
12529	 * - Send status back to the remote controller.
12530	 */
12531
12532	retval = ctl_datamove_remote_sgl_setup(io);
12533	if (retval != 0)
12534		return;
12535
12536	/* Switch the pointer over so the FETD knows what to do */
12537	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12538
12539	/*
12540	 * Use a custom move done callback, since we need to send completion
12541	 * back to the other controller, not to the backend on this side.
12542	 */
12543	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12544
12545	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12546
12547	fe_datamove(io);
12548
12549	return;
12550
12551}
12552
12553static int
12554ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12555{
12556#if 0
12557	char str[256];
12558	char path_str[64];
12559	struct sbuf sb;
12560#endif
12561
12562	/*
12563	 * In this case, we had to malloc the memory locally.  Free it.
12564	 */
12565	if ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0) {
12566		int i;
12567		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12568			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12569	}
12570
12571#if 0
12572	scsi_path_string(io, path_str, sizeof(path_str));
12573	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12574	sbuf_cat(&sb, path_str);
12575	scsi_command_string(&io->scsiio, NULL, &sb);
12576	sbuf_printf(&sb, "\n");
12577	sbuf_cat(&sb, path_str);
12578	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12579		    io->scsiio.tag_num, io->scsiio.tag_type);
12580	sbuf_cat(&sb, path_str);
12581	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12582		    io->io_hdr.flags, io->io_hdr.status);
12583	sbuf_finish(&sb);
12584	printk("%s", sbuf_data(&sb));
12585#endif
12586
12587
12588	/*
12589	 * The read is done, now we need to send status (good or bad) back
12590	 * to the other side.
12591	 */
12592	ctl_send_datamove_done(io, /*have_lock*/ 0);
12593
12594	return (0);
12595}
12596
12597static void
12598ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12599{
12600	union ctl_io *io;
12601	void (*fe_datamove)(union ctl_io *io);
12602
12603	io = rq->context;
12604
12605	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12606		printf("%s: ISC DMA read failed with error %d", __func__,
12607		       rq->ret);
12608		ctl_set_internal_failure(&io->scsiio,
12609					 /*sks_valid*/ 1,
12610					 /*retry_count*/ rq->ret);
12611	}
12612
12613	ctl_dt_req_free(rq);
12614
12615	/* Switch the pointer over so the FETD knows what to do */
12616	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12617
12618	/*
12619	 * Use a custom move done callback, since we need to send completion
12620	 * back to the other controller, not to the backend on this side.
12621	 */
12622	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12623
12624	/* XXX KDM add checks like the ones in ctl_datamove? */
12625
12626	fe_datamove = control_softc->ctl_ports[ctl_port_idx(io->io_hdr.nexus.targ_port)]->fe_datamove;
12627
12628	fe_datamove(io);
12629}
12630
12631static int
12632ctl_datamove_remote_sgl_setup(union ctl_io *io)
12633{
12634	struct ctl_sg_entry *local_sglist, *remote_sglist;
12635	struct ctl_sg_entry *local_dma_sglist, *remote_dma_sglist;
12636	struct ctl_softc *softc;
12637	int retval;
12638	int i;
12639
12640	retval = 0;
12641	softc = control_softc;
12642
12643	local_sglist = io->io_hdr.local_sglist;
12644	local_dma_sglist = io->io_hdr.local_dma_sglist;
12645	remote_sglist = io->io_hdr.remote_sglist;
12646	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12647
12648	if (io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) {
12649		for (i = 0; i < io->scsiio.kern_sg_entries; i++) {
12650			local_sglist[i].len = remote_sglist[i].len;
12651
12652			/*
12653			 * XXX Detect the situation where the RS-level I/O
12654			 * redirector on the other side has already read the
12655			 * data off of the AOR RS on this side, and
12656			 * transferred it to remote (mirror) memory on the
12657			 * other side.  Since we already have the data in
12658			 * memory here, we just need to use it.
12659			 *
12660			 * XXX KDM this can probably be removed once we
12661			 * get the cache device code in and take the
12662			 * current AOR implementation out.
12663			 */
12664#ifdef NEEDTOPORT
12665			if ((remote_sglist[i].addr >=
12666			     (void *)vtophys(softc->mirr->addr))
12667			 && (remote_sglist[i].addr <
12668			     ((void *)vtophys(softc->mirr->addr) +
12669			     CacheMirrorOffset))) {
12670				local_sglist[i].addr = remote_sglist[i].addr -
12671					CacheMirrorOffset;
12672				if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12673				     CTL_FLAG_DATA_IN)
12674					io->io_hdr.flags |= CTL_FLAG_REDIR_DONE;
12675			} else {
12676				local_sglist[i].addr = remote_sglist[i].addr +
12677					CacheMirrorOffset;
12678			}
12679#endif
12680#if 0
12681			printf("%s: local %p, remote %p, len %d\n",
12682			       __func__, local_sglist[i].addr,
12683			       remote_sglist[i].addr, local_sglist[i].len);
12684#endif
12685		}
12686	} else {
12687		uint32_t len_to_go;
12688
12689		/*
12690		 * In this case, we don't have automatically allocated
12691		 * memory for this I/O on this controller.  This typically
12692		 * happens with internal CTL I/O -- e.g. inquiry, mode
12693		 * sense, etc.  Anything coming from RAIDCore will have
12694		 * a mirror area available.
12695		 */
12696		len_to_go = io->scsiio.kern_data_len;
12697
12698		/*
12699		 * Clear the no datasync flag, we have to use malloced
12700		 * buffers.
12701		 */
12702		io->io_hdr.flags &= ~CTL_FLAG_NO_DATASYNC;
12703
12704		/*
12705		 * The difficult thing here is that the size of the various
12706		 * S/G segments may be different than the size from the
12707		 * remote controller.  That'll make it harder when DMAing
12708		 * the data back to the other side.
12709		 */
12710		for (i = 0; (i < sizeof(io->io_hdr.remote_sglist) /
12711		     sizeof(io->io_hdr.remote_sglist[0])) &&
12712		     (len_to_go > 0); i++) {
12713			local_sglist[i].len = MIN(len_to_go, 131072);
12714			CTL_SIZE_8B(local_dma_sglist[i].len,
12715				    local_sglist[i].len);
12716			local_sglist[i].addr =
12717				malloc(local_dma_sglist[i].len, M_CTL,M_WAITOK);
12718
12719			local_dma_sglist[i].addr = local_sglist[i].addr;
12720
12721			if (local_sglist[i].addr == NULL) {
12722				int j;
12723
12724				printf("malloc failed for %zd bytes!",
12725				       local_dma_sglist[i].len);
12726				for (j = 0; j < i; j++) {
12727					free(local_sglist[j].addr, M_CTL);
12728				}
12729				ctl_set_internal_failure(&io->scsiio,
12730							 /*sks_valid*/ 1,
12731							 /*retry_count*/ 4857);
12732				retval = 1;
12733				goto bailout_error;
12734
12735			}
12736			/* XXX KDM do we need a sync here? */
12737
12738			len_to_go -= local_sglist[i].len;
12739		}
12740		/*
12741		 * Reset the number of S/G entries accordingly.  The
12742		 * original number of S/G entries is available in
12743		 * rem_sg_entries.
12744		 */
12745		io->scsiio.kern_sg_entries = i;
12746
12747#if 0
12748		printf("%s: kern_sg_entries = %d\n", __func__,
12749		       io->scsiio.kern_sg_entries);
12750		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12751			printf("%s: sg[%d] = %p, %d (DMA: %d)\n", __func__, i,
12752			       local_sglist[i].addr, local_sglist[i].len,
12753			       local_dma_sglist[i].len);
12754#endif
12755	}
12756
12757
12758	return (retval);
12759
12760bailout_error:
12761
12762	ctl_send_datamove_done(io, /*have_lock*/ 0);
12763
12764	return (retval);
12765}
12766
12767static int
12768ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12769			 ctl_ha_dt_cb callback)
12770{
12771	struct ctl_ha_dt_req *rq;
12772	struct ctl_sg_entry *remote_sglist, *local_sglist;
12773	struct ctl_sg_entry *remote_dma_sglist, *local_dma_sglist;
12774	uint32_t local_used, remote_used, total_used;
12775	int retval;
12776	int i, j;
12777
12778	retval = 0;
12779
12780	rq = ctl_dt_req_alloc();
12781
12782	/*
12783	 * If we failed to allocate the request, and if the DMA didn't fail
12784	 * anyway, set busy status.  This is just a resource allocation
12785	 * failure.
12786	 */
12787	if ((rq == NULL)
12788	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
12789		ctl_set_busy(&io->scsiio);
12790
12791	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
12792
12793		if (rq != NULL)
12794			ctl_dt_req_free(rq);
12795
12796		/*
12797		 * The data move failed.  We need to return status back
12798		 * to the other controller.  No point in trying to DMA
12799		 * data to the remote controller.
12800		 */
12801
12802		ctl_send_datamove_done(io, /*have_lock*/ 0);
12803
12804		retval = 1;
12805
12806		goto bailout;
12807	}
12808
12809	local_sglist = io->io_hdr.local_sglist;
12810	local_dma_sglist = io->io_hdr.local_dma_sglist;
12811	remote_sglist = io->io_hdr.remote_sglist;
12812	remote_dma_sglist = io->io_hdr.remote_dma_sglist;
12813	local_used = 0;
12814	remote_used = 0;
12815	total_used = 0;
12816
12817	if (io->io_hdr.flags & CTL_FLAG_REDIR_DONE) {
12818		rq->ret = CTL_HA_STATUS_SUCCESS;
12819		rq->context = io;
12820		callback(rq);
12821		goto bailout;
12822	}
12823
12824	/*
12825	 * Pull/push the data over the wire from/to the other controller.
12826	 * This takes into account the possibility that the local and
12827	 * remote sglists may not be identical in terms of the size of
12828	 * the elements and the number of elements.
12829	 *
12830	 * One fundamental assumption here is that the length allocated for
12831	 * both the local and remote sglists is identical.  Otherwise, we've
12832	 * essentially got a coding error of some sort.
12833	 */
12834	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12835		int isc_ret;
12836		uint32_t cur_len, dma_length;
12837		uint8_t *tmp_ptr;
12838
12839		rq->id = CTL_HA_DATA_CTL;
12840		rq->command = command;
12841		rq->context = io;
12842
12843		/*
12844		 * Both pointers should be aligned.  But it is possible
12845		 * that the allocation length is not.  They should both
12846		 * also have enough slack left over at the end, though,
12847		 * to round up to the next 8 byte boundary.
12848		 */
12849		cur_len = MIN(local_sglist[i].len - local_used,
12850			      remote_sglist[j].len - remote_used);
12851
12852		/*
12853		 * In this case, we have a size issue and need to decrease
12854		 * the size, except in the case where we actually have less
12855		 * than 8 bytes left.  In that case, we need to increase
12856		 * the DMA length to get the last bit.
12857		 */
12858		if ((cur_len & 0x7) != 0) {
12859			if (cur_len > 0x7) {
12860				cur_len = cur_len - (cur_len & 0x7);
12861				dma_length = cur_len;
12862			} else {
12863				CTL_SIZE_8B(dma_length, cur_len);
12864			}
12865
12866		} else
12867			dma_length = cur_len;
12868
12869		/*
12870		 * If we had to allocate memory for this I/O, instead of using
12871		 * the non-cached mirror memory, we'll need to flush the cache
12872		 * before trying to DMA to the other controller.
12873		 *
12874		 * We could end up doing this multiple times for the same
12875		 * segment if we have a larger local segment than remote
12876		 * segment.  That shouldn't be an issue.
12877		 */
12878		if ((io->io_hdr.flags & CTL_FLAG_NO_DATASYNC) == 0) {
12879			/*
12880			 * XXX KDM use bus_dmamap_sync() here.
12881			 */
12882		}
12883
12884		rq->size = dma_length;
12885
12886		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12887		tmp_ptr += local_used;
12888
12889		/* Use physical addresses when talking to ISC hardware */
12890		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12891			/* XXX KDM use busdma */
12892#if 0
12893			rq->local = vtophys(tmp_ptr);
12894#endif
12895		} else
12896			rq->local = tmp_ptr;
12897
12898		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12899		tmp_ptr += remote_used;
12900		rq->remote = tmp_ptr;
12901
12902		rq->callback = NULL;
12903
12904		local_used += cur_len;
12905		if (local_used >= local_sglist[i].len) {
12906			i++;
12907			local_used = 0;
12908		}
12909
12910		remote_used += cur_len;
12911		if (remote_used >= remote_sglist[j].len) {
12912			j++;
12913			remote_used = 0;
12914		}
12915		total_used += cur_len;
12916
12917		if (total_used >= io->scsiio.kern_data_len)
12918			rq->callback = callback;
12919
12920		if ((rq->size & 0x7) != 0) {
12921			printf("%s: warning: size %d is not on 8b boundary\n",
12922			       __func__, rq->size);
12923		}
12924		if (((uintptr_t)rq->local & 0x7) != 0) {
12925			printf("%s: warning: local %p not on 8b boundary\n",
12926			       __func__, rq->local);
12927		}
12928		if (((uintptr_t)rq->remote & 0x7) != 0) {
12929			printf("%s: warning: remote %p not on 8b boundary\n",
12930			       __func__, rq->local);
12931		}
12932#if 0
12933		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12934		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12935		       rq->local, rq->remote, rq->size);
12936#endif
12937
12938		isc_ret = ctl_dt_single(rq);
12939		if (isc_ret == CTL_HA_STATUS_WAIT)
12940			continue;
12941
12942		if (isc_ret == CTL_HA_STATUS_DISCONNECT) {
12943			rq->ret = CTL_HA_STATUS_SUCCESS;
12944		} else {
12945			rq->ret = isc_ret;
12946		}
12947		callback(rq);
12948		goto bailout;
12949	}
12950
12951bailout:
12952	return (retval);
12953
12954}
12955
12956static void
12957ctl_datamove_remote_read(union ctl_io *io)
12958{
12959	int retval;
12960	int i;
12961
12962	/*
12963	 * This will send an error to the other controller in the case of a
12964	 * failure.
12965	 */
12966	retval = ctl_datamove_remote_sgl_setup(io);
12967	if (retval != 0)
12968		return;
12969
12970	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12971					  ctl_datamove_remote_read_cb);
12972	if ((retval != 0)
12973	 && ((io->io_hdr.flags & CTL_FLAG_AUTO_MIRROR) == 0)) {
12974		/*
12975		 * Make sure we free memory if there was an error..  The
12976		 * ctl_datamove_remote_xfer() function will send the
12977		 * datamove done message, or call the callback with an
12978		 * error if there is a problem.
12979		 */
12980		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12981			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12982	}
12983
12984	return;
12985}
12986
12987/*
12988 * Process a datamove request from the other controller.  This is used for
12989 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12990 * first.  Once that is complete, the data gets DMAed into the remote
12991 * controller's memory.  For reads, we DMA from the remote controller's
12992 * memory into our memory first, and then move it out to the FETD.
12993 */
12994static void
12995ctl_datamove_remote(union ctl_io *io)
12996{
12997	struct ctl_softc *softc;
12998
12999	softc = control_softc;
13000
13001	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
13002
13003	/*
13004	 * Note that we look for an aborted I/O here, but don't do some of
13005	 * the other checks that ctl_datamove() normally does.
13006	 * We don't need to run the datamove delay code, since that should
13007	 * have been done if need be on the other controller.
13008	 */
13009	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13010		printf("%s: tag 0x%04x on (%d:%d:%d:%d) aborted\n", __func__,
13011		       io->scsiio.tag_num, io->io_hdr.nexus.initid.id,
13012		       io->io_hdr.nexus.targ_port,
13013		       io->io_hdr.nexus.targ_target.id,
13014		       io->io_hdr.nexus.targ_lun);
13015		io->io_hdr.port_status = 31338;
13016		ctl_send_datamove_done(io, /*have_lock*/ 0);
13017		return;
13018	}
13019
13020	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT) {
13021		ctl_datamove_remote_write(io);
13022	} else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN){
13023		ctl_datamove_remote_read(io);
13024	} else {
13025		union ctl_ha_msg msg;
13026		struct scsi_sense_data *sense;
13027		uint8_t sks[3];
13028		int retry_count;
13029
13030		memset(&msg, 0, sizeof(msg));
13031
13032		msg.hdr.msg_type = CTL_MSG_BAD_JUJU;
13033		msg.hdr.status = CTL_SCSI_ERROR;
13034		msg.scsi.scsi_status = SCSI_STATUS_CHECK_COND;
13035
13036		retry_count = 4243;
13037
13038		sense = &msg.scsi.sense_data;
13039		sks[0] = SSD_SCS_VALID;
13040		sks[1] = (retry_count >> 8) & 0xff;
13041		sks[2] = retry_count & 0xff;
13042
13043		/* "Internal target failure" */
13044		scsi_set_sense_data(sense,
13045				    /*sense_format*/ SSD_TYPE_NONE,
13046				    /*current_error*/ 1,
13047				    /*sense_key*/ SSD_KEY_HARDWARE_ERROR,
13048				    /*asc*/ 0x44,
13049				    /*ascq*/ 0x00,
13050				    /*type*/ SSD_ELEM_SKS,
13051				    /*size*/ sizeof(sks),
13052				    /*data*/ sks,
13053				    SSD_ELEM_NONE);
13054
13055		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
13056		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13057			ctl_failover_io(io, /*have_lock*/ 1);
13058			return;
13059		}
13060
13061		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg), 0) >
13062		    CTL_HA_STATUS_SUCCESS) {
13063			/* XXX KDM what to do if this fails? */
13064		}
13065		return;
13066	}
13067
13068}
13069
13070static int
13071ctl_process_done(union ctl_io *io)
13072{
13073	struct ctl_lun *lun;
13074	struct ctl_softc *softc = control_softc;
13075	void (*fe_done)(union ctl_io *io);
13076	uint32_t targ_port = ctl_port_idx(io->io_hdr.nexus.targ_port);
13077
13078	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13079
13080	fe_done = softc->ctl_ports[targ_port]->fe_done;
13081
13082#ifdef CTL_TIME_IO
13083	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13084		char str[256];
13085		char path_str[64];
13086		struct sbuf sb;
13087
13088		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13089		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13090
13091		sbuf_cat(&sb, path_str);
13092		switch (io->io_hdr.io_type) {
13093		case CTL_IO_SCSI:
13094			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13095			sbuf_printf(&sb, "\n");
13096			sbuf_cat(&sb, path_str);
13097			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13098				    io->scsiio.tag_num, io->scsiio.tag_type);
13099			break;
13100		case CTL_IO_TASK:
13101			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13102				    "Tag Type: %d\n", io->taskio.task_action,
13103				    io->taskio.tag_num, io->taskio.tag_type);
13104			break;
13105		default:
13106			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13107			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13108			break;
13109		}
13110		sbuf_cat(&sb, path_str);
13111		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13112			    (intmax_t)time_uptime - io->io_hdr.start_time);
13113		sbuf_finish(&sb);
13114		printf("%s", sbuf_data(&sb));
13115	}
13116#endif /* CTL_TIME_IO */
13117
13118	switch (io->io_hdr.io_type) {
13119	case CTL_IO_SCSI:
13120		break;
13121	case CTL_IO_TASK:
13122		if (ctl_debug & CTL_DEBUG_INFO)
13123			ctl_io_error_print(io, NULL);
13124		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13125			ctl_free_io(io);
13126		else
13127			fe_done(io);
13128		return (CTL_RETVAL_COMPLETE);
13129	default:
13130		panic("ctl_process_done: invalid io type %d\n",
13131		      io->io_hdr.io_type);
13132		break; /* NOTREACHED */
13133	}
13134
13135	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13136	if (lun == NULL) {
13137		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13138				 io->io_hdr.nexus.targ_mapped_lun));
13139		goto bailout;
13140	}
13141
13142	mtx_lock(&lun->lun_lock);
13143
13144	/*
13145	 * Check to see if we have any errors to inject here.  We only
13146	 * inject errors for commands that don't already have errors set.
13147	 */
13148	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
13149	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13150	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13151		ctl_inject_error(lun, io);
13152
13153	/*
13154	 * XXX KDM how do we treat commands that aren't completed
13155	 * successfully?
13156	 *
13157	 * XXX KDM should we also track I/O latency?
13158	 */
13159	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13160	    io->io_hdr.io_type == CTL_IO_SCSI) {
13161#ifdef CTL_TIME_IO
13162		struct bintime cur_bt;
13163#endif
13164		int type;
13165
13166		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13167		    CTL_FLAG_DATA_IN)
13168			type = CTL_STATS_READ;
13169		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13170		    CTL_FLAG_DATA_OUT)
13171			type = CTL_STATS_WRITE;
13172		else
13173			type = CTL_STATS_NO_IO;
13174
13175		lun->stats.ports[targ_port].bytes[type] +=
13176		    io->scsiio.kern_total_len;
13177		lun->stats.ports[targ_port].operations[type]++;
13178#ifdef CTL_TIME_IO
13179		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13180		   &io->io_hdr.dma_bt);
13181		lun->stats.ports[targ_port].num_dmas[type] +=
13182		    io->io_hdr.num_dmas;
13183		getbintime(&cur_bt);
13184		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13185		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13186#endif
13187	}
13188
13189	/*
13190	 * Remove this from the OOA queue.
13191	 */
13192	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13193#ifdef CTL_TIME_IO
13194	if (TAILQ_EMPTY(&lun->ooa_queue))
13195		lun->last_busy = getsbinuptime();
13196#endif
13197
13198	/*
13199	 * Run through the blocked queue on this LUN and see if anything
13200	 * has become unblocked, now that this transaction is done.
13201	 */
13202	ctl_check_blocked(lun);
13203
13204	/*
13205	 * If the LUN has been invalidated, free it if there is nothing
13206	 * left on its OOA queue.
13207	 */
13208	if ((lun->flags & CTL_LUN_INVALID)
13209	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13210		mtx_unlock(&lun->lun_lock);
13211		mtx_lock(&softc->ctl_lock);
13212		ctl_free_lun(lun);
13213		mtx_unlock(&softc->ctl_lock);
13214	} else
13215		mtx_unlock(&lun->lun_lock);
13216
13217bailout:
13218
13219	/*
13220	 * If this command has been aborted, make sure we set the status
13221	 * properly.  The FETD is responsible for freeing the I/O and doing
13222	 * whatever it needs to do to clean up its state.
13223	 */
13224	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13225		ctl_set_task_aborted(&io->scsiio);
13226
13227	/*
13228	 * If enabled, print command error status.
13229	 */
13230	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13231	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13232		ctl_io_error_print(io, NULL);
13233
13234	/*
13235	 * Tell the FETD or the other shelf controller we're done with this
13236	 * command.  Note that only SCSI commands get to this point.  Task
13237	 * management commands are completed above.
13238	 *
13239	 * We only send status to the other controller if we're in XFER
13240	 * mode.  In SER_ONLY mode, the I/O is done on the controller that
13241	 * received the I/O (from CTL's perspective), and so the status is
13242	 * generated there.
13243	 *
13244	 * XXX KDM if we hold the lock here, we could cause a deadlock
13245	 * if the frontend comes back in in this context to queue
13246	 * something.
13247	 */
13248	if ((softc->ha_mode == CTL_HA_MODE_XFER)
13249	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13250		union ctl_ha_msg msg;
13251
13252		memset(&msg, 0, sizeof(msg));
13253		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13254		msg.hdr.original_sc = io->io_hdr.original_sc;
13255		msg.hdr.nexus = io->io_hdr.nexus;
13256		msg.hdr.status = io->io_hdr.status;
13257		msg.scsi.scsi_status = io->scsiio.scsi_status;
13258		msg.scsi.tag_num = io->scsiio.tag_num;
13259		msg.scsi.tag_type = io->scsiio.tag_type;
13260		msg.scsi.sense_len = io->scsiio.sense_len;
13261		msg.scsi.sense_residual = io->scsiio.sense_residual;
13262		msg.scsi.residual = io->scsiio.residual;
13263		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13264		       sizeof(io->scsiio.sense_data));
13265		/*
13266		 * We copy this whether or not this is an I/O-related
13267		 * command.  Otherwise, we'd have to go and check to see
13268		 * whether it's a read/write command, and it really isn't
13269		 * worth it.
13270		 */
13271		memcpy(&msg.scsi.lbalen,
13272		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
13273		       sizeof(msg.scsi.lbalen));
13274
13275		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13276				sizeof(msg), 0) > CTL_HA_STATUS_SUCCESS) {
13277			/* XXX do something here */
13278		}
13279
13280		ctl_free_io(io);
13281	} else
13282		fe_done(io);
13283
13284	return (CTL_RETVAL_COMPLETE);
13285}
13286
13287#ifdef CTL_WITH_CA
13288/*
13289 * Front end should call this if it doesn't do autosense.  When the request
13290 * sense comes back in from the initiator, we'll dequeue this and send it.
13291 */
13292int
13293ctl_queue_sense(union ctl_io *io)
13294{
13295	struct ctl_lun *lun;
13296	struct ctl_port *port;
13297	struct ctl_softc *softc;
13298	uint32_t initidx, targ_lun;
13299
13300	softc = control_softc;
13301
13302	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13303
13304	/*
13305	 * LUN lookup will likely move to the ctl_work_thread() once we
13306	 * have our new queueing infrastructure (that doesn't put things on
13307	 * a per-LUN queue initially).  That is so that we can handle
13308	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13309	 * can't deal with that right now.
13310	 */
13311	mtx_lock(&softc->ctl_lock);
13312
13313	/*
13314	 * If we don't have a LUN for this, just toss the sense
13315	 * information.
13316	 */
13317	port = ctl_io_port(&ctsio->io_hdr);
13318	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13319	if ((targ_lun < CTL_MAX_LUNS)
13320	 && (softc->ctl_luns[targ_lun] != NULL))
13321		lun = softc->ctl_luns[targ_lun];
13322	else
13323		goto bailout;
13324
13325	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13326
13327	mtx_lock(&lun->lun_lock);
13328	/*
13329	 * Already have CA set for this LUN...toss the sense information.
13330	 */
13331	if (ctl_is_set(lun->have_ca, initidx)) {
13332		mtx_unlock(&lun->lun_lock);
13333		goto bailout;
13334	}
13335
13336	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13337	       MIN(sizeof(lun->pending_sense[initidx]),
13338	       sizeof(io->scsiio.sense_data)));
13339	ctl_set_mask(lun->have_ca, initidx);
13340	mtx_unlock(&lun->lun_lock);
13341
13342bailout:
13343	mtx_unlock(&softc->ctl_lock);
13344
13345	ctl_free_io(io);
13346
13347	return (CTL_RETVAL_COMPLETE);
13348}
13349#endif
13350
13351/*
13352 * Primary command inlet from frontend ports.  All SCSI and task I/O
13353 * requests must go through this function.
13354 */
13355int
13356ctl_queue(union ctl_io *io)
13357{
13358	struct ctl_port *port;
13359
13360	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13361
13362#ifdef CTL_TIME_IO
13363	io->io_hdr.start_time = time_uptime;
13364	getbintime(&io->io_hdr.start_bt);
13365#endif /* CTL_TIME_IO */
13366
13367	/* Map FE-specific LUN ID into global one. */
13368	port = ctl_io_port(&io->io_hdr);
13369	io->io_hdr.nexus.targ_mapped_lun =
13370	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13371
13372	switch (io->io_hdr.io_type) {
13373	case CTL_IO_SCSI:
13374	case CTL_IO_TASK:
13375		if (ctl_debug & CTL_DEBUG_CDB)
13376			ctl_io_print(io);
13377		ctl_enqueue_incoming(io);
13378		break;
13379	default:
13380		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13381		return (EINVAL);
13382	}
13383
13384	return (CTL_RETVAL_COMPLETE);
13385}
13386
13387#ifdef CTL_IO_DELAY
13388static void
13389ctl_done_timer_wakeup(void *arg)
13390{
13391	union ctl_io *io;
13392
13393	io = (union ctl_io *)arg;
13394	ctl_done(io);
13395}
13396#endif /* CTL_IO_DELAY */
13397
13398void
13399ctl_done(union ctl_io *io)
13400{
13401
13402	/*
13403	 * Enable this to catch duplicate completion issues.
13404	 */
13405#if 0
13406	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13407		printf("%s: type %d msg %d cdb %x iptl: "
13408		       "%d:%d:%d:%d tag 0x%04x "
13409		       "flag %#x status %x\n",
13410			__func__,
13411			io->io_hdr.io_type,
13412			io->io_hdr.msg_type,
13413			io->scsiio.cdb[0],
13414			io->io_hdr.nexus.initid.id,
13415			io->io_hdr.nexus.targ_port,
13416			io->io_hdr.nexus.targ_target.id,
13417			io->io_hdr.nexus.targ_lun,
13418			(io->io_hdr.io_type ==
13419			CTL_IO_TASK) ?
13420			io->taskio.tag_num :
13421			io->scsiio.tag_num,
13422		        io->io_hdr.flags,
13423			io->io_hdr.status);
13424	} else
13425		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13426#endif
13427
13428	/*
13429	 * This is an internal copy of an I/O, and should not go through
13430	 * the normal done processing logic.
13431	 */
13432	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13433		return;
13434
13435	/*
13436	 * We need to send a msg to the serializing shelf to finish the IO
13437	 * as well.  We don't send a finish message to the other shelf if
13438	 * this is a task management command.  Task management commands
13439	 * aren't serialized in the OOA queue, but rather just executed on
13440	 * both shelf controllers for commands that originated on that
13441	 * controller.
13442	 */
13443	if ((io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)
13444	 && (io->io_hdr.io_type != CTL_IO_TASK)) {
13445		union ctl_ha_msg msg_io;
13446
13447		msg_io.hdr.msg_type = CTL_MSG_FINISH_IO;
13448		msg_io.hdr.serializing_sc = io->io_hdr.serializing_sc;
13449		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_io,
13450		    sizeof(msg_io), 0 ) != CTL_HA_STATUS_SUCCESS) {
13451		}
13452		/* continue on to finish IO */
13453	}
13454#ifdef CTL_IO_DELAY
13455	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13456		struct ctl_lun *lun;
13457
13458		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13459
13460		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13461	} else {
13462		struct ctl_lun *lun;
13463
13464		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13465
13466		if ((lun != NULL)
13467		 && (lun->delay_info.done_delay > 0)) {
13468			struct callout *callout;
13469
13470			callout = (struct callout *)&io->io_hdr.timer_bytes;
13471			callout_init(callout, /*mpsafe*/ 1);
13472			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13473			callout_reset(callout,
13474				      lun->delay_info.done_delay * hz,
13475				      ctl_done_timer_wakeup, io);
13476			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13477				lun->delay_info.done_delay = 0;
13478			return;
13479		}
13480	}
13481#endif /* CTL_IO_DELAY */
13482
13483	ctl_enqueue_done(io);
13484}
13485
13486int
13487ctl_isc(struct ctl_scsiio *ctsio)
13488{
13489	struct ctl_lun *lun;
13490	int retval;
13491
13492	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13493
13494	CTL_DEBUG_PRINT(("ctl_isc: command: %02x\n", ctsio->cdb[0]));
13495
13496	CTL_DEBUG_PRINT(("ctl_isc: calling data_submit()\n"));
13497
13498	retval = lun->backend->data_submit((union ctl_io *)ctsio);
13499
13500	return (retval);
13501}
13502
13503
13504static void
13505ctl_work_thread(void *arg)
13506{
13507	struct ctl_thread *thr = (struct ctl_thread *)arg;
13508	struct ctl_softc *softc = thr->ctl_softc;
13509	union ctl_io *io;
13510	int retval;
13511
13512	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13513
13514	for (;;) {
13515		retval = 0;
13516
13517		/*
13518		 * We handle the queues in this order:
13519		 * - ISC
13520		 * - done queue (to free up resources, unblock other commands)
13521		 * - RtR queue
13522		 * - incoming queue
13523		 *
13524		 * If those queues are empty, we break out of the loop and
13525		 * go to sleep.
13526		 */
13527		mtx_lock(&thr->queue_lock);
13528		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13529		if (io != NULL) {
13530			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13531			mtx_unlock(&thr->queue_lock);
13532			ctl_handle_isc(io);
13533			continue;
13534		}
13535		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13536		if (io != NULL) {
13537			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13538			/* clear any blocked commands, call fe_done */
13539			mtx_unlock(&thr->queue_lock);
13540			retval = ctl_process_done(io);
13541			continue;
13542		}
13543		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13544		if (io != NULL) {
13545			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13546			mtx_unlock(&thr->queue_lock);
13547			if (io->io_hdr.io_type == CTL_IO_TASK)
13548				ctl_run_task(io);
13549			else
13550				ctl_scsiio_precheck(softc, &io->scsiio);
13551			continue;
13552		}
13553		if (!ctl_pause_rtr) {
13554			io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13555			if (io != NULL) {
13556				STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13557				mtx_unlock(&thr->queue_lock);
13558				retval = ctl_scsiio(&io->scsiio);
13559				if (retval != CTL_RETVAL_COMPLETE)
13560					CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13561				continue;
13562			}
13563		}
13564
13565		/* Sleep until we have something to do. */
13566		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13567	}
13568}
13569
13570static void
13571ctl_lun_thread(void *arg)
13572{
13573	struct ctl_softc *softc = (struct ctl_softc *)arg;
13574	struct ctl_be_lun *be_lun;
13575	int retval;
13576
13577	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13578
13579	for (;;) {
13580		retval = 0;
13581		mtx_lock(&softc->ctl_lock);
13582		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13583		if (be_lun != NULL) {
13584			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13585			mtx_unlock(&softc->ctl_lock);
13586			ctl_create_lun(be_lun);
13587			continue;
13588		}
13589
13590		/* Sleep until we have something to do. */
13591		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13592		    PDROP | PRIBIO, "-", 0);
13593	}
13594}
13595
13596static void
13597ctl_thresh_thread(void *arg)
13598{
13599	struct ctl_softc *softc = (struct ctl_softc *)arg;
13600	struct ctl_lun *lun;
13601	struct ctl_be_lun *be_lun;
13602	struct scsi_da_rw_recovery_page *rwpage;
13603	struct ctl_logical_block_provisioning_page *page;
13604	const char *attr;
13605	uint64_t thres, val;
13606	int i, e;
13607
13608	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13609
13610	for (;;) {
13611		mtx_lock(&softc->ctl_lock);
13612		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13613			be_lun = lun->be_lun;
13614			if ((lun->flags & CTL_LUN_DISABLED) ||
13615			    (lun->flags & CTL_LUN_OFFLINE) ||
13616			    lun->backend->lun_attr == NULL)
13617				continue;
13618			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13619			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13620				continue;
13621			e = 0;
13622			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13623			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13624				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13625					continue;
13626				thres = scsi_4btoul(page->descr[i].count);
13627				thres <<= CTL_LBP_EXPONENT;
13628				switch (page->descr[i].resource) {
13629				case 0x01:
13630					attr = "blocksavail";
13631					break;
13632				case 0x02:
13633					attr = "blocksused";
13634					break;
13635				case 0xf1:
13636					attr = "poolblocksavail";
13637					break;
13638				case 0xf2:
13639					attr = "poolblocksused";
13640					break;
13641				default:
13642					continue;
13643				}
13644				mtx_unlock(&softc->ctl_lock); // XXX
13645				val = lun->backend->lun_attr(
13646				    lun->be_lun->be_lun, attr);
13647				mtx_lock(&softc->ctl_lock);
13648				if (val == UINT64_MAX)
13649					continue;
13650				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13651				    == SLBPPD_ARMING_INC)
13652					e |= (val >= thres);
13653				else
13654					e |= (val <= thres);
13655			}
13656			mtx_lock(&lun->lun_lock);
13657			if (e) {
13658				if (lun->lasttpt == 0 ||
13659				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13660					lun->lasttpt = time_uptime;
13661					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13662				}
13663			} else {
13664				lun->lasttpt = 0;
13665				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13666			}
13667			mtx_unlock(&lun->lun_lock);
13668		}
13669		mtx_unlock(&softc->ctl_lock);
13670		pause("-", CTL_LBP_PERIOD * hz);
13671	}
13672}
13673
13674static void
13675ctl_enqueue_incoming(union ctl_io *io)
13676{
13677	struct ctl_softc *softc = control_softc;
13678	struct ctl_thread *thr;
13679	u_int idx;
13680
13681	idx = (io->io_hdr.nexus.targ_port * 127 +
13682	       io->io_hdr.nexus.initid.id) % worker_threads;
13683	thr = &softc->threads[idx];
13684	mtx_lock(&thr->queue_lock);
13685	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13686	mtx_unlock(&thr->queue_lock);
13687	wakeup(thr);
13688}
13689
13690static void
13691ctl_enqueue_rtr(union ctl_io *io)
13692{
13693	struct ctl_softc *softc = control_softc;
13694	struct ctl_thread *thr;
13695
13696	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13697	mtx_lock(&thr->queue_lock);
13698	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13699	mtx_unlock(&thr->queue_lock);
13700	wakeup(thr);
13701}
13702
13703static void
13704ctl_enqueue_done(union ctl_io *io)
13705{
13706	struct ctl_softc *softc = control_softc;
13707	struct ctl_thread *thr;
13708
13709	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13710	mtx_lock(&thr->queue_lock);
13711	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13712	mtx_unlock(&thr->queue_lock);
13713	wakeup(thr);
13714}
13715
13716#ifdef notyet
13717static void
13718ctl_enqueue_isc(union ctl_io *io)
13719{
13720	struct ctl_softc *softc = control_softc;
13721	struct ctl_thread *thr;
13722
13723	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13724	mtx_lock(&thr->queue_lock);
13725	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13726	mtx_unlock(&thr->queue_lock);
13727	wakeup(thr);
13728}
13729
13730/* Initialization and failover */
13731
13732void
13733ctl_init_isc_msg(void)
13734{
13735	printf("CTL: Still calling this thing\n");
13736}
13737
13738/*
13739 * Init component
13740 * 	Initializes component into configuration defined by bootMode
13741 *	(see hasc-sv.c)
13742 *  	returns hasc_Status:
13743 * 		OK
13744 *		ERROR - fatal error
13745 */
13746static ctl_ha_comp_status
13747ctl_isc_init(struct ctl_ha_component *c)
13748{
13749	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13750
13751	c->status = ret;
13752	return ret;
13753}
13754
13755/* Start component
13756 * 	Starts component in state requested. If component starts successfully,
13757 *	it must set its own state to the requestrd state
13758 *	When requested state is HASC_STATE_HA, the component may refine it
13759 * 	by adding _SLAVE or _MASTER flags.
13760 *	Currently allowed state transitions are:
13761 *	UNKNOWN->HA		- initial startup
13762 *	UNKNOWN->SINGLE - initial startup when no parter detected
13763 *	HA->SINGLE		- failover
13764 * returns ctl_ha_comp_status:
13765 * 		OK	- component successfully started in requested state
13766 *		FAILED  - could not start the requested state, failover may
13767 * 			  be possible
13768 *		ERROR	- fatal error detected, no future startup possible
13769 */
13770static ctl_ha_comp_status
13771ctl_isc_start(struct ctl_ha_component *c, ctl_ha_state state)
13772{
13773	ctl_ha_comp_status ret = CTL_HA_COMP_STATUS_OK;
13774
13775	printf("%s: go\n", __func__);
13776
13777	// UNKNOWN->HA or UNKNOWN->SINGLE (bootstrap)
13778	if (c->state == CTL_HA_STATE_UNKNOWN ) {
13779		control_softc->is_single = 0;
13780		if (ctl_ha_msg_create(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
13781		    != CTL_HA_STATUS_SUCCESS) {
13782			printf("ctl_isc_start: ctl_ha_msg_create failed.\n");
13783			ret = CTL_HA_COMP_STATUS_ERROR;
13784		}
13785	} else if (CTL_HA_STATE_IS_HA(c->state)
13786		&& CTL_HA_STATE_IS_SINGLE(state)){
13787		// HA->SINGLE transition
13788	        ctl_failover();
13789		control_softc->is_single = 1;
13790	} else {
13791		printf("ctl_isc_start:Invalid state transition %X->%X\n",
13792		       c->state, state);
13793		ret = CTL_HA_COMP_STATUS_ERROR;
13794	}
13795	if (CTL_HA_STATE_IS_SINGLE(state))
13796		control_softc->is_single = 1;
13797
13798	c->state = state;
13799	c->status = ret;
13800	return ret;
13801}
13802
13803/*
13804 * Quiesce component
13805 * The component must clear any error conditions (set status to OK) and
13806 * prepare itself to another Start call
13807 * returns ctl_ha_comp_status:
13808 * 	OK
13809 *	ERROR
13810 */
13811static ctl_ha_comp_status
13812ctl_isc_quiesce(struct ctl_ha_component *c)
13813{
13814	int ret = CTL_HA_COMP_STATUS_OK;
13815
13816	ctl_pause_rtr = 1;
13817	c->status = ret;
13818	return ret;
13819}
13820
13821struct ctl_ha_component ctl_ha_component_ctlisc =
13822{
13823	.name = "CTL ISC",
13824	.state = CTL_HA_STATE_UNKNOWN,
13825	.init = ctl_isc_init,
13826	.start = ctl_isc_start,
13827	.quiesce = ctl_isc_quiesce
13828};
13829#endif
13830
13831/*
13832 *  vim: ts=8
13833 */
13834