ctl.c revision 287621 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 287621 2015-09-10 12:40:31Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264const static struct scsi_info_exceptions_page ie_page_default = {
265	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
266	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
267	/*info_flags*/SIEP_FLAGS_DEXCPT,
268	/*mrie*/0,
269	/*interval_timer*/{0, 0, 0, 0},
270	/*report_count*/{0, 0, 0, 0}
271};
272
273const static struct scsi_info_exceptions_page ie_page_changeable = {
274	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
275	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
276	/*info_flags*/0,
277	/*mrie*/0,
278	/*interval_timer*/{0, 0, 0, 0},
279	/*report_count*/{0, 0, 0, 0}
280};
281
282#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
283
284const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
286	/*subpage_code*/0x02,
287	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
288	/*flags*/0,
289	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
290	/*descr*/{}},
291	{{/*flags*/0,
292	  /*resource*/0x01,
293	  /*reserved*/{0, 0},
294	  /*count*/{0, 0, 0, 0}},
295	 {/*flags*/0,
296	  /*resource*/0x02,
297	  /*reserved*/{0, 0},
298	  /*count*/{0, 0, 0, 0}},
299	 {/*flags*/0,
300	  /*resource*/0xf1,
301	  /*reserved*/{0, 0},
302	  /*count*/{0, 0, 0, 0}},
303	 {/*flags*/0,
304	  /*resource*/0xf2,
305	  /*reserved*/{0, 0},
306	  /*count*/{0, 0, 0, 0}}
307	}
308};
309
310const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
311	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
312	/*subpage_code*/0x02,
313	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
314	/*flags*/0,
315	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
316	/*descr*/{}},
317	{{/*flags*/0,
318	  /*resource*/0,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}},
325	 {/*flags*/0,
326	  /*resource*/0,
327	  /*reserved*/{0, 0},
328	  /*count*/{0, 0, 0, 0}},
329	 {/*flags*/0,
330	  /*resource*/0,
331	  /*reserved*/{0, 0},
332	  /*count*/{0, 0, 0, 0}}
333	}
334};
335
336SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
337static int worker_threads = -1;
338SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
339    &worker_threads, 1, "Number of worker threads");
340static int ctl_debug = CTL_DEBUG_NONE;
341SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
342    &ctl_debug, 0, "Enabled debug flags");
343
344/*
345 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
346 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
347 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
348 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
349 */
350#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
351
352static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
353				  int param);
354static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
355static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
356static int ctl_init(void);
357void ctl_shutdown(void);
358static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
359static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
360static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
361static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
362			      struct ctl_ooa *ooa_hdr,
363			      struct ctl_ooa_entry *kern_entries);
364static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
365		     struct thread *td);
366static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
367			 struct ctl_be_lun *be_lun);
368static int ctl_free_lun(struct ctl_lun *lun);
369static void ctl_create_lun(struct ctl_be_lun *be_lun);
370static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
371
372static int ctl_do_mode_select(union ctl_io *io);
373static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
374			   uint64_t res_key, uint64_t sa_res_key,
375			   uint8_t type, uint32_t residx,
376			   struct ctl_scsiio *ctsio,
377			   struct scsi_per_res_out *cdb,
378			   struct scsi_per_res_out_parms* param);
379static void ctl_pro_preempt_other(struct ctl_lun *lun,
380				  union ctl_ha_msg *msg);
381static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
382static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
383static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
384static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
385static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
386static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
387static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
388					 int alloc_len);
389static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
390					 int alloc_len);
391static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
392static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
393static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
394static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
395static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
396static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
397    bool seq);
398static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
399static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
400    union ctl_io *pending_io, union ctl_io *ooa_io);
401static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
402				union ctl_io *starting_io);
403static int ctl_check_blocked(struct ctl_lun *lun);
404static int ctl_scsiio_lun_check(struct ctl_lun *lun,
405				const struct ctl_cmd_entry *entry,
406				struct ctl_scsiio *ctsio);
407static void ctl_failover_lun(struct ctl_lun *lun);
408static void ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua);
409static void ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua);
410static void ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua);
411static void ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua);
412static void ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
413			 ctl_ua_type ua_type);
414static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
415			       struct ctl_scsiio *ctsio);
416static int ctl_scsiio(struct ctl_scsiio *ctsio);
417
418static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
419static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
420			    ctl_ua_type ua_type);
421static int ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io,
422			 ctl_ua_type ua_type);
423static int ctl_abort_task(union ctl_io *io);
424static int ctl_abort_task_set(union ctl_io *io);
425static int ctl_i_t_nexus_reset(union ctl_io *io);
426static void ctl_run_task(union ctl_io *io);
427#ifdef CTL_IO_DELAY
428static void ctl_datamove_timer_wakeup(void *arg);
429static void ctl_done_timer_wakeup(void *arg);
430#endif /* CTL_IO_DELAY */
431
432static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
433static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
434static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
435static void ctl_datamove_remote_write(union ctl_io *io);
436static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
437static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
438static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
439static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
440				    ctl_ha_dt_cb callback);
441static void ctl_datamove_remote_read(union ctl_io *io);
442static void ctl_datamove_remote(union ctl_io *io);
443static int ctl_process_done(union ctl_io *io);
444static void ctl_lun_thread(void *arg);
445static void ctl_thresh_thread(void *arg);
446static void ctl_work_thread(void *arg);
447static void ctl_enqueue_incoming(union ctl_io *io);
448static void ctl_enqueue_rtr(union ctl_io *io);
449static void ctl_enqueue_done(union ctl_io *io);
450static void ctl_enqueue_isc(union ctl_io *io);
451static const struct ctl_cmd_entry *
452    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
453static const struct ctl_cmd_entry *
454    ctl_validate_command(struct ctl_scsiio *ctsio);
455static int ctl_cmd_applicable(uint8_t lun_type,
456    const struct ctl_cmd_entry *entry);
457
458static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
459static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
460static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
461static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
462
463/*
464 * Load the serialization table.  This isn't very pretty, but is probably
465 * the easiest way to do it.
466 */
467#include "ctl_ser_table.c"
468
469/*
470 * We only need to define open, close and ioctl routines for this driver.
471 */
472static struct cdevsw ctl_cdevsw = {
473	.d_version =	D_VERSION,
474	.d_flags =	0,
475	.d_open =	ctl_open,
476	.d_close =	ctl_close,
477	.d_ioctl =	ctl_ioctl,
478	.d_name =	"ctl",
479};
480
481
482MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
483
484static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
485
486static moduledata_t ctl_moduledata = {
487	"ctl",
488	ctl_module_event_handler,
489	NULL
490};
491
492DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
493MODULE_VERSION(ctl, 1);
494
495static struct ctl_frontend ha_frontend =
496{
497	.name = "ha",
498};
499
500static void
501ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
502			    union ctl_ha_msg *msg_info)
503{
504	struct ctl_scsiio *ctsio;
505
506	if (msg_info->hdr.original_sc == NULL) {
507		printf("%s: original_sc == NULL!\n", __func__);
508		/* XXX KDM now what? */
509		return;
510	}
511
512	ctsio = &msg_info->hdr.original_sc->scsiio;
513	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
514	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
515	ctsio->io_hdr.status = msg_info->hdr.status;
516	ctsio->scsi_status = msg_info->scsi.scsi_status;
517	ctsio->sense_len = msg_info->scsi.sense_len;
518	ctsio->sense_residual = msg_info->scsi.sense_residual;
519	ctsio->residual = msg_info->scsi.residual;
520	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
521	       msg_info->scsi.sense_len);
522	memcpy(&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
523	       &msg_info->scsi.lbalen, sizeof(msg_info->scsi.lbalen));
524	ctl_enqueue_isc((union ctl_io *)ctsio);
525}
526
527static void
528ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
529				union ctl_ha_msg *msg_info)
530{
531	struct ctl_scsiio *ctsio;
532
533	if (msg_info->hdr.serializing_sc == NULL) {
534		printf("%s: serializing_sc == NULL!\n", __func__);
535		/* XXX KDM now what? */
536		return;
537	}
538
539	ctsio = &msg_info->hdr.serializing_sc->scsiio;
540	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
541	ctl_enqueue_isc((union ctl_io *)ctsio);
542}
543
544void
545ctl_isc_announce_lun(struct ctl_lun *lun)
546{
547	struct ctl_softc *softc = lun->ctl_softc;
548	union ctl_ha_msg *msg;
549	struct ctl_ha_msg_lun_pr_key pr_key;
550	int i, k;
551
552	if (softc->ha_link != CTL_HA_LINK_ONLINE)
553		return;
554	mtx_lock(&lun->lun_lock);
555	i = sizeof(msg->lun);
556	if (lun->lun_devid)
557		i += lun->lun_devid->len;
558	i += sizeof(pr_key) * lun->pr_key_count;
559alloc:
560	mtx_unlock(&lun->lun_lock);
561	msg = malloc(i, M_CTL, M_WAITOK);
562	mtx_lock(&lun->lun_lock);
563	k = sizeof(msg->lun);
564	if (lun->lun_devid)
565		k += lun->lun_devid->len;
566	k += sizeof(pr_key) * lun->pr_key_count;
567	if (i < k) {
568		free(msg, M_CTL);
569		i = k;
570		goto alloc;
571	}
572	bzero(&msg->lun, sizeof(msg->lun));
573	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
574	msg->hdr.nexus.targ_lun = lun->lun;
575	msg->hdr.nexus.targ_mapped_lun = lun->lun;
576	msg->lun.flags = lun->flags;
577	msg->lun.pr_generation = lun->PRGeneration;
578	msg->lun.pr_res_idx = lun->pr_res_idx;
579	msg->lun.pr_res_type = lun->res_type;
580	msg->lun.pr_key_count = lun->pr_key_count;
581	i = 0;
582	if (lun->lun_devid) {
583		msg->lun.lun_devid_len = lun->lun_devid->len;
584		memcpy(&msg->lun.data[i], lun->lun_devid->data,
585		    msg->lun.lun_devid_len);
586		i += msg->lun.lun_devid_len;
587	}
588	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
589		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
590			continue;
591		pr_key.pr_iid = k;
592		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
593		i += sizeof(pr_key);
594	}
595	mtx_unlock(&lun->lun_lock);
596	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
597	    M_WAITOK);
598	free(msg, M_CTL);
599}
600
601void
602ctl_isc_announce_port(struct ctl_port *port)
603{
604	struct ctl_softc *softc = control_softc;
605	union ctl_ha_msg *msg;
606	int i;
607
608	if (port->targ_port < softc->port_min ||
609	    port->targ_port >= softc->port_max ||
610	    softc->ha_link != CTL_HA_LINK_ONLINE)
611		return;
612	i = sizeof(msg->port) + strlen(port->port_name) + 1;
613	if (port->lun_map)
614		i += sizeof(uint32_t) * CTL_MAX_LUNS;
615	if (port->port_devid)
616		i += port->port_devid->len;
617	if (port->target_devid)
618		i += port->target_devid->len;
619	msg = malloc(i, M_CTL, M_WAITOK);
620	bzero(&msg->port, sizeof(msg->port));
621	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
622	msg->hdr.nexus.targ_port = port->targ_port;
623	msg->port.port_type = port->port_type;
624	msg->port.physical_port = port->physical_port;
625	msg->port.virtual_port = port->virtual_port;
626	msg->port.status = port->status;
627	i = 0;
628	msg->port.name_len = sprintf(&msg->port.data[i],
629	    "%d:%s", softc->ha_id, port->port_name) + 1;
630	i += msg->port.name_len;
631	if (port->lun_map) {
632		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
633		memcpy(&msg->port.data[i], port->lun_map,
634		    msg->port.lun_map_len);
635		i += msg->port.lun_map_len;
636	}
637	if (port->port_devid) {
638		msg->port.port_devid_len = port->port_devid->len;
639		memcpy(&msg->port.data[i], port->port_devid->data,
640		    msg->port.port_devid_len);
641		i += msg->port.port_devid_len;
642	}
643	if (port->target_devid) {
644		msg->port.target_devid_len = port->target_devid->len;
645		memcpy(&msg->port.data[i], port->target_devid->data,
646		    msg->port.target_devid_len);
647		i += msg->port.target_devid_len;
648	}
649	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
650	    M_WAITOK);
651	free(msg, M_CTL);
652}
653
654static void
655ctl_isc_ha_link_up(struct ctl_softc *softc)
656{
657	struct ctl_port *port;
658	struct ctl_lun *lun;
659
660	STAILQ_FOREACH(port, &softc->port_list, links)
661		ctl_isc_announce_port(port);
662	STAILQ_FOREACH(lun, &softc->lun_list, links)
663		ctl_isc_announce_lun(lun);
664}
665
666static void
667ctl_isc_ha_link_down(struct ctl_softc *softc)
668{
669	struct ctl_port *port;
670	struct ctl_lun *lun;
671	union ctl_io *io;
672
673	mtx_lock(&softc->ctl_lock);
674	STAILQ_FOREACH(lun, &softc->lun_list, links) {
675		mtx_lock(&lun->lun_lock);
676		lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
677		mtx_unlock(&lun->lun_lock);
678
679		mtx_unlock(&softc->ctl_lock);
680		io = ctl_alloc_io(softc->othersc_pool);
681		mtx_lock(&softc->ctl_lock);
682		ctl_zero_io(io);
683		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
684		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
685		ctl_enqueue_isc(io);
686	}
687
688	STAILQ_FOREACH(port, &softc->port_list, links) {
689		if (port->targ_port >= softc->port_min &&
690		    port->targ_port < softc->port_max)
691			continue;
692		port->status &= ~CTL_PORT_STATUS_ONLINE;
693	}
694	mtx_unlock(&softc->ctl_lock);
695}
696
697static void
698ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
699{
700	struct ctl_lun *lun;
701	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
702
703	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
704	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_lun]) != NULL) {
705		if (msg->ua.ua_all) {
706			if (msg->ua.ua_set)
707				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
708			else
709				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
710		} else {
711			if (msg->ua.ua_set)
712				ctl_est_ua(lun, iid, msg->ua.ua_type);
713			else
714				ctl_clr_ua(lun, iid, msg->ua.ua_type);
715		}
716	}
717}
718
719static void
720ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
721{
722	struct ctl_lun *lun;
723	struct ctl_ha_msg_lun_pr_key pr_key;
724	int i, k;
725
726	lun = softc->ctl_luns[msg->hdr.nexus.targ_lun];
727	if (lun == NULL) {
728		CTL_DEBUG_PRINT(("%s: Unknown LUN %d\n", __func__,
729		    msg->hdr.nexus.targ_lun));
730	} else {
731		mtx_lock(&lun->lun_lock);
732		i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
733		if (msg->lun.lun_devid_len != i || (i > 0 &&
734		    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
735			mtx_unlock(&lun->lun_lock);
736			printf("%s: Received conflicting HA LUN %d\n",
737			    __func__, msg->hdr.nexus.targ_lun);
738			return;
739		} else {
740			/* Record whether peer is primary. */
741			if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
742			    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
743				lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
744			else
745				lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
746
747			/* If peer is primary and we are not -- use data */
748			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
749			    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
750				lun->PRGeneration = msg->lun.pr_generation;
751				lun->pr_res_idx = msg->lun.pr_res_idx;
752				lun->res_type = msg->lun.pr_res_type;
753				lun->pr_key_count = msg->lun.pr_key_count;
754				for (k = 0; k < CTL_MAX_INITIATORS; k++)
755					ctl_clr_prkey(lun, k);
756				for (k = 0; k < msg->lun.pr_key_count; k++) {
757					memcpy(&pr_key, &msg->lun.data[i],
758					    sizeof(pr_key));
759					ctl_alloc_prkey(lun, pr_key.pr_iid);
760					ctl_set_prkey(lun, pr_key.pr_iid,
761					    pr_key.pr_key);
762					i += sizeof(pr_key);
763				}
764			}
765
766			mtx_unlock(&lun->lun_lock);
767			CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
768			    __func__, msg->hdr.nexus.targ_lun,
769			    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
770			    "primary" : "secondary"));
771
772			/* If we are primary but peer doesn't know -- notify */
773			if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
774			    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
775				ctl_isc_announce_lun(lun);
776		}
777	}
778}
779
780static void
781ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
782{
783	struct ctl_port *port;
784	int i, new;
785
786	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
787	if (port == NULL) {
788		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
789		    msg->hdr.nexus.targ_port));
790		new = 1;
791		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
792		port->frontend = &ha_frontend;
793		port->targ_port = msg->hdr.nexus.targ_port;
794	} else if (port->frontend == &ha_frontend) {
795		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
796		    msg->hdr.nexus.targ_port));
797		new = 0;
798	} else {
799		printf("%s: Received conflicting HA port %d\n",
800		    __func__, msg->hdr.nexus.targ_port);
801		return;
802	}
803	port->port_type = msg->port.port_type;
804	port->physical_port = msg->port.physical_port;
805	port->virtual_port = msg->port.virtual_port;
806	port->status = msg->port.status;
807	i = 0;
808	free(port->port_name, M_CTL);
809	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
810	    M_CTL);
811	i += msg->port.name_len;
812	if (msg->port.lun_map_len != 0) {
813		if (port->lun_map == NULL)
814			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
815			    M_CTL, M_WAITOK);
816		memcpy(port->lun_map, &msg->port.data[i],
817		    sizeof(uint32_t) * CTL_MAX_LUNS);
818		i += msg->port.lun_map_len;
819	} else {
820		free(port->lun_map, M_CTL);
821		port->lun_map = NULL;
822	}
823	if (msg->port.port_devid_len != 0) {
824		if (port->port_devid == NULL ||
825		    port->port_devid->len != msg->port.port_devid_len) {
826			free(port->port_devid, M_CTL);
827			port->port_devid = malloc(sizeof(struct ctl_devid) +
828			    msg->port.port_devid_len, M_CTL, M_WAITOK);
829		}
830		memcpy(port->port_devid->data, &msg->port.data[i],
831		    msg->port.port_devid_len);
832		port->port_devid->len = msg->port.port_devid_len;
833		i += msg->port.port_devid_len;
834	} else {
835		free(port->port_devid, M_CTL);
836		port->port_devid = NULL;
837	}
838	if (msg->port.target_devid_len != 0) {
839		if (port->target_devid == NULL ||
840		    port->target_devid->len != msg->port.target_devid_len) {
841			free(port->target_devid, M_CTL);
842			port->target_devid = malloc(sizeof(struct ctl_devid) +
843			    msg->port.target_devid_len, M_CTL, M_WAITOK);
844		}
845		memcpy(port->target_devid->data, &msg->port.data[i],
846		    msg->port.target_devid_len);
847		port->target_devid->len = msg->port.target_devid_len;
848		i += msg->port.target_devid_len;
849	} else {
850		free(port->port_devid, M_CTL);
851		port->port_devid = NULL;
852	}
853	if (new) {
854		if (ctl_port_register(port) != 0) {
855			printf("%s: ctl_port_register() failed with error\n",
856			    __func__);
857		}
858	}
859}
860
861/*
862 * ISC (Inter Shelf Communication) event handler.  Events from the HA
863 * subsystem come in here.
864 */
865static void
866ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
867{
868	struct ctl_softc *softc;
869	union ctl_io *io;
870	struct ctl_prio *presio;
871	ctl_ha_status isc_status;
872
873	softc = control_softc;
874	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
875	if (event == CTL_HA_EVT_MSG_RECV) {
876		union ctl_ha_msg *msg, msgbuf;
877
878		if (param > sizeof(msgbuf))
879			msg = malloc(param, M_CTL, M_WAITOK);
880		else
881			msg = &msgbuf;
882		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
883		    M_WAITOK);
884		if (isc_status != CTL_HA_STATUS_SUCCESS) {
885			printf("%s: Error receiving message: %d\n",
886			    __func__, isc_status);
887			if (msg != &msgbuf)
888				free(msg, M_CTL);
889			return;
890		}
891
892		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
893		switch (msg->hdr.msg_type) {
894		case CTL_MSG_SERIALIZE:
895			io = ctl_alloc_io(softc->othersc_pool);
896			ctl_zero_io(io);
897			// populate ctsio from msg
898			io->io_hdr.io_type = CTL_IO_SCSI;
899			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
900			io->io_hdr.original_sc = msg->hdr.original_sc;
901			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
902					    CTL_FLAG_IO_ACTIVE;
903			/*
904			 * If we're in serialization-only mode, we don't
905			 * want to go through full done processing.  Thus
906			 * the COPY flag.
907			 *
908			 * XXX KDM add another flag that is more specific.
909			 */
910			if (softc->ha_mode != CTL_HA_MODE_XFER)
911				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
912			io->io_hdr.nexus = msg->hdr.nexus;
913#if 0
914			printf("port %u, iid %u, lun %u\n",
915			       io->io_hdr.nexus.targ_port,
916			       io->io_hdr.nexus.initid,
917			       io->io_hdr.nexus.targ_lun);
918#endif
919			io->scsiio.tag_num = msg->scsi.tag_num;
920			io->scsiio.tag_type = msg->scsi.tag_type;
921#ifdef CTL_TIME_IO
922			io->io_hdr.start_time = time_uptime;
923			getbintime(&io->io_hdr.start_bt);
924#endif /* CTL_TIME_IO */
925			io->scsiio.cdb_len = msg->scsi.cdb_len;
926			memcpy(io->scsiio.cdb, msg->scsi.cdb,
927			       CTL_MAX_CDBLEN);
928			if (softc->ha_mode == CTL_HA_MODE_XFER) {
929				const struct ctl_cmd_entry *entry;
930
931				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
932				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
933				io->io_hdr.flags |=
934					entry->flags & CTL_FLAG_DATA_MASK;
935			}
936			ctl_enqueue_isc(io);
937			break;
938
939		/* Performed on the Originating SC, XFER mode only */
940		case CTL_MSG_DATAMOVE: {
941			struct ctl_sg_entry *sgl;
942			int i, j;
943
944			io = msg->hdr.original_sc;
945			if (io == NULL) {
946				printf("%s: original_sc == NULL!\n", __func__);
947				/* XXX KDM do something here */
948				break;
949			}
950			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
951			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
952			/*
953			 * Keep track of this, we need to send it back over
954			 * when the datamove is complete.
955			 */
956			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
957
958			if (msg->dt.sg_sequence == 0) {
959				i = msg->dt.kern_sg_entries +
960				    io->scsiio.kern_data_len /
961				    CTL_HA_DATAMOVE_SEGMENT + 1;
962				sgl = malloc(sizeof(*sgl) * i, M_CTL,
963				    M_WAITOK | M_ZERO);
964				io->io_hdr.remote_sglist = sgl;
965				io->io_hdr.local_sglist =
966				    &sgl[msg->dt.kern_sg_entries];
967
968				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
969
970				io->scsiio.kern_sg_entries =
971					msg->dt.kern_sg_entries;
972				io->scsiio.rem_sg_entries =
973					msg->dt.kern_sg_entries;
974				io->scsiio.kern_data_len =
975					msg->dt.kern_data_len;
976				io->scsiio.kern_total_len =
977					msg->dt.kern_total_len;
978				io->scsiio.kern_data_resid =
979					msg->dt.kern_data_resid;
980				io->scsiio.kern_rel_offset =
981					msg->dt.kern_rel_offset;
982				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
983				io->io_hdr.flags |= msg->dt.flags &
984				    CTL_FLAG_BUS_ADDR;
985			} else
986				sgl = (struct ctl_sg_entry *)
987					io->scsiio.kern_data_ptr;
988
989			for (i = msg->dt.sent_sg_entries, j = 0;
990			     i < (msg->dt.sent_sg_entries +
991			     msg->dt.cur_sg_entries); i++, j++) {
992				sgl[i].addr = msg->dt.sg_list[j].addr;
993				sgl[i].len = msg->dt.sg_list[j].len;
994
995#if 0
996				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
997				       __func__,
998				       msg->dt.sg_list[j].addr,
999				       msg->dt.sg_list[j].len,
1000				       sgl[i].addr, sgl[i].len, j, i);
1001#endif
1002			}
1003
1004			/*
1005			 * If this is the last piece of the I/O, we've got
1006			 * the full S/G list.  Queue processing in the thread.
1007			 * Otherwise wait for the next piece.
1008			 */
1009			if (msg->dt.sg_last != 0)
1010				ctl_enqueue_isc(io);
1011			break;
1012		}
1013		/* Performed on the Serializing (primary) SC, XFER mode only */
1014		case CTL_MSG_DATAMOVE_DONE: {
1015			if (msg->hdr.serializing_sc == NULL) {
1016				printf("%s: serializing_sc == NULL!\n",
1017				       __func__);
1018				/* XXX KDM now what? */
1019				break;
1020			}
1021			/*
1022			 * We grab the sense information here in case
1023			 * there was a failure, so we can return status
1024			 * back to the initiator.
1025			 */
1026			io = msg->hdr.serializing_sc;
1027			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1028			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1029			io->io_hdr.port_status = msg->scsi.fetd_status;
1030			io->scsiio.residual = msg->scsi.residual;
1031			if (msg->hdr.status != CTL_STATUS_NONE) {
1032				io->io_hdr.status = msg->hdr.status;
1033				io->scsiio.scsi_status = msg->scsi.scsi_status;
1034				io->scsiio.sense_len = msg->scsi.sense_len;
1035				io->scsiio.sense_residual =msg->scsi.sense_residual;
1036				memcpy(&io->scsiio.sense_data,
1037				    &msg->scsi.sense_data,
1038				    msg->scsi.sense_len);
1039			}
1040			ctl_enqueue_isc(io);
1041			break;
1042		}
1043
1044		/* Preformed on Originating SC, SER_ONLY mode */
1045		case CTL_MSG_R2R:
1046			io = msg->hdr.original_sc;
1047			if (io == NULL) {
1048				printf("%s: original_sc == NULL!\n",
1049				    __func__);
1050				break;
1051			}
1052			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1053			io->io_hdr.msg_type = CTL_MSG_R2R;
1054			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1055			ctl_enqueue_isc(io);
1056			break;
1057
1058		/*
1059		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1060		 * mode.
1061		 * Performed on the Originating (i.e. secondary) SC in XFER
1062		 * mode
1063		 */
1064		case CTL_MSG_FINISH_IO:
1065			if (softc->ha_mode == CTL_HA_MODE_XFER)
1066				ctl_isc_handler_finish_xfer(softc, msg);
1067			else
1068				ctl_isc_handler_finish_ser_only(softc, msg);
1069			break;
1070
1071		/* Preformed on Originating SC */
1072		case CTL_MSG_BAD_JUJU:
1073			io = msg->hdr.original_sc;
1074			if (io == NULL) {
1075				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1076				       __func__);
1077				break;
1078			}
1079			ctl_copy_sense_data(msg, io);
1080			/*
1081			 * IO should have already been cleaned up on other
1082			 * SC so clear this flag so we won't send a message
1083			 * back to finish the IO there.
1084			 */
1085			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1086			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1087
1088			/* io = msg->hdr.serializing_sc; */
1089			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1090			ctl_enqueue_isc(io);
1091			break;
1092
1093		/* Handle resets sent from the other side */
1094		case CTL_MSG_MANAGE_TASKS: {
1095			struct ctl_taskio *taskio;
1096			taskio = (struct ctl_taskio *)ctl_alloc_io(
1097			    softc->othersc_pool);
1098			ctl_zero_io((union ctl_io *)taskio);
1099			taskio->io_hdr.io_type = CTL_IO_TASK;
1100			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1101			taskio->io_hdr.nexus = msg->hdr.nexus;
1102			taskio->task_action = msg->task.task_action;
1103			taskio->tag_num = msg->task.tag_num;
1104			taskio->tag_type = msg->task.tag_type;
1105#ifdef CTL_TIME_IO
1106			taskio->io_hdr.start_time = time_uptime;
1107			getbintime(&taskio->io_hdr.start_bt);
1108#endif /* CTL_TIME_IO */
1109			ctl_run_task((union ctl_io *)taskio);
1110			break;
1111		}
1112		/* Persistent Reserve action which needs attention */
1113		case CTL_MSG_PERS_ACTION:
1114			presio = (struct ctl_prio *)ctl_alloc_io(
1115			    softc->othersc_pool);
1116			ctl_zero_io((union ctl_io *)presio);
1117			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1118			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1119			presio->io_hdr.nexus = msg->hdr.nexus;
1120			presio->pr_msg = msg->pr;
1121			ctl_enqueue_isc((union ctl_io *)presio);
1122			break;
1123		case CTL_MSG_UA:
1124			ctl_isc_ua(softc, msg, param);
1125			break;
1126		case CTL_MSG_PORT_SYNC:
1127			ctl_isc_port_sync(softc, msg, param);
1128			break;
1129		case CTL_MSG_LUN_SYNC:
1130			ctl_isc_lun_sync(softc, msg, param);
1131			break;
1132		default:
1133			printf("Received HA message of unknown type %d\n",
1134			    msg->hdr.msg_type);
1135			break;
1136		}
1137		if (msg != &msgbuf)
1138			free(msg, M_CTL);
1139	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1140		printf("CTL: HA link status changed from %d to %d\n",
1141		    softc->ha_link, param);
1142		if (param == softc->ha_link)
1143			return;
1144		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1145			softc->ha_link = param;
1146			ctl_isc_ha_link_down(softc);
1147		} else {
1148			softc->ha_link = param;
1149			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1150				ctl_isc_ha_link_up(softc);
1151		}
1152		return;
1153	} else {
1154		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1155		return;
1156	}
1157}
1158
1159static void
1160ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1161{
1162
1163	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1164	    src->scsi.sense_len);
1165	dest->scsiio.scsi_status = src->scsi.scsi_status;
1166	dest->scsiio.sense_len = src->scsi.sense_len;
1167	dest->io_hdr.status = src->hdr.status;
1168}
1169
1170static void
1171ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1172{
1173
1174	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1175	    src->scsiio.sense_len);
1176	dest->scsi.scsi_status = src->scsiio.scsi_status;
1177	dest->scsi.sense_len = src->scsiio.sense_len;
1178	dest->hdr.status = src->io_hdr.status;
1179}
1180
1181static void
1182ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1183{
1184	struct ctl_softc *softc = lun->ctl_softc;
1185	ctl_ua_type *pu;
1186
1187	if (initidx < softc->init_min || initidx >= softc->init_max)
1188		return;
1189	mtx_assert(&lun->lun_lock, MA_OWNED);
1190	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1191	if (pu == NULL)
1192		return;
1193	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1194}
1195
1196static void
1197ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1198{
1199	struct ctl_softc *softc = lun->ctl_softc;
1200	int i, j;
1201
1202	mtx_assert(&lun->lun_lock, MA_OWNED);
1203	for (i = softc->port_min; i < softc->port_max; i++) {
1204		if (lun->pending_ua[i] == NULL)
1205			continue;
1206		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1207			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1208				continue;
1209			lun->pending_ua[i][j] |= ua;
1210		}
1211	}
1212}
1213
1214static void
1215ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1216{
1217	struct ctl_softc *softc = lun->ctl_softc;
1218	ctl_ua_type *pu;
1219
1220	if (initidx < softc->init_min || initidx >= softc->init_max)
1221		return;
1222	mtx_assert(&lun->lun_lock, MA_OWNED);
1223	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1224	if (pu == NULL)
1225		return;
1226	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1227}
1228
1229static void
1230ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1231{
1232	struct ctl_softc *softc = lun->ctl_softc;
1233	int i, j;
1234
1235	mtx_assert(&lun->lun_lock, MA_OWNED);
1236	for (i = softc->port_min; i < softc->port_max; i++) {
1237		if (lun->pending_ua[i] == NULL)
1238			continue;
1239		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1240			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1241				continue;
1242			lun->pending_ua[i][j] &= ~ua;
1243		}
1244	}
1245}
1246
1247static void
1248ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1249    ctl_ua_type ua_type)
1250{
1251	struct ctl_lun *lun;
1252
1253	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1254	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1255		mtx_lock(&lun->lun_lock);
1256		ctl_clr_ua(lun, initidx, ua_type);
1257		mtx_unlock(&lun->lun_lock);
1258	}
1259}
1260
1261static int
1262ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1263{
1264	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1265	struct ctl_lun *lun;
1266	struct ctl_lun_req ireq;
1267	int error, value;
1268
1269	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1270	error = sysctl_handle_int(oidp, &value, 0, req);
1271	if ((error != 0) || (req->newptr == NULL))
1272		return (error);
1273
1274	mtx_lock(&softc->ctl_lock);
1275	if (value == 0)
1276		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1277	else
1278		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1279	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1280		mtx_unlock(&softc->ctl_lock);
1281		bzero(&ireq, sizeof(ireq));
1282		ireq.reqtype = CTL_LUNREQ_MODIFY;
1283		ireq.reqdata.modify.lun_id = lun->lun;
1284		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1285		    curthread);
1286		if (ireq.status != CTL_LUN_OK) {
1287			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1288			    __func__, ireq.status, ireq.error_str);
1289		}
1290		mtx_lock(&softc->ctl_lock);
1291	}
1292	mtx_unlock(&softc->ctl_lock);
1293	return (0);
1294}
1295
1296static int
1297ctl_init(void)
1298{
1299	struct ctl_softc *softc;
1300	void *other_pool;
1301	int i, error, retval;
1302
1303	retval = 0;
1304	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1305			       M_WAITOK | M_ZERO);
1306	softc = control_softc;
1307
1308	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1309			      "cam/ctl");
1310
1311	softc->dev->si_drv1 = softc;
1312
1313	sysctl_ctx_init(&softc->sysctl_ctx);
1314	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1315		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1316		CTLFLAG_RD, 0, "CAM Target Layer");
1317
1318	if (softc->sysctl_tree == NULL) {
1319		printf("%s: unable to allocate sysctl tree\n", __func__);
1320		destroy_dev(softc->dev);
1321		free(control_softc, M_DEVBUF);
1322		control_softc = NULL;
1323		return (ENOMEM);
1324	}
1325
1326	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1327	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1328	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1329	softc->open_count = 0;
1330
1331	/*
1332	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1333	 * the drive.
1334	 */
1335	softc->flags = CTL_FLAG_REAL_SYNC;
1336
1337	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1338	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1339	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1340
1341	/*
1342	 * In Copan's HA scheme, the "master" and "slave" roles are
1343	 * figured out through the slot the controller is in.  Although it
1344	 * is an active/active system, someone has to be in charge.
1345	 */
1346	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1347	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1348	    "HA head ID (0 - no HA)");
1349	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1350		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1351		softc->is_single = 1;
1352		softc->port_cnt = CTL_MAX_PORTS;
1353		softc->port_min = 0;
1354	} else {
1355		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1356		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1357	}
1358	softc->port_max = softc->port_min + softc->port_cnt;
1359	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1360	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1361
1362	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1363	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1364	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1365
1366	STAILQ_INIT(&softc->lun_list);
1367	STAILQ_INIT(&softc->pending_lun_queue);
1368	STAILQ_INIT(&softc->fe_list);
1369	STAILQ_INIT(&softc->port_list);
1370	STAILQ_INIT(&softc->be_list);
1371	ctl_tpc_init(softc);
1372
1373	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1374	                    &other_pool) != 0)
1375	{
1376		printf("ctl: can't allocate %d entry other SC pool, "
1377		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1378		return (ENOMEM);
1379	}
1380	softc->othersc_pool = other_pool;
1381
1382	if (worker_threads <= 0)
1383		worker_threads = max(1, mp_ncpus / 4);
1384	if (worker_threads > CTL_MAX_THREADS)
1385		worker_threads = CTL_MAX_THREADS;
1386
1387	for (i = 0; i < worker_threads; i++) {
1388		struct ctl_thread *thr = &softc->threads[i];
1389
1390		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1391		thr->ctl_softc = softc;
1392		STAILQ_INIT(&thr->incoming_queue);
1393		STAILQ_INIT(&thr->rtr_queue);
1394		STAILQ_INIT(&thr->done_queue);
1395		STAILQ_INIT(&thr->isc_queue);
1396
1397		error = kproc_kthread_add(ctl_work_thread, thr,
1398		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1399		if (error != 0) {
1400			printf("error creating CTL work thread!\n");
1401			ctl_pool_free(other_pool);
1402			return (error);
1403		}
1404	}
1405	error = kproc_kthread_add(ctl_lun_thread, softc,
1406	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1407	if (error != 0) {
1408		printf("error creating CTL lun thread!\n");
1409		ctl_pool_free(other_pool);
1410		return (error);
1411	}
1412	error = kproc_kthread_add(ctl_thresh_thread, softc,
1413	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1414	if (error != 0) {
1415		printf("error creating CTL threshold thread!\n");
1416		ctl_pool_free(other_pool);
1417		return (error);
1418	}
1419
1420	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1421	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1422	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1423
1424	if (softc->is_single == 0) {
1425		ctl_frontend_register(&ha_frontend);
1426		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1427			printf("ctl_init: ctl_ha_msg_init failed.\n");
1428			softc->is_single = 1;
1429		} else
1430		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1431		    != CTL_HA_STATUS_SUCCESS) {
1432			printf("ctl_init: ctl_ha_msg_register failed.\n");
1433			softc->is_single = 1;
1434		}
1435	}
1436	return (0);
1437}
1438
1439void
1440ctl_shutdown(void)
1441{
1442	struct ctl_softc *softc;
1443	struct ctl_lun *lun, *next_lun;
1444
1445	softc = (struct ctl_softc *)control_softc;
1446
1447	if (softc->is_single == 0) {
1448		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1449		    != CTL_HA_STATUS_SUCCESS) {
1450			printf("ctl_shutdown: ctl_ha_msg_deregister failed.\n");
1451		}
1452		if (ctl_ha_msg_shutdown(softc) != CTL_HA_STATUS_SUCCESS) {
1453			printf("ctl_shutdown: ctl_ha_msg_shutdown failed.\n");
1454		}
1455		ctl_frontend_deregister(&ha_frontend);
1456	}
1457
1458	mtx_lock(&softc->ctl_lock);
1459
1460	/*
1461	 * Free up each LUN.
1462	 */
1463	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1464		next_lun = STAILQ_NEXT(lun, links);
1465		ctl_free_lun(lun);
1466	}
1467
1468	mtx_unlock(&softc->ctl_lock);
1469
1470#if 0
1471	ctl_shutdown_thread(softc->work_thread);
1472	mtx_destroy(&softc->queue_lock);
1473#endif
1474
1475	ctl_tpc_shutdown(softc);
1476	uma_zdestroy(softc->io_zone);
1477	mtx_destroy(&softc->ctl_lock);
1478
1479	destroy_dev(softc->dev);
1480
1481	sysctl_ctx_free(&softc->sysctl_ctx);
1482
1483	free(control_softc, M_DEVBUF);
1484	control_softc = NULL;
1485}
1486
1487static int
1488ctl_module_event_handler(module_t mod, int what, void *arg)
1489{
1490
1491	switch (what) {
1492	case MOD_LOAD:
1493		return (ctl_init());
1494	case MOD_UNLOAD:
1495		return (EBUSY);
1496	default:
1497		return (EOPNOTSUPP);
1498	}
1499}
1500
1501/*
1502 * XXX KDM should we do some access checks here?  Bump a reference count to
1503 * prevent a CTL module from being unloaded while someone has it open?
1504 */
1505static int
1506ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1507{
1508	return (0);
1509}
1510
1511static int
1512ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1513{
1514	return (0);
1515}
1516
1517/*
1518 * Remove an initiator by port number and initiator ID.
1519 * Returns 0 for success, -1 for failure.
1520 */
1521int
1522ctl_remove_initiator(struct ctl_port *port, int iid)
1523{
1524	struct ctl_softc *softc = control_softc;
1525
1526	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1527
1528	if (iid > CTL_MAX_INIT_PER_PORT) {
1529		printf("%s: initiator ID %u > maximun %u!\n",
1530		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1531		return (-1);
1532	}
1533
1534	mtx_lock(&softc->ctl_lock);
1535	port->wwpn_iid[iid].in_use--;
1536	port->wwpn_iid[iid].last_use = time_uptime;
1537	mtx_unlock(&softc->ctl_lock);
1538
1539	return (0);
1540}
1541
1542/*
1543 * Add an initiator to the initiator map.
1544 * Returns iid for success, < 0 for failure.
1545 */
1546int
1547ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1548{
1549	struct ctl_softc *softc = control_softc;
1550	time_t best_time;
1551	int i, best;
1552
1553	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1554
1555	if (iid >= CTL_MAX_INIT_PER_PORT) {
1556		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1557		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1558		free(name, M_CTL);
1559		return (-1);
1560	}
1561
1562	mtx_lock(&softc->ctl_lock);
1563
1564	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1565		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1566			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1567				iid = i;
1568				break;
1569			}
1570			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1571			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1572				iid = i;
1573				break;
1574			}
1575		}
1576	}
1577
1578	if (iid < 0) {
1579		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1580			if (port->wwpn_iid[i].in_use == 0 &&
1581			    port->wwpn_iid[i].wwpn == 0 &&
1582			    port->wwpn_iid[i].name == NULL) {
1583				iid = i;
1584				break;
1585			}
1586		}
1587	}
1588
1589	if (iid < 0) {
1590		best = -1;
1591		best_time = INT32_MAX;
1592		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1593			if (port->wwpn_iid[i].in_use == 0) {
1594				if (port->wwpn_iid[i].last_use < best_time) {
1595					best = i;
1596					best_time = port->wwpn_iid[i].last_use;
1597				}
1598			}
1599		}
1600		iid = best;
1601	}
1602
1603	if (iid < 0) {
1604		mtx_unlock(&softc->ctl_lock);
1605		free(name, M_CTL);
1606		return (-2);
1607	}
1608
1609	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1610		/*
1611		 * This is not an error yet.
1612		 */
1613		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1614#if 0
1615			printf("%s: port %d iid %u WWPN %#jx arrived"
1616			    " again\n", __func__, port->targ_port,
1617			    iid, (uintmax_t)wwpn);
1618#endif
1619			goto take;
1620		}
1621		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1622		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1623#if 0
1624			printf("%s: port %d iid %u name '%s' arrived"
1625			    " again\n", __func__, port->targ_port,
1626			    iid, name);
1627#endif
1628			goto take;
1629		}
1630
1631		/*
1632		 * This is an error, but what do we do about it?  The
1633		 * driver is telling us we have a new WWPN for this
1634		 * initiator ID, so we pretty much need to use it.
1635		 */
1636		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1637		    " but WWPN %#jx '%s' is still at that address\n",
1638		    __func__, port->targ_port, iid, wwpn, name,
1639		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1640		    port->wwpn_iid[iid].name);
1641
1642		/*
1643		 * XXX KDM clear have_ca and ua_pending on each LUN for
1644		 * this initiator.
1645		 */
1646	}
1647take:
1648	free(port->wwpn_iid[iid].name, M_CTL);
1649	port->wwpn_iid[iid].name = name;
1650	port->wwpn_iid[iid].wwpn = wwpn;
1651	port->wwpn_iid[iid].in_use++;
1652	mtx_unlock(&softc->ctl_lock);
1653
1654	return (iid);
1655}
1656
1657static int
1658ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1659{
1660	int len;
1661
1662	switch (port->port_type) {
1663	case CTL_PORT_FC:
1664	{
1665		struct scsi_transportid_fcp *id =
1666		    (struct scsi_transportid_fcp *)buf;
1667		if (port->wwpn_iid[iid].wwpn == 0)
1668			return (0);
1669		memset(id, 0, sizeof(*id));
1670		id->format_protocol = SCSI_PROTO_FC;
1671		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1672		return (sizeof(*id));
1673	}
1674	case CTL_PORT_ISCSI:
1675	{
1676		struct scsi_transportid_iscsi_port *id =
1677		    (struct scsi_transportid_iscsi_port *)buf;
1678		if (port->wwpn_iid[iid].name == NULL)
1679			return (0);
1680		memset(id, 0, 256);
1681		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1682		    SCSI_PROTO_ISCSI;
1683		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1684		len = roundup2(min(len, 252), 4);
1685		scsi_ulto2b(len, id->additional_length);
1686		return (sizeof(*id) + len);
1687	}
1688	case CTL_PORT_SAS:
1689	{
1690		struct scsi_transportid_sas *id =
1691		    (struct scsi_transportid_sas *)buf;
1692		if (port->wwpn_iid[iid].wwpn == 0)
1693			return (0);
1694		memset(id, 0, sizeof(*id));
1695		id->format_protocol = SCSI_PROTO_SAS;
1696		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1697		return (sizeof(*id));
1698	}
1699	default:
1700	{
1701		struct scsi_transportid_spi *id =
1702		    (struct scsi_transportid_spi *)buf;
1703		memset(id, 0, sizeof(*id));
1704		id->format_protocol = SCSI_PROTO_SPI;
1705		scsi_ulto2b(iid, id->scsi_addr);
1706		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1707		return (sizeof(*id));
1708	}
1709	}
1710}
1711
1712/*
1713 * Serialize a command that went down the "wrong" side, and so was sent to
1714 * this controller for execution.  The logic is a little different than the
1715 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1716 * sent back to the other side, but in the success case, we execute the
1717 * command on this side (XFER mode) or tell the other side to execute it
1718 * (SER_ONLY mode).
1719 */
1720static int
1721ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1722{
1723	struct ctl_softc *softc;
1724	union ctl_ha_msg msg_info;
1725	struct ctl_lun *lun;
1726	const struct ctl_cmd_entry *entry;
1727	int retval = 0;
1728	uint32_t targ_lun;
1729
1730	softc = control_softc;
1731
1732	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1733	if ((targ_lun < CTL_MAX_LUNS) &&
1734	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
1735		/*
1736		 * If the LUN is invalid, pretend that it doesn't exist.
1737		 * It will go away as soon as all pending I/O has been
1738		 * completed.
1739		 */
1740		mtx_lock(&lun->lun_lock);
1741		if (lun->flags & CTL_LUN_DISABLED) {
1742			mtx_unlock(&lun->lun_lock);
1743			lun = NULL;
1744		}
1745	} else
1746		lun = NULL;
1747	if (lun == NULL) {
1748		/*
1749		 * Why isn't LUN defined? The other side wouldn't
1750		 * send a cmd if the LUN is undefined.
1751		 */
1752		printf("%s: Bad JUJU!, LUN is NULL!\n", __func__);
1753
1754		ctl_set_unsupported_lun(ctsio);
1755		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1756		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1757		msg_info.hdr.serializing_sc = NULL;
1758		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1759		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1760		    sizeof(msg_info.scsi), M_WAITOK);
1761		return(1);
1762	}
1763
1764	entry = ctl_get_cmd_entry(ctsio, NULL);
1765	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
1766		mtx_unlock(&lun->lun_lock);
1767		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1768		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1769		msg_info.hdr.serializing_sc = NULL;
1770		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1771		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1772		    sizeof(msg_info.scsi), M_WAITOK);
1773		return(1);
1774	}
1775
1776	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
1777	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
1778
1779	/*
1780	 * Every I/O goes into the OOA queue for a
1781	 * particular LUN, and stays there until completion.
1782	 */
1783#ifdef CTL_TIME_IO
1784	if (TAILQ_EMPTY(&lun->ooa_queue))
1785		lun->idle_time += getsbinuptime() - lun->last_busy;
1786#endif
1787	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1788
1789	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1790		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1791		 ooa_links))) {
1792	case CTL_ACTION_BLOCK:
1793		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1794		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1795				  blocked_links);
1796		mtx_unlock(&lun->lun_lock);
1797		break;
1798	case CTL_ACTION_PASS:
1799	case CTL_ACTION_SKIP:
1800		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1801			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1802			ctl_enqueue_rtr((union ctl_io *)ctsio);
1803			mtx_unlock(&lun->lun_lock);
1804		} else {
1805			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
1806			mtx_unlock(&lun->lun_lock);
1807
1808			/* send msg back to other side */
1809			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1810			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1811			msg_info.hdr.msg_type = CTL_MSG_R2R;
1812			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1813			    sizeof(msg_info.hdr), M_WAITOK);
1814		}
1815		break;
1816	case CTL_ACTION_OVERLAP:
1817		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1818		mtx_unlock(&lun->lun_lock);
1819		retval = 1;
1820
1821		ctl_set_overlapped_cmd(ctsio);
1822		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1823		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1824		msg_info.hdr.serializing_sc = NULL;
1825		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1826		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1827		    sizeof(msg_info.scsi), M_WAITOK);
1828		break;
1829	case CTL_ACTION_OVERLAP_TAG:
1830		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1831		mtx_unlock(&lun->lun_lock);
1832		retval = 1;
1833		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
1834		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1835		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1836		msg_info.hdr.serializing_sc = NULL;
1837		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1838		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1839		    sizeof(msg_info.scsi), M_WAITOK);
1840		break;
1841	case CTL_ACTION_ERROR:
1842	default:
1843		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1844		mtx_unlock(&lun->lun_lock);
1845		retval = 1;
1846
1847		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
1848					 /*retry_count*/ 0);
1849		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1850		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1851		msg_info.hdr.serializing_sc = NULL;
1852		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1853		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1854		    sizeof(msg_info.scsi), M_WAITOK);
1855		break;
1856	}
1857	return (retval);
1858}
1859
1860/*
1861 * Returns 0 for success, errno for failure.
1862 */
1863static int
1864ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1865		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1866{
1867	union ctl_io *io;
1868	int retval;
1869
1870	retval = 0;
1871
1872	mtx_lock(&lun->lun_lock);
1873	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1874	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1875	     ooa_links)) {
1876		struct ctl_ooa_entry *entry;
1877
1878		/*
1879		 * If we've got more than we can fit, just count the
1880		 * remaining entries.
1881		 */
1882		if (*cur_fill_num >= ooa_hdr->alloc_num)
1883			continue;
1884
1885		entry = &kern_entries[*cur_fill_num];
1886
1887		entry->tag_num = io->scsiio.tag_num;
1888		entry->lun_num = lun->lun;
1889#ifdef CTL_TIME_IO
1890		entry->start_bt = io->io_hdr.start_bt;
1891#endif
1892		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
1893		entry->cdb_len = io->scsiio.cdb_len;
1894		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1895			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1896
1897		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1898			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
1899
1900		if (io->io_hdr.flags & CTL_FLAG_ABORT)
1901			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
1902
1903		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
1904			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
1905
1906		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
1907			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
1908	}
1909	mtx_unlock(&lun->lun_lock);
1910
1911	return (retval);
1912}
1913
1914static void *
1915ctl_copyin_alloc(void *user_addr, int len, char *error_str,
1916		 size_t error_str_len)
1917{
1918	void *kptr;
1919
1920	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
1921
1922	if (copyin(user_addr, kptr, len) != 0) {
1923		snprintf(error_str, error_str_len, "Error copying %d bytes "
1924			 "from user address %p to kernel address %p", len,
1925			 user_addr, kptr);
1926		free(kptr, M_CTL);
1927		return (NULL);
1928	}
1929
1930	return (kptr);
1931}
1932
1933static void
1934ctl_free_args(int num_args, struct ctl_be_arg *args)
1935{
1936	int i;
1937
1938	if (args == NULL)
1939		return;
1940
1941	for (i = 0; i < num_args; i++) {
1942		free(args[i].kname, M_CTL);
1943		free(args[i].kvalue, M_CTL);
1944	}
1945
1946	free(args, M_CTL);
1947}
1948
1949static struct ctl_be_arg *
1950ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
1951		char *error_str, size_t error_str_len)
1952{
1953	struct ctl_be_arg *args;
1954	int i;
1955
1956	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
1957				error_str, error_str_len);
1958
1959	if (args == NULL)
1960		goto bailout;
1961
1962	for (i = 0; i < num_args; i++) {
1963		args[i].kname = NULL;
1964		args[i].kvalue = NULL;
1965	}
1966
1967	for (i = 0; i < num_args; i++) {
1968		uint8_t *tmpptr;
1969
1970		args[i].kname = ctl_copyin_alloc(args[i].name,
1971			args[i].namelen, error_str, error_str_len);
1972		if (args[i].kname == NULL)
1973			goto bailout;
1974
1975		if (args[i].kname[args[i].namelen - 1] != '\0') {
1976			snprintf(error_str, error_str_len, "Argument %d "
1977				 "name is not NUL-terminated", i);
1978			goto bailout;
1979		}
1980
1981		if (args[i].flags & CTL_BEARG_RD) {
1982			tmpptr = ctl_copyin_alloc(args[i].value,
1983				args[i].vallen, error_str, error_str_len);
1984			if (tmpptr == NULL)
1985				goto bailout;
1986			if ((args[i].flags & CTL_BEARG_ASCII)
1987			 && (tmpptr[args[i].vallen - 1] != '\0')) {
1988				snprintf(error_str, error_str_len, "Argument "
1989				    "%d value is not NUL-terminated", i);
1990				goto bailout;
1991			}
1992			args[i].kvalue = tmpptr;
1993		} else {
1994			args[i].kvalue = malloc(args[i].vallen,
1995			    M_CTL, M_WAITOK | M_ZERO);
1996		}
1997	}
1998
1999	return (args);
2000bailout:
2001
2002	ctl_free_args(num_args, args);
2003
2004	return (NULL);
2005}
2006
2007static void
2008ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2009{
2010	int i;
2011
2012	for (i = 0; i < num_args; i++) {
2013		if (args[i].flags & CTL_BEARG_WR)
2014			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2015	}
2016}
2017
2018/*
2019 * Escape characters that are illegal or not recommended in XML.
2020 */
2021int
2022ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2023{
2024	char *end = str + size;
2025	int retval;
2026
2027	retval = 0;
2028
2029	for (; *str && str < end; str++) {
2030		switch (*str) {
2031		case '&':
2032			retval = sbuf_printf(sb, "&amp;");
2033			break;
2034		case '>':
2035			retval = sbuf_printf(sb, "&gt;");
2036			break;
2037		case '<':
2038			retval = sbuf_printf(sb, "&lt;");
2039			break;
2040		default:
2041			retval = sbuf_putc(sb, *str);
2042			break;
2043		}
2044
2045		if (retval != 0)
2046			break;
2047
2048	}
2049
2050	return (retval);
2051}
2052
2053static void
2054ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2055{
2056	struct scsi_vpd_id_descriptor *desc;
2057	int i;
2058
2059	if (id == NULL || id->len < 4)
2060		return;
2061	desc = (struct scsi_vpd_id_descriptor *)id->data;
2062	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2063	case SVPD_ID_TYPE_T10:
2064		sbuf_printf(sb, "t10.");
2065		break;
2066	case SVPD_ID_TYPE_EUI64:
2067		sbuf_printf(sb, "eui.");
2068		break;
2069	case SVPD_ID_TYPE_NAA:
2070		sbuf_printf(sb, "naa.");
2071		break;
2072	case SVPD_ID_TYPE_SCSI_NAME:
2073		break;
2074	}
2075	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2076	case SVPD_ID_CODESET_BINARY:
2077		for (i = 0; i < desc->length; i++)
2078			sbuf_printf(sb, "%02x", desc->identifier[i]);
2079		break;
2080	case SVPD_ID_CODESET_ASCII:
2081		sbuf_printf(sb, "%.*s", (int)desc->length,
2082		    (char *)desc->identifier);
2083		break;
2084	case SVPD_ID_CODESET_UTF8:
2085		sbuf_printf(sb, "%s", (char *)desc->identifier);
2086		break;
2087	}
2088}
2089
2090static int
2091ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2092	  struct thread *td)
2093{
2094	struct ctl_softc *softc;
2095	int retval;
2096
2097	softc = control_softc;
2098
2099	retval = 0;
2100
2101	switch (cmd) {
2102	case CTL_IO:
2103		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2104		break;
2105	case CTL_ENABLE_PORT:
2106	case CTL_DISABLE_PORT:
2107	case CTL_SET_PORT_WWNS: {
2108		struct ctl_port *port;
2109		struct ctl_port_entry *entry;
2110
2111		entry = (struct ctl_port_entry *)addr;
2112
2113		mtx_lock(&softc->ctl_lock);
2114		STAILQ_FOREACH(port, &softc->port_list, links) {
2115			int action, done;
2116
2117			if (port->targ_port < softc->port_min ||
2118			    port->targ_port >= softc->port_max)
2119				continue;
2120
2121			action = 0;
2122			done = 0;
2123			if ((entry->port_type == CTL_PORT_NONE)
2124			 && (entry->targ_port == port->targ_port)) {
2125				/*
2126				 * If the user only wants to enable or
2127				 * disable or set WWNs on a specific port,
2128				 * do the operation and we're done.
2129				 */
2130				action = 1;
2131				done = 1;
2132			} else if (entry->port_type & port->port_type) {
2133				/*
2134				 * Compare the user's type mask with the
2135				 * particular frontend type to see if we
2136				 * have a match.
2137				 */
2138				action = 1;
2139				done = 0;
2140
2141				/*
2142				 * Make sure the user isn't trying to set
2143				 * WWNs on multiple ports at the same time.
2144				 */
2145				if (cmd == CTL_SET_PORT_WWNS) {
2146					printf("%s: Can't set WWNs on "
2147					       "multiple ports\n", __func__);
2148					retval = EINVAL;
2149					break;
2150				}
2151			}
2152			if (action == 0)
2153				continue;
2154
2155			/*
2156			 * XXX KDM we have to drop the lock here, because
2157			 * the online/offline operations can potentially
2158			 * block.  We need to reference count the frontends
2159			 * so they can't go away,
2160			 */
2161			if (cmd == CTL_ENABLE_PORT) {
2162				mtx_unlock(&softc->ctl_lock);
2163				ctl_port_online(port);
2164				mtx_lock(&softc->ctl_lock);
2165			} else if (cmd == CTL_DISABLE_PORT) {
2166				mtx_unlock(&softc->ctl_lock);
2167				ctl_port_offline(port);
2168				mtx_lock(&softc->ctl_lock);
2169			} else if (cmd == CTL_SET_PORT_WWNS) {
2170				ctl_port_set_wwns(port,
2171				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2172				    1 : 0, entry->wwnn,
2173				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2174				    1 : 0, entry->wwpn);
2175			}
2176			if (done != 0)
2177				break;
2178		}
2179		mtx_unlock(&softc->ctl_lock);
2180		break;
2181	}
2182	case CTL_GET_PORT_LIST: {
2183		struct ctl_port *port;
2184		struct ctl_port_list *list;
2185		int i;
2186
2187		list = (struct ctl_port_list *)addr;
2188
2189		if (list->alloc_len != (list->alloc_num *
2190		    sizeof(struct ctl_port_entry))) {
2191			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2192			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2193			       "%zu\n", __func__, list->alloc_len,
2194			       list->alloc_num, sizeof(struct ctl_port_entry));
2195			retval = EINVAL;
2196			break;
2197		}
2198		list->fill_len = 0;
2199		list->fill_num = 0;
2200		list->dropped_num = 0;
2201		i = 0;
2202		mtx_lock(&softc->ctl_lock);
2203		STAILQ_FOREACH(port, &softc->port_list, links) {
2204			struct ctl_port_entry entry, *list_entry;
2205
2206			if (list->fill_num >= list->alloc_num) {
2207				list->dropped_num++;
2208				continue;
2209			}
2210
2211			entry.port_type = port->port_type;
2212			strlcpy(entry.port_name, port->port_name,
2213				sizeof(entry.port_name));
2214			entry.targ_port = port->targ_port;
2215			entry.physical_port = port->physical_port;
2216			entry.virtual_port = port->virtual_port;
2217			entry.wwnn = port->wwnn;
2218			entry.wwpn = port->wwpn;
2219			if (port->status & CTL_PORT_STATUS_ONLINE)
2220				entry.online = 1;
2221			else
2222				entry.online = 0;
2223
2224			list_entry = &list->entries[i];
2225
2226			retval = copyout(&entry, list_entry, sizeof(entry));
2227			if (retval != 0) {
2228				printf("%s: CTL_GET_PORT_LIST: copyout "
2229				       "returned %d\n", __func__, retval);
2230				break;
2231			}
2232			i++;
2233			list->fill_num++;
2234			list->fill_len += sizeof(entry);
2235		}
2236		mtx_unlock(&softc->ctl_lock);
2237
2238		/*
2239		 * If this is non-zero, we had a copyout fault, so there's
2240		 * probably no point in attempting to set the status inside
2241		 * the structure.
2242		 */
2243		if (retval != 0)
2244			break;
2245
2246		if (list->dropped_num > 0)
2247			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2248		else
2249			list->status = CTL_PORT_LIST_OK;
2250		break;
2251	}
2252	case CTL_DUMP_OOA: {
2253		struct ctl_lun *lun;
2254		union ctl_io *io;
2255		char printbuf[128];
2256		struct sbuf sb;
2257
2258		mtx_lock(&softc->ctl_lock);
2259		printf("Dumping OOA queues:\n");
2260		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2261			mtx_lock(&lun->lun_lock);
2262			for (io = (union ctl_io *)TAILQ_FIRST(
2263			     &lun->ooa_queue); io != NULL;
2264			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2265			     ooa_links)) {
2266				sbuf_new(&sb, printbuf, sizeof(printbuf),
2267					 SBUF_FIXEDLEN);
2268				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2269					    (intmax_t)lun->lun,
2270					    io->scsiio.tag_num,
2271					    (io->io_hdr.flags &
2272					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2273					    (io->io_hdr.flags &
2274					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2275					    (io->io_hdr.flags &
2276					    CTL_FLAG_ABORT) ? " ABORT" : "",
2277			                    (io->io_hdr.flags &
2278		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2279				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2280				sbuf_finish(&sb);
2281				printf("%s\n", sbuf_data(&sb));
2282			}
2283			mtx_unlock(&lun->lun_lock);
2284		}
2285		printf("OOA queues dump done\n");
2286		mtx_unlock(&softc->ctl_lock);
2287		break;
2288	}
2289	case CTL_GET_OOA: {
2290		struct ctl_lun *lun;
2291		struct ctl_ooa *ooa_hdr;
2292		struct ctl_ooa_entry *entries;
2293		uint32_t cur_fill_num;
2294
2295		ooa_hdr = (struct ctl_ooa *)addr;
2296
2297		if ((ooa_hdr->alloc_len == 0)
2298		 || (ooa_hdr->alloc_num == 0)) {
2299			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2300			       "must be non-zero\n", __func__,
2301			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2302			retval = EINVAL;
2303			break;
2304		}
2305
2306		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2307		    sizeof(struct ctl_ooa_entry))) {
2308			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2309			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2310			       __func__, ooa_hdr->alloc_len,
2311			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2312			retval = EINVAL;
2313			break;
2314		}
2315
2316		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2317		if (entries == NULL) {
2318			printf("%s: could not allocate %d bytes for OOA "
2319			       "dump\n", __func__, ooa_hdr->alloc_len);
2320			retval = ENOMEM;
2321			break;
2322		}
2323
2324		mtx_lock(&softc->ctl_lock);
2325		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2326		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2327		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2328			mtx_unlock(&softc->ctl_lock);
2329			free(entries, M_CTL);
2330			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2331			       __func__, (uintmax_t)ooa_hdr->lun_num);
2332			retval = EINVAL;
2333			break;
2334		}
2335
2336		cur_fill_num = 0;
2337
2338		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2339			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2340				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2341					ooa_hdr, entries);
2342				if (retval != 0)
2343					break;
2344			}
2345			if (retval != 0) {
2346				mtx_unlock(&softc->ctl_lock);
2347				free(entries, M_CTL);
2348				break;
2349			}
2350		} else {
2351			lun = softc->ctl_luns[ooa_hdr->lun_num];
2352
2353			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2354						    entries);
2355		}
2356		mtx_unlock(&softc->ctl_lock);
2357
2358		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2359		ooa_hdr->fill_len = ooa_hdr->fill_num *
2360			sizeof(struct ctl_ooa_entry);
2361		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2362		if (retval != 0) {
2363			printf("%s: error copying out %d bytes for OOA dump\n",
2364			       __func__, ooa_hdr->fill_len);
2365		}
2366
2367		getbintime(&ooa_hdr->cur_bt);
2368
2369		if (cur_fill_num > ooa_hdr->alloc_num) {
2370			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2371			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2372		} else {
2373			ooa_hdr->dropped_num = 0;
2374			ooa_hdr->status = CTL_OOA_OK;
2375		}
2376
2377		free(entries, M_CTL);
2378		break;
2379	}
2380	case CTL_CHECK_OOA: {
2381		union ctl_io *io;
2382		struct ctl_lun *lun;
2383		struct ctl_ooa_info *ooa_info;
2384
2385
2386		ooa_info = (struct ctl_ooa_info *)addr;
2387
2388		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2389			ooa_info->status = CTL_OOA_INVALID_LUN;
2390			break;
2391		}
2392		mtx_lock(&softc->ctl_lock);
2393		lun = softc->ctl_luns[ooa_info->lun_id];
2394		if (lun == NULL) {
2395			mtx_unlock(&softc->ctl_lock);
2396			ooa_info->status = CTL_OOA_INVALID_LUN;
2397			break;
2398		}
2399		mtx_lock(&lun->lun_lock);
2400		mtx_unlock(&softc->ctl_lock);
2401		ooa_info->num_entries = 0;
2402		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2403		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2404		     &io->io_hdr, ooa_links)) {
2405			ooa_info->num_entries++;
2406		}
2407		mtx_unlock(&lun->lun_lock);
2408
2409		ooa_info->status = CTL_OOA_SUCCESS;
2410
2411		break;
2412	}
2413	case CTL_DELAY_IO: {
2414		struct ctl_io_delay_info *delay_info;
2415#ifdef CTL_IO_DELAY
2416		struct ctl_lun *lun;
2417#endif /* CTL_IO_DELAY */
2418
2419		delay_info = (struct ctl_io_delay_info *)addr;
2420
2421#ifdef CTL_IO_DELAY
2422		mtx_lock(&softc->ctl_lock);
2423
2424		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2425		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2426			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2427		} else {
2428			lun = softc->ctl_luns[delay_info->lun_id];
2429			mtx_lock(&lun->lun_lock);
2430
2431			delay_info->status = CTL_DELAY_STATUS_OK;
2432
2433			switch (delay_info->delay_type) {
2434			case CTL_DELAY_TYPE_CONT:
2435				break;
2436			case CTL_DELAY_TYPE_ONESHOT:
2437				break;
2438			default:
2439				delay_info->status =
2440					CTL_DELAY_STATUS_INVALID_TYPE;
2441				break;
2442			}
2443
2444			switch (delay_info->delay_loc) {
2445			case CTL_DELAY_LOC_DATAMOVE:
2446				lun->delay_info.datamove_type =
2447					delay_info->delay_type;
2448				lun->delay_info.datamove_delay =
2449					delay_info->delay_secs;
2450				break;
2451			case CTL_DELAY_LOC_DONE:
2452				lun->delay_info.done_type =
2453					delay_info->delay_type;
2454				lun->delay_info.done_delay =
2455					delay_info->delay_secs;
2456				break;
2457			default:
2458				delay_info->status =
2459					CTL_DELAY_STATUS_INVALID_LOC;
2460				break;
2461			}
2462			mtx_unlock(&lun->lun_lock);
2463		}
2464
2465		mtx_unlock(&softc->ctl_lock);
2466#else
2467		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2468#endif /* CTL_IO_DELAY */
2469		break;
2470	}
2471	case CTL_REALSYNC_SET: {
2472		int *syncstate;
2473
2474		syncstate = (int *)addr;
2475
2476		mtx_lock(&softc->ctl_lock);
2477		switch (*syncstate) {
2478		case 0:
2479			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2480			break;
2481		case 1:
2482			softc->flags |= CTL_FLAG_REAL_SYNC;
2483			break;
2484		default:
2485			retval = EINVAL;
2486			break;
2487		}
2488		mtx_unlock(&softc->ctl_lock);
2489		break;
2490	}
2491	case CTL_REALSYNC_GET: {
2492		int *syncstate;
2493
2494		syncstate = (int*)addr;
2495
2496		mtx_lock(&softc->ctl_lock);
2497		if (softc->flags & CTL_FLAG_REAL_SYNC)
2498			*syncstate = 1;
2499		else
2500			*syncstate = 0;
2501		mtx_unlock(&softc->ctl_lock);
2502
2503		break;
2504	}
2505	case CTL_SETSYNC:
2506	case CTL_GETSYNC: {
2507		struct ctl_sync_info *sync_info;
2508		struct ctl_lun *lun;
2509
2510		sync_info = (struct ctl_sync_info *)addr;
2511
2512		mtx_lock(&softc->ctl_lock);
2513		lun = softc->ctl_luns[sync_info->lun_id];
2514		if (lun == NULL) {
2515			mtx_unlock(&softc->ctl_lock);
2516			sync_info->status = CTL_GS_SYNC_NO_LUN;
2517		}
2518		/*
2519		 * Get or set the sync interval.  We're not bounds checking
2520		 * in the set case, hopefully the user won't do something
2521		 * silly.
2522		 */
2523		mtx_lock(&lun->lun_lock);
2524		mtx_unlock(&softc->ctl_lock);
2525		if (cmd == CTL_GETSYNC)
2526			sync_info->sync_interval = lun->sync_interval;
2527		else
2528			lun->sync_interval = sync_info->sync_interval;
2529		mtx_unlock(&lun->lun_lock);
2530
2531		sync_info->status = CTL_GS_SYNC_OK;
2532
2533		break;
2534	}
2535	case CTL_GETSTATS: {
2536		struct ctl_stats *stats;
2537		struct ctl_lun *lun;
2538		int i;
2539
2540		stats = (struct ctl_stats *)addr;
2541
2542		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2543		     stats->alloc_len) {
2544			stats->status = CTL_SS_NEED_MORE_SPACE;
2545			stats->num_luns = softc->num_luns;
2546			break;
2547		}
2548		/*
2549		 * XXX KDM no locking here.  If the LUN list changes,
2550		 * things can blow up.
2551		 */
2552		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2553		     i++, lun = STAILQ_NEXT(lun, links)) {
2554			retval = copyout(&lun->stats, &stats->lun_stats[i],
2555					 sizeof(lun->stats));
2556			if (retval != 0)
2557				break;
2558		}
2559		stats->num_luns = softc->num_luns;
2560		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2561				 softc->num_luns;
2562		stats->status = CTL_SS_OK;
2563#ifdef CTL_TIME_IO
2564		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2565#else
2566		stats->flags = CTL_STATS_FLAG_NONE;
2567#endif
2568		getnanouptime(&stats->timestamp);
2569		break;
2570	}
2571	case CTL_ERROR_INJECT: {
2572		struct ctl_error_desc *err_desc, *new_err_desc;
2573		struct ctl_lun *lun;
2574
2575		err_desc = (struct ctl_error_desc *)addr;
2576
2577		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2578				      M_WAITOK | M_ZERO);
2579		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2580
2581		mtx_lock(&softc->ctl_lock);
2582		lun = softc->ctl_luns[err_desc->lun_id];
2583		if (lun == NULL) {
2584			mtx_unlock(&softc->ctl_lock);
2585			free(new_err_desc, M_CTL);
2586			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2587			       __func__, (uintmax_t)err_desc->lun_id);
2588			retval = EINVAL;
2589			break;
2590		}
2591		mtx_lock(&lun->lun_lock);
2592		mtx_unlock(&softc->ctl_lock);
2593
2594		/*
2595		 * We could do some checking here to verify the validity
2596		 * of the request, but given the complexity of error
2597		 * injection requests, the checking logic would be fairly
2598		 * complex.
2599		 *
2600		 * For now, if the request is invalid, it just won't get
2601		 * executed and might get deleted.
2602		 */
2603		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2604
2605		/*
2606		 * XXX KDM check to make sure the serial number is unique,
2607		 * in case we somehow manage to wrap.  That shouldn't
2608		 * happen for a very long time, but it's the right thing to
2609		 * do.
2610		 */
2611		new_err_desc->serial = lun->error_serial;
2612		err_desc->serial = lun->error_serial;
2613		lun->error_serial++;
2614
2615		mtx_unlock(&lun->lun_lock);
2616		break;
2617	}
2618	case CTL_ERROR_INJECT_DELETE: {
2619		struct ctl_error_desc *delete_desc, *desc, *desc2;
2620		struct ctl_lun *lun;
2621		int delete_done;
2622
2623		delete_desc = (struct ctl_error_desc *)addr;
2624		delete_done = 0;
2625
2626		mtx_lock(&softc->ctl_lock);
2627		lun = softc->ctl_luns[delete_desc->lun_id];
2628		if (lun == NULL) {
2629			mtx_unlock(&softc->ctl_lock);
2630			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2631			       __func__, (uintmax_t)delete_desc->lun_id);
2632			retval = EINVAL;
2633			break;
2634		}
2635		mtx_lock(&lun->lun_lock);
2636		mtx_unlock(&softc->ctl_lock);
2637		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2638			if (desc->serial != delete_desc->serial)
2639				continue;
2640
2641			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2642				      links);
2643			free(desc, M_CTL);
2644			delete_done = 1;
2645		}
2646		mtx_unlock(&lun->lun_lock);
2647		if (delete_done == 0) {
2648			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2649			       "error serial %ju on LUN %u\n", __func__,
2650			       delete_desc->serial, delete_desc->lun_id);
2651			retval = EINVAL;
2652			break;
2653		}
2654		break;
2655	}
2656	case CTL_DUMP_STRUCTS: {
2657		int i, j, k;
2658		struct ctl_port *port;
2659		struct ctl_frontend *fe;
2660
2661		mtx_lock(&softc->ctl_lock);
2662		printf("CTL Persistent Reservation information start:\n");
2663		for (i = 0; i < CTL_MAX_LUNS; i++) {
2664			struct ctl_lun *lun;
2665
2666			lun = softc->ctl_luns[i];
2667
2668			if ((lun == NULL)
2669			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2670				continue;
2671
2672			for (j = 0; j < CTL_MAX_PORTS; j++) {
2673				if (lun->pr_keys[j] == NULL)
2674					continue;
2675				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2676					if (lun->pr_keys[j][k] == 0)
2677						continue;
2678					printf("  LUN %d port %d iid %d key "
2679					       "%#jx\n", i, j, k,
2680					       (uintmax_t)lun->pr_keys[j][k]);
2681				}
2682			}
2683		}
2684		printf("CTL Persistent Reservation information end\n");
2685		printf("CTL Ports:\n");
2686		STAILQ_FOREACH(port, &softc->port_list, links) {
2687			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2688			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2689			       port->frontend->name, port->port_type,
2690			       port->physical_port, port->virtual_port,
2691			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2692			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2693				if (port->wwpn_iid[j].in_use == 0 &&
2694				    port->wwpn_iid[j].wwpn == 0 &&
2695				    port->wwpn_iid[j].name == NULL)
2696					continue;
2697
2698				printf("    iid %u use %d WWPN %#jx '%s'\n",
2699				    j, port->wwpn_iid[j].in_use,
2700				    (uintmax_t)port->wwpn_iid[j].wwpn,
2701				    port->wwpn_iid[j].name);
2702			}
2703		}
2704		printf("CTL Port information end\n");
2705		mtx_unlock(&softc->ctl_lock);
2706		/*
2707		 * XXX KDM calling this without a lock.  We'd likely want
2708		 * to drop the lock before calling the frontend's dump
2709		 * routine anyway.
2710		 */
2711		printf("CTL Frontends:\n");
2712		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2713			printf("  Frontend '%s'\n", fe->name);
2714			if (fe->fe_dump != NULL)
2715				fe->fe_dump();
2716		}
2717		printf("CTL Frontend information end\n");
2718		break;
2719	}
2720	case CTL_LUN_REQ: {
2721		struct ctl_lun_req *lun_req;
2722		struct ctl_backend_driver *backend;
2723
2724		lun_req = (struct ctl_lun_req *)addr;
2725
2726		backend = ctl_backend_find(lun_req->backend);
2727		if (backend == NULL) {
2728			lun_req->status = CTL_LUN_ERROR;
2729			snprintf(lun_req->error_str,
2730				 sizeof(lun_req->error_str),
2731				 "Backend \"%s\" not found.",
2732				 lun_req->backend);
2733			break;
2734		}
2735		if (lun_req->num_be_args > 0) {
2736			lun_req->kern_be_args = ctl_copyin_args(
2737				lun_req->num_be_args,
2738				lun_req->be_args,
2739				lun_req->error_str,
2740				sizeof(lun_req->error_str));
2741			if (lun_req->kern_be_args == NULL) {
2742				lun_req->status = CTL_LUN_ERROR;
2743				break;
2744			}
2745		}
2746
2747		retval = backend->ioctl(dev, cmd, addr, flag, td);
2748
2749		if (lun_req->num_be_args > 0) {
2750			ctl_copyout_args(lun_req->num_be_args,
2751				      lun_req->kern_be_args);
2752			ctl_free_args(lun_req->num_be_args,
2753				      lun_req->kern_be_args);
2754		}
2755		break;
2756	}
2757	case CTL_LUN_LIST: {
2758		struct sbuf *sb;
2759		struct ctl_lun *lun;
2760		struct ctl_lun_list *list;
2761		struct ctl_option *opt;
2762
2763		list = (struct ctl_lun_list *)addr;
2764
2765		/*
2766		 * Allocate a fixed length sbuf here, based on the length
2767		 * of the user's buffer.  We could allocate an auto-extending
2768		 * buffer, and then tell the user how much larger our
2769		 * amount of data is than his buffer, but that presents
2770		 * some problems:
2771		 *
2772		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2773		 *     we can't hold a lock while calling them with an
2774		 *     auto-extending buffer.
2775 		 *
2776		 * 2.  There is not currently a LUN reference counting
2777		 *     mechanism, outside of outstanding transactions on
2778		 *     the LUN's OOA queue.  So a LUN could go away on us
2779		 *     while we're getting the LUN number, backend-specific
2780		 *     information, etc.  Thus, given the way things
2781		 *     currently work, we need to hold the CTL lock while
2782		 *     grabbing LUN information.
2783		 *
2784		 * So, from the user's standpoint, the best thing to do is
2785		 * allocate what he thinks is a reasonable buffer length,
2786		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2787		 * double the buffer length and try again.  (And repeat
2788		 * that until he succeeds.)
2789		 */
2790		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2791		if (sb == NULL) {
2792			list->status = CTL_LUN_LIST_ERROR;
2793			snprintf(list->error_str, sizeof(list->error_str),
2794				 "Unable to allocate %d bytes for LUN list",
2795				 list->alloc_len);
2796			break;
2797		}
2798
2799		sbuf_printf(sb, "<ctllunlist>\n");
2800
2801		mtx_lock(&softc->ctl_lock);
2802		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2803			mtx_lock(&lun->lun_lock);
2804			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2805					     (uintmax_t)lun->lun);
2806
2807			/*
2808			 * Bail out as soon as we see that we've overfilled
2809			 * the buffer.
2810			 */
2811			if (retval != 0)
2812				break;
2813
2814			retval = sbuf_printf(sb, "\t<backend_type>%s"
2815					     "</backend_type>\n",
2816					     (lun->backend == NULL) ?  "none" :
2817					     lun->backend->name);
2818
2819			if (retval != 0)
2820				break;
2821
2822			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
2823					     lun->be_lun->lun_type);
2824
2825			if (retval != 0)
2826				break;
2827
2828			if (lun->backend == NULL) {
2829				retval = sbuf_printf(sb, "</lun>\n");
2830				if (retval != 0)
2831					break;
2832				continue;
2833			}
2834
2835			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
2836					     (lun->be_lun->maxlba > 0) ?
2837					     lun->be_lun->maxlba + 1 : 0);
2838
2839			if (retval != 0)
2840				break;
2841
2842			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
2843					     lun->be_lun->blocksize);
2844
2845			if (retval != 0)
2846				break;
2847
2848			retval = sbuf_printf(sb, "\t<serial_number>");
2849
2850			if (retval != 0)
2851				break;
2852
2853			retval = ctl_sbuf_printf_esc(sb,
2854			    lun->be_lun->serial_num,
2855			    sizeof(lun->be_lun->serial_num));
2856
2857			if (retval != 0)
2858				break;
2859
2860			retval = sbuf_printf(sb, "</serial_number>\n");
2861
2862			if (retval != 0)
2863				break;
2864
2865			retval = sbuf_printf(sb, "\t<device_id>");
2866
2867			if (retval != 0)
2868				break;
2869
2870			retval = ctl_sbuf_printf_esc(sb,
2871			    lun->be_lun->device_id,
2872			    sizeof(lun->be_lun->device_id));
2873
2874			if (retval != 0)
2875				break;
2876
2877			retval = sbuf_printf(sb, "</device_id>\n");
2878
2879			if (retval != 0)
2880				break;
2881
2882			if (lun->backend->lun_info != NULL) {
2883				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
2884				if (retval != 0)
2885					break;
2886			}
2887			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
2888				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
2889				    opt->name, opt->value, opt->name);
2890				if (retval != 0)
2891					break;
2892			}
2893
2894			retval = sbuf_printf(sb, "</lun>\n");
2895
2896			if (retval != 0)
2897				break;
2898			mtx_unlock(&lun->lun_lock);
2899		}
2900		if (lun != NULL)
2901			mtx_unlock(&lun->lun_lock);
2902		mtx_unlock(&softc->ctl_lock);
2903
2904		if ((retval != 0)
2905		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
2906			retval = 0;
2907			sbuf_delete(sb);
2908			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
2909			snprintf(list->error_str, sizeof(list->error_str),
2910				 "Out of space, %d bytes is too small",
2911				 list->alloc_len);
2912			break;
2913		}
2914
2915		sbuf_finish(sb);
2916
2917		retval = copyout(sbuf_data(sb), list->lun_xml,
2918				 sbuf_len(sb) + 1);
2919
2920		list->fill_len = sbuf_len(sb) + 1;
2921		list->status = CTL_LUN_LIST_OK;
2922		sbuf_delete(sb);
2923		break;
2924	}
2925	case CTL_ISCSI: {
2926		struct ctl_iscsi *ci;
2927		struct ctl_frontend *fe;
2928
2929		ci = (struct ctl_iscsi *)addr;
2930
2931		fe = ctl_frontend_find("iscsi");
2932		if (fe == NULL) {
2933			ci->status = CTL_ISCSI_ERROR;
2934			snprintf(ci->error_str, sizeof(ci->error_str),
2935			    "Frontend \"iscsi\" not found.");
2936			break;
2937		}
2938
2939		retval = fe->ioctl(dev, cmd, addr, flag, td);
2940		break;
2941	}
2942	case CTL_PORT_REQ: {
2943		struct ctl_req *req;
2944		struct ctl_frontend *fe;
2945
2946		req = (struct ctl_req *)addr;
2947
2948		fe = ctl_frontend_find(req->driver);
2949		if (fe == NULL) {
2950			req->status = CTL_LUN_ERROR;
2951			snprintf(req->error_str, sizeof(req->error_str),
2952			    "Frontend \"%s\" not found.", req->driver);
2953			break;
2954		}
2955		if (req->num_args > 0) {
2956			req->kern_args = ctl_copyin_args(req->num_args,
2957			    req->args, req->error_str, sizeof(req->error_str));
2958			if (req->kern_args == NULL) {
2959				req->status = CTL_LUN_ERROR;
2960				break;
2961			}
2962		}
2963
2964		if (fe->ioctl)
2965			retval = fe->ioctl(dev, cmd, addr, flag, td);
2966		else
2967			retval = ENODEV;
2968
2969		if (req->num_args > 0) {
2970			ctl_copyout_args(req->num_args, req->kern_args);
2971			ctl_free_args(req->num_args, req->kern_args);
2972		}
2973		break;
2974	}
2975	case CTL_PORT_LIST: {
2976		struct sbuf *sb;
2977		struct ctl_port *port;
2978		struct ctl_lun_list *list;
2979		struct ctl_option *opt;
2980		int j;
2981		uint32_t plun;
2982
2983		list = (struct ctl_lun_list *)addr;
2984
2985		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2986		if (sb == NULL) {
2987			list->status = CTL_LUN_LIST_ERROR;
2988			snprintf(list->error_str, sizeof(list->error_str),
2989				 "Unable to allocate %d bytes for LUN list",
2990				 list->alloc_len);
2991			break;
2992		}
2993
2994		sbuf_printf(sb, "<ctlportlist>\n");
2995
2996		mtx_lock(&softc->ctl_lock);
2997		STAILQ_FOREACH(port, &softc->port_list, links) {
2998			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
2999					     (uintmax_t)port->targ_port);
3000
3001			/*
3002			 * Bail out as soon as we see that we've overfilled
3003			 * the buffer.
3004			 */
3005			if (retval != 0)
3006				break;
3007
3008			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3009			    "</frontend_type>\n", port->frontend->name);
3010			if (retval != 0)
3011				break;
3012
3013			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3014					     port->port_type);
3015			if (retval != 0)
3016				break;
3017
3018			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3019			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3020			if (retval != 0)
3021				break;
3022
3023			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3024			    port->port_name);
3025			if (retval != 0)
3026				break;
3027
3028			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3029			    port->physical_port);
3030			if (retval != 0)
3031				break;
3032
3033			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3034			    port->virtual_port);
3035			if (retval != 0)
3036				break;
3037
3038			if (port->target_devid != NULL) {
3039				sbuf_printf(sb, "\t<target>");
3040				ctl_id_sbuf(port->target_devid, sb);
3041				sbuf_printf(sb, "</target>\n");
3042			}
3043
3044			if (port->port_devid != NULL) {
3045				sbuf_printf(sb, "\t<port>");
3046				ctl_id_sbuf(port->port_devid, sb);
3047				sbuf_printf(sb, "</port>\n");
3048			}
3049
3050			if (port->port_info != NULL) {
3051				retval = port->port_info(port->onoff_arg, sb);
3052				if (retval != 0)
3053					break;
3054			}
3055			STAILQ_FOREACH(opt, &port->options, links) {
3056				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3057				    opt->name, opt->value, opt->name);
3058				if (retval != 0)
3059					break;
3060			}
3061
3062			if (port->lun_map != NULL) {
3063				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3064				for (j = 0; j < CTL_MAX_LUNS; j++) {
3065					plun = ctl_lun_map_from_port(port, j);
3066					if (plun >= CTL_MAX_LUNS)
3067						continue;
3068					sbuf_printf(sb,
3069					    "\t<lun id=\"%u\">%u</lun>\n",
3070					    j, plun);
3071				}
3072			}
3073
3074			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3075				if (port->wwpn_iid[j].in_use == 0 ||
3076				    (port->wwpn_iid[j].wwpn == 0 &&
3077				     port->wwpn_iid[j].name == NULL))
3078					continue;
3079
3080				if (port->wwpn_iid[j].name != NULL)
3081					retval = sbuf_printf(sb,
3082					    "\t<initiator id=\"%u\">%s</initiator>\n",
3083					    j, port->wwpn_iid[j].name);
3084				else
3085					retval = sbuf_printf(sb,
3086					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3087					    j, port->wwpn_iid[j].wwpn);
3088				if (retval != 0)
3089					break;
3090			}
3091			if (retval != 0)
3092				break;
3093
3094			retval = sbuf_printf(sb, "</targ_port>\n");
3095			if (retval != 0)
3096				break;
3097		}
3098		mtx_unlock(&softc->ctl_lock);
3099
3100		if ((retval != 0)
3101		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3102			retval = 0;
3103			sbuf_delete(sb);
3104			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3105			snprintf(list->error_str, sizeof(list->error_str),
3106				 "Out of space, %d bytes is too small",
3107				 list->alloc_len);
3108			break;
3109		}
3110
3111		sbuf_finish(sb);
3112
3113		retval = copyout(sbuf_data(sb), list->lun_xml,
3114				 sbuf_len(sb) + 1);
3115
3116		list->fill_len = sbuf_len(sb) + 1;
3117		list->status = CTL_LUN_LIST_OK;
3118		sbuf_delete(sb);
3119		break;
3120	}
3121	case CTL_LUN_MAP: {
3122		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3123		struct ctl_port *port;
3124
3125		mtx_lock(&softc->ctl_lock);
3126		if (lm->port < softc->port_min ||
3127		    lm->port >= softc->port_max ||
3128		    (port = softc->ctl_ports[lm->port]) == NULL) {
3129			mtx_unlock(&softc->ctl_lock);
3130			return (ENXIO);
3131		}
3132		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3133		if (lm->plun < CTL_MAX_LUNS) {
3134			if (lm->lun == UINT32_MAX)
3135				retval = ctl_lun_map_unset(port, lm->plun);
3136			else if (lm->lun < CTL_MAX_LUNS &&
3137			    softc->ctl_luns[lm->lun] != NULL)
3138				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3139			else
3140				return (ENXIO);
3141		} else if (lm->plun == UINT32_MAX) {
3142			if (lm->lun == UINT32_MAX)
3143				retval = ctl_lun_map_deinit(port);
3144			else
3145				retval = ctl_lun_map_init(port);
3146		} else
3147			return (ENXIO);
3148		break;
3149	}
3150	default: {
3151		/* XXX KDM should we fix this? */
3152#if 0
3153		struct ctl_backend_driver *backend;
3154		unsigned int type;
3155		int found;
3156
3157		found = 0;
3158
3159		/*
3160		 * We encode the backend type as the ioctl type for backend
3161		 * ioctls.  So parse it out here, and then search for a
3162		 * backend of this type.
3163		 */
3164		type = _IOC_TYPE(cmd);
3165
3166		STAILQ_FOREACH(backend, &softc->be_list, links) {
3167			if (backend->type == type) {
3168				found = 1;
3169				break;
3170			}
3171		}
3172		if (found == 0) {
3173			printf("ctl: unknown ioctl command %#lx or backend "
3174			       "%d\n", cmd, type);
3175			retval = EINVAL;
3176			break;
3177		}
3178		retval = backend->ioctl(dev, cmd, addr, flag, td);
3179#endif
3180		retval = ENOTTY;
3181		break;
3182	}
3183	}
3184	return (retval);
3185}
3186
3187uint32_t
3188ctl_get_initindex(struct ctl_nexus *nexus)
3189{
3190	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3191}
3192
3193int
3194ctl_lun_map_init(struct ctl_port *port)
3195{
3196	struct ctl_softc *softc = control_softc;
3197	struct ctl_lun *lun;
3198	uint32_t i;
3199
3200	if (port->lun_map == NULL)
3201		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3202		    M_CTL, M_NOWAIT);
3203	if (port->lun_map == NULL)
3204		return (ENOMEM);
3205	for (i = 0; i < CTL_MAX_LUNS; i++)
3206		port->lun_map[i] = UINT32_MAX;
3207	if (port->status & CTL_PORT_STATUS_ONLINE) {
3208		if (port->lun_disable != NULL) {
3209			STAILQ_FOREACH(lun, &softc->lun_list, links)
3210				port->lun_disable(port->targ_lun_arg, lun->lun);
3211		}
3212		ctl_isc_announce_port(port);
3213	}
3214	return (0);
3215}
3216
3217int
3218ctl_lun_map_deinit(struct ctl_port *port)
3219{
3220	struct ctl_softc *softc = control_softc;
3221	struct ctl_lun *lun;
3222
3223	if (port->lun_map == NULL)
3224		return (0);
3225	free(port->lun_map, M_CTL);
3226	port->lun_map = NULL;
3227	if (port->status & CTL_PORT_STATUS_ONLINE) {
3228		if (port->lun_enable != NULL) {
3229			STAILQ_FOREACH(lun, &softc->lun_list, links)
3230				port->lun_enable(port->targ_lun_arg, lun->lun);
3231		}
3232		ctl_isc_announce_port(port);
3233	}
3234	return (0);
3235}
3236
3237int
3238ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3239{
3240	int status;
3241	uint32_t old;
3242
3243	if (port->lun_map == NULL) {
3244		status = ctl_lun_map_init(port);
3245		if (status != 0)
3246			return (status);
3247	}
3248	old = port->lun_map[plun];
3249	port->lun_map[plun] = glun;
3250	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3251		if (port->lun_enable != NULL)
3252			port->lun_enable(port->targ_lun_arg, plun);
3253		ctl_isc_announce_port(port);
3254	}
3255	return (0);
3256}
3257
3258int
3259ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3260{
3261	uint32_t old;
3262
3263	if (port->lun_map == NULL)
3264		return (0);
3265	old = port->lun_map[plun];
3266	port->lun_map[plun] = UINT32_MAX;
3267	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3268		if (port->lun_disable != NULL)
3269			port->lun_disable(port->targ_lun_arg, plun);
3270		ctl_isc_announce_port(port);
3271	}
3272	return (0);
3273}
3274
3275uint32_t
3276ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3277{
3278
3279	if (port == NULL)
3280		return (UINT32_MAX);
3281	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3282		return (lun_id);
3283	return (port->lun_map[lun_id]);
3284}
3285
3286uint32_t
3287ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3288{
3289	uint32_t i;
3290
3291	if (port == NULL)
3292		return (UINT32_MAX);
3293	if (port->lun_map == NULL)
3294		return (lun_id);
3295	for (i = 0; i < CTL_MAX_LUNS; i++) {
3296		if (port->lun_map[i] == lun_id)
3297			return (i);
3298	}
3299	return (UINT32_MAX);
3300}
3301
3302static struct ctl_port *
3303ctl_io_port(struct ctl_io_hdr *io_hdr)
3304{
3305
3306	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3307}
3308
3309int
3310ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3311{
3312	int i;
3313
3314	for (i = first; i < last; i++) {
3315		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3316			return (i);
3317	}
3318	return (-1);
3319}
3320
3321int
3322ctl_set_mask(uint32_t *mask, uint32_t bit)
3323{
3324	uint32_t chunk, piece;
3325
3326	chunk = bit >> 5;
3327	piece = bit % (sizeof(uint32_t) * 8);
3328
3329	if ((mask[chunk] & (1 << piece)) != 0)
3330		return (-1);
3331	else
3332		mask[chunk] |= (1 << piece);
3333
3334	return (0);
3335}
3336
3337int
3338ctl_clear_mask(uint32_t *mask, uint32_t bit)
3339{
3340	uint32_t chunk, piece;
3341
3342	chunk = bit >> 5;
3343	piece = bit % (sizeof(uint32_t) * 8);
3344
3345	if ((mask[chunk] & (1 << piece)) == 0)
3346		return (-1);
3347	else
3348		mask[chunk] &= ~(1 << piece);
3349
3350	return (0);
3351}
3352
3353int
3354ctl_is_set(uint32_t *mask, uint32_t bit)
3355{
3356	uint32_t chunk, piece;
3357
3358	chunk = bit >> 5;
3359	piece = bit % (sizeof(uint32_t) * 8);
3360
3361	if ((mask[chunk] & (1 << piece)) == 0)
3362		return (0);
3363	else
3364		return (1);
3365}
3366
3367static uint64_t
3368ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3369{
3370	uint64_t *t;
3371
3372	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3373	if (t == NULL)
3374		return (0);
3375	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3376}
3377
3378static void
3379ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3380{
3381	uint64_t *t;
3382
3383	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3384	if (t == NULL)
3385		return;
3386	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3387}
3388
3389static void
3390ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3391{
3392	uint64_t *p;
3393	u_int i;
3394
3395	i = residx/CTL_MAX_INIT_PER_PORT;
3396	if (lun->pr_keys[i] != NULL)
3397		return;
3398	mtx_unlock(&lun->lun_lock);
3399	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3400	    M_WAITOK | M_ZERO);
3401	mtx_lock(&lun->lun_lock);
3402	if (lun->pr_keys[i] == NULL)
3403		lun->pr_keys[i] = p;
3404	else
3405		free(p, M_CTL);
3406}
3407
3408static void
3409ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3410{
3411	uint64_t *t;
3412
3413	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3414	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3415	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3416}
3417
3418/*
3419 * ctl_softc, pool_name, total_ctl_io are passed in.
3420 * npool is passed out.
3421 */
3422int
3423ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3424		uint32_t total_ctl_io, void **npool)
3425{
3426#ifdef IO_POOLS
3427	struct ctl_io_pool *pool;
3428
3429	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3430					    M_NOWAIT | M_ZERO);
3431	if (pool == NULL)
3432		return (ENOMEM);
3433
3434	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3435	pool->ctl_softc = ctl_softc;
3436	pool->zone = uma_zsecond_create(pool->name, NULL,
3437	    NULL, NULL, NULL, ctl_softc->io_zone);
3438	/* uma_prealloc(pool->zone, total_ctl_io); */
3439
3440	*npool = pool;
3441#else
3442	*npool = ctl_softc->io_zone;
3443#endif
3444	return (0);
3445}
3446
3447void
3448ctl_pool_free(struct ctl_io_pool *pool)
3449{
3450
3451	if (pool == NULL)
3452		return;
3453
3454#ifdef IO_POOLS
3455	uma_zdestroy(pool->zone);
3456	free(pool, M_CTL);
3457#endif
3458}
3459
3460union ctl_io *
3461ctl_alloc_io(void *pool_ref)
3462{
3463	union ctl_io *io;
3464#ifdef IO_POOLS
3465	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3466
3467	io = uma_zalloc(pool->zone, M_WAITOK);
3468#else
3469	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3470#endif
3471	if (io != NULL)
3472		io->io_hdr.pool = pool_ref;
3473	return (io);
3474}
3475
3476union ctl_io *
3477ctl_alloc_io_nowait(void *pool_ref)
3478{
3479	union ctl_io *io;
3480#ifdef IO_POOLS
3481	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3482
3483	io = uma_zalloc(pool->zone, M_NOWAIT);
3484#else
3485	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3486#endif
3487	if (io != NULL)
3488		io->io_hdr.pool = pool_ref;
3489	return (io);
3490}
3491
3492void
3493ctl_free_io(union ctl_io *io)
3494{
3495#ifdef IO_POOLS
3496	struct ctl_io_pool *pool;
3497#endif
3498
3499	if (io == NULL)
3500		return;
3501
3502#ifdef IO_POOLS
3503	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3504	uma_zfree(pool->zone, io);
3505#else
3506	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3507#endif
3508}
3509
3510void
3511ctl_zero_io(union ctl_io *io)
3512{
3513	void *pool_ref;
3514
3515	if (io == NULL)
3516		return;
3517
3518	/*
3519	 * May need to preserve linked list pointers at some point too.
3520	 */
3521	pool_ref = io->io_hdr.pool;
3522	memset(io, 0, sizeof(*io));
3523	io->io_hdr.pool = pool_ref;
3524}
3525
3526/*
3527 * This routine is currently used for internal copies of ctl_ios that need
3528 * to persist for some reason after we've already returned status to the
3529 * FETD.  (Thus the flag set.)
3530 *
3531 * XXX XXX
3532 * Note that this makes a blind copy of all fields in the ctl_io, except
3533 * for the pool reference.  This includes any memory that has been
3534 * allocated!  That memory will no longer be valid after done has been
3535 * called, so this would be VERY DANGEROUS for command that actually does
3536 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3537 * start and stop commands, which don't transfer any data, so this is not a
3538 * problem.  If it is used for anything else, the caller would also need to
3539 * allocate data buffer space and this routine would need to be modified to
3540 * copy the data buffer(s) as well.
3541 */
3542void
3543ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3544{
3545	void *pool_ref;
3546
3547	if ((src == NULL)
3548	 || (dest == NULL))
3549		return;
3550
3551	/*
3552	 * May need to preserve linked list pointers at some point too.
3553	 */
3554	pool_ref = dest->io_hdr.pool;
3555
3556	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3557
3558	dest->io_hdr.pool = pool_ref;
3559	/*
3560	 * We need to know that this is an internal copy, and doesn't need
3561	 * to get passed back to the FETD that allocated it.
3562	 */
3563	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3564}
3565
3566int
3567ctl_expand_number(const char *buf, uint64_t *num)
3568{
3569	char *endptr;
3570	uint64_t number;
3571	unsigned shift;
3572
3573	number = strtoq(buf, &endptr, 0);
3574
3575	switch (tolower((unsigned char)*endptr)) {
3576	case 'e':
3577		shift = 60;
3578		break;
3579	case 'p':
3580		shift = 50;
3581		break;
3582	case 't':
3583		shift = 40;
3584		break;
3585	case 'g':
3586		shift = 30;
3587		break;
3588	case 'm':
3589		shift = 20;
3590		break;
3591	case 'k':
3592		shift = 10;
3593		break;
3594	case 'b':
3595	case '\0': /* No unit. */
3596		*num = number;
3597		return (0);
3598	default:
3599		/* Unrecognized unit. */
3600		return (-1);
3601	}
3602
3603	if ((number << shift) >> shift != number) {
3604		/* Overflow */
3605		return (-1);
3606	}
3607	*num = number << shift;
3608	return (0);
3609}
3610
3611
3612/*
3613 * This routine could be used in the future to load default and/or saved
3614 * mode page parameters for a particuar lun.
3615 */
3616static int
3617ctl_init_page_index(struct ctl_lun *lun)
3618{
3619	int i;
3620	struct ctl_page_index *page_index;
3621	const char *value;
3622	uint64_t ival;
3623
3624	memcpy(&lun->mode_pages.index, page_index_template,
3625	       sizeof(page_index_template));
3626
3627	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3628
3629		page_index = &lun->mode_pages.index[i];
3630		/*
3631		 * If this is a disk-only mode page, there's no point in
3632		 * setting it up.  For some pages, we have to have some
3633		 * basic information about the disk in order to calculate the
3634		 * mode page data.
3635		 */
3636		if ((lun->be_lun->lun_type != T_DIRECT)
3637		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3638			continue;
3639
3640		switch (page_index->page_code & SMPH_PC_MASK) {
3641		case SMS_RW_ERROR_RECOVERY_PAGE: {
3642			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3643				panic("subpage is incorrect!");
3644			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3645			       &rw_er_page_default,
3646			       sizeof(rw_er_page_default));
3647			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3648			       &rw_er_page_changeable,
3649			       sizeof(rw_er_page_changeable));
3650			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3651			       &rw_er_page_default,
3652			       sizeof(rw_er_page_default));
3653			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3654			       &rw_er_page_default,
3655			       sizeof(rw_er_page_default));
3656			page_index->page_data =
3657				(uint8_t *)lun->mode_pages.rw_er_page;
3658			break;
3659		}
3660		case SMS_FORMAT_DEVICE_PAGE: {
3661			struct scsi_format_page *format_page;
3662
3663			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3664				panic("subpage is incorrect!");
3665
3666			/*
3667			 * Sectors per track are set above.  Bytes per
3668			 * sector need to be set here on a per-LUN basis.
3669			 */
3670			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3671			       &format_page_default,
3672			       sizeof(format_page_default));
3673			memcpy(&lun->mode_pages.format_page[
3674			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3675			       sizeof(format_page_changeable));
3676			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3677			       &format_page_default,
3678			       sizeof(format_page_default));
3679			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3680			       &format_page_default,
3681			       sizeof(format_page_default));
3682
3683			format_page = &lun->mode_pages.format_page[
3684				CTL_PAGE_CURRENT];
3685			scsi_ulto2b(lun->be_lun->blocksize,
3686				    format_page->bytes_per_sector);
3687
3688			format_page = &lun->mode_pages.format_page[
3689				CTL_PAGE_DEFAULT];
3690			scsi_ulto2b(lun->be_lun->blocksize,
3691				    format_page->bytes_per_sector);
3692
3693			format_page = &lun->mode_pages.format_page[
3694				CTL_PAGE_SAVED];
3695			scsi_ulto2b(lun->be_lun->blocksize,
3696				    format_page->bytes_per_sector);
3697
3698			page_index->page_data =
3699				(uint8_t *)lun->mode_pages.format_page;
3700			break;
3701		}
3702		case SMS_RIGID_DISK_PAGE: {
3703			struct scsi_rigid_disk_page *rigid_disk_page;
3704			uint32_t sectors_per_cylinder;
3705			uint64_t cylinders;
3706#ifndef	__XSCALE__
3707			int shift;
3708#endif /* !__XSCALE__ */
3709
3710			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3711				panic("invalid subpage value %d",
3712				      page_index->subpage);
3713
3714			/*
3715			 * Rotation rate and sectors per track are set
3716			 * above.  We calculate the cylinders here based on
3717			 * capacity.  Due to the number of heads and
3718			 * sectors per track we're using, smaller arrays
3719			 * may turn out to have 0 cylinders.  Linux and
3720			 * FreeBSD don't pay attention to these mode pages
3721			 * to figure out capacity, but Solaris does.  It
3722			 * seems to deal with 0 cylinders just fine, and
3723			 * works out a fake geometry based on the capacity.
3724			 */
3725			memcpy(&lun->mode_pages.rigid_disk_page[
3726			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3727			       sizeof(rigid_disk_page_default));
3728			memcpy(&lun->mode_pages.rigid_disk_page[
3729			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3730			       sizeof(rigid_disk_page_changeable));
3731
3732			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3733				CTL_DEFAULT_HEADS;
3734
3735			/*
3736			 * The divide method here will be more accurate,
3737			 * probably, but results in floating point being
3738			 * used in the kernel on i386 (__udivdi3()).  On the
3739			 * XScale, though, __udivdi3() is implemented in
3740			 * software.
3741			 *
3742			 * The shift method for cylinder calculation is
3743			 * accurate if sectors_per_cylinder is a power of
3744			 * 2.  Otherwise it might be slightly off -- you
3745			 * might have a bit of a truncation problem.
3746			 */
3747#ifdef	__XSCALE__
3748			cylinders = (lun->be_lun->maxlba + 1) /
3749				sectors_per_cylinder;
3750#else
3751			for (shift = 31; shift > 0; shift--) {
3752				if (sectors_per_cylinder & (1 << shift))
3753					break;
3754			}
3755			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3756#endif
3757
3758			/*
3759			 * We've basically got 3 bytes, or 24 bits for the
3760			 * cylinder size in the mode page.  If we're over,
3761			 * just round down to 2^24.
3762			 */
3763			if (cylinders > 0xffffff)
3764				cylinders = 0xffffff;
3765
3766			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3767				CTL_PAGE_DEFAULT];
3768			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3769
3770			if ((value = ctl_get_opt(&lun->be_lun->options,
3771			    "rpm")) != NULL) {
3772				scsi_ulto2b(strtol(value, NULL, 0),
3773				     rigid_disk_page->rotation_rate);
3774			}
3775
3776			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3777			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3778			       sizeof(rigid_disk_page_default));
3779			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3780			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3781			       sizeof(rigid_disk_page_default));
3782
3783			page_index->page_data =
3784				(uint8_t *)lun->mode_pages.rigid_disk_page;
3785			break;
3786		}
3787		case SMS_CACHING_PAGE: {
3788			struct scsi_caching_page *caching_page;
3789
3790			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3791				panic("invalid subpage value %d",
3792				      page_index->subpage);
3793			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3794			       &caching_page_default,
3795			       sizeof(caching_page_default));
3796			memcpy(&lun->mode_pages.caching_page[
3797			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3798			       sizeof(caching_page_changeable));
3799			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3800			       &caching_page_default,
3801			       sizeof(caching_page_default));
3802			caching_page = &lun->mode_pages.caching_page[
3803			    CTL_PAGE_SAVED];
3804			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3805			if (value != NULL && strcmp(value, "off") == 0)
3806				caching_page->flags1 &= ~SCP_WCE;
3807			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3808			if (value != NULL && strcmp(value, "off") == 0)
3809				caching_page->flags1 |= SCP_RCD;
3810			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3811			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3812			       sizeof(caching_page_default));
3813			page_index->page_data =
3814				(uint8_t *)lun->mode_pages.caching_page;
3815			break;
3816		}
3817		case SMS_CONTROL_MODE_PAGE: {
3818			struct scsi_control_page *control_page;
3819
3820			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3821				panic("invalid subpage value %d",
3822				      page_index->subpage);
3823
3824			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
3825			       &control_page_default,
3826			       sizeof(control_page_default));
3827			memcpy(&lun->mode_pages.control_page[
3828			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
3829			       sizeof(control_page_changeable));
3830			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
3831			       &control_page_default,
3832			       sizeof(control_page_default));
3833			control_page = &lun->mode_pages.control_page[
3834			    CTL_PAGE_SAVED];
3835			value = ctl_get_opt(&lun->be_lun->options, "reordering");
3836			if (value != NULL && strcmp(value, "unrestricted") == 0) {
3837				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
3838				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
3839			}
3840			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3841			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
3842			       sizeof(control_page_default));
3843			page_index->page_data =
3844				(uint8_t *)lun->mode_pages.control_page;
3845			break;
3846
3847		}
3848		case SMS_INFO_EXCEPTIONS_PAGE: {
3849			switch (page_index->subpage) {
3850			case SMS_SUBPAGE_PAGE_0:
3851				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
3852				       &ie_page_default,
3853				       sizeof(ie_page_default));
3854				memcpy(&lun->mode_pages.ie_page[
3855				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
3856				       sizeof(ie_page_changeable));
3857				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
3858				       &ie_page_default,
3859				       sizeof(ie_page_default));
3860				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
3861				       &ie_page_default,
3862				       sizeof(ie_page_default));
3863				page_index->page_data =
3864					(uint8_t *)lun->mode_pages.ie_page;
3865				break;
3866			case 0x02: {
3867				struct ctl_logical_block_provisioning_page *page;
3868
3869				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
3870				       &lbp_page_default,
3871				       sizeof(lbp_page_default));
3872				memcpy(&lun->mode_pages.lbp_page[
3873				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
3874				       sizeof(lbp_page_changeable));
3875				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3876				       &lbp_page_default,
3877				       sizeof(lbp_page_default));
3878				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
3879				value = ctl_get_opt(&lun->be_lun->options,
3880				    "avail-threshold");
3881				if (value != NULL &&
3882				    ctl_expand_number(value, &ival) == 0) {
3883					page->descr[0].flags |= SLBPPD_ENABLED |
3884					    SLBPPD_ARMING_DEC;
3885					if (lun->be_lun->blocksize)
3886						ival /= lun->be_lun->blocksize;
3887					else
3888						ival /= 512;
3889					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3890					    page->descr[0].count);
3891				}
3892				value = ctl_get_opt(&lun->be_lun->options,
3893				    "used-threshold");
3894				if (value != NULL &&
3895				    ctl_expand_number(value, &ival) == 0) {
3896					page->descr[1].flags |= SLBPPD_ENABLED |
3897					    SLBPPD_ARMING_INC;
3898					if (lun->be_lun->blocksize)
3899						ival /= lun->be_lun->blocksize;
3900					else
3901						ival /= 512;
3902					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3903					    page->descr[1].count);
3904				}
3905				value = ctl_get_opt(&lun->be_lun->options,
3906				    "pool-avail-threshold");
3907				if (value != NULL &&
3908				    ctl_expand_number(value, &ival) == 0) {
3909					page->descr[2].flags |= SLBPPD_ENABLED |
3910					    SLBPPD_ARMING_DEC;
3911					if (lun->be_lun->blocksize)
3912						ival /= lun->be_lun->blocksize;
3913					else
3914						ival /= 512;
3915					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3916					    page->descr[2].count);
3917				}
3918				value = ctl_get_opt(&lun->be_lun->options,
3919				    "pool-used-threshold");
3920				if (value != NULL &&
3921				    ctl_expand_number(value, &ival) == 0) {
3922					page->descr[3].flags |= SLBPPD_ENABLED |
3923					    SLBPPD_ARMING_INC;
3924					if (lun->be_lun->blocksize)
3925						ival /= lun->be_lun->blocksize;
3926					else
3927						ival /= 512;
3928					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3929					    page->descr[3].count);
3930				}
3931				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
3932				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3933				       sizeof(lbp_page_default));
3934				page_index->page_data =
3935					(uint8_t *)lun->mode_pages.lbp_page;
3936			}}
3937			break;
3938		}
3939		case SMS_VENDOR_SPECIFIC_PAGE:{
3940			switch (page_index->subpage) {
3941			case DBGCNF_SUBPAGE_CODE: {
3942				struct copan_debugconf_subpage *current_page,
3943							       *saved_page;
3944
3945				memcpy(&lun->mode_pages.debugconf_subpage[
3946				       CTL_PAGE_CURRENT],
3947				       &debugconf_page_default,
3948				       sizeof(debugconf_page_default));
3949				memcpy(&lun->mode_pages.debugconf_subpage[
3950				       CTL_PAGE_CHANGEABLE],
3951				       &debugconf_page_changeable,
3952				       sizeof(debugconf_page_changeable));
3953				memcpy(&lun->mode_pages.debugconf_subpage[
3954				       CTL_PAGE_DEFAULT],
3955				       &debugconf_page_default,
3956				       sizeof(debugconf_page_default));
3957				memcpy(&lun->mode_pages.debugconf_subpage[
3958				       CTL_PAGE_SAVED],
3959				       &debugconf_page_default,
3960				       sizeof(debugconf_page_default));
3961				page_index->page_data =
3962					(uint8_t *)lun->mode_pages.debugconf_subpage;
3963
3964				current_page = (struct copan_debugconf_subpage *)
3965					(page_index->page_data +
3966					 (page_index->page_len *
3967					  CTL_PAGE_CURRENT));
3968				saved_page = (struct copan_debugconf_subpage *)
3969					(page_index->page_data +
3970					 (page_index->page_len *
3971					  CTL_PAGE_SAVED));
3972				break;
3973			}
3974			default:
3975				panic("invalid subpage value %d",
3976				      page_index->subpage);
3977				break;
3978			}
3979   			break;
3980		}
3981		default:
3982			panic("invalid page value %d",
3983			      page_index->page_code & SMPH_PC_MASK);
3984			break;
3985    	}
3986	}
3987
3988	return (CTL_RETVAL_COMPLETE);
3989}
3990
3991static int
3992ctl_init_log_page_index(struct ctl_lun *lun)
3993{
3994	struct ctl_page_index *page_index;
3995	int i, j, k, prev;
3996
3997	memcpy(&lun->log_pages.index, log_page_index_template,
3998	       sizeof(log_page_index_template));
3999
4000	prev = -1;
4001	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4002
4003		page_index = &lun->log_pages.index[i];
4004		/*
4005		 * If this is a disk-only mode page, there's no point in
4006		 * setting it up.  For some pages, we have to have some
4007		 * basic information about the disk in order to calculate the
4008		 * mode page data.
4009		 */
4010		if ((lun->be_lun->lun_type != T_DIRECT)
4011		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4012			continue;
4013
4014		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4015		     lun->backend->lun_attr == NULL)
4016			continue;
4017
4018		if (page_index->page_code != prev) {
4019			lun->log_pages.pages_page[j] = page_index->page_code;
4020			prev = page_index->page_code;
4021			j++;
4022		}
4023		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4024		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4025		k++;
4026	}
4027	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4028	lun->log_pages.index[0].page_len = j;
4029	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4030	lun->log_pages.index[1].page_len = k * 2;
4031	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4032	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4033	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4034	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4035
4036	return (CTL_RETVAL_COMPLETE);
4037}
4038
4039static int
4040hex2bin(const char *str, uint8_t *buf, int buf_size)
4041{
4042	int i;
4043	u_char c;
4044
4045	memset(buf, 0, buf_size);
4046	while (isspace(str[0]))
4047		str++;
4048	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4049		str += 2;
4050	buf_size *= 2;
4051	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4052		c = str[i];
4053		if (isdigit(c))
4054			c -= '0';
4055		else if (isalpha(c))
4056			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4057		else
4058			break;
4059		if (c >= 16)
4060			break;
4061		if ((i & 1) == 0)
4062			buf[i / 2] |= (c << 4);
4063		else
4064			buf[i / 2] |= c;
4065	}
4066	return ((i + 1) / 2);
4067}
4068
4069/*
4070 * LUN allocation.
4071 *
4072 * Requirements:
4073 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4074 *   wants us to allocate the LUN and he can block.
4075 * - ctl_softc is always set
4076 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4077 *
4078 * Returns 0 for success, non-zero (errno) for failure.
4079 */
4080static int
4081ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4082	      struct ctl_be_lun *const be_lun)
4083{
4084	struct ctl_lun *nlun, *lun;
4085	struct scsi_vpd_id_descriptor *desc;
4086	struct scsi_vpd_id_t10 *t10id;
4087	const char *eui, *naa, *scsiname, *vendor;
4088	int lun_number, i, lun_malloced;
4089	int devidlen, idlen1, idlen2 = 0, len;
4090
4091	if (be_lun == NULL)
4092		return (EINVAL);
4093
4094	/*
4095	 * We currently only support Direct Access or Processor LUN types.
4096	 */
4097	switch (be_lun->lun_type) {
4098	case T_DIRECT:
4099		break;
4100	case T_PROCESSOR:
4101		break;
4102	case T_SEQUENTIAL:
4103	case T_CHANGER:
4104	default:
4105		be_lun->lun_config_status(be_lun->be_lun,
4106					  CTL_LUN_CONFIG_FAILURE);
4107		break;
4108	}
4109	if (ctl_lun == NULL) {
4110		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4111		lun_malloced = 1;
4112	} else {
4113		lun_malloced = 0;
4114		lun = ctl_lun;
4115	}
4116
4117	memset(lun, 0, sizeof(*lun));
4118	if (lun_malloced)
4119		lun->flags = CTL_LUN_MALLOCED;
4120
4121	/* Generate LUN ID. */
4122	devidlen = max(CTL_DEVID_MIN_LEN,
4123	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4124	idlen1 = sizeof(*t10id) + devidlen;
4125	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4126	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4127	if (scsiname != NULL) {
4128		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4129		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4130	}
4131	eui = ctl_get_opt(&be_lun->options, "eui");
4132	if (eui != NULL) {
4133		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4134	}
4135	naa = ctl_get_opt(&be_lun->options, "naa");
4136	if (naa != NULL) {
4137		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4138	}
4139	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4140	    M_CTL, M_WAITOK | M_ZERO);
4141	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4142	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4143	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4144	desc->length = idlen1;
4145	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4146	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4147	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4148		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4149	} else {
4150		strncpy(t10id->vendor, vendor,
4151		    min(sizeof(t10id->vendor), strlen(vendor)));
4152	}
4153	strncpy((char *)t10id->vendor_spec_id,
4154	    (char *)be_lun->device_id, devidlen);
4155	if (scsiname != NULL) {
4156		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4157		    desc->length);
4158		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4159		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4160		    SVPD_ID_TYPE_SCSI_NAME;
4161		desc->length = idlen2;
4162		strlcpy(desc->identifier, scsiname, idlen2);
4163	}
4164	if (eui != NULL) {
4165		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4166		    desc->length);
4167		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4168		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4169		    SVPD_ID_TYPE_EUI64;
4170		desc->length = hex2bin(eui, desc->identifier, 16);
4171		desc->length = desc->length > 12 ? 16 :
4172		    (desc->length > 8 ? 12 : 8);
4173		len -= 16 - desc->length;
4174	}
4175	if (naa != NULL) {
4176		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4177		    desc->length);
4178		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4179		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4180		    SVPD_ID_TYPE_NAA;
4181		desc->length = hex2bin(naa, desc->identifier, 16);
4182		desc->length = desc->length > 8 ? 16 : 8;
4183		len -= 16 - desc->length;
4184	}
4185	lun->lun_devid->len = len;
4186
4187	mtx_lock(&ctl_softc->ctl_lock);
4188	/*
4189	 * See if the caller requested a particular LUN number.  If so, see
4190	 * if it is available.  Otherwise, allocate the first available LUN.
4191	 */
4192	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4193		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4194		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4195			mtx_unlock(&ctl_softc->ctl_lock);
4196			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4197				printf("ctl: requested LUN ID %d is higher "
4198				       "than CTL_MAX_LUNS - 1 (%d)\n",
4199				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4200			} else {
4201				/*
4202				 * XXX KDM return an error, or just assign
4203				 * another LUN ID in this case??
4204				 */
4205				printf("ctl: requested LUN ID %d is already "
4206				       "in use\n", be_lun->req_lun_id);
4207			}
4208			if (lun->flags & CTL_LUN_MALLOCED)
4209				free(lun, M_CTL);
4210			be_lun->lun_config_status(be_lun->be_lun,
4211						  CTL_LUN_CONFIG_FAILURE);
4212			return (ENOSPC);
4213		}
4214		lun_number = be_lun->req_lun_id;
4215	} else {
4216		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4217		if (lun_number == -1) {
4218			mtx_unlock(&ctl_softc->ctl_lock);
4219			printf("ctl: can't allocate LUN, out of LUNs\n");
4220			if (lun->flags & CTL_LUN_MALLOCED)
4221				free(lun, M_CTL);
4222			be_lun->lun_config_status(be_lun->be_lun,
4223						  CTL_LUN_CONFIG_FAILURE);
4224			return (ENOSPC);
4225		}
4226	}
4227	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4228
4229	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4230	lun->lun = lun_number;
4231	lun->be_lun = be_lun;
4232	/*
4233	 * The processor LUN is always enabled.  Disk LUNs come on line
4234	 * disabled, and must be enabled by the backend.
4235	 */
4236	lun->flags |= CTL_LUN_DISABLED;
4237	lun->backend = be_lun->be;
4238	be_lun->ctl_lun = lun;
4239	be_lun->lun_id = lun_number;
4240	atomic_add_int(&be_lun->be->num_luns, 1);
4241	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4242		lun->flags |= CTL_LUN_OFFLINE;
4243
4244	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4245		lun->flags |= CTL_LUN_STOPPED;
4246
4247	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4248		lun->flags |= CTL_LUN_INOPERABLE;
4249
4250	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4251		lun->flags |= CTL_LUN_PRIMARY_SC;
4252
4253	lun->ctl_softc = ctl_softc;
4254#ifdef CTL_TIME_IO
4255	lun->last_busy = getsbinuptime();
4256#endif
4257	TAILQ_INIT(&lun->ooa_queue);
4258	TAILQ_INIT(&lun->blocked_queue);
4259	STAILQ_INIT(&lun->error_list);
4260	ctl_tpc_lun_init(lun);
4261
4262	/*
4263	 * Initialize the mode and log page index.
4264	 */
4265	ctl_init_page_index(lun);
4266	ctl_init_log_page_index(lun);
4267
4268	/*
4269	 * Now, before we insert this lun on the lun list, set the lun
4270	 * inventory changed UA for all other luns.
4271	 */
4272	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4273		mtx_lock(&nlun->lun_lock);
4274		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4275		mtx_unlock(&nlun->lun_lock);
4276	}
4277
4278	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4279
4280	ctl_softc->ctl_luns[lun_number] = lun;
4281
4282	ctl_softc->num_luns++;
4283
4284	/* Setup statistics gathering */
4285	lun->stats.device_type = be_lun->lun_type;
4286	lun->stats.lun_number = lun_number;
4287	if (lun->stats.device_type == T_DIRECT)
4288		lun->stats.blocksize = be_lun->blocksize;
4289	else
4290		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4291	for (i = 0;i < CTL_MAX_PORTS;i++)
4292		lun->stats.ports[i].targ_port = i;
4293
4294	mtx_unlock(&ctl_softc->ctl_lock);
4295
4296	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4297	return (0);
4298}
4299
4300/*
4301 * Delete a LUN.
4302 * Assumptions:
4303 * - LUN has already been marked invalid and any pending I/O has been taken
4304 *   care of.
4305 */
4306static int
4307ctl_free_lun(struct ctl_lun *lun)
4308{
4309	struct ctl_softc *softc;
4310	struct ctl_lun *nlun;
4311	int i;
4312
4313	softc = lun->ctl_softc;
4314
4315	mtx_assert(&softc->ctl_lock, MA_OWNED);
4316
4317	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4318
4319	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4320
4321	softc->ctl_luns[lun->lun] = NULL;
4322
4323	if (!TAILQ_EMPTY(&lun->ooa_queue))
4324		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4325
4326	softc->num_luns--;
4327
4328	/*
4329	 * Tell the backend to free resources, if this LUN has a backend.
4330	 */
4331	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4332	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4333
4334	ctl_tpc_lun_shutdown(lun);
4335	mtx_destroy(&lun->lun_lock);
4336	free(lun->lun_devid, M_CTL);
4337	for (i = 0; i < CTL_MAX_PORTS; i++)
4338		free(lun->pending_ua[i], M_CTL);
4339	for (i = 0; i < CTL_MAX_PORTS; i++)
4340		free(lun->pr_keys[i], M_CTL);
4341	free(lun->write_buffer, M_CTL);
4342	if (lun->flags & CTL_LUN_MALLOCED)
4343		free(lun, M_CTL);
4344
4345	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4346		mtx_lock(&nlun->lun_lock);
4347		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4348		mtx_unlock(&nlun->lun_lock);
4349	}
4350
4351	return (0);
4352}
4353
4354static void
4355ctl_create_lun(struct ctl_be_lun *be_lun)
4356{
4357	struct ctl_softc *softc;
4358
4359	softc = control_softc;
4360
4361	/*
4362	 * ctl_alloc_lun() should handle all potential failure cases.
4363	 */
4364	ctl_alloc_lun(softc, NULL, be_lun);
4365}
4366
4367int
4368ctl_add_lun(struct ctl_be_lun *be_lun)
4369{
4370	struct ctl_softc *softc = control_softc;
4371
4372	mtx_lock(&softc->ctl_lock);
4373	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4374	mtx_unlock(&softc->ctl_lock);
4375	wakeup(&softc->pending_lun_queue);
4376
4377	return (0);
4378}
4379
4380int
4381ctl_enable_lun(struct ctl_be_lun *be_lun)
4382{
4383	struct ctl_softc *softc;
4384	struct ctl_port *port, *nport;
4385	struct ctl_lun *lun;
4386	int retval;
4387
4388	lun = (struct ctl_lun *)be_lun->ctl_lun;
4389	softc = lun->ctl_softc;
4390
4391	mtx_lock(&softc->ctl_lock);
4392	mtx_lock(&lun->lun_lock);
4393	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4394		/*
4395		 * eh?  Why did we get called if the LUN is already
4396		 * enabled?
4397		 */
4398		mtx_unlock(&lun->lun_lock);
4399		mtx_unlock(&softc->ctl_lock);
4400		return (0);
4401	}
4402	lun->flags &= ~CTL_LUN_DISABLED;
4403	mtx_unlock(&lun->lun_lock);
4404
4405	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4406		nport = STAILQ_NEXT(port, links);
4407		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4408		    port->lun_map != NULL || port->lun_enable == NULL)
4409			continue;
4410
4411		/*
4412		 * Drop the lock while we call the FETD's enable routine.
4413		 * This can lead to a callback into CTL (at least in the
4414		 * case of the internal initiator frontend.
4415		 */
4416		mtx_unlock(&softc->ctl_lock);
4417		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4418		mtx_lock(&softc->ctl_lock);
4419		if (retval != 0) {
4420			printf("%s: FETD %s port %d returned error "
4421			       "%d for lun_enable on lun %jd\n",
4422			       __func__, port->port_name, port->targ_port,
4423			       retval, (intmax_t)lun->lun);
4424		}
4425	}
4426
4427	mtx_unlock(&softc->ctl_lock);
4428	ctl_isc_announce_lun(lun);
4429
4430	return (0);
4431}
4432
4433int
4434ctl_disable_lun(struct ctl_be_lun *be_lun)
4435{
4436	struct ctl_softc *softc;
4437	struct ctl_port *port;
4438	struct ctl_lun *lun;
4439	int retval;
4440
4441	lun = (struct ctl_lun *)be_lun->ctl_lun;
4442	softc = lun->ctl_softc;
4443
4444	mtx_lock(&softc->ctl_lock);
4445	mtx_lock(&lun->lun_lock);
4446	if (lun->flags & CTL_LUN_DISABLED) {
4447		mtx_unlock(&lun->lun_lock);
4448		mtx_unlock(&softc->ctl_lock);
4449		return (0);
4450	}
4451	lun->flags |= CTL_LUN_DISABLED;
4452	mtx_unlock(&lun->lun_lock);
4453
4454	STAILQ_FOREACH(port, &softc->port_list, links) {
4455		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4456		    port->lun_map != NULL || port->lun_disable == NULL)
4457			continue;
4458
4459		/*
4460		 * Drop the lock before we call the frontend's disable
4461		 * routine, to avoid lock order reversals.
4462		 *
4463		 * XXX KDM what happens if the frontend list changes while
4464		 * we're traversing it?  It's unlikely, but should be handled.
4465		 */
4466		mtx_unlock(&softc->ctl_lock);
4467		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4468		mtx_lock(&softc->ctl_lock);
4469		if (retval != 0) {
4470			printf("%s: FETD %s port %d returned error "
4471			       "%d for lun_disable on lun %jd\n",
4472			       __func__, port->port_name, port->targ_port,
4473			       retval, (intmax_t)lun->lun);
4474		}
4475	}
4476
4477	mtx_unlock(&softc->ctl_lock);
4478	ctl_isc_announce_lun(lun);
4479
4480	return (0);
4481}
4482
4483int
4484ctl_start_lun(struct ctl_be_lun *be_lun)
4485{
4486	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4487
4488	mtx_lock(&lun->lun_lock);
4489	lun->flags &= ~CTL_LUN_STOPPED;
4490	mtx_unlock(&lun->lun_lock);
4491	return (0);
4492}
4493
4494int
4495ctl_stop_lun(struct ctl_be_lun *be_lun)
4496{
4497	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4498
4499	mtx_lock(&lun->lun_lock);
4500	lun->flags |= CTL_LUN_STOPPED;
4501	mtx_unlock(&lun->lun_lock);
4502	return (0);
4503}
4504
4505int
4506ctl_lun_offline(struct ctl_be_lun *be_lun)
4507{
4508	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4509
4510	mtx_lock(&lun->lun_lock);
4511	lun->flags |= CTL_LUN_OFFLINE;
4512	mtx_unlock(&lun->lun_lock);
4513	return (0);
4514}
4515
4516int
4517ctl_lun_online(struct ctl_be_lun *be_lun)
4518{
4519	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4520
4521	mtx_lock(&lun->lun_lock);
4522	lun->flags &= ~CTL_LUN_OFFLINE;
4523	mtx_unlock(&lun->lun_lock);
4524	return (0);
4525}
4526
4527int
4528ctl_lun_primary(struct ctl_be_lun *be_lun)
4529{
4530	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4531
4532	mtx_lock(&lun->lun_lock);
4533	lun->flags |= CTL_LUN_PRIMARY_SC;
4534	mtx_unlock(&lun->lun_lock);
4535	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4536	ctl_isc_announce_lun(lun);
4537	return (0);
4538}
4539
4540int
4541ctl_lun_secondary(struct ctl_be_lun *be_lun)
4542{
4543	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4544
4545	mtx_lock(&lun->lun_lock);
4546	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4547	mtx_unlock(&lun->lun_lock);
4548	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4549	ctl_isc_announce_lun(lun);
4550	return (0);
4551}
4552
4553int
4554ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4555{
4556	struct ctl_softc *softc;
4557	struct ctl_lun *lun;
4558
4559	lun = (struct ctl_lun *)be_lun->ctl_lun;
4560	softc = lun->ctl_softc;
4561
4562	mtx_lock(&lun->lun_lock);
4563
4564	/*
4565	 * The LUN needs to be disabled before it can be marked invalid.
4566	 */
4567	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4568		mtx_unlock(&lun->lun_lock);
4569		return (-1);
4570	}
4571	/*
4572	 * Mark the LUN invalid.
4573	 */
4574	lun->flags |= CTL_LUN_INVALID;
4575
4576	/*
4577	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4578	 * If we have something in the OOA queue, we'll free it when the
4579	 * last I/O completes.
4580	 */
4581	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4582		mtx_unlock(&lun->lun_lock);
4583		mtx_lock(&softc->ctl_lock);
4584		ctl_free_lun(lun);
4585		mtx_unlock(&softc->ctl_lock);
4586	} else
4587		mtx_unlock(&lun->lun_lock);
4588
4589	return (0);
4590}
4591
4592int
4593ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4594{
4595	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4596
4597	mtx_lock(&lun->lun_lock);
4598	lun->flags |= CTL_LUN_INOPERABLE;
4599	mtx_unlock(&lun->lun_lock);
4600	return (0);
4601}
4602
4603int
4604ctl_lun_operable(struct ctl_be_lun *be_lun)
4605{
4606	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4607
4608	mtx_lock(&lun->lun_lock);
4609	lun->flags &= ~CTL_LUN_INOPERABLE;
4610	mtx_unlock(&lun->lun_lock);
4611	return (0);
4612}
4613
4614void
4615ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4616{
4617	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4618	union ctl_ha_msg msg;
4619
4620	mtx_lock(&lun->lun_lock);
4621	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4622	mtx_unlock(&lun->lun_lock);
4623	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4624		/* Send msg to other side. */
4625		bzero(&msg.ua, sizeof(msg.ua));
4626		msg.hdr.msg_type = CTL_MSG_UA;
4627		msg.hdr.nexus.initid = -1;
4628		msg.hdr.nexus.targ_port = -1;
4629		msg.hdr.nexus.targ_lun = lun->lun;
4630		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4631		msg.ua.ua_all = 1;
4632		msg.ua.ua_set = 1;
4633		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4634		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4635		    M_WAITOK);
4636	}
4637}
4638
4639/*
4640 * Backend "memory move is complete" callback for requests that never
4641 * make it down to say RAIDCore's configuration code.
4642 */
4643int
4644ctl_config_move_done(union ctl_io *io)
4645{
4646	int retval;
4647
4648	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4649	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4650	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4651
4652	if ((io->io_hdr.port_status != 0) &&
4653	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4654	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4655		/*
4656		 * For hardware error sense keys, the sense key
4657		 * specific value is defined to be a retry count,
4658		 * but we use it to pass back an internal FETD
4659		 * error code.  XXX KDM  Hopefully the FETD is only
4660		 * using 16 bits for an error code, since that's
4661		 * all the space we have in the sks field.
4662		 */
4663		ctl_set_internal_failure(&io->scsiio,
4664					 /*sks_valid*/ 1,
4665					 /*retry_count*/
4666					 io->io_hdr.port_status);
4667	}
4668
4669	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4670		ctl_data_print(io);
4671	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4672	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4673	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4674	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4675		/*
4676		 * XXX KDM just assuming a single pointer here, and not a
4677		 * S/G list.  If we start using S/G lists for config data,
4678		 * we'll need to know how to clean them up here as well.
4679		 */
4680		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4681			free(io->scsiio.kern_data_ptr, M_CTL);
4682		ctl_done(io);
4683		retval = CTL_RETVAL_COMPLETE;
4684	} else {
4685		/*
4686		 * XXX KDM now we need to continue data movement.  Some
4687		 * options:
4688		 * - call ctl_scsiio() again?  We don't do this for data
4689		 *   writes, because for those at least we know ahead of
4690		 *   time where the write will go and how long it is.  For
4691		 *   config writes, though, that information is largely
4692		 *   contained within the write itself, thus we need to
4693		 *   parse out the data again.
4694		 *
4695		 * - Call some other function once the data is in?
4696		 */
4697
4698		/*
4699		 * XXX KDM call ctl_scsiio() again for now, and check flag
4700		 * bits to see whether we're allocated or not.
4701		 */
4702		retval = ctl_scsiio(&io->scsiio);
4703	}
4704	return (retval);
4705}
4706
4707/*
4708 * This gets called by a backend driver when it is done with a
4709 * data_submit method.
4710 */
4711void
4712ctl_data_submit_done(union ctl_io *io)
4713{
4714	/*
4715	 * If the IO_CONT flag is set, we need to call the supplied
4716	 * function to continue processing the I/O, instead of completing
4717	 * the I/O just yet.
4718	 *
4719	 * If there is an error, though, we don't want to keep processing.
4720	 * Instead, just send status back to the initiator.
4721	 */
4722	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4723	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4724	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4725	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4726		io->scsiio.io_cont(io);
4727		return;
4728	}
4729	ctl_done(io);
4730}
4731
4732/*
4733 * This gets called by a backend driver when it is done with a
4734 * configuration write.
4735 */
4736void
4737ctl_config_write_done(union ctl_io *io)
4738{
4739	uint8_t *buf;
4740
4741	/*
4742	 * If the IO_CONT flag is set, we need to call the supplied
4743	 * function to continue processing the I/O, instead of completing
4744	 * the I/O just yet.
4745	 *
4746	 * If there is an error, though, we don't want to keep processing.
4747	 * Instead, just send status back to the initiator.
4748	 */
4749	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4750	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4751	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4752	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4753		io->scsiio.io_cont(io);
4754		return;
4755	}
4756	/*
4757	 * Since a configuration write can be done for commands that actually
4758	 * have data allocated, like write buffer, and commands that have
4759	 * no data, like start/stop unit, we need to check here.
4760	 */
4761	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4762		buf = io->scsiio.kern_data_ptr;
4763	else
4764		buf = NULL;
4765	ctl_done(io);
4766	if (buf)
4767		free(buf, M_CTL);
4768}
4769
4770void
4771ctl_config_read_done(union ctl_io *io)
4772{
4773	uint8_t *buf;
4774
4775	/*
4776	 * If there is some error -- we are done, skip data transfer.
4777	 */
4778	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4779	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4780	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4781		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4782			buf = io->scsiio.kern_data_ptr;
4783		else
4784			buf = NULL;
4785		ctl_done(io);
4786		if (buf)
4787			free(buf, M_CTL);
4788		return;
4789	}
4790
4791	/*
4792	 * If the IO_CONT flag is set, we need to call the supplied
4793	 * function to continue processing the I/O, instead of completing
4794	 * the I/O just yet.
4795	 */
4796	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4797		io->scsiio.io_cont(io);
4798		return;
4799	}
4800
4801	ctl_datamove(io);
4802}
4803
4804/*
4805 * SCSI release command.
4806 */
4807int
4808ctl_scsi_release(struct ctl_scsiio *ctsio)
4809{
4810	int length, longid, thirdparty_id, resv_id;
4811	struct ctl_lun *lun;
4812	uint32_t residx;
4813
4814	length = 0;
4815	resv_id = 0;
4816
4817	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4818
4819	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4820	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4821
4822	switch (ctsio->cdb[0]) {
4823	case RELEASE_10: {
4824		struct scsi_release_10 *cdb;
4825
4826		cdb = (struct scsi_release_10 *)ctsio->cdb;
4827
4828		if (cdb->byte2 & SR10_LONGID)
4829			longid = 1;
4830		else
4831			thirdparty_id = cdb->thirdparty_id;
4832
4833		resv_id = cdb->resv_id;
4834		length = scsi_2btoul(cdb->length);
4835		break;
4836	}
4837	}
4838
4839
4840	/*
4841	 * XXX KDM right now, we only support LUN reservation.  We don't
4842	 * support 3rd party reservations, or extent reservations, which
4843	 * might actually need the parameter list.  If we've gotten this
4844	 * far, we've got a LUN reservation.  Anything else got kicked out
4845	 * above.  So, according to SPC, ignore the length.
4846	 */
4847	length = 0;
4848
4849	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4850	 && (length > 0)) {
4851		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4852		ctsio->kern_data_len = length;
4853		ctsio->kern_total_len = length;
4854		ctsio->kern_data_resid = 0;
4855		ctsio->kern_rel_offset = 0;
4856		ctsio->kern_sg_entries = 0;
4857		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4858		ctsio->be_move_done = ctl_config_move_done;
4859		ctl_datamove((union ctl_io *)ctsio);
4860
4861		return (CTL_RETVAL_COMPLETE);
4862	}
4863
4864	if (length > 0)
4865		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4866
4867	mtx_lock(&lun->lun_lock);
4868
4869	/*
4870	 * According to SPC, it is not an error for an intiator to attempt
4871	 * to release a reservation on a LUN that isn't reserved, or that
4872	 * is reserved by another initiator.  The reservation can only be
4873	 * released, though, by the initiator who made it or by one of
4874	 * several reset type events.
4875	 */
4876	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
4877			lun->flags &= ~CTL_LUN_RESERVED;
4878
4879	mtx_unlock(&lun->lun_lock);
4880
4881	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4882		free(ctsio->kern_data_ptr, M_CTL);
4883		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4884	}
4885
4886	ctl_set_success(ctsio);
4887	ctl_done((union ctl_io *)ctsio);
4888	return (CTL_RETVAL_COMPLETE);
4889}
4890
4891int
4892ctl_scsi_reserve(struct ctl_scsiio *ctsio)
4893{
4894	int extent, thirdparty, longid;
4895	int resv_id, length;
4896	uint64_t thirdparty_id;
4897	struct ctl_lun *lun;
4898	uint32_t residx;
4899
4900	extent = 0;
4901	thirdparty = 0;
4902	longid = 0;
4903	resv_id = 0;
4904	length = 0;
4905	thirdparty_id = 0;
4906
4907	CTL_DEBUG_PRINT(("ctl_reserve\n"));
4908
4909	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4910	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4911
4912	switch (ctsio->cdb[0]) {
4913	case RESERVE_10: {
4914		struct scsi_reserve_10 *cdb;
4915
4916		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
4917
4918		if (cdb->byte2 & SR10_LONGID)
4919			longid = 1;
4920		else
4921			thirdparty_id = cdb->thirdparty_id;
4922
4923		resv_id = cdb->resv_id;
4924		length = scsi_2btoul(cdb->length);
4925		break;
4926	}
4927	}
4928
4929	/*
4930	 * XXX KDM right now, we only support LUN reservation.  We don't
4931	 * support 3rd party reservations, or extent reservations, which
4932	 * might actually need the parameter list.  If we've gotten this
4933	 * far, we've got a LUN reservation.  Anything else got kicked out
4934	 * above.  So, according to SPC, ignore the length.
4935	 */
4936	length = 0;
4937
4938	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4939	 && (length > 0)) {
4940		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4941		ctsio->kern_data_len = length;
4942		ctsio->kern_total_len = length;
4943		ctsio->kern_data_resid = 0;
4944		ctsio->kern_rel_offset = 0;
4945		ctsio->kern_sg_entries = 0;
4946		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4947		ctsio->be_move_done = ctl_config_move_done;
4948		ctl_datamove((union ctl_io *)ctsio);
4949
4950		return (CTL_RETVAL_COMPLETE);
4951	}
4952
4953	if (length > 0)
4954		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4955
4956	mtx_lock(&lun->lun_lock);
4957	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
4958		ctl_set_reservation_conflict(ctsio);
4959		goto bailout;
4960	}
4961
4962	lun->flags |= CTL_LUN_RESERVED;
4963	lun->res_idx = residx;
4964
4965	ctl_set_success(ctsio);
4966
4967bailout:
4968	mtx_unlock(&lun->lun_lock);
4969
4970	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4971		free(ctsio->kern_data_ptr, M_CTL);
4972		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4973	}
4974
4975	ctl_done((union ctl_io *)ctsio);
4976	return (CTL_RETVAL_COMPLETE);
4977}
4978
4979int
4980ctl_start_stop(struct ctl_scsiio *ctsio)
4981{
4982	struct scsi_start_stop_unit *cdb;
4983	struct ctl_lun *lun;
4984	int retval;
4985
4986	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
4987
4988	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4989	retval = 0;
4990
4991	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
4992
4993	/*
4994	 * XXX KDM
4995	 * We don't support the immediate bit on a stop unit.  In order to
4996	 * do that, we would need to code up a way to know that a stop is
4997	 * pending, and hold off any new commands until it completes, one
4998	 * way or another.  Then we could accept or reject those commands
4999	 * depending on its status.  We would almost need to do the reverse
5000	 * of what we do below for an immediate start -- return the copy of
5001	 * the ctl_io to the FETD with status to send to the host (and to
5002	 * free the copy!) and then free the original I/O once the stop
5003	 * actually completes.  That way, the OOA queue mechanism can work
5004	 * to block commands that shouldn't proceed.  Another alternative
5005	 * would be to put the copy in the queue in place of the original,
5006	 * and return the original back to the caller.  That could be
5007	 * slightly safer..
5008	 */
5009	if ((cdb->byte2 & SSS_IMMED)
5010	 && ((cdb->how & SSS_START) == 0)) {
5011		ctl_set_invalid_field(ctsio,
5012				      /*sks_valid*/ 1,
5013				      /*command*/ 1,
5014				      /*field*/ 1,
5015				      /*bit_valid*/ 1,
5016				      /*bit*/ 0);
5017		ctl_done((union ctl_io *)ctsio);
5018		return (CTL_RETVAL_COMPLETE);
5019	}
5020
5021	if ((lun->flags & CTL_LUN_PR_RESERVED)
5022	 && ((cdb->how & SSS_START)==0)) {
5023		uint32_t residx;
5024
5025		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5026		if (ctl_get_prkey(lun, residx) == 0
5027		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5028
5029			ctl_set_reservation_conflict(ctsio);
5030			ctl_done((union ctl_io *)ctsio);
5031			return (CTL_RETVAL_COMPLETE);
5032		}
5033	}
5034
5035	/*
5036	 * If there is no backend on this device, we can't start or stop
5037	 * it.  In theory we shouldn't get any start/stop commands in the
5038	 * first place at this level if the LUN doesn't have a backend.
5039	 * That should get stopped by the command decode code.
5040	 */
5041	if (lun->backend == NULL) {
5042		ctl_set_invalid_opcode(ctsio);
5043		ctl_done((union ctl_io *)ctsio);
5044		return (CTL_RETVAL_COMPLETE);
5045	}
5046
5047	/*
5048	 * XXX KDM Copan-specific offline behavior.
5049	 * Figure out a reasonable way to port this?
5050	 */
5051#ifdef NEEDTOPORT
5052	mtx_lock(&lun->lun_lock);
5053
5054	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5055	 && (lun->flags & CTL_LUN_OFFLINE)) {
5056		/*
5057		 * If the LUN is offline, and the on/offline bit isn't set,
5058		 * reject the start or stop.  Otherwise, let it through.
5059		 */
5060		mtx_unlock(&lun->lun_lock);
5061		ctl_set_lun_not_ready(ctsio);
5062		ctl_done((union ctl_io *)ctsio);
5063	} else {
5064		mtx_unlock(&lun->lun_lock);
5065#endif /* NEEDTOPORT */
5066		/*
5067		 * This could be a start or a stop when we're online,
5068		 * or a stop/offline or start/online.  A start or stop when
5069		 * we're offline is covered in the case above.
5070		 */
5071		/*
5072		 * In the non-immediate case, we send the request to
5073		 * the backend and return status to the user when
5074		 * it is done.
5075		 *
5076		 * In the immediate case, we allocate a new ctl_io
5077		 * to hold a copy of the request, and send that to
5078		 * the backend.  We then set good status on the
5079		 * user's request and return it immediately.
5080		 */
5081		if (cdb->byte2 & SSS_IMMED) {
5082			union ctl_io *new_io;
5083
5084			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5085			ctl_copy_io((union ctl_io *)ctsio, new_io);
5086			retval = lun->backend->config_write(new_io);
5087			ctl_set_success(ctsio);
5088			ctl_done((union ctl_io *)ctsio);
5089		} else {
5090			retval = lun->backend->config_write(
5091				(union ctl_io *)ctsio);
5092		}
5093#ifdef NEEDTOPORT
5094	}
5095#endif
5096	return (retval);
5097}
5098
5099/*
5100 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5101 * we don't really do anything with the LBA and length fields if the user
5102 * passes them in.  Instead we'll just flush out the cache for the entire
5103 * LUN.
5104 */
5105int
5106ctl_sync_cache(struct ctl_scsiio *ctsio)
5107{
5108	struct ctl_lun *lun;
5109	struct ctl_softc *softc;
5110	struct ctl_lba_len_flags *lbalen;
5111	uint64_t starting_lba;
5112	uint32_t block_count;
5113	int retval;
5114	uint8_t byte2;
5115
5116	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5117
5118	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5119	softc = lun->ctl_softc;
5120	retval = 0;
5121
5122	switch (ctsio->cdb[0]) {
5123	case SYNCHRONIZE_CACHE: {
5124		struct scsi_sync_cache *cdb;
5125		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5126
5127		starting_lba = scsi_4btoul(cdb->begin_lba);
5128		block_count = scsi_2btoul(cdb->lb_count);
5129		byte2 = cdb->byte2;
5130		break;
5131	}
5132	case SYNCHRONIZE_CACHE_16: {
5133		struct scsi_sync_cache_16 *cdb;
5134		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5135
5136		starting_lba = scsi_8btou64(cdb->begin_lba);
5137		block_count = scsi_4btoul(cdb->lb_count);
5138		byte2 = cdb->byte2;
5139		break;
5140	}
5141	default:
5142		ctl_set_invalid_opcode(ctsio);
5143		ctl_done((union ctl_io *)ctsio);
5144		goto bailout;
5145		break; /* NOTREACHED */
5146	}
5147
5148	/*
5149	 * We check the LBA and length, but don't do anything with them.
5150	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5151	 * get flushed.  This check will just help satisfy anyone who wants
5152	 * to see an error for an out of range LBA.
5153	 */
5154	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5155		ctl_set_lba_out_of_range(ctsio);
5156		ctl_done((union ctl_io *)ctsio);
5157		goto bailout;
5158	}
5159
5160	/*
5161	 * If this LUN has no backend, we can't flush the cache anyway.
5162	 */
5163	if (lun->backend == NULL) {
5164		ctl_set_invalid_opcode(ctsio);
5165		ctl_done((union ctl_io *)ctsio);
5166		goto bailout;
5167	}
5168
5169	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5170	lbalen->lba = starting_lba;
5171	lbalen->len = block_count;
5172	lbalen->flags = byte2;
5173
5174	/*
5175	 * Check to see whether we're configured to send the SYNCHRONIZE
5176	 * CACHE command directly to the back end.
5177	 */
5178	mtx_lock(&lun->lun_lock);
5179	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5180	 && (++(lun->sync_count) >= lun->sync_interval)) {
5181		lun->sync_count = 0;
5182		mtx_unlock(&lun->lun_lock);
5183		retval = lun->backend->config_write((union ctl_io *)ctsio);
5184	} else {
5185		mtx_unlock(&lun->lun_lock);
5186		ctl_set_success(ctsio);
5187		ctl_done((union ctl_io *)ctsio);
5188	}
5189
5190bailout:
5191
5192	return (retval);
5193}
5194
5195int
5196ctl_format(struct ctl_scsiio *ctsio)
5197{
5198	struct scsi_format *cdb;
5199	struct ctl_lun *lun;
5200	int length, defect_list_len;
5201
5202	CTL_DEBUG_PRINT(("ctl_format\n"));
5203
5204	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5205
5206	cdb = (struct scsi_format *)ctsio->cdb;
5207
5208	length = 0;
5209	if (cdb->byte2 & SF_FMTDATA) {
5210		if (cdb->byte2 & SF_LONGLIST)
5211			length = sizeof(struct scsi_format_header_long);
5212		else
5213			length = sizeof(struct scsi_format_header_short);
5214	}
5215
5216	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5217	 && (length > 0)) {
5218		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5219		ctsio->kern_data_len = length;
5220		ctsio->kern_total_len = length;
5221		ctsio->kern_data_resid = 0;
5222		ctsio->kern_rel_offset = 0;
5223		ctsio->kern_sg_entries = 0;
5224		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5225		ctsio->be_move_done = ctl_config_move_done;
5226		ctl_datamove((union ctl_io *)ctsio);
5227
5228		return (CTL_RETVAL_COMPLETE);
5229	}
5230
5231	defect_list_len = 0;
5232
5233	if (cdb->byte2 & SF_FMTDATA) {
5234		if (cdb->byte2 & SF_LONGLIST) {
5235			struct scsi_format_header_long *header;
5236
5237			header = (struct scsi_format_header_long *)
5238				ctsio->kern_data_ptr;
5239
5240			defect_list_len = scsi_4btoul(header->defect_list_len);
5241			if (defect_list_len != 0) {
5242				ctl_set_invalid_field(ctsio,
5243						      /*sks_valid*/ 1,
5244						      /*command*/ 0,
5245						      /*field*/ 2,
5246						      /*bit_valid*/ 0,
5247						      /*bit*/ 0);
5248				goto bailout;
5249			}
5250		} else {
5251			struct scsi_format_header_short *header;
5252
5253			header = (struct scsi_format_header_short *)
5254				ctsio->kern_data_ptr;
5255
5256			defect_list_len = scsi_2btoul(header->defect_list_len);
5257			if (defect_list_len != 0) {
5258				ctl_set_invalid_field(ctsio,
5259						      /*sks_valid*/ 1,
5260						      /*command*/ 0,
5261						      /*field*/ 2,
5262						      /*bit_valid*/ 0,
5263						      /*bit*/ 0);
5264				goto bailout;
5265			}
5266		}
5267	}
5268
5269	/*
5270	 * The format command will clear out the "Medium format corrupted"
5271	 * status if set by the configuration code.  That status is really
5272	 * just a way to notify the host that we have lost the media, and
5273	 * get them to issue a command that will basically make them think
5274	 * they're blowing away the media.
5275	 */
5276	mtx_lock(&lun->lun_lock);
5277	lun->flags &= ~CTL_LUN_INOPERABLE;
5278	mtx_unlock(&lun->lun_lock);
5279
5280	ctl_set_success(ctsio);
5281bailout:
5282
5283	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5284		free(ctsio->kern_data_ptr, M_CTL);
5285		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5286	}
5287
5288	ctl_done((union ctl_io *)ctsio);
5289	return (CTL_RETVAL_COMPLETE);
5290}
5291
5292int
5293ctl_read_buffer(struct ctl_scsiio *ctsio)
5294{
5295	struct scsi_read_buffer *cdb;
5296	struct ctl_lun *lun;
5297	int buffer_offset, len;
5298	static uint8_t descr[4];
5299	static uint8_t echo_descr[4] = { 0 };
5300
5301	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5302
5303	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5304	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5305
5306	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5307	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5308	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5309		ctl_set_invalid_field(ctsio,
5310				      /*sks_valid*/ 1,
5311				      /*command*/ 1,
5312				      /*field*/ 1,
5313				      /*bit_valid*/ 1,
5314				      /*bit*/ 4);
5315		ctl_done((union ctl_io *)ctsio);
5316		return (CTL_RETVAL_COMPLETE);
5317	}
5318
5319	len = scsi_3btoul(cdb->length);
5320	buffer_offset = scsi_3btoul(cdb->offset);
5321
5322	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5323		ctl_set_invalid_field(ctsio,
5324				      /*sks_valid*/ 1,
5325				      /*command*/ 1,
5326				      /*field*/ 6,
5327				      /*bit_valid*/ 0,
5328				      /*bit*/ 0);
5329		ctl_done((union ctl_io *)ctsio);
5330		return (CTL_RETVAL_COMPLETE);
5331	}
5332
5333	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5334		descr[0] = 0;
5335		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5336		ctsio->kern_data_ptr = descr;
5337		len = min(len, sizeof(descr));
5338	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5339		ctsio->kern_data_ptr = echo_descr;
5340		len = min(len, sizeof(echo_descr));
5341	} else {
5342		if (lun->write_buffer == NULL) {
5343			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5344			    M_CTL, M_WAITOK);
5345		}
5346		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5347	}
5348	ctsio->kern_data_len = len;
5349	ctsio->kern_total_len = len;
5350	ctsio->kern_data_resid = 0;
5351	ctsio->kern_rel_offset = 0;
5352	ctsio->kern_sg_entries = 0;
5353	ctl_set_success(ctsio);
5354	ctsio->be_move_done = ctl_config_move_done;
5355	ctl_datamove((union ctl_io *)ctsio);
5356	return (CTL_RETVAL_COMPLETE);
5357}
5358
5359int
5360ctl_write_buffer(struct ctl_scsiio *ctsio)
5361{
5362	struct scsi_write_buffer *cdb;
5363	struct ctl_lun *lun;
5364	int buffer_offset, len;
5365
5366	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5367
5368	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5369	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5370
5371	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5372		ctl_set_invalid_field(ctsio,
5373				      /*sks_valid*/ 1,
5374				      /*command*/ 1,
5375				      /*field*/ 1,
5376				      /*bit_valid*/ 1,
5377				      /*bit*/ 4);
5378		ctl_done((union ctl_io *)ctsio);
5379		return (CTL_RETVAL_COMPLETE);
5380	}
5381
5382	len = scsi_3btoul(cdb->length);
5383	buffer_offset = scsi_3btoul(cdb->offset);
5384
5385	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5386		ctl_set_invalid_field(ctsio,
5387				      /*sks_valid*/ 1,
5388				      /*command*/ 1,
5389				      /*field*/ 6,
5390				      /*bit_valid*/ 0,
5391				      /*bit*/ 0);
5392		ctl_done((union ctl_io *)ctsio);
5393		return (CTL_RETVAL_COMPLETE);
5394	}
5395
5396	/*
5397	 * If we've got a kernel request that hasn't been malloced yet,
5398	 * malloc it and tell the caller the data buffer is here.
5399	 */
5400	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5401		if (lun->write_buffer == NULL) {
5402			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5403			    M_CTL, M_WAITOK);
5404		}
5405		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5406		ctsio->kern_data_len = len;
5407		ctsio->kern_total_len = len;
5408		ctsio->kern_data_resid = 0;
5409		ctsio->kern_rel_offset = 0;
5410		ctsio->kern_sg_entries = 0;
5411		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5412		ctsio->be_move_done = ctl_config_move_done;
5413		ctl_datamove((union ctl_io *)ctsio);
5414
5415		return (CTL_RETVAL_COMPLETE);
5416	}
5417
5418	ctl_set_success(ctsio);
5419	ctl_done((union ctl_io *)ctsio);
5420	return (CTL_RETVAL_COMPLETE);
5421}
5422
5423int
5424ctl_write_same(struct ctl_scsiio *ctsio)
5425{
5426	struct ctl_lun *lun;
5427	struct ctl_lba_len_flags *lbalen;
5428	uint64_t lba;
5429	uint32_t num_blocks;
5430	int len, retval;
5431	uint8_t byte2;
5432
5433	retval = CTL_RETVAL_COMPLETE;
5434
5435	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5436
5437	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5438
5439	switch (ctsio->cdb[0]) {
5440	case WRITE_SAME_10: {
5441		struct scsi_write_same_10 *cdb;
5442
5443		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5444
5445		lba = scsi_4btoul(cdb->addr);
5446		num_blocks = scsi_2btoul(cdb->length);
5447		byte2 = cdb->byte2;
5448		break;
5449	}
5450	case WRITE_SAME_16: {
5451		struct scsi_write_same_16 *cdb;
5452
5453		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5454
5455		lba = scsi_8btou64(cdb->addr);
5456		num_blocks = scsi_4btoul(cdb->length);
5457		byte2 = cdb->byte2;
5458		break;
5459	}
5460	default:
5461		/*
5462		 * We got a command we don't support.  This shouldn't
5463		 * happen, commands should be filtered out above us.
5464		 */
5465		ctl_set_invalid_opcode(ctsio);
5466		ctl_done((union ctl_io *)ctsio);
5467
5468		return (CTL_RETVAL_COMPLETE);
5469		break; /* NOTREACHED */
5470	}
5471
5472	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5473	if ((byte2 & SWS_UNMAP) == 0 &&
5474	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5475		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5476		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5477		ctl_done((union ctl_io *)ctsio);
5478		return (CTL_RETVAL_COMPLETE);
5479	}
5480
5481	/*
5482	 * The first check is to make sure we're in bounds, the second
5483	 * check is to catch wrap-around problems.  If the lba + num blocks
5484	 * is less than the lba, then we've wrapped around and the block
5485	 * range is invalid anyway.
5486	 */
5487	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5488	 || ((lba + num_blocks) < lba)) {
5489		ctl_set_lba_out_of_range(ctsio);
5490		ctl_done((union ctl_io *)ctsio);
5491		return (CTL_RETVAL_COMPLETE);
5492	}
5493
5494	/* Zero number of blocks means "to the last logical block" */
5495	if (num_blocks == 0) {
5496		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5497			ctl_set_invalid_field(ctsio,
5498					      /*sks_valid*/ 0,
5499					      /*command*/ 1,
5500					      /*field*/ 0,
5501					      /*bit_valid*/ 0,
5502					      /*bit*/ 0);
5503			ctl_done((union ctl_io *)ctsio);
5504			return (CTL_RETVAL_COMPLETE);
5505		}
5506		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5507	}
5508
5509	len = lun->be_lun->blocksize;
5510
5511	/*
5512	 * If we've got a kernel request that hasn't been malloced yet,
5513	 * malloc it and tell the caller the data buffer is here.
5514	 */
5515	if ((byte2 & SWS_NDOB) == 0 &&
5516	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5517		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5518		ctsio->kern_data_len = len;
5519		ctsio->kern_total_len = len;
5520		ctsio->kern_data_resid = 0;
5521		ctsio->kern_rel_offset = 0;
5522		ctsio->kern_sg_entries = 0;
5523		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5524		ctsio->be_move_done = ctl_config_move_done;
5525		ctl_datamove((union ctl_io *)ctsio);
5526
5527		return (CTL_RETVAL_COMPLETE);
5528	}
5529
5530	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5531	lbalen->lba = lba;
5532	lbalen->len = num_blocks;
5533	lbalen->flags = byte2;
5534	retval = lun->backend->config_write((union ctl_io *)ctsio);
5535
5536	return (retval);
5537}
5538
5539int
5540ctl_unmap(struct ctl_scsiio *ctsio)
5541{
5542	struct ctl_lun *lun;
5543	struct scsi_unmap *cdb;
5544	struct ctl_ptr_len_flags *ptrlen;
5545	struct scsi_unmap_header *hdr;
5546	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5547	uint64_t lba;
5548	uint32_t num_blocks;
5549	int len, retval;
5550	uint8_t byte2;
5551
5552	retval = CTL_RETVAL_COMPLETE;
5553
5554	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5555
5556	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5557	cdb = (struct scsi_unmap *)ctsio->cdb;
5558
5559	len = scsi_2btoul(cdb->length);
5560	byte2 = cdb->byte2;
5561
5562	/*
5563	 * If we've got a kernel request that hasn't been malloced yet,
5564	 * malloc it and tell the caller the data buffer is here.
5565	 */
5566	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5567		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5568		ctsio->kern_data_len = len;
5569		ctsio->kern_total_len = len;
5570		ctsio->kern_data_resid = 0;
5571		ctsio->kern_rel_offset = 0;
5572		ctsio->kern_sg_entries = 0;
5573		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5574		ctsio->be_move_done = ctl_config_move_done;
5575		ctl_datamove((union ctl_io *)ctsio);
5576
5577		return (CTL_RETVAL_COMPLETE);
5578	}
5579
5580	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5581	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5582	if (len < sizeof (*hdr) ||
5583	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5584	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5585	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5586		ctl_set_invalid_field(ctsio,
5587				      /*sks_valid*/ 0,
5588				      /*command*/ 0,
5589				      /*field*/ 0,
5590				      /*bit_valid*/ 0,
5591				      /*bit*/ 0);
5592		goto done;
5593	}
5594	len = scsi_2btoul(hdr->desc_length);
5595	buf = (struct scsi_unmap_desc *)(hdr + 1);
5596	end = buf + len / sizeof(*buf);
5597
5598	endnz = buf;
5599	for (range = buf; range < end; range++) {
5600		lba = scsi_8btou64(range->lba);
5601		num_blocks = scsi_4btoul(range->length);
5602		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5603		 || ((lba + num_blocks) < lba)) {
5604			ctl_set_lba_out_of_range(ctsio);
5605			ctl_done((union ctl_io *)ctsio);
5606			return (CTL_RETVAL_COMPLETE);
5607		}
5608		if (num_blocks != 0)
5609			endnz = range + 1;
5610	}
5611
5612	/*
5613	 * Block backend can not handle zero last range.
5614	 * Filter it out and return if there is nothing left.
5615	 */
5616	len = (uint8_t *)endnz - (uint8_t *)buf;
5617	if (len == 0) {
5618		ctl_set_success(ctsio);
5619		goto done;
5620	}
5621
5622	mtx_lock(&lun->lun_lock);
5623	ptrlen = (struct ctl_ptr_len_flags *)
5624	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5625	ptrlen->ptr = (void *)buf;
5626	ptrlen->len = len;
5627	ptrlen->flags = byte2;
5628	ctl_check_blocked(lun);
5629	mtx_unlock(&lun->lun_lock);
5630
5631	retval = lun->backend->config_write((union ctl_io *)ctsio);
5632	return (retval);
5633
5634done:
5635	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5636		free(ctsio->kern_data_ptr, M_CTL);
5637		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5638	}
5639	ctl_done((union ctl_io *)ctsio);
5640	return (CTL_RETVAL_COMPLETE);
5641}
5642
5643/*
5644 * Note that this function currently doesn't actually do anything inside
5645 * CTL to enforce things if the DQue bit is turned on.
5646 *
5647 * Also note that this function can't be used in the default case, because
5648 * the DQue bit isn't set in the changeable mask for the control mode page
5649 * anyway.  This is just here as an example for how to implement a page
5650 * handler, and a placeholder in case we want to allow the user to turn
5651 * tagged queueing on and off.
5652 *
5653 * The D_SENSE bit handling is functional, however, and will turn
5654 * descriptor sense on and off for a given LUN.
5655 */
5656int
5657ctl_control_page_handler(struct ctl_scsiio *ctsio,
5658			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5659{
5660	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5661	struct ctl_lun *lun;
5662	int set_ua;
5663	uint32_t initidx;
5664
5665	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5666	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5667	set_ua = 0;
5668
5669	user_cp = (struct scsi_control_page *)page_ptr;
5670	current_cp = (struct scsi_control_page *)
5671		(page_index->page_data + (page_index->page_len *
5672		CTL_PAGE_CURRENT));
5673	saved_cp = (struct scsi_control_page *)
5674		(page_index->page_data + (page_index->page_len *
5675		CTL_PAGE_SAVED));
5676
5677	mtx_lock(&lun->lun_lock);
5678	if (((current_cp->rlec & SCP_DSENSE) == 0)
5679	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5680		/*
5681		 * Descriptor sense is currently turned off and the user
5682		 * wants to turn it on.
5683		 */
5684		current_cp->rlec |= SCP_DSENSE;
5685		saved_cp->rlec |= SCP_DSENSE;
5686		lun->flags |= CTL_LUN_SENSE_DESC;
5687		set_ua = 1;
5688	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5689		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5690		/*
5691		 * Descriptor sense is currently turned on, and the user
5692		 * wants to turn it off.
5693		 */
5694		current_cp->rlec &= ~SCP_DSENSE;
5695		saved_cp->rlec &= ~SCP_DSENSE;
5696		lun->flags &= ~CTL_LUN_SENSE_DESC;
5697		set_ua = 1;
5698	}
5699	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5700	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5701		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5702		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5703		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5704		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5705		set_ua = 1;
5706	}
5707	if ((current_cp->eca_and_aen & SCP_SWP) !=
5708	    (user_cp->eca_and_aen & SCP_SWP)) {
5709		current_cp->eca_and_aen &= ~SCP_SWP;
5710		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5711		saved_cp->eca_and_aen &= ~SCP_SWP;
5712		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5713		set_ua = 1;
5714	}
5715	if (set_ua != 0)
5716		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5717	mtx_unlock(&lun->lun_lock);
5718
5719	return (0);
5720}
5721
5722int
5723ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5724		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5725{
5726	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5727	struct ctl_lun *lun;
5728	int set_ua;
5729	uint32_t initidx;
5730
5731	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5732	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5733	set_ua = 0;
5734
5735	user_cp = (struct scsi_caching_page *)page_ptr;
5736	current_cp = (struct scsi_caching_page *)
5737		(page_index->page_data + (page_index->page_len *
5738		CTL_PAGE_CURRENT));
5739	saved_cp = (struct scsi_caching_page *)
5740		(page_index->page_data + (page_index->page_len *
5741		CTL_PAGE_SAVED));
5742
5743	mtx_lock(&lun->lun_lock);
5744	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5745	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5746		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5747		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5748		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5749		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5750		set_ua = 1;
5751	}
5752	if (set_ua != 0)
5753		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5754	mtx_unlock(&lun->lun_lock);
5755
5756	return (0);
5757}
5758
5759int
5760ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5761				struct ctl_page_index *page_index,
5762				uint8_t *page_ptr)
5763{
5764	uint8_t *c;
5765	int i;
5766
5767	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5768	ctl_time_io_secs =
5769		(c[0] << 8) |
5770		(c[1] << 0) |
5771		0;
5772	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5773	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5774	printf("page data:");
5775	for (i=0; i<8; i++)
5776		printf(" %.2x",page_ptr[i]);
5777	printf("\n");
5778	return (0);
5779}
5780
5781int
5782ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5783			       struct ctl_page_index *page_index,
5784			       int pc)
5785{
5786	struct copan_debugconf_subpage *page;
5787
5788	page = (struct copan_debugconf_subpage *)page_index->page_data +
5789		(page_index->page_len * pc);
5790
5791	switch (pc) {
5792	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5793	case SMS_PAGE_CTRL_DEFAULT >> 6:
5794	case SMS_PAGE_CTRL_SAVED >> 6:
5795		/*
5796		 * We don't update the changable or default bits for this page.
5797		 */
5798		break;
5799	case SMS_PAGE_CTRL_CURRENT >> 6:
5800		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5801		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5802		break;
5803	default:
5804#ifdef NEEDTOPORT
5805		EPRINT(0, "Invalid PC %d!!", pc);
5806#endif /* NEEDTOPORT */
5807		break;
5808	}
5809	return (0);
5810}
5811
5812
5813static int
5814ctl_do_mode_select(union ctl_io *io)
5815{
5816	struct scsi_mode_page_header *page_header;
5817	struct ctl_page_index *page_index;
5818	struct ctl_scsiio *ctsio;
5819	int control_dev, page_len;
5820	int page_len_offset, page_len_size;
5821	union ctl_modepage_info *modepage_info;
5822	struct ctl_lun *lun;
5823	int *len_left, *len_used;
5824	int retval, i;
5825
5826	ctsio = &io->scsiio;
5827	page_index = NULL;
5828	page_len = 0;
5829	retval = CTL_RETVAL_COMPLETE;
5830
5831	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5832
5833	if (lun->be_lun->lun_type != T_DIRECT)
5834		control_dev = 1;
5835	else
5836		control_dev = 0;
5837
5838	modepage_info = (union ctl_modepage_info *)
5839		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5840	len_left = &modepage_info->header.len_left;
5841	len_used = &modepage_info->header.len_used;
5842
5843do_next_page:
5844
5845	page_header = (struct scsi_mode_page_header *)
5846		(ctsio->kern_data_ptr + *len_used);
5847
5848	if (*len_left == 0) {
5849		free(ctsio->kern_data_ptr, M_CTL);
5850		ctl_set_success(ctsio);
5851		ctl_done((union ctl_io *)ctsio);
5852		return (CTL_RETVAL_COMPLETE);
5853	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5854
5855		free(ctsio->kern_data_ptr, M_CTL);
5856		ctl_set_param_len_error(ctsio);
5857		ctl_done((union ctl_io *)ctsio);
5858		return (CTL_RETVAL_COMPLETE);
5859
5860	} else if ((page_header->page_code & SMPH_SPF)
5861		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5862
5863		free(ctsio->kern_data_ptr, M_CTL);
5864		ctl_set_param_len_error(ctsio);
5865		ctl_done((union ctl_io *)ctsio);
5866		return (CTL_RETVAL_COMPLETE);
5867	}
5868
5869
5870	/*
5871	 * XXX KDM should we do something with the block descriptor?
5872	 */
5873	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5874
5875		if ((control_dev != 0)
5876		 && (lun->mode_pages.index[i].page_flags &
5877		     CTL_PAGE_FLAG_DISK_ONLY))
5878			continue;
5879
5880		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5881		    (page_header->page_code & SMPH_PC_MASK))
5882			continue;
5883
5884		/*
5885		 * If neither page has a subpage code, then we've got a
5886		 * match.
5887		 */
5888		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5889		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5890			page_index = &lun->mode_pages.index[i];
5891			page_len = page_header->page_length;
5892			break;
5893		}
5894
5895		/*
5896		 * If both pages have subpages, then the subpage numbers
5897		 * have to match.
5898		 */
5899		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5900		  && (page_header->page_code & SMPH_SPF)) {
5901			struct scsi_mode_page_header_sp *sph;
5902
5903			sph = (struct scsi_mode_page_header_sp *)page_header;
5904
5905			if (lun->mode_pages.index[i].subpage ==
5906			    sph->subpage) {
5907				page_index = &lun->mode_pages.index[i];
5908				page_len = scsi_2btoul(sph->page_length);
5909				break;
5910			}
5911		}
5912	}
5913
5914	/*
5915	 * If we couldn't find the page, or if we don't have a mode select
5916	 * handler for it, send back an error to the user.
5917	 */
5918	if ((page_index == NULL)
5919	 || (page_index->select_handler == NULL)) {
5920		ctl_set_invalid_field(ctsio,
5921				      /*sks_valid*/ 1,
5922				      /*command*/ 0,
5923				      /*field*/ *len_used,
5924				      /*bit_valid*/ 0,
5925				      /*bit*/ 0);
5926		free(ctsio->kern_data_ptr, M_CTL);
5927		ctl_done((union ctl_io *)ctsio);
5928		return (CTL_RETVAL_COMPLETE);
5929	}
5930
5931	if (page_index->page_code & SMPH_SPF) {
5932		page_len_offset = 2;
5933		page_len_size = 2;
5934	} else {
5935		page_len_size = 1;
5936		page_len_offset = 1;
5937	}
5938
5939	/*
5940	 * If the length the initiator gives us isn't the one we specify in
5941	 * the mode page header, or if they didn't specify enough data in
5942	 * the CDB to avoid truncating this page, kick out the request.
5943	 */
5944	if ((page_len != (page_index->page_len - page_len_offset -
5945			  page_len_size))
5946	 || (*len_left < page_index->page_len)) {
5947
5948
5949		ctl_set_invalid_field(ctsio,
5950				      /*sks_valid*/ 1,
5951				      /*command*/ 0,
5952				      /*field*/ *len_used + page_len_offset,
5953				      /*bit_valid*/ 0,
5954				      /*bit*/ 0);
5955		free(ctsio->kern_data_ptr, M_CTL);
5956		ctl_done((union ctl_io *)ctsio);
5957		return (CTL_RETVAL_COMPLETE);
5958	}
5959
5960	/*
5961	 * Run through the mode page, checking to make sure that the bits
5962	 * the user changed are actually legal for him to change.
5963	 */
5964	for (i = 0; i < page_index->page_len; i++) {
5965		uint8_t *user_byte, *change_mask, *current_byte;
5966		int bad_bit;
5967		int j;
5968
5969		user_byte = (uint8_t *)page_header + i;
5970		change_mask = page_index->page_data +
5971			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
5972		current_byte = page_index->page_data +
5973			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
5974
5975		/*
5976		 * Check to see whether the user set any bits in this byte
5977		 * that he is not allowed to set.
5978		 */
5979		if ((*user_byte & ~(*change_mask)) ==
5980		    (*current_byte & ~(*change_mask)))
5981			continue;
5982
5983		/*
5984		 * Go through bit by bit to determine which one is illegal.
5985		 */
5986		bad_bit = 0;
5987		for (j = 7; j >= 0; j--) {
5988			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
5989			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
5990				bad_bit = i;
5991				break;
5992			}
5993		}
5994		ctl_set_invalid_field(ctsio,
5995				      /*sks_valid*/ 1,
5996				      /*command*/ 0,
5997				      /*field*/ *len_used + i,
5998				      /*bit_valid*/ 1,
5999				      /*bit*/ bad_bit);
6000		free(ctsio->kern_data_ptr, M_CTL);
6001		ctl_done((union ctl_io *)ctsio);
6002		return (CTL_RETVAL_COMPLETE);
6003	}
6004
6005	/*
6006	 * Decrement these before we call the page handler, since we may
6007	 * end up getting called back one way or another before the handler
6008	 * returns to this context.
6009	 */
6010	*len_left -= page_index->page_len;
6011	*len_used += page_index->page_len;
6012
6013	retval = page_index->select_handler(ctsio, page_index,
6014					    (uint8_t *)page_header);
6015
6016	/*
6017	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6018	 * wait until this queued command completes to finish processing
6019	 * the mode page.  If it returns anything other than
6020	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6021	 * already set the sense information, freed the data pointer, and
6022	 * completed the io for us.
6023	 */
6024	if (retval != CTL_RETVAL_COMPLETE)
6025		goto bailout_no_done;
6026
6027	/*
6028	 * If the initiator sent us more than one page, parse the next one.
6029	 */
6030	if (*len_left > 0)
6031		goto do_next_page;
6032
6033	ctl_set_success(ctsio);
6034	free(ctsio->kern_data_ptr, M_CTL);
6035	ctl_done((union ctl_io *)ctsio);
6036
6037bailout_no_done:
6038
6039	return (CTL_RETVAL_COMPLETE);
6040
6041}
6042
6043int
6044ctl_mode_select(struct ctl_scsiio *ctsio)
6045{
6046	int param_len, pf, sp;
6047	int header_size, bd_len;
6048	int len_left, len_used;
6049	struct ctl_page_index *page_index;
6050	struct ctl_lun *lun;
6051	int control_dev, page_len;
6052	union ctl_modepage_info *modepage_info;
6053	int retval;
6054
6055	pf = 0;
6056	sp = 0;
6057	page_len = 0;
6058	len_used = 0;
6059	len_left = 0;
6060	retval = 0;
6061	bd_len = 0;
6062	page_index = NULL;
6063
6064	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6065
6066	if (lun->be_lun->lun_type != T_DIRECT)
6067		control_dev = 1;
6068	else
6069		control_dev = 0;
6070
6071	switch (ctsio->cdb[0]) {
6072	case MODE_SELECT_6: {
6073		struct scsi_mode_select_6 *cdb;
6074
6075		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6076
6077		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6078		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6079
6080		param_len = cdb->length;
6081		header_size = sizeof(struct scsi_mode_header_6);
6082		break;
6083	}
6084	case MODE_SELECT_10: {
6085		struct scsi_mode_select_10 *cdb;
6086
6087		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6088
6089		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6090		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6091
6092		param_len = scsi_2btoul(cdb->length);
6093		header_size = sizeof(struct scsi_mode_header_10);
6094		break;
6095	}
6096	default:
6097		ctl_set_invalid_opcode(ctsio);
6098		ctl_done((union ctl_io *)ctsio);
6099		return (CTL_RETVAL_COMPLETE);
6100		break; /* NOTREACHED */
6101	}
6102
6103	/*
6104	 * From SPC-3:
6105	 * "A parameter list length of zero indicates that the Data-Out Buffer
6106	 * shall be empty. This condition shall not be considered as an error."
6107	 */
6108	if (param_len == 0) {
6109		ctl_set_success(ctsio);
6110		ctl_done((union ctl_io *)ctsio);
6111		return (CTL_RETVAL_COMPLETE);
6112	}
6113
6114	/*
6115	 * Since we'll hit this the first time through, prior to
6116	 * allocation, we don't need to free a data buffer here.
6117	 */
6118	if (param_len < header_size) {
6119		ctl_set_param_len_error(ctsio);
6120		ctl_done((union ctl_io *)ctsio);
6121		return (CTL_RETVAL_COMPLETE);
6122	}
6123
6124	/*
6125	 * Allocate the data buffer and grab the user's data.  In theory,
6126	 * we shouldn't have to sanity check the parameter list length here
6127	 * because the maximum size is 64K.  We should be able to malloc
6128	 * that much without too many problems.
6129	 */
6130	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6131		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6132		ctsio->kern_data_len = param_len;
6133		ctsio->kern_total_len = param_len;
6134		ctsio->kern_data_resid = 0;
6135		ctsio->kern_rel_offset = 0;
6136		ctsio->kern_sg_entries = 0;
6137		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6138		ctsio->be_move_done = ctl_config_move_done;
6139		ctl_datamove((union ctl_io *)ctsio);
6140
6141		return (CTL_RETVAL_COMPLETE);
6142	}
6143
6144	switch (ctsio->cdb[0]) {
6145	case MODE_SELECT_6: {
6146		struct scsi_mode_header_6 *mh6;
6147
6148		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6149		bd_len = mh6->blk_desc_len;
6150		break;
6151	}
6152	case MODE_SELECT_10: {
6153		struct scsi_mode_header_10 *mh10;
6154
6155		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6156		bd_len = scsi_2btoul(mh10->blk_desc_len);
6157		break;
6158	}
6159	default:
6160		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6161		break;
6162	}
6163
6164	if (param_len < (header_size + bd_len)) {
6165		free(ctsio->kern_data_ptr, M_CTL);
6166		ctl_set_param_len_error(ctsio);
6167		ctl_done((union ctl_io *)ctsio);
6168		return (CTL_RETVAL_COMPLETE);
6169	}
6170
6171	/*
6172	 * Set the IO_CONT flag, so that if this I/O gets passed to
6173	 * ctl_config_write_done(), it'll get passed back to
6174	 * ctl_do_mode_select() for further processing, or completion if
6175	 * we're all done.
6176	 */
6177	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6178	ctsio->io_cont = ctl_do_mode_select;
6179
6180	modepage_info = (union ctl_modepage_info *)
6181		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6182
6183	memset(modepage_info, 0, sizeof(*modepage_info));
6184
6185	len_left = param_len - header_size - bd_len;
6186	len_used = header_size + bd_len;
6187
6188	modepage_info->header.len_left = len_left;
6189	modepage_info->header.len_used = len_used;
6190
6191	return (ctl_do_mode_select((union ctl_io *)ctsio));
6192}
6193
6194int
6195ctl_mode_sense(struct ctl_scsiio *ctsio)
6196{
6197	struct ctl_lun *lun;
6198	int pc, page_code, dbd, llba, subpage;
6199	int alloc_len, page_len, header_len, total_len;
6200	struct scsi_mode_block_descr *block_desc;
6201	struct ctl_page_index *page_index;
6202	int control_dev;
6203
6204	dbd = 0;
6205	llba = 0;
6206	block_desc = NULL;
6207	page_index = NULL;
6208
6209	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6210
6211	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6212
6213	if (lun->be_lun->lun_type != T_DIRECT)
6214		control_dev = 1;
6215	else
6216		control_dev = 0;
6217
6218	switch (ctsio->cdb[0]) {
6219	case MODE_SENSE_6: {
6220		struct scsi_mode_sense_6 *cdb;
6221
6222		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6223
6224		header_len = sizeof(struct scsi_mode_hdr_6);
6225		if (cdb->byte2 & SMS_DBD)
6226			dbd = 1;
6227		else
6228			header_len += sizeof(struct scsi_mode_block_descr);
6229
6230		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6231		page_code = cdb->page & SMS_PAGE_CODE;
6232		subpage = cdb->subpage;
6233		alloc_len = cdb->length;
6234		break;
6235	}
6236	case MODE_SENSE_10: {
6237		struct scsi_mode_sense_10 *cdb;
6238
6239		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6240
6241		header_len = sizeof(struct scsi_mode_hdr_10);
6242
6243		if (cdb->byte2 & SMS_DBD)
6244			dbd = 1;
6245		else
6246			header_len += sizeof(struct scsi_mode_block_descr);
6247		if (cdb->byte2 & SMS10_LLBAA)
6248			llba = 1;
6249		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6250		page_code = cdb->page & SMS_PAGE_CODE;
6251		subpage = cdb->subpage;
6252		alloc_len = scsi_2btoul(cdb->length);
6253		break;
6254	}
6255	default:
6256		ctl_set_invalid_opcode(ctsio);
6257		ctl_done((union ctl_io *)ctsio);
6258		return (CTL_RETVAL_COMPLETE);
6259		break; /* NOTREACHED */
6260	}
6261
6262	/*
6263	 * We have to make a first pass through to calculate the size of
6264	 * the pages that match the user's query.  Then we allocate enough
6265	 * memory to hold it, and actually copy the data into the buffer.
6266	 */
6267	switch (page_code) {
6268	case SMS_ALL_PAGES_PAGE: {
6269		int i;
6270
6271		page_len = 0;
6272
6273		/*
6274		 * At the moment, values other than 0 and 0xff here are
6275		 * reserved according to SPC-3.
6276		 */
6277		if ((subpage != SMS_SUBPAGE_PAGE_0)
6278		 && (subpage != SMS_SUBPAGE_ALL)) {
6279			ctl_set_invalid_field(ctsio,
6280					      /*sks_valid*/ 1,
6281					      /*command*/ 1,
6282					      /*field*/ 3,
6283					      /*bit_valid*/ 0,
6284					      /*bit*/ 0);
6285			ctl_done((union ctl_io *)ctsio);
6286			return (CTL_RETVAL_COMPLETE);
6287		}
6288
6289		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6290			if ((control_dev != 0)
6291			 && (lun->mode_pages.index[i].page_flags &
6292			     CTL_PAGE_FLAG_DISK_ONLY))
6293				continue;
6294
6295			/*
6296			 * We don't use this subpage if the user didn't
6297			 * request all subpages.
6298			 */
6299			if ((lun->mode_pages.index[i].subpage != 0)
6300			 && (subpage == SMS_SUBPAGE_PAGE_0))
6301				continue;
6302
6303#if 0
6304			printf("found page %#x len %d\n",
6305			       lun->mode_pages.index[i].page_code &
6306			       SMPH_PC_MASK,
6307			       lun->mode_pages.index[i].page_len);
6308#endif
6309			page_len += lun->mode_pages.index[i].page_len;
6310		}
6311		break;
6312	}
6313	default: {
6314		int i;
6315
6316		page_len = 0;
6317
6318		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6319			/* Look for the right page code */
6320			if ((lun->mode_pages.index[i].page_code &
6321			     SMPH_PC_MASK) != page_code)
6322				continue;
6323
6324			/* Look for the right subpage or the subpage wildcard*/
6325			if ((lun->mode_pages.index[i].subpage != subpage)
6326			 && (subpage != SMS_SUBPAGE_ALL))
6327				continue;
6328
6329			/* Make sure the page is supported for this dev type */
6330			if ((control_dev != 0)
6331			 && (lun->mode_pages.index[i].page_flags &
6332			     CTL_PAGE_FLAG_DISK_ONLY))
6333				continue;
6334
6335#if 0
6336			printf("found page %#x len %d\n",
6337			       lun->mode_pages.index[i].page_code &
6338			       SMPH_PC_MASK,
6339			       lun->mode_pages.index[i].page_len);
6340#endif
6341
6342			page_len += lun->mode_pages.index[i].page_len;
6343		}
6344
6345		if (page_len == 0) {
6346			ctl_set_invalid_field(ctsio,
6347					      /*sks_valid*/ 1,
6348					      /*command*/ 1,
6349					      /*field*/ 2,
6350					      /*bit_valid*/ 1,
6351					      /*bit*/ 5);
6352			ctl_done((union ctl_io *)ctsio);
6353			return (CTL_RETVAL_COMPLETE);
6354		}
6355		break;
6356	}
6357	}
6358
6359	total_len = header_len + page_len;
6360#if 0
6361	printf("header_len = %d, page_len = %d, total_len = %d\n",
6362	       header_len, page_len, total_len);
6363#endif
6364
6365	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6366	ctsio->kern_sg_entries = 0;
6367	ctsio->kern_data_resid = 0;
6368	ctsio->kern_rel_offset = 0;
6369	if (total_len < alloc_len) {
6370		ctsio->residual = alloc_len - total_len;
6371		ctsio->kern_data_len = total_len;
6372		ctsio->kern_total_len = total_len;
6373	} else {
6374		ctsio->residual = 0;
6375		ctsio->kern_data_len = alloc_len;
6376		ctsio->kern_total_len = alloc_len;
6377	}
6378
6379	switch (ctsio->cdb[0]) {
6380	case MODE_SENSE_6: {
6381		struct scsi_mode_hdr_6 *header;
6382
6383		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6384
6385		header->datalen = MIN(total_len - 1, 254);
6386		if (control_dev == 0) {
6387			header->dev_specific = 0x10; /* DPOFUA */
6388			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6389			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6390			    .eca_and_aen & SCP_SWP) != 0)
6391				    header->dev_specific |= 0x80; /* WP */
6392		}
6393		if (dbd)
6394			header->block_descr_len = 0;
6395		else
6396			header->block_descr_len =
6397				sizeof(struct scsi_mode_block_descr);
6398		block_desc = (struct scsi_mode_block_descr *)&header[1];
6399		break;
6400	}
6401	case MODE_SENSE_10: {
6402		struct scsi_mode_hdr_10 *header;
6403		int datalen;
6404
6405		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6406
6407		datalen = MIN(total_len - 2, 65533);
6408		scsi_ulto2b(datalen, header->datalen);
6409		if (control_dev == 0) {
6410			header->dev_specific = 0x10; /* DPOFUA */
6411			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6412			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6413			    .eca_and_aen & SCP_SWP) != 0)
6414				    header->dev_specific |= 0x80; /* WP */
6415		}
6416		if (dbd)
6417			scsi_ulto2b(0, header->block_descr_len);
6418		else
6419			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6420				    header->block_descr_len);
6421		block_desc = (struct scsi_mode_block_descr *)&header[1];
6422		break;
6423	}
6424	default:
6425		panic("invalid CDB type %#x", ctsio->cdb[0]);
6426		break; /* NOTREACHED */
6427	}
6428
6429	/*
6430	 * If we've got a disk, use its blocksize in the block
6431	 * descriptor.  Otherwise, just set it to 0.
6432	 */
6433	if (dbd == 0) {
6434		if (control_dev == 0)
6435			scsi_ulto3b(lun->be_lun->blocksize,
6436				    block_desc->block_len);
6437		else
6438			scsi_ulto3b(0, block_desc->block_len);
6439	}
6440
6441	switch (page_code) {
6442	case SMS_ALL_PAGES_PAGE: {
6443		int i, data_used;
6444
6445		data_used = header_len;
6446		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6447			struct ctl_page_index *page_index;
6448
6449			page_index = &lun->mode_pages.index[i];
6450
6451			if ((control_dev != 0)
6452			 && (page_index->page_flags &
6453			    CTL_PAGE_FLAG_DISK_ONLY))
6454				continue;
6455
6456			/*
6457			 * We don't use this subpage if the user didn't
6458			 * request all subpages.  We already checked (above)
6459			 * to make sure the user only specified a subpage
6460			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6461			 */
6462			if ((page_index->subpage != 0)
6463			 && (subpage == SMS_SUBPAGE_PAGE_0))
6464				continue;
6465
6466			/*
6467			 * Call the handler, if it exists, to update the
6468			 * page to the latest values.
6469			 */
6470			if (page_index->sense_handler != NULL)
6471				page_index->sense_handler(ctsio, page_index,pc);
6472
6473			memcpy(ctsio->kern_data_ptr + data_used,
6474			       page_index->page_data +
6475			       (page_index->page_len * pc),
6476			       page_index->page_len);
6477			data_used += page_index->page_len;
6478		}
6479		break;
6480	}
6481	default: {
6482		int i, data_used;
6483
6484		data_used = header_len;
6485
6486		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6487			struct ctl_page_index *page_index;
6488
6489			page_index = &lun->mode_pages.index[i];
6490
6491			/* Look for the right page code */
6492			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6493				continue;
6494
6495			/* Look for the right subpage or the subpage wildcard*/
6496			if ((page_index->subpage != subpage)
6497			 && (subpage != SMS_SUBPAGE_ALL))
6498				continue;
6499
6500			/* Make sure the page is supported for this dev type */
6501			if ((control_dev != 0)
6502			 && (page_index->page_flags &
6503			     CTL_PAGE_FLAG_DISK_ONLY))
6504				continue;
6505
6506			/*
6507			 * Call the handler, if it exists, to update the
6508			 * page to the latest values.
6509			 */
6510			if (page_index->sense_handler != NULL)
6511				page_index->sense_handler(ctsio, page_index,pc);
6512
6513			memcpy(ctsio->kern_data_ptr + data_used,
6514			       page_index->page_data +
6515			       (page_index->page_len * pc),
6516			       page_index->page_len);
6517			data_used += page_index->page_len;
6518		}
6519		break;
6520	}
6521	}
6522
6523	ctl_set_success(ctsio);
6524	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6525	ctsio->be_move_done = ctl_config_move_done;
6526	ctl_datamove((union ctl_io *)ctsio);
6527	return (CTL_RETVAL_COMPLETE);
6528}
6529
6530int
6531ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6532			       struct ctl_page_index *page_index,
6533			       int pc)
6534{
6535	struct ctl_lun *lun;
6536	struct scsi_log_param_header *phdr;
6537	uint8_t *data;
6538	uint64_t val;
6539
6540	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6541	data = page_index->page_data;
6542
6543	if (lun->backend->lun_attr != NULL &&
6544	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6545	     != UINT64_MAX) {
6546		phdr = (struct scsi_log_param_header *)data;
6547		scsi_ulto2b(0x0001, phdr->param_code);
6548		phdr->param_control = SLP_LBIN | SLP_LP;
6549		phdr->param_len = 8;
6550		data = (uint8_t *)(phdr + 1);
6551		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6552		data[4] = 0x02; /* per-pool */
6553		data += phdr->param_len;
6554	}
6555
6556	if (lun->backend->lun_attr != NULL &&
6557	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6558	     != UINT64_MAX) {
6559		phdr = (struct scsi_log_param_header *)data;
6560		scsi_ulto2b(0x0002, phdr->param_code);
6561		phdr->param_control = SLP_LBIN | SLP_LP;
6562		phdr->param_len = 8;
6563		data = (uint8_t *)(phdr + 1);
6564		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6565		data[4] = 0x01; /* per-LUN */
6566		data += phdr->param_len;
6567	}
6568
6569	if (lun->backend->lun_attr != NULL &&
6570	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6571	     != UINT64_MAX) {
6572		phdr = (struct scsi_log_param_header *)data;
6573		scsi_ulto2b(0x00f1, phdr->param_code);
6574		phdr->param_control = SLP_LBIN | SLP_LP;
6575		phdr->param_len = 8;
6576		data = (uint8_t *)(phdr + 1);
6577		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6578		data[4] = 0x02; /* per-pool */
6579		data += phdr->param_len;
6580	}
6581
6582	if (lun->backend->lun_attr != NULL &&
6583	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6584	     != UINT64_MAX) {
6585		phdr = (struct scsi_log_param_header *)data;
6586		scsi_ulto2b(0x00f2, phdr->param_code);
6587		phdr->param_control = SLP_LBIN | SLP_LP;
6588		phdr->param_len = 8;
6589		data = (uint8_t *)(phdr + 1);
6590		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6591		data[4] = 0x02; /* per-pool */
6592		data += phdr->param_len;
6593	}
6594
6595	page_index->page_len = data - page_index->page_data;
6596	return (0);
6597}
6598
6599int
6600ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6601			       struct ctl_page_index *page_index,
6602			       int pc)
6603{
6604	struct ctl_lun *lun;
6605	struct stat_page *data;
6606	uint64_t rn, wn, rb, wb;
6607	struct bintime rt, wt;
6608	int i;
6609
6610	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6611	data = (struct stat_page *)page_index->page_data;
6612
6613	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6614	data->sap.hdr.param_control = SLP_LBIN;
6615	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6616	    sizeof(struct scsi_log_param_header);
6617	rn = wn = rb = wb = 0;
6618	bintime_clear(&rt);
6619	bintime_clear(&wt);
6620	for (i = 0; i < CTL_MAX_PORTS; i++) {
6621		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6622		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6623		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6624		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6625		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6626		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6627	}
6628	scsi_u64to8b(rn, data->sap.read_num);
6629	scsi_u64to8b(wn, data->sap.write_num);
6630	if (lun->stats.blocksize > 0) {
6631		scsi_u64to8b(wb / lun->stats.blocksize,
6632		    data->sap.recvieved_lba);
6633		scsi_u64to8b(rb / lun->stats.blocksize,
6634		    data->sap.transmitted_lba);
6635	}
6636	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6637	    data->sap.read_int);
6638	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6639	    data->sap.write_int);
6640	scsi_u64to8b(0, data->sap.weighted_num);
6641	scsi_u64to8b(0, data->sap.weighted_int);
6642	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6643	data->it.hdr.param_control = SLP_LBIN;
6644	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6645	    sizeof(struct scsi_log_param_header);
6646#ifdef CTL_TIME_IO
6647	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6648#endif
6649	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6650	data->it.hdr.param_control = SLP_LBIN;
6651	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6652	    sizeof(struct scsi_log_param_header);
6653	scsi_ulto4b(3, data->ti.exponent);
6654	scsi_ulto4b(1, data->ti.integer);
6655
6656	page_index->page_len = sizeof(*data);
6657	return (0);
6658}
6659
6660int
6661ctl_log_sense(struct ctl_scsiio *ctsio)
6662{
6663	struct ctl_lun *lun;
6664	int i, pc, page_code, subpage;
6665	int alloc_len, total_len;
6666	struct ctl_page_index *page_index;
6667	struct scsi_log_sense *cdb;
6668	struct scsi_log_header *header;
6669
6670	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6671
6672	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6673	cdb = (struct scsi_log_sense *)ctsio->cdb;
6674	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6675	page_code = cdb->page & SLS_PAGE_CODE;
6676	subpage = cdb->subpage;
6677	alloc_len = scsi_2btoul(cdb->length);
6678
6679	page_index = NULL;
6680	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6681		page_index = &lun->log_pages.index[i];
6682
6683		/* Look for the right page code */
6684		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6685			continue;
6686
6687		/* Look for the right subpage or the subpage wildcard*/
6688		if (page_index->subpage != subpage)
6689			continue;
6690
6691		break;
6692	}
6693	if (i >= CTL_NUM_LOG_PAGES) {
6694		ctl_set_invalid_field(ctsio,
6695				      /*sks_valid*/ 1,
6696				      /*command*/ 1,
6697				      /*field*/ 2,
6698				      /*bit_valid*/ 0,
6699				      /*bit*/ 0);
6700		ctl_done((union ctl_io *)ctsio);
6701		return (CTL_RETVAL_COMPLETE);
6702	}
6703
6704	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6705
6706	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6707	ctsio->kern_sg_entries = 0;
6708	ctsio->kern_data_resid = 0;
6709	ctsio->kern_rel_offset = 0;
6710	if (total_len < alloc_len) {
6711		ctsio->residual = alloc_len - total_len;
6712		ctsio->kern_data_len = total_len;
6713		ctsio->kern_total_len = total_len;
6714	} else {
6715		ctsio->residual = 0;
6716		ctsio->kern_data_len = alloc_len;
6717		ctsio->kern_total_len = alloc_len;
6718	}
6719
6720	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6721	header->page = page_index->page_code;
6722	if (page_index->subpage) {
6723		header->page |= SL_SPF;
6724		header->subpage = page_index->subpage;
6725	}
6726	scsi_ulto2b(page_index->page_len, header->datalen);
6727
6728	/*
6729	 * Call the handler, if it exists, to update the
6730	 * page to the latest values.
6731	 */
6732	if (page_index->sense_handler != NULL)
6733		page_index->sense_handler(ctsio, page_index, pc);
6734
6735	memcpy(header + 1, page_index->page_data, page_index->page_len);
6736
6737	ctl_set_success(ctsio);
6738	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6739	ctsio->be_move_done = ctl_config_move_done;
6740	ctl_datamove((union ctl_io *)ctsio);
6741	return (CTL_RETVAL_COMPLETE);
6742}
6743
6744int
6745ctl_read_capacity(struct ctl_scsiio *ctsio)
6746{
6747	struct scsi_read_capacity *cdb;
6748	struct scsi_read_capacity_data *data;
6749	struct ctl_lun *lun;
6750	uint32_t lba;
6751
6752	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6753
6754	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6755
6756	lba = scsi_4btoul(cdb->addr);
6757	if (((cdb->pmi & SRC_PMI) == 0)
6758	 && (lba != 0)) {
6759		ctl_set_invalid_field(/*ctsio*/ ctsio,
6760				      /*sks_valid*/ 1,
6761				      /*command*/ 1,
6762				      /*field*/ 2,
6763				      /*bit_valid*/ 0,
6764				      /*bit*/ 0);
6765		ctl_done((union ctl_io *)ctsio);
6766		return (CTL_RETVAL_COMPLETE);
6767	}
6768
6769	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6770
6771	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6772	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6773	ctsio->residual = 0;
6774	ctsio->kern_data_len = sizeof(*data);
6775	ctsio->kern_total_len = sizeof(*data);
6776	ctsio->kern_data_resid = 0;
6777	ctsio->kern_rel_offset = 0;
6778	ctsio->kern_sg_entries = 0;
6779
6780	/*
6781	 * If the maximum LBA is greater than 0xfffffffe, the user must
6782	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6783	 * serivce action set.
6784	 */
6785	if (lun->be_lun->maxlba > 0xfffffffe)
6786		scsi_ulto4b(0xffffffff, data->addr);
6787	else
6788		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6789
6790	/*
6791	 * XXX KDM this may not be 512 bytes...
6792	 */
6793	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6794
6795	ctl_set_success(ctsio);
6796	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6797	ctsio->be_move_done = ctl_config_move_done;
6798	ctl_datamove((union ctl_io *)ctsio);
6799	return (CTL_RETVAL_COMPLETE);
6800}
6801
6802int
6803ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6804{
6805	struct scsi_read_capacity_16 *cdb;
6806	struct scsi_read_capacity_data_long *data;
6807	struct ctl_lun *lun;
6808	uint64_t lba;
6809	uint32_t alloc_len;
6810
6811	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6812
6813	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6814
6815	alloc_len = scsi_4btoul(cdb->alloc_len);
6816	lba = scsi_8btou64(cdb->addr);
6817
6818	if ((cdb->reladr & SRC16_PMI)
6819	 && (lba != 0)) {
6820		ctl_set_invalid_field(/*ctsio*/ ctsio,
6821				      /*sks_valid*/ 1,
6822				      /*command*/ 1,
6823				      /*field*/ 2,
6824				      /*bit_valid*/ 0,
6825				      /*bit*/ 0);
6826		ctl_done((union ctl_io *)ctsio);
6827		return (CTL_RETVAL_COMPLETE);
6828	}
6829
6830	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6831
6832	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6833	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6834
6835	if (sizeof(*data) < alloc_len) {
6836		ctsio->residual = alloc_len - sizeof(*data);
6837		ctsio->kern_data_len = sizeof(*data);
6838		ctsio->kern_total_len = sizeof(*data);
6839	} else {
6840		ctsio->residual = 0;
6841		ctsio->kern_data_len = alloc_len;
6842		ctsio->kern_total_len = alloc_len;
6843	}
6844	ctsio->kern_data_resid = 0;
6845	ctsio->kern_rel_offset = 0;
6846	ctsio->kern_sg_entries = 0;
6847
6848	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6849	/* XXX KDM this may not be 512 bytes... */
6850	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6851	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6852	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6853	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6854		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6855
6856	ctl_set_success(ctsio);
6857	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6858	ctsio->be_move_done = ctl_config_move_done;
6859	ctl_datamove((union ctl_io *)ctsio);
6860	return (CTL_RETVAL_COMPLETE);
6861}
6862
6863int
6864ctl_get_lba_status(struct ctl_scsiio *ctsio)
6865{
6866	struct scsi_get_lba_status *cdb;
6867	struct scsi_get_lba_status_data *data;
6868	struct ctl_lun *lun;
6869	struct ctl_lba_len_flags *lbalen;
6870	uint64_t lba;
6871	uint32_t alloc_len, total_len;
6872	int retval;
6873
6874	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6875
6876	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6877	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6878	lba = scsi_8btou64(cdb->addr);
6879	alloc_len = scsi_4btoul(cdb->alloc_len);
6880
6881	if (lba > lun->be_lun->maxlba) {
6882		ctl_set_lba_out_of_range(ctsio);
6883		ctl_done((union ctl_io *)ctsio);
6884		return (CTL_RETVAL_COMPLETE);
6885	}
6886
6887	total_len = sizeof(*data) + sizeof(data->descr[0]);
6888	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6889	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6890
6891	if (total_len < alloc_len) {
6892		ctsio->residual = alloc_len - total_len;
6893		ctsio->kern_data_len = total_len;
6894		ctsio->kern_total_len = total_len;
6895	} else {
6896		ctsio->residual = 0;
6897		ctsio->kern_data_len = alloc_len;
6898		ctsio->kern_total_len = alloc_len;
6899	}
6900	ctsio->kern_data_resid = 0;
6901	ctsio->kern_rel_offset = 0;
6902	ctsio->kern_sg_entries = 0;
6903
6904	/* Fill dummy data in case backend can't tell anything. */
6905	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6906	scsi_u64to8b(lba, data->descr[0].addr);
6907	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6908	    data->descr[0].length);
6909	data->descr[0].status = 0; /* Mapped or unknown. */
6910
6911	ctl_set_success(ctsio);
6912	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6913	ctsio->be_move_done = ctl_config_move_done;
6914
6915	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6916	lbalen->lba = lba;
6917	lbalen->len = total_len;
6918	lbalen->flags = 0;
6919	retval = lun->backend->config_read((union ctl_io *)ctsio);
6920	return (CTL_RETVAL_COMPLETE);
6921}
6922
6923int
6924ctl_read_defect(struct ctl_scsiio *ctsio)
6925{
6926	struct scsi_read_defect_data_10 *ccb10;
6927	struct scsi_read_defect_data_12 *ccb12;
6928	struct scsi_read_defect_data_hdr_10 *data10;
6929	struct scsi_read_defect_data_hdr_12 *data12;
6930	uint32_t alloc_len, data_len;
6931	uint8_t format;
6932
6933	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6934
6935	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6936		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6937		format = ccb10->format;
6938		alloc_len = scsi_2btoul(ccb10->alloc_length);
6939		data_len = sizeof(*data10);
6940	} else {
6941		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6942		format = ccb12->format;
6943		alloc_len = scsi_4btoul(ccb12->alloc_length);
6944		data_len = sizeof(*data12);
6945	}
6946	if (alloc_len == 0) {
6947		ctl_set_success(ctsio);
6948		ctl_done((union ctl_io *)ctsio);
6949		return (CTL_RETVAL_COMPLETE);
6950	}
6951
6952	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6953	if (data_len < alloc_len) {
6954		ctsio->residual = alloc_len - data_len;
6955		ctsio->kern_data_len = data_len;
6956		ctsio->kern_total_len = data_len;
6957	} else {
6958		ctsio->residual = 0;
6959		ctsio->kern_data_len = alloc_len;
6960		ctsio->kern_total_len = alloc_len;
6961	}
6962	ctsio->kern_data_resid = 0;
6963	ctsio->kern_rel_offset = 0;
6964	ctsio->kern_sg_entries = 0;
6965
6966	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6967		data10 = (struct scsi_read_defect_data_hdr_10 *)
6968		    ctsio->kern_data_ptr;
6969		data10->format = format;
6970		scsi_ulto2b(0, data10->length);
6971	} else {
6972		data12 = (struct scsi_read_defect_data_hdr_12 *)
6973		    ctsio->kern_data_ptr;
6974		data12->format = format;
6975		scsi_ulto2b(0, data12->generation);
6976		scsi_ulto4b(0, data12->length);
6977	}
6978
6979	ctl_set_success(ctsio);
6980	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6981	ctsio->be_move_done = ctl_config_move_done;
6982	ctl_datamove((union ctl_io *)ctsio);
6983	return (CTL_RETVAL_COMPLETE);
6984}
6985
6986int
6987ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
6988{
6989	struct scsi_maintenance_in *cdb;
6990	int retval;
6991	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
6992	int num_target_port_groups, num_target_ports;
6993	struct ctl_lun *lun;
6994	struct ctl_softc *softc;
6995	struct ctl_port *port;
6996	struct scsi_target_group_data *rtg_ptr;
6997	struct scsi_target_group_data_extended *rtg_ext_ptr;
6998	struct scsi_target_port_group_descriptor *tpg_desc;
6999
7000	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7001
7002	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7003	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7004	softc = lun->ctl_softc;
7005
7006	retval = CTL_RETVAL_COMPLETE;
7007
7008	switch (cdb->byte2 & STG_PDF_MASK) {
7009	case STG_PDF_LENGTH:
7010		ext = 0;
7011		break;
7012	case STG_PDF_EXTENDED:
7013		ext = 1;
7014		break;
7015	default:
7016		ctl_set_invalid_field(/*ctsio*/ ctsio,
7017				      /*sks_valid*/ 1,
7018				      /*command*/ 1,
7019				      /*field*/ 2,
7020				      /*bit_valid*/ 1,
7021				      /*bit*/ 5);
7022		ctl_done((union ctl_io *)ctsio);
7023		return(retval);
7024	}
7025
7026	if (softc->is_single)
7027		num_target_port_groups = 1;
7028	else
7029		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7030	num_target_ports = 0;
7031	mtx_lock(&softc->ctl_lock);
7032	STAILQ_FOREACH(port, &softc->port_list, links) {
7033		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7034			continue;
7035		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7036			continue;
7037		num_target_ports++;
7038	}
7039	mtx_unlock(&softc->ctl_lock);
7040
7041	if (ext)
7042		total_len = sizeof(struct scsi_target_group_data_extended);
7043	else
7044		total_len = sizeof(struct scsi_target_group_data);
7045	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7046		num_target_port_groups +
7047	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7048
7049	alloc_len = scsi_4btoul(cdb->length);
7050
7051	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7052
7053	ctsio->kern_sg_entries = 0;
7054
7055	if (total_len < alloc_len) {
7056		ctsio->residual = alloc_len - total_len;
7057		ctsio->kern_data_len = total_len;
7058		ctsio->kern_total_len = total_len;
7059	} else {
7060		ctsio->residual = 0;
7061		ctsio->kern_data_len = alloc_len;
7062		ctsio->kern_total_len = alloc_len;
7063	}
7064	ctsio->kern_data_resid = 0;
7065	ctsio->kern_rel_offset = 0;
7066
7067	if (ext) {
7068		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7069		    ctsio->kern_data_ptr;
7070		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7071		rtg_ext_ptr->format_type = 0x10;
7072		rtg_ext_ptr->implicit_transition_time = 0;
7073		tpg_desc = &rtg_ext_ptr->groups[0];
7074	} else {
7075		rtg_ptr = (struct scsi_target_group_data *)
7076		    ctsio->kern_data_ptr;
7077		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7078		tpg_desc = &rtg_ptr->groups[0];
7079	}
7080
7081	mtx_lock(&softc->ctl_lock);
7082	pg = softc->port_min / softc->port_cnt;
7083	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7084		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7085	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7086		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7087	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7088		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7089	else
7090		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7091	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7092		os = gs;
7093		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7094	} else
7095		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7096	for (g = 0; g < num_target_port_groups; g++) {
7097		tpg_desc->pref_state = (g == pg) ? gs : os;
7098		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7099		    TPG_U_SUP | TPG_T_SUP;
7100		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7101		tpg_desc->status = TPG_IMPLICIT;
7102		pc = 0;
7103		STAILQ_FOREACH(port, &softc->port_list, links) {
7104			if (port->targ_port < g * softc->port_cnt ||
7105			    port->targ_port >= (g + 1) * softc->port_cnt)
7106				continue;
7107			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7108				continue;
7109			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7110				continue;
7111			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7112			    relative_target_port_identifier);
7113			pc++;
7114		}
7115		tpg_desc->target_port_count = pc;
7116		tpg_desc = (struct scsi_target_port_group_descriptor *)
7117		    &tpg_desc->descriptors[pc];
7118	}
7119	mtx_unlock(&softc->ctl_lock);
7120
7121	ctl_set_success(ctsio);
7122	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7123	ctsio->be_move_done = ctl_config_move_done;
7124	ctl_datamove((union ctl_io *)ctsio);
7125	return(retval);
7126}
7127
7128int
7129ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7130{
7131	struct ctl_lun *lun;
7132	struct scsi_report_supported_opcodes *cdb;
7133	const struct ctl_cmd_entry *entry, *sentry;
7134	struct scsi_report_supported_opcodes_all *all;
7135	struct scsi_report_supported_opcodes_descr *descr;
7136	struct scsi_report_supported_opcodes_one *one;
7137	int retval;
7138	int alloc_len, total_len;
7139	int opcode, service_action, i, j, num;
7140
7141	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7142
7143	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7144	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7145
7146	retval = CTL_RETVAL_COMPLETE;
7147
7148	opcode = cdb->requested_opcode;
7149	service_action = scsi_2btoul(cdb->requested_service_action);
7150	switch (cdb->options & RSO_OPTIONS_MASK) {
7151	case RSO_OPTIONS_ALL:
7152		num = 0;
7153		for (i = 0; i < 256; i++) {
7154			entry = &ctl_cmd_table[i];
7155			if (entry->flags & CTL_CMD_FLAG_SA5) {
7156				for (j = 0; j < 32; j++) {
7157					sentry = &((const struct ctl_cmd_entry *)
7158					    entry->execute)[j];
7159					if (ctl_cmd_applicable(
7160					    lun->be_lun->lun_type, sentry))
7161						num++;
7162				}
7163			} else {
7164				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7165				    entry))
7166					num++;
7167			}
7168		}
7169		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7170		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7171		break;
7172	case RSO_OPTIONS_OC:
7173		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7174			ctl_set_invalid_field(/*ctsio*/ ctsio,
7175					      /*sks_valid*/ 1,
7176					      /*command*/ 1,
7177					      /*field*/ 2,
7178					      /*bit_valid*/ 1,
7179					      /*bit*/ 2);
7180			ctl_done((union ctl_io *)ctsio);
7181			return (CTL_RETVAL_COMPLETE);
7182		}
7183		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7184		break;
7185	case RSO_OPTIONS_OC_SA:
7186		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7187		    service_action >= 32) {
7188			ctl_set_invalid_field(/*ctsio*/ ctsio,
7189					      /*sks_valid*/ 1,
7190					      /*command*/ 1,
7191					      /*field*/ 2,
7192					      /*bit_valid*/ 1,
7193					      /*bit*/ 2);
7194			ctl_done((union ctl_io *)ctsio);
7195			return (CTL_RETVAL_COMPLETE);
7196		}
7197		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7198		break;
7199	default:
7200		ctl_set_invalid_field(/*ctsio*/ ctsio,
7201				      /*sks_valid*/ 1,
7202				      /*command*/ 1,
7203				      /*field*/ 2,
7204				      /*bit_valid*/ 1,
7205				      /*bit*/ 2);
7206		ctl_done((union ctl_io *)ctsio);
7207		return (CTL_RETVAL_COMPLETE);
7208	}
7209
7210	alloc_len = scsi_4btoul(cdb->length);
7211
7212	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7213
7214	ctsio->kern_sg_entries = 0;
7215
7216	if (total_len < alloc_len) {
7217		ctsio->residual = alloc_len - total_len;
7218		ctsio->kern_data_len = total_len;
7219		ctsio->kern_total_len = total_len;
7220	} else {
7221		ctsio->residual = 0;
7222		ctsio->kern_data_len = alloc_len;
7223		ctsio->kern_total_len = alloc_len;
7224	}
7225	ctsio->kern_data_resid = 0;
7226	ctsio->kern_rel_offset = 0;
7227
7228	switch (cdb->options & RSO_OPTIONS_MASK) {
7229	case RSO_OPTIONS_ALL:
7230		all = (struct scsi_report_supported_opcodes_all *)
7231		    ctsio->kern_data_ptr;
7232		num = 0;
7233		for (i = 0; i < 256; i++) {
7234			entry = &ctl_cmd_table[i];
7235			if (entry->flags & CTL_CMD_FLAG_SA5) {
7236				for (j = 0; j < 32; j++) {
7237					sentry = &((const struct ctl_cmd_entry *)
7238					    entry->execute)[j];
7239					if (!ctl_cmd_applicable(
7240					    lun->be_lun->lun_type, sentry))
7241						continue;
7242					descr = &all->descr[num++];
7243					descr->opcode = i;
7244					scsi_ulto2b(j, descr->service_action);
7245					descr->flags = RSO_SERVACTV;
7246					scsi_ulto2b(sentry->length,
7247					    descr->cdb_length);
7248				}
7249			} else {
7250				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7251				    entry))
7252					continue;
7253				descr = &all->descr[num++];
7254				descr->opcode = i;
7255				scsi_ulto2b(0, descr->service_action);
7256				descr->flags = 0;
7257				scsi_ulto2b(entry->length, descr->cdb_length);
7258			}
7259		}
7260		scsi_ulto4b(
7261		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7262		    all->length);
7263		break;
7264	case RSO_OPTIONS_OC:
7265		one = (struct scsi_report_supported_opcodes_one *)
7266		    ctsio->kern_data_ptr;
7267		entry = &ctl_cmd_table[opcode];
7268		goto fill_one;
7269	case RSO_OPTIONS_OC_SA:
7270		one = (struct scsi_report_supported_opcodes_one *)
7271		    ctsio->kern_data_ptr;
7272		entry = &ctl_cmd_table[opcode];
7273		entry = &((const struct ctl_cmd_entry *)
7274		    entry->execute)[service_action];
7275fill_one:
7276		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7277			one->support = 3;
7278			scsi_ulto2b(entry->length, one->cdb_length);
7279			one->cdb_usage[0] = opcode;
7280			memcpy(&one->cdb_usage[1], entry->usage,
7281			    entry->length - 1);
7282		} else
7283			one->support = 1;
7284		break;
7285	}
7286
7287	ctl_set_success(ctsio);
7288	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7289	ctsio->be_move_done = ctl_config_move_done;
7290	ctl_datamove((union ctl_io *)ctsio);
7291	return(retval);
7292}
7293
7294int
7295ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7296{
7297	struct scsi_report_supported_tmf *cdb;
7298	struct scsi_report_supported_tmf_data *data;
7299	int retval;
7300	int alloc_len, total_len;
7301
7302	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7303
7304	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7305
7306	retval = CTL_RETVAL_COMPLETE;
7307
7308	total_len = sizeof(struct scsi_report_supported_tmf_data);
7309	alloc_len = scsi_4btoul(cdb->length);
7310
7311	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7312
7313	ctsio->kern_sg_entries = 0;
7314
7315	if (total_len < alloc_len) {
7316		ctsio->residual = alloc_len - total_len;
7317		ctsio->kern_data_len = total_len;
7318		ctsio->kern_total_len = total_len;
7319	} else {
7320		ctsio->residual = 0;
7321		ctsio->kern_data_len = alloc_len;
7322		ctsio->kern_total_len = alloc_len;
7323	}
7324	ctsio->kern_data_resid = 0;
7325	ctsio->kern_rel_offset = 0;
7326
7327	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7328	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_TRS;
7329	data->byte2 |= RST_ITNRS;
7330
7331	ctl_set_success(ctsio);
7332	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7333	ctsio->be_move_done = ctl_config_move_done;
7334	ctl_datamove((union ctl_io *)ctsio);
7335	return (retval);
7336}
7337
7338int
7339ctl_report_timestamp(struct ctl_scsiio *ctsio)
7340{
7341	struct scsi_report_timestamp *cdb;
7342	struct scsi_report_timestamp_data *data;
7343	struct timeval tv;
7344	int64_t timestamp;
7345	int retval;
7346	int alloc_len, total_len;
7347
7348	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7349
7350	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7351
7352	retval = CTL_RETVAL_COMPLETE;
7353
7354	total_len = sizeof(struct scsi_report_timestamp_data);
7355	alloc_len = scsi_4btoul(cdb->length);
7356
7357	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7358
7359	ctsio->kern_sg_entries = 0;
7360
7361	if (total_len < alloc_len) {
7362		ctsio->residual = alloc_len - total_len;
7363		ctsio->kern_data_len = total_len;
7364		ctsio->kern_total_len = total_len;
7365	} else {
7366		ctsio->residual = 0;
7367		ctsio->kern_data_len = alloc_len;
7368		ctsio->kern_total_len = alloc_len;
7369	}
7370	ctsio->kern_data_resid = 0;
7371	ctsio->kern_rel_offset = 0;
7372
7373	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7374	scsi_ulto2b(sizeof(*data) - 2, data->length);
7375	data->origin = RTS_ORIG_OUTSIDE;
7376	getmicrotime(&tv);
7377	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7378	scsi_ulto4b(timestamp >> 16, data->timestamp);
7379	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7380
7381	ctl_set_success(ctsio);
7382	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7383	ctsio->be_move_done = ctl_config_move_done;
7384	ctl_datamove((union ctl_io *)ctsio);
7385	return (retval);
7386}
7387
7388int
7389ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7390{
7391	struct scsi_per_res_in *cdb;
7392	int alloc_len, total_len = 0;
7393	/* struct scsi_per_res_in_rsrv in_data; */
7394	struct ctl_lun *lun;
7395	struct ctl_softc *softc;
7396	uint64_t key;
7397
7398	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7399
7400	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7401
7402	alloc_len = scsi_2btoul(cdb->length);
7403
7404	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7405	softc = lun->ctl_softc;
7406
7407retry:
7408	mtx_lock(&lun->lun_lock);
7409	switch (cdb->action) {
7410	case SPRI_RK: /* read keys */
7411		total_len = sizeof(struct scsi_per_res_in_keys) +
7412			lun->pr_key_count *
7413			sizeof(struct scsi_per_res_key);
7414		break;
7415	case SPRI_RR: /* read reservation */
7416		if (lun->flags & CTL_LUN_PR_RESERVED)
7417			total_len = sizeof(struct scsi_per_res_in_rsrv);
7418		else
7419			total_len = sizeof(struct scsi_per_res_in_header);
7420		break;
7421	case SPRI_RC: /* report capabilities */
7422		total_len = sizeof(struct scsi_per_res_cap);
7423		break;
7424	case SPRI_RS: /* read full status */
7425		total_len = sizeof(struct scsi_per_res_in_header) +
7426		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7427		    lun->pr_key_count;
7428		break;
7429	default:
7430		panic("Invalid PR type %x", cdb->action);
7431	}
7432	mtx_unlock(&lun->lun_lock);
7433
7434	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7435
7436	if (total_len < alloc_len) {
7437		ctsio->residual = alloc_len - total_len;
7438		ctsio->kern_data_len = total_len;
7439		ctsio->kern_total_len = total_len;
7440	} else {
7441		ctsio->residual = 0;
7442		ctsio->kern_data_len = alloc_len;
7443		ctsio->kern_total_len = alloc_len;
7444	}
7445
7446	ctsio->kern_data_resid = 0;
7447	ctsio->kern_rel_offset = 0;
7448	ctsio->kern_sg_entries = 0;
7449
7450	mtx_lock(&lun->lun_lock);
7451	switch (cdb->action) {
7452	case SPRI_RK: { // read keys
7453        struct scsi_per_res_in_keys *res_keys;
7454		int i, key_count;
7455
7456		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7457
7458		/*
7459		 * We had to drop the lock to allocate our buffer, which
7460		 * leaves time for someone to come in with another
7461		 * persistent reservation.  (That is unlikely, though,
7462		 * since this should be the only persistent reservation
7463		 * command active right now.)
7464		 */
7465		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7466		    (lun->pr_key_count *
7467		     sizeof(struct scsi_per_res_key)))){
7468			mtx_unlock(&lun->lun_lock);
7469			free(ctsio->kern_data_ptr, M_CTL);
7470			printf("%s: reservation length changed, retrying\n",
7471			       __func__);
7472			goto retry;
7473		}
7474
7475		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7476
7477		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7478			     lun->pr_key_count, res_keys->header.length);
7479
7480		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7481			if ((key = ctl_get_prkey(lun, i)) == 0)
7482				continue;
7483
7484			/*
7485			 * We used lun->pr_key_count to calculate the
7486			 * size to allocate.  If it turns out the number of
7487			 * initiators with the registered flag set is
7488			 * larger than that (i.e. they haven't been kept in
7489			 * sync), we've got a problem.
7490			 */
7491			if (key_count >= lun->pr_key_count) {
7492#ifdef NEEDTOPORT
7493				csevent_log(CSC_CTL | CSC_SHELF_SW |
7494					    CTL_PR_ERROR,
7495					    csevent_LogType_Fault,
7496					    csevent_AlertLevel_Yellow,
7497					    csevent_FRU_ShelfController,
7498					    csevent_FRU_Firmware,
7499				        csevent_FRU_Unknown,
7500					    "registered keys %d >= key "
7501					    "count %d", key_count,
7502					    lun->pr_key_count);
7503#endif
7504				key_count++;
7505				continue;
7506			}
7507			scsi_u64to8b(key, res_keys->keys[key_count].key);
7508			key_count++;
7509		}
7510		break;
7511	}
7512	case SPRI_RR: { // read reservation
7513		struct scsi_per_res_in_rsrv *res;
7514		int tmp_len, header_only;
7515
7516		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7517
7518		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7519
7520		if (lun->flags & CTL_LUN_PR_RESERVED)
7521		{
7522			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7523			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7524				    res->header.length);
7525			header_only = 0;
7526		} else {
7527			tmp_len = sizeof(struct scsi_per_res_in_header);
7528			scsi_ulto4b(0, res->header.length);
7529			header_only = 1;
7530		}
7531
7532		/*
7533		 * We had to drop the lock to allocate our buffer, which
7534		 * leaves time for someone to come in with another
7535		 * persistent reservation.  (That is unlikely, though,
7536		 * since this should be the only persistent reservation
7537		 * command active right now.)
7538		 */
7539		if (tmp_len != total_len) {
7540			mtx_unlock(&lun->lun_lock);
7541			free(ctsio->kern_data_ptr, M_CTL);
7542			printf("%s: reservation status changed, retrying\n",
7543			       __func__);
7544			goto retry;
7545		}
7546
7547		/*
7548		 * No reservation held, so we're done.
7549		 */
7550		if (header_only != 0)
7551			break;
7552
7553		/*
7554		 * If the registration is an All Registrants type, the key
7555		 * is 0, since it doesn't really matter.
7556		 */
7557		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7558			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7559			    res->data.reservation);
7560		}
7561		res->data.scopetype = lun->res_type;
7562		break;
7563	}
7564	case SPRI_RC:     //report capabilities
7565	{
7566		struct scsi_per_res_cap *res_cap;
7567		uint16_t type_mask;
7568
7569		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7570		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7571		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7572		type_mask = SPRI_TM_WR_EX_AR |
7573			    SPRI_TM_EX_AC_RO |
7574			    SPRI_TM_WR_EX_RO |
7575			    SPRI_TM_EX_AC |
7576			    SPRI_TM_WR_EX |
7577			    SPRI_TM_EX_AC_AR;
7578		scsi_ulto2b(type_mask, res_cap->type_mask);
7579		break;
7580	}
7581	case SPRI_RS: { // read full status
7582		struct scsi_per_res_in_full *res_status;
7583		struct scsi_per_res_in_full_desc *res_desc;
7584		struct ctl_port *port;
7585		int i, len;
7586
7587		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7588
7589		/*
7590		 * We had to drop the lock to allocate our buffer, which
7591		 * leaves time for someone to come in with another
7592		 * persistent reservation.  (That is unlikely, though,
7593		 * since this should be the only persistent reservation
7594		 * command active right now.)
7595		 */
7596		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7597		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7598		     lun->pr_key_count)){
7599			mtx_unlock(&lun->lun_lock);
7600			free(ctsio->kern_data_ptr, M_CTL);
7601			printf("%s: reservation length changed, retrying\n",
7602			       __func__);
7603			goto retry;
7604		}
7605
7606		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7607
7608		res_desc = &res_status->desc[0];
7609		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7610			if ((key = ctl_get_prkey(lun, i)) == 0)
7611				continue;
7612
7613			scsi_u64to8b(key, res_desc->res_key.key);
7614			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7615			    (lun->pr_res_idx == i ||
7616			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7617				res_desc->flags = SPRI_FULL_R_HOLDER;
7618				res_desc->scopetype = lun->res_type;
7619			}
7620			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7621			    res_desc->rel_trgt_port_id);
7622			len = 0;
7623			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7624			if (port != NULL)
7625				len = ctl_create_iid(port,
7626				    i % CTL_MAX_INIT_PER_PORT,
7627				    res_desc->transport_id);
7628			scsi_ulto4b(len, res_desc->additional_length);
7629			res_desc = (struct scsi_per_res_in_full_desc *)
7630			    &res_desc->transport_id[len];
7631		}
7632		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7633		    res_status->header.length);
7634		break;
7635	}
7636	default:
7637		/*
7638		 * This is a bug, because we just checked for this above,
7639		 * and should have returned an error.
7640		 */
7641		panic("Invalid PR type %x", cdb->action);
7642		break; /* NOTREACHED */
7643	}
7644	mtx_unlock(&lun->lun_lock);
7645
7646	ctl_set_success(ctsio);
7647	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7648	ctsio->be_move_done = ctl_config_move_done;
7649	ctl_datamove((union ctl_io *)ctsio);
7650	return (CTL_RETVAL_COMPLETE);
7651}
7652
7653/*
7654 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7655 * it should return.
7656 */
7657static int
7658ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7659		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7660		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7661		struct scsi_per_res_out_parms* param)
7662{
7663	union ctl_ha_msg persis_io;
7664	int i;
7665
7666	mtx_lock(&lun->lun_lock);
7667	if (sa_res_key == 0) {
7668		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7669			/* validate scope and type */
7670			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7671			     SPR_LU_SCOPE) {
7672				mtx_unlock(&lun->lun_lock);
7673				ctl_set_invalid_field(/*ctsio*/ ctsio,
7674						      /*sks_valid*/ 1,
7675						      /*command*/ 1,
7676						      /*field*/ 2,
7677						      /*bit_valid*/ 1,
7678						      /*bit*/ 4);
7679				ctl_done((union ctl_io *)ctsio);
7680				return (1);
7681			}
7682
7683		        if (type>8 || type==2 || type==4 || type==0) {
7684				mtx_unlock(&lun->lun_lock);
7685				ctl_set_invalid_field(/*ctsio*/ ctsio,
7686       	           				      /*sks_valid*/ 1,
7687						      /*command*/ 1,
7688						      /*field*/ 2,
7689						      /*bit_valid*/ 1,
7690						      /*bit*/ 0);
7691				ctl_done((union ctl_io *)ctsio);
7692				return (1);
7693		        }
7694
7695			/*
7696			 * Unregister everybody else and build UA for
7697			 * them
7698			 */
7699			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7700				if (i == residx || ctl_get_prkey(lun, i) == 0)
7701					continue;
7702
7703				ctl_clr_prkey(lun, i);
7704				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7705			}
7706			lun->pr_key_count = 1;
7707			lun->res_type = type;
7708			if (lun->res_type != SPR_TYPE_WR_EX_AR
7709			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7710				lun->pr_res_idx = residx;
7711			lun->PRGeneration++;
7712			mtx_unlock(&lun->lun_lock);
7713
7714			/* send msg to other side */
7715			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7716			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7717			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7718			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7719			persis_io.pr.pr_info.res_type = type;
7720			memcpy(persis_io.pr.pr_info.sa_res_key,
7721			       param->serv_act_res_key,
7722			       sizeof(param->serv_act_res_key));
7723			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7724			    sizeof(persis_io.pr), M_WAITOK);
7725		} else {
7726			/* not all registrants */
7727			mtx_unlock(&lun->lun_lock);
7728			free(ctsio->kern_data_ptr, M_CTL);
7729			ctl_set_invalid_field(ctsio,
7730					      /*sks_valid*/ 1,
7731					      /*command*/ 0,
7732					      /*field*/ 8,
7733					      /*bit_valid*/ 0,
7734					      /*bit*/ 0);
7735			ctl_done((union ctl_io *)ctsio);
7736			return (1);
7737		}
7738	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7739		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7740		int found = 0;
7741
7742		if (res_key == sa_res_key) {
7743			/* special case */
7744			/*
7745			 * The spec implies this is not good but doesn't
7746			 * say what to do. There are two choices either
7747			 * generate a res conflict or check condition
7748			 * with illegal field in parameter data. Since
7749			 * that is what is done when the sa_res_key is
7750			 * zero I'll take that approach since this has
7751			 * to do with the sa_res_key.
7752			 */
7753			mtx_unlock(&lun->lun_lock);
7754			free(ctsio->kern_data_ptr, M_CTL);
7755			ctl_set_invalid_field(ctsio,
7756					      /*sks_valid*/ 1,
7757					      /*command*/ 0,
7758					      /*field*/ 8,
7759					      /*bit_valid*/ 0,
7760					      /*bit*/ 0);
7761			ctl_done((union ctl_io *)ctsio);
7762			return (1);
7763		}
7764
7765		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7766			if (ctl_get_prkey(lun, i) != sa_res_key)
7767				continue;
7768
7769			found = 1;
7770			ctl_clr_prkey(lun, i);
7771			lun->pr_key_count--;
7772			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7773		}
7774		if (!found) {
7775			mtx_unlock(&lun->lun_lock);
7776			free(ctsio->kern_data_ptr, M_CTL);
7777			ctl_set_reservation_conflict(ctsio);
7778			ctl_done((union ctl_io *)ctsio);
7779			return (CTL_RETVAL_COMPLETE);
7780		}
7781		lun->PRGeneration++;
7782		mtx_unlock(&lun->lun_lock);
7783
7784		/* send msg to other side */
7785		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7786		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7787		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7788		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7789		persis_io.pr.pr_info.res_type = type;
7790		memcpy(persis_io.pr.pr_info.sa_res_key,
7791		       param->serv_act_res_key,
7792		       sizeof(param->serv_act_res_key));
7793		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7794		    sizeof(persis_io.pr), M_WAITOK);
7795	} else {
7796		/* Reserved but not all registrants */
7797		/* sa_res_key is res holder */
7798		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7799			/* validate scope and type */
7800			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7801			     SPR_LU_SCOPE) {
7802				mtx_unlock(&lun->lun_lock);
7803				ctl_set_invalid_field(/*ctsio*/ ctsio,
7804						      /*sks_valid*/ 1,
7805						      /*command*/ 1,
7806						      /*field*/ 2,
7807						      /*bit_valid*/ 1,
7808						      /*bit*/ 4);
7809				ctl_done((union ctl_io *)ctsio);
7810				return (1);
7811			}
7812
7813			if (type>8 || type==2 || type==4 || type==0) {
7814				mtx_unlock(&lun->lun_lock);
7815				ctl_set_invalid_field(/*ctsio*/ ctsio,
7816						      /*sks_valid*/ 1,
7817						      /*command*/ 1,
7818						      /*field*/ 2,
7819						      /*bit_valid*/ 1,
7820						      /*bit*/ 0);
7821				ctl_done((union ctl_io *)ctsio);
7822				return (1);
7823			}
7824
7825			/*
7826			 * Do the following:
7827			 * if sa_res_key != res_key remove all
7828			 * registrants w/sa_res_key and generate UA
7829			 * for these registrants(Registrations
7830			 * Preempted) if it wasn't an exclusive
7831			 * reservation generate UA(Reservations
7832			 * Preempted) for all other registered nexuses
7833			 * if the type has changed. Establish the new
7834			 * reservation and holder. If res_key and
7835			 * sa_res_key are the same do the above
7836			 * except don't unregister the res holder.
7837			 */
7838
7839			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7840				if (i == residx || ctl_get_prkey(lun, i) == 0)
7841					continue;
7842
7843				if (sa_res_key == ctl_get_prkey(lun, i)) {
7844					ctl_clr_prkey(lun, i);
7845					lun->pr_key_count--;
7846					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7847				} else if (type != lun->res_type
7848					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7849					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7850					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7851				}
7852			}
7853			lun->res_type = type;
7854			if (lun->res_type != SPR_TYPE_WR_EX_AR
7855			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7856				lun->pr_res_idx = residx;
7857			else
7858				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7859			lun->PRGeneration++;
7860			mtx_unlock(&lun->lun_lock);
7861
7862			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7863			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7864			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7865			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7866			persis_io.pr.pr_info.res_type = type;
7867			memcpy(persis_io.pr.pr_info.sa_res_key,
7868			       param->serv_act_res_key,
7869			       sizeof(param->serv_act_res_key));
7870			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7871			    sizeof(persis_io.pr), M_WAITOK);
7872		} else {
7873			/*
7874			 * sa_res_key is not the res holder just
7875			 * remove registrants
7876			 */
7877			int found=0;
7878
7879			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7880				if (sa_res_key != ctl_get_prkey(lun, i))
7881					continue;
7882
7883				found = 1;
7884				ctl_clr_prkey(lun, i);
7885				lun->pr_key_count--;
7886				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7887			}
7888
7889			if (!found) {
7890				mtx_unlock(&lun->lun_lock);
7891				free(ctsio->kern_data_ptr, M_CTL);
7892				ctl_set_reservation_conflict(ctsio);
7893				ctl_done((union ctl_io *)ctsio);
7894		        	return (1);
7895			}
7896			lun->PRGeneration++;
7897			mtx_unlock(&lun->lun_lock);
7898
7899			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7900			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7901			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7902			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7903			persis_io.pr.pr_info.res_type = type;
7904			memcpy(persis_io.pr.pr_info.sa_res_key,
7905			       param->serv_act_res_key,
7906			       sizeof(param->serv_act_res_key));
7907			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7908			    sizeof(persis_io.pr), M_WAITOK);
7909		}
7910	}
7911	return (0);
7912}
7913
7914static void
7915ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7916{
7917	uint64_t sa_res_key;
7918	int i;
7919
7920	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7921
7922	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7923	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7924	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7925		if (sa_res_key == 0) {
7926			/*
7927			 * Unregister everybody else and build UA for
7928			 * them
7929			 */
7930			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7931				if (i == msg->pr.pr_info.residx ||
7932				    ctl_get_prkey(lun, i) == 0)
7933					continue;
7934
7935				ctl_clr_prkey(lun, i);
7936				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7937			}
7938
7939			lun->pr_key_count = 1;
7940			lun->res_type = msg->pr.pr_info.res_type;
7941			if (lun->res_type != SPR_TYPE_WR_EX_AR
7942			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7943				lun->pr_res_idx = msg->pr.pr_info.residx;
7944		} else {
7945		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7946				if (sa_res_key == ctl_get_prkey(lun, i))
7947					continue;
7948
7949				ctl_clr_prkey(lun, i);
7950				lun->pr_key_count--;
7951				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7952			}
7953		}
7954	} else {
7955		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7956			if (i == msg->pr.pr_info.residx ||
7957			    ctl_get_prkey(lun, i) == 0)
7958				continue;
7959
7960			if (sa_res_key == ctl_get_prkey(lun, i)) {
7961				ctl_clr_prkey(lun, i);
7962				lun->pr_key_count--;
7963				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7964			} else if (msg->pr.pr_info.res_type != lun->res_type
7965				&& (lun->res_type == SPR_TYPE_WR_EX_RO
7966				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
7967				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7968			}
7969		}
7970		lun->res_type = msg->pr.pr_info.res_type;
7971		if (lun->res_type != SPR_TYPE_WR_EX_AR
7972		 && lun->res_type != SPR_TYPE_EX_AC_AR)
7973			lun->pr_res_idx = msg->pr.pr_info.residx;
7974		else
7975			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7976	}
7977	lun->PRGeneration++;
7978
7979}
7980
7981
7982int
7983ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
7984{
7985	int retval;
7986	u_int32_t param_len;
7987	struct scsi_per_res_out *cdb;
7988	struct ctl_lun *lun;
7989	struct scsi_per_res_out_parms* param;
7990	struct ctl_softc *softc;
7991	uint32_t residx;
7992	uint64_t res_key, sa_res_key, key;
7993	uint8_t type;
7994	union ctl_ha_msg persis_io;
7995	int    i;
7996
7997	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
7998
7999	retval = CTL_RETVAL_COMPLETE;
8000
8001	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8002	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8003	softc = lun->ctl_softc;
8004
8005	/*
8006	 * We only support whole-LUN scope.  The scope & type are ignored for
8007	 * register, register and ignore existing key and clear.
8008	 * We sometimes ignore scope and type on preempts too!!
8009	 * Verify reservation type here as well.
8010	 */
8011	type = cdb->scope_type & SPR_TYPE_MASK;
8012	if ((cdb->action == SPRO_RESERVE)
8013	 || (cdb->action == SPRO_RELEASE)) {
8014		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8015			ctl_set_invalid_field(/*ctsio*/ ctsio,
8016					      /*sks_valid*/ 1,
8017					      /*command*/ 1,
8018					      /*field*/ 2,
8019					      /*bit_valid*/ 1,
8020					      /*bit*/ 4);
8021			ctl_done((union ctl_io *)ctsio);
8022			return (CTL_RETVAL_COMPLETE);
8023		}
8024
8025		if (type>8 || type==2 || type==4 || type==0) {
8026			ctl_set_invalid_field(/*ctsio*/ ctsio,
8027					      /*sks_valid*/ 1,
8028					      /*command*/ 1,
8029					      /*field*/ 2,
8030					      /*bit_valid*/ 1,
8031					      /*bit*/ 0);
8032			ctl_done((union ctl_io *)ctsio);
8033			return (CTL_RETVAL_COMPLETE);
8034		}
8035	}
8036
8037	param_len = scsi_4btoul(cdb->length);
8038
8039	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8040		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8041		ctsio->kern_data_len = param_len;
8042		ctsio->kern_total_len = param_len;
8043		ctsio->kern_data_resid = 0;
8044		ctsio->kern_rel_offset = 0;
8045		ctsio->kern_sg_entries = 0;
8046		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8047		ctsio->be_move_done = ctl_config_move_done;
8048		ctl_datamove((union ctl_io *)ctsio);
8049
8050		return (CTL_RETVAL_COMPLETE);
8051	}
8052
8053	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8054
8055	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8056	res_key = scsi_8btou64(param->res_key.key);
8057	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8058
8059	/*
8060	 * Validate the reservation key here except for SPRO_REG_IGNO
8061	 * This must be done for all other service actions
8062	 */
8063	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8064		mtx_lock(&lun->lun_lock);
8065		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8066			if (res_key != key) {
8067				/*
8068				 * The current key passed in doesn't match
8069				 * the one the initiator previously
8070				 * registered.
8071				 */
8072				mtx_unlock(&lun->lun_lock);
8073				free(ctsio->kern_data_ptr, M_CTL);
8074				ctl_set_reservation_conflict(ctsio);
8075				ctl_done((union ctl_io *)ctsio);
8076				return (CTL_RETVAL_COMPLETE);
8077			}
8078		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8079			/*
8080			 * We are not registered
8081			 */
8082			mtx_unlock(&lun->lun_lock);
8083			free(ctsio->kern_data_ptr, M_CTL);
8084			ctl_set_reservation_conflict(ctsio);
8085			ctl_done((union ctl_io *)ctsio);
8086			return (CTL_RETVAL_COMPLETE);
8087		} else if (res_key != 0) {
8088			/*
8089			 * We are not registered and trying to register but
8090			 * the register key isn't zero.
8091			 */
8092			mtx_unlock(&lun->lun_lock);
8093			free(ctsio->kern_data_ptr, M_CTL);
8094			ctl_set_reservation_conflict(ctsio);
8095			ctl_done((union ctl_io *)ctsio);
8096			return (CTL_RETVAL_COMPLETE);
8097		}
8098		mtx_unlock(&lun->lun_lock);
8099	}
8100
8101	switch (cdb->action & SPRO_ACTION_MASK) {
8102	case SPRO_REGISTER:
8103	case SPRO_REG_IGNO: {
8104
8105#if 0
8106		printf("Registration received\n");
8107#endif
8108
8109		/*
8110		 * We don't support any of these options, as we report in
8111		 * the read capabilities request (see
8112		 * ctl_persistent_reserve_in(), above).
8113		 */
8114		if ((param->flags & SPR_SPEC_I_PT)
8115		 || (param->flags & SPR_ALL_TG_PT)
8116		 || (param->flags & SPR_APTPL)) {
8117			int bit_ptr;
8118
8119			if (param->flags & SPR_APTPL)
8120				bit_ptr = 0;
8121			else if (param->flags & SPR_ALL_TG_PT)
8122				bit_ptr = 2;
8123			else /* SPR_SPEC_I_PT */
8124				bit_ptr = 3;
8125
8126			free(ctsio->kern_data_ptr, M_CTL);
8127			ctl_set_invalid_field(ctsio,
8128					      /*sks_valid*/ 1,
8129					      /*command*/ 0,
8130					      /*field*/ 20,
8131					      /*bit_valid*/ 1,
8132					      /*bit*/ bit_ptr);
8133			ctl_done((union ctl_io *)ctsio);
8134			return (CTL_RETVAL_COMPLETE);
8135		}
8136
8137		mtx_lock(&lun->lun_lock);
8138
8139		/*
8140		 * The initiator wants to clear the
8141		 * key/unregister.
8142		 */
8143		if (sa_res_key == 0) {
8144			if ((res_key == 0
8145			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8146			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8147			  && ctl_get_prkey(lun, residx) == 0)) {
8148				mtx_unlock(&lun->lun_lock);
8149				goto done;
8150			}
8151
8152			ctl_clr_prkey(lun, residx);
8153			lun->pr_key_count--;
8154
8155			if (residx == lun->pr_res_idx) {
8156				lun->flags &= ~CTL_LUN_PR_RESERVED;
8157				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8158
8159				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8160				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8161				 && lun->pr_key_count) {
8162					/*
8163					 * If the reservation is a registrants
8164					 * only type we need to generate a UA
8165					 * for other registered inits.  The
8166					 * sense code should be RESERVATIONS
8167					 * RELEASED
8168					 */
8169
8170					for (i = softc->init_min; i < softc->init_max; i++){
8171						if (ctl_get_prkey(lun, i) == 0)
8172							continue;
8173						ctl_est_ua(lun, i,
8174						    CTL_UA_RES_RELEASE);
8175					}
8176				}
8177				lun->res_type = 0;
8178			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8179				if (lun->pr_key_count==0) {
8180					lun->flags &= ~CTL_LUN_PR_RESERVED;
8181					lun->res_type = 0;
8182					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8183				}
8184			}
8185			lun->PRGeneration++;
8186			mtx_unlock(&lun->lun_lock);
8187
8188			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8189			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8190			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8191			persis_io.pr.pr_info.residx = residx;
8192			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8193			    sizeof(persis_io.pr), M_WAITOK);
8194		} else /* sa_res_key != 0 */ {
8195
8196			/*
8197			 * If we aren't registered currently then increment
8198			 * the key count and set the registered flag.
8199			 */
8200			ctl_alloc_prkey(lun, residx);
8201			if (ctl_get_prkey(lun, residx) == 0)
8202				lun->pr_key_count++;
8203			ctl_set_prkey(lun, residx, sa_res_key);
8204			lun->PRGeneration++;
8205			mtx_unlock(&lun->lun_lock);
8206
8207			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8208			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8209			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8210			persis_io.pr.pr_info.residx = residx;
8211			memcpy(persis_io.pr.pr_info.sa_res_key,
8212			       param->serv_act_res_key,
8213			       sizeof(param->serv_act_res_key));
8214			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8215			    sizeof(persis_io.pr), M_WAITOK);
8216		}
8217
8218		break;
8219	}
8220	case SPRO_RESERVE:
8221#if 0
8222                printf("Reserve executed type %d\n", type);
8223#endif
8224		mtx_lock(&lun->lun_lock);
8225		if (lun->flags & CTL_LUN_PR_RESERVED) {
8226			/*
8227			 * if this isn't the reservation holder and it's
8228			 * not a "all registrants" type or if the type is
8229			 * different then we have a conflict
8230			 */
8231			if ((lun->pr_res_idx != residx
8232			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8233			 || lun->res_type != type) {
8234				mtx_unlock(&lun->lun_lock);
8235				free(ctsio->kern_data_ptr, M_CTL);
8236				ctl_set_reservation_conflict(ctsio);
8237				ctl_done((union ctl_io *)ctsio);
8238				return (CTL_RETVAL_COMPLETE);
8239			}
8240			mtx_unlock(&lun->lun_lock);
8241		} else /* create a reservation */ {
8242			/*
8243			 * If it's not an "all registrants" type record
8244			 * reservation holder
8245			 */
8246			if (type != SPR_TYPE_WR_EX_AR
8247			 && type != SPR_TYPE_EX_AC_AR)
8248				lun->pr_res_idx = residx; /* Res holder */
8249			else
8250				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8251
8252			lun->flags |= CTL_LUN_PR_RESERVED;
8253			lun->res_type = type;
8254
8255			mtx_unlock(&lun->lun_lock);
8256
8257			/* send msg to other side */
8258			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8259			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8260			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8261			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8262			persis_io.pr.pr_info.res_type = type;
8263			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8264			    sizeof(persis_io.pr), M_WAITOK);
8265		}
8266		break;
8267
8268	case SPRO_RELEASE:
8269		mtx_lock(&lun->lun_lock);
8270		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8271			/* No reservation exists return good status */
8272			mtx_unlock(&lun->lun_lock);
8273			goto done;
8274		}
8275		/*
8276		 * Is this nexus a reservation holder?
8277		 */
8278		if (lun->pr_res_idx != residx
8279		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8280			/*
8281			 * not a res holder return good status but
8282			 * do nothing
8283			 */
8284			mtx_unlock(&lun->lun_lock);
8285			goto done;
8286		}
8287
8288		if (lun->res_type != type) {
8289			mtx_unlock(&lun->lun_lock);
8290			free(ctsio->kern_data_ptr, M_CTL);
8291			ctl_set_illegal_pr_release(ctsio);
8292			ctl_done((union ctl_io *)ctsio);
8293			return (CTL_RETVAL_COMPLETE);
8294		}
8295
8296		/* okay to release */
8297		lun->flags &= ~CTL_LUN_PR_RESERVED;
8298		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8299		lun->res_type = 0;
8300
8301		/*
8302		 * if this isn't an exclusive access
8303		 * res generate UA for all other
8304		 * registrants.
8305		 */
8306		if (type != SPR_TYPE_EX_AC
8307		 && type != SPR_TYPE_WR_EX) {
8308			for (i = softc->init_min; i < softc->init_max; i++) {
8309				if (i == residx || ctl_get_prkey(lun, i) == 0)
8310					continue;
8311				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8312			}
8313		}
8314		mtx_unlock(&lun->lun_lock);
8315
8316		/* Send msg to other side */
8317		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8318		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8319		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8320		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8321		     sizeof(persis_io.pr), M_WAITOK);
8322		break;
8323
8324	case SPRO_CLEAR:
8325		/* send msg to other side */
8326
8327		mtx_lock(&lun->lun_lock);
8328		lun->flags &= ~CTL_LUN_PR_RESERVED;
8329		lun->res_type = 0;
8330		lun->pr_key_count = 0;
8331		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8332
8333		ctl_clr_prkey(lun, residx);
8334		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8335			if (ctl_get_prkey(lun, i) != 0) {
8336				ctl_clr_prkey(lun, i);
8337				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8338			}
8339		lun->PRGeneration++;
8340		mtx_unlock(&lun->lun_lock);
8341
8342		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8343		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8344		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8345		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8346		     sizeof(persis_io.pr), M_WAITOK);
8347		break;
8348
8349	case SPRO_PREEMPT:
8350	case SPRO_PRE_ABO: {
8351		int nretval;
8352
8353		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8354					  residx, ctsio, cdb, param);
8355		if (nretval != 0)
8356			return (CTL_RETVAL_COMPLETE);
8357		break;
8358	}
8359	default:
8360		panic("Invalid PR type %x", cdb->action);
8361	}
8362
8363done:
8364	free(ctsio->kern_data_ptr, M_CTL);
8365	ctl_set_success(ctsio);
8366	ctl_done((union ctl_io *)ctsio);
8367
8368	return (retval);
8369}
8370
8371/*
8372 * This routine is for handling a message from the other SC pertaining to
8373 * persistent reserve out. All the error checking will have been done
8374 * so only perorming the action need be done here to keep the two
8375 * in sync.
8376 */
8377static void
8378ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8379{
8380	struct ctl_lun *lun;
8381	struct ctl_softc *softc;
8382	int i;
8383	uint32_t targ_lun;
8384
8385	softc = control_softc;
8386
8387	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8388	lun = softc->ctl_luns[targ_lun];
8389	mtx_lock(&lun->lun_lock);
8390	switch(msg->pr.pr_info.action) {
8391	case CTL_PR_REG_KEY:
8392		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8393		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8394			lun->pr_key_count++;
8395		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8396		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8397		lun->PRGeneration++;
8398		break;
8399
8400	case CTL_PR_UNREG_KEY:
8401		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8402		lun->pr_key_count--;
8403
8404		/* XXX Need to see if the reservation has been released */
8405		/* if so do we need to generate UA? */
8406		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8407			lun->flags &= ~CTL_LUN_PR_RESERVED;
8408			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8409
8410			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8411			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8412			 && lun->pr_key_count) {
8413				/*
8414				 * If the reservation is a registrants
8415				 * only type we need to generate a UA
8416				 * for other registered inits.  The
8417				 * sense code should be RESERVATIONS
8418				 * RELEASED
8419				 */
8420
8421				for (i = softc->init_min; i < softc->init_max; i++) {
8422					if (ctl_get_prkey(lun, i) == 0)
8423						continue;
8424
8425					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8426				}
8427			}
8428			lun->res_type = 0;
8429		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8430			if (lun->pr_key_count==0) {
8431				lun->flags &= ~CTL_LUN_PR_RESERVED;
8432				lun->res_type = 0;
8433				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8434			}
8435		}
8436		lun->PRGeneration++;
8437		break;
8438
8439	case CTL_PR_RESERVE:
8440		lun->flags |= CTL_LUN_PR_RESERVED;
8441		lun->res_type = msg->pr.pr_info.res_type;
8442		lun->pr_res_idx = msg->pr.pr_info.residx;
8443
8444		break;
8445
8446	case CTL_PR_RELEASE:
8447		/*
8448		 * if this isn't an exclusive access res generate UA for all
8449		 * other registrants.
8450		 */
8451		if (lun->res_type != SPR_TYPE_EX_AC
8452		 && lun->res_type != SPR_TYPE_WR_EX) {
8453			for (i = softc->init_min; i < softc->init_max; i++)
8454				if (ctl_get_prkey(lun, i) != 0)
8455					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8456		}
8457
8458		lun->flags &= ~CTL_LUN_PR_RESERVED;
8459		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8460		lun->res_type = 0;
8461		break;
8462
8463	case CTL_PR_PREEMPT:
8464		ctl_pro_preempt_other(lun, msg);
8465		break;
8466	case CTL_PR_CLEAR:
8467		lun->flags &= ~CTL_LUN_PR_RESERVED;
8468		lun->res_type = 0;
8469		lun->pr_key_count = 0;
8470		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8471
8472		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8473			if (ctl_get_prkey(lun, i) == 0)
8474				continue;
8475			ctl_clr_prkey(lun, i);
8476			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8477		}
8478		lun->PRGeneration++;
8479		break;
8480	}
8481
8482	mtx_unlock(&lun->lun_lock);
8483}
8484
8485int
8486ctl_read_write(struct ctl_scsiio *ctsio)
8487{
8488	struct ctl_lun *lun;
8489	struct ctl_lba_len_flags *lbalen;
8490	uint64_t lba;
8491	uint32_t num_blocks;
8492	int flags, retval;
8493	int isread;
8494
8495	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8496
8497	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8498
8499	flags = 0;
8500	retval = CTL_RETVAL_COMPLETE;
8501
8502	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8503	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8504	switch (ctsio->cdb[0]) {
8505	case READ_6:
8506	case WRITE_6: {
8507		struct scsi_rw_6 *cdb;
8508
8509		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8510
8511		lba = scsi_3btoul(cdb->addr);
8512		/* only 5 bits are valid in the most significant address byte */
8513		lba &= 0x1fffff;
8514		num_blocks = cdb->length;
8515		/*
8516		 * This is correct according to SBC-2.
8517		 */
8518		if (num_blocks == 0)
8519			num_blocks = 256;
8520		break;
8521	}
8522	case READ_10:
8523	case WRITE_10: {
8524		struct scsi_rw_10 *cdb;
8525
8526		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8527		if (cdb->byte2 & SRW10_FUA)
8528			flags |= CTL_LLF_FUA;
8529		if (cdb->byte2 & SRW10_DPO)
8530			flags |= CTL_LLF_DPO;
8531		lba = scsi_4btoul(cdb->addr);
8532		num_blocks = scsi_2btoul(cdb->length);
8533		break;
8534	}
8535	case WRITE_VERIFY_10: {
8536		struct scsi_write_verify_10 *cdb;
8537
8538		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8539		flags |= CTL_LLF_FUA;
8540		if (cdb->byte2 & SWV_DPO)
8541			flags |= CTL_LLF_DPO;
8542		lba = scsi_4btoul(cdb->addr);
8543		num_blocks = scsi_2btoul(cdb->length);
8544		break;
8545	}
8546	case READ_12:
8547	case WRITE_12: {
8548		struct scsi_rw_12 *cdb;
8549
8550		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8551		if (cdb->byte2 & SRW12_FUA)
8552			flags |= CTL_LLF_FUA;
8553		if (cdb->byte2 & SRW12_DPO)
8554			flags |= CTL_LLF_DPO;
8555		lba = scsi_4btoul(cdb->addr);
8556		num_blocks = scsi_4btoul(cdb->length);
8557		break;
8558	}
8559	case WRITE_VERIFY_12: {
8560		struct scsi_write_verify_12 *cdb;
8561
8562		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8563		flags |= CTL_LLF_FUA;
8564		if (cdb->byte2 & SWV_DPO)
8565			flags |= CTL_LLF_DPO;
8566		lba = scsi_4btoul(cdb->addr);
8567		num_blocks = scsi_4btoul(cdb->length);
8568		break;
8569	}
8570	case READ_16:
8571	case WRITE_16: {
8572		struct scsi_rw_16 *cdb;
8573
8574		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8575		if (cdb->byte2 & SRW12_FUA)
8576			flags |= CTL_LLF_FUA;
8577		if (cdb->byte2 & SRW12_DPO)
8578			flags |= CTL_LLF_DPO;
8579		lba = scsi_8btou64(cdb->addr);
8580		num_blocks = scsi_4btoul(cdb->length);
8581		break;
8582	}
8583	case WRITE_ATOMIC_16: {
8584		struct scsi_rw_16 *cdb;
8585
8586		if (lun->be_lun->atomicblock == 0) {
8587			ctl_set_invalid_opcode(ctsio);
8588			ctl_done((union ctl_io *)ctsio);
8589			return (CTL_RETVAL_COMPLETE);
8590		}
8591
8592		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8593		if (cdb->byte2 & SRW12_FUA)
8594			flags |= CTL_LLF_FUA;
8595		if (cdb->byte2 & SRW12_DPO)
8596			flags |= CTL_LLF_DPO;
8597		lba = scsi_8btou64(cdb->addr);
8598		num_blocks = scsi_4btoul(cdb->length);
8599		if (num_blocks > lun->be_lun->atomicblock) {
8600			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8601			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8602			    /*bit*/ 0);
8603			ctl_done((union ctl_io *)ctsio);
8604			return (CTL_RETVAL_COMPLETE);
8605		}
8606		break;
8607	}
8608	case WRITE_VERIFY_16: {
8609		struct scsi_write_verify_16 *cdb;
8610
8611		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8612		flags |= CTL_LLF_FUA;
8613		if (cdb->byte2 & SWV_DPO)
8614			flags |= CTL_LLF_DPO;
8615		lba = scsi_8btou64(cdb->addr);
8616		num_blocks = scsi_4btoul(cdb->length);
8617		break;
8618	}
8619	default:
8620		/*
8621		 * We got a command we don't support.  This shouldn't
8622		 * happen, commands should be filtered out above us.
8623		 */
8624		ctl_set_invalid_opcode(ctsio);
8625		ctl_done((union ctl_io *)ctsio);
8626
8627		return (CTL_RETVAL_COMPLETE);
8628		break; /* NOTREACHED */
8629	}
8630
8631	/*
8632	 * The first check is to make sure we're in bounds, the second
8633	 * check is to catch wrap-around problems.  If the lba + num blocks
8634	 * is less than the lba, then we've wrapped around and the block
8635	 * range is invalid anyway.
8636	 */
8637	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8638	 || ((lba + num_blocks) < lba)) {
8639		ctl_set_lba_out_of_range(ctsio);
8640		ctl_done((union ctl_io *)ctsio);
8641		return (CTL_RETVAL_COMPLETE);
8642	}
8643
8644	/*
8645	 * According to SBC-3, a transfer length of 0 is not an error.
8646	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8647	 * translates to 256 blocks for those commands.
8648	 */
8649	if (num_blocks == 0) {
8650		ctl_set_success(ctsio);
8651		ctl_done((union ctl_io *)ctsio);
8652		return (CTL_RETVAL_COMPLETE);
8653	}
8654
8655	/* Set FUA and/or DPO if caches are disabled. */
8656	if (isread) {
8657		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8658		    SCP_RCD) != 0)
8659			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8660	} else {
8661		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8662		    SCP_WCE) == 0)
8663			flags |= CTL_LLF_FUA;
8664	}
8665
8666	lbalen = (struct ctl_lba_len_flags *)
8667	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8668	lbalen->lba = lba;
8669	lbalen->len = num_blocks;
8670	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8671
8672	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8673	ctsio->kern_rel_offset = 0;
8674
8675	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8676
8677	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8678
8679	return (retval);
8680}
8681
8682static int
8683ctl_cnw_cont(union ctl_io *io)
8684{
8685	struct ctl_scsiio *ctsio;
8686	struct ctl_lun *lun;
8687	struct ctl_lba_len_flags *lbalen;
8688	int retval;
8689
8690	ctsio = &io->scsiio;
8691	ctsio->io_hdr.status = CTL_STATUS_NONE;
8692	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8693	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8694	lbalen = (struct ctl_lba_len_flags *)
8695	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8696	lbalen->flags &= ~CTL_LLF_COMPARE;
8697	lbalen->flags |= CTL_LLF_WRITE;
8698
8699	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8700	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8701	return (retval);
8702}
8703
8704int
8705ctl_cnw(struct ctl_scsiio *ctsio)
8706{
8707	struct ctl_lun *lun;
8708	struct ctl_lba_len_flags *lbalen;
8709	uint64_t lba;
8710	uint32_t num_blocks;
8711	int flags, retval;
8712
8713	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8714
8715	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8716
8717	flags = 0;
8718	retval = CTL_RETVAL_COMPLETE;
8719
8720	switch (ctsio->cdb[0]) {
8721	case COMPARE_AND_WRITE: {
8722		struct scsi_compare_and_write *cdb;
8723
8724		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8725		if (cdb->byte2 & SRW10_FUA)
8726			flags |= CTL_LLF_FUA;
8727		if (cdb->byte2 & SRW10_DPO)
8728			flags |= CTL_LLF_DPO;
8729		lba = scsi_8btou64(cdb->addr);
8730		num_blocks = cdb->length;
8731		break;
8732	}
8733	default:
8734		/*
8735		 * We got a command we don't support.  This shouldn't
8736		 * happen, commands should be filtered out above us.
8737		 */
8738		ctl_set_invalid_opcode(ctsio);
8739		ctl_done((union ctl_io *)ctsio);
8740
8741		return (CTL_RETVAL_COMPLETE);
8742		break; /* NOTREACHED */
8743	}
8744
8745	/*
8746	 * The first check is to make sure we're in bounds, the second
8747	 * check is to catch wrap-around problems.  If the lba + num blocks
8748	 * is less than the lba, then we've wrapped around and the block
8749	 * range is invalid anyway.
8750	 */
8751	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8752	 || ((lba + num_blocks) < lba)) {
8753		ctl_set_lba_out_of_range(ctsio);
8754		ctl_done((union ctl_io *)ctsio);
8755		return (CTL_RETVAL_COMPLETE);
8756	}
8757
8758	/*
8759	 * According to SBC-3, a transfer length of 0 is not an error.
8760	 */
8761	if (num_blocks == 0) {
8762		ctl_set_success(ctsio);
8763		ctl_done((union ctl_io *)ctsio);
8764		return (CTL_RETVAL_COMPLETE);
8765	}
8766
8767	/* Set FUA if write cache is disabled. */
8768	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8769	    SCP_WCE) == 0)
8770		flags |= CTL_LLF_FUA;
8771
8772	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8773	ctsio->kern_rel_offset = 0;
8774
8775	/*
8776	 * Set the IO_CONT flag, so that if this I/O gets passed to
8777	 * ctl_data_submit_done(), it'll get passed back to
8778	 * ctl_ctl_cnw_cont() for further processing.
8779	 */
8780	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8781	ctsio->io_cont = ctl_cnw_cont;
8782
8783	lbalen = (struct ctl_lba_len_flags *)
8784	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8785	lbalen->lba = lba;
8786	lbalen->len = num_blocks;
8787	lbalen->flags = CTL_LLF_COMPARE | flags;
8788
8789	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8790	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8791	return (retval);
8792}
8793
8794int
8795ctl_verify(struct ctl_scsiio *ctsio)
8796{
8797	struct ctl_lun *lun;
8798	struct ctl_lba_len_flags *lbalen;
8799	uint64_t lba;
8800	uint32_t num_blocks;
8801	int bytchk, flags;
8802	int retval;
8803
8804	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8805
8806	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8807
8808	bytchk = 0;
8809	flags = CTL_LLF_FUA;
8810	retval = CTL_RETVAL_COMPLETE;
8811
8812	switch (ctsio->cdb[0]) {
8813	case VERIFY_10: {
8814		struct scsi_verify_10 *cdb;
8815
8816		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8817		if (cdb->byte2 & SVFY_BYTCHK)
8818			bytchk = 1;
8819		if (cdb->byte2 & SVFY_DPO)
8820			flags |= CTL_LLF_DPO;
8821		lba = scsi_4btoul(cdb->addr);
8822		num_blocks = scsi_2btoul(cdb->length);
8823		break;
8824	}
8825	case VERIFY_12: {
8826		struct scsi_verify_12 *cdb;
8827
8828		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8829		if (cdb->byte2 & SVFY_BYTCHK)
8830			bytchk = 1;
8831		if (cdb->byte2 & SVFY_DPO)
8832			flags |= CTL_LLF_DPO;
8833		lba = scsi_4btoul(cdb->addr);
8834		num_blocks = scsi_4btoul(cdb->length);
8835		break;
8836	}
8837	case VERIFY_16: {
8838		struct scsi_rw_16 *cdb;
8839
8840		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8841		if (cdb->byte2 & SVFY_BYTCHK)
8842			bytchk = 1;
8843		if (cdb->byte2 & SVFY_DPO)
8844			flags |= CTL_LLF_DPO;
8845		lba = scsi_8btou64(cdb->addr);
8846		num_blocks = scsi_4btoul(cdb->length);
8847		break;
8848	}
8849	default:
8850		/*
8851		 * We got a command we don't support.  This shouldn't
8852		 * happen, commands should be filtered out above us.
8853		 */
8854		ctl_set_invalid_opcode(ctsio);
8855		ctl_done((union ctl_io *)ctsio);
8856		return (CTL_RETVAL_COMPLETE);
8857	}
8858
8859	/*
8860	 * The first check is to make sure we're in bounds, the second
8861	 * check is to catch wrap-around problems.  If the lba + num blocks
8862	 * is less than the lba, then we've wrapped around and the block
8863	 * range is invalid anyway.
8864	 */
8865	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8866	 || ((lba + num_blocks) < lba)) {
8867		ctl_set_lba_out_of_range(ctsio);
8868		ctl_done((union ctl_io *)ctsio);
8869		return (CTL_RETVAL_COMPLETE);
8870	}
8871
8872	/*
8873	 * According to SBC-3, a transfer length of 0 is not an error.
8874	 */
8875	if (num_blocks == 0) {
8876		ctl_set_success(ctsio);
8877		ctl_done((union ctl_io *)ctsio);
8878		return (CTL_RETVAL_COMPLETE);
8879	}
8880
8881	lbalen = (struct ctl_lba_len_flags *)
8882	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8883	lbalen->lba = lba;
8884	lbalen->len = num_blocks;
8885	if (bytchk) {
8886		lbalen->flags = CTL_LLF_COMPARE | flags;
8887		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8888	} else {
8889		lbalen->flags = CTL_LLF_VERIFY | flags;
8890		ctsio->kern_total_len = 0;
8891	}
8892	ctsio->kern_rel_offset = 0;
8893
8894	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8895	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8896	return (retval);
8897}
8898
8899int
8900ctl_report_luns(struct ctl_scsiio *ctsio)
8901{
8902	struct ctl_softc *softc = control_softc;
8903	struct scsi_report_luns *cdb;
8904	struct scsi_report_luns_data *lun_data;
8905	struct ctl_lun *lun, *request_lun;
8906	struct ctl_port *port;
8907	int num_luns, retval;
8908	uint32_t alloc_len, lun_datalen;
8909	int num_filled, well_known;
8910	uint32_t initidx, targ_lun_id, lun_id;
8911
8912	retval = CTL_RETVAL_COMPLETE;
8913	well_known = 0;
8914
8915	cdb = (struct scsi_report_luns *)ctsio->cdb;
8916	port = ctl_io_port(&ctsio->io_hdr);
8917
8918	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8919
8920	mtx_lock(&softc->ctl_lock);
8921	num_luns = 0;
8922	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8923		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8924			num_luns++;
8925	}
8926	mtx_unlock(&softc->ctl_lock);
8927
8928	switch (cdb->select_report) {
8929	case RPL_REPORT_DEFAULT:
8930	case RPL_REPORT_ALL:
8931		break;
8932	case RPL_REPORT_WELLKNOWN:
8933		well_known = 1;
8934		num_luns = 0;
8935		break;
8936	default:
8937		ctl_set_invalid_field(ctsio,
8938				      /*sks_valid*/ 1,
8939				      /*command*/ 1,
8940				      /*field*/ 2,
8941				      /*bit_valid*/ 0,
8942				      /*bit*/ 0);
8943		ctl_done((union ctl_io *)ctsio);
8944		return (retval);
8945		break; /* NOTREACHED */
8946	}
8947
8948	alloc_len = scsi_4btoul(cdb->length);
8949	/*
8950	 * The initiator has to allocate at least 16 bytes for this request,
8951	 * so he can at least get the header and the first LUN.  Otherwise
8952	 * we reject the request (per SPC-3 rev 14, section 6.21).
8953	 */
8954	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
8955	    sizeof(struct scsi_report_luns_lundata))) {
8956		ctl_set_invalid_field(ctsio,
8957				      /*sks_valid*/ 1,
8958				      /*command*/ 1,
8959				      /*field*/ 6,
8960				      /*bit_valid*/ 0,
8961				      /*bit*/ 0);
8962		ctl_done((union ctl_io *)ctsio);
8963		return (retval);
8964	}
8965
8966	request_lun = (struct ctl_lun *)
8967		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8968
8969	lun_datalen = sizeof(*lun_data) +
8970		(num_luns * sizeof(struct scsi_report_luns_lundata));
8971
8972	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
8973	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
8974	ctsio->kern_sg_entries = 0;
8975
8976	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8977
8978	mtx_lock(&softc->ctl_lock);
8979	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
8980		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
8981		if (lun_id >= CTL_MAX_LUNS)
8982			continue;
8983		lun = softc->ctl_luns[lun_id];
8984		if (lun == NULL)
8985			continue;
8986
8987		if (targ_lun_id <= 0xff) {
8988			/*
8989			 * Peripheral addressing method, bus number 0.
8990			 */
8991			lun_data->luns[num_filled].lundata[0] =
8992				RPL_LUNDATA_ATYP_PERIPH;
8993			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
8994			num_filled++;
8995		} else if (targ_lun_id <= 0x3fff) {
8996			/*
8997			 * Flat addressing method.
8998			 */
8999			lun_data->luns[num_filled].lundata[0] =
9000				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9001			lun_data->luns[num_filled].lundata[1] =
9002				(targ_lun_id & 0xff);
9003			num_filled++;
9004		} else if (targ_lun_id <= 0xffffff) {
9005			/*
9006			 * Extended flat addressing method.
9007			 */
9008			lun_data->luns[num_filled].lundata[0] =
9009			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9010			scsi_ulto3b(targ_lun_id,
9011			    &lun_data->luns[num_filled].lundata[1]);
9012			num_filled++;
9013		} else {
9014			printf("ctl_report_luns: bogus LUN number %jd, "
9015			       "skipping\n", (intmax_t)targ_lun_id);
9016		}
9017		/*
9018		 * According to SPC-3, rev 14 section 6.21:
9019		 *
9020		 * "The execution of a REPORT LUNS command to any valid and
9021		 * installed logical unit shall clear the REPORTED LUNS DATA
9022		 * HAS CHANGED unit attention condition for all logical
9023		 * units of that target with respect to the requesting
9024		 * initiator. A valid and installed logical unit is one
9025		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9026		 * INQUIRY data (see 6.4.2)."
9027		 *
9028		 * If request_lun is NULL, the LUN this report luns command
9029		 * was issued to is either disabled or doesn't exist. In that
9030		 * case, we shouldn't clear any pending lun change unit
9031		 * attention.
9032		 */
9033		if (request_lun != NULL) {
9034			mtx_lock(&lun->lun_lock);
9035			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9036			mtx_unlock(&lun->lun_lock);
9037		}
9038	}
9039	mtx_unlock(&softc->ctl_lock);
9040
9041	/*
9042	 * It's quite possible that we've returned fewer LUNs than we allocated
9043	 * space for.  Trim it.
9044	 */
9045	lun_datalen = sizeof(*lun_data) +
9046		(num_filled * sizeof(struct scsi_report_luns_lundata));
9047
9048	if (lun_datalen < alloc_len) {
9049		ctsio->residual = alloc_len - lun_datalen;
9050		ctsio->kern_data_len = lun_datalen;
9051		ctsio->kern_total_len = lun_datalen;
9052	} else {
9053		ctsio->residual = 0;
9054		ctsio->kern_data_len = alloc_len;
9055		ctsio->kern_total_len = alloc_len;
9056	}
9057	ctsio->kern_data_resid = 0;
9058	ctsio->kern_rel_offset = 0;
9059	ctsio->kern_sg_entries = 0;
9060
9061	/*
9062	 * We set this to the actual data length, regardless of how much
9063	 * space we actually have to return results.  If the user looks at
9064	 * this value, he'll know whether or not he allocated enough space
9065	 * and reissue the command if necessary.  We don't support well
9066	 * known logical units, so if the user asks for that, return none.
9067	 */
9068	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9069
9070	/*
9071	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9072	 * this request.
9073	 */
9074	ctl_set_success(ctsio);
9075	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9076	ctsio->be_move_done = ctl_config_move_done;
9077	ctl_datamove((union ctl_io *)ctsio);
9078	return (retval);
9079}
9080
9081int
9082ctl_request_sense(struct ctl_scsiio *ctsio)
9083{
9084	struct scsi_request_sense *cdb;
9085	struct scsi_sense_data *sense_ptr;
9086	struct ctl_softc *ctl_softc;
9087	struct ctl_lun *lun;
9088	uint32_t initidx;
9089	int have_error;
9090	scsi_sense_data_type sense_format;
9091	ctl_ua_type ua_type;
9092
9093	cdb = (struct scsi_request_sense *)ctsio->cdb;
9094
9095	ctl_softc = control_softc;
9096	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9097
9098	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9099
9100	/*
9101	 * Determine which sense format the user wants.
9102	 */
9103	if (cdb->byte2 & SRS_DESC)
9104		sense_format = SSD_TYPE_DESC;
9105	else
9106		sense_format = SSD_TYPE_FIXED;
9107
9108	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9109	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9110	ctsio->kern_sg_entries = 0;
9111
9112	/*
9113	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9114	 * larger than the largest allowed value for the length field in the
9115	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9116	 */
9117	ctsio->residual = 0;
9118	ctsio->kern_data_len = cdb->length;
9119	ctsio->kern_total_len = cdb->length;
9120
9121	ctsio->kern_data_resid = 0;
9122	ctsio->kern_rel_offset = 0;
9123	ctsio->kern_sg_entries = 0;
9124
9125	/*
9126	 * If we don't have a LUN, we don't have any pending sense.
9127	 */
9128	if (lun == NULL)
9129		goto no_sense;
9130
9131	have_error = 0;
9132	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9133	/*
9134	 * Check for pending sense, and then for pending unit attentions.
9135	 * Pending sense gets returned first, then pending unit attentions.
9136	 */
9137	mtx_lock(&lun->lun_lock);
9138#ifdef CTL_WITH_CA
9139	if (ctl_is_set(lun->have_ca, initidx)) {
9140		scsi_sense_data_type stored_format;
9141
9142		/*
9143		 * Check to see which sense format was used for the stored
9144		 * sense data.
9145		 */
9146		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9147
9148		/*
9149		 * If the user requested a different sense format than the
9150		 * one we stored, then we need to convert it to the other
9151		 * format.  If we're going from descriptor to fixed format
9152		 * sense data, we may lose things in translation, depending
9153		 * on what options were used.
9154		 *
9155		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9156		 * for some reason we'll just copy it out as-is.
9157		 */
9158		if ((stored_format == SSD_TYPE_FIXED)
9159		 && (sense_format == SSD_TYPE_DESC))
9160			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9161			    &lun->pending_sense[initidx],
9162			    (struct scsi_sense_data_desc *)sense_ptr);
9163		else if ((stored_format == SSD_TYPE_DESC)
9164		      && (sense_format == SSD_TYPE_FIXED))
9165			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9166			    &lun->pending_sense[initidx],
9167			    (struct scsi_sense_data_fixed *)sense_ptr);
9168		else
9169			memcpy(sense_ptr, &lun->pending_sense[initidx],
9170			       MIN(sizeof(*sense_ptr),
9171			       sizeof(lun->pending_sense[initidx])));
9172
9173		ctl_clear_mask(lun->have_ca, initidx);
9174		have_error = 1;
9175	} else
9176#endif
9177	{
9178		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9179		if (ua_type != CTL_UA_NONE)
9180			have_error = 1;
9181		if (ua_type == CTL_UA_LUN_CHANGE) {
9182			mtx_unlock(&lun->lun_lock);
9183			mtx_lock(&ctl_softc->ctl_lock);
9184			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9185			mtx_unlock(&ctl_softc->ctl_lock);
9186			mtx_lock(&lun->lun_lock);
9187		}
9188
9189	}
9190	mtx_unlock(&lun->lun_lock);
9191
9192	/*
9193	 * We already have a pending error, return it.
9194	 */
9195	if (have_error != 0) {
9196		/*
9197		 * We report the SCSI status as OK, since the status of the
9198		 * request sense command itself is OK.
9199		 * We report 0 for the sense length, because we aren't doing
9200		 * autosense in this case.  We're reporting sense as
9201		 * parameter data.
9202		 */
9203		ctl_set_success(ctsio);
9204		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9205		ctsio->be_move_done = ctl_config_move_done;
9206		ctl_datamove((union ctl_io *)ctsio);
9207		return (CTL_RETVAL_COMPLETE);
9208	}
9209
9210no_sense:
9211
9212	/*
9213	 * No sense information to report, so we report that everything is
9214	 * okay.
9215	 */
9216	ctl_set_sense_data(sense_ptr,
9217			   lun,
9218			   sense_format,
9219			   /*current_error*/ 1,
9220			   /*sense_key*/ SSD_KEY_NO_SENSE,
9221			   /*asc*/ 0x00,
9222			   /*ascq*/ 0x00,
9223			   SSD_ELEM_NONE);
9224
9225	/*
9226	 * We report 0 for the sense length, because we aren't doing
9227	 * autosense in this case.  We're reporting sense as parameter data.
9228	 */
9229	ctl_set_success(ctsio);
9230	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9231	ctsio->be_move_done = ctl_config_move_done;
9232	ctl_datamove((union ctl_io *)ctsio);
9233	return (CTL_RETVAL_COMPLETE);
9234}
9235
9236int
9237ctl_tur(struct ctl_scsiio *ctsio)
9238{
9239
9240	CTL_DEBUG_PRINT(("ctl_tur\n"));
9241
9242	ctl_set_success(ctsio);
9243	ctl_done((union ctl_io *)ctsio);
9244
9245	return (CTL_RETVAL_COMPLETE);
9246}
9247
9248/*
9249 * SCSI VPD page 0x00, the Supported VPD Pages page.
9250 */
9251static int
9252ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9253{
9254	struct scsi_vpd_supported_pages *pages;
9255	int sup_page_size;
9256	struct ctl_lun *lun;
9257	int p;
9258
9259	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9260
9261	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9262	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9263	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9264	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9265	ctsio->kern_sg_entries = 0;
9266
9267	if (sup_page_size < alloc_len) {
9268		ctsio->residual = alloc_len - sup_page_size;
9269		ctsio->kern_data_len = sup_page_size;
9270		ctsio->kern_total_len = sup_page_size;
9271	} else {
9272		ctsio->residual = 0;
9273		ctsio->kern_data_len = alloc_len;
9274		ctsio->kern_total_len = alloc_len;
9275	}
9276	ctsio->kern_data_resid = 0;
9277	ctsio->kern_rel_offset = 0;
9278	ctsio->kern_sg_entries = 0;
9279
9280	/*
9281	 * The control device is always connected.  The disk device, on the
9282	 * other hand, may not be online all the time.  Need to change this
9283	 * to figure out whether the disk device is actually online or not.
9284	 */
9285	if (lun != NULL)
9286		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9287				lun->be_lun->lun_type;
9288	else
9289		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9290
9291	p = 0;
9292	/* Supported VPD pages */
9293	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9294	/* Serial Number */
9295	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9296	/* Device Identification */
9297	pages->page_list[p++] = SVPD_DEVICE_ID;
9298	/* Extended INQUIRY Data */
9299	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9300	/* Mode Page Policy */
9301	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9302	/* SCSI Ports */
9303	pages->page_list[p++] = SVPD_SCSI_PORTS;
9304	/* Third-party Copy */
9305	pages->page_list[p++] = SVPD_SCSI_TPC;
9306	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9307		/* Block limits */
9308		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9309		/* Block Device Characteristics */
9310		pages->page_list[p++] = SVPD_BDC;
9311		/* Logical Block Provisioning */
9312		pages->page_list[p++] = SVPD_LBP;
9313	}
9314	pages->length = p;
9315
9316	ctl_set_success(ctsio);
9317	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9318	ctsio->be_move_done = ctl_config_move_done;
9319	ctl_datamove((union ctl_io *)ctsio);
9320	return (CTL_RETVAL_COMPLETE);
9321}
9322
9323/*
9324 * SCSI VPD page 0x80, the Unit Serial Number page.
9325 */
9326static int
9327ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9328{
9329	struct scsi_vpd_unit_serial_number *sn_ptr;
9330	struct ctl_lun *lun;
9331	int data_len;
9332
9333	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9334
9335	data_len = 4 + CTL_SN_LEN;
9336	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9337	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9338	if (data_len < alloc_len) {
9339		ctsio->residual = alloc_len - data_len;
9340		ctsio->kern_data_len = data_len;
9341		ctsio->kern_total_len = data_len;
9342	} else {
9343		ctsio->residual = 0;
9344		ctsio->kern_data_len = alloc_len;
9345		ctsio->kern_total_len = alloc_len;
9346	}
9347	ctsio->kern_data_resid = 0;
9348	ctsio->kern_rel_offset = 0;
9349	ctsio->kern_sg_entries = 0;
9350
9351	/*
9352	 * The control device is always connected.  The disk device, on the
9353	 * other hand, may not be online all the time.  Need to change this
9354	 * to figure out whether the disk device is actually online or not.
9355	 */
9356	if (lun != NULL)
9357		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9358				  lun->be_lun->lun_type;
9359	else
9360		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9361
9362	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9363	sn_ptr->length = CTL_SN_LEN;
9364	/*
9365	 * If we don't have a LUN, we just leave the serial number as
9366	 * all spaces.
9367	 */
9368	if (lun != NULL) {
9369		strncpy((char *)sn_ptr->serial_num,
9370			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9371	} else
9372		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9373
9374	ctl_set_success(ctsio);
9375	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9376	ctsio->be_move_done = ctl_config_move_done;
9377	ctl_datamove((union ctl_io *)ctsio);
9378	return (CTL_RETVAL_COMPLETE);
9379}
9380
9381
9382/*
9383 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9384 */
9385static int
9386ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9387{
9388	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9389	struct ctl_lun *lun;
9390	int data_len;
9391
9392	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9393
9394	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9395	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9396	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9397	ctsio->kern_sg_entries = 0;
9398
9399	if (data_len < alloc_len) {
9400		ctsio->residual = alloc_len - data_len;
9401		ctsio->kern_data_len = data_len;
9402		ctsio->kern_total_len = data_len;
9403	} else {
9404		ctsio->residual = 0;
9405		ctsio->kern_data_len = alloc_len;
9406		ctsio->kern_total_len = alloc_len;
9407	}
9408	ctsio->kern_data_resid = 0;
9409	ctsio->kern_rel_offset = 0;
9410	ctsio->kern_sg_entries = 0;
9411
9412	/*
9413	 * The control device is always connected.  The disk device, on the
9414	 * other hand, may not be online all the time.
9415	 */
9416	if (lun != NULL)
9417		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9418				     lun->be_lun->lun_type;
9419	else
9420		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9421	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9422	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9423	/*
9424	 * We support head of queue, ordered and simple tags.
9425	 */
9426	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9427	/*
9428	 * Volatile cache supported.
9429	 */
9430	eid_ptr->flags3 = SVPD_EID_V_SUP;
9431
9432	/*
9433	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9434	 * attention for a particular IT nexus on all LUNs once we report
9435	 * it to that nexus once.  This bit is required as of SPC-4.
9436	 */
9437	eid_ptr->flags4 = SVPD_EID_LUICLT;
9438
9439	/*
9440	 * XXX KDM in order to correctly answer this, we would need
9441	 * information from the SIM to determine how much sense data it
9442	 * can send.  So this would really be a path inquiry field, most
9443	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9444	 * but the hardware may or may not be able to support that much.
9445	 * 0 just means that the maximum sense data length is not reported.
9446	 */
9447	eid_ptr->max_sense_length = 0;
9448
9449	ctl_set_success(ctsio);
9450	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9451	ctsio->be_move_done = ctl_config_move_done;
9452	ctl_datamove((union ctl_io *)ctsio);
9453	return (CTL_RETVAL_COMPLETE);
9454}
9455
9456static int
9457ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9458{
9459	struct scsi_vpd_mode_page_policy *mpp_ptr;
9460	struct ctl_lun *lun;
9461	int data_len;
9462
9463	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9464
9465	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9466	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9467
9468	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9469	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9470	ctsio->kern_sg_entries = 0;
9471
9472	if (data_len < alloc_len) {
9473		ctsio->residual = alloc_len - data_len;
9474		ctsio->kern_data_len = data_len;
9475		ctsio->kern_total_len = data_len;
9476	} else {
9477		ctsio->residual = 0;
9478		ctsio->kern_data_len = alloc_len;
9479		ctsio->kern_total_len = alloc_len;
9480	}
9481	ctsio->kern_data_resid = 0;
9482	ctsio->kern_rel_offset = 0;
9483	ctsio->kern_sg_entries = 0;
9484
9485	/*
9486	 * The control device is always connected.  The disk device, on the
9487	 * other hand, may not be online all the time.
9488	 */
9489	if (lun != NULL)
9490		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9491				     lun->be_lun->lun_type;
9492	else
9493		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9494	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9495	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9496	mpp_ptr->descr[0].page_code = 0x3f;
9497	mpp_ptr->descr[0].subpage_code = 0xff;
9498	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9499
9500	ctl_set_success(ctsio);
9501	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9502	ctsio->be_move_done = ctl_config_move_done;
9503	ctl_datamove((union ctl_io *)ctsio);
9504	return (CTL_RETVAL_COMPLETE);
9505}
9506
9507/*
9508 * SCSI VPD page 0x83, the Device Identification page.
9509 */
9510static int
9511ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9512{
9513	struct scsi_vpd_device_id *devid_ptr;
9514	struct scsi_vpd_id_descriptor *desc;
9515	struct ctl_softc *softc;
9516	struct ctl_lun *lun;
9517	struct ctl_port *port;
9518	int data_len;
9519	uint8_t proto;
9520
9521	softc = control_softc;
9522
9523	port = ctl_io_port(&ctsio->io_hdr);
9524	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9525
9526	data_len = sizeof(struct scsi_vpd_device_id) +
9527	    sizeof(struct scsi_vpd_id_descriptor) +
9528		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9529	    sizeof(struct scsi_vpd_id_descriptor) +
9530		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9531	if (lun && lun->lun_devid)
9532		data_len += lun->lun_devid->len;
9533	if (port && port->port_devid)
9534		data_len += port->port_devid->len;
9535	if (port && port->target_devid)
9536		data_len += port->target_devid->len;
9537
9538	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9539	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9540	ctsio->kern_sg_entries = 0;
9541
9542	if (data_len < alloc_len) {
9543		ctsio->residual = alloc_len - data_len;
9544		ctsio->kern_data_len = data_len;
9545		ctsio->kern_total_len = data_len;
9546	} else {
9547		ctsio->residual = 0;
9548		ctsio->kern_data_len = alloc_len;
9549		ctsio->kern_total_len = alloc_len;
9550	}
9551	ctsio->kern_data_resid = 0;
9552	ctsio->kern_rel_offset = 0;
9553	ctsio->kern_sg_entries = 0;
9554
9555	/*
9556	 * The control device is always connected.  The disk device, on the
9557	 * other hand, may not be online all the time.
9558	 */
9559	if (lun != NULL)
9560		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9561				     lun->be_lun->lun_type;
9562	else
9563		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9564	devid_ptr->page_code = SVPD_DEVICE_ID;
9565	scsi_ulto2b(data_len - 4, devid_ptr->length);
9566
9567	if (port && port->port_type == CTL_PORT_FC)
9568		proto = SCSI_PROTO_FC << 4;
9569	else if (port && port->port_type == CTL_PORT_ISCSI)
9570		proto = SCSI_PROTO_ISCSI << 4;
9571	else
9572		proto = SCSI_PROTO_SPI << 4;
9573	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9574
9575	/*
9576	 * We're using a LUN association here.  i.e., this device ID is a
9577	 * per-LUN identifier.
9578	 */
9579	if (lun && lun->lun_devid) {
9580		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9581		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9582		    lun->lun_devid->len);
9583	}
9584
9585	/*
9586	 * This is for the WWPN which is a port association.
9587	 */
9588	if (port && port->port_devid) {
9589		memcpy(desc, port->port_devid->data, port->port_devid->len);
9590		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9591		    port->port_devid->len);
9592	}
9593
9594	/*
9595	 * This is for the Relative Target Port(type 4h) identifier
9596	 */
9597	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9598	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9599	    SVPD_ID_TYPE_RELTARG;
9600	desc->length = 4;
9601	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9602	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9603	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9604
9605	/*
9606	 * This is for the Target Port Group(type 5h) identifier
9607	 */
9608	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9609	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9610	    SVPD_ID_TYPE_TPORTGRP;
9611	desc->length = 4;
9612	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9613	    &desc->identifier[2]);
9614	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9615	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9616
9617	/*
9618	 * This is for the Target identifier
9619	 */
9620	if (port && port->target_devid) {
9621		memcpy(desc, port->target_devid->data, port->target_devid->len);
9622	}
9623
9624	ctl_set_success(ctsio);
9625	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9626	ctsio->be_move_done = ctl_config_move_done;
9627	ctl_datamove((union ctl_io *)ctsio);
9628	return (CTL_RETVAL_COMPLETE);
9629}
9630
9631static int
9632ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9633{
9634	struct ctl_softc *softc = control_softc;
9635	struct scsi_vpd_scsi_ports *sp;
9636	struct scsi_vpd_port_designation *pd;
9637	struct scsi_vpd_port_designation_cont *pdc;
9638	struct ctl_lun *lun;
9639	struct ctl_port *port;
9640	int data_len, num_target_ports, iid_len, id_len;
9641
9642	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9643
9644	num_target_ports = 0;
9645	iid_len = 0;
9646	id_len = 0;
9647	mtx_lock(&softc->ctl_lock);
9648	STAILQ_FOREACH(port, &softc->port_list, links) {
9649		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9650			continue;
9651		if (lun != NULL &&
9652		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9653			continue;
9654		num_target_ports++;
9655		if (port->init_devid)
9656			iid_len += port->init_devid->len;
9657		if (port->port_devid)
9658			id_len += port->port_devid->len;
9659	}
9660	mtx_unlock(&softc->ctl_lock);
9661
9662	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9663	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9664	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9665	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9666	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9667	ctsio->kern_sg_entries = 0;
9668
9669	if (data_len < alloc_len) {
9670		ctsio->residual = alloc_len - data_len;
9671		ctsio->kern_data_len = data_len;
9672		ctsio->kern_total_len = data_len;
9673	} else {
9674		ctsio->residual = 0;
9675		ctsio->kern_data_len = alloc_len;
9676		ctsio->kern_total_len = alloc_len;
9677	}
9678	ctsio->kern_data_resid = 0;
9679	ctsio->kern_rel_offset = 0;
9680	ctsio->kern_sg_entries = 0;
9681
9682	/*
9683	 * The control device is always connected.  The disk device, on the
9684	 * other hand, may not be online all the time.  Need to change this
9685	 * to figure out whether the disk device is actually online or not.
9686	 */
9687	if (lun != NULL)
9688		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9689				  lun->be_lun->lun_type;
9690	else
9691		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9692
9693	sp->page_code = SVPD_SCSI_PORTS;
9694	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9695	    sp->page_length);
9696	pd = &sp->design[0];
9697
9698	mtx_lock(&softc->ctl_lock);
9699	STAILQ_FOREACH(port, &softc->port_list, links) {
9700		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9701			continue;
9702		if (lun != NULL &&
9703		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9704			continue;
9705		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9706		if (port->init_devid) {
9707			iid_len = port->init_devid->len;
9708			memcpy(pd->initiator_transportid,
9709			    port->init_devid->data, port->init_devid->len);
9710		} else
9711			iid_len = 0;
9712		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9713		pdc = (struct scsi_vpd_port_designation_cont *)
9714		    (&pd->initiator_transportid[iid_len]);
9715		if (port->port_devid) {
9716			id_len = port->port_devid->len;
9717			memcpy(pdc->target_port_descriptors,
9718			    port->port_devid->data, port->port_devid->len);
9719		} else
9720			id_len = 0;
9721		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9722		pd = (struct scsi_vpd_port_designation *)
9723		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9724	}
9725	mtx_unlock(&softc->ctl_lock);
9726
9727	ctl_set_success(ctsio);
9728	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9729	ctsio->be_move_done = ctl_config_move_done;
9730	ctl_datamove((union ctl_io *)ctsio);
9731	return (CTL_RETVAL_COMPLETE);
9732}
9733
9734static int
9735ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9736{
9737	struct scsi_vpd_block_limits *bl_ptr;
9738	struct ctl_lun *lun;
9739	int bs;
9740
9741	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9742
9743	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9744	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9745	ctsio->kern_sg_entries = 0;
9746
9747	if (sizeof(*bl_ptr) < alloc_len) {
9748		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9749		ctsio->kern_data_len = sizeof(*bl_ptr);
9750		ctsio->kern_total_len = sizeof(*bl_ptr);
9751	} else {
9752		ctsio->residual = 0;
9753		ctsio->kern_data_len = alloc_len;
9754		ctsio->kern_total_len = alloc_len;
9755	}
9756	ctsio->kern_data_resid = 0;
9757	ctsio->kern_rel_offset = 0;
9758	ctsio->kern_sg_entries = 0;
9759
9760	/*
9761	 * The control device is always connected.  The disk device, on the
9762	 * other hand, may not be online all the time.  Need to change this
9763	 * to figure out whether the disk device is actually online or not.
9764	 */
9765	if (lun != NULL)
9766		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9767				  lun->be_lun->lun_type;
9768	else
9769		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9770
9771	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9772	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9773	bl_ptr->max_cmp_write_len = 0xff;
9774	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9775	if (lun != NULL) {
9776		bs = lun->be_lun->blocksize;
9777		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9778		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9779			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9780			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9781			if (lun->be_lun->ublockexp != 0) {
9782				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9783				    bl_ptr->opt_unmap_grain);
9784				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9785				    bl_ptr->unmap_grain_align);
9786			}
9787		}
9788		scsi_ulto4b(lun->be_lun->atomicblock,
9789		    bl_ptr->max_atomic_transfer_length);
9790		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9791		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9792	}
9793	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9794
9795	ctl_set_success(ctsio);
9796	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9797	ctsio->be_move_done = ctl_config_move_done;
9798	ctl_datamove((union ctl_io *)ctsio);
9799	return (CTL_RETVAL_COMPLETE);
9800}
9801
9802static int
9803ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9804{
9805	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9806	struct ctl_lun *lun;
9807	const char *value;
9808	u_int i;
9809
9810	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9811
9812	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9813	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9814	ctsio->kern_sg_entries = 0;
9815
9816	if (sizeof(*bdc_ptr) < alloc_len) {
9817		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9818		ctsio->kern_data_len = sizeof(*bdc_ptr);
9819		ctsio->kern_total_len = sizeof(*bdc_ptr);
9820	} else {
9821		ctsio->residual = 0;
9822		ctsio->kern_data_len = alloc_len;
9823		ctsio->kern_total_len = alloc_len;
9824	}
9825	ctsio->kern_data_resid = 0;
9826	ctsio->kern_rel_offset = 0;
9827	ctsio->kern_sg_entries = 0;
9828
9829	/*
9830	 * The control device is always connected.  The disk device, on the
9831	 * other hand, may not be online all the time.  Need to change this
9832	 * to figure out whether the disk device is actually online or not.
9833	 */
9834	if (lun != NULL)
9835		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9836				  lun->be_lun->lun_type;
9837	else
9838		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9839	bdc_ptr->page_code = SVPD_BDC;
9840	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9841	if (lun != NULL &&
9842	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9843		i = strtol(value, NULL, 0);
9844	else
9845		i = CTL_DEFAULT_ROTATION_RATE;
9846	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9847	if (lun != NULL &&
9848	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9849		i = strtol(value, NULL, 0);
9850	else
9851		i = 0;
9852	bdc_ptr->wab_wac_ff = (i & 0x0f);
9853	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9854
9855	ctl_set_success(ctsio);
9856	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9857	ctsio->be_move_done = ctl_config_move_done;
9858	ctl_datamove((union ctl_io *)ctsio);
9859	return (CTL_RETVAL_COMPLETE);
9860}
9861
9862static int
9863ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9864{
9865	struct scsi_vpd_logical_block_prov *lbp_ptr;
9866	struct ctl_lun *lun;
9867
9868	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9869
9870	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9871	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9872	ctsio->kern_sg_entries = 0;
9873
9874	if (sizeof(*lbp_ptr) < alloc_len) {
9875		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9876		ctsio->kern_data_len = sizeof(*lbp_ptr);
9877		ctsio->kern_total_len = sizeof(*lbp_ptr);
9878	} else {
9879		ctsio->residual = 0;
9880		ctsio->kern_data_len = alloc_len;
9881		ctsio->kern_total_len = alloc_len;
9882	}
9883	ctsio->kern_data_resid = 0;
9884	ctsio->kern_rel_offset = 0;
9885	ctsio->kern_sg_entries = 0;
9886
9887	/*
9888	 * The control device is always connected.  The disk device, on the
9889	 * other hand, may not be online all the time.  Need to change this
9890	 * to figure out whether the disk device is actually online or not.
9891	 */
9892	if (lun != NULL)
9893		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9894				  lun->be_lun->lun_type;
9895	else
9896		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9897
9898	lbp_ptr->page_code = SVPD_LBP;
9899	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9900	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9901	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9902		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9903		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9904		lbp_ptr->prov_type = SVPD_LBP_THIN;
9905	}
9906
9907	ctl_set_success(ctsio);
9908	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9909	ctsio->be_move_done = ctl_config_move_done;
9910	ctl_datamove((union ctl_io *)ctsio);
9911	return (CTL_RETVAL_COMPLETE);
9912}
9913
9914/*
9915 * INQUIRY with the EVPD bit set.
9916 */
9917static int
9918ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9919{
9920	struct ctl_lun *lun;
9921	struct scsi_inquiry *cdb;
9922	int alloc_len, retval;
9923
9924	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9925	cdb = (struct scsi_inquiry *)ctsio->cdb;
9926	alloc_len = scsi_2btoul(cdb->length);
9927
9928	switch (cdb->page_code) {
9929	case SVPD_SUPPORTED_PAGES:
9930		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9931		break;
9932	case SVPD_UNIT_SERIAL_NUMBER:
9933		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9934		break;
9935	case SVPD_DEVICE_ID:
9936		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9937		break;
9938	case SVPD_EXTENDED_INQUIRY_DATA:
9939		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9940		break;
9941	case SVPD_MODE_PAGE_POLICY:
9942		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9943		break;
9944	case SVPD_SCSI_PORTS:
9945		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
9946		break;
9947	case SVPD_SCSI_TPC:
9948		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
9949		break;
9950	case SVPD_BLOCK_LIMITS:
9951		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9952			goto err;
9953		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
9954		break;
9955	case SVPD_BDC:
9956		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9957			goto err;
9958		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
9959		break;
9960	case SVPD_LBP:
9961		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
9962			goto err;
9963		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
9964		break;
9965	default:
9966err:
9967		ctl_set_invalid_field(ctsio,
9968				      /*sks_valid*/ 1,
9969				      /*command*/ 1,
9970				      /*field*/ 2,
9971				      /*bit_valid*/ 0,
9972				      /*bit*/ 0);
9973		ctl_done((union ctl_io *)ctsio);
9974		retval = CTL_RETVAL_COMPLETE;
9975		break;
9976	}
9977
9978	return (retval);
9979}
9980
9981/*
9982 * Standard INQUIRY data.
9983 */
9984static int
9985ctl_inquiry_std(struct ctl_scsiio *ctsio)
9986{
9987	struct scsi_inquiry_data *inq_ptr;
9988	struct scsi_inquiry *cdb;
9989	struct ctl_softc *softc;
9990	struct ctl_port *port;
9991	struct ctl_lun *lun;
9992	char *val;
9993	uint32_t alloc_len, data_len;
9994	ctl_port_type port_type;
9995
9996	softc = control_softc;
9997
9998	/*
9999	 * Figure out whether we're talking to a Fibre Channel port or not.
10000	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10001	 * SCSI front ends.
10002	 */
10003	port = ctl_io_port(&ctsio->io_hdr);
10004	if (port != NULL)
10005		port_type = port->port_type;
10006	else
10007		port_type = CTL_PORT_SCSI;
10008	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10009		port_type = CTL_PORT_SCSI;
10010
10011	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10012	cdb = (struct scsi_inquiry *)ctsio->cdb;
10013	alloc_len = scsi_2btoul(cdb->length);
10014
10015	/*
10016	 * We malloc the full inquiry data size here and fill it
10017	 * in.  If the user only asks for less, we'll give him
10018	 * that much.
10019	 */
10020	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10021	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10022	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10023	ctsio->kern_sg_entries = 0;
10024	ctsio->kern_data_resid = 0;
10025	ctsio->kern_rel_offset = 0;
10026
10027	if (data_len < alloc_len) {
10028		ctsio->residual = alloc_len - data_len;
10029		ctsio->kern_data_len = data_len;
10030		ctsio->kern_total_len = data_len;
10031	} else {
10032		ctsio->residual = 0;
10033		ctsio->kern_data_len = alloc_len;
10034		ctsio->kern_total_len = alloc_len;
10035	}
10036
10037	if (lun != NULL) {
10038		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10039		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10040			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10041			    lun->be_lun->lun_type;
10042		} else {
10043			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10044			    lun->be_lun->lun_type;
10045		}
10046	} else
10047		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10048
10049	/* RMB in byte 2 is 0 */
10050	inq_ptr->version = SCSI_REV_SPC4;
10051
10052	/*
10053	 * According to SAM-3, even if a device only supports a single
10054	 * level of LUN addressing, it should still set the HISUP bit:
10055	 *
10056	 * 4.9.1 Logical unit numbers overview
10057	 *
10058	 * All logical unit number formats described in this standard are
10059	 * hierarchical in structure even when only a single level in that
10060	 * hierarchy is used. The HISUP bit shall be set to one in the
10061	 * standard INQUIRY data (see SPC-2) when any logical unit number
10062	 * format described in this standard is used.  Non-hierarchical
10063	 * formats are outside the scope of this standard.
10064	 *
10065	 * Therefore we set the HiSup bit here.
10066	 *
10067	 * The reponse format is 2, per SPC-3.
10068	 */
10069	inq_ptr->response_format = SID_HiSup | 2;
10070
10071	inq_ptr->additional_length = data_len -
10072	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10073	CTL_DEBUG_PRINT(("additional_length = %d\n",
10074			 inq_ptr->additional_length));
10075
10076	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10077	/* 16 bit addressing */
10078	if (port_type == CTL_PORT_SCSI)
10079		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10080	/* XXX set the SID_MultiP bit here if we're actually going to
10081	   respond on multiple ports */
10082	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10083
10084	/* 16 bit data bus, synchronous transfers */
10085	if (port_type == CTL_PORT_SCSI)
10086		inq_ptr->flags = SID_WBus16 | SID_Sync;
10087	/*
10088	 * XXX KDM do we want to support tagged queueing on the control
10089	 * device at all?
10090	 */
10091	if ((lun == NULL)
10092	 || (lun->be_lun->lun_type != T_PROCESSOR))
10093		inq_ptr->flags |= SID_CmdQue;
10094	/*
10095	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10096	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10097	 * name and 4 bytes for the revision.
10098	 */
10099	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10100	    "vendor")) == NULL) {
10101		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10102	} else {
10103		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10104		strncpy(inq_ptr->vendor, val,
10105		    min(sizeof(inq_ptr->vendor), strlen(val)));
10106	}
10107	if (lun == NULL) {
10108		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10109		    sizeof(inq_ptr->product));
10110	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10111		switch (lun->be_lun->lun_type) {
10112		case T_DIRECT:
10113			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10114			    sizeof(inq_ptr->product));
10115			break;
10116		case T_PROCESSOR:
10117			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10118			    sizeof(inq_ptr->product));
10119			break;
10120		default:
10121			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10122			    sizeof(inq_ptr->product));
10123			break;
10124		}
10125	} else {
10126		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10127		strncpy(inq_ptr->product, val,
10128		    min(sizeof(inq_ptr->product), strlen(val)));
10129	}
10130
10131	/*
10132	 * XXX make this a macro somewhere so it automatically gets
10133	 * incremented when we make changes.
10134	 */
10135	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10136	    "revision")) == NULL) {
10137		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10138	} else {
10139		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10140		strncpy(inq_ptr->revision, val,
10141		    min(sizeof(inq_ptr->revision), strlen(val)));
10142	}
10143
10144	/*
10145	 * For parallel SCSI, we support double transition and single
10146	 * transition clocking.  We also support QAS (Quick Arbitration
10147	 * and Selection) and Information Unit transfers on both the
10148	 * control and array devices.
10149	 */
10150	if (port_type == CTL_PORT_SCSI)
10151		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10152				    SID_SPI_IUS;
10153
10154	/* SAM-5 (no version claimed) */
10155	scsi_ulto2b(0x00A0, inq_ptr->version1);
10156	/* SPC-4 (no version claimed) */
10157	scsi_ulto2b(0x0460, inq_ptr->version2);
10158	if (port_type == CTL_PORT_FC) {
10159		/* FCP-2 ANSI INCITS.350:2003 */
10160		scsi_ulto2b(0x0917, inq_ptr->version3);
10161	} else if (port_type == CTL_PORT_SCSI) {
10162		/* SPI-4 ANSI INCITS.362:200x */
10163		scsi_ulto2b(0x0B56, inq_ptr->version3);
10164	} else if (port_type == CTL_PORT_ISCSI) {
10165		/* iSCSI (no version claimed) */
10166		scsi_ulto2b(0x0960, inq_ptr->version3);
10167	} else if (port_type == CTL_PORT_SAS) {
10168		/* SAS (no version claimed) */
10169		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10170	}
10171
10172	if (lun == NULL) {
10173		/* SBC-4 (no version claimed) */
10174		scsi_ulto2b(0x0600, inq_ptr->version4);
10175	} else {
10176		switch (lun->be_lun->lun_type) {
10177		case T_DIRECT:
10178			/* SBC-4 (no version claimed) */
10179			scsi_ulto2b(0x0600, inq_ptr->version4);
10180			break;
10181		case T_PROCESSOR:
10182		default:
10183			break;
10184		}
10185	}
10186
10187	ctl_set_success(ctsio);
10188	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10189	ctsio->be_move_done = ctl_config_move_done;
10190	ctl_datamove((union ctl_io *)ctsio);
10191	return (CTL_RETVAL_COMPLETE);
10192}
10193
10194int
10195ctl_inquiry(struct ctl_scsiio *ctsio)
10196{
10197	struct scsi_inquiry *cdb;
10198	int retval;
10199
10200	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10201
10202	cdb = (struct scsi_inquiry *)ctsio->cdb;
10203	if (cdb->byte2 & SI_EVPD)
10204		retval = ctl_inquiry_evpd(ctsio);
10205	else if (cdb->page_code == 0)
10206		retval = ctl_inquiry_std(ctsio);
10207	else {
10208		ctl_set_invalid_field(ctsio,
10209				      /*sks_valid*/ 1,
10210				      /*command*/ 1,
10211				      /*field*/ 2,
10212				      /*bit_valid*/ 0,
10213				      /*bit*/ 0);
10214		ctl_done((union ctl_io *)ctsio);
10215		return (CTL_RETVAL_COMPLETE);
10216	}
10217
10218	return (retval);
10219}
10220
10221/*
10222 * For known CDB types, parse the LBA and length.
10223 */
10224static int
10225ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10226{
10227	if (io->io_hdr.io_type != CTL_IO_SCSI)
10228		return (1);
10229
10230	switch (io->scsiio.cdb[0]) {
10231	case COMPARE_AND_WRITE: {
10232		struct scsi_compare_and_write *cdb;
10233
10234		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10235
10236		*lba = scsi_8btou64(cdb->addr);
10237		*len = cdb->length;
10238		break;
10239	}
10240	case READ_6:
10241	case WRITE_6: {
10242		struct scsi_rw_6 *cdb;
10243
10244		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10245
10246		*lba = scsi_3btoul(cdb->addr);
10247		/* only 5 bits are valid in the most significant address byte */
10248		*lba &= 0x1fffff;
10249		*len = cdb->length;
10250		break;
10251	}
10252	case READ_10:
10253	case WRITE_10: {
10254		struct scsi_rw_10 *cdb;
10255
10256		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10257
10258		*lba = scsi_4btoul(cdb->addr);
10259		*len = scsi_2btoul(cdb->length);
10260		break;
10261	}
10262	case WRITE_VERIFY_10: {
10263		struct scsi_write_verify_10 *cdb;
10264
10265		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10266
10267		*lba = scsi_4btoul(cdb->addr);
10268		*len = scsi_2btoul(cdb->length);
10269		break;
10270	}
10271	case READ_12:
10272	case WRITE_12: {
10273		struct scsi_rw_12 *cdb;
10274
10275		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10276
10277		*lba = scsi_4btoul(cdb->addr);
10278		*len = scsi_4btoul(cdb->length);
10279		break;
10280	}
10281	case WRITE_VERIFY_12: {
10282		struct scsi_write_verify_12 *cdb;
10283
10284		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10285
10286		*lba = scsi_4btoul(cdb->addr);
10287		*len = scsi_4btoul(cdb->length);
10288		break;
10289	}
10290	case READ_16:
10291	case WRITE_16:
10292	case WRITE_ATOMIC_16: {
10293		struct scsi_rw_16 *cdb;
10294
10295		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10296
10297		*lba = scsi_8btou64(cdb->addr);
10298		*len = scsi_4btoul(cdb->length);
10299		break;
10300	}
10301	case WRITE_VERIFY_16: {
10302		struct scsi_write_verify_16 *cdb;
10303
10304		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10305
10306		*lba = scsi_8btou64(cdb->addr);
10307		*len = scsi_4btoul(cdb->length);
10308		break;
10309	}
10310	case WRITE_SAME_10: {
10311		struct scsi_write_same_10 *cdb;
10312
10313		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10314
10315		*lba = scsi_4btoul(cdb->addr);
10316		*len = scsi_2btoul(cdb->length);
10317		break;
10318	}
10319	case WRITE_SAME_16: {
10320		struct scsi_write_same_16 *cdb;
10321
10322		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10323
10324		*lba = scsi_8btou64(cdb->addr);
10325		*len = scsi_4btoul(cdb->length);
10326		break;
10327	}
10328	case VERIFY_10: {
10329		struct scsi_verify_10 *cdb;
10330
10331		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10332
10333		*lba = scsi_4btoul(cdb->addr);
10334		*len = scsi_2btoul(cdb->length);
10335		break;
10336	}
10337	case VERIFY_12: {
10338		struct scsi_verify_12 *cdb;
10339
10340		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10341
10342		*lba = scsi_4btoul(cdb->addr);
10343		*len = scsi_4btoul(cdb->length);
10344		break;
10345	}
10346	case VERIFY_16: {
10347		struct scsi_verify_16 *cdb;
10348
10349		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10350
10351		*lba = scsi_8btou64(cdb->addr);
10352		*len = scsi_4btoul(cdb->length);
10353		break;
10354	}
10355	case UNMAP: {
10356		*lba = 0;
10357		*len = UINT64_MAX;
10358		break;
10359	}
10360	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10361		struct scsi_get_lba_status *cdb;
10362
10363		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10364		*lba = scsi_8btou64(cdb->addr);
10365		*len = UINT32_MAX;
10366		break;
10367	}
10368	default:
10369		return (1);
10370		break; /* NOTREACHED */
10371	}
10372
10373	return (0);
10374}
10375
10376static ctl_action
10377ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10378    bool seq)
10379{
10380	uint64_t endlba1, endlba2;
10381
10382	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10383	endlba2 = lba2 + len2 - 1;
10384
10385	if ((endlba1 < lba2) || (endlba2 < lba1))
10386		return (CTL_ACTION_PASS);
10387	else
10388		return (CTL_ACTION_BLOCK);
10389}
10390
10391static int
10392ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10393{
10394	struct ctl_ptr_len_flags *ptrlen;
10395	struct scsi_unmap_desc *buf, *end, *range;
10396	uint64_t lba;
10397	uint32_t len;
10398
10399	/* If not UNMAP -- go other way. */
10400	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10401	    io->scsiio.cdb[0] != UNMAP)
10402		return (CTL_ACTION_ERROR);
10403
10404	/* If UNMAP without data -- block and wait for data. */
10405	ptrlen = (struct ctl_ptr_len_flags *)
10406	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10407	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10408	    ptrlen->ptr == NULL)
10409		return (CTL_ACTION_BLOCK);
10410
10411	/* UNMAP with data -- check for collision. */
10412	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10413	end = buf + ptrlen->len / sizeof(*buf);
10414	for (range = buf; range < end; range++) {
10415		lba = scsi_8btou64(range->lba);
10416		len = scsi_4btoul(range->length);
10417		if ((lba < lba2 + len2) && (lba + len > lba2))
10418			return (CTL_ACTION_BLOCK);
10419	}
10420	return (CTL_ACTION_PASS);
10421}
10422
10423static ctl_action
10424ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10425{
10426	uint64_t lba1, lba2;
10427	uint64_t len1, len2;
10428	int retval;
10429
10430	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10431		return (CTL_ACTION_ERROR);
10432
10433	retval = ctl_extent_check_unmap(io1, lba2, len2);
10434	if (retval != CTL_ACTION_ERROR)
10435		return (retval);
10436
10437	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10438		return (CTL_ACTION_ERROR);
10439
10440	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10441}
10442
10443static ctl_action
10444ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10445{
10446	uint64_t lba1, lba2;
10447	uint64_t len1, len2;
10448
10449	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10450		return (CTL_ACTION_ERROR);
10451	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10452		return (CTL_ACTION_ERROR);
10453
10454	if (lba1 + len1 == lba2)
10455		return (CTL_ACTION_BLOCK);
10456	return (CTL_ACTION_PASS);
10457}
10458
10459static ctl_action
10460ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10461    union ctl_io *ooa_io)
10462{
10463	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10464	ctl_serialize_action *serialize_row;
10465
10466	/*
10467	 * The initiator attempted multiple untagged commands at the same
10468	 * time.  Can't do that.
10469	 */
10470	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10471	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10472	 && ((pending_io->io_hdr.nexus.targ_port ==
10473	      ooa_io->io_hdr.nexus.targ_port)
10474	  && (pending_io->io_hdr.nexus.initid ==
10475	      ooa_io->io_hdr.nexus.initid))
10476	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10477	      CTL_FLAG_STATUS_SENT)) == 0))
10478		return (CTL_ACTION_OVERLAP);
10479
10480	/*
10481	 * The initiator attempted to send multiple tagged commands with
10482	 * the same ID.  (It's fine if different initiators have the same
10483	 * tag ID.)
10484	 *
10485	 * Even if all of those conditions are true, we don't kill the I/O
10486	 * if the command ahead of us has been aborted.  We won't end up
10487	 * sending it to the FETD, and it's perfectly legal to resend a
10488	 * command with the same tag number as long as the previous
10489	 * instance of this tag number has been aborted somehow.
10490	 */
10491	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10492	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10493	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10494	 && ((pending_io->io_hdr.nexus.targ_port ==
10495	      ooa_io->io_hdr.nexus.targ_port)
10496	  && (pending_io->io_hdr.nexus.initid ==
10497	      ooa_io->io_hdr.nexus.initid))
10498	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10499	      CTL_FLAG_STATUS_SENT)) == 0))
10500		return (CTL_ACTION_OVERLAP_TAG);
10501
10502	/*
10503	 * If we get a head of queue tag, SAM-3 says that we should
10504	 * immediately execute it.
10505	 *
10506	 * What happens if this command would normally block for some other
10507	 * reason?  e.g. a request sense with a head of queue tag
10508	 * immediately after a write.  Normally that would block, but this
10509	 * will result in its getting executed immediately...
10510	 *
10511	 * We currently return "pass" instead of "skip", so we'll end up
10512	 * going through the rest of the queue to check for overlapped tags.
10513	 *
10514	 * XXX KDM check for other types of blockage first??
10515	 */
10516	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10517		return (CTL_ACTION_PASS);
10518
10519	/*
10520	 * Ordered tags have to block until all items ahead of them
10521	 * have completed.  If we get called with an ordered tag, we always
10522	 * block, if something else is ahead of us in the queue.
10523	 */
10524	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10525		return (CTL_ACTION_BLOCK);
10526
10527	/*
10528	 * Simple tags get blocked until all head of queue and ordered tags
10529	 * ahead of them have completed.  I'm lumping untagged commands in
10530	 * with simple tags here.  XXX KDM is that the right thing to do?
10531	 */
10532	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10533	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10534	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10535	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10536		return (CTL_ACTION_BLOCK);
10537
10538	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10539	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10540
10541	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10542
10543	switch (serialize_row[pending_entry->seridx]) {
10544	case CTL_SER_BLOCK:
10545		return (CTL_ACTION_BLOCK);
10546	case CTL_SER_EXTENT:
10547		return (ctl_extent_check(ooa_io, pending_io,
10548		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10549	case CTL_SER_EXTENTOPT:
10550		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10551		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10552			return (ctl_extent_check(ooa_io, pending_io,
10553			    (lun->be_lun &&
10554			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10555		return (CTL_ACTION_PASS);
10556	case CTL_SER_EXTENTSEQ:
10557		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10558			return (ctl_extent_check_seq(ooa_io, pending_io));
10559		return (CTL_ACTION_PASS);
10560	case CTL_SER_PASS:
10561		return (CTL_ACTION_PASS);
10562	case CTL_SER_BLOCKOPT:
10563		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10564		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10565			return (CTL_ACTION_BLOCK);
10566		return (CTL_ACTION_PASS);
10567	case CTL_SER_SKIP:
10568		return (CTL_ACTION_SKIP);
10569	default:
10570		panic("invalid serialization value %d",
10571		      serialize_row[pending_entry->seridx]);
10572	}
10573
10574	return (CTL_ACTION_ERROR);
10575}
10576
10577/*
10578 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10579 * Assumptions:
10580 * - pending_io is generally either incoming, or on the blocked queue
10581 * - starting I/O is the I/O we want to start the check with.
10582 */
10583static ctl_action
10584ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10585	      union ctl_io *starting_io)
10586{
10587	union ctl_io *ooa_io;
10588	ctl_action action;
10589
10590	mtx_assert(&lun->lun_lock, MA_OWNED);
10591
10592	/*
10593	 * Run back along the OOA queue, starting with the current
10594	 * blocked I/O and going through every I/O before it on the
10595	 * queue.  If starting_io is NULL, we'll just end up returning
10596	 * CTL_ACTION_PASS.
10597	 */
10598	for (ooa_io = starting_io; ooa_io != NULL;
10599	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10600	     ooa_links)){
10601
10602		/*
10603		 * This routine just checks to see whether
10604		 * cur_blocked is blocked by ooa_io, which is ahead
10605		 * of it in the queue.  It doesn't queue/dequeue
10606		 * cur_blocked.
10607		 */
10608		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10609		switch (action) {
10610		case CTL_ACTION_BLOCK:
10611		case CTL_ACTION_OVERLAP:
10612		case CTL_ACTION_OVERLAP_TAG:
10613		case CTL_ACTION_SKIP:
10614		case CTL_ACTION_ERROR:
10615			return (action);
10616			break; /* NOTREACHED */
10617		case CTL_ACTION_PASS:
10618			break;
10619		default:
10620			panic("invalid action %d", action);
10621			break;  /* NOTREACHED */
10622		}
10623	}
10624
10625	return (CTL_ACTION_PASS);
10626}
10627
10628/*
10629 * Assumptions:
10630 * - An I/O has just completed, and has been removed from the per-LUN OOA
10631 *   queue, so some items on the blocked queue may now be unblocked.
10632 */
10633static int
10634ctl_check_blocked(struct ctl_lun *lun)
10635{
10636	struct ctl_softc *softc = lun->ctl_softc;
10637	union ctl_io *cur_blocked, *next_blocked;
10638
10639	mtx_assert(&lun->lun_lock, MA_OWNED);
10640
10641	/*
10642	 * Run forward from the head of the blocked queue, checking each
10643	 * entry against the I/Os prior to it on the OOA queue to see if
10644	 * there is still any blockage.
10645	 *
10646	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10647	 * with our removing a variable on it while it is traversing the
10648	 * list.
10649	 */
10650	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10651	     cur_blocked != NULL; cur_blocked = next_blocked) {
10652		union ctl_io *prev_ooa;
10653		ctl_action action;
10654
10655		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10656							  blocked_links);
10657
10658		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10659						      ctl_ooaq, ooa_links);
10660
10661		/*
10662		 * If cur_blocked happens to be the first item in the OOA
10663		 * queue now, prev_ooa will be NULL, and the action
10664		 * returned will just be CTL_ACTION_PASS.
10665		 */
10666		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10667
10668		switch (action) {
10669		case CTL_ACTION_BLOCK:
10670			/* Nothing to do here, still blocked */
10671			break;
10672		case CTL_ACTION_OVERLAP:
10673		case CTL_ACTION_OVERLAP_TAG:
10674			/*
10675			 * This shouldn't happen!  In theory we've already
10676			 * checked this command for overlap...
10677			 */
10678			break;
10679		case CTL_ACTION_PASS:
10680		case CTL_ACTION_SKIP: {
10681			const struct ctl_cmd_entry *entry;
10682
10683			/*
10684			 * The skip case shouldn't happen, this transaction
10685			 * should have never made it onto the blocked queue.
10686			 */
10687			/*
10688			 * This I/O is no longer blocked, we can remove it
10689			 * from the blocked queue.  Since this is a TAILQ
10690			 * (doubly linked list), we can do O(1) removals
10691			 * from any place on the list.
10692			 */
10693			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10694				     blocked_links);
10695			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10696
10697			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10698			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10699				/*
10700				 * Need to send IO back to original side to
10701				 * run
10702				 */
10703				union ctl_ha_msg msg_info;
10704
10705				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10706				msg_info.hdr.original_sc =
10707					cur_blocked->io_hdr.original_sc;
10708				msg_info.hdr.serializing_sc = cur_blocked;
10709				msg_info.hdr.msg_type = CTL_MSG_R2R;
10710				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10711				    sizeof(msg_info.hdr), M_NOWAIT);
10712				break;
10713			}
10714			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10715
10716			/*
10717			 * Check this I/O for LUN state changes that may
10718			 * have happened while this command was blocked.
10719			 * The LUN state may have been changed by a command
10720			 * ahead of us in the queue, so we need to re-check
10721			 * for any states that can be caused by SCSI
10722			 * commands.
10723			 */
10724			if (ctl_scsiio_lun_check(lun, entry,
10725						 &cur_blocked->scsiio) == 0) {
10726				cur_blocked->io_hdr.flags |=
10727				                      CTL_FLAG_IS_WAS_ON_RTR;
10728				ctl_enqueue_rtr(cur_blocked);
10729			} else
10730				ctl_done(cur_blocked);
10731			break;
10732		}
10733		default:
10734			/*
10735			 * This probably shouldn't happen -- we shouldn't
10736			 * get CTL_ACTION_ERROR, or anything else.
10737			 */
10738			break;
10739		}
10740	}
10741
10742	return (CTL_RETVAL_COMPLETE);
10743}
10744
10745/*
10746 * This routine (with one exception) checks LUN flags that can be set by
10747 * commands ahead of us in the OOA queue.  These flags have to be checked
10748 * when a command initially comes in, and when we pull a command off the
10749 * blocked queue and are preparing to execute it.  The reason we have to
10750 * check these flags for commands on the blocked queue is that the LUN
10751 * state may have been changed by a command ahead of us while we're on the
10752 * blocked queue.
10753 *
10754 * Ordering is somewhat important with these checks, so please pay
10755 * careful attention to the placement of any new checks.
10756 */
10757static int
10758ctl_scsiio_lun_check(struct ctl_lun *lun,
10759    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10760{
10761	struct ctl_softc *softc = lun->ctl_softc;
10762	int retval;
10763	uint32_t residx;
10764
10765	retval = 0;
10766
10767	mtx_assert(&lun->lun_lock, MA_OWNED);
10768
10769	/*
10770	 * If this shelf is a secondary shelf controller, we may have to
10771	 * reject some commands disallowed by HA mode and link state.
10772	 */
10773	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10774		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10775		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10776			ctl_set_lun_unavail(ctsio);
10777			retval = 1;
10778			goto bailout;
10779		}
10780		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10781		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10782			ctl_set_lun_transit(ctsio);
10783			retval = 1;
10784			goto bailout;
10785		}
10786		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10787		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10788			ctl_set_lun_standby(ctsio);
10789			retval = 1;
10790			goto bailout;
10791		}
10792
10793		/* The rest of checks are only done on executing side */
10794		if (softc->ha_mode == CTL_HA_MODE_XFER)
10795			goto bailout;
10796	}
10797
10798	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10799		if (lun->be_lun &&
10800		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10801			ctl_set_sense(ctsio, /*current_error*/ 1,
10802			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10803			    /*asc*/ 0x27, /*ascq*/ 0x01, SSD_ELEM_NONE);
10804			retval = 1;
10805			goto bailout;
10806		}
10807		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10808		    .eca_and_aen & SCP_SWP) != 0) {
10809			ctl_set_sense(ctsio, /*current_error*/ 1,
10810			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10811			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10812			retval = 1;
10813			goto bailout;
10814		}
10815	}
10816
10817	/*
10818	 * Check for a reservation conflict.  If this command isn't allowed
10819	 * even on reserved LUNs, and if this initiator isn't the one who
10820	 * reserved us, reject the command with a reservation conflict.
10821	 */
10822	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10823	if ((lun->flags & CTL_LUN_RESERVED)
10824	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10825		if (lun->res_idx != residx) {
10826			ctl_set_reservation_conflict(ctsio);
10827			retval = 1;
10828			goto bailout;
10829		}
10830	}
10831
10832	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10833	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10834		/* No reservation or command is allowed. */;
10835	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10836	    (lun->res_type == SPR_TYPE_WR_EX ||
10837	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10838	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10839		/* The command is allowed for Write Exclusive resv. */;
10840	} else {
10841		/*
10842		 * if we aren't registered or it's a res holder type
10843		 * reservation and this isn't the res holder then set a
10844		 * conflict.
10845		 */
10846		if (ctl_get_prkey(lun, residx) == 0
10847		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10848			ctl_set_reservation_conflict(ctsio);
10849			retval = 1;
10850			goto bailout;
10851		}
10852	}
10853
10854	if ((lun->flags & CTL_LUN_OFFLINE)
10855	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10856		ctl_set_lun_not_ready(ctsio);
10857		retval = 1;
10858		goto bailout;
10859	}
10860
10861	if ((lun->flags & CTL_LUN_STOPPED)
10862	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10863		/* "Logical unit not ready, initializing cmd. required" */
10864		ctl_set_lun_stopped(ctsio);
10865		retval = 1;
10866		goto bailout;
10867	}
10868
10869	if ((lun->flags & CTL_LUN_INOPERABLE)
10870	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10871		/* "Medium format corrupted" */
10872		ctl_set_medium_format_corrupted(ctsio);
10873		retval = 1;
10874		goto bailout;
10875	}
10876
10877bailout:
10878	return (retval);
10879}
10880
10881static void
10882ctl_failover_io(union ctl_io *io, int have_lock)
10883{
10884	ctl_set_busy(&io->scsiio);
10885	ctl_done(io);
10886}
10887
10888static void
10889ctl_failover_lun(struct ctl_lun *lun)
10890{
10891	struct ctl_softc *softc = lun->ctl_softc;
10892	struct ctl_io_hdr *io, *next_io;
10893
10894	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
10895	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10896		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10897			/* We are master */
10898			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10899				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10900					io->flags |= CTL_FLAG_ABORT;
10901				} else { /* This can be only due to DATAMOVE */
10902					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10903					io->flags |= CTL_FLAG_IO_ACTIVE;
10904					io->port_status = 31340;
10905					ctl_enqueue_isc((union ctl_io *)io);
10906				}
10907			}
10908			/* We are slave */
10909			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10910				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10911				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10912					io->flags |= CTL_FLAG_FAILOVER;
10913				} else {
10914					ctl_set_busy(&((union ctl_io *)io)->
10915					    scsiio);
10916					ctl_done((union ctl_io *)io);
10917				}
10918			}
10919		}
10920	} else { /* SERIALIZE modes */
10921		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10922		    next_io) {
10923			/* We are master */
10924			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10925				TAILQ_REMOVE(&lun->blocked_queue, io,
10926				    blocked_links);
10927				io->flags &= ~CTL_FLAG_BLOCKED;
10928				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10929				ctl_free_io((union ctl_io *)io);
10930			}
10931		}
10932		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10933			/* We are master */
10934			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10935				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10936				ctl_free_io((union ctl_io *)io);
10937			}
10938			/* We are slave */
10939			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10940				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10941				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
10942					ctl_set_busy(&((union ctl_io *)io)->
10943					    scsiio);
10944					ctl_done((union ctl_io *)io);
10945				}
10946			}
10947		}
10948		ctl_check_blocked(lun);
10949	}
10950}
10951
10952static int
10953ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
10954{
10955	struct ctl_lun *lun;
10956	const struct ctl_cmd_entry *entry;
10957	uint32_t initidx, targ_lun;
10958	int retval;
10959
10960	retval = 0;
10961
10962	lun = NULL;
10963
10964	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
10965	if ((targ_lun < CTL_MAX_LUNS)
10966	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
10967		/*
10968		 * If the LUN is invalid, pretend that it doesn't exist.
10969		 * It will go away as soon as all pending I/O has been
10970		 * completed.
10971		 */
10972		mtx_lock(&lun->lun_lock);
10973		if (lun->flags & CTL_LUN_DISABLED) {
10974			mtx_unlock(&lun->lun_lock);
10975			lun = NULL;
10976			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
10977			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
10978		} else {
10979			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
10980			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
10981				lun->be_lun;
10982
10983			/*
10984			 * Every I/O goes into the OOA queue for a
10985			 * particular LUN, and stays there until completion.
10986			 */
10987#ifdef CTL_TIME_IO
10988			if (TAILQ_EMPTY(&lun->ooa_queue)) {
10989				lun->idle_time += getsbinuptime() -
10990				    lun->last_busy;
10991			}
10992#endif
10993			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
10994			    ooa_links);
10995		}
10996	} else {
10997		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
10998		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
10999	}
11000
11001	/* Get command entry and return error if it is unsuppotyed. */
11002	entry = ctl_validate_command(ctsio);
11003	if (entry == NULL) {
11004		if (lun)
11005			mtx_unlock(&lun->lun_lock);
11006		return (retval);
11007	}
11008
11009	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11010	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11011
11012	/*
11013	 * Check to see whether we can send this command to LUNs that don't
11014	 * exist.  This should pretty much only be the case for inquiry
11015	 * and request sense.  Further checks, below, really require having
11016	 * a LUN, so we can't really check the command anymore.  Just put
11017	 * it on the rtr queue.
11018	 */
11019	if (lun == NULL) {
11020		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11021			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11022			ctl_enqueue_rtr((union ctl_io *)ctsio);
11023			return (retval);
11024		}
11025
11026		ctl_set_unsupported_lun(ctsio);
11027		ctl_done((union ctl_io *)ctsio);
11028		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11029		return (retval);
11030	} else {
11031		/*
11032		 * Make sure we support this particular command on this LUN.
11033		 * e.g., we don't support writes to the control LUN.
11034		 */
11035		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11036			mtx_unlock(&lun->lun_lock);
11037			ctl_set_invalid_opcode(ctsio);
11038			ctl_done((union ctl_io *)ctsio);
11039			return (retval);
11040		}
11041	}
11042
11043	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11044
11045#ifdef CTL_WITH_CA
11046	/*
11047	 * If we've got a request sense, it'll clear the contingent
11048	 * allegiance condition.  Otherwise, if we have a CA condition for
11049	 * this initiator, clear it, because it sent down a command other
11050	 * than request sense.
11051	 */
11052	if ((ctsio->cdb[0] != REQUEST_SENSE)
11053	 && (ctl_is_set(lun->have_ca, initidx)))
11054		ctl_clear_mask(lun->have_ca, initidx);
11055#endif
11056
11057	/*
11058	 * If the command has this flag set, it handles its own unit
11059	 * attention reporting, we shouldn't do anything.  Otherwise we
11060	 * check for any pending unit attentions, and send them back to the
11061	 * initiator.  We only do this when a command initially comes in,
11062	 * not when we pull it off the blocked queue.
11063	 *
11064	 * According to SAM-3, section 5.3.2, the order that things get
11065	 * presented back to the host is basically unit attentions caused
11066	 * by some sort of reset event, busy status, reservation conflicts
11067	 * or task set full, and finally any other status.
11068	 *
11069	 * One issue here is that some of the unit attentions we report
11070	 * don't fall into the "reset" category (e.g. "reported luns data
11071	 * has changed").  So reporting it here, before the reservation
11072	 * check, may be technically wrong.  I guess the only thing to do
11073	 * would be to check for and report the reset events here, and then
11074	 * check for the other unit attention types after we check for a
11075	 * reservation conflict.
11076	 *
11077	 * XXX KDM need to fix this
11078	 */
11079	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11080		ctl_ua_type ua_type;
11081		scsi_sense_data_type sense_format;
11082
11083		if (lun->flags & CTL_LUN_SENSE_DESC)
11084			sense_format = SSD_TYPE_DESC;
11085		else
11086			sense_format = SSD_TYPE_FIXED;
11087
11088		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11089		    sense_format);
11090		if (ua_type != CTL_UA_NONE) {
11091			mtx_unlock(&lun->lun_lock);
11092			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11093			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11094			ctsio->sense_len = SSD_FULL_SIZE;
11095			ctl_done((union ctl_io *)ctsio);
11096			return (retval);
11097		}
11098	}
11099
11100
11101	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11102		mtx_unlock(&lun->lun_lock);
11103		ctl_done((union ctl_io *)ctsio);
11104		return (retval);
11105	}
11106
11107	/*
11108	 * XXX CHD this is where we want to send IO to other side if
11109	 * this LUN is secondary on this SC. We will need to make a copy
11110	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11111	 * the copy we send as FROM_OTHER.
11112	 * We also need to stuff the address of the original IO so we can
11113	 * find it easily. Something similar will need be done on the other
11114	 * side so when we are done we can find the copy.
11115	 */
11116	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11117	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0) {
11118		union ctl_ha_msg msg_info;
11119		int isc_retval;
11120
11121		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11122		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11123		mtx_unlock(&lun->lun_lock);
11124
11125		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11126		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11127		msg_info.hdr.serializing_sc = NULL;
11128		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11129		msg_info.scsi.tag_num = ctsio->tag_num;
11130		msg_info.scsi.tag_type = ctsio->tag_type;
11131		msg_info.scsi.cdb_len = ctsio->cdb_len;
11132		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11133
11134		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11135		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11136		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11137			ctl_set_busy(ctsio);
11138			ctl_done((union ctl_io *)ctsio);
11139			return (retval);
11140		}
11141		return (retval);
11142	}
11143
11144	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11145			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11146			      ctl_ooaq, ooa_links))) {
11147	case CTL_ACTION_BLOCK:
11148		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11149		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11150				  blocked_links);
11151		mtx_unlock(&lun->lun_lock);
11152		return (retval);
11153	case CTL_ACTION_PASS:
11154	case CTL_ACTION_SKIP:
11155		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11156		mtx_unlock(&lun->lun_lock);
11157		ctl_enqueue_rtr((union ctl_io *)ctsio);
11158		break;
11159	case CTL_ACTION_OVERLAP:
11160		mtx_unlock(&lun->lun_lock);
11161		ctl_set_overlapped_cmd(ctsio);
11162		ctl_done((union ctl_io *)ctsio);
11163		break;
11164	case CTL_ACTION_OVERLAP_TAG:
11165		mtx_unlock(&lun->lun_lock);
11166		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11167		ctl_done((union ctl_io *)ctsio);
11168		break;
11169	case CTL_ACTION_ERROR:
11170	default:
11171		mtx_unlock(&lun->lun_lock);
11172		ctl_set_internal_failure(ctsio,
11173					 /*sks_valid*/ 0,
11174					 /*retry_count*/ 0);
11175		ctl_done((union ctl_io *)ctsio);
11176		break;
11177	}
11178	return (retval);
11179}
11180
11181const struct ctl_cmd_entry *
11182ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11183{
11184	const struct ctl_cmd_entry *entry;
11185	int service_action;
11186
11187	entry = &ctl_cmd_table[ctsio->cdb[0]];
11188	if (sa)
11189		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11190	if (entry->flags & CTL_CMD_FLAG_SA5) {
11191		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11192		entry = &((const struct ctl_cmd_entry *)
11193		    entry->execute)[service_action];
11194	}
11195	return (entry);
11196}
11197
11198const struct ctl_cmd_entry *
11199ctl_validate_command(struct ctl_scsiio *ctsio)
11200{
11201	const struct ctl_cmd_entry *entry;
11202	int i, sa;
11203	uint8_t diff;
11204
11205	entry = ctl_get_cmd_entry(ctsio, &sa);
11206	if (entry->execute == NULL) {
11207		if (sa)
11208			ctl_set_invalid_field(ctsio,
11209					      /*sks_valid*/ 1,
11210					      /*command*/ 1,
11211					      /*field*/ 1,
11212					      /*bit_valid*/ 1,
11213					      /*bit*/ 4);
11214		else
11215			ctl_set_invalid_opcode(ctsio);
11216		ctl_done((union ctl_io *)ctsio);
11217		return (NULL);
11218	}
11219	KASSERT(entry->length > 0,
11220	    ("Not defined length for command 0x%02x/0x%02x",
11221	     ctsio->cdb[0], ctsio->cdb[1]));
11222	for (i = 1; i < entry->length; i++) {
11223		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11224		if (diff == 0)
11225			continue;
11226		ctl_set_invalid_field(ctsio,
11227				      /*sks_valid*/ 1,
11228				      /*command*/ 1,
11229				      /*field*/ i,
11230				      /*bit_valid*/ 1,
11231				      /*bit*/ fls(diff) - 1);
11232		ctl_done((union ctl_io *)ctsio);
11233		return (NULL);
11234	}
11235	return (entry);
11236}
11237
11238static int
11239ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11240{
11241
11242	switch (lun_type) {
11243	case T_PROCESSOR:
11244		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11245		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11246			return (0);
11247		break;
11248	case T_DIRECT:
11249		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11250		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11251			return (0);
11252		break;
11253	default:
11254		return (0);
11255	}
11256	return (1);
11257}
11258
11259static int
11260ctl_scsiio(struct ctl_scsiio *ctsio)
11261{
11262	int retval;
11263	const struct ctl_cmd_entry *entry;
11264
11265	retval = CTL_RETVAL_COMPLETE;
11266
11267	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11268
11269	entry = ctl_get_cmd_entry(ctsio, NULL);
11270
11271	/*
11272	 * If this I/O has been aborted, just send it straight to
11273	 * ctl_done() without executing it.
11274	 */
11275	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11276		ctl_done((union ctl_io *)ctsio);
11277		goto bailout;
11278	}
11279
11280	/*
11281	 * All the checks should have been handled by ctl_scsiio_precheck().
11282	 * We should be clear now to just execute the I/O.
11283	 */
11284	retval = entry->execute(ctsio);
11285
11286bailout:
11287	return (retval);
11288}
11289
11290/*
11291 * Since we only implement one target right now, a bus reset simply resets
11292 * our single target.
11293 */
11294static int
11295ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11296{
11297	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11298}
11299
11300static int
11301ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11302		 ctl_ua_type ua_type)
11303{
11304	struct ctl_lun *lun;
11305	int retval;
11306
11307	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11308		union ctl_ha_msg msg_info;
11309
11310		msg_info.hdr.nexus = io->io_hdr.nexus;
11311		if (ua_type==CTL_UA_TARG_RESET)
11312			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11313		else
11314			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11315		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11316		msg_info.hdr.original_sc = NULL;
11317		msg_info.hdr.serializing_sc = NULL;
11318		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11319		    sizeof(msg_info.task), M_WAITOK);
11320	}
11321	retval = 0;
11322
11323	mtx_lock(&softc->ctl_lock);
11324	STAILQ_FOREACH(lun, &softc->lun_list, links)
11325		retval += ctl_lun_reset(lun, io, ua_type);
11326	mtx_unlock(&softc->ctl_lock);
11327
11328	return (retval);
11329}
11330
11331/*
11332 * The LUN should always be set.  The I/O is optional, and is used to
11333 * distinguish between I/Os sent by this initiator, and by other
11334 * initiators.  We set unit attention for initiators other than this one.
11335 * SAM-3 is vague on this point.  It does say that a unit attention should
11336 * be established for other initiators when a LUN is reset (see section
11337 * 5.7.3), but it doesn't specifically say that the unit attention should
11338 * be established for this particular initiator when a LUN is reset.  Here
11339 * is the relevant text, from SAM-3 rev 8:
11340 *
11341 * 5.7.2 When a SCSI initiator port aborts its own tasks
11342 *
11343 * When a SCSI initiator port causes its own task(s) to be aborted, no
11344 * notification that the task(s) have been aborted shall be returned to
11345 * the SCSI initiator port other than the completion response for the
11346 * command or task management function action that caused the task(s) to
11347 * be aborted and notification(s) associated with related effects of the
11348 * action (e.g., a reset unit attention condition).
11349 *
11350 * XXX KDM for now, we're setting unit attention for all initiators.
11351 */
11352static int
11353ctl_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11354{
11355	union ctl_io *xio;
11356#if 0
11357	uint32_t initidx;
11358#endif
11359#ifdef CTL_WITH_CA
11360	int i;
11361#endif
11362
11363	mtx_lock(&lun->lun_lock);
11364	/*
11365	 * Run through the OOA queue and abort each I/O.
11366	 */
11367	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11368	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11369		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11370	}
11371
11372	/*
11373	 * This version sets unit attention for every
11374	 */
11375#if 0
11376	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11377	ctl_est_ua_all(lun, initidx, ua_type);
11378#else
11379	ctl_est_ua_all(lun, -1, ua_type);
11380#endif
11381
11382	/*
11383	 * A reset (any kind, really) clears reservations established with
11384	 * RESERVE/RELEASE.  It does not clear reservations established
11385	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11386	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11387	 * reservations made with the RESERVE/RELEASE commands, because
11388	 * those commands are obsolete in SPC-3.
11389	 */
11390	lun->flags &= ~CTL_LUN_RESERVED;
11391
11392#ifdef CTL_WITH_CA
11393	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11394		ctl_clear_mask(lun->have_ca, i);
11395#endif
11396	mtx_unlock(&lun->lun_lock);
11397
11398	return (0);
11399}
11400
11401static void
11402ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11403    int other_sc)
11404{
11405	union ctl_io *xio;
11406
11407	mtx_assert(&lun->lun_lock, MA_OWNED);
11408
11409	/*
11410	 * Run through the OOA queue and attempt to find the given I/O.
11411	 * The target port, initiator ID, tag type and tag number have to
11412	 * match the values that we got from the initiator.  If we have an
11413	 * untagged command to abort, simply abort the first untagged command
11414	 * we come to.  We only allow one untagged command at a time of course.
11415	 */
11416	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11417	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11418
11419		if ((targ_port == UINT32_MAX ||
11420		     targ_port == xio->io_hdr.nexus.targ_port) &&
11421		    (init_id == UINT32_MAX ||
11422		     init_id == xio->io_hdr.nexus.initid)) {
11423			if (targ_port != xio->io_hdr.nexus.targ_port ||
11424			    init_id != xio->io_hdr.nexus.initid)
11425				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11426			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11427			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11428				union ctl_ha_msg msg_info;
11429
11430				msg_info.hdr.nexus = xio->io_hdr.nexus;
11431				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11432				msg_info.task.tag_num = xio->scsiio.tag_num;
11433				msg_info.task.tag_type = xio->scsiio.tag_type;
11434				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11435				msg_info.hdr.original_sc = NULL;
11436				msg_info.hdr.serializing_sc = NULL;
11437				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11438				    sizeof(msg_info.task), M_NOWAIT);
11439			}
11440		}
11441	}
11442}
11443
11444static int
11445ctl_abort_task_set(union ctl_io *io)
11446{
11447	struct ctl_softc *softc = control_softc;
11448	struct ctl_lun *lun;
11449	uint32_t targ_lun;
11450
11451	/*
11452	 * Look up the LUN.
11453	 */
11454	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11455	mtx_lock(&softc->ctl_lock);
11456	if ((targ_lun < CTL_MAX_LUNS) && (softc->ctl_luns[targ_lun] != NULL))
11457		lun = softc->ctl_luns[targ_lun];
11458	else {
11459		mtx_unlock(&softc->ctl_lock);
11460		return (1);
11461	}
11462
11463	mtx_lock(&lun->lun_lock);
11464	mtx_unlock(&softc->ctl_lock);
11465	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11466		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11467		    io->io_hdr.nexus.initid,
11468		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11469	} else { /* CTL_TASK_CLEAR_TASK_SET */
11470		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11471		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11472	}
11473	mtx_unlock(&lun->lun_lock);
11474	return (0);
11475}
11476
11477static int
11478ctl_i_t_nexus_reset(union ctl_io *io)
11479{
11480	struct ctl_softc *softc = control_softc;
11481	struct ctl_lun *lun;
11482	uint32_t initidx;
11483
11484	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11485	mtx_lock(&softc->ctl_lock);
11486	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11487		mtx_lock(&lun->lun_lock);
11488		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11489		    io->io_hdr.nexus.initid,
11490		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11491#ifdef CTL_WITH_CA
11492		ctl_clear_mask(lun->have_ca, initidx);
11493#endif
11494		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11495			lun->flags &= ~CTL_LUN_RESERVED;
11496		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11497		mtx_unlock(&lun->lun_lock);
11498	}
11499	mtx_unlock(&softc->ctl_lock);
11500	return (0);
11501}
11502
11503static int
11504ctl_abort_task(union ctl_io *io)
11505{
11506	union ctl_io *xio;
11507	struct ctl_lun *lun;
11508	struct ctl_softc *softc;
11509#if 0
11510	struct sbuf sb;
11511	char printbuf[128];
11512#endif
11513	int found;
11514	uint32_t targ_lun;
11515
11516	softc = control_softc;
11517	found = 0;
11518
11519	/*
11520	 * Look up the LUN.
11521	 */
11522	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11523	mtx_lock(&softc->ctl_lock);
11524	if ((targ_lun < CTL_MAX_LUNS)
11525	 && (softc->ctl_luns[targ_lun] != NULL))
11526		lun = softc->ctl_luns[targ_lun];
11527	else {
11528		mtx_unlock(&softc->ctl_lock);
11529		return (1);
11530	}
11531
11532#if 0
11533	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11534	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11535#endif
11536
11537	mtx_lock(&lun->lun_lock);
11538	mtx_unlock(&softc->ctl_lock);
11539	/*
11540	 * Run through the OOA queue and attempt to find the given I/O.
11541	 * The target port, initiator ID, tag type and tag number have to
11542	 * match the values that we got from the initiator.  If we have an
11543	 * untagged command to abort, simply abort the first untagged command
11544	 * we come to.  We only allow one untagged command at a time of course.
11545	 */
11546	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11547	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11548#if 0
11549		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11550
11551		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11552			    lun->lun, xio->scsiio.tag_num,
11553			    xio->scsiio.tag_type,
11554			    (xio->io_hdr.blocked_links.tqe_prev
11555			    == NULL) ? "" : " BLOCKED",
11556			    (xio->io_hdr.flags &
11557			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11558			    (xio->io_hdr.flags &
11559			    CTL_FLAG_ABORT) ? " ABORT" : "",
11560			    (xio->io_hdr.flags &
11561			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11562		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11563		sbuf_finish(&sb);
11564		printf("%s\n", sbuf_data(&sb));
11565#endif
11566
11567		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11568		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11569		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11570			continue;
11571
11572		/*
11573		 * If the abort says that the task is untagged, the
11574		 * task in the queue must be untagged.  Otherwise,
11575		 * we just check to see whether the tag numbers
11576		 * match.  This is because the QLogic firmware
11577		 * doesn't pass back the tag type in an abort
11578		 * request.
11579		 */
11580#if 0
11581		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11582		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11583		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11584#endif
11585		/*
11586		 * XXX KDM we've got problems with FC, because it
11587		 * doesn't send down a tag type with aborts.  So we
11588		 * can only really go by the tag number...
11589		 * This may cause problems with parallel SCSI.
11590		 * Need to figure that out!!
11591		 */
11592		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11593			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11594			found = 1;
11595			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11596			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11597				union ctl_ha_msg msg_info;
11598
11599				msg_info.hdr.nexus = io->io_hdr.nexus;
11600				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11601				msg_info.task.tag_num = io->taskio.tag_num;
11602				msg_info.task.tag_type = io->taskio.tag_type;
11603				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11604				msg_info.hdr.original_sc = NULL;
11605				msg_info.hdr.serializing_sc = NULL;
11606#if 0
11607				printf("Sent Abort to other side\n");
11608#endif
11609				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11610				    sizeof(msg_info.task), M_NOWAIT);
11611			}
11612#if 0
11613			printf("ctl_abort_task: found I/O to abort\n");
11614#endif
11615		}
11616	}
11617	mtx_unlock(&lun->lun_lock);
11618
11619	if (found == 0) {
11620		/*
11621		 * This isn't really an error.  It's entirely possible for
11622		 * the abort and command completion to cross on the wire.
11623		 * This is more of an informative/diagnostic error.
11624		 */
11625#if 0
11626		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11627		       "%u:%u:%u tag %d type %d\n",
11628		       io->io_hdr.nexus.initid,
11629		       io->io_hdr.nexus.targ_port,
11630		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11631		       io->taskio.tag_type);
11632#endif
11633	}
11634	return (0);
11635}
11636
11637static void
11638ctl_run_task(union ctl_io *io)
11639{
11640	struct ctl_softc *softc = control_softc;
11641	int retval = 1;
11642	const char *task_desc;
11643
11644	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11645
11646	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11647	    ("ctl_run_task: Unextected io_type %d\n",
11648	     io->io_hdr.io_type));
11649
11650	task_desc = ctl_scsi_task_string(&io->taskio);
11651	if (task_desc != NULL) {
11652#ifdef NEEDTOPORT
11653		csevent_log(CSC_CTL | CSC_SHELF_SW |
11654			    CTL_TASK_REPORT,
11655			    csevent_LogType_Trace,
11656			    csevent_Severity_Information,
11657			    csevent_AlertLevel_Green,
11658			    csevent_FRU_Firmware,
11659			    csevent_FRU_Unknown,
11660			    "CTL: received task: %s",task_desc);
11661#endif
11662	} else {
11663#ifdef NEEDTOPORT
11664		csevent_log(CSC_CTL | CSC_SHELF_SW |
11665			    CTL_TASK_REPORT,
11666			    csevent_LogType_Trace,
11667			    csevent_Severity_Information,
11668			    csevent_AlertLevel_Green,
11669			    csevent_FRU_Firmware,
11670			    csevent_FRU_Unknown,
11671			    "CTL: received unknown task "
11672			    "type: %d (%#x)",
11673			    io->taskio.task_action,
11674			    io->taskio.task_action);
11675#endif
11676	}
11677	switch (io->taskio.task_action) {
11678	case CTL_TASK_ABORT_TASK:
11679		retval = ctl_abort_task(io);
11680		break;
11681	case CTL_TASK_ABORT_TASK_SET:
11682	case CTL_TASK_CLEAR_TASK_SET:
11683		retval = ctl_abort_task_set(io);
11684		break;
11685	case CTL_TASK_CLEAR_ACA:
11686		break;
11687	case CTL_TASK_I_T_NEXUS_RESET:
11688		retval = ctl_i_t_nexus_reset(io);
11689		break;
11690	case CTL_TASK_LUN_RESET: {
11691		struct ctl_lun *lun;
11692		uint32_t targ_lun;
11693
11694		targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11695		mtx_lock(&softc->ctl_lock);
11696		if ((targ_lun < CTL_MAX_LUNS)
11697		 && (softc->ctl_luns[targ_lun] != NULL))
11698			lun = softc->ctl_luns[targ_lun];
11699		else {
11700			mtx_unlock(&softc->ctl_lock);
11701			retval = 1;
11702			break;
11703		}
11704		retval = ctl_lun_reset(lun, io, CTL_UA_LUN_RESET);
11705		mtx_unlock(&softc->ctl_lock);
11706
11707		if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11708			union ctl_ha_msg msg_info;
11709
11710			msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11711			msg_info.hdr.nexus = io->io_hdr.nexus;
11712			msg_info.task.task_action = CTL_TASK_LUN_RESET;
11713			msg_info.hdr.original_sc = NULL;
11714			msg_info.hdr.serializing_sc = NULL;
11715			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11716			    sizeof(msg_info.task), M_WAITOK);
11717		}
11718		break;
11719	}
11720	case CTL_TASK_TARGET_RESET:
11721		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11722		break;
11723	case CTL_TASK_BUS_RESET:
11724		retval = ctl_bus_reset(softc, io);
11725		break;
11726	case CTL_TASK_PORT_LOGIN:
11727		break;
11728	case CTL_TASK_PORT_LOGOUT:
11729		break;
11730	default:
11731		printf("ctl_run_task: got unknown task management event %d\n",
11732		       io->taskio.task_action);
11733		break;
11734	}
11735	if (retval == 0)
11736		io->io_hdr.status = CTL_SUCCESS;
11737	else
11738		io->io_hdr.status = CTL_ERROR;
11739	ctl_done(io);
11740}
11741
11742/*
11743 * For HA operation.  Handle commands that come in from the other
11744 * controller.
11745 */
11746static void
11747ctl_handle_isc(union ctl_io *io)
11748{
11749	int free_io;
11750	struct ctl_lun *lun;
11751	struct ctl_softc *softc;
11752	uint32_t targ_lun;
11753
11754	softc = control_softc;
11755
11756	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11757	lun = softc->ctl_luns[targ_lun];
11758
11759	switch (io->io_hdr.msg_type) {
11760	case CTL_MSG_SERIALIZE:
11761		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11762		break;
11763	case CTL_MSG_R2R: {
11764		const struct ctl_cmd_entry *entry;
11765
11766		/*
11767		 * This is only used in SER_ONLY mode.
11768		 */
11769		free_io = 0;
11770		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11771		mtx_lock(&lun->lun_lock);
11772		if (ctl_scsiio_lun_check(lun,
11773		    entry, (struct ctl_scsiio *)io) != 0) {
11774			mtx_unlock(&lun->lun_lock);
11775			ctl_done(io);
11776			break;
11777		}
11778		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11779		mtx_unlock(&lun->lun_lock);
11780		ctl_enqueue_rtr(io);
11781		break;
11782	}
11783	case CTL_MSG_FINISH_IO:
11784		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11785			free_io = 0;
11786			ctl_done(io);
11787		} else {
11788			free_io = 1;
11789			mtx_lock(&lun->lun_lock);
11790			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11791				     ooa_links);
11792			ctl_check_blocked(lun);
11793			mtx_unlock(&lun->lun_lock);
11794		}
11795		break;
11796	case CTL_MSG_PERS_ACTION:
11797		ctl_hndl_per_res_out_on_other_sc(
11798			(union ctl_ha_msg *)&io->presio.pr_msg);
11799		free_io = 1;
11800		break;
11801	case CTL_MSG_BAD_JUJU:
11802		free_io = 0;
11803		ctl_done(io);
11804		break;
11805	case CTL_MSG_DATAMOVE:
11806		/* Only used in XFER mode */
11807		free_io = 0;
11808		ctl_datamove_remote(io);
11809		break;
11810	case CTL_MSG_DATAMOVE_DONE:
11811		/* Only used in XFER mode */
11812		free_io = 0;
11813		io->scsiio.be_move_done(io);
11814		break;
11815	case CTL_MSG_FAILOVER:
11816		mtx_lock(&lun->lun_lock);
11817		ctl_failover_lun(lun);
11818		mtx_unlock(&lun->lun_lock);
11819		free_io = 1;
11820		break;
11821	default:
11822		free_io = 1;
11823		printf("%s: Invalid message type %d\n",
11824		       __func__, io->io_hdr.msg_type);
11825		break;
11826	}
11827	if (free_io)
11828		ctl_free_io(io);
11829
11830}
11831
11832
11833/*
11834 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11835 * there is no match.
11836 */
11837static ctl_lun_error_pattern
11838ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11839{
11840	const struct ctl_cmd_entry *entry;
11841	ctl_lun_error_pattern filtered_pattern, pattern;
11842
11843	pattern = desc->error_pattern;
11844
11845	/*
11846	 * XXX KDM we need more data passed into this function to match a
11847	 * custom pattern, and we actually need to implement custom pattern
11848	 * matching.
11849	 */
11850	if (pattern & CTL_LUN_PAT_CMD)
11851		return (CTL_LUN_PAT_CMD);
11852
11853	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11854		return (CTL_LUN_PAT_ANY);
11855
11856	entry = ctl_get_cmd_entry(ctsio, NULL);
11857
11858	filtered_pattern = entry->pattern & pattern;
11859
11860	/*
11861	 * If the user requested specific flags in the pattern (e.g.
11862	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11863	 * flags.
11864	 *
11865	 * If the user did not specify any flags, it doesn't matter whether
11866	 * or not the command supports the flags.
11867	 */
11868	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11869	     (pattern & ~CTL_LUN_PAT_MASK))
11870		return (CTL_LUN_PAT_NONE);
11871
11872	/*
11873	 * If the user asked for a range check, see if the requested LBA
11874	 * range overlaps with this command's LBA range.
11875	 */
11876	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
11877		uint64_t lba1;
11878		uint64_t len1;
11879		ctl_action action;
11880		int retval;
11881
11882		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
11883		if (retval != 0)
11884			return (CTL_LUN_PAT_NONE);
11885
11886		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
11887					      desc->lba_range.len, FALSE);
11888		/*
11889		 * A "pass" means that the LBA ranges don't overlap, so
11890		 * this doesn't match the user's range criteria.
11891		 */
11892		if (action == CTL_ACTION_PASS)
11893			return (CTL_LUN_PAT_NONE);
11894	}
11895
11896	return (filtered_pattern);
11897}
11898
11899static void
11900ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
11901{
11902	struct ctl_error_desc *desc, *desc2;
11903
11904	mtx_assert(&lun->lun_lock, MA_OWNED);
11905
11906	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
11907		ctl_lun_error_pattern pattern;
11908		/*
11909		 * Check to see whether this particular command matches
11910		 * the pattern in the descriptor.
11911		 */
11912		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
11913		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
11914			continue;
11915
11916		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
11917		case CTL_LUN_INJ_ABORTED:
11918			ctl_set_aborted(&io->scsiio);
11919			break;
11920		case CTL_LUN_INJ_MEDIUM_ERR:
11921			ctl_set_medium_error(&io->scsiio);
11922			break;
11923		case CTL_LUN_INJ_UA:
11924			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
11925			 * OCCURRED */
11926			ctl_set_ua(&io->scsiio, 0x29, 0x00);
11927			break;
11928		case CTL_LUN_INJ_CUSTOM:
11929			/*
11930			 * We're assuming the user knows what he is doing.
11931			 * Just copy the sense information without doing
11932			 * checks.
11933			 */
11934			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
11935			      MIN(sizeof(desc->custom_sense),
11936				  sizeof(io->scsiio.sense_data)));
11937			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
11938			io->scsiio.sense_len = SSD_FULL_SIZE;
11939			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11940			break;
11941		case CTL_LUN_INJ_NONE:
11942		default:
11943			/*
11944			 * If this is an error injection type we don't know
11945			 * about, clear the continuous flag (if it is set)
11946			 * so it will get deleted below.
11947			 */
11948			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
11949			break;
11950		}
11951		/*
11952		 * By default, each error injection action is a one-shot
11953		 */
11954		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
11955			continue;
11956
11957		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
11958
11959		free(desc, M_CTL);
11960	}
11961}
11962
11963#ifdef CTL_IO_DELAY
11964static void
11965ctl_datamove_timer_wakeup(void *arg)
11966{
11967	union ctl_io *io;
11968
11969	io = (union ctl_io *)arg;
11970
11971	ctl_datamove(io);
11972}
11973#endif /* CTL_IO_DELAY */
11974
11975void
11976ctl_datamove(union ctl_io *io)
11977{
11978	void (*fe_datamove)(union ctl_io *io);
11979
11980	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
11981
11982	CTL_DEBUG_PRINT(("ctl_datamove\n"));
11983
11984#ifdef CTL_TIME_IO
11985	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
11986		char str[256];
11987		char path_str[64];
11988		struct sbuf sb;
11989
11990		ctl_scsi_path_string(io, path_str, sizeof(path_str));
11991		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
11992
11993		sbuf_cat(&sb, path_str);
11994		switch (io->io_hdr.io_type) {
11995		case CTL_IO_SCSI:
11996			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
11997			sbuf_printf(&sb, "\n");
11998			sbuf_cat(&sb, path_str);
11999			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12000				    io->scsiio.tag_num, io->scsiio.tag_type);
12001			break;
12002		case CTL_IO_TASK:
12003			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12004				    "Tag Type: %d\n", io->taskio.task_action,
12005				    io->taskio.tag_num, io->taskio.tag_type);
12006			break;
12007		default:
12008			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12009			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12010			break;
12011		}
12012		sbuf_cat(&sb, path_str);
12013		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12014			    (intmax_t)time_uptime - io->io_hdr.start_time);
12015		sbuf_finish(&sb);
12016		printf("%s", sbuf_data(&sb));
12017	}
12018#endif /* CTL_TIME_IO */
12019
12020#ifdef CTL_IO_DELAY
12021	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12022		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12023	} else {
12024		struct ctl_lun *lun;
12025
12026		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12027		if ((lun != NULL)
12028		 && (lun->delay_info.datamove_delay > 0)) {
12029
12030			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12031			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12032			callout_reset(&io->io_hdr.delay_callout,
12033				      lun->delay_info.datamove_delay * hz,
12034				      ctl_datamove_timer_wakeup, io);
12035			if (lun->delay_info.datamove_type ==
12036			    CTL_DELAY_TYPE_ONESHOT)
12037				lun->delay_info.datamove_delay = 0;
12038			return;
12039		}
12040	}
12041#endif
12042
12043	/*
12044	 * This command has been aborted.  Set the port status, so we fail
12045	 * the data move.
12046	 */
12047	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12048		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12049		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12050		       io->io_hdr.nexus.targ_port,
12051		       io->io_hdr.nexus.targ_lun);
12052		io->io_hdr.port_status = 31337;
12053		/*
12054		 * Note that the backend, in this case, will get the
12055		 * callback in its context.  In other cases it may get
12056		 * called in the frontend's interrupt thread context.
12057		 */
12058		io->scsiio.be_move_done(io);
12059		return;
12060	}
12061
12062	/* Don't confuse frontend with zero length data move. */
12063	if (io->scsiio.kern_data_len == 0) {
12064		io->scsiio.be_move_done(io);
12065		return;
12066	}
12067
12068	/*
12069	 * If we're in XFER mode and this I/O is from the other shelf
12070	 * controller, we need to send the DMA to the other side to
12071	 * actually transfer the data to/from the host.  In serialize only
12072	 * mode the transfer happens below CTL and ctl_datamove() is only
12073	 * called on the machine that originally received the I/O.
12074	 */
12075	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12076	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12077		union ctl_ha_msg msg;
12078		uint32_t sg_entries_sent;
12079		int do_sg_copy;
12080		int i;
12081
12082		memset(&msg, 0, sizeof(msg));
12083		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12084		msg.hdr.original_sc = io->io_hdr.original_sc;
12085		msg.hdr.serializing_sc = io;
12086		msg.hdr.nexus = io->io_hdr.nexus;
12087		msg.dt.flags = io->io_hdr.flags;
12088		/*
12089		 * We convert everything into a S/G list here.  We can't
12090		 * pass by reference, only by value between controllers.
12091		 * So we can't pass a pointer to the S/G list, only as many
12092		 * S/G entries as we can fit in here.  If it's possible for
12093		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12094		 * then we need to break this up into multiple transfers.
12095		 */
12096		if (io->scsiio.kern_sg_entries == 0) {
12097			msg.dt.kern_sg_entries = 1;
12098#if 0
12099			/*
12100			 * Convert to a physical address if this is a
12101			 * virtual address.
12102			 */
12103			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12104				msg.dt.sg_list[0].addr =
12105					io->scsiio.kern_data_ptr;
12106			} else {
12107				/*
12108				 * XXX KDM use busdma here!
12109				 */
12110				msg.dt.sg_list[0].addr = (void *)
12111					vtophys(io->scsiio.kern_data_ptr);
12112			}
12113#else
12114			KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12115			    ("HA does not support BUS_ADDR"));
12116			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
12117#endif
12118
12119			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12120			do_sg_copy = 0;
12121		} else {
12122			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12123			do_sg_copy = 1;
12124		}
12125
12126		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12127		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12128		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12129		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12130		msg.dt.sg_sequence = 0;
12131
12132		/*
12133		 * Loop until we've sent all of the S/G entries.  On the
12134		 * other end, we'll recompose these S/G entries into one
12135		 * contiguous list before passing it to the
12136		 */
12137		for (sg_entries_sent = 0; sg_entries_sent <
12138		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12139			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12140				sizeof(msg.dt.sg_list[0])),
12141				msg.dt.kern_sg_entries - sg_entries_sent);
12142
12143			if (do_sg_copy != 0) {
12144				struct ctl_sg_entry *sgl;
12145				int j;
12146
12147				sgl = (struct ctl_sg_entry *)
12148					io->scsiio.kern_data_ptr;
12149				/*
12150				 * If this is in cached memory, flush the cache
12151				 * before we send the DMA request to the other
12152				 * controller.  We want to do this in either
12153				 * the * read or the write case.  The read
12154				 * case is straightforward.  In the write
12155				 * case, we want to make sure nothing is
12156				 * in the local cache that could overwrite
12157				 * the DMAed data.
12158				 */
12159
12160				for (i = sg_entries_sent, j = 0;
12161				     i < msg.dt.cur_sg_entries; i++, j++) {
12162#if 0
12163					if ((io->io_hdr.flags &
12164					     CTL_FLAG_BUS_ADDR) == 0) {
12165						/*
12166						 * XXX KDM use busdma.
12167						 */
12168						msg.dt.sg_list[j].addr =(void *)
12169						       vtophys(sgl[i].addr);
12170					} else {
12171						msg.dt.sg_list[j].addr =
12172							sgl[i].addr;
12173					}
12174#else
12175					KASSERT((io->io_hdr.flags &
12176					    CTL_FLAG_BUS_ADDR) == 0,
12177					    ("HA does not support BUS_ADDR"));
12178					msg.dt.sg_list[j].addr = sgl[i].addr;
12179#endif
12180					msg.dt.sg_list[j].len = sgl[i].len;
12181				}
12182			}
12183
12184			sg_entries_sent += msg.dt.cur_sg_entries;
12185			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12186				msg.dt.sg_last = 1;
12187			else
12188				msg.dt.sg_last = 0;
12189
12190			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12191			    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
12192			    sizeof(struct ctl_sg_entry)*msg.dt.cur_sg_entries,
12193			    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
12194				io->io_hdr.port_status = 31341;
12195				io->scsiio.be_move_done(io);
12196				return;
12197			}
12198
12199			msg.dt.sent_sg_entries = sg_entries_sent;
12200		}
12201		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12202	} else {
12203
12204		/*
12205		 * Lookup the fe_datamove() function for this particular
12206		 * front end.
12207		 */
12208		fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12209
12210		fe_datamove(io);
12211	}
12212}
12213
12214static void
12215ctl_send_datamove_done(union ctl_io *io, int have_lock)
12216{
12217	union ctl_ha_msg msg;
12218
12219	memset(&msg, 0, sizeof(msg));
12220
12221	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12222	msg.hdr.original_sc = io;
12223	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12224	msg.hdr.nexus = io->io_hdr.nexus;
12225	msg.hdr.status = io->io_hdr.status;
12226	msg.scsi.tag_num = io->scsiio.tag_num;
12227	msg.scsi.tag_type = io->scsiio.tag_type;
12228	msg.scsi.scsi_status = io->scsiio.scsi_status;
12229	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12230	       io->scsiio.sense_len);
12231	msg.scsi.sense_len = io->scsiio.sense_len;
12232	msg.scsi.sense_residual = io->scsiio.sense_residual;
12233	msg.scsi.fetd_status = io->io_hdr.port_status;
12234	msg.scsi.residual = io->scsiio.residual;
12235	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12236
12237	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12238		ctl_failover_io(io, /*have_lock*/ have_lock);
12239		return;
12240	}
12241
12242	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12243	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12244	    msg.scsi.sense_len, M_WAITOK);
12245}
12246
12247/*
12248 * The DMA to the remote side is done, now we need to tell the other side
12249 * we're done so it can continue with its data movement.
12250 */
12251static void
12252ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12253{
12254	union ctl_io *io;
12255	int i;
12256
12257	io = rq->context;
12258
12259	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12260		printf("%s: ISC DMA write failed with error %d", __func__,
12261		       rq->ret);
12262		ctl_set_internal_failure(&io->scsiio,
12263					 /*sks_valid*/ 1,
12264					 /*retry_count*/ rq->ret);
12265	}
12266
12267	ctl_dt_req_free(rq);
12268
12269	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12270		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12271	free(io->io_hdr.remote_sglist, M_CTL);
12272	io->io_hdr.remote_sglist = NULL;
12273	io->io_hdr.local_sglist = NULL;
12274
12275	/*
12276	 * The data is in local and remote memory, so now we need to send
12277	 * status (good or back) back to the other side.
12278	 */
12279	ctl_send_datamove_done(io, /*have_lock*/ 0);
12280}
12281
12282/*
12283 * We've moved the data from the host/controller into local memory.  Now we
12284 * need to push it over to the remote controller's memory.
12285 */
12286static int
12287ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12288{
12289	int retval;
12290
12291	retval = 0;
12292
12293	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12294					  ctl_datamove_remote_write_cb);
12295
12296	return (retval);
12297}
12298
12299static void
12300ctl_datamove_remote_write(union ctl_io *io)
12301{
12302	int retval;
12303	void (*fe_datamove)(union ctl_io *io);
12304
12305	/*
12306	 * - Get the data from the host/HBA into local memory.
12307	 * - DMA memory from the local controller to the remote controller.
12308	 * - Send status back to the remote controller.
12309	 */
12310
12311	retval = ctl_datamove_remote_sgl_setup(io);
12312	if (retval != 0)
12313		return;
12314
12315	/* Switch the pointer over so the FETD knows what to do */
12316	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12317
12318	/*
12319	 * Use a custom move done callback, since we need to send completion
12320	 * back to the other controller, not to the backend on this side.
12321	 */
12322	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12323
12324	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12325
12326	fe_datamove(io);
12327
12328	return;
12329
12330}
12331
12332static int
12333ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12334{
12335#if 0
12336	char str[256];
12337	char path_str[64];
12338	struct sbuf sb;
12339#endif
12340	int i;
12341
12342	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12343		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12344	free(io->io_hdr.remote_sglist, M_CTL);
12345	io->io_hdr.remote_sglist = NULL;
12346	io->io_hdr.local_sglist = NULL;
12347
12348#if 0
12349	scsi_path_string(io, path_str, sizeof(path_str));
12350	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12351	sbuf_cat(&sb, path_str);
12352	scsi_command_string(&io->scsiio, NULL, &sb);
12353	sbuf_printf(&sb, "\n");
12354	sbuf_cat(&sb, path_str);
12355	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12356		    io->scsiio.tag_num, io->scsiio.tag_type);
12357	sbuf_cat(&sb, path_str);
12358	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12359		    io->io_hdr.flags, io->io_hdr.status);
12360	sbuf_finish(&sb);
12361	printk("%s", sbuf_data(&sb));
12362#endif
12363
12364
12365	/*
12366	 * The read is done, now we need to send status (good or bad) back
12367	 * to the other side.
12368	 */
12369	ctl_send_datamove_done(io, /*have_lock*/ 0);
12370
12371	return (0);
12372}
12373
12374static void
12375ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12376{
12377	union ctl_io *io;
12378	void (*fe_datamove)(union ctl_io *io);
12379
12380	io = rq->context;
12381
12382	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12383		printf("%s: ISC DMA read failed with error %d\n", __func__,
12384		       rq->ret);
12385		ctl_set_internal_failure(&io->scsiio,
12386					 /*sks_valid*/ 1,
12387					 /*retry_count*/ rq->ret);
12388	}
12389
12390	ctl_dt_req_free(rq);
12391
12392	/* Switch the pointer over so the FETD knows what to do */
12393	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12394
12395	/*
12396	 * Use a custom move done callback, since we need to send completion
12397	 * back to the other controller, not to the backend on this side.
12398	 */
12399	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12400
12401	/* XXX KDM add checks like the ones in ctl_datamove? */
12402
12403	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12404
12405	fe_datamove(io);
12406}
12407
12408static int
12409ctl_datamove_remote_sgl_setup(union ctl_io *io)
12410{
12411	struct ctl_sg_entry *local_sglist, *remote_sglist;
12412	struct ctl_softc *softc;
12413	uint32_t len_to_go;
12414	int retval;
12415	int i;
12416
12417	retval = 0;
12418	softc = control_softc;
12419	local_sglist = io->io_hdr.local_sglist;
12420	remote_sglist = io->io_hdr.remote_sglist;
12421	len_to_go = io->scsiio.kern_data_len;
12422
12423	/*
12424	 * The difficult thing here is that the size of the various
12425	 * S/G segments may be different than the size from the
12426	 * remote controller.  That'll make it harder when DMAing
12427	 * the data back to the other side.
12428	 */
12429	for (i = 0; len_to_go > 0; i++) {
12430		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12431		local_sglist[i].addr =
12432		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12433
12434		len_to_go -= local_sglist[i].len;
12435	}
12436	/*
12437	 * Reset the number of S/G entries accordingly.  The original
12438	 * number of S/G entries is available in rem_sg_entries.
12439	 */
12440	io->scsiio.kern_sg_entries = i;
12441
12442#if 0
12443	printf("%s: kern_sg_entries = %d\n", __func__,
12444	       io->scsiio.kern_sg_entries);
12445	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12446		printf("%s: sg[%d] = %p, %d\n", __func__, i,
12447		       local_sglist[i].addr, local_sglist[i].len);
12448#endif
12449
12450	return (retval);
12451}
12452
12453static int
12454ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12455			 ctl_ha_dt_cb callback)
12456{
12457	struct ctl_ha_dt_req *rq;
12458	struct ctl_sg_entry *remote_sglist, *local_sglist;
12459	uint32_t local_used, remote_used, total_used;
12460	int i, j, isc_ret;
12461
12462	rq = ctl_dt_req_alloc();
12463
12464	/*
12465	 * If we failed to allocate the request, and if the DMA didn't fail
12466	 * anyway, set busy status.  This is just a resource allocation
12467	 * failure.
12468	 */
12469	if ((rq == NULL)
12470	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE))
12471		ctl_set_busy(&io->scsiio);
12472
12473	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE) {
12474
12475		if (rq != NULL)
12476			ctl_dt_req_free(rq);
12477
12478		/*
12479		 * The data move failed.  We need to return status back
12480		 * to the other controller.  No point in trying to DMA
12481		 * data to the remote controller.
12482		 */
12483
12484		ctl_send_datamove_done(io, /*have_lock*/ 0);
12485
12486		return (1);
12487	}
12488
12489	local_sglist = io->io_hdr.local_sglist;
12490	remote_sglist = io->io_hdr.remote_sglist;
12491	local_used = 0;
12492	remote_used = 0;
12493	total_used = 0;
12494
12495	/*
12496	 * Pull/push the data over the wire from/to the other controller.
12497	 * This takes into account the possibility that the local and
12498	 * remote sglists may not be identical in terms of the size of
12499	 * the elements and the number of elements.
12500	 *
12501	 * One fundamental assumption here is that the length allocated for
12502	 * both the local and remote sglists is identical.  Otherwise, we've
12503	 * essentially got a coding error of some sort.
12504	 */
12505	isc_ret = CTL_HA_STATUS_SUCCESS;
12506	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12507		uint32_t cur_len;
12508		uint8_t *tmp_ptr;
12509
12510		rq->command = command;
12511		rq->context = io;
12512
12513		/*
12514		 * Both pointers should be aligned.  But it is possible
12515		 * that the allocation length is not.  They should both
12516		 * also have enough slack left over at the end, though,
12517		 * to round up to the next 8 byte boundary.
12518		 */
12519		cur_len = MIN(local_sglist[i].len - local_used,
12520			      remote_sglist[j].len - remote_used);
12521		rq->size = cur_len;
12522
12523		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12524		tmp_ptr += local_used;
12525
12526#if 0
12527		/* Use physical addresses when talking to ISC hardware */
12528		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12529			/* XXX KDM use busdma */
12530			rq->local = vtophys(tmp_ptr);
12531		} else
12532			rq->local = tmp_ptr;
12533#else
12534		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12535		    ("HA does not support BUS_ADDR"));
12536		rq->local = tmp_ptr;
12537#endif
12538
12539		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12540		tmp_ptr += remote_used;
12541		rq->remote = tmp_ptr;
12542
12543		rq->callback = NULL;
12544
12545		local_used += cur_len;
12546		if (local_used >= local_sglist[i].len) {
12547			i++;
12548			local_used = 0;
12549		}
12550
12551		remote_used += cur_len;
12552		if (remote_used >= remote_sglist[j].len) {
12553			j++;
12554			remote_used = 0;
12555		}
12556		total_used += cur_len;
12557
12558		if (total_used >= io->scsiio.kern_data_len)
12559			rq->callback = callback;
12560
12561#if 0
12562		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12563		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12564		       rq->local, rq->remote, rq->size);
12565#endif
12566
12567		isc_ret = ctl_dt_single(rq);
12568		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12569			break;
12570	}
12571	if (isc_ret != CTL_HA_STATUS_WAIT) {
12572		rq->ret = isc_ret;
12573		callback(rq);
12574	}
12575
12576	return (0);
12577}
12578
12579static void
12580ctl_datamove_remote_read(union ctl_io *io)
12581{
12582	int retval;
12583	int i;
12584
12585	/*
12586	 * This will send an error to the other controller in the case of a
12587	 * failure.
12588	 */
12589	retval = ctl_datamove_remote_sgl_setup(io);
12590	if (retval != 0)
12591		return;
12592
12593	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12594					  ctl_datamove_remote_read_cb);
12595	if (retval != 0) {
12596		/*
12597		 * Make sure we free memory if there was an error..  The
12598		 * ctl_datamove_remote_xfer() function will send the
12599		 * datamove done message, or call the callback with an
12600		 * error if there is a problem.
12601		 */
12602		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12603			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12604		free(io->io_hdr.remote_sglist, M_CTL);
12605		io->io_hdr.remote_sglist = NULL;
12606		io->io_hdr.local_sglist = NULL;
12607	}
12608
12609	return;
12610}
12611
12612/*
12613 * Process a datamove request from the other controller.  This is used for
12614 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12615 * first.  Once that is complete, the data gets DMAed into the remote
12616 * controller's memory.  For reads, we DMA from the remote controller's
12617 * memory into our memory first, and then move it out to the FETD.
12618 */
12619static void
12620ctl_datamove_remote(union ctl_io *io)
12621{
12622
12623	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12624
12625	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12626		ctl_failover_io(io, /*have_lock*/ 0);
12627		return;
12628	}
12629
12630	/*
12631	 * Note that we look for an aborted I/O here, but don't do some of
12632	 * the other checks that ctl_datamove() normally does.
12633	 * We don't need to run the datamove delay code, since that should
12634	 * have been done if need be on the other controller.
12635	 */
12636	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12637		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12638		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12639		       io->io_hdr.nexus.targ_port,
12640		       io->io_hdr.nexus.targ_lun);
12641		io->io_hdr.port_status = 31338;
12642		ctl_send_datamove_done(io, /*have_lock*/ 0);
12643		return;
12644	}
12645
12646	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12647		ctl_datamove_remote_write(io);
12648	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12649		ctl_datamove_remote_read(io);
12650	else {
12651		io->io_hdr.port_status = 31339;
12652		ctl_send_datamove_done(io, /*have_lock*/ 0);
12653	}
12654}
12655
12656static int
12657ctl_process_done(union ctl_io *io)
12658{
12659	struct ctl_lun *lun;
12660	struct ctl_softc *softc = control_softc;
12661	void (*fe_done)(union ctl_io *io);
12662	union ctl_ha_msg msg;
12663	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12664
12665	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12666
12667	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0)
12668		fe_done = softc->ctl_ports[targ_port]->fe_done;
12669	else
12670		fe_done = NULL;
12671
12672#ifdef CTL_TIME_IO
12673	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12674		char str[256];
12675		char path_str[64];
12676		struct sbuf sb;
12677
12678		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12679		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12680
12681		sbuf_cat(&sb, path_str);
12682		switch (io->io_hdr.io_type) {
12683		case CTL_IO_SCSI:
12684			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12685			sbuf_printf(&sb, "\n");
12686			sbuf_cat(&sb, path_str);
12687			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12688				    io->scsiio.tag_num, io->scsiio.tag_type);
12689			break;
12690		case CTL_IO_TASK:
12691			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12692				    "Tag Type: %d\n", io->taskio.task_action,
12693				    io->taskio.tag_num, io->taskio.tag_type);
12694			break;
12695		default:
12696			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12697			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12698			break;
12699		}
12700		sbuf_cat(&sb, path_str);
12701		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12702			    (intmax_t)time_uptime - io->io_hdr.start_time);
12703		sbuf_finish(&sb);
12704		printf("%s", sbuf_data(&sb));
12705	}
12706#endif /* CTL_TIME_IO */
12707
12708	switch (io->io_hdr.io_type) {
12709	case CTL_IO_SCSI:
12710		break;
12711	case CTL_IO_TASK:
12712		if (ctl_debug & CTL_DEBUG_INFO)
12713			ctl_io_error_print(io, NULL);
12714		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12715			ctl_free_io(io);
12716		else
12717			fe_done(io);
12718		return (CTL_RETVAL_COMPLETE);
12719	default:
12720		panic("ctl_process_done: invalid io type %d\n",
12721		      io->io_hdr.io_type);
12722		break; /* NOTREACHED */
12723	}
12724
12725	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12726	if (lun == NULL) {
12727		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12728				 io->io_hdr.nexus.targ_mapped_lun));
12729		goto bailout;
12730	}
12731
12732	mtx_lock(&lun->lun_lock);
12733
12734	/*
12735	 * Check to see if we have any errors to inject here.  We only
12736	 * inject errors for commands that don't already have errors set.
12737	 */
12738	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12739	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12740	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12741		ctl_inject_error(lun, io);
12742
12743	/*
12744	 * XXX KDM how do we treat commands that aren't completed
12745	 * successfully?
12746	 *
12747	 * XXX KDM should we also track I/O latency?
12748	 */
12749	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12750	    io->io_hdr.io_type == CTL_IO_SCSI) {
12751#ifdef CTL_TIME_IO
12752		struct bintime cur_bt;
12753#endif
12754		int type;
12755
12756		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12757		    CTL_FLAG_DATA_IN)
12758			type = CTL_STATS_READ;
12759		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12760		    CTL_FLAG_DATA_OUT)
12761			type = CTL_STATS_WRITE;
12762		else
12763			type = CTL_STATS_NO_IO;
12764
12765		lun->stats.ports[targ_port].bytes[type] +=
12766		    io->scsiio.kern_total_len;
12767		lun->stats.ports[targ_port].operations[type]++;
12768#ifdef CTL_TIME_IO
12769		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12770		   &io->io_hdr.dma_bt);
12771		lun->stats.ports[targ_port].num_dmas[type] +=
12772		    io->io_hdr.num_dmas;
12773		getbintime(&cur_bt);
12774		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12775		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12776#endif
12777	}
12778
12779	/*
12780	 * Remove this from the OOA queue.
12781	 */
12782	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12783#ifdef CTL_TIME_IO
12784	if (TAILQ_EMPTY(&lun->ooa_queue))
12785		lun->last_busy = getsbinuptime();
12786#endif
12787
12788	/*
12789	 * Run through the blocked queue on this LUN and see if anything
12790	 * has become unblocked, now that this transaction is done.
12791	 */
12792	ctl_check_blocked(lun);
12793
12794	/*
12795	 * If the LUN has been invalidated, free it if there is nothing
12796	 * left on its OOA queue.
12797	 */
12798	if ((lun->flags & CTL_LUN_INVALID)
12799	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12800		mtx_unlock(&lun->lun_lock);
12801		mtx_lock(&softc->ctl_lock);
12802		ctl_free_lun(lun);
12803		mtx_unlock(&softc->ctl_lock);
12804	} else
12805		mtx_unlock(&lun->lun_lock);
12806
12807bailout:
12808
12809	/*
12810	 * If this command has been aborted, make sure we set the status
12811	 * properly.  The FETD is responsible for freeing the I/O and doing
12812	 * whatever it needs to do to clean up its state.
12813	 */
12814	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12815		ctl_set_task_aborted(&io->scsiio);
12816
12817	/*
12818	 * If enabled, print command error status.
12819	 */
12820	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12821	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12822		ctl_io_error_print(io, NULL);
12823
12824	/*
12825	 * Tell the FETD or the other shelf controller we're done with this
12826	 * command.  Note that only SCSI commands get to this point.  Task
12827	 * management commands are completed above.
12828	 */
12829	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12830	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12831		memset(&msg, 0, sizeof(msg));
12832		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12833		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12834		msg.hdr.nexus = io->io_hdr.nexus;
12835		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12836		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12837		    M_WAITOK);
12838	}
12839	if ((softc->ha_mode == CTL_HA_MODE_XFER)
12840	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12841		memset(&msg, 0, sizeof(msg));
12842		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12843		msg.hdr.original_sc = io->io_hdr.original_sc;
12844		msg.hdr.nexus = io->io_hdr.nexus;
12845		msg.hdr.status = io->io_hdr.status;
12846		msg.scsi.scsi_status = io->scsiio.scsi_status;
12847		msg.scsi.tag_num = io->scsiio.tag_num;
12848		msg.scsi.tag_type = io->scsiio.tag_type;
12849		msg.scsi.sense_len = io->scsiio.sense_len;
12850		msg.scsi.sense_residual = io->scsiio.sense_residual;
12851		msg.scsi.residual = io->scsiio.residual;
12852		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12853		       io->scsiio.sense_len);
12854		/*
12855		 * We copy this whether or not this is an I/O-related
12856		 * command.  Otherwise, we'd have to go and check to see
12857		 * whether it's a read/write command, and it really isn't
12858		 * worth it.
12859		 */
12860		memcpy(&msg.scsi.lbalen,
12861		       &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN].bytes,
12862		       sizeof(msg.scsi.lbalen));
12863
12864		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12865		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12866		    msg.scsi.sense_len, M_WAITOK);
12867		ctl_free_io(io);
12868	} else
12869		fe_done(io);
12870
12871	return (CTL_RETVAL_COMPLETE);
12872}
12873
12874#ifdef CTL_WITH_CA
12875/*
12876 * Front end should call this if it doesn't do autosense.  When the request
12877 * sense comes back in from the initiator, we'll dequeue this and send it.
12878 */
12879int
12880ctl_queue_sense(union ctl_io *io)
12881{
12882	struct ctl_lun *lun;
12883	struct ctl_port *port;
12884	struct ctl_softc *softc;
12885	uint32_t initidx, targ_lun;
12886
12887	softc = control_softc;
12888
12889	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
12890
12891	/*
12892	 * LUN lookup will likely move to the ctl_work_thread() once we
12893	 * have our new queueing infrastructure (that doesn't put things on
12894	 * a per-LUN queue initially).  That is so that we can handle
12895	 * things like an INQUIRY to a LUN that we don't have enabled.  We
12896	 * can't deal with that right now.
12897	 */
12898	mtx_lock(&softc->ctl_lock);
12899
12900	/*
12901	 * If we don't have a LUN for this, just toss the sense
12902	 * information.
12903	 */
12904	port = ctl_io_port(&ctsio->io_hdr);
12905	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12906	if ((targ_lun < CTL_MAX_LUNS)
12907	 && (softc->ctl_luns[targ_lun] != NULL))
12908		lun = softc->ctl_luns[targ_lun];
12909	else
12910		goto bailout;
12911
12912	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12913
12914	mtx_lock(&lun->lun_lock);
12915	/*
12916	 * Already have CA set for this LUN...toss the sense information.
12917	 */
12918	if (ctl_is_set(lun->have_ca, initidx)) {
12919		mtx_unlock(&lun->lun_lock);
12920		goto bailout;
12921	}
12922
12923	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
12924	       MIN(sizeof(lun->pending_sense[initidx]),
12925	       sizeof(io->scsiio.sense_data)));
12926	ctl_set_mask(lun->have_ca, initidx);
12927	mtx_unlock(&lun->lun_lock);
12928
12929bailout:
12930	mtx_unlock(&softc->ctl_lock);
12931
12932	ctl_free_io(io);
12933
12934	return (CTL_RETVAL_COMPLETE);
12935}
12936#endif
12937
12938/*
12939 * Primary command inlet from frontend ports.  All SCSI and task I/O
12940 * requests must go through this function.
12941 */
12942int
12943ctl_queue(union ctl_io *io)
12944{
12945	struct ctl_port *port;
12946
12947	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
12948
12949#ifdef CTL_TIME_IO
12950	io->io_hdr.start_time = time_uptime;
12951	getbintime(&io->io_hdr.start_bt);
12952#endif /* CTL_TIME_IO */
12953
12954	/* Map FE-specific LUN ID into global one. */
12955	port = ctl_io_port(&io->io_hdr);
12956	io->io_hdr.nexus.targ_mapped_lun =
12957	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
12958
12959	switch (io->io_hdr.io_type) {
12960	case CTL_IO_SCSI:
12961	case CTL_IO_TASK:
12962		if (ctl_debug & CTL_DEBUG_CDB)
12963			ctl_io_print(io);
12964		ctl_enqueue_incoming(io);
12965		break;
12966	default:
12967		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
12968		return (EINVAL);
12969	}
12970
12971	return (CTL_RETVAL_COMPLETE);
12972}
12973
12974#ifdef CTL_IO_DELAY
12975static void
12976ctl_done_timer_wakeup(void *arg)
12977{
12978	union ctl_io *io;
12979
12980	io = (union ctl_io *)arg;
12981	ctl_done(io);
12982}
12983#endif /* CTL_IO_DELAY */
12984
12985void
12986ctl_done(union ctl_io *io)
12987{
12988
12989	/*
12990	 * Enable this to catch duplicate completion issues.
12991	 */
12992#if 0
12993	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
12994		printf("%s: type %d msg %d cdb %x iptl: "
12995		       "%u:%u:%u tag 0x%04x "
12996		       "flag %#x status %x\n",
12997			__func__,
12998			io->io_hdr.io_type,
12999			io->io_hdr.msg_type,
13000			io->scsiio.cdb[0],
13001			io->io_hdr.nexus.initid,
13002			io->io_hdr.nexus.targ_port,
13003			io->io_hdr.nexus.targ_lun,
13004			(io->io_hdr.io_type ==
13005			CTL_IO_TASK) ?
13006			io->taskio.tag_num :
13007			io->scsiio.tag_num,
13008		        io->io_hdr.flags,
13009			io->io_hdr.status);
13010	} else
13011		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13012#endif
13013
13014	/*
13015	 * This is an internal copy of an I/O, and should not go through
13016	 * the normal done processing logic.
13017	 */
13018	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13019		return;
13020
13021#ifdef CTL_IO_DELAY
13022	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13023		struct ctl_lun *lun;
13024
13025		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13026
13027		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13028	} else {
13029		struct ctl_lun *lun;
13030
13031		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13032
13033		if ((lun != NULL)
13034		 && (lun->delay_info.done_delay > 0)) {
13035
13036			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13037			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13038			callout_reset(&io->io_hdr.delay_callout,
13039				      lun->delay_info.done_delay * hz,
13040				      ctl_done_timer_wakeup, io);
13041			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13042				lun->delay_info.done_delay = 0;
13043			return;
13044		}
13045	}
13046#endif /* CTL_IO_DELAY */
13047
13048	ctl_enqueue_done(io);
13049}
13050
13051static void
13052ctl_work_thread(void *arg)
13053{
13054	struct ctl_thread *thr = (struct ctl_thread *)arg;
13055	struct ctl_softc *softc = thr->ctl_softc;
13056	union ctl_io *io;
13057	int retval;
13058
13059	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13060
13061	for (;;) {
13062		retval = 0;
13063
13064		/*
13065		 * We handle the queues in this order:
13066		 * - ISC
13067		 * - done queue (to free up resources, unblock other commands)
13068		 * - RtR queue
13069		 * - incoming queue
13070		 *
13071		 * If those queues are empty, we break out of the loop and
13072		 * go to sleep.
13073		 */
13074		mtx_lock(&thr->queue_lock);
13075		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13076		if (io != NULL) {
13077			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13078			mtx_unlock(&thr->queue_lock);
13079			ctl_handle_isc(io);
13080			continue;
13081		}
13082		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13083		if (io != NULL) {
13084			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13085			/* clear any blocked commands, call fe_done */
13086			mtx_unlock(&thr->queue_lock);
13087			retval = ctl_process_done(io);
13088			continue;
13089		}
13090		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13091		if (io != NULL) {
13092			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13093			mtx_unlock(&thr->queue_lock);
13094			if (io->io_hdr.io_type == CTL_IO_TASK)
13095				ctl_run_task(io);
13096			else
13097				ctl_scsiio_precheck(softc, &io->scsiio);
13098			continue;
13099		}
13100		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13101		if (io != NULL) {
13102			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13103			mtx_unlock(&thr->queue_lock);
13104			retval = ctl_scsiio(&io->scsiio);
13105			if (retval != CTL_RETVAL_COMPLETE)
13106				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13107			continue;
13108		}
13109
13110		/* Sleep until we have something to do. */
13111		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13112	}
13113}
13114
13115static void
13116ctl_lun_thread(void *arg)
13117{
13118	struct ctl_softc *softc = (struct ctl_softc *)arg;
13119	struct ctl_be_lun *be_lun;
13120	int retval;
13121
13122	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13123
13124	for (;;) {
13125		retval = 0;
13126		mtx_lock(&softc->ctl_lock);
13127		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13128		if (be_lun != NULL) {
13129			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13130			mtx_unlock(&softc->ctl_lock);
13131			ctl_create_lun(be_lun);
13132			continue;
13133		}
13134
13135		/* Sleep until we have something to do. */
13136		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13137		    PDROP | PRIBIO, "-", 0);
13138	}
13139}
13140
13141static void
13142ctl_thresh_thread(void *arg)
13143{
13144	struct ctl_softc *softc = (struct ctl_softc *)arg;
13145	struct ctl_lun *lun;
13146	struct ctl_be_lun *be_lun;
13147	struct scsi_da_rw_recovery_page *rwpage;
13148	struct ctl_logical_block_provisioning_page *page;
13149	const char *attr;
13150	union ctl_ha_msg msg;
13151	uint64_t thres, val;
13152	int i, e, set;
13153
13154	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13155
13156	for (;;) {
13157		mtx_lock(&softc->ctl_lock);
13158		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13159			be_lun = lun->be_lun;
13160			if ((lun->flags & CTL_LUN_DISABLED) ||
13161			    (lun->flags & CTL_LUN_OFFLINE) ||
13162			    lun->backend->lun_attr == NULL)
13163				continue;
13164			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13165			    softc->ha_mode == CTL_HA_MODE_XFER)
13166				continue;
13167			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13168			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13169				continue;
13170			e = 0;
13171			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13172			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13173				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13174					continue;
13175				thres = scsi_4btoul(page->descr[i].count);
13176				thres <<= CTL_LBP_EXPONENT;
13177				switch (page->descr[i].resource) {
13178				case 0x01:
13179					attr = "blocksavail";
13180					break;
13181				case 0x02:
13182					attr = "blocksused";
13183					break;
13184				case 0xf1:
13185					attr = "poolblocksavail";
13186					break;
13187				case 0xf2:
13188					attr = "poolblocksused";
13189					break;
13190				default:
13191					continue;
13192				}
13193				mtx_unlock(&softc->ctl_lock); // XXX
13194				val = lun->backend->lun_attr(
13195				    lun->be_lun->be_lun, attr);
13196				mtx_lock(&softc->ctl_lock);
13197				if (val == UINT64_MAX)
13198					continue;
13199				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13200				    == SLBPPD_ARMING_INC)
13201					e |= (val >= thres);
13202				else
13203					e |= (val <= thres);
13204			}
13205			mtx_lock(&lun->lun_lock);
13206			if (e) {
13207				if (lun->lasttpt == 0 ||
13208				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13209					lun->lasttpt = time_uptime;
13210					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13211					set = 1;
13212				} else
13213					set = 0;
13214			} else {
13215				lun->lasttpt = 0;
13216				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13217				set = -1;
13218			}
13219			mtx_unlock(&lun->lun_lock);
13220			if (set != 0 &&
13221			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13222				/* Send msg to other side. */
13223				bzero(&msg.ua, sizeof(msg.ua));
13224				msg.hdr.msg_type = CTL_MSG_UA;
13225				msg.hdr.nexus.initid = -1;
13226				msg.hdr.nexus.targ_port = -1;
13227				msg.hdr.nexus.targ_lun = lun->lun;
13228				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13229				msg.ua.ua_all = 1;
13230				msg.ua.ua_set = (set > 0);
13231				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13232				mtx_unlock(&softc->ctl_lock); // XXX
13233				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13234				    sizeof(msg.ua), M_WAITOK);
13235				mtx_lock(&softc->ctl_lock);
13236			}
13237		}
13238		mtx_unlock(&softc->ctl_lock);
13239		pause("-", CTL_LBP_PERIOD * hz);
13240	}
13241}
13242
13243static void
13244ctl_enqueue_incoming(union ctl_io *io)
13245{
13246	struct ctl_softc *softc = control_softc;
13247	struct ctl_thread *thr;
13248	u_int idx;
13249
13250	idx = (io->io_hdr.nexus.targ_port * 127 +
13251	       io->io_hdr.nexus.initid) % worker_threads;
13252	thr = &softc->threads[idx];
13253	mtx_lock(&thr->queue_lock);
13254	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13255	mtx_unlock(&thr->queue_lock);
13256	wakeup(thr);
13257}
13258
13259static void
13260ctl_enqueue_rtr(union ctl_io *io)
13261{
13262	struct ctl_softc *softc = control_softc;
13263	struct ctl_thread *thr;
13264
13265	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13266	mtx_lock(&thr->queue_lock);
13267	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13268	mtx_unlock(&thr->queue_lock);
13269	wakeup(thr);
13270}
13271
13272static void
13273ctl_enqueue_done(union ctl_io *io)
13274{
13275	struct ctl_softc *softc = control_softc;
13276	struct ctl_thread *thr;
13277
13278	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13279	mtx_lock(&thr->queue_lock);
13280	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13281	mtx_unlock(&thr->queue_lock);
13282	wakeup(thr);
13283}
13284
13285static void
13286ctl_enqueue_isc(union ctl_io *io)
13287{
13288	struct ctl_softc *softc = control_softc;
13289	struct ctl_thread *thr;
13290
13291	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13292	mtx_lock(&thr->queue_lock);
13293	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13294	mtx_unlock(&thr->queue_lock);
13295	wakeup(thr);
13296}
13297
13298/*
13299 *  vim: ts=8
13300 */
13301