ctl.c revision 287912 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 287912 2015-09-17 12:52:18Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264const static struct scsi_info_exceptions_page ie_page_default = {
265	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
266	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
267	/*info_flags*/SIEP_FLAGS_DEXCPT,
268	/*mrie*/0,
269	/*interval_timer*/{0, 0, 0, 0},
270	/*report_count*/{0, 0, 0, 0}
271};
272
273const static struct scsi_info_exceptions_page ie_page_changeable = {
274	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
275	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
276	/*info_flags*/0,
277	/*mrie*/0,
278	/*interval_timer*/{0, 0, 0, 0},
279	/*report_count*/{0, 0, 0, 0}
280};
281
282#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
283
284const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
286	/*subpage_code*/0x02,
287	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
288	/*flags*/0,
289	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
290	/*descr*/{}},
291	{{/*flags*/0,
292	  /*resource*/0x01,
293	  /*reserved*/{0, 0},
294	  /*count*/{0, 0, 0, 0}},
295	 {/*flags*/0,
296	  /*resource*/0x02,
297	  /*reserved*/{0, 0},
298	  /*count*/{0, 0, 0, 0}},
299	 {/*flags*/0,
300	  /*resource*/0xf1,
301	  /*reserved*/{0, 0},
302	  /*count*/{0, 0, 0, 0}},
303	 {/*flags*/0,
304	  /*resource*/0xf2,
305	  /*reserved*/{0, 0},
306	  /*count*/{0, 0, 0, 0}}
307	}
308};
309
310const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
311	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
312	/*subpage_code*/0x02,
313	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
314	/*flags*/0,
315	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
316	/*descr*/{}},
317	{{/*flags*/0,
318	  /*resource*/0,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}},
325	 {/*flags*/0,
326	  /*resource*/0,
327	  /*reserved*/{0, 0},
328	  /*count*/{0, 0, 0, 0}},
329	 {/*flags*/0,
330	  /*resource*/0,
331	  /*reserved*/{0, 0},
332	  /*count*/{0, 0, 0, 0}}
333	}
334};
335
336SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
337static int worker_threads = -1;
338SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
339    &worker_threads, 1, "Number of worker threads");
340static int ctl_debug = CTL_DEBUG_NONE;
341SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
342    &ctl_debug, 0, "Enabled debug flags");
343
344/*
345 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
346 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
347 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
348 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
349 */
350#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
351
352static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
353				  int param);
354static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
355static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
356static int ctl_init(void);
357void ctl_shutdown(void);
358static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
359static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
360static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
361static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
362			      struct ctl_ooa *ooa_hdr,
363			      struct ctl_ooa_entry *kern_entries);
364static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
365		     struct thread *td);
366static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
367			 struct ctl_be_lun *be_lun);
368static int ctl_free_lun(struct ctl_lun *lun);
369static void ctl_create_lun(struct ctl_be_lun *be_lun);
370static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
371
372static int ctl_do_mode_select(union ctl_io *io);
373static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
374			   uint64_t res_key, uint64_t sa_res_key,
375			   uint8_t type, uint32_t residx,
376			   struct ctl_scsiio *ctsio,
377			   struct scsi_per_res_out *cdb,
378			   struct scsi_per_res_out_parms* param);
379static void ctl_pro_preempt_other(struct ctl_lun *lun,
380				  union ctl_ha_msg *msg);
381static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
382static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
383static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
384static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
385static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
386static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
387static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
388					 int alloc_len);
389static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
390					 int alloc_len);
391static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
392static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
393static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
394static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
395static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
396static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
397    bool seq);
398static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
399static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
400    union ctl_io *pending_io, union ctl_io *ooa_io);
401static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
402				union ctl_io *starting_io);
403static int ctl_check_blocked(struct ctl_lun *lun);
404static int ctl_scsiio_lun_check(struct ctl_lun *lun,
405				const struct ctl_cmd_entry *entry,
406				struct ctl_scsiio *ctsio);
407static void ctl_failover_lun(struct ctl_lun *lun);
408static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
409			       struct ctl_scsiio *ctsio);
410static int ctl_scsiio(struct ctl_scsiio *ctsio);
411
412static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
413static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
414			    ctl_ua_type ua_type);
415static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
416			 ctl_ua_type ua_type);
417static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
418static int ctl_abort_task(union ctl_io *io);
419static int ctl_abort_task_set(union ctl_io *io);
420static int ctl_query_task(union ctl_io *io, int task_set);
421static int ctl_i_t_nexus_reset(union ctl_io *io);
422static int ctl_query_async_event(union ctl_io *io);
423static void ctl_run_task(union ctl_io *io);
424#ifdef CTL_IO_DELAY
425static void ctl_datamove_timer_wakeup(void *arg);
426static void ctl_done_timer_wakeup(void *arg);
427#endif /* CTL_IO_DELAY */
428
429static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
430static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
431static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
432static void ctl_datamove_remote_write(union ctl_io *io);
433static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
434static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
435static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
436static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
437				    ctl_ha_dt_cb callback);
438static void ctl_datamove_remote_read(union ctl_io *io);
439static void ctl_datamove_remote(union ctl_io *io);
440static int ctl_process_done(union ctl_io *io);
441static void ctl_lun_thread(void *arg);
442static void ctl_thresh_thread(void *arg);
443static void ctl_work_thread(void *arg);
444static void ctl_enqueue_incoming(union ctl_io *io);
445static void ctl_enqueue_rtr(union ctl_io *io);
446static void ctl_enqueue_done(union ctl_io *io);
447static void ctl_enqueue_isc(union ctl_io *io);
448static const struct ctl_cmd_entry *
449    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
450static const struct ctl_cmd_entry *
451    ctl_validate_command(struct ctl_scsiio *ctsio);
452static int ctl_cmd_applicable(uint8_t lun_type,
453    const struct ctl_cmd_entry *entry);
454
455static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
456static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
457static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
458static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
459
460/*
461 * Load the serialization table.  This isn't very pretty, but is probably
462 * the easiest way to do it.
463 */
464#include "ctl_ser_table.c"
465
466/*
467 * We only need to define open, close and ioctl routines for this driver.
468 */
469static struct cdevsw ctl_cdevsw = {
470	.d_version =	D_VERSION,
471	.d_flags =	0,
472	.d_open =	ctl_open,
473	.d_close =	ctl_close,
474	.d_ioctl =	ctl_ioctl,
475	.d_name =	"ctl",
476};
477
478
479MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
480
481static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
482
483static moduledata_t ctl_moduledata = {
484	"ctl",
485	ctl_module_event_handler,
486	NULL
487};
488
489DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
490MODULE_VERSION(ctl, 1);
491
492static struct ctl_frontend ha_frontend =
493{
494	.name = "ha",
495};
496
497static void
498ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
499			    union ctl_ha_msg *msg_info)
500{
501	struct ctl_scsiio *ctsio;
502
503	if (msg_info->hdr.original_sc == NULL) {
504		printf("%s: original_sc == NULL!\n", __func__);
505		/* XXX KDM now what? */
506		return;
507	}
508
509	ctsio = &msg_info->hdr.original_sc->scsiio;
510	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
511	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
512	ctsio->io_hdr.status = msg_info->hdr.status;
513	ctsio->scsi_status = msg_info->scsi.scsi_status;
514	ctsio->sense_len = msg_info->scsi.sense_len;
515	ctsio->sense_residual = msg_info->scsi.sense_residual;
516	ctsio->residual = msg_info->scsi.residual;
517	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
518	       msg_info->scsi.sense_len);
519	ctl_enqueue_isc((union ctl_io *)ctsio);
520}
521
522static void
523ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
524				union ctl_ha_msg *msg_info)
525{
526	struct ctl_scsiio *ctsio;
527
528	if (msg_info->hdr.serializing_sc == NULL) {
529		printf("%s: serializing_sc == NULL!\n", __func__);
530		/* XXX KDM now what? */
531		return;
532	}
533
534	ctsio = &msg_info->hdr.serializing_sc->scsiio;
535	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
536	ctl_enqueue_isc((union ctl_io *)ctsio);
537}
538
539void
540ctl_isc_announce_lun(struct ctl_lun *lun)
541{
542	struct ctl_softc *softc = lun->ctl_softc;
543	union ctl_ha_msg *msg;
544	struct ctl_ha_msg_lun_pr_key pr_key;
545	int i, k;
546
547	if (softc->ha_link != CTL_HA_LINK_ONLINE)
548		return;
549	mtx_lock(&lun->lun_lock);
550	i = sizeof(msg->lun);
551	if (lun->lun_devid)
552		i += lun->lun_devid->len;
553	i += sizeof(pr_key) * lun->pr_key_count;
554alloc:
555	mtx_unlock(&lun->lun_lock);
556	msg = malloc(i, M_CTL, M_WAITOK);
557	mtx_lock(&lun->lun_lock);
558	k = sizeof(msg->lun);
559	if (lun->lun_devid)
560		k += lun->lun_devid->len;
561	k += sizeof(pr_key) * lun->pr_key_count;
562	if (i < k) {
563		free(msg, M_CTL);
564		i = k;
565		goto alloc;
566	}
567	bzero(&msg->lun, sizeof(msg->lun));
568	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
569	msg->hdr.nexus.targ_lun = lun->lun;
570	msg->hdr.nexus.targ_mapped_lun = lun->lun;
571	msg->lun.flags = lun->flags;
572	msg->lun.pr_generation = lun->PRGeneration;
573	msg->lun.pr_res_idx = lun->pr_res_idx;
574	msg->lun.pr_res_type = lun->res_type;
575	msg->lun.pr_key_count = lun->pr_key_count;
576	i = 0;
577	if (lun->lun_devid) {
578		msg->lun.lun_devid_len = lun->lun_devid->len;
579		memcpy(&msg->lun.data[i], lun->lun_devid->data,
580		    msg->lun.lun_devid_len);
581		i += msg->lun.lun_devid_len;
582	}
583	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
584		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
585			continue;
586		pr_key.pr_iid = k;
587		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
588		i += sizeof(pr_key);
589	}
590	mtx_unlock(&lun->lun_lock);
591	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
592	    M_WAITOK);
593	free(msg, M_CTL);
594}
595
596void
597ctl_isc_announce_port(struct ctl_port *port)
598{
599	struct ctl_softc *softc = control_softc;
600	union ctl_ha_msg *msg;
601	int i;
602
603	if (port->targ_port < softc->port_min ||
604	    port->targ_port >= softc->port_max ||
605	    softc->ha_link != CTL_HA_LINK_ONLINE)
606		return;
607	i = sizeof(msg->port) + strlen(port->port_name) + 1;
608	if (port->lun_map)
609		i += sizeof(uint32_t) * CTL_MAX_LUNS;
610	if (port->port_devid)
611		i += port->port_devid->len;
612	if (port->target_devid)
613		i += port->target_devid->len;
614	msg = malloc(i, M_CTL, M_WAITOK);
615	bzero(&msg->port, sizeof(msg->port));
616	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
617	msg->hdr.nexus.targ_port = port->targ_port;
618	msg->port.port_type = port->port_type;
619	msg->port.physical_port = port->physical_port;
620	msg->port.virtual_port = port->virtual_port;
621	msg->port.status = port->status;
622	i = 0;
623	msg->port.name_len = sprintf(&msg->port.data[i],
624	    "%d:%s", softc->ha_id, port->port_name) + 1;
625	i += msg->port.name_len;
626	if (port->lun_map) {
627		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
628		memcpy(&msg->port.data[i], port->lun_map,
629		    msg->port.lun_map_len);
630		i += msg->port.lun_map_len;
631	}
632	if (port->port_devid) {
633		msg->port.port_devid_len = port->port_devid->len;
634		memcpy(&msg->port.data[i], port->port_devid->data,
635		    msg->port.port_devid_len);
636		i += msg->port.port_devid_len;
637	}
638	if (port->target_devid) {
639		msg->port.target_devid_len = port->target_devid->len;
640		memcpy(&msg->port.data[i], port->target_devid->data,
641		    msg->port.target_devid_len);
642		i += msg->port.target_devid_len;
643	}
644	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
645	    M_WAITOK);
646	free(msg, M_CTL);
647}
648
649static void
650ctl_isc_ha_link_up(struct ctl_softc *softc)
651{
652	struct ctl_port *port;
653	struct ctl_lun *lun;
654
655	STAILQ_FOREACH(port, &softc->port_list, links)
656		ctl_isc_announce_port(port);
657	STAILQ_FOREACH(lun, &softc->lun_list, links)
658		ctl_isc_announce_lun(lun);
659}
660
661static void
662ctl_isc_ha_link_down(struct ctl_softc *softc)
663{
664	struct ctl_port *port;
665	struct ctl_lun *lun;
666	union ctl_io *io;
667
668	mtx_lock(&softc->ctl_lock);
669	STAILQ_FOREACH(lun, &softc->lun_list, links) {
670		mtx_lock(&lun->lun_lock);
671		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
672			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
673			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
674		}
675		mtx_unlock(&lun->lun_lock);
676
677		mtx_unlock(&softc->ctl_lock);
678		io = ctl_alloc_io(softc->othersc_pool);
679		mtx_lock(&softc->ctl_lock);
680		ctl_zero_io(io);
681		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
682		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
683		ctl_enqueue_isc(io);
684	}
685
686	STAILQ_FOREACH(port, &softc->port_list, links) {
687		if (port->targ_port >= softc->port_min &&
688		    port->targ_port < softc->port_max)
689			continue;
690		port->status &= ~CTL_PORT_STATUS_ONLINE;
691	}
692	mtx_unlock(&softc->ctl_lock);
693}
694
695static void
696ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
697{
698	struct ctl_lun *lun;
699	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
700
701	mtx_lock(&softc->ctl_lock);
702	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
703	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
704		mtx_lock(&lun->lun_lock);
705		mtx_unlock(&softc->ctl_lock);
706		if (msg->ua.ua_all) {
707			if (msg->ua.ua_set)
708				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
709			else
710				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
711		} else {
712			if (msg->ua.ua_set)
713				ctl_est_ua(lun, iid, msg->ua.ua_type);
714			else
715				ctl_clr_ua(lun, iid, msg->ua.ua_type);
716		}
717		mtx_unlock(&lun->lun_lock);
718	} else
719		mtx_unlock(&softc->ctl_lock);
720}
721
722static void
723ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
724{
725	struct ctl_lun *lun;
726	struct ctl_ha_msg_lun_pr_key pr_key;
727	int i, k;
728	ctl_lun_flags oflags;
729	uint32_t targ_lun;
730
731	targ_lun = msg->hdr.nexus.targ_mapped_lun;
732	mtx_lock(&softc->ctl_lock);
733	if ((targ_lun >= CTL_MAX_LUNS) ||
734	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
735		mtx_unlock(&softc->ctl_lock);
736		return;
737	}
738	mtx_lock(&lun->lun_lock);
739	mtx_unlock(&softc->ctl_lock);
740	if (lun->flags & CTL_LUN_DISABLED) {
741		mtx_unlock(&lun->lun_lock);
742		return;
743	}
744	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
745	if (msg->lun.lun_devid_len != i || (i > 0 &&
746	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
747		mtx_unlock(&lun->lun_lock);
748		printf("%s: Received conflicting HA LUN %d\n",
749		    __func__, msg->hdr.nexus.targ_lun);
750		return;
751	} else {
752		/* Record whether peer is primary. */
753		oflags = lun->flags;
754		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
755		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
756			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
757		else
758			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
759		if (oflags != lun->flags)
760			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
761
762		/* If peer is primary and we are not -- use data */
763		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
764		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
765			lun->PRGeneration = msg->lun.pr_generation;
766			lun->pr_res_idx = msg->lun.pr_res_idx;
767			lun->res_type = msg->lun.pr_res_type;
768			lun->pr_key_count = msg->lun.pr_key_count;
769			for (k = 0; k < CTL_MAX_INITIATORS; k++)
770				ctl_clr_prkey(lun, k);
771			for (k = 0; k < msg->lun.pr_key_count; k++) {
772				memcpy(&pr_key, &msg->lun.data[i],
773				    sizeof(pr_key));
774				ctl_alloc_prkey(lun, pr_key.pr_iid);
775				ctl_set_prkey(lun, pr_key.pr_iid,
776				    pr_key.pr_key);
777				i += sizeof(pr_key);
778			}
779		}
780
781		mtx_unlock(&lun->lun_lock);
782		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
783		    __func__, msg->hdr.nexus.targ_lun,
784		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
785		    "primary" : "secondary"));
786
787		/* If we are primary but peer doesn't know -- notify */
788		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
789		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
790			ctl_isc_announce_lun(lun);
791	}
792}
793
794static void
795ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
796{
797	struct ctl_port *port;
798	struct ctl_lun *lun;
799	int i, new;
800
801	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
802	if (port == NULL) {
803		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
804		    msg->hdr.nexus.targ_port));
805		new = 1;
806		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
807		port->frontend = &ha_frontend;
808		port->targ_port = msg->hdr.nexus.targ_port;
809	} else if (port->frontend == &ha_frontend) {
810		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
811		    msg->hdr.nexus.targ_port));
812		new = 0;
813	} else {
814		printf("%s: Received conflicting HA port %d\n",
815		    __func__, msg->hdr.nexus.targ_port);
816		return;
817	}
818	port->port_type = msg->port.port_type;
819	port->physical_port = msg->port.physical_port;
820	port->virtual_port = msg->port.virtual_port;
821	port->status = msg->port.status;
822	i = 0;
823	free(port->port_name, M_CTL);
824	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
825	    M_CTL);
826	i += msg->port.name_len;
827	if (msg->port.lun_map_len != 0) {
828		if (port->lun_map == NULL)
829			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
830			    M_CTL, M_WAITOK);
831		memcpy(port->lun_map, &msg->port.data[i],
832		    sizeof(uint32_t) * CTL_MAX_LUNS);
833		i += msg->port.lun_map_len;
834	} else {
835		free(port->lun_map, M_CTL);
836		port->lun_map = NULL;
837	}
838	if (msg->port.port_devid_len != 0) {
839		if (port->port_devid == NULL ||
840		    port->port_devid->len != msg->port.port_devid_len) {
841			free(port->port_devid, M_CTL);
842			port->port_devid = malloc(sizeof(struct ctl_devid) +
843			    msg->port.port_devid_len, M_CTL, M_WAITOK);
844		}
845		memcpy(port->port_devid->data, &msg->port.data[i],
846		    msg->port.port_devid_len);
847		port->port_devid->len = msg->port.port_devid_len;
848		i += msg->port.port_devid_len;
849	} else {
850		free(port->port_devid, M_CTL);
851		port->port_devid = NULL;
852	}
853	if (msg->port.target_devid_len != 0) {
854		if (port->target_devid == NULL ||
855		    port->target_devid->len != msg->port.target_devid_len) {
856			free(port->target_devid, M_CTL);
857			port->target_devid = malloc(sizeof(struct ctl_devid) +
858			    msg->port.target_devid_len, M_CTL, M_WAITOK);
859		}
860		memcpy(port->target_devid->data, &msg->port.data[i],
861		    msg->port.target_devid_len);
862		port->target_devid->len = msg->port.target_devid_len;
863		i += msg->port.target_devid_len;
864	} else {
865		free(port->port_devid, M_CTL);
866		port->port_devid = NULL;
867	}
868	if (new) {
869		if (ctl_port_register(port) != 0) {
870			printf("%s: ctl_port_register() failed with error\n",
871			    __func__);
872		}
873	}
874	mtx_lock(&softc->ctl_lock);
875	STAILQ_FOREACH(lun, &softc->lun_list, links) {
876		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
877			continue;
878		mtx_lock(&lun->lun_lock);
879		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
880		mtx_unlock(&lun->lun_lock);
881	}
882	mtx_unlock(&softc->ctl_lock);
883}
884
885/*
886 * ISC (Inter Shelf Communication) event handler.  Events from the HA
887 * subsystem come in here.
888 */
889static void
890ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
891{
892	struct ctl_softc *softc;
893	union ctl_io *io;
894	struct ctl_prio *presio;
895	ctl_ha_status isc_status;
896
897	softc = control_softc;
898	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
899	if (event == CTL_HA_EVT_MSG_RECV) {
900		union ctl_ha_msg *msg, msgbuf;
901
902		if (param > sizeof(msgbuf))
903			msg = malloc(param, M_CTL, M_WAITOK);
904		else
905			msg = &msgbuf;
906		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
907		    M_WAITOK);
908		if (isc_status != CTL_HA_STATUS_SUCCESS) {
909			printf("%s: Error receiving message: %d\n",
910			    __func__, isc_status);
911			if (msg != &msgbuf)
912				free(msg, M_CTL);
913			return;
914		}
915
916		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
917		switch (msg->hdr.msg_type) {
918		case CTL_MSG_SERIALIZE:
919			io = ctl_alloc_io(softc->othersc_pool);
920			ctl_zero_io(io);
921			// populate ctsio from msg
922			io->io_hdr.io_type = CTL_IO_SCSI;
923			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
924			io->io_hdr.original_sc = msg->hdr.original_sc;
925			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
926					    CTL_FLAG_IO_ACTIVE;
927			/*
928			 * If we're in serialization-only mode, we don't
929			 * want to go through full done processing.  Thus
930			 * the COPY flag.
931			 *
932			 * XXX KDM add another flag that is more specific.
933			 */
934			if (softc->ha_mode != CTL_HA_MODE_XFER)
935				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
936			io->io_hdr.nexus = msg->hdr.nexus;
937#if 0
938			printf("port %u, iid %u, lun %u\n",
939			       io->io_hdr.nexus.targ_port,
940			       io->io_hdr.nexus.initid,
941			       io->io_hdr.nexus.targ_lun);
942#endif
943			io->scsiio.tag_num = msg->scsi.tag_num;
944			io->scsiio.tag_type = msg->scsi.tag_type;
945#ifdef CTL_TIME_IO
946			io->io_hdr.start_time = time_uptime;
947			getbintime(&io->io_hdr.start_bt);
948#endif /* CTL_TIME_IO */
949			io->scsiio.cdb_len = msg->scsi.cdb_len;
950			memcpy(io->scsiio.cdb, msg->scsi.cdb,
951			       CTL_MAX_CDBLEN);
952			if (softc->ha_mode == CTL_HA_MODE_XFER) {
953				const struct ctl_cmd_entry *entry;
954
955				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
956				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
957				io->io_hdr.flags |=
958					entry->flags & CTL_FLAG_DATA_MASK;
959			}
960			ctl_enqueue_isc(io);
961			break;
962
963		/* Performed on the Originating SC, XFER mode only */
964		case CTL_MSG_DATAMOVE: {
965			struct ctl_sg_entry *sgl;
966			int i, j;
967
968			io = msg->hdr.original_sc;
969			if (io == NULL) {
970				printf("%s: original_sc == NULL!\n", __func__);
971				/* XXX KDM do something here */
972				break;
973			}
974			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
975			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
976			/*
977			 * Keep track of this, we need to send it back over
978			 * when the datamove is complete.
979			 */
980			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
981			if (msg->hdr.status == CTL_SUCCESS)
982				io->io_hdr.status = msg->hdr.status;
983
984			if (msg->dt.sg_sequence == 0) {
985				i = msg->dt.kern_sg_entries +
986				    io->scsiio.kern_data_len /
987				    CTL_HA_DATAMOVE_SEGMENT + 1;
988				sgl = malloc(sizeof(*sgl) * i, M_CTL,
989				    M_WAITOK | M_ZERO);
990				io->io_hdr.remote_sglist = sgl;
991				io->io_hdr.local_sglist =
992				    &sgl[msg->dt.kern_sg_entries];
993
994				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
995
996				io->scsiio.kern_sg_entries =
997					msg->dt.kern_sg_entries;
998				io->scsiio.rem_sg_entries =
999					msg->dt.kern_sg_entries;
1000				io->scsiio.kern_data_len =
1001					msg->dt.kern_data_len;
1002				io->scsiio.kern_total_len =
1003					msg->dt.kern_total_len;
1004				io->scsiio.kern_data_resid =
1005					msg->dt.kern_data_resid;
1006				io->scsiio.kern_rel_offset =
1007					msg->dt.kern_rel_offset;
1008				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1009				io->io_hdr.flags |= msg->dt.flags &
1010				    CTL_FLAG_BUS_ADDR;
1011			} else
1012				sgl = (struct ctl_sg_entry *)
1013					io->scsiio.kern_data_ptr;
1014
1015			for (i = msg->dt.sent_sg_entries, j = 0;
1016			     i < (msg->dt.sent_sg_entries +
1017			     msg->dt.cur_sg_entries); i++, j++) {
1018				sgl[i].addr = msg->dt.sg_list[j].addr;
1019				sgl[i].len = msg->dt.sg_list[j].len;
1020
1021#if 0
1022				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
1023				       __func__,
1024				       msg->dt.sg_list[j].addr,
1025				       msg->dt.sg_list[j].len,
1026				       sgl[i].addr, sgl[i].len, j, i);
1027#endif
1028			}
1029
1030			/*
1031			 * If this is the last piece of the I/O, we've got
1032			 * the full S/G list.  Queue processing in the thread.
1033			 * Otherwise wait for the next piece.
1034			 */
1035			if (msg->dt.sg_last != 0)
1036				ctl_enqueue_isc(io);
1037			break;
1038		}
1039		/* Performed on the Serializing (primary) SC, XFER mode only */
1040		case CTL_MSG_DATAMOVE_DONE: {
1041			if (msg->hdr.serializing_sc == NULL) {
1042				printf("%s: serializing_sc == NULL!\n",
1043				       __func__);
1044				/* XXX KDM now what? */
1045				break;
1046			}
1047			/*
1048			 * We grab the sense information here in case
1049			 * there was a failure, so we can return status
1050			 * back to the initiator.
1051			 */
1052			io = msg->hdr.serializing_sc;
1053			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1054			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1055			io->io_hdr.port_status = msg->scsi.fetd_status;
1056			io->scsiio.residual = msg->scsi.residual;
1057			if (msg->hdr.status != CTL_STATUS_NONE) {
1058				io->io_hdr.status = msg->hdr.status;
1059				io->scsiio.scsi_status = msg->scsi.scsi_status;
1060				io->scsiio.sense_len = msg->scsi.sense_len;
1061				io->scsiio.sense_residual =msg->scsi.sense_residual;
1062				memcpy(&io->scsiio.sense_data,
1063				    &msg->scsi.sense_data,
1064				    msg->scsi.sense_len);
1065				if (msg->hdr.status == CTL_SUCCESS)
1066					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1067			}
1068			ctl_enqueue_isc(io);
1069			break;
1070		}
1071
1072		/* Preformed on Originating SC, SER_ONLY mode */
1073		case CTL_MSG_R2R:
1074			io = msg->hdr.original_sc;
1075			if (io == NULL) {
1076				printf("%s: original_sc == NULL!\n",
1077				    __func__);
1078				break;
1079			}
1080			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1081			io->io_hdr.msg_type = CTL_MSG_R2R;
1082			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1083			ctl_enqueue_isc(io);
1084			break;
1085
1086		/*
1087		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1088		 * mode.
1089		 * Performed on the Originating (i.e. secondary) SC in XFER
1090		 * mode
1091		 */
1092		case CTL_MSG_FINISH_IO:
1093			if (softc->ha_mode == CTL_HA_MODE_XFER)
1094				ctl_isc_handler_finish_xfer(softc, msg);
1095			else
1096				ctl_isc_handler_finish_ser_only(softc, msg);
1097			break;
1098
1099		/* Preformed on Originating SC */
1100		case CTL_MSG_BAD_JUJU:
1101			io = msg->hdr.original_sc;
1102			if (io == NULL) {
1103				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1104				       __func__);
1105				break;
1106			}
1107			ctl_copy_sense_data(msg, io);
1108			/*
1109			 * IO should have already been cleaned up on other
1110			 * SC so clear this flag so we won't send a message
1111			 * back to finish the IO there.
1112			 */
1113			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1114			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1115
1116			/* io = msg->hdr.serializing_sc; */
1117			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1118			ctl_enqueue_isc(io);
1119			break;
1120
1121		/* Handle resets sent from the other side */
1122		case CTL_MSG_MANAGE_TASKS: {
1123			struct ctl_taskio *taskio;
1124			taskio = (struct ctl_taskio *)ctl_alloc_io(
1125			    softc->othersc_pool);
1126			ctl_zero_io((union ctl_io *)taskio);
1127			taskio->io_hdr.io_type = CTL_IO_TASK;
1128			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1129			taskio->io_hdr.nexus = msg->hdr.nexus;
1130			taskio->task_action = msg->task.task_action;
1131			taskio->tag_num = msg->task.tag_num;
1132			taskio->tag_type = msg->task.tag_type;
1133#ifdef CTL_TIME_IO
1134			taskio->io_hdr.start_time = time_uptime;
1135			getbintime(&taskio->io_hdr.start_bt);
1136#endif /* CTL_TIME_IO */
1137			ctl_run_task((union ctl_io *)taskio);
1138			break;
1139		}
1140		/* Persistent Reserve action which needs attention */
1141		case CTL_MSG_PERS_ACTION:
1142			presio = (struct ctl_prio *)ctl_alloc_io(
1143			    softc->othersc_pool);
1144			ctl_zero_io((union ctl_io *)presio);
1145			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1146			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1147			presio->io_hdr.nexus = msg->hdr.nexus;
1148			presio->pr_msg = msg->pr;
1149			ctl_enqueue_isc((union ctl_io *)presio);
1150			break;
1151		case CTL_MSG_UA:
1152			ctl_isc_ua(softc, msg, param);
1153			break;
1154		case CTL_MSG_PORT_SYNC:
1155			ctl_isc_port_sync(softc, msg, param);
1156			break;
1157		case CTL_MSG_LUN_SYNC:
1158			ctl_isc_lun_sync(softc, msg, param);
1159			break;
1160		default:
1161			printf("Received HA message of unknown type %d\n",
1162			    msg->hdr.msg_type);
1163			break;
1164		}
1165		if (msg != &msgbuf)
1166			free(msg, M_CTL);
1167	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1168		printf("CTL: HA link status changed from %d to %d\n",
1169		    softc->ha_link, param);
1170		if (param == softc->ha_link)
1171			return;
1172		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1173			softc->ha_link = param;
1174			ctl_isc_ha_link_down(softc);
1175		} else {
1176			softc->ha_link = param;
1177			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1178				ctl_isc_ha_link_up(softc);
1179		}
1180		return;
1181	} else {
1182		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1183		return;
1184	}
1185}
1186
1187static void
1188ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1189{
1190
1191	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1192	    src->scsi.sense_len);
1193	dest->scsiio.scsi_status = src->scsi.scsi_status;
1194	dest->scsiio.sense_len = src->scsi.sense_len;
1195	dest->io_hdr.status = src->hdr.status;
1196}
1197
1198static void
1199ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1200{
1201
1202	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1203	    src->scsiio.sense_len);
1204	dest->scsi.scsi_status = src->scsiio.scsi_status;
1205	dest->scsi.sense_len = src->scsiio.sense_len;
1206	dest->hdr.status = src->io_hdr.status;
1207}
1208
1209void
1210ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1211{
1212	struct ctl_softc *softc = lun->ctl_softc;
1213	ctl_ua_type *pu;
1214
1215	if (initidx < softc->init_min || initidx >= softc->init_max)
1216		return;
1217	mtx_assert(&lun->lun_lock, MA_OWNED);
1218	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1219	if (pu == NULL)
1220		return;
1221	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1222}
1223
1224void
1225ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1226{
1227	int i;
1228
1229	mtx_assert(&lun->lun_lock, MA_OWNED);
1230	if (lun->pending_ua[port] == NULL)
1231		return;
1232	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1233		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1234			continue;
1235		lun->pending_ua[port][i] |= ua;
1236	}
1237}
1238
1239void
1240ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1241{
1242	struct ctl_softc *softc = lun->ctl_softc;
1243	int i;
1244
1245	mtx_assert(&lun->lun_lock, MA_OWNED);
1246	for (i = softc->port_min; i < softc->port_max; i++)
1247		ctl_est_ua_port(lun, i, except, ua);
1248}
1249
1250void
1251ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1252{
1253	struct ctl_softc *softc = lun->ctl_softc;
1254	ctl_ua_type *pu;
1255
1256	if (initidx < softc->init_min || initidx >= softc->init_max)
1257		return;
1258	mtx_assert(&lun->lun_lock, MA_OWNED);
1259	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1260	if (pu == NULL)
1261		return;
1262	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1263}
1264
1265void
1266ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1267{
1268	struct ctl_softc *softc = lun->ctl_softc;
1269	int i, j;
1270
1271	mtx_assert(&lun->lun_lock, MA_OWNED);
1272	for (i = softc->port_min; i < softc->port_max; i++) {
1273		if (lun->pending_ua[i] == NULL)
1274			continue;
1275		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1276			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1277				continue;
1278			lun->pending_ua[i][j] &= ~ua;
1279		}
1280	}
1281}
1282
1283void
1284ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1285    ctl_ua_type ua_type)
1286{
1287	struct ctl_lun *lun;
1288
1289	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1290	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1291		mtx_lock(&lun->lun_lock);
1292		ctl_clr_ua(lun, initidx, ua_type);
1293		mtx_unlock(&lun->lun_lock);
1294	}
1295}
1296
1297static int
1298ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1299{
1300	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1301	struct ctl_lun *lun;
1302	struct ctl_lun_req ireq;
1303	int error, value;
1304
1305	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1306	error = sysctl_handle_int(oidp, &value, 0, req);
1307	if ((error != 0) || (req->newptr == NULL))
1308		return (error);
1309
1310	mtx_lock(&softc->ctl_lock);
1311	if (value == 0)
1312		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1313	else
1314		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1315	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1316		mtx_unlock(&softc->ctl_lock);
1317		bzero(&ireq, sizeof(ireq));
1318		ireq.reqtype = CTL_LUNREQ_MODIFY;
1319		ireq.reqdata.modify.lun_id = lun->lun;
1320		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1321		    curthread);
1322		if (ireq.status != CTL_LUN_OK) {
1323			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1324			    __func__, ireq.status, ireq.error_str);
1325		}
1326		mtx_lock(&softc->ctl_lock);
1327	}
1328	mtx_unlock(&softc->ctl_lock);
1329	return (0);
1330}
1331
1332static int
1333ctl_init(void)
1334{
1335	struct ctl_softc *softc;
1336	void *other_pool;
1337	int i, error, retval;
1338
1339	retval = 0;
1340	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1341			       M_WAITOK | M_ZERO);
1342	softc = control_softc;
1343
1344	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1345			      "cam/ctl");
1346
1347	softc->dev->si_drv1 = softc;
1348
1349	sysctl_ctx_init(&softc->sysctl_ctx);
1350	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1351		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1352		CTLFLAG_RD, 0, "CAM Target Layer");
1353
1354	if (softc->sysctl_tree == NULL) {
1355		printf("%s: unable to allocate sysctl tree\n", __func__);
1356		destroy_dev(softc->dev);
1357		free(control_softc, M_DEVBUF);
1358		control_softc = NULL;
1359		return (ENOMEM);
1360	}
1361
1362	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1363	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1364	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1365	softc->open_count = 0;
1366
1367	/*
1368	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1369	 * the drive.
1370	 */
1371	softc->flags = CTL_FLAG_REAL_SYNC;
1372
1373	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1374	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1375	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1376
1377	/*
1378	 * In Copan's HA scheme, the "master" and "slave" roles are
1379	 * figured out through the slot the controller is in.  Although it
1380	 * is an active/active system, someone has to be in charge.
1381	 */
1382	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1383	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1384	    "HA head ID (0 - no HA)");
1385	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1386		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1387		softc->is_single = 1;
1388		softc->port_cnt = CTL_MAX_PORTS;
1389		softc->port_min = 0;
1390	} else {
1391		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1392		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1393	}
1394	softc->port_max = softc->port_min + softc->port_cnt;
1395	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1396	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1397
1398	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1399	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1400	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1401
1402	STAILQ_INIT(&softc->lun_list);
1403	STAILQ_INIT(&softc->pending_lun_queue);
1404	STAILQ_INIT(&softc->fe_list);
1405	STAILQ_INIT(&softc->port_list);
1406	STAILQ_INIT(&softc->be_list);
1407	ctl_tpc_init(softc);
1408
1409	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1410	                    &other_pool) != 0)
1411	{
1412		printf("ctl: can't allocate %d entry other SC pool, "
1413		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1414		return (ENOMEM);
1415	}
1416	softc->othersc_pool = other_pool;
1417
1418	if (worker_threads <= 0)
1419		worker_threads = max(1, mp_ncpus / 4);
1420	if (worker_threads > CTL_MAX_THREADS)
1421		worker_threads = CTL_MAX_THREADS;
1422
1423	for (i = 0; i < worker_threads; i++) {
1424		struct ctl_thread *thr = &softc->threads[i];
1425
1426		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1427		thr->ctl_softc = softc;
1428		STAILQ_INIT(&thr->incoming_queue);
1429		STAILQ_INIT(&thr->rtr_queue);
1430		STAILQ_INIT(&thr->done_queue);
1431		STAILQ_INIT(&thr->isc_queue);
1432
1433		error = kproc_kthread_add(ctl_work_thread, thr,
1434		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1435		if (error != 0) {
1436			printf("error creating CTL work thread!\n");
1437			ctl_pool_free(other_pool);
1438			return (error);
1439		}
1440	}
1441	error = kproc_kthread_add(ctl_lun_thread, softc,
1442	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1443	if (error != 0) {
1444		printf("error creating CTL lun thread!\n");
1445		ctl_pool_free(other_pool);
1446		return (error);
1447	}
1448	error = kproc_kthread_add(ctl_thresh_thread, softc,
1449	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1450	if (error != 0) {
1451		printf("error creating CTL threshold thread!\n");
1452		ctl_pool_free(other_pool);
1453		return (error);
1454	}
1455
1456	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1457	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1458	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1459
1460	if (softc->is_single == 0) {
1461		ctl_frontend_register(&ha_frontend);
1462		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1463			printf("ctl_init: ctl_ha_msg_init failed.\n");
1464			softc->is_single = 1;
1465		} else
1466		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1467		    != CTL_HA_STATUS_SUCCESS) {
1468			printf("ctl_init: ctl_ha_msg_register failed.\n");
1469			softc->is_single = 1;
1470		}
1471	}
1472	return (0);
1473}
1474
1475void
1476ctl_shutdown(void)
1477{
1478	struct ctl_softc *softc;
1479	struct ctl_lun *lun, *next_lun;
1480
1481	softc = (struct ctl_softc *)control_softc;
1482
1483	if (softc->is_single == 0) {
1484		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1485		    != CTL_HA_STATUS_SUCCESS) {
1486			printf("ctl_shutdown: ctl_ha_msg_deregister failed.\n");
1487		}
1488		if (ctl_ha_msg_shutdown(softc) != CTL_HA_STATUS_SUCCESS) {
1489			printf("ctl_shutdown: ctl_ha_msg_shutdown failed.\n");
1490		}
1491		ctl_frontend_deregister(&ha_frontend);
1492	}
1493
1494	mtx_lock(&softc->ctl_lock);
1495
1496	/*
1497	 * Free up each LUN.
1498	 */
1499	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1500		next_lun = STAILQ_NEXT(lun, links);
1501		ctl_free_lun(lun);
1502	}
1503
1504	mtx_unlock(&softc->ctl_lock);
1505
1506#if 0
1507	ctl_shutdown_thread(softc->work_thread);
1508	mtx_destroy(&softc->queue_lock);
1509#endif
1510
1511	ctl_tpc_shutdown(softc);
1512	uma_zdestroy(softc->io_zone);
1513	mtx_destroy(&softc->ctl_lock);
1514
1515	destroy_dev(softc->dev);
1516
1517	sysctl_ctx_free(&softc->sysctl_ctx);
1518
1519	free(control_softc, M_DEVBUF);
1520	control_softc = NULL;
1521}
1522
1523static int
1524ctl_module_event_handler(module_t mod, int what, void *arg)
1525{
1526
1527	switch (what) {
1528	case MOD_LOAD:
1529		return (ctl_init());
1530	case MOD_UNLOAD:
1531		return (EBUSY);
1532	default:
1533		return (EOPNOTSUPP);
1534	}
1535}
1536
1537/*
1538 * XXX KDM should we do some access checks here?  Bump a reference count to
1539 * prevent a CTL module from being unloaded while someone has it open?
1540 */
1541static int
1542ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1543{
1544	return (0);
1545}
1546
1547static int
1548ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1549{
1550	return (0);
1551}
1552
1553/*
1554 * Remove an initiator by port number and initiator ID.
1555 * Returns 0 for success, -1 for failure.
1556 */
1557int
1558ctl_remove_initiator(struct ctl_port *port, int iid)
1559{
1560	struct ctl_softc *softc = control_softc;
1561
1562	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1563
1564	if (iid > CTL_MAX_INIT_PER_PORT) {
1565		printf("%s: initiator ID %u > maximun %u!\n",
1566		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1567		return (-1);
1568	}
1569
1570	mtx_lock(&softc->ctl_lock);
1571	port->wwpn_iid[iid].in_use--;
1572	port->wwpn_iid[iid].last_use = time_uptime;
1573	mtx_unlock(&softc->ctl_lock);
1574
1575	return (0);
1576}
1577
1578/*
1579 * Add an initiator to the initiator map.
1580 * Returns iid for success, < 0 for failure.
1581 */
1582int
1583ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1584{
1585	struct ctl_softc *softc = control_softc;
1586	time_t best_time;
1587	int i, best;
1588
1589	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1590
1591	if (iid >= CTL_MAX_INIT_PER_PORT) {
1592		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1593		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1594		free(name, M_CTL);
1595		return (-1);
1596	}
1597
1598	mtx_lock(&softc->ctl_lock);
1599
1600	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1601		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1602			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1603				iid = i;
1604				break;
1605			}
1606			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1607			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1608				iid = i;
1609				break;
1610			}
1611		}
1612	}
1613
1614	if (iid < 0) {
1615		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1616			if (port->wwpn_iid[i].in_use == 0 &&
1617			    port->wwpn_iid[i].wwpn == 0 &&
1618			    port->wwpn_iid[i].name == NULL) {
1619				iid = i;
1620				break;
1621			}
1622		}
1623	}
1624
1625	if (iid < 0) {
1626		best = -1;
1627		best_time = INT32_MAX;
1628		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1629			if (port->wwpn_iid[i].in_use == 0) {
1630				if (port->wwpn_iid[i].last_use < best_time) {
1631					best = i;
1632					best_time = port->wwpn_iid[i].last_use;
1633				}
1634			}
1635		}
1636		iid = best;
1637	}
1638
1639	if (iid < 0) {
1640		mtx_unlock(&softc->ctl_lock);
1641		free(name, M_CTL);
1642		return (-2);
1643	}
1644
1645	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1646		/*
1647		 * This is not an error yet.
1648		 */
1649		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1650#if 0
1651			printf("%s: port %d iid %u WWPN %#jx arrived"
1652			    " again\n", __func__, port->targ_port,
1653			    iid, (uintmax_t)wwpn);
1654#endif
1655			goto take;
1656		}
1657		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1658		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1659#if 0
1660			printf("%s: port %d iid %u name '%s' arrived"
1661			    " again\n", __func__, port->targ_port,
1662			    iid, name);
1663#endif
1664			goto take;
1665		}
1666
1667		/*
1668		 * This is an error, but what do we do about it?  The
1669		 * driver is telling us we have a new WWPN for this
1670		 * initiator ID, so we pretty much need to use it.
1671		 */
1672		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1673		    " but WWPN %#jx '%s' is still at that address\n",
1674		    __func__, port->targ_port, iid, wwpn, name,
1675		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1676		    port->wwpn_iid[iid].name);
1677
1678		/*
1679		 * XXX KDM clear have_ca and ua_pending on each LUN for
1680		 * this initiator.
1681		 */
1682	}
1683take:
1684	free(port->wwpn_iid[iid].name, M_CTL);
1685	port->wwpn_iid[iid].name = name;
1686	port->wwpn_iid[iid].wwpn = wwpn;
1687	port->wwpn_iid[iid].in_use++;
1688	mtx_unlock(&softc->ctl_lock);
1689
1690	return (iid);
1691}
1692
1693static int
1694ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1695{
1696	int len;
1697
1698	switch (port->port_type) {
1699	case CTL_PORT_FC:
1700	{
1701		struct scsi_transportid_fcp *id =
1702		    (struct scsi_transportid_fcp *)buf;
1703		if (port->wwpn_iid[iid].wwpn == 0)
1704			return (0);
1705		memset(id, 0, sizeof(*id));
1706		id->format_protocol = SCSI_PROTO_FC;
1707		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1708		return (sizeof(*id));
1709	}
1710	case CTL_PORT_ISCSI:
1711	{
1712		struct scsi_transportid_iscsi_port *id =
1713		    (struct scsi_transportid_iscsi_port *)buf;
1714		if (port->wwpn_iid[iid].name == NULL)
1715			return (0);
1716		memset(id, 0, 256);
1717		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1718		    SCSI_PROTO_ISCSI;
1719		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1720		len = roundup2(min(len, 252), 4);
1721		scsi_ulto2b(len, id->additional_length);
1722		return (sizeof(*id) + len);
1723	}
1724	case CTL_PORT_SAS:
1725	{
1726		struct scsi_transportid_sas *id =
1727		    (struct scsi_transportid_sas *)buf;
1728		if (port->wwpn_iid[iid].wwpn == 0)
1729			return (0);
1730		memset(id, 0, sizeof(*id));
1731		id->format_protocol = SCSI_PROTO_SAS;
1732		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1733		return (sizeof(*id));
1734	}
1735	default:
1736	{
1737		struct scsi_transportid_spi *id =
1738		    (struct scsi_transportid_spi *)buf;
1739		memset(id, 0, sizeof(*id));
1740		id->format_protocol = SCSI_PROTO_SPI;
1741		scsi_ulto2b(iid, id->scsi_addr);
1742		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1743		return (sizeof(*id));
1744	}
1745	}
1746}
1747
1748/*
1749 * Serialize a command that went down the "wrong" side, and so was sent to
1750 * this controller for execution.  The logic is a little different than the
1751 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1752 * sent back to the other side, but in the success case, we execute the
1753 * command on this side (XFER mode) or tell the other side to execute it
1754 * (SER_ONLY mode).
1755 */
1756static int
1757ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1758{
1759	struct ctl_softc *softc;
1760	union ctl_ha_msg msg_info;
1761	struct ctl_lun *lun;
1762	const struct ctl_cmd_entry *entry;
1763	int retval = 0;
1764	uint32_t targ_lun;
1765
1766	softc = control_softc;
1767
1768	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1769	mtx_lock(&softc->ctl_lock);
1770	if ((targ_lun < CTL_MAX_LUNS) &&
1771	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
1772		mtx_lock(&lun->lun_lock);
1773		mtx_unlock(&softc->ctl_lock);
1774		/*
1775		 * If the LUN is invalid, pretend that it doesn't exist.
1776		 * It will go away as soon as all pending I/O has been
1777		 * completed.
1778		 */
1779		if (lun->flags & CTL_LUN_DISABLED) {
1780			mtx_unlock(&lun->lun_lock);
1781			lun = NULL;
1782		}
1783	} else {
1784		mtx_unlock(&softc->ctl_lock);
1785		lun = NULL;
1786	}
1787	if (lun == NULL) {
1788		/*
1789		 * The other node would not send this request to us unless
1790		 * received announce that we are primary node for this LUN.
1791		 * If this LUN does not exist now, it is probably result of
1792		 * a race, so respond to initiator in the most opaque way.
1793		 */
1794		ctl_set_busy(ctsio);
1795		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1796		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1797		msg_info.hdr.serializing_sc = NULL;
1798		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1799		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1800		    sizeof(msg_info.scsi), M_WAITOK);
1801		return(1);
1802	}
1803
1804	entry = ctl_get_cmd_entry(ctsio, NULL);
1805	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
1806		mtx_unlock(&lun->lun_lock);
1807		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1808		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1809		msg_info.hdr.serializing_sc = NULL;
1810		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1811		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1812		    sizeof(msg_info.scsi), M_WAITOK);
1813		return(1);
1814	}
1815
1816	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
1817	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
1818
1819	/*
1820	 * Every I/O goes into the OOA queue for a
1821	 * particular LUN, and stays there until completion.
1822	 */
1823#ifdef CTL_TIME_IO
1824	if (TAILQ_EMPTY(&lun->ooa_queue))
1825		lun->idle_time += getsbinuptime() - lun->last_busy;
1826#endif
1827	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1828
1829	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1830		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1831		 ooa_links))) {
1832	case CTL_ACTION_BLOCK:
1833		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1834		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1835				  blocked_links);
1836		mtx_unlock(&lun->lun_lock);
1837		break;
1838	case CTL_ACTION_PASS:
1839	case CTL_ACTION_SKIP:
1840		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1841			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1842			ctl_enqueue_rtr((union ctl_io *)ctsio);
1843			mtx_unlock(&lun->lun_lock);
1844		} else {
1845			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
1846			mtx_unlock(&lun->lun_lock);
1847
1848			/* send msg back to other side */
1849			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1850			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1851			msg_info.hdr.msg_type = CTL_MSG_R2R;
1852			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1853			    sizeof(msg_info.hdr), M_WAITOK);
1854		}
1855		break;
1856	case CTL_ACTION_OVERLAP:
1857		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1858		mtx_unlock(&lun->lun_lock);
1859		retval = 1;
1860
1861		ctl_set_overlapped_cmd(ctsio);
1862		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1863		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1864		msg_info.hdr.serializing_sc = NULL;
1865		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1866		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1867		    sizeof(msg_info.scsi), M_WAITOK);
1868		break;
1869	case CTL_ACTION_OVERLAP_TAG:
1870		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1871		mtx_unlock(&lun->lun_lock);
1872		retval = 1;
1873		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
1874		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1875		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1876		msg_info.hdr.serializing_sc = NULL;
1877		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1878		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1879		    sizeof(msg_info.scsi), M_WAITOK);
1880		break;
1881	case CTL_ACTION_ERROR:
1882	default:
1883		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1884		mtx_unlock(&lun->lun_lock);
1885		retval = 1;
1886
1887		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
1888					 /*retry_count*/ 0);
1889		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1890		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1891		msg_info.hdr.serializing_sc = NULL;
1892		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1893		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1894		    sizeof(msg_info.scsi), M_WAITOK);
1895		break;
1896	}
1897	return (retval);
1898}
1899
1900/*
1901 * Returns 0 for success, errno for failure.
1902 */
1903static int
1904ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1905		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1906{
1907	union ctl_io *io;
1908	int retval;
1909
1910	retval = 0;
1911
1912	mtx_lock(&lun->lun_lock);
1913	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1914	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1915	     ooa_links)) {
1916		struct ctl_ooa_entry *entry;
1917
1918		/*
1919		 * If we've got more than we can fit, just count the
1920		 * remaining entries.
1921		 */
1922		if (*cur_fill_num >= ooa_hdr->alloc_num)
1923			continue;
1924
1925		entry = &kern_entries[*cur_fill_num];
1926
1927		entry->tag_num = io->scsiio.tag_num;
1928		entry->lun_num = lun->lun;
1929#ifdef CTL_TIME_IO
1930		entry->start_bt = io->io_hdr.start_bt;
1931#endif
1932		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
1933		entry->cdb_len = io->scsiio.cdb_len;
1934		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1935			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1936
1937		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1938			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
1939
1940		if (io->io_hdr.flags & CTL_FLAG_ABORT)
1941			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
1942
1943		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
1944			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
1945
1946		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
1947			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
1948	}
1949	mtx_unlock(&lun->lun_lock);
1950
1951	return (retval);
1952}
1953
1954static void *
1955ctl_copyin_alloc(void *user_addr, int len, char *error_str,
1956		 size_t error_str_len)
1957{
1958	void *kptr;
1959
1960	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
1961
1962	if (copyin(user_addr, kptr, len) != 0) {
1963		snprintf(error_str, error_str_len, "Error copying %d bytes "
1964			 "from user address %p to kernel address %p", len,
1965			 user_addr, kptr);
1966		free(kptr, M_CTL);
1967		return (NULL);
1968	}
1969
1970	return (kptr);
1971}
1972
1973static void
1974ctl_free_args(int num_args, struct ctl_be_arg *args)
1975{
1976	int i;
1977
1978	if (args == NULL)
1979		return;
1980
1981	for (i = 0; i < num_args; i++) {
1982		free(args[i].kname, M_CTL);
1983		free(args[i].kvalue, M_CTL);
1984	}
1985
1986	free(args, M_CTL);
1987}
1988
1989static struct ctl_be_arg *
1990ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
1991		char *error_str, size_t error_str_len)
1992{
1993	struct ctl_be_arg *args;
1994	int i;
1995
1996	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
1997				error_str, error_str_len);
1998
1999	if (args == NULL)
2000		goto bailout;
2001
2002	for (i = 0; i < num_args; i++) {
2003		args[i].kname = NULL;
2004		args[i].kvalue = NULL;
2005	}
2006
2007	for (i = 0; i < num_args; i++) {
2008		uint8_t *tmpptr;
2009
2010		args[i].kname = ctl_copyin_alloc(args[i].name,
2011			args[i].namelen, error_str, error_str_len);
2012		if (args[i].kname == NULL)
2013			goto bailout;
2014
2015		if (args[i].kname[args[i].namelen - 1] != '\0') {
2016			snprintf(error_str, error_str_len, "Argument %d "
2017				 "name is not NUL-terminated", i);
2018			goto bailout;
2019		}
2020
2021		if (args[i].flags & CTL_BEARG_RD) {
2022			tmpptr = ctl_copyin_alloc(args[i].value,
2023				args[i].vallen, error_str, error_str_len);
2024			if (tmpptr == NULL)
2025				goto bailout;
2026			if ((args[i].flags & CTL_BEARG_ASCII)
2027			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2028				snprintf(error_str, error_str_len, "Argument "
2029				    "%d value is not NUL-terminated", i);
2030				goto bailout;
2031			}
2032			args[i].kvalue = tmpptr;
2033		} else {
2034			args[i].kvalue = malloc(args[i].vallen,
2035			    M_CTL, M_WAITOK | M_ZERO);
2036		}
2037	}
2038
2039	return (args);
2040bailout:
2041
2042	ctl_free_args(num_args, args);
2043
2044	return (NULL);
2045}
2046
2047static void
2048ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2049{
2050	int i;
2051
2052	for (i = 0; i < num_args; i++) {
2053		if (args[i].flags & CTL_BEARG_WR)
2054			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2055	}
2056}
2057
2058/*
2059 * Escape characters that are illegal or not recommended in XML.
2060 */
2061int
2062ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2063{
2064	char *end = str + size;
2065	int retval;
2066
2067	retval = 0;
2068
2069	for (; *str && str < end; str++) {
2070		switch (*str) {
2071		case '&':
2072			retval = sbuf_printf(sb, "&amp;");
2073			break;
2074		case '>':
2075			retval = sbuf_printf(sb, "&gt;");
2076			break;
2077		case '<':
2078			retval = sbuf_printf(sb, "&lt;");
2079			break;
2080		default:
2081			retval = sbuf_putc(sb, *str);
2082			break;
2083		}
2084
2085		if (retval != 0)
2086			break;
2087
2088	}
2089
2090	return (retval);
2091}
2092
2093static void
2094ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2095{
2096	struct scsi_vpd_id_descriptor *desc;
2097	int i;
2098
2099	if (id == NULL || id->len < 4)
2100		return;
2101	desc = (struct scsi_vpd_id_descriptor *)id->data;
2102	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2103	case SVPD_ID_TYPE_T10:
2104		sbuf_printf(sb, "t10.");
2105		break;
2106	case SVPD_ID_TYPE_EUI64:
2107		sbuf_printf(sb, "eui.");
2108		break;
2109	case SVPD_ID_TYPE_NAA:
2110		sbuf_printf(sb, "naa.");
2111		break;
2112	case SVPD_ID_TYPE_SCSI_NAME:
2113		break;
2114	}
2115	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2116	case SVPD_ID_CODESET_BINARY:
2117		for (i = 0; i < desc->length; i++)
2118			sbuf_printf(sb, "%02x", desc->identifier[i]);
2119		break;
2120	case SVPD_ID_CODESET_ASCII:
2121		sbuf_printf(sb, "%.*s", (int)desc->length,
2122		    (char *)desc->identifier);
2123		break;
2124	case SVPD_ID_CODESET_UTF8:
2125		sbuf_printf(sb, "%s", (char *)desc->identifier);
2126		break;
2127	}
2128}
2129
2130static int
2131ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2132	  struct thread *td)
2133{
2134	struct ctl_softc *softc;
2135	struct ctl_lun *lun;
2136	int retval;
2137
2138	softc = control_softc;
2139
2140	retval = 0;
2141
2142	switch (cmd) {
2143	case CTL_IO:
2144		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2145		break;
2146	case CTL_ENABLE_PORT:
2147	case CTL_DISABLE_PORT:
2148	case CTL_SET_PORT_WWNS: {
2149		struct ctl_port *port;
2150		struct ctl_port_entry *entry;
2151
2152		entry = (struct ctl_port_entry *)addr;
2153
2154		mtx_lock(&softc->ctl_lock);
2155		STAILQ_FOREACH(port, &softc->port_list, links) {
2156			int action, done;
2157
2158			if (port->targ_port < softc->port_min ||
2159			    port->targ_port >= softc->port_max)
2160				continue;
2161
2162			action = 0;
2163			done = 0;
2164			if ((entry->port_type == CTL_PORT_NONE)
2165			 && (entry->targ_port == port->targ_port)) {
2166				/*
2167				 * If the user only wants to enable or
2168				 * disable or set WWNs on a specific port,
2169				 * do the operation and we're done.
2170				 */
2171				action = 1;
2172				done = 1;
2173			} else if (entry->port_type & port->port_type) {
2174				/*
2175				 * Compare the user's type mask with the
2176				 * particular frontend type to see if we
2177				 * have a match.
2178				 */
2179				action = 1;
2180				done = 0;
2181
2182				/*
2183				 * Make sure the user isn't trying to set
2184				 * WWNs on multiple ports at the same time.
2185				 */
2186				if (cmd == CTL_SET_PORT_WWNS) {
2187					printf("%s: Can't set WWNs on "
2188					       "multiple ports\n", __func__);
2189					retval = EINVAL;
2190					break;
2191				}
2192			}
2193			if (action == 0)
2194				continue;
2195
2196			/*
2197			 * XXX KDM we have to drop the lock here, because
2198			 * the online/offline operations can potentially
2199			 * block.  We need to reference count the frontends
2200			 * so they can't go away,
2201			 */
2202			if (cmd == CTL_ENABLE_PORT) {
2203				mtx_unlock(&softc->ctl_lock);
2204				ctl_port_online(port);
2205				mtx_lock(&softc->ctl_lock);
2206			} else if (cmd == CTL_DISABLE_PORT) {
2207				mtx_unlock(&softc->ctl_lock);
2208				ctl_port_offline(port);
2209				mtx_lock(&softc->ctl_lock);
2210			} else if (cmd == CTL_SET_PORT_WWNS) {
2211				ctl_port_set_wwns(port,
2212				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2213				    1 : 0, entry->wwnn,
2214				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2215				    1 : 0, entry->wwpn);
2216			}
2217			if (done != 0)
2218				break;
2219		}
2220		mtx_unlock(&softc->ctl_lock);
2221		break;
2222	}
2223	case CTL_GET_PORT_LIST: {
2224		struct ctl_port *port;
2225		struct ctl_port_list *list;
2226		int i;
2227
2228		list = (struct ctl_port_list *)addr;
2229
2230		if (list->alloc_len != (list->alloc_num *
2231		    sizeof(struct ctl_port_entry))) {
2232			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2233			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2234			       "%zu\n", __func__, list->alloc_len,
2235			       list->alloc_num, sizeof(struct ctl_port_entry));
2236			retval = EINVAL;
2237			break;
2238		}
2239		list->fill_len = 0;
2240		list->fill_num = 0;
2241		list->dropped_num = 0;
2242		i = 0;
2243		mtx_lock(&softc->ctl_lock);
2244		STAILQ_FOREACH(port, &softc->port_list, links) {
2245			struct ctl_port_entry entry, *list_entry;
2246
2247			if (list->fill_num >= list->alloc_num) {
2248				list->dropped_num++;
2249				continue;
2250			}
2251
2252			entry.port_type = port->port_type;
2253			strlcpy(entry.port_name, port->port_name,
2254				sizeof(entry.port_name));
2255			entry.targ_port = port->targ_port;
2256			entry.physical_port = port->physical_port;
2257			entry.virtual_port = port->virtual_port;
2258			entry.wwnn = port->wwnn;
2259			entry.wwpn = port->wwpn;
2260			if (port->status & CTL_PORT_STATUS_ONLINE)
2261				entry.online = 1;
2262			else
2263				entry.online = 0;
2264
2265			list_entry = &list->entries[i];
2266
2267			retval = copyout(&entry, list_entry, sizeof(entry));
2268			if (retval != 0) {
2269				printf("%s: CTL_GET_PORT_LIST: copyout "
2270				       "returned %d\n", __func__, retval);
2271				break;
2272			}
2273			i++;
2274			list->fill_num++;
2275			list->fill_len += sizeof(entry);
2276		}
2277		mtx_unlock(&softc->ctl_lock);
2278
2279		/*
2280		 * If this is non-zero, we had a copyout fault, so there's
2281		 * probably no point in attempting to set the status inside
2282		 * the structure.
2283		 */
2284		if (retval != 0)
2285			break;
2286
2287		if (list->dropped_num > 0)
2288			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2289		else
2290			list->status = CTL_PORT_LIST_OK;
2291		break;
2292	}
2293	case CTL_DUMP_OOA: {
2294		union ctl_io *io;
2295		char printbuf[128];
2296		struct sbuf sb;
2297
2298		mtx_lock(&softc->ctl_lock);
2299		printf("Dumping OOA queues:\n");
2300		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2301			mtx_lock(&lun->lun_lock);
2302			for (io = (union ctl_io *)TAILQ_FIRST(
2303			     &lun->ooa_queue); io != NULL;
2304			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2305			     ooa_links)) {
2306				sbuf_new(&sb, printbuf, sizeof(printbuf),
2307					 SBUF_FIXEDLEN);
2308				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2309					    (intmax_t)lun->lun,
2310					    io->scsiio.tag_num,
2311					    (io->io_hdr.flags &
2312					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2313					    (io->io_hdr.flags &
2314					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2315					    (io->io_hdr.flags &
2316					    CTL_FLAG_ABORT) ? " ABORT" : "",
2317			                    (io->io_hdr.flags &
2318		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2319				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2320				sbuf_finish(&sb);
2321				printf("%s\n", sbuf_data(&sb));
2322			}
2323			mtx_unlock(&lun->lun_lock);
2324		}
2325		printf("OOA queues dump done\n");
2326		mtx_unlock(&softc->ctl_lock);
2327		break;
2328	}
2329	case CTL_GET_OOA: {
2330		struct ctl_ooa *ooa_hdr;
2331		struct ctl_ooa_entry *entries;
2332		uint32_t cur_fill_num;
2333
2334		ooa_hdr = (struct ctl_ooa *)addr;
2335
2336		if ((ooa_hdr->alloc_len == 0)
2337		 || (ooa_hdr->alloc_num == 0)) {
2338			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2339			       "must be non-zero\n", __func__,
2340			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2341			retval = EINVAL;
2342			break;
2343		}
2344
2345		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2346		    sizeof(struct ctl_ooa_entry))) {
2347			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2348			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2349			       __func__, ooa_hdr->alloc_len,
2350			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2351			retval = EINVAL;
2352			break;
2353		}
2354
2355		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2356		if (entries == NULL) {
2357			printf("%s: could not allocate %d bytes for OOA "
2358			       "dump\n", __func__, ooa_hdr->alloc_len);
2359			retval = ENOMEM;
2360			break;
2361		}
2362
2363		mtx_lock(&softc->ctl_lock);
2364		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2365		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2366		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2367			mtx_unlock(&softc->ctl_lock);
2368			free(entries, M_CTL);
2369			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2370			       __func__, (uintmax_t)ooa_hdr->lun_num);
2371			retval = EINVAL;
2372			break;
2373		}
2374
2375		cur_fill_num = 0;
2376
2377		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2378			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2379				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2380					ooa_hdr, entries);
2381				if (retval != 0)
2382					break;
2383			}
2384			if (retval != 0) {
2385				mtx_unlock(&softc->ctl_lock);
2386				free(entries, M_CTL);
2387				break;
2388			}
2389		} else {
2390			lun = softc->ctl_luns[ooa_hdr->lun_num];
2391
2392			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2393						    entries);
2394		}
2395		mtx_unlock(&softc->ctl_lock);
2396
2397		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2398		ooa_hdr->fill_len = ooa_hdr->fill_num *
2399			sizeof(struct ctl_ooa_entry);
2400		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2401		if (retval != 0) {
2402			printf("%s: error copying out %d bytes for OOA dump\n",
2403			       __func__, ooa_hdr->fill_len);
2404		}
2405
2406		getbintime(&ooa_hdr->cur_bt);
2407
2408		if (cur_fill_num > ooa_hdr->alloc_num) {
2409			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2410			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2411		} else {
2412			ooa_hdr->dropped_num = 0;
2413			ooa_hdr->status = CTL_OOA_OK;
2414		}
2415
2416		free(entries, M_CTL);
2417		break;
2418	}
2419	case CTL_CHECK_OOA: {
2420		union ctl_io *io;
2421		struct ctl_ooa_info *ooa_info;
2422
2423
2424		ooa_info = (struct ctl_ooa_info *)addr;
2425
2426		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2427			ooa_info->status = CTL_OOA_INVALID_LUN;
2428			break;
2429		}
2430		mtx_lock(&softc->ctl_lock);
2431		lun = softc->ctl_luns[ooa_info->lun_id];
2432		if (lun == NULL) {
2433			mtx_unlock(&softc->ctl_lock);
2434			ooa_info->status = CTL_OOA_INVALID_LUN;
2435			break;
2436		}
2437		mtx_lock(&lun->lun_lock);
2438		mtx_unlock(&softc->ctl_lock);
2439		ooa_info->num_entries = 0;
2440		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2441		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2442		     &io->io_hdr, ooa_links)) {
2443			ooa_info->num_entries++;
2444		}
2445		mtx_unlock(&lun->lun_lock);
2446
2447		ooa_info->status = CTL_OOA_SUCCESS;
2448
2449		break;
2450	}
2451	case CTL_DELAY_IO: {
2452		struct ctl_io_delay_info *delay_info;
2453
2454		delay_info = (struct ctl_io_delay_info *)addr;
2455
2456#ifdef CTL_IO_DELAY
2457		mtx_lock(&softc->ctl_lock);
2458
2459		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2460		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2461			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2462		} else {
2463			lun = softc->ctl_luns[delay_info->lun_id];
2464			mtx_lock(&lun->lun_lock);
2465
2466			delay_info->status = CTL_DELAY_STATUS_OK;
2467
2468			switch (delay_info->delay_type) {
2469			case CTL_DELAY_TYPE_CONT:
2470				break;
2471			case CTL_DELAY_TYPE_ONESHOT:
2472				break;
2473			default:
2474				delay_info->status =
2475					CTL_DELAY_STATUS_INVALID_TYPE;
2476				break;
2477			}
2478
2479			switch (delay_info->delay_loc) {
2480			case CTL_DELAY_LOC_DATAMOVE:
2481				lun->delay_info.datamove_type =
2482					delay_info->delay_type;
2483				lun->delay_info.datamove_delay =
2484					delay_info->delay_secs;
2485				break;
2486			case CTL_DELAY_LOC_DONE:
2487				lun->delay_info.done_type =
2488					delay_info->delay_type;
2489				lun->delay_info.done_delay =
2490					delay_info->delay_secs;
2491				break;
2492			default:
2493				delay_info->status =
2494					CTL_DELAY_STATUS_INVALID_LOC;
2495				break;
2496			}
2497			mtx_unlock(&lun->lun_lock);
2498		}
2499
2500		mtx_unlock(&softc->ctl_lock);
2501#else
2502		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2503#endif /* CTL_IO_DELAY */
2504		break;
2505	}
2506	case CTL_REALSYNC_SET: {
2507		int *syncstate;
2508
2509		syncstate = (int *)addr;
2510
2511		mtx_lock(&softc->ctl_lock);
2512		switch (*syncstate) {
2513		case 0:
2514			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2515			break;
2516		case 1:
2517			softc->flags |= CTL_FLAG_REAL_SYNC;
2518			break;
2519		default:
2520			retval = EINVAL;
2521			break;
2522		}
2523		mtx_unlock(&softc->ctl_lock);
2524		break;
2525	}
2526	case CTL_REALSYNC_GET: {
2527		int *syncstate;
2528
2529		syncstate = (int*)addr;
2530
2531		mtx_lock(&softc->ctl_lock);
2532		if (softc->flags & CTL_FLAG_REAL_SYNC)
2533			*syncstate = 1;
2534		else
2535			*syncstate = 0;
2536		mtx_unlock(&softc->ctl_lock);
2537
2538		break;
2539	}
2540	case CTL_SETSYNC:
2541	case CTL_GETSYNC: {
2542		struct ctl_sync_info *sync_info;
2543
2544		sync_info = (struct ctl_sync_info *)addr;
2545
2546		mtx_lock(&softc->ctl_lock);
2547		lun = softc->ctl_luns[sync_info->lun_id];
2548		if (lun == NULL) {
2549			mtx_unlock(&softc->ctl_lock);
2550			sync_info->status = CTL_GS_SYNC_NO_LUN;
2551			break;
2552		}
2553		/*
2554		 * Get or set the sync interval.  We're not bounds checking
2555		 * in the set case, hopefully the user won't do something
2556		 * silly.
2557		 */
2558		mtx_lock(&lun->lun_lock);
2559		mtx_unlock(&softc->ctl_lock);
2560		if (cmd == CTL_GETSYNC)
2561			sync_info->sync_interval = lun->sync_interval;
2562		else
2563			lun->sync_interval = sync_info->sync_interval;
2564		mtx_unlock(&lun->lun_lock);
2565
2566		sync_info->status = CTL_GS_SYNC_OK;
2567
2568		break;
2569	}
2570	case CTL_GETSTATS: {
2571		struct ctl_stats *stats;
2572		int i;
2573
2574		stats = (struct ctl_stats *)addr;
2575
2576		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2577		     stats->alloc_len) {
2578			stats->status = CTL_SS_NEED_MORE_SPACE;
2579			stats->num_luns = softc->num_luns;
2580			break;
2581		}
2582		/*
2583		 * XXX KDM no locking here.  If the LUN list changes,
2584		 * things can blow up.
2585		 */
2586		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2587		     i++, lun = STAILQ_NEXT(lun, links)) {
2588			retval = copyout(&lun->stats, &stats->lun_stats[i],
2589					 sizeof(lun->stats));
2590			if (retval != 0)
2591				break;
2592		}
2593		stats->num_luns = softc->num_luns;
2594		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2595				 softc->num_luns;
2596		stats->status = CTL_SS_OK;
2597#ifdef CTL_TIME_IO
2598		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2599#else
2600		stats->flags = CTL_STATS_FLAG_NONE;
2601#endif
2602		getnanouptime(&stats->timestamp);
2603		break;
2604	}
2605	case CTL_ERROR_INJECT: {
2606		struct ctl_error_desc *err_desc, *new_err_desc;
2607
2608		err_desc = (struct ctl_error_desc *)addr;
2609
2610		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2611				      M_WAITOK | M_ZERO);
2612		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2613
2614		mtx_lock(&softc->ctl_lock);
2615		lun = softc->ctl_luns[err_desc->lun_id];
2616		if (lun == NULL) {
2617			mtx_unlock(&softc->ctl_lock);
2618			free(new_err_desc, M_CTL);
2619			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2620			       __func__, (uintmax_t)err_desc->lun_id);
2621			retval = EINVAL;
2622			break;
2623		}
2624		mtx_lock(&lun->lun_lock);
2625		mtx_unlock(&softc->ctl_lock);
2626
2627		/*
2628		 * We could do some checking here to verify the validity
2629		 * of the request, but given the complexity of error
2630		 * injection requests, the checking logic would be fairly
2631		 * complex.
2632		 *
2633		 * For now, if the request is invalid, it just won't get
2634		 * executed and might get deleted.
2635		 */
2636		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2637
2638		/*
2639		 * XXX KDM check to make sure the serial number is unique,
2640		 * in case we somehow manage to wrap.  That shouldn't
2641		 * happen for a very long time, but it's the right thing to
2642		 * do.
2643		 */
2644		new_err_desc->serial = lun->error_serial;
2645		err_desc->serial = lun->error_serial;
2646		lun->error_serial++;
2647
2648		mtx_unlock(&lun->lun_lock);
2649		break;
2650	}
2651	case CTL_ERROR_INJECT_DELETE: {
2652		struct ctl_error_desc *delete_desc, *desc, *desc2;
2653		int delete_done;
2654
2655		delete_desc = (struct ctl_error_desc *)addr;
2656		delete_done = 0;
2657
2658		mtx_lock(&softc->ctl_lock);
2659		lun = softc->ctl_luns[delete_desc->lun_id];
2660		if (lun == NULL) {
2661			mtx_unlock(&softc->ctl_lock);
2662			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2663			       __func__, (uintmax_t)delete_desc->lun_id);
2664			retval = EINVAL;
2665			break;
2666		}
2667		mtx_lock(&lun->lun_lock);
2668		mtx_unlock(&softc->ctl_lock);
2669		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2670			if (desc->serial != delete_desc->serial)
2671				continue;
2672
2673			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2674				      links);
2675			free(desc, M_CTL);
2676			delete_done = 1;
2677		}
2678		mtx_unlock(&lun->lun_lock);
2679		if (delete_done == 0) {
2680			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2681			       "error serial %ju on LUN %u\n", __func__,
2682			       delete_desc->serial, delete_desc->lun_id);
2683			retval = EINVAL;
2684			break;
2685		}
2686		break;
2687	}
2688	case CTL_DUMP_STRUCTS: {
2689		int i, j, k;
2690		struct ctl_port *port;
2691		struct ctl_frontend *fe;
2692
2693		mtx_lock(&softc->ctl_lock);
2694		printf("CTL Persistent Reservation information start:\n");
2695		for (i = 0; i < CTL_MAX_LUNS; i++) {
2696			lun = softc->ctl_luns[i];
2697
2698			if ((lun == NULL)
2699			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2700				continue;
2701
2702			for (j = 0; j < CTL_MAX_PORTS; j++) {
2703				if (lun->pr_keys[j] == NULL)
2704					continue;
2705				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2706					if (lun->pr_keys[j][k] == 0)
2707						continue;
2708					printf("  LUN %d port %d iid %d key "
2709					       "%#jx\n", i, j, k,
2710					       (uintmax_t)lun->pr_keys[j][k]);
2711				}
2712			}
2713		}
2714		printf("CTL Persistent Reservation information end\n");
2715		printf("CTL Ports:\n");
2716		STAILQ_FOREACH(port, &softc->port_list, links) {
2717			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2718			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2719			       port->frontend->name, port->port_type,
2720			       port->physical_port, port->virtual_port,
2721			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2722			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2723				if (port->wwpn_iid[j].in_use == 0 &&
2724				    port->wwpn_iid[j].wwpn == 0 &&
2725				    port->wwpn_iid[j].name == NULL)
2726					continue;
2727
2728				printf("    iid %u use %d WWPN %#jx '%s'\n",
2729				    j, port->wwpn_iid[j].in_use,
2730				    (uintmax_t)port->wwpn_iid[j].wwpn,
2731				    port->wwpn_iid[j].name);
2732			}
2733		}
2734		printf("CTL Port information end\n");
2735		mtx_unlock(&softc->ctl_lock);
2736		/*
2737		 * XXX KDM calling this without a lock.  We'd likely want
2738		 * to drop the lock before calling the frontend's dump
2739		 * routine anyway.
2740		 */
2741		printf("CTL Frontends:\n");
2742		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2743			printf("  Frontend '%s'\n", fe->name);
2744			if (fe->fe_dump != NULL)
2745				fe->fe_dump();
2746		}
2747		printf("CTL Frontend information end\n");
2748		break;
2749	}
2750	case CTL_LUN_REQ: {
2751		struct ctl_lun_req *lun_req;
2752		struct ctl_backend_driver *backend;
2753
2754		lun_req = (struct ctl_lun_req *)addr;
2755
2756		backend = ctl_backend_find(lun_req->backend);
2757		if (backend == NULL) {
2758			lun_req->status = CTL_LUN_ERROR;
2759			snprintf(lun_req->error_str,
2760				 sizeof(lun_req->error_str),
2761				 "Backend \"%s\" not found.",
2762				 lun_req->backend);
2763			break;
2764		}
2765		if (lun_req->num_be_args > 0) {
2766			lun_req->kern_be_args = ctl_copyin_args(
2767				lun_req->num_be_args,
2768				lun_req->be_args,
2769				lun_req->error_str,
2770				sizeof(lun_req->error_str));
2771			if (lun_req->kern_be_args == NULL) {
2772				lun_req->status = CTL_LUN_ERROR;
2773				break;
2774			}
2775		}
2776
2777		retval = backend->ioctl(dev, cmd, addr, flag, td);
2778
2779		if (lun_req->num_be_args > 0) {
2780			ctl_copyout_args(lun_req->num_be_args,
2781				      lun_req->kern_be_args);
2782			ctl_free_args(lun_req->num_be_args,
2783				      lun_req->kern_be_args);
2784		}
2785		break;
2786	}
2787	case CTL_LUN_LIST: {
2788		struct sbuf *sb;
2789		struct ctl_lun_list *list;
2790		struct ctl_option *opt;
2791
2792		list = (struct ctl_lun_list *)addr;
2793
2794		/*
2795		 * Allocate a fixed length sbuf here, based on the length
2796		 * of the user's buffer.  We could allocate an auto-extending
2797		 * buffer, and then tell the user how much larger our
2798		 * amount of data is than his buffer, but that presents
2799		 * some problems:
2800		 *
2801		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2802		 *     we can't hold a lock while calling them with an
2803		 *     auto-extending buffer.
2804 		 *
2805		 * 2.  There is not currently a LUN reference counting
2806		 *     mechanism, outside of outstanding transactions on
2807		 *     the LUN's OOA queue.  So a LUN could go away on us
2808		 *     while we're getting the LUN number, backend-specific
2809		 *     information, etc.  Thus, given the way things
2810		 *     currently work, we need to hold the CTL lock while
2811		 *     grabbing LUN information.
2812		 *
2813		 * So, from the user's standpoint, the best thing to do is
2814		 * allocate what he thinks is a reasonable buffer length,
2815		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2816		 * double the buffer length and try again.  (And repeat
2817		 * that until he succeeds.)
2818		 */
2819		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2820		if (sb == NULL) {
2821			list->status = CTL_LUN_LIST_ERROR;
2822			snprintf(list->error_str, sizeof(list->error_str),
2823				 "Unable to allocate %d bytes for LUN list",
2824				 list->alloc_len);
2825			break;
2826		}
2827
2828		sbuf_printf(sb, "<ctllunlist>\n");
2829
2830		mtx_lock(&softc->ctl_lock);
2831		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2832			mtx_lock(&lun->lun_lock);
2833			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2834					     (uintmax_t)lun->lun);
2835
2836			/*
2837			 * Bail out as soon as we see that we've overfilled
2838			 * the buffer.
2839			 */
2840			if (retval != 0)
2841				break;
2842
2843			retval = sbuf_printf(sb, "\t<backend_type>%s"
2844					     "</backend_type>\n",
2845					     (lun->backend == NULL) ?  "none" :
2846					     lun->backend->name);
2847
2848			if (retval != 0)
2849				break;
2850
2851			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
2852					     lun->be_lun->lun_type);
2853
2854			if (retval != 0)
2855				break;
2856
2857			if (lun->backend == NULL) {
2858				retval = sbuf_printf(sb, "</lun>\n");
2859				if (retval != 0)
2860					break;
2861				continue;
2862			}
2863
2864			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
2865					     (lun->be_lun->maxlba > 0) ?
2866					     lun->be_lun->maxlba + 1 : 0);
2867
2868			if (retval != 0)
2869				break;
2870
2871			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
2872					     lun->be_lun->blocksize);
2873
2874			if (retval != 0)
2875				break;
2876
2877			retval = sbuf_printf(sb, "\t<serial_number>");
2878
2879			if (retval != 0)
2880				break;
2881
2882			retval = ctl_sbuf_printf_esc(sb,
2883			    lun->be_lun->serial_num,
2884			    sizeof(lun->be_lun->serial_num));
2885
2886			if (retval != 0)
2887				break;
2888
2889			retval = sbuf_printf(sb, "</serial_number>\n");
2890
2891			if (retval != 0)
2892				break;
2893
2894			retval = sbuf_printf(sb, "\t<device_id>");
2895
2896			if (retval != 0)
2897				break;
2898
2899			retval = ctl_sbuf_printf_esc(sb,
2900			    lun->be_lun->device_id,
2901			    sizeof(lun->be_lun->device_id));
2902
2903			if (retval != 0)
2904				break;
2905
2906			retval = sbuf_printf(sb, "</device_id>\n");
2907
2908			if (retval != 0)
2909				break;
2910
2911			if (lun->backend->lun_info != NULL) {
2912				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
2913				if (retval != 0)
2914					break;
2915			}
2916			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
2917				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
2918				    opt->name, opt->value, opt->name);
2919				if (retval != 0)
2920					break;
2921			}
2922
2923			retval = sbuf_printf(sb, "</lun>\n");
2924
2925			if (retval != 0)
2926				break;
2927			mtx_unlock(&lun->lun_lock);
2928		}
2929		if (lun != NULL)
2930			mtx_unlock(&lun->lun_lock);
2931		mtx_unlock(&softc->ctl_lock);
2932
2933		if ((retval != 0)
2934		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
2935			retval = 0;
2936			sbuf_delete(sb);
2937			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
2938			snprintf(list->error_str, sizeof(list->error_str),
2939				 "Out of space, %d bytes is too small",
2940				 list->alloc_len);
2941			break;
2942		}
2943
2944		sbuf_finish(sb);
2945
2946		retval = copyout(sbuf_data(sb), list->lun_xml,
2947				 sbuf_len(sb) + 1);
2948
2949		list->fill_len = sbuf_len(sb) + 1;
2950		list->status = CTL_LUN_LIST_OK;
2951		sbuf_delete(sb);
2952		break;
2953	}
2954	case CTL_ISCSI: {
2955		struct ctl_iscsi *ci;
2956		struct ctl_frontend *fe;
2957
2958		ci = (struct ctl_iscsi *)addr;
2959
2960		fe = ctl_frontend_find("iscsi");
2961		if (fe == NULL) {
2962			ci->status = CTL_ISCSI_ERROR;
2963			snprintf(ci->error_str, sizeof(ci->error_str),
2964			    "Frontend \"iscsi\" not found.");
2965			break;
2966		}
2967
2968		retval = fe->ioctl(dev, cmd, addr, flag, td);
2969		break;
2970	}
2971	case CTL_PORT_REQ: {
2972		struct ctl_req *req;
2973		struct ctl_frontend *fe;
2974
2975		req = (struct ctl_req *)addr;
2976
2977		fe = ctl_frontend_find(req->driver);
2978		if (fe == NULL) {
2979			req->status = CTL_LUN_ERROR;
2980			snprintf(req->error_str, sizeof(req->error_str),
2981			    "Frontend \"%s\" not found.", req->driver);
2982			break;
2983		}
2984		if (req->num_args > 0) {
2985			req->kern_args = ctl_copyin_args(req->num_args,
2986			    req->args, req->error_str, sizeof(req->error_str));
2987			if (req->kern_args == NULL) {
2988				req->status = CTL_LUN_ERROR;
2989				break;
2990			}
2991		}
2992
2993		if (fe->ioctl)
2994			retval = fe->ioctl(dev, cmd, addr, flag, td);
2995		else
2996			retval = ENODEV;
2997
2998		if (req->num_args > 0) {
2999			ctl_copyout_args(req->num_args, req->kern_args);
3000			ctl_free_args(req->num_args, req->kern_args);
3001		}
3002		break;
3003	}
3004	case CTL_PORT_LIST: {
3005		struct sbuf *sb;
3006		struct ctl_port *port;
3007		struct ctl_lun_list *list;
3008		struct ctl_option *opt;
3009		int j;
3010		uint32_t plun;
3011
3012		list = (struct ctl_lun_list *)addr;
3013
3014		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3015		if (sb == NULL) {
3016			list->status = CTL_LUN_LIST_ERROR;
3017			snprintf(list->error_str, sizeof(list->error_str),
3018				 "Unable to allocate %d bytes for LUN list",
3019				 list->alloc_len);
3020			break;
3021		}
3022
3023		sbuf_printf(sb, "<ctlportlist>\n");
3024
3025		mtx_lock(&softc->ctl_lock);
3026		STAILQ_FOREACH(port, &softc->port_list, links) {
3027			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3028					     (uintmax_t)port->targ_port);
3029
3030			/*
3031			 * Bail out as soon as we see that we've overfilled
3032			 * the buffer.
3033			 */
3034			if (retval != 0)
3035				break;
3036
3037			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3038			    "</frontend_type>\n", port->frontend->name);
3039			if (retval != 0)
3040				break;
3041
3042			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3043					     port->port_type);
3044			if (retval != 0)
3045				break;
3046
3047			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3048			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3049			if (retval != 0)
3050				break;
3051
3052			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3053			    port->port_name);
3054			if (retval != 0)
3055				break;
3056
3057			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3058			    port->physical_port);
3059			if (retval != 0)
3060				break;
3061
3062			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3063			    port->virtual_port);
3064			if (retval != 0)
3065				break;
3066
3067			if (port->target_devid != NULL) {
3068				sbuf_printf(sb, "\t<target>");
3069				ctl_id_sbuf(port->target_devid, sb);
3070				sbuf_printf(sb, "</target>\n");
3071			}
3072
3073			if (port->port_devid != NULL) {
3074				sbuf_printf(sb, "\t<port>");
3075				ctl_id_sbuf(port->port_devid, sb);
3076				sbuf_printf(sb, "</port>\n");
3077			}
3078
3079			if (port->port_info != NULL) {
3080				retval = port->port_info(port->onoff_arg, sb);
3081				if (retval != 0)
3082					break;
3083			}
3084			STAILQ_FOREACH(opt, &port->options, links) {
3085				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3086				    opt->name, opt->value, opt->name);
3087				if (retval != 0)
3088					break;
3089			}
3090
3091			if (port->lun_map != NULL) {
3092				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3093				for (j = 0; j < CTL_MAX_LUNS; j++) {
3094					plun = ctl_lun_map_from_port(port, j);
3095					if (plun >= CTL_MAX_LUNS)
3096						continue;
3097					sbuf_printf(sb,
3098					    "\t<lun id=\"%u\">%u</lun>\n",
3099					    j, plun);
3100				}
3101			}
3102
3103			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3104				if (port->wwpn_iid[j].in_use == 0 ||
3105				    (port->wwpn_iid[j].wwpn == 0 &&
3106				     port->wwpn_iid[j].name == NULL))
3107					continue;
3108
3109				if (port->wwpn_iid[j].name != NULL)
3110					retval = sbuf_printf(sb,
3111					    "\t<initiator id=\"%u\">%s</initiator>\n",
3112					    j, port->wwpn_iid[j].name);
3113				else
3114					retval = sbuf_printf(sb,
3115					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3116					    j, port->wwpn_iid[j].wwpn);
3117				if (retval != 0)
3118					break;
3119			}
3120			if (retval != 0)
3121				break;
3122
3123			retval = sbuf_printf(sb, "</targ_port>\n");
3124			if (retval != 0)
3125				break;
3126		}
3127		mtx_unlock(&softc->ctl_lock);
3128
3129		if ((retval != 0)
3130		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3131			retval = 0;
3132			sbuf_delete(sb);
3133			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3134			snprintf(list->error_str, sizeof(list->error_str),
3135				 "Out of space, %d bytes is too small",
3136				 list->alloc_len);
3137			break;
3138		}
3139
3140		sbuf_finish(sb);
3141
3142		retval = copyout(sbuf_data(sb), list->lun_xml,
3143				 sbuf_len(sb) + 1);
3144
3145		list->fill_len = sbuf_len(sb) + 1;
3146		list->status = CTL_LUN_LIST_OK;
3147		sbuf_delete(sb);
3148		break;
3149	}
3150	case CTL_LUN_MAP: {
3151		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3152		struct ctl_port *port;
3153
3154		mtx_lock(&softc->ctl_lock);
3155		if (lm->port < softc->port_min ||
3156		    lm->port >= softc->port_max ||
3157		    (port = softc->ctl_ports[lm->port]) == NULL) {
3158			mtx_unlock(&softc->ctl_lock);
3159			return (ENXIO);
3160		}
3161		if (port->status & CTL_PORT_STATUS_ONLINE) {
3162			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3163				if (ctl_lun_map_to_port(port, lun->lun) >=
3164				    CTL_MAX_LUNS)
3165					continue;
3166				mtx_lock(&lun->lun_lock);
3167				ctl_est_ua_port(lun, lm->port, -1,
3168				    CTL_UA_LUN_CHANGE);
3169				mtx_unlock(&lun->lun_lock);
3170			}
3171		}
3172		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3173		if (lm->plun < CTL_MAX_LUNS) {
3174			if (lm->lun == UINT32_MAX)
3175				retval = ctl_lun_map_unset(port, lm->plun);
3176			else if (lm->lun < CTL_MAX_LUNS &&
3177			    softc->ctl_luns[lm->lun] != NULL)
3178				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3179			else
3180				return (ENXIO);
3181		} else if (lm->plun == UINT32_MAX) {
3182			if (lm->lun == UINT32_MAX)
3183				retval = ctl_lun_map_deinit(port);
3184			else
3185				retval = ctl_lun_map_init(port);
3186		} else
3187			return (ENXIO);
3188		if (port->status & CTL_PORT_STATUS_ONLINE)
3189			ctl_isc_announce_port(port);
3190		break;
3191	}
3192	default: {
3193		/* XXX KDM should we fix this? */
3194#if 0
3195		struct ctl_backend_driver *backend;
3196		unsigned int type;
3197		int found;
3198
3199		found = 0;
3200
3201		/*
3202		 * We encode the backend type as the ioctl type for backend
3203		 * ioctls.  So parse it out here, and then search for a
3204		 * backend of this type.
3205		 */
3206		type = _IOC_TYPE(cmd);
3207
3208		STAILQ_FOREACH(backend, &softc->be_list, links) {
3209			if (backend->type == type) {
3210				found = 1;
3211				break;
3212			}
3213		}
3214		if (found == 0) {
3215			printf("ctl: unknown ioctl command %#lx or backend "
3216			       "%d\n", cmd, type);
3217			retval = EINVAL;
3218			break;
3219		}
3220		retval = backend->ioctl(dev, cmd, addr, flag, td);
3221#endif
3222		retval = ENOTTY;
3223		break;
3224	}
3225	}
3226	return (retval);
3227}
3228
3229uint32_t
3230ctl_get_initindex(struct ctl_nexus *nexus)
3231{
3232	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3233}
3234
3235int
3236ctl_lun_map_init(struct ctl_port *port)
3237{
3238	struct ctl_softc *softc = control_softc;
3239	struct ctl_lun *lun;
3240	uint32_t i;
3241
3242	if (port->lun_map == NULL)
3243		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3244		    M_CTL, M_NOWAIT);
3245	if (port->lun_map == NULL)
3246		return (ENOMEM);
3247	for (i = 0; i < CTL_MAX_LUNS; i++)
3248		port->lun_map[i] = UINT32_MAX;
3249	if (port->status & CTL_PORT_STATUS_ONLINE) {
3250		if (port->lun_disable != NULL) {
3251			STAILQ_FOREACH(lun, &softc->lun_list, links)
3252				port->lun_disable(port->targ_lun_arg, lun->lun);
3253		}
3254		ctl_isc_announce_port(port);
3255	}
3256	return (0);
3257}
3258
3259int
3260ctl_lun_map_deinit(struct ctl_port *port)
3261{
3262	struct ctl_softc *softc = control_softc;
3263	struct ctl_lun *lun;
3264
3265	if (port->lun_map == NULL)
3266		return (0);
3267	free(port->lun_map, M_CTL);
3268	port->lun_map = NULL;
3269	if (port->status & CTL_PORT_STATUS_ONLINE) {
3270		if (port->lun_enable != NULL) {
3271			STAILQ_FOREACH(lun, &softc->lun_list, links)
3272				port->lun_enable(port->targ_lun_arg, lun->lun);
3273		}
3274		ctl_isc_announce_port(port);
3275	}
3276	return (0);
3277}
3278
3279int
3280ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3281{
3282	int status;
3283	uint32_t old;
3284
3285	if (port->lun_map == NULL) {
3286		status = ctl_lun_map_init(port);
3287		if (status != 0)
3288			return (status);
3289	}
3290	old = port->lun_map[plun];
3291	port->lun_map[plun] = glun;
3292	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3293		if (port->lun_enable != NULL)
3294			port->lun_enable(port->targ_lun_arg, plun);
3295		ctl_isc_announce_port(port);
3296	}
3297	return (0);
3298}
3299
3300int
3301ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3302{
3303	uint32_t old;
3304
3305	if (port->lun_map == NULL)
3306		return (0);
3307	old = port->lun_map[plun];
3308	port->lun_map[plun] = UINT32_MAX;
3309	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3310		if (port->lun_disable != NULL)
3311			port->lun_disable(port->targ_lun_arg, plun);
3312		ctl_isc_announce_port(port);
3313	}
3314	return (0);
3315}
3316
3317uint32_t
3318ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3319{
3320
3321	if (port == NULL)
3322		return (UINT32_MAX);
3323	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3324		return (lun_id);
3325	return (port->lun_map[lun_id]);
3326}
3327
3328uint32_t
3329ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3330{
3331	uint32_t i;
3332
3333	if (port == NULL)
3334		return (UINT32_MAX);
3335	if (port->lun_map == NULL)
3336		return (lun_id);
3337	for (i = 0; i < CTL_MAX_LUNS; i++) {
3338		if (port->lun_map[i] == lun_id)
3339			return (i);
3340	}
3341	return (UINT32_MAX);
3342}
3343
3344static struct ctl_port *
3345ctl_io_port(struct ctl_io_hdr *io_hdr)
3346{
3347
3348	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3349}
3350
3351int
3352ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3353{
3354	int i;
3355
3356	for (i = first; i < last; i++) {
3357		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3358			return (i);
3359	}
3360	return (-1);
3361}
3362
3363int
3364ctl_set_mask(uint32_t *mask, uint32_t bit)
3365{
3366	uint32_t chunk, piece;
3367
3368	chunk = bit >> 5;
3369	piece = bit % (sizeof(uint32_t) * 8);
3370
3371	if ((mask[chunk] & (1 << piece)) != 0)
3372		return (-1);
3373	else
3374		mask[chunk] |= (1 << piece);
3375
3376	return (0);
3377}
3378
3379int
3380ctl_clear_mask(uint32_t *mask, uint32_t bit)
3381{
3382	uint32_t chunk, piece;
3383
3384	chunk = bit >> 5;
3385	piece = bit % (sizeof(uint32_t) * 8);
3386
3387	if ((mask[chunk] & (1 << piece)) == 0)
3388		return (-1);
3389	else
3390		mask[chunk] &= ~(1 << piece);
3391
3392	return (0);
3393}
3394
3395int
3396ctl_is_set(uint32_t *mask, uint32_t bit)
3397{
3398	uint32_t chunk, piece;
3399
3400	chunk = bit >> 5;
3401	piece = bit % (sizeof(uint32_t) * 8);
3402
3403	if ((mask[chunk] & (1 << piece)) == 0)
3404		return (0);
3405	else
3406		return (1);
3407}
3408
3409static uint64_t
3410ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3411{
3412	uint64_t *t;
3413
3414	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3415	if (t == NULL)
3416		return (0);
3417	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3418}
3419
3420static void
3421ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3422{
3423	uint64_t *t;
3424
3425	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3426	if (t == NULL)
3427		return;
3428	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3429}
3430
3431static void
3432ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3433{
3434	uint64_t *p;
3435	u_int i;
3436
3437	i = residx/CTL_MAX_INIT_PER_PORT;
3438	if (lun->pr_keys[i] != NULL)
3439		return;
3440	mtx_unlock(&lun->lun_lock);
3441	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3442	    M_WAITOK | M_ZERO);
3443	mtx_lock(&lun->lun_lock);
3444	if (lun->pr_keys[i] == NULL)
3445		lun->pr_keys[i] = p;
3446	else
3447		free(p, M_CTL);
3448}
3449
3450static void
3451ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3452{
3453	uint64_t *t;
3454
3455	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3456	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3457	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3458}
3459
3460/*
3461 * ctl_softc, pool_name, total_ctl_io are passed in.
3462 * npool is passed out.
3463 */
3464int
3465ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3466		uint32_t total_ctl_io, void **npool)
3467{
3468#ifdef IO_POOLS
3469	struct ctl_io_pool *pool;
3470
3471	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3472					    M_NOWAIT | M_ZERO);
3473	if (pool == NULL)
3474		return (ENOMEM);
3475
3476	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3477	pool->ctl_softc = ctl_softc;
3478	pool->zone = uma_zsecond_create(pool->name, NULL,
3479	    NULL, NULL, NULL, ctl_softc->io_zone);
3480	/* uma_prealloc(pool->zone, total_ctl_io); */
3481
3482	*npool = pool;
3483#else
3484	*npool = ctl_softc->io_zone;
3485#endif
3486	return (0);
3487}
3488
3489void
3490ctl_pool_free(struct ctl_io_pool *pool)
3491{
3492
3493	if (pool == NULL)
3494		return;
3495
3496#ifdef IO_POOLS
3497	uma_zdestroy(pool->zone);
3498	free(pool, M_CTL);
3499#endif
3500}
3501
3502union ctl_io *
3503ctl_alloc_io(void *pool_ref)
3504{
3505	union ctl_io *io;
3506#ifdef IO_POOLS
3507	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3508
3509	io = uma_zalloc(pool->zone, M_WAITOK);
3510#else
3511	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3512#endif
3513	if (io != NULL)
3514		io->io_hdr.pool = pool_ref;
3515	return (io);
3516}
3517
3518union ctl_io *
3519ctl_alloc_io_nowait(void *pool_ref)
3520{
3521	union ctl_io *io;
3522#ifdef IO_POOLS
3523	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3524
3525	io = uma_zalloc(pool->zone, M_NOWAIT);
3526#else
3527	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3528#endif
3529	if (io != NULL)
3530		io->io_hdr.pool = pool_ref;
3531	return (io);
3532}
3533
3534void
3535ctl_free_io(union ctl_io *io)
3536{
3537#ifdef IO_POOLS
3538	struct ctl_io_pool *pool;
3539#endif
3540
3541	if (io == NULL)
3542		return;
3543
3544#ifdef IO_POOLS
3545	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3546	uma_zfree(pool->zone, io);
3547#else
3548	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3549#endif
3550}
3551
3552void
3553ctl_zero_io(union ctl_io *io)
3554{
3555	void *pool_ref;
3556
3557	if (io == NULL)
3558		return;
3559
3560	/*
3561	 * May need to preserve linked list pointers at some point too.
3562	 */
3563	pool_ref = io->io_hdr.pool;
3564	memset(io, 0, sizeof(*io));
3565	io->io_hdr.pool = pool_ref;
3566}
3567
3568/*
3569 * This routine is currently used for internal copies of ctl_ios that need
3570 * to persist for some reason after we've already returned status to the
3571 * FETD.  (Thus the flag set.)
3572 *
3573 * XXX XXX
3574 * Note that this makes a blind copy of all fields in the ctl_io, except
3575 * for the pool reference.  This includes any memory that has been
3576 * allocated!  That memory will no longer be valid after done has been
3577 * called, so this would be VERY DANGEROUS for command that actually does
3578 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3579 * start and stop commands, which don't transfer any data, so this is not a
3580 * problem.  If it is used for anything else, the caller would also need to
3581 * allocate data buffer space and this routine would need to be modified to
3582 * copy the data buffer(s) as well.
3583 */
3584void
3585ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3586{
3587	void *pool_ref;
3588
3589	if ((src == NULL)
3590	 || (dest == NULL))
3591		return;
3592
3593	/*
3594	 * May need to preserve linked list pointers at some point too.
3595	 */
3596	pool_ref = dest->io_hdr.pool;
3597
3598	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3599
3600	dest->io_hdr.pool = pool_ref;
3601	/*
3602	 * We need to know that this is an internal copy, and doesn't need
3603	 * to get passed back to the FETD that allocated it.
3604	 */
3605	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3606}
3607
3608int
3609ctl_expand_number(const char *buf, uint64_t *num)
3610{
3611	char *endptr;
3612	uint64_t number;
3613	unsigned shift;
3614
3615	number = strtoq(buf, &endptr, 0);
3616
3617	switch (tolower((unsigned char)*endptr)) {
3618	case 'e':
3619		shift = 60;
3620		break;
3621	case 'p':
3622		shift = 50;
3623		break;
3624	case 't':
3625		shift = 40;
3626		break;
3627	case 'g':
3628		shift = 30;
3629		break;
3630	case 'm':
3631		shift = 20;
3632		break;
3633	case 'k':
3634		shift = 10;
3635		break;
3636	case 'b':
3637	case '\0': /* No unit. */
3638		*num = number;
3639		return (0);
3640	default:
3641		/* Unrecognized unit. */
3642		return (-1);
3643	}
3644
3645	if ((number << shift) >> shift != number) {
3646		/* Overflow */
3647		return (-1);
3648	}
3649	*num = number << shift;
3650	return (0);
3651}
3652
3653
3654/*
3655 * This routine could be used in the future to load default and/or saved
3656 * mode page parameters for a particuar lun.
3657 */
3658static int
3659ctl_init_page_index(struct ctl_lun *lun)
3660{
3661	int i;
3662	struct ctl_page_index *page_index;
3663	const char *value;
3664	uint64_t ival;
3665
3666	memcpy(&lun->mode_pages.index, page_index_template,
3667	       sizeof(page_index_template));
3668
3669	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3670
3671		page_index = &lun->mode_pages.index[i];
3672		/*
3673		 * If this is a disk-only mode page, there's no point in
3674		 * setting it up.  For some pages, we have to have some
3675		 * basic information about the disk in order to calculate the
3676		 * mode page data.
3677		 */
3678		if ((lun->be_lun->lun_type != T_DIRECT)
3679		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3680			continue;
3681
3682		switch (page_index->page_code & SMPH_PC_MASK) {
3683		case SMS_RW_ERROR_RECOVERY_PAGE: {
3684			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3685				panic("subpage is incorrect!");
3686			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3687			       &rw_er_page_default,
3688			       sizeof(rw_er_page_default));
3689			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3690			       &rw_er_page_changeable,
3691			       sizeof(rw_er_page_changeable));
3692			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3693			       &rw_er_page_default,
3694			       sizeof(rw_er_page_default));
3695			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3696			       &rw_er_page_default,
3697			       sizeof(rw_er_page_default));
3698			page_index->page_data =
3699				(uint8_t *)lun->mode_pages.rw_er_page;
3700			break;
3701		}
3702		case SMS_FORMAT_DEVICE_PAGE: {
3703			struct scsi_format_page *format_page;
3704
3705			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3706				panic("subpage is incorrect!");
3707
3708			/*
3709			 * Sectors per track are set above.  Bytes per
3710			 * sector need to be set here on a per-LUN basis.
3711			 */
3712			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3713			       &format_page_default,
3714			       sizeof(format_page_default));
3715			memcpy(&lun->mode_pages.format_page[
3716			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3717			       sizeof(format_page_changeable));
3718			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3719			       &format_page_default,
3720			       sizeof(format_page_default));
3721			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3722			       &format_page_default,
3723			       sizeof(format_page_default));
3724
3725			format_page = &lun->mode_pages.format_page[
3726				CTL_PAGE_CURRENT];
3727			scsi_ulto2b(lun->be_lun->blocksize,
3728				    format_page->bytes_per_sector);
3729
3730			format_page = &lun->mode_pages.format_page[
3731				CTL_PAGE_DEFAULT];
3732			scsi_ulto2b(lun->be_lun->blocksize,
3733				    format_page->bytes_per_sector);
3734
3735			format_page = &lun->mode_pages.format_page[
3736				CTL_PAGE_SAVED];
3737			scsi_ulto2b(lun->be_lun->blocksize,
3738				    format_page->bytes_per_sector);
3739
3740			page_index->page_data =
3741				(uint8_t *)lun->mode_pages.format_page;
3742			break;
3743		}
3744		case SMS_RIGID_DISK_PAGE: {
3745			struct scsi_rigid_disk_page *rigid_disk_page;
3746			uint32_t sectors_per_cylinder;
3747			uint64_t cylinders;
3748#ifndef	__XSCALE__
3749			int shift;
3750#endif /* !__XSCALE__ */
3751
3752			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3753				panic("invalid subpage value %d",
3754				      page_index->subpage);
3755
3756			/*
3757			 * Rotation rate and sectors per track are set
3758			 * above.  We calculate the cylinders here based on
3759			 * capacity.  Due to the number of heads and
3760			 * sectors per track we're using, smaller arrays
3761			 * may turn out to have 0 cylinders.  Linux and
3762			 * FreeBSD don't pay attention to these mode pages
3763			 * to figure out capacity, but Solaris does.  It
3764			 * seems to deal with 0 cylinders just fine, and
3765			 * works out a fake geometry based on the capacity.
3766			 */
3767			memcpy(&lun->mode_pages.rigid_disk_page[
3768			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3769			       sizeof(rigid_disk_page_default));
3770			memcpy(&lun->mode_pages.rigid_disk_page[
3771			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3772			       sizeof(rigid_disk_page_changeable));
3773
3774			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3775				CTL_DEFAULT_HEADS;
3776
3777			/*
3778			 * The divide method here will be more accurate,
3779			 * probably, but results in floating point being
3780			 * used in the kernel on i386 (__udivdi3()).  On the
3781			 * XScale, though, __udivdi3() is implemented in
3782			 * software.
3783			 *
3784			 * The shift method for cylinder calculation is
3785			 * accurate if sectors_per_cylinder is a power of
3786			 * 2.  Otherwise it might be slightly off -- you
3787			 * might have a bit of a truncation problem.
3788			 */
3789#ifdef	__XSCALE__
3790			cylinders = (lun->be_lun->maxlba + 1) /
3791				sectors_per_cylinder;
3792#else
3793			for (shift = 31; shift > 0; shift--) {
3794				if (sectors_per_cylinder & (1 << shift))
3795					break;
3796			}
3797			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3798#endif
3799
3800			/*
3801			 * We've basically got 3 bytes, or 24 bits for the
3802			 * cylinder size in the mode page.  If we're over,
3803			 * just round down to 2^24.
3804			 */
3805			if (cylinders > 0xffffff)
3806				cylinders = 0xffffff;
3807
3808			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3809				CTL_PAGE_DEFAULT];
3810			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3811
3812			if ((value = ctl_get_opt(&lun->be_lun->options,
3813			    "rpm")) != NULL) {
3814				scsi_ulto2b(strtol(value, NULL, 0),
3815				     rigid_disk_page->rotation_rate);
3816			}
3817
3818			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3819			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3820			       sizeof(rigid_disk_page_default));
3821			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3822			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3823			       sizeof(rigid_disk_page_default));
3824
3825			page_index->page_data =
3826				(uint8_t *)lun->mode_pages.rigid_disk_page;
3827			break;
3828		}
3829		case SMS_CACHING_PAGE: {
3830			struct scsi_caching_page *caching_page;
3831
3832			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3833				panic("invalid subpage value %d",
3834				      page_index->subpage);
3835			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3836			       &caching_page_default,
3837			       sizeof(caching_page_default));
3838			memcpy(&lun->mode_pages.caching_page[
3839			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3840			       sizeof(caching_page_changeable));
3841			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3842			       &caching_page_default,
3843			       sizeof(caching_page_default));
3844			caching_page = &lun->mode_pages.caching_page[
3845			    CTL_PAGE_SAVED];
3846			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3847			if (value != NULL && strcmp(value, "off") == 0)
3848				caching_page->flags1 &= ~SCP_WCE;
3849			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3850			if (value != NULL && strcmp(value, "off") == 0)
3851				caching_page->flags1 |= SCP_RCD;
3852			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3853			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3854			       sizeof(caching_page_default));
3855			page_index->page_data =
3856				(uint8_t *)lun->mode_pages.caching_page;
3857			break;
3858		}
3859		case SMS_CONTROL_MODE_PAGE: {
3860			struct scsi_control_page *control_page;
3861
3862			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3863				panic("invalid subpage value %d",
3864				      page_index->subpage);
3865
3866			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
3867			       &control_page_default,
3868			       sizeof(control_page_default));
3869			memcpy(&lun->mode_pages.control_page[
3870			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
3871			       sizeof(control_page_changeable));
3872			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
3873			       &control_page_default,
3874			       sizeof(control_page_default));
3875			control_page = &lun->mode_pages.control_page[
3876			    CTL_PAGE_SAVED];
3877			value = ctl_get_opt(&lun->be_lun->options, "reordering");
3878			if (value != NULL && strcmp(value, "unrestricted") == 0) {
3879				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
3880				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
3881			}
3882			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3883			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
3884			       sizeof(control_page_default));
3885			page_index->page_data =
3886				(uint8_t *)lun->mode_pages.control_page;
3887			break;
3888
3889		}
3890		case SMS_INFO_EXCEPTIONS_PAGE: {
3891			switch (page_index->subpage) {
3892			case SMS_SUBPAGE_PAGE_0:
3893				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
3894				       &ie_page_default,
3895				       sizeof(ie_page_default));
3896				memcpy(&lun->mode_pages.ie_page[
3897				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
3898				       sizeof(ie_page_changeable));
3899				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
3900				       &ie_page_default,
3901				       sizeof(ie_page_default));
3902				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
3903				       &ie_page_default,
3904				       sizeof(ie_page_default));
3905				page_index->page_data =
3906					(uint8_t *)lun->mode_pages.ie_page;
3907				break;
3908			case 0x02: {
3909				struct ctl_logical_block_provisioning_page *page;
3910
3911				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
3912				       &lbp_page_default,
3913				       sizeof(lbp_page_default));
3914				memcpy(&lun->mode_pages.lbp_page[
3915				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
3916				       sizeof(lbp_page_changeable));
3917				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3918				       &lbp_page_default,
3919				       sizeof(lbp_page_default));
3920				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
3921				value = ctl_get_opt(&lun->be_lun->options,
3922				    "avail-threshold");
3923				if (value != NULL &&
3924				    ctl_expand_number(value, &ival) == 0) {
3925					page->descr[0].flags |= SLBPPD_ENABLED |
3926					    SLBPPD_ARMING_DEC;
3927					if (lun->be_lun->blocksize)
3928						ival /= lun->be_lun->blocksize;
3929					else
3930						ival /= 512;
3931					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3932					    page->descr[0].count);
3933				}
3934				value = ctl_get_opt(&lun->be_lun->options,
3935				    "used-threshold");
3936				if (value != NULL &&
3937				    ctl_expand_number(value, &ival) == 0) {
3938					page->descr[1].flags |= SLBPPD_ENABLED |
3939					    SLBPPD_ARMING_INC;
3940					if (lun->be_lun->blocksize)
3941						ival /= lun->be_lun->blocksize;
3942					else
3943						ival /= 512;
3944					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3945					    page->descr[1].count);
3946				}
3947				value = ctl_get_opt(&lun->be_lun->options,
3948				    "pool-avail-threshold");
3949				if (value != NULL &&
3950				    ctl_expand_number(value, &ival) == 0) {
3951					page->descr[2].flags |= SLBPPD_ENABLED |
3952					    SLBPPD_ARMING_DEC;
3953					if (lun->be_lun->blocksize)
3954						ival /= lun->be_lun->blocksize;
3955					else
3956						ival /= 512;
3957					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3958					    page->descr[2].count);
3959				}
3960				value = ctl_get_opt(&lun->be_lun->options,
3961				    "pool-used-threshold");
3962				if (value != NULL &&
3963				    ctl_expand_number(value, &ival) == 0) {
3964					page->descr[3].flags |= SLBPPD_ENABLED |
3965					    SLBPPD_ARMING_INC;
3966					if (lun->be_lun->blocksize)
3967						ival /= lun->be_lun->blocksize;
3968					else
3969						ival /= 512;
3970					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3971					    page->descr[3].count);
3972				}
3973				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
3974				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3975				       sizeof(lbp_page_default));
3976				page_index->page_data =
3977					(uint8_t *)lun->mode_pages.lbp_page;
3978			}}
3979			break;
3980		}
3981		case SMS_VENDOR_SPECIFIC_PAGE:{
3982			switch (page_index->subpage) {
3983			case DBGCNF_SUBPAGE_CODE: {
3984				struct copan_debugconf_subpage *current_page,
3985							       *saved_page;
3986
3987				memcpy(&lun->mode_pages.debugconf_subpage[
3988				       CTL_PAGE_CURRENT],
3989				       &debugconf_page_default,
3990				       sizeof(debugconf_page_default));
3991				memcpy(&lun->mode_pages.debugconf_subpage[
3992				       CTL_PAGE_CHANGEABLE],
3993				       &debugconf_page_changeable,
3994				       sizeof(debugconf_page_changeable));
3995				memcpy(&lun->mode_pages.debugconf_subpage[
3996				       CTL_PAGE_DEFAULT],
3997				       &debugconf_page_default,
3998				       sizeof(debugconf_page_default));
3999				memcpy(&lun->mode_pages.debugconf_subpage[
4000				       CTL_PAGE_SAVED],
4001				       &debugconf_page_default,
4002				       sizeof(debugconf_page_default));
4003				page_index->page_data =
4004					(uint8_t *)lun->mode_pages.debugconf_subpage;
4005
4006				current_page = (struct copan_debugconf_subpage *)
4007					(page_index->page_data +
4008					 (page_index->page_len *
4009					  CTL_PAGE_CURRENT));
4010				saved_page = (struct copan_debugconf_subpage *)
4011					(page_index->page_data +
4012					 (page_index->page_len *
4013					  CTL_PAGE_SAVED));
4014				break;
4015			}
4016			default:
4017				panic("invalid subpage value %d",
4018				      page_index->subpage);
4019				break;
4020			}
4021   			break;
4022		}
4023		default:
4024			panic("invalid page value %d",
4025			      page_index->page_code & SMPH_PC_MASK);
4026			break;
4027    	}
4028	}
4029
4030	return (CTL_RETVAL_COMPLETE);
4031}
4032
4033static int
4034ctl_init_log_page_index(struct ctl_lun *lun)
4035{
4036	struct ctl_page_index *page_index;
4037	int i, j, k, prev;
4038
4039	memcpy(&lun->log_pages.index, log_page_index_template,
4040	       sizeof(log_page_index_template));
4041
4042	prev = -1;
4043	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4044
4045		page_index = &lun->log_pages.index[i];
4046		/*
4047		 * If this is a disk-only mode page, there's no point in
4048		 * setting it up.  For some pages, we have to have some
4049		 * basic information about the disk in order to calculate the
4050		 * mode page data.
4051		 */
4052		if ((lun->be_lun->lun_type != T_DIRECT)
4053		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4054			continue;
4055
4056		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4057		     lun->backend->lun_attr == NULL)
4058			continue;
4059
4060		if (page_index->page_code != prev) {
4061			lun->log_pages.pages_page[j] = page_index->page_code;
4062			prev = page_index->page_code;
4063			j++;
4064		}
4065		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4066		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4067		k++;
4068	}
4069	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4070	lun->log_pages.index[0].page_len = j;
4071	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4072	lun->log_pages.index[1].page_len = k * 2;
4073	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4074	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4075	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4076	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4077
4078	return (CTL_RETVAL_COMPLETE);
4079}
4080
4081static int
4082hex2bin(const char *str, uint8_t *buf, int buf_size)
4083{
4084	int i;
4085	u_char c;
4086
4087	memset(buf, 0, buf_size);
4088	while (isspace(str[0]))
4089		str++;
4090	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4091		str += 2;
4092	buf_size *= 2;
4093	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4094		c = str[i];
4095		if (isdigit(c))
4096			c -= '0';
4097		else if (isalpha(c))
4098			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4099		else
4100			break;
4101		if (c >= 16)
4102			break;
4103		if ((i & 1) == 0)
4104			buf[i / 2] |= (c << 4);
4105		else
4106			buf[i / 2] |= c;
4107	}
4108	return ((i + 1) / 2);
4109}
4110
4111/*
4112 * LUN allocation.
4113 *
4114 * Requirements:
4115 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4116 *   wants us to allocate the LUN and he can block.
4117 * - ctl_softc is always set
4118 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4119 *
4120 * Returns 0 for success, non-zero (errno) for failure.
4121 */
4122static int
4123ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4124	      struct ctl_be_lun *const be_lun)
4125{
4126	struct ctl_lun *nlun, *lun;
4127	struct scsi_vpd_id_descriptor *desc;
4128	struct scsi_vpd_id_t10 *t10id;
4129	const char *eui, *naa, *scsiname, *vendor;
4130	int lun_number, i, lun_malloced;
4131	int devidlen, idlen1, idlen2 = 0, len;
4132
4133	if (be_lun == NULL)
4134		return (EINVAL);
4135
4136	/*
4137	 * We currently only support Direct Access or Processor LUN types.
4138	 */
4139	switch (be_lun->lun_type) {
4140	case T_DIRECT:
4141		break;
4142	case T_PROCESSOR:
4143		break;
4144	case T_SEQUENTIAL:
4145	case T_CHANGER:
4146	default:
4147		be_lun->lun_config_status(be_lun->be_lun,
4148					  CTL_LUN_CONFIG_FAILURE);
4149		break;
4150	}
4151	if (ctl_lun == NULL) {
4152		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4153		lun_malloced = 1;
4154	} else {
4155		lun_malloced = 0;
4156		lun = ctl_lun;
4157	}
4158
4159	memset(lun, 0, sizeof(*lun));
4160	if (lun_malloced)
4161		lun->flags = CTL_LUN_MALLOCED;
4162
4163	/* Generate LUN ID. */
4164	devidlen = max(CTL_DEVID_MIN_LEN,
4165	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4166	idlen1 = sizeof(*t10id) + devidlen;
4167	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4168	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4169	if (scsiname != NULL) {
4170		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4171		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4172	}
4173	eui = ctl_get_opt(&be_lun->options, "eui");
4174	if (eui != NULL) {
4175		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4176	}
4177	naa = ctl_get_opt(&be_lun->options, "naa");
4178	if (naa != NULL) {
4179		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4180	}
4181	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4182	    M_CTL, M_WAITOK | M_ZERO);
4183	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4184	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4185	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4186	desc->length = idlen1;
4187	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4188	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4189	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4190		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4191	} else {
4192		strncpy(t10id->vendor, vendor,
4193		    min(sizeof(t10id->vendor), strlen(vendor)));
4194	}
4195	strncpy((char *)t10id->vendor_spec_id,
4196	    (char *)be_lun->device_id, devidlen);
4197	if (scsiname != NULL) {
4198		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4199		    desc->length);
4200		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4201		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4202		    SVPD_ID_TYPE_SCSI_NAME;
4203		desc->length = idlen2;
4204		strlcpy(desc->identifier, scsiname, idlen2);
4205	}
4206	if (eui != NULL) {
4207		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4208		    desc->length);
4209		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4210		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4211		    SVPD_ID_TYPE_EUI64;
4212		desc->length = hex2bin(eui, desc->identifier, 16);
4213		desc->length = desc->length > 12 ? 16 :
4214		    (desc->length > 8 ? 12 : 8);
4215		len -= 16 - desc->length;
4216	}
4217	if (naa != NULL) {
4218		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4219		    desc->length);
4220		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4221		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4222		    SVPD_ID_TYPE_NAA;
4223		desc->length = hex2bin(naa, desc->identifier, 16);
4224		desc->length = desc->length > 8 ? 16 : 8;
4225		len -= 16 - desc->length;
4226	}
4227	lun->lun_devid->len = len;
4228
4229	mtx_lock(&ctl_softc->ctl_lock);
4230	/*
4231	 * See if the caller requested a particular LUN number.  If so, see
4232	 * if it is available.  Otherwise, allocate the first available LUN.
4233	 */
4234	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4235		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4236		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4237			mtx_unlock(&ctl_softc->ctl_lock);
4238			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4239				printf("ctl: requested LUN ID %d is higher "
4240				       "than CTL_MAX_LUNS - 1 (%d)\n",
4241				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4242			} else {
4243				/*
4244				 * XXX KDM return an error, or just assign
4245				 * another LUN ID in this case??
4246				 */
4247				printf("ctl: requested LUN ID %d is already "
4248				       "in use\n", be_lun->req_lun_id);
4249			}
4250			if (lun->flags & CTL_LUN_MALLOCED)
4251				free(lun, M_CTL);
4252			be_lun->lun_config_status(be_lun->be_lun,
4253						  CTL_LUN_CONFIG_FAILURE);
4254			return (ENOSPC);
4255		}
4256		lun_number = be_lun->req_lun_id;
4257	} else {
4258		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4259		if (lun_number == -1) {
4260			mtx_unlock(&ctl_softc->ctl_lock);
4261			printf("ctl: can't allocate LUN, out of LUNs\n");
4262			if (lun->flags & CTL_LUN_MALLOCED)
4263				free(lun, M_CTL);
4264			be_lun->lun_config_status(be_lun->be_lun,
4265						  CTL_LUN_CONFIG_FAILURE);
4266			return (ENOSPC);
4267		}
4268	}
4269	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4270
4271	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4272	lun->lun = lun_number;
4273	lun->be_lun = be_lun;
4274	/*
4275	 * The processor LUN is always enabled.  Disk LUNs come on line
4276	 * disabled, and must be enabled by the backend.
4277	 */
4278	lun->flags |= CTL_LUN_DISABLED;
4279	lun->backend = be_lun->be;
4280	be_lun->ctl_lun = lun;
4281	be_lun->lun_id = lun_number;
4282	atomic_add_int(&be_lun->be->num_luns, 1);
4283	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4284		lun->flags |= CTL_LUN_OFFLINE;
4285
4286	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4287		lun->flags |= CTL_LUN_STOPPED;
4288
4289	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4290		lun->flags |= CTL_LUN_INOPERABLE;
4291
4292	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4293		lun->flags |= CTL_LUN_PRIMARY_SC;
4294
4295	lun->ctl_softc = ctl_softc;
4296#ifdef CTL_TIME_IO
4297	lun->last_busy = getsbinuptime();
4298#endif
4299	TAILQ_INIT(&lun->ooa_queue);
4300	TAILQ_INIT(&lun->blocked_queue);
4301	STAILQ_INIT(&lun->error_list);
4302	ctl_tpc_lun_init(lun);
4303
4304	/*
4305	 * Initialize the mode and log page index.
4306	 */
4307	ctl_init_page_index(lun);
4308	ctl_init_log_page_index(lun);
4309
4310	/*
4311	 * Now, before we insert this lun on the lun list, set the lun
4312	 * inventory changed UA for all other luns.
4313	 */
4314	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4315		mtx_lock(&nlun->lun_lock);
4316		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4317		mtx_unlock(&nlun->lun_lock);
4318	}
4319
4320	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4321
4322	ctl_softc->ctl_luns[lun_number] = lun;
4323
4324	ctl_softc->num_luns++;
4325
4326	/* Setup statistics gathering */
4327	lun->stats.device_type = be_lun->lun_type;
4328	lun->stats.lun_number = lun_number;
4329	if (lun->stats.device_type == T_DIRECT)
4330		lun->stats.blocksize = be_lun->blocksize;
4331	else
4332		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4333	for (i = 0;i < CTL_MAX_PORTS;i++)
4334		lun->stats.ports[i].targ_port = i;
4335
4336	mtx_unlock(&ctl_softc->ctl_lock);
4337
4338	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4339	return (0);
4340}
4341
4342/*
4343 * Delete a LUN.
4344 * Assumptions:
4345 * - LUN has already been marked invalid and any pending I/O has been taken
4346 *   care of.
4347 */
4348static int
4349ctl_free_lun(struct ctl_lun *lun)
4350{
4351	struct ctl_softc *softc;
4352	struct ctl_lun *nlun;
4353	int i;
4354
4355	softc = lun->ctl_softc;
4356
4357	mtx_assert(&softc->ctl_lock, MA_OWNED);
4358
4359	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4360
4361	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4362
4363	softc->ctl_luns[lun->lun] = NULL;
4364
4365	if (!TAILQ_EMPTY(&lun->ooa_queue))
4366		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4367
4368	softc->num_luns--;
4369
4370	/*
4371	 * Tell the backend to free resources, if this LUN has a backend.
4372	 */
4373	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4374	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4375
4376	ctl_tpc_lun_shutdown(lun);
4377	mtx_destroy(&lun->lun_lock);
4378	free(lun->lun_devid, M_CTL);
4379	for (i = 0; i < CTL_MAX_PORTS; i++)
4380		free(lun->pending_ua[i], M_CTL);
4381	for (i = 0; i < CTL_MAX_PORTS; i++)
4382		free(lun->pr_keys[i], M_CTL);
4383	free(lun->write_buffer, M_CTL);
4384	if (lun->flags & CTL_LUN_MALLOCED)
4385		free(lun, M_CTL);
4386
4387	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4388		mtx_lock(&nlun->lun_lock);
4389		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4390		mtx_unlock(&nlun->lun_lock);
4391	}
4392
4393	return (0);
4394}
4395
4396static void
4397ctl_create_lun(struct ctl_be_lun *be_lun)
4398{
4399	struct ctl_softc *softc;
4400
4401	softc = control_softc;
4402
4403	/*
4404	 * ctl_alloc_lun() should handle all potential failure cases.
4405	 */
4406	ctl_alloc_lun(softc, NULL, be_lun);
4407}
4408
4409int
4410ctl_add_lun(struct ctl_be_lun *be_lun)
4411{
4412	struct ctl_softc *softc = control_softc;
4413
4414	mtx_lock(&softc->ctl_lock);
4415	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4416	mtx_unlock(&softc->ctl_lock);
4417	wakeup(&softc->pending_lun_queue);
4418
4419	return (0);
4420}
4421
4422int
4423ctl_enable_lun(struct ctl_be_lun *be_lun)
4424{
4425	struct ctl_softc *softc;
4426	struct ctl_port *port, *nport;
4427	struct ctl_lun *lun;
4428	int retval;
4429
4430	lun = (struct ctl_lun *)be_lun->ctl_lun;
4431	softc = lun->ctl_softc;
4432
4433	mtx_lock(&softc->ctl_lock);
4434	mtx_lock(&lun->lun_lock);
4435	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4436		/*
4437		 * eh?  Why did we get called if the LUN is already
4438		 * enabled?
4439		 */
4440		mtx_unlock(&lun->lun_lock);
4441		mtx_unlock(&softc->ctl_lock);
4442		return (0);
4443	}
4444	lun->flags &= ~CTL_LUN_DISABLED;
4445	mtx_unlock(&lun->lun_lock);
4446
4447	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4448		nport = STAILQ_NEXT(port, links);
4449		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4450		    port->lun_map != NULL || port->lun_enable == NULL)
4451			continue;
4452
4453		/*
4454		 * Drop the lock while we call the FETD's enable routine.
4455		 * This can lead to a callback into CTL (at least in the
4456		 * case of the internal initiator frontend.
4457		 */
4458		mtx_unlock(&softc->ctl_lock);
4459		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4460		mtx_lock(&softc->ctl_lock);
4461		if (retval != 0) {
4462			printf("%s: FETD %s port %d returned error "
4463			       "%d for lun_enable on lun %jd\n",
4464			       __func__, port->port_name, port->targ_port,
4465			       retval, (intmax_t)lun->lun);
4466		}
4467	}
4468
4469	mtx_unlock(&softc->ctl_lock);
4470	ctl_isc_announce_lun(lun);
4471
4472	return (0);
4473}
4474
4475int
4476ctl_disable_lun(struct ctl_be_lun *be_lun)
4477{
4478	struct ctl_softc *softc;
4479	struct ctl_port *port;
4480	struct ctl_lun *lun;
4481	int retval;
4482
4483	lun = (struct ctl_lun *)be_lun->ctl_lun;
4484	softc = lun->ctl_softc;
4485
4486	mtx_lock(&softc->ctl_lock);
4487	mtx_lock(&lun->lun_lock);
4488	if (lun->flags & CTL_LUN_DISABLED) {
4489		mtx_unlock(&lun->lun_lock);
4490		mtx_unlock(&softc->ctl_lock);
4491		return (0);
4492	}
4493	lun->flags |= CTL_LUN_DISABLED;
4494	mtx_unlock(&lun->lun_lock);
4495
4496	STAILQ_FOREACH(port, &softc->port_list, links) {
4497		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4498		    port->lun_map != NULL || port->lun_disable == NULL)
4499			continue;
4500
4501		/*
4502		 * Drop the lock before we call the frontend's disable
4503		 * routine, to avoid lock order reversals.
4504		 *
4505		 * XXX KDM what happens if the frontend list changes while
4506		 * we're traversing it?  It's unlikely, but should be handled.
4507		 */
4508		mtx_unlock(&softc->ctl_lock);
4509		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4510		mtx_lock(&softc->ctl_lock);
4511		if (retval != 0) {
4512			printf("%s: FETD %s port %d returned error "
4513			       "%d for lun_disable on lun %jd\n",
4514			       __func__, port->port_name, port->targ_port,
4515			       retval, (intmax_t)lun->lun);
4516		}
4517	}
4518
4519	mtx_unlock(&softc->ctl_lock);
4520	ctl_isc_announce_lun(lun);
4521
4522	return (0);
4523}
4524
4525int
4526ctl_start_lun(struct ctl_be_lun *be_lun)
4527{
4528	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4529
4530	mtx_lock(&lun->lun_lock);
4531	lun->flags &= ~CTL_LUN_STOPPED;
4532	mtx_unlock(&lun->lun_lock);
4533	return (0);
4534}
4535
4536int
4537ctl_stop_lun(struct ctl_be_lun *be_lun)
4538{
4539	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4540
4541	mtx_lock(&lun->lun_lock);
4542	lun->flags |= CTL_LUN_STOPPED;
4543	mtx_unlock(&lun->lun_lock);
4544	return (0);
4545}
4546
4547int
4548ctl_lun_offline(struct ctl_be_lun *be_lun)
4549{
4550	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4551
4552	mtx_lock(&lun->lun_lock);
4553	lun->flags |= CTL_LUN_OFFLINE;
4554	mtx_unlock(&lun->lun_lock);
4555	return (0);
4556}
4557
4558int
4559ctl_lun_online(struct ctl_be_lun *be_lun)
4560{
4561	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4562
4563	mtx_lock(&lun->lun_lock);
4564	lun->flags &= ~CTL_LUN_OFFLINE;
4565	mtx_unlock(&lun->lun_lock);
4566	return (0);
4567}
4568
4569int
4570ctl_lun_primary(struct ctl_be_lun *be_lun)
4571{
4572	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4573
4574	mtx_lock(&lun->lun_lock);
4575	lun->flags |= CTL_LUN_PRIMARY_SC;
4576	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4577	mtx_unlock(&lun->lun_lock);
4578	ctl_isc_announce_lun(lun);
4579	return (0);
4580}
4581
4582int
4583ctl_lun_secondary(struct ctl_be_lun *be_lun)
4584{
4585	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4586
4587	mtx_lock(&lun->lun_lock);
4588	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4589	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4590	mtx_unlock(&lun->lun_lock);
4591	ctl_isc_announce_lun(lun);
4592	return (0);
4593}
4594
4595int
4596ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4597{
4598	struct ctl_softc *softc;
4599	struct ctl_lun *lun;
4600
4601	lun = (struct ctl_lun *)be_lun->ctl_lun;
4602	softc = lun->ctl_softc;
4603
4604	mtx_lock(&lun->lun_lock);
4605
4606	/*
4607	 * The LUN needs to be disabled before it can be marked invalid.
4608	 */
4609	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4610		mtx_unlock(&lun->lun_lock);
4611		return (-1);
4612	}
4613	/*
4614	 * Mark the LUN invalid.
4615	 */
4616	lun->flags |= CTL_LUN_INVALID;
4617
4618	/*
4619	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4620	 * If we have something in the OOA queue, we'll free it when the
4621	 * last I/O completes.
4622	 */
4623	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4624		mtx_unlock(&lun->lun_lock);
4625		mtx_lock(&softc->ctl_lock);
4626		ctl_free_lun(lun);
4627		mtx_unlock(&softc->ctl_lock);
4628	} else
4629		mtx_unlock(&lun->lun_lock);
4630
4631	return (0);
4632}
4633
4634int
4635ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4636{
4637	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4638
4639	mtx_lock(&lun->lun_lock);
4640	lun->flags |= CTL_LUN_INOPERABLE;
4641	mtx_unlock(&lun->lun_lock);
4642	return (0);
4643}
4644
4645int
4646ctl_lun_operable(struct ctl_be_lun *be_lun)
4647{
4648	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4649
4650	mtx_lock(&lun->lun_lock);
4651	lun->flags &= ~CTL_LUN_INOPERABLE;
4652	mtx_unlock(&lun->lun_lock);
4653	return (0);
4654}
4655
4656void
4657ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4658{
4659	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4660	union ctl_ha_msg msg;
4661
4662	mtx_lock(&lun->lun_lock);
4663	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4664	mtx_unlock(&lun->lun_lock);
4665	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4666		/* Send msg to other side. */
4667		bzero(&msg.ua, sizeof(msg.ua));
4668		msg.hdr.msg_type = CTL_MSG_UA;
4669		msg.hdr.nexus.initid = -1;
4670		msg.hdr.nexus.targ_port = -1;
4671		msg.hdr.nexus.targ_lun = lun->lun;
4672		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4673		msg.ua.ua_all = 1;
4674		msg.ua.ua_set = 1;
4675		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4676		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4677		    M_WAITOK);
4678	}
4679}
4680
4681/*
4682 * Backend "memory move is complete" callback for requests that never
4683 * make it down to say RAIDCore's configuration code.
4684 */
4685int
4686ctl_config_move_done(union ctl_io *io)
4687{
4688	int retval;
4689
4690	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4691	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4692	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4693
4694	if ((io->io_hdr.port_status != 0) &&
4695	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4696	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4697		/*
4698		 * For hardware error sense keys, the sense key
4699		 * specific value is defined to be a retry count,
4700		 * but we use it to pass back an internal FETD
4701		 * error code.  XXX KDM  Hopefully the FETD is only
4702		 * using 16 bits for an error code, since that's
4703		 * all the space we have in the sks field.
4704		 */
4705		ctl_set_internal_failure(&io->scsiio,
4706					 /*sks_valid*/ 1,
4707					 /*retry_count*/
4708					 io->io_hdr.port_status);
4709	}
4710
4711	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4712		ctl_data_print(io);
4713	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4714	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4715	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4716	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4717		/*
4718		 * XXX KDM just assuming a single pointer here, and not a
4719		 * S/G list.  If we start using S/G lists for config data,
4720		 * we'll need to know how to clean them up here as well.
4721		 */
4722		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4723			free(io->scsiio.kern_data_ptr, M_CTL);
4724		ctl_done(io);
4725		retval = CTL_RETVAL_COMPLETE;
4726	} else {
4727		/*
4728		 * XXX KDM now we need to continue data movement.  Some
4729		 * options:
4730		 * - call ctl_scsiio() again?  We don't do this for data
4731		 *   writes, because for those at least we know ahead of
4732		 *   time where the write will go and how long it is.  For
4733		 *   config writes, though, that information is largely
4734		 *   contained within the write itself, thus we need to
4735		 *   parse out the data again.
4736		 *
4737		 * - Call some other function once the data is in?
4738		 */
4739
4740		/*
4741		 * XXX KDM call ctl_scsiio() again for now, and check flag
4742		 * bits to see whether we're allocated or not.
4743		 */
4744		retval = ctl_scsiio(&io->scsiio);
4745	}
4746	return (retval);
4747}
4748
4749/*
4750 * This gets called by a backend driver when it is done with a
4751 * data_submit method.
4752 */
4753void
4754ctl_data_submit_done(union ctl_io *io)
4755{
4756	/*
4757	 * If the IO_CONT flag is set, we need to call the supplied
4758	 * function to continue processing the I/O, instead of completing
4759	 * the I/O just yet.
4760	 *
4761	 * If there is an error, though, we don't want to keep processing.
4762	 * Instead, just send status back to the initiator.
4763	 */
4764	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4765	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4766	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4767	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4768		io->scsiio.io_cont(io);
4769		return;
4770	}
4771	ctl_done(io);
4772}
4773
4774/*
4775 * This gets called by a backend driver when it is done with a
4776 * configuration write.
4777 */
4778void
4779ctl_config_write_done(union ctl_io *io)
4780{
4781	uint8_t *buf;
4782
4783	/*
4784	 * If the IO_CONT flag is set, we need to call the supplied
4785	 * function to continue processing the I/O, instead of completing
4786	 * the I/O just yet.
4787	 *
4788	 * If there is an error, though, we don't want to keep processing.
4789	 * Instead, just send status back to the initiator.
4790	 */
4791	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4792	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4793	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4794	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4795		io->scsiio.io_cont(io);
4796		return;
4797	}
4798	/*
4799	 * Since a configuration write can be done for commands that actually
4800	 * have data allocated, like write buffer, and commands that have
4801	 * no data, like start/stop unit, we need to check here.
4802	 */
4803	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4804		buf = io->scsiio.kern_data_ptr;
4805	else
4806		buf = NULL;
4807	ctl_done(io);
4808	if (buf)
4809		free(buf, M_CTL);
4810}
4811
4812void
4813ctl_config_read_done(union ctl_io *io)
4814{
4815	uint8_t *buf;
4816
4817	/*
4818	 * If there is some error -- we are done, skip data transfer.
4819	 */
4820	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4821	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4822	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4823		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4824			buf = io->scsiio.kern_data_ptr;
4825		else
4826			buf = NULL;
4827		ctl_done(io);
4828		if (buf)
4829			free(buf, M_CTL);
4830		return;
4831	}
4832
4833	/*
4834	 * If the IO_CONT flag is set, we need to call the supplied
4835	 * function to continue processing the I/O, instead of completing
4836	 * the I/O just yet.
4837	 */
4838	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4839		io->scsiio.io_cont(io);
4840		return;
4841	}
4842
4843	ctl_datamove(io);
4844}
4845
4846/*
4847 * SCSI release command.
4848 */
4849int
4850ctl_scsi_release(struct ctl_scsiio *ctsio)
4851{
4852	int length, longid, thirdparty_id, resv_id;
4853	struct ctl_lun *lun;
4854	uint32_t residx;
4855
4856	length = 0;
4857	resv_id = 0;
4858
4859	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4860
4861	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4862	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4863
4864	switch (ctsio->cdb[0]) {
4865	case RELEASE_10: {
4866		struct scsi_release_10 *cdb;
4867
4868		cdb = (struct scsi_release_10 *)ctsio->cdb;
4869
4870		if (cdb->byte2 & SR10_LONGID)
4871			longid = 1;
4872		else
4873			thirdparty_id = cdb->thirdparty_id;
4874
4875		resv_id = cdb->resv_id;
4876		length = scsi_2btoul(cdb->length);
4877		break;
4878	}
4879	}
4880
4881
4882	/*
4883	 * XXX KDM right now, we only support LUN reservation.  We don't
4884	 * support 3rd party reservations, or extent reservations, which
4885	 * might actually need the parameter list.  If we've gotten this
4886	 * far, we've got a LUN reservation.  Anything else got kicked out
4887	 * above.  So, according to SPC, ignore the length.
4888	 */
4889	length = 0;
4890
4891	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4892	 && (length > 0)) {
4893		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4894		ctsio->kern_data_len = length;
4895		ctsio->kern_total_len = length;
4896		ctsio->kern_data_resid = 0;
4897		ctsio->kern_rel_offset = 0;
4898		ctsio->kern_sg_entries = 0;
4899		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4900		ctsio->be_move_done = ctl_config_move_done;
4901		ctl_datamove((union ctl_io *)ctsio);
4902
4903		return (CTL_RETVAL_COMPLETE);
4904	}
4905
4906	if (length > 0)
4907		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4908
4909	mtx_lock(&lun->lun_lock);
4910
4911	/*
4912	 * According to SPC, it is not an error for an intiator to attempt
4913	 * to release a reservation on a LUN that isn't reserved, or that
4914	 * is reserved by another initiator.  The reservation can only be
4915	 * released, though, by the initiator who made it or by one of
4916	 * several reset type events.
4917	 */
4918	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
4919			lun->flags &= ~CTL_LUN_RESERVED;
4920
4921	mtx_unlock(&lun->lun_lock);
4922
4923	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4924		free(ctsio->kern_data_ptr, M_CTL);
4925		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4926	}
4927
4928	ctl_set_success(ctsio);
4929	ctl_done((union ctl_io *)ctsio);
4930	return (CTL_RETVAL_COMPLETE);
4931}
4932
4933int
4934ctl_scsi_reserve(struct ctl_scsiio *ctsio)
4935{
4936	int extent, thirdparty, longid;
4937	int resv_id, length;
4938	uint64_t thirdparty_id;
4939	struct ctl_lun *lun;
4940	uint32_t residx;
4941
4942	extent = 0;
4943	thirdparty = 0;
4944	longid = 0;
4945	resv_id = 0;
4946	length = 0;
4947	thirdparty_id = 0;
4948
4949	CTL_DEBUG_PRINT(("ctl_reserve\n"));
4950
4951	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4952	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4953
4954	switch (ctsio->cdb[0]) {
4955	case RESERVE_10: {
4956		struct scsi_reserve_10 *cdb;
4957
4958		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
4959
4960		if (cdb->byte2 & SR10_LONGID)
4961			longid = 1;
4962		else
4963			thirdparty_id = cdb->thirdparty_id;
4964
4965		resv_id = cdb->resv_id;
4966		length = scsi_2btoul(cdb->length);
4967		break;
4968	}
4969	}
4970
4971	/*
4972	 * XXX KDM right now, we only support LUN reservation.  We don't
4973	 * support 3rd party reservations, or extent reservations, which
4974	 * might actually need the parameter list.  If we've gotten this
4975	 * far, we've got a LUN reservation.  Anything else got kicked out
4976	 * above.  So, according to SPC, ignore the length.
4977	 */
4978	length = 0;
4979
4980	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4981	 && (length > 0)) {
4982		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4983		ctsio->kern_data_len = length;
4984		ctsio->kern_total_len = length;
4985		ctsio->kern_data_resid = 0;
4986		ctsio->kern_rel_offset = 0;
4987		ctsio->kern_sg_entries = 0;
4988		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4989		ctsio->be_move_done = ctl_config_move_done;
4990		ctl_datamove((union ctl_io *)ctsio);
4991
4992		return (CTL_RETVAL_COMPLETE);
4993	}
4994
4995	if (length > 0)
4996		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4997
4998	mtx_lock(&lun->lun_lock);
4999	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5000		ctl_set_reservation_conflict(ctsio);
5001		goto bailout;
5002	}
5003
5004	lun->flags |= CTL_LUN_RESERVED;
5005	lun->res_idx = residx;
5006
5007	ctl_set_success(ctsio);
5008
5009bailout:
5010	mtx_unlock(&lun->lun_lock);
5011
5012	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5013		free(ctsio->kern_data_ptr, M_CTL);
5014		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5015	}
5016
5017	ctl_done((union ctl_io *)ctsio);
5018	return (CTL_RETVAL_COMPLETE);
5019}
5020
5021int
5022ctl_start_stop(struct ctl_scsiio *ctsio)
5023{
5024	struct scsi_start_stop_unit *cdb;
5025	struct ctl_lun *lun;
5026	int retval;
5027
5028	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5029
5030	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5031	retval = 0;
5032
5033	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5034
5035	/*
5036	 * XXX KDM
5037	 * We don't support the immediate bit on a stop unit.  In order to
5038	 * do that, we would need to code up a way to know that a stop is
5039	 * pending, and hold off any new commands until it completes, one
5040	 * way or another.  Then we could accept or reject those commands
5041	 * depending on its status.  We would almost need to do the reverse
5042	 * of what we do below for an immediate start -- return the copy of
5043	 * the ctl_io to the FETD with status to send to the host (and to
5044	 * free the copy!) and then free the original I/O once the stop
5045	 * actually completes.  That way, the OOA queue mechanism can work
5046	 * to block commands that shouldn't proceed.  Another alternative
5047	 * would be to put the copy in the queue in place of the original,
5048	 * and return the original back to the caller.  That could be
5049	 * slightly safer..
5050	 */
5051	if ((cdb->byte2 & SSS_IMMED)
5052	 && ((cdb->how & SSS_START) == 0)) {
5053		ctl_set_invalid_field(ctsio,
5054				      /*sks_valid*/ 1,
5055				      /*command*/ 1,
5056				      /*field*/ 1,
5057				      /*bit_valid*/ 1,
5058				      /*bit*/ 0);
5059		ctl_done((union ctl_io *)ctsio);
5060		return (CTL_RETVAL_COMPLETE);
5061	}
5062
5063	if ((lun->flags & CTL_LUN_PR_RESERVED)
5064	 && ((cdb->how & SSS_START)==0)) {
5065		uint32_t residx;
5066
5067		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5068		if (ctl_get_prkey(lun, residx) == 0
5069		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5070
5071			ctl_set_reservation_conflict(ctsio);
5072			ctl_done((union ctl_io *)ctsio);
5073			return (CTL_RETVAL_COMPLETE);
5074		}
5075	}
5076
5077	/*
5078	 * If there is no backend on this device, we can't start or stop
5079	 * it.  In theory we shouldn't get any start/stop commands in the
5080	 * first place at this level if the LUN doesn't have a backend.
5081	 * That should get stopped by the command decode code.
5082	 */
5083	if (lun->backend == NULL) {
5084		ctl_set_invalid_opcode(ctsio);
5085		ctl_done((union ctl_io *)ctsio);
5086		return (CTL_RETVAL_COMPLETE);
5087	}
5088
5089	/*
5090	 * XXX KDM Copan-specific offline behavior.
5091	 * Figure out a reasonable way to port this?
5092	 */
5093#ifdef NEEDTOPORT
5094	mtx_lock(&lun->lun_lock);
5095
5096	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5097	 && (lun->flags & CTL_LUN_OFFLINE)) {
5098		/*
5099		 * If the LUN is offline, and the on/offline bit isn't set,
5100		 * reject the start or stop.  Otherwise, let it through.
5101		 */
5102		mtx_unlock(&lun->lun_lock);
5103		ctl_set_lun_not_ready(ctsio);
5104		ctl_done((union ctl_io *)ctsio);
5105	} else {
5106		mtx_unlock(&lun->lun_lock);
5107#endif /* NEEDTOPORT */
5108		/*
5109		 * This could be a start or a stop when we're online,
5110		 * or a stop/offline or start/online.  A start or stop when
5111		 * we're offline is covered in the case above.
5112		 */
5113		/*
5114		 * In the non-immediate case, we send the request to
5115		 * the backend and return status to the user when
5116		 * it is done.
5117		 *
5118		 * In the immediate case, we allocate a new ctl_io
5119		 * to hold a copy of the request, and send that to
5120		 * the backend.  We then set good status on the
5121		 * user's request and return it immediately.
5122		 */
5123		if (cdb->byte2 & SSS_IMMED) {
5124			union ctl_io *new_io;
5125
5126			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5127			ctl_copy_io((union ctl_io *)ctsio, new_io);
5128			retval = lun->backend->config_write(new_io);
5129			ctl_set_success(ctsio);
5130			ctl_done((union ctl_io *)ctsio);
5131		} else {
5132			retval = lun->backend->config_write(
5133				(union ctl_io *)ctsio);
5134		}
5135#ifdef NEEDTOPORT
5136	}
5137#endif
5138	return (retval);
5139}
5140
5141/*
5142 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5143 * we don't really do anything with the LBA and length fields if the user
5144 * passes them in.  Instead we'll just flush out the cache for the entire
5145 * LUN.
5146 */
5147int
5148ctl_sync_cache(struct ctl_scsiio *ctsio)
5149{
5150	struct ctl_lun *lun;
5151	struct ctl_softc *softc;
5152	struct ctl_lba_len_flags *lbalen;
5153	uint64_t starting_lba;
5154	uint32_t block_count;
5155	int retval;
5156	uint8_t byte2;
5157
5158	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5159
5160	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5161	softc = lun->ctl_softc;
5162	retval = 0;
5163
5164	switch (ctsio->cdb[0]) {
5165	case SYNCHRONIZE_CACHE: {
5166		struct scsi_sync_cache *cdb;
5167		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5168
5169		starting_lba = scsi_4btoul(cdb->begin_lba);
5170		block_count = scsi_2btoul(cdb->lb_count);
5171		byte2 = cdb->byte2;
5172		break;
5173	}
5174	case SYNCHRONIZE_CACHE_16: {
5175		struct scsi_sync_cache_16 *cdb;
5176		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5177
5178		starting_lba = scsi_8btou64(cdb->begin_lba);
5179		block_count = scsi_4btoul(cdb->lb_count);
5180		byte2 = cdb->byte2;
5181		break;
5182	}
5183	default:
5184		ctl_set_invalid_opcode(ctsio);
5185		ctl_done((union ctl_io *)ctsio);
5186		goto bailout;
5187		break; /* NOTREACHED */
5188	}
5189
5190	/*
5191	 * We check the LBA and length, but don't do anything with them.
5192	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5193	 * get flushed.  This check will just help satisfy anyone who wants
5194	 * to see an error for an out of range LBA.
5195	 */
5196	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5197		ctl_set_lba_out_of_range(ctsio);
5198		ctl_done((union ctl_io *)ctsio);
5199		goto bailout;
5200	}
5201
5202	/*
5203	 * If this LUN has no backend, we can't flush the cache anyway.
5204	 */
5205	if (lun->backend == NULL) {
5206		ctl_set_invalid_opcode(ctsio);
5207		ctl_done((union ctl_io *)ctsio);
5208		goto bailout;
5209	}
5210
5211	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5212	lbalen->lba = starting_lba;
5213	lbalen->len = block_count;
5214	lbalen->flags = byte2;
5215
5216	/*
5217	 * Check to see whether we're configured to send the SYNCHRONIZE
5218	 * CACHE command directly to the back end.
5219	 */
5220	mtx_lock(&lun->lun_lock);
5221	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5222	 && (++(lun->sync_count) >= lun->sync_interval)) {
5223		lun->sync_count = 0;
5224		mtx_unlock(&lun->lun_lock);
5225		retval = lun->backend->config_write((union ctl_io *)ctsio);
5226	} else {
5227		mtx_unlock(&lun->lun_lock);
5228		ctl_set_success(ctsio);
5229		ctl_done((union ctl_io *)ctsio);
5230	}
5231
5232bailout:
5233
5234	return (retval);
5235}
5236
5237int
5238ctl_format(struct ctl_scsiio *ctsio)
5239{
5240	struct scsi_format *cdb;
5241	struct ctl_lun *lun;
5242	int length, defect_list_len;
5243
5244	CTL_DEBUG_PRINT(("ctl_format\n"));
5245
5246	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5247
5248	cdb = (struct scsi_format *)ctsio->cdb;
5249
5250	length = 0;
5251	if (cdb->byte2 & SF_FMTDATA) {
5252		if (cdb->byte2 & SF_LONGLIST)
5253			length = sizeof(struct scsi_format_header_long);
5254		else
5255			length = sizeof(struct scsi_format_header_short);
5256	}
5257
5258	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5259	 && (length > 0)) {
5260		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5261		ctsio->kern_data_len = length;
5262		ctsio->kern_total_len = length;
5263		ctsio->kern_data_resid = 0;
5264		ctsio->kern_rel_offset = 0;
5265		ctsio->kern_sg_entries = 0;
5266		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5267		ctsio->be_move_done = ctl_config_move_done;
5268		ctl_datamove((union ctl_io *)ctsio);
5269
5270		return (CTL_RETVAL_COMPLETE);
5271	}
5272
5273	defect_list_len = 0;
5274
5275	if (cdb->byte2 & SF_FMTDATA) {
5276		if (cdb->byte2 & SF_LONGLIST) {
5277			struct scsi_format_header_long *header;
5278
5279			header = (struct scsi_format_header_long *)
5280				ctsio->kern_data_ptr;
5281
5282			defect_list_len = scsi_4btoul(header->defect_list_len);
5283			if (defect_list_len != 0) {
5284				ctl_set_invalid_field(ctsio,
5285						      /*sks_valid*/ 1,
5286						      /*command*/ 0,
5287						      /*field*/ 2,
5288						      /*bit_valid*/ 0,
5289						      /*bit*/ 0);
5290				goto bailout;
5291			}
5292		} else {
5293			struct scsi_format_header_short *header;
5294
5295			header = (struct scsi_format_header_short *)
5296				ctsio->kern_data_ptr;
5297
5298			defect_list_len = scsi_2btoul(header->defect_list_len);
5299			if (defect_list_len != 0) {
5300				ctl_set_invalid_field(ctsio,
5301						      /*sks_valid*/ 1,
5302						      /*command*/ 0,
5303						      /*field*/ 2,
5304						      /*bit_valid*/ 0,
5305						      /*bit*/ 0);
5306				goto bailout;
5307			}
5308		}
5309	}
5310
5311	/*
5312	 * The format command will clear out the "Medium format corrupted"
5313	 * status if set by the configuration code.  That status is really
5314	 * just a way to notify the host that we have lost the media, and
5315	 * get them to issue a command that will basically make them think
5316	 * they're blowing away the media.
5317	 */
5318	mtx_lock(&lun->lun_lock);
5319	lun->flags &= ~CTL_LUN_INOPERABLE;
5320	mtx_unlock(&lun->lun_lock);
5321
5322	ctl_set_success(ctsio);
5323bailout:
5324
5325	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5326		free(ctsio->kern_data_ptr, M_CTL);
5327		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5328	}
5329
5330	ctl_done((union ctl_io *)ctsio);
5331	return (CTL_RETVAL_COMPLETE);
5332}
5333
5334int
5335ctl_read_buffer(struct ctl_scsiio *ctsio)
5336{
5337	struct scsi_read_buffer *cdb;
5338	struct ctl_lun *lun;
5339	int buffer_offset, len;
5340	static uint8_t descr[4];
5341	static uint8_t echo_descr[4] = { 0 };
5342
5343	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5344
5345	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5346	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5347
5348	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5349	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5350	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5351		ctl_set_invalid_field(ctsio,
5352				      /*sks_valid*/ 1,
5353				      /*command*/ 1,
5354				      /*field*/ 1,
5355				      /*bit_valid*/ 1,
5356				      /*bit*/ 4);
5357		ctl_done((union ctl_io *)ctsio);
5358		return (CTL_RETVAL_COMPLETE);
5359	}
5360
5361	len = scsi_3btoul(cdb->length);
5362	buffer_offset = scsi_3btoul(cdb->offset);
5363
5364	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5365		ctl_set_invalid_field(ctsio,
5366				      /*sks_valid*/ 1,
5367				      /*command*/ 1,
5368				      /*field*/ 6,
5369				      /*bit_valid*/ 0,
5370				      /*bit*/ 0);
5371		ctl_done((union ctl_io *)ctsio);
5372		return (CTL_RETVAL_COMPLETE);
5373	}
5374
5375	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5376		descr[0] = 0;
5377		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5378		ctsio->kern_data_ptr = descr;
5379		len = min(len, sizeof(descr));
5380	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5381		ctsio->kern_data_ptr = echo_descr;
5382		len = min(len, sizeof(echo_descr));
5383	} else {
5384		if (lun->write_buffer == NULL) {
5385			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5386			    M_CTL, M_WAITOK);
5387		}
5388		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5389	}
5390	ctsio->kern_data_len = len;
5391	ctsio->kern_total_len = len;
5392	ctsio->kern_data_resid = 0;
5393	ctsio->kern_rel_offset = 0;
5394	ctsio->kern_sg_entries = 0;
5395	ctl_set_success(ctsio);
5396	ctsio->be_move_done = ctl_config_move_done;
5397	ctl_datamove((union ctl_io *)ctsio);
5398	return (CTL_RETVAL_COMPLETE);
5399}
5400
5401int
5402ctl_write_buffer(struct ctl_scsiio *ctsio)
5403{
5404	struct scsi_write_buffer *cdb;
5405	struct ctl_lun *lun;
5406	int buffer_offset, len;
5407
5408	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5409
5410	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5411	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5412
5413	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5414		ctl_set_invalid_field(ctsio,
5415				      /*sks_valid*/ 1,
5416				      /*command*/ 1,
5417				      /*field*/ 1,
5418				      /*bit_valid*/ 1,
5419				      /*bit*/ 4);
5420		ctl_done((union ctl_io *)ctsio);
5421		return (CTL_RETVAL_COMPLETE);
5422	}
5423
5424	len = scsi_3btoul(cdb->length);
5425	buffer_offset = scsi_3btoul(cdb->offset);
5426
5427	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5428		ctl_set_invalid_field(ctsio,
5429				      /*sks_valid*/ 1,
5430				      /*command*/ 1,
5431				      /*field*/ 6,
5432				      /*bit_valid*/ 0,
5433				      /*bit*/ 0);
5434		ctl_done((union ctl_io *)ctsio);
5435		return (CTL_RETVAL_COMPLETE);
5436	}
5437
5438	/*
5439	 * If we've got a kernel request that hasn't been malloced yet,
5440	 * malloc it and tell the caller the data buffer is here.
5441	 */
5442	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5443		if (lun->write_buffer == NULL) {
5444			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5445			    M_CTL, M_WAITOK);
5446		}
5447		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5448		ctsio->kern_data_len = len;
5449		ctsio->kern_total_len = len;
5450		ctsio->kern_data_resid = 0;
5451		ctsio->kern_rel_offset = 0;
5452		ctsio->kern_sg_entries = 0;
5453		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5454		ctsio->be_move_done = ctl_config_move_done;
5455		ctl_datamove((union ctl_io *)ctsio);
5456
5457		return (CTL_RETVAL_COMPLETE);
5458	}
5459
5460	ctl_set_success(ctsio);
5461	ctl_done((union ctl_io *)ctsio);
5462	return (CTL_RETVAL_COMPLETE);
5463}
5464
5465int
5466ctl_write_same(struct ctl_scsiio *ctsio)
5467{
5468	struct ctl_lun *lun;
5469	struct ctl_lba_len_flags *lbalen;
5470	uint64_t lba;
5471	uint32_t num_blocks;
5472	int len, retval;
5473	uint8_t byte2;
5474
5475	retval = CTL_RETVAL_COMPLETE;
5476
5477	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5478
5479	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5480
5481	switch (ctsio->cdb[0]) {
5482	case WRITE_SAME_10: {
5483		struct scsi_write_same_10 *cdb;
5484
5485		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5486
5487		lba = scsi_4btoul(cdb->addr);
5488		num_blocks = scsi_2btoul(cdb->length);
5489		byte2 = cdb->byte2;
5490		break;
5491	}
5492	case WRITE_SAME_16: {
5493		struct scsi_write_same_16 *cdb;
5494
5495		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5496
5497		lba = scsi_8btou64(cdb->addr);
5498		num_blocks = scsi_4btoul(cdb->length);
5499		byte2 = cdb->byte2;
5500		break;
5501	}
5502	default:
5503		/*
5504		 * We got a command we don't support.  This shouldn't
5505		 * happen, commands should be filtered out above us.
5506		 */
5507		ctl_set_invalid_opcode(ctsio);
5508		ctl_done((union ctl_io *)ctsio);
5509
5510		return (CTL_RETVAL_COMPLETE);
5511		break; /* NOTREACHED */
5512	}
5513
5514	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5515	if ((byte2 & SWS_UNMAP) == 0 &&
5516	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5517		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5518		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5519		ctl_done((union ctl_io *)ctsio);
5520		return (CTL_RETVAL_COMPLETE);
5521	}
5522
5523	/*
5524	 * The first check is to make sure we're in bounds, the second
5525	 * check is to catch wrap-around problems.  If the lba + num blocks
5526	 * is less than the lba, then we've wrapped around and the block
5527	 * range is invalid anyway.
5528	 */
5529	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5530	 || ((lba + num_blocks) < lba)) {
5531		ctl_set_lba_out_of_range(ctsio);
5532		ctl_done((union ctl_io *)ctsio);
5533		return (CTL_RETVAL_COMPLETE);
5534	}
5535
5536	/* Zero number of blocks means "to the last logical block" */
5537	if (num_blocks == 0) {
5538		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5539			ctl_set_invalid_field(ctsio,
5540					      /*sks_valid*/ 0,
5541					      /*command*/ 1,
5542					      /*field*/ 0,
5543					      /*bit_valid*/ 0,
5544					      /*bit*/ 0);
5545			ctl_done((union ctl_io *)ctsio);
5546			return (CTL_RETVAL_COMPLETE);
5547		}
5548		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5549	}
5550
5551	len = lun->be_lun->blocksize;
5552
5553	/*
5554	 * If we've got a kernel request that hasn't been malloced yet,
5555	 * malloc it and tell the caller the data buffer is here.
5556	 */
5557	if ((byte2 & SWS_NDOB) == 0 &&
5558	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5559		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5560		ctsio->kern_data_len = len;
5561		ctsio->kern_total_len = len;
5562		ctsio->kern_data_resid = 0;
5563		ctsio->kern_rel_offset = 0;
5564		ctsio->kern_sg_entries = 0;
5565		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5566		ctsio->be_move_done = ctl_config_move_done;
5567		ctl_datamove((union ctl_io *)ctsio);
5568
5569		return (CTL_RETVAL_COMPLETE);
5570	}
5571
5572	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5573	lbalen->lba = lba;
5574	lbalen->len = num_blocks;
5575	lbalen->flags = byte2;
5576	retval = lun->backend->config_write((union ctl_io *)ctsio);
5577
5578	return (retval);
5579}
5580
5581int
5582ctl_unmap(struct ctl_scsiio *ctsio)
5583{
5584	struct ctl_lun *lun;
5585	struct scsi_unmap *cdb;
5586	struct ctl_ptr_len_flags *ptrlen;
5587	struct scsi_unmap_header *hdr;
5588	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5589	uint64_t lba;
5590	uint32_t num_blocks;
5591	int len, retval;
5592	uint8_t byte2;
5593
5594	retval = CTL_RETVAL_COMPLETE;
5595
5596	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5597
5598	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5599	cdb = (struct scsi_unmap *)ctsio->cdb;
5600
5601	len = scsi_2btoul(cdb->length);
5602	byte2 = cdb->byte2;
5603
5604	/*
5605	 * If we've got a kernel request that hasn't been malloced yet,
5606	 * malloc it and tell the caller the data buffer is here.
5607	 */
5608	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5609		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5610		ctsio->kern_data_len = len;
5611		ctsio->kern_total_len = len;
5612		ctsio->kern_data_resid = 0;
5613		ctsio->kern_rel_offset = 0;
5614		ctsio->kern_sg_entries = 0;
5615		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5616		ctsio->be_move_done = ctl_config_move_done;
5617		ctl_datamove((union ctl_io *)ctsio);
5618
5619		return (CTL_RETVAL_COMPLETE);
5620	}
5621
5622	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5623	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5624	if (len < sizeof (*hdr) ||
5625	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5626	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5627	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5628		ctl_set_invalid_field(ctsio,
5629				      /*sks_valid*/ 0,
5630				      /*command*/ 0,
5631				      /*field*/ 0,
5632				      /*bit_valid*/ 0,
5633				      /*bit*/ 0);
5634		goto done;
5635	}
5636	len = scsi_2btoul(hdr->desc_length);
5637	buf = (struct scsi_unmap_desc *)(hdr + 1);
5638	end = buf + len / sizeof(*buf);
5639
5640	endnz = buf;
5641	for (range = buf; range < end; range++) {
5642		lba = scsi_8btou64(range->lba);
5643		num_blocks = scsi_4btoul(range->length);
5644		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5645		 || ((lba + num_blocks) < lba)) {
5646			ctl_set_lba_out_of_range(ctsio);
5647			ctl_done((union ctl_io *)ctsio);
5648			return (CTL_RETVAL_COMPLETE);
5649		}
5650		if (num_blocks != 0)
5651			endnz = range + 1;
5652	}
5653
5654	/*
5655	 * Block backend can not handle zero last range.
5656	 * Filter it out and return if there is nothing left.
5657	 */
5658	len = (uint8_t *)endnz - (uint8_t *)buf;
5659	if (len == 0) {
5660		ctl_set_success(ctsio);
5661		goto done;
5662	}
5663
5664	mtx_lock(&lun->lun_lock);
5665	ptrlen = (struct ctl_ptr_len_flags *)
5666	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5667	ptrlen->ptr = (void *)buf;
5668	ptrlen->len = len;
5669	ptrlen->flags = byte2;
5670	ctl_check_blocked(lun);
5671	mtx_unlock(&lun->lun_lock);
5672
5673	retval = lun->backend->config_write((union ctl_io *)ctsio);
5674	return (retval);
5675
5676done:
5677	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5678		free(ctsio->kern_data_ptr, M_CTL);
5679		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5680	}
5681	ctl_done((union ctl_io *)ctsio);
5682	return (CTL_RETVAL_COMPLETE);
5683}
5684
5685/*
5686 * Note that this function currently doesn't actually do anything inside
5687 * CTL to enforce things if the DQue bit is turned on.
5688 *
5689 * Also note that this function can't be used in the default case, because
5690 * the DQue bit isn't set in the changeable mask for the control mode page
5691 * anyway.  This is just here as an example for how to implement a page
5692 * handler, and a placeholder in case we want to allow the user to turn
5693 * tagged queueing on and off.
5694 *
5695 * The D_SENSE bit handling is functional, however, and will turn
5696 * descriptor sense on and off for a given LUN.
5697 */
5698int
5699ctl_control_page_handler(struct ctl_scsiio *ctsio,
5700			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5701{
5702	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5703	struct ctl_lun *lun;
5704	int set_ua;
5705	uint32_t initidx;
5706
5707	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5708	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5709	set_ua = 0;
5710
5711	user_cp = (struct scsi_control_page *)page_ptr;
5712	current_cp = (struct scsi_control_page *)
5713		(page_index->page_data + (page_index->page_len *
5714		CTL_PAGE_CURRENT));
5715	saved_cp = (struct scsi_control_page *)
5716		(page_index->page_data + (page_index->page_len *
5717		CTL_PAGE_SAVED));
5718
5719	mtx_lock(&lun->lun_lock);
5720	if (((current_cp->rlec & SCP_DSENSE) == 0)
5721	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5722		/*
5723		 * Descriptor sense is currently turned off and the user
5724		 * wants to turn it on.
5725		 */
5726		current_cp->rlec |= SCP_DSENSE;
5727		saved_cp->rlec |= SCP_DSENSE;
5728		lun->flags |= CTL_LUN_SENSE_DESC;
5729		set_ua = 1;
5730	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5731		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5732		/*
5733		 * Descriptor sense is currently turned on, and the user
5734		 * wants to turn it off.
5735		 */
5736		current_cp->rlec &= ~SCP_DSENSE;
5737		saved_cp->rlec &= ~SCP_DSENSE;
5738		lun->flags &= ~CTL_LUN_SENSE_DESC;
5739		set_ua = 1;
5740	}
5741	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5742	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5743		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5744		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5745		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5746		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5747		set_ua = 1;
5748	}
5749	if ((current_cp->eca_and_aen & SCP_SWP) !=
5750	    (user_cp->eca_and_aen & SCP_SWP)) {
5751		current_cp->eca_and_aen &= ~SCP_SWP;
5752		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5753		saved_cp->eca_and_aen &= ~SCP_SWP;
5754		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5755		set_ua = 1;
5756	}
5757	if (set_ua != 0)
5758		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5759	mtx_unlock(&lun->lun_lock);
5760
5761	return (0);
5762}
5763
5764int
5765ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5766		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5767{
5768	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5769	struct ctl_lun *lun;
5770	int set_ua;
5771	uint32_t initidx;
5772
5773	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5774	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5775	set_ua = 0;
5776
5777	user_cp = (struct scsi_caching_page *)page_ptr;
5778	current_cp = (struct scsi_caching_page *)
5779		(page_index->page_data + (page_index->page_len *
5780		CTL_PAGE_CURRENT));
5781	saved_cp = (struct scsi_caching_page *)
5782		(page_index->page_data + (page_index->page_len *
5783		CTL_PAGE_SAVED));
5784
5785	mtx_lock(&lun->lun_lock);
5786	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5787	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5788		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5789		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5790		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5791		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5792		set_ua = 1;
5793	}
5794	if (set_ua != 0)
5795		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5796	mtx_unlock(&lun->lun_lock);
5797
5798	return (0);
5799}
5800
5801int
5802ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5803				struct ctl_page_index *page_index,
5804				uint8_t *page_ptr)
5805{
5806	uint8_t *c;
5807	int i;
5808
5809	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5810	ctl_time_io_secs =
5811		(c[0] << 8) |
5812		(c[1] << 0) |
5813		0;
5814	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5815	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5816	printf("page data:");
5817	for (i=0; i<8; i++)
5818		printf(" %.2x",page_ptr[i]);
5819	printf("\n");
5820	return (0);
5821}
5822
5823int
5824ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5825			       struct ctl_page_index *page_index,
5826			       int pc)
5827{
5828	struct copan_debugconf_subpage *page;
5829
5830	page = (struct copan_debugconf_subpage *)page_index->page_data +
5831		(page_index->page_len * pc);
5832
5833	switch (pc) {
5834	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5835	case SMS_PAGE_CTRL_DEFAULT >> 6:
5836	case SMS_PAGE_CTRL_SAVED >> 6:
5837		/*
5838		 * We don't update the changable or default bits for this page.
5839		 */
5840		break;
5841	case SMS_PAGE_CTRL_CURRENT >> 6:
5842		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5843		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5844		break;
5845	default:
5846#ifdef NEEDTOPORT
5847		EPRINT(0, "Invalid PC %d!!", pc);
5848#endif /* NEEDTOPORT */
5849		break;
5850	}
5851	return (0);
5852}
5853
5854
5855static int
5856ctl_do_mode_select(union ctl_io *io)
5857{
5858	struct scsi_mode_page_header *page_header;
5859	struct ctl_page_index *page_index;
5860	struct ctl_scsiio *ctsio;
5861	int control_dev, page_len;
5862	int page_len_offset, page_len_size;
5863	union ctl_modepage_info *modepage_info;
5864	struct ctl_lun *lun;
5865	int *len_left, *len_used;
5866	int retval, i;
5867
5868	ctsio = &io->scsiio;
5869	page_index = NULL;
5870	page_len = 0;
5871	retval = CTL_RETVAL_COMPLETE;
5872
5873	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5874
5875	if (lun->be_lun->lun_type != T_DIRECT)
5876		control_dev = 1;
5877	else
5878		control_dev = 0;
5879
5880	modepage_info = (union ctl_modepage_info *)
5881		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5882	len_left = &modepage_info->header.len_left;
5883	len_used = &modepage_info->header.len_used;
5884
5885do_next_page:
5886
5887	page_header = (struct scsi_mode_page_header *)
5888		(ctsio->kern_data_ptr + *len_used);
5889
5890	if (*len_left == 0) {
5891		free(ctsio->kern_data_ptr, M_CTL);
5892		ctl_set_success(ctsio);
5893		ctl_done((union ctl_io *)ctsio);
5894		return (CTL_RETVAL_COMPLETE);
5895	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5896
5897		free(ctsio->kern_data_ptr, M_CTL);
5898		ctl_set_param_len_error(ctsio);
5899		ctl_done((union ctl_io *)ctsio);
5900		return (CTL_RETVAL_COMPLETE);
5901
5902	} else if ((page_header->page_code & SMPH_SPF)
5903		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5904
5905		free(ctsio->kern_data_ptr, M_CTL);
5906		ctl_set_param_len_error(ctsio);
5907		ctl_done((union ctl_io *)ctsio);
5908		return (CTL_RETVAL_COMPLETE);
5909	}
5910
5911
5912	/*
5913	 * XXX KDM should we do something with the block descriptor?
5914	 */
5915	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5916
5917		if ((control_dev != 0)
5918		 && (lun->mode_pages.index[i].page_flags &
5919		     CTL_PAGE_FLAG_DISK_ONLY))
5920			continue;
5921
5922		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5923		    (page_header->page_code & SMPH_PC_MASK))
5924			continue;
5925
5926		/*
5927		 * If neither page has a subpage code, then we've got a
5928		 * match.
5929		 */
5930		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5931		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5932			page_index = &lun->mode_pages.index[i];
5933			page_len = page_header->page_length;
5934			break;
5935		}
5936
5937		/*
5938		 * If both pages have subpages, then the subpage numbers
5939		 * have to match.
5940		 */
5941		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5942		  && (page_header->page_code & SMPH_SPF)) {
5943			struct scsi_mode_page_header_sp *sph;
5944
5945			sph = (struct scsi_mode_page_header_sp *)page_header;
5946
5947			if (lun->mode_pages.index[i].subpage ==
5948			    sph->subpage) {
5949				page_index = &lun->mode_pages.index[i];
5950				page_len = scsi_2btoul(sph->page_length);
5951				break;
5952			}
5953		}
5954	}
5955
5956	/*
5957	 * If we couldn't find the page, or if we don't have a mode select
5958	 * handler for it, send back an error to the user.
5959	 */
5960	if ((page_index == NULL)
5961	 || (page_index->select_handler == NULL)) {
5962		ctl_set_invalid_field(ctsio,
5963				      /*sks_valid*/ 1,
5964				      /*command*/ 0,
5965				      /*field*/ *len_used,
5966				      /*bit_valid*/ 0,
5967				      /*bit*/ 0);
5968		free(ctsio->kern_data_ptr, M_CTL);
5969		ctl_done((union ctl_io *)ctsio);
5970		return (CTL_RETVAL_COMPLETE);
5971	}
5972
5973	if (page_index->page_code & SMPH_SPF) {
5974		page_len_offset = 2;
5975		page_len_size = 2;
5976	} else {
5977		page_len_size = 1;
5978		page_len_offset = 1;
5979	}
5980
5981	/*
5982	 * If the length the initiator gives us isn't the one we specify in
5983	 * the mode page header, or if they didn't specify enough data in
5984	 * the CDB to avoid truncating this page, kick out the request.
5985	 */
5986	if ((page_len != (page_index->page_len - page_len_offset -
5987			  page_len_size))
5988	 || (*len_left < page_index->page_len)) {
5989
5990
5991		ctl_set_invalid_field(ctsio,
5992				      /*sks_valid*/ 1,
5993				      /*command*/ 0,
5994				      /*field*/ *len_used + page_len_offset,
5995				      /*bit_valid*/ 0,
5996				      /*bit*/ 0);
5997		free(ctsio->kern_data_ptr, M_CTL);
5998		ctl_done((union ctl_io *)ctsio);
5999		return (CTL_RETVAL_COMPLETE);
6000	}
6001
6002	/*
6003	 * Run through the mode page, checking to make sure that the bits
6004	 * the user changed are actually legal for him to change.
6005	 */
6006	for (i = 0; i < page_index->page_len; i++) {
6007		uint8_t *user_byte, *change_mask, *current_byte;
6008		int bad_bit;
6009		int j;
6010
6011		user_byte = (uint8_t *)page_header + i;
6012		change_mask = page_index->page_data +
6013			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6014		current_byte = page_index->page_data +
6015			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6016
6017		/*
6018		 * Check to see whether the user set any bits in this byte
6019		 * that he is not allowed to set.
6020		 */
6021		if ((*user_byte & ~(*change_mask)) ==
6022		    (*current_byte & ~(*change_mask)))
6023			continue;
6024
6025		/*
6026		 * Go through bit by bit to determine which one is illegal.
6027		 */
6028		bad_bit = 0;
6029		for (j = 7; j >= 0; j--) {
6030			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6031			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6032				bad_bit = i;
6033				break;
6034			}
6035		}
6036		ctl_set_invalid_field(ctsio,
6037				      /*sks_valid*/ 1,
6038				      /*command*/ 0,
6039				      /*field*/ *len_used + i,
6040				      /*bit_valid*/ 1,
6041				      /*bit*/ bad_bit);
6042		free(ctsio->kern_data_ptr, M_CTL);
6043		ctl_done((union ctl_io *)ctsio);
6044		return (CTL_RETVAL_COMPLETE);
6045	}
6046
6047	/*
6048	 * Decrement these before we call the page handler, since we may
6049	 * end up getting called back one way or another before the handler
6050	 * returns to this context.
6051	 */
6052	*len_left -= page_index->page_len;
6053	*len_used += page_index->page_len;
6054
6055	retval = page_index->select_handler(ctsio, page_index,
6056					    (uint8_t *)page_header);
6057
6058	/*
6059	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6060	 * wait until this queued command completes to finish processing
6061	 * the mode page.  If it returns anything other than
6062	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6063	 * already set the sense information, freed the data pointer, and
6064	 * completed the io for us.
6065	 */
6066	if (retval != CTL_RETVAL_COMPLETE)
6067		goto bailout_no_done;
6068
6069	/*
6070	 * If the initiator sent us more than one page, parse the next one.
6071	 */
6072	if (*len_left > 0)
6073		goto do_next_page;
6074
6075	ctl_set_success(ctsio);
6076	free(ctsio->kern_data_ptr, M_CTL);
6077	ctl_done((union ctl_io *)ctsio);
6078
6079bailout_no_done:
6080
6081	return (CTL_RETVAL_COMPLETE);
6082
6083}
6084
6085int
6086ctl_mode_select(struct ctl_scsiio *ctsio)
6087{
6088	int param_len, pf, sp;
6089	int header_size, bd_len;
6090	int len_left, len_used;
6091	struct ctl_page_index *page_index;
6092	struct ctl_lun *lun;
6093	int control_dev, page_len;
6094	union ctl_modepage_info *modepage_info;
6095	int retval;
6096
6097	pf = 0;
6098	sp = 0;
6099	page_len = 0;
6100	len_used = 0;
6101	len_left = 0;
6102	retval = 0;
6103	bd_len = 0;
6104	page_index = NULL;
6105
6106	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6107
6108	if (lun->be_lun->lun_type != T_DIRECT)
6109		control_dev = 1;
6110	else
6111		control_dev = 0;
6112
6113	switch (ctsio->cdb[0]) {
6114	case MODE_SELECT_6: {
6115		struct scsi_mode_select_6 *cdb;
6116
6117		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6118
6119		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6120		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6121
6122		param_len = cdb->length;
6123		header_size = sizeof(struct scsi_mode_header_6);
6124		break;
6125	}
6126	case MODE_SELECT_10: {
6127		struct scsi_mode_select_10 *cdb;
6128
6129		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6130
6131		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6132		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6133
6134		param_len = scsi_2btoul(cdb->length);
6135		header_size = sizeof(struct scsi_mode_header_10);
6136		break;
6137	}
6138	default:
6139		ctl_set_invalid_opcode(ctsio);
6140		ctl_done((union ctl_io *)ctsio);
6141		return (CTL_RETVAL_COMPLETE);
6142		break; /* NOTREACHED */
6143	}
6144
6145	/*
6146	 * From SPC-3:
6147	 * "A parameter list length of zero indicates that the Data-Out Buffer
6148	 * shall be empty. This condition shall not be considered as an error."
6149	 */
6150	if (param_len == 0) {
6151		ctl_set_success(ctsio);
6152		ctl_done((union ctl_io *)ctsio);
6153		return (CTL_RETVAL_COMPLETE);
6154	}
6155
6156	/*
6157	 * Since we'll hit this the first time through, prior to
6158	 * allocation, we don't need to free a data buffer here.
6159	 */
6160	if (param_len < header_size) {
6161		ctl_set_param_len_error(ctsio);
6162		ctl_done((union ctl_io *)ctsio);
6163		return (CTL_RETVAL_COMPLETE);
6164	}
6165
6166	/*
6167	 * Allocate the data buffer and grab the user's data.  In theory,
6168	 * we shouldn't have to sanity check the parameter list length here
6169	 * because the maximum size is 64K.  We should be able to malloc
6170	 * that much without too many problems.
6171	 */
6172	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6173		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6174		ctsio->kern_data_len = param_len;
6175		ctsio->kern_total_len = param_len;
6176		ctsio->kern_data_resid = 0;
6177		ctsio->kern_rel_offset = 0;
6178		ctsio->kern_sg_entries = 0;
6179		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6180		ctsio->be_move_done = ctl_config_move_done;
6181		ctl_datamove((union ctl_io *)ctsio);
6182
6183		return (CTL_RETVAL_COMPLETE);
6184	}
6185
6186	switch (ctsio->cdb[0]) {
6187	case MODE_SELECT_6: {
6188		struct scsi_mode_header_6 *mh6;
6189
6190		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6191		bd_len = mh6->blk_desc_len;
6192		break;
6193	}
6194	case MODE_SELECT_10: {
6195		struct scsi_mode_header_10 *mh10;
6196
6197		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6198		bd_len = scsi_2btoul(mh10->blk_desc_len);
6199		break;
6200	}
6201	default:
6202		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6203		break;
6204	}
6205
6206	if (param_len < (header_size + bd_len)) {
6207		free(ctsio->kern_data_ptr, M_CTL);
6208		ctl_set_param_len_error(ctsio);
6209		ctl_done((union ctl_io *)ctsio);
6210		return (CTL_RETVAL_COMPLETE);
6211	}
6212
6213	/*
6214	 * Set the IO_CONT flag, so that if this I/O gets passed to
6215	 * ctl_config_write_done(), it'll get passed back to
6216	 * ctl_do_mode_select() for further processing, or completion if
6217	 * we're all done.
6218	 */
6219	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6220	ctsio->io_cont = ctl_do_mode_select;
6221
6222	modepage_info = (union ctl_modepage_info *)
6223		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6224
6225	memset(modepage_info, 0, sizeof(*modepage_info));
6226
6227	len_left = param_len - header_size - bd_len;
6228	len_used = header_size + bd_len;
6229
6230	modepage_info->header.len_left = len_left;
6231	modepage_info->header.len_used = len_used;
6232
6233	return (ctl_do_mode_select((union ctl_io *)ctsio));
6234}
6235
6236int
6237ctl_mode_sense(struct ctl_scsiio *ctsio)
6238{
6239	struct ctl_lun *lun;
6240	int pc, page_code, dbd, llba, subpage;
6241	int alloc_len, page_len, header_len, total_len;
6242	struct scsi_mode_block_descr *block_desc;
6243	struct ctl_page_index *page_index;
6244	int control_dev;
6245
6246	dbd = 0;
6247	llba = 0;
6248	block_desc = NULL;
6249	page_index = NULL;
6250
6251	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6252
6253	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6254
6255	if (lun->be_lun->lun_type != T_DIRECT)
6256		control_dev = 1;
6257	else
6258		control_dev = 0;
6259
6260	switch (ctsio->cdb[0]) {
6261	case MODE_SENSE_6: {
6262		struct scsi_mode_sense_6 *cdb;
6263
6264		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6265
6266		header_len = sizeof(struct scsi_mode_hdr_6);
6267		if (cdb->byte2 & SMS_DBD)
6268			dbd = 1;
6269		else
6270			header_len += sizeof(struct scsi_mode_block_descr);
6271
6272		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6273		page_code = cdb->page & SMS_PAGE_CODE;
6274		subpage = cdb->subpage;
6275		alloc_len = cdb->length;
6276		break;
6277	}
6278	case MODE_SENSE_10: {
6279		struct scsi_mode_sense_10 *cdb;
6280
6281		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6282
6283		header_len = sizeof(struct scsi_mode_hdr_10);
6284
6285		if (cdb->byte2 & SMS_DBD)
6286			dbd = 1;
6287		else
6288			header_len += sizeof(struct scsi_mode_block_descr);
6289		if (cdb->byte2 & SMS10_LLBAA)
6290			llba = 1;
6291		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6292		page_code = cdb->page & SMS_PAGE_CODE;
6293		subpage = cdb->subpage;
6294		alloc_len = scsi_2btoul(cdb->length);
6295		break;
6296	}
6297	default:
6298		ctl_set_invalid_opcode(ctsio);
6299		ctl_done((union ctl_io *)ctsio);
6300		return (CTL_RETVAL_COMPLETE);
6301		break; /* NOTREACHED */
6302	}
6303
6304	/*
6305	 * We have to make a first pass through to calculate the size of
6306	 * the pages that match the user's query.  Then we allocate enough
6307	 * memory to hold it, and actually copy the data into the buffer.
6308	 */
6309	switch (page_code) {
6310	case SMS_ALL_PAGES_PAGE: {
6311		int i;
6312
6313		page_len = 0;
6314
6315		/*
6316		 * At the moment, values other than 0 and 0xff here are
6317		 * reserved according to SPC-3.
6318		 */
6319		if ((subpage != SMS_SUBPAGE_PAGE_0)
6320		 && (subpage != SMS_SUBPAGE_ALL)) {
6321			ctl_set_invalid_field(ctsio,
6322					      /*sks_valid*/ 1,
6323					      /*command*/ 1,
6324					      /*field*/ 3,
6325					      /*bit_valid*/ 0,
6326					      /*bit*/ 0);
6327			ctl_done((union ctl_io *)ctsio);
6328			return (CTL_RETVAL_COMPLETE);
6329		}
6330
6331		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6332			if ((control_dev != 0)
6333			 && (lun->mode_pages.index[i].page_flags &
6334			     CTL_PAGE_FLAG_DISK_ONLY))
6335				continue;
6336
6337			/*
6338			 * We don't use this subpage if the user didn't
6339			 * request all subpages.
6340			 */
6341			if ((lun->mode_pages.index[i].subpage != 0)
6342			 && (subpage == SMS_SUBPAGE_PAGE_0))
6343				continue;
6344
6345#if 0
6346			printf("found page %#x len %d\n",
6347			       lun->mode_pages.index[i].page_code &
6348			       SMPH_PC_MASK,
6349			       lun->mode_pages.index[i].page_len);
6350#endif
6351			page_len += lun->mode_pages.index[i].page_len;
6352		}
6353		break;
6354	}
6355	default: {
6356		int i;
6357
6358		page_len = 0;
6359
6360		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6361			/* Look for the right page code */
6362			if ((lun->mode_pages.index[i].page_code &
6363			     SMPH_PC_MASK) != page_code)
6364				continue;
6365
6366			/* Look for the right subpage or the subpage wildcard*/
6367			if ((lun->mode_pages.index[i].subpage != subpage)
6368			 && (subpage != SMS_SUBPAGE_ALL))
6369				continue;
6370
6371			/* Make sure the page is supported for this dev type */
6372			if ((control_dev != 0)
6373			 && (lun->mode_pages.index[i].page_flags &
6374			     CTL_PAGE_FLAG_DISK_ONLY))
6375				continue;
6376
6377#if 0
6378			printf("found page %#x len %d\n",
6379			       lun->mode_pages.index[i].page_code &
6380			       SMPH_PC_MASK,
6381			       lun->mode_pages.index[i].page_len);
6382#endif
6383
6384			page_len += lun->mode_pages.index[i].page_len;
6385		}
6386
6387		if (page_len == 0) {
6388			ctl_set_invalid_field(ctsio,
6389					      /*sks_valid*/ 1,
6390					      /*command*/ 1,
6391					      /*field*/ 2,
6392					      /*bit_valid*/ 1,
6393					      /*bit*/ 5);
6394			ctl_done((union ctl_io *)ctsio);
6395			return (CTL_RETVAL_COMPLETE);
6396		}
6397		break;
6398	}
6399	}
6400
6401	total_len = header_len + page_len;
6402#if 0
6403	printf("header_len = %d, page_len = %d, total_len = %d\n",
6404	       header_len, page_len, total_len);
6405#endif
6406
6407	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6408	ctsio->kern_sg_entries = 0;
6409	ctsio->kern_data_resid = 0;
6410	ctsio->kern_rel_offset = 0;
6411	if (total_len < alloc_len) {
6412		ctsio->residual = alloc_len - total_len;
6413		ctsio->kern_data_len = total_len;
6414		ctsio->kern_total_len = total_len;
6415	} else {
6416		ctsio->residual = 0;
6417		ctsio->kern_data_len = alloc_len;
6418		ctsio->kern_total_len = alloc_len;
6419	}
6420
6421	switch (ctsio->cdb[0]) {
6422	case MODE_SENSE_6: {
6423		struct scsi_mode_hdr_6 *header;
6424
6425		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6426
6427		header->datalen = MIN(total_len - 1, 254);
6428		if (control_dev == 0) {
6429			header->dev_specific = 0x10; /* DPOFUA */
6430			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6431			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6432			    .eca_and_aen & SCP_SWP) != 0)
6433				    header->dev_specific |= 0x80; /* WP */
6434		}
6435		if (dbd)
6436			header->block_descr_len = 0;
6437		else
6438			header->block_descr_len =
6439				sizeof(struct scsi_mode_block_descr);
6440		block_desc = (struct scsi_mode_block_descr *)&header[1];
6441		break;
6442	}
6443	case MODE_SENSE_10: {
6444		struct scsi_mode_hdr_10 *header;
6445		int datalen;
6446
6447		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6448
6449		datalen = MIN(total_len - 2, 65533);
6450		scsi_ulto2b(datalen, header->datalen);
6451		if (control_dev == 0) {
6452			header->dev_specific = 0x10; /* DPOFUA */
6453			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6454			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6455			    .eca_and_aen & SCP_SWP) != 0)
6456				    header->dev_specific |= 0x80; /* WP */
6457		}
6458		if (dbd)
6459			scsi_ulto2b(0, header->block_descr_len);
6460		else
6461			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6462				    header->block_descr_len);
6463		block_desc = (struct scsi_mode_block_descr *)&header[1];
6464		break;
6465	}
6466	default:
6467		panic("invalid CDB type %#x", ctsio->cdb[0]);
6468		break; /* NOTREACHED */
6469	}
6470
6471	/*
6472	 * If we've got a disk, use its blocksize in the block
6473	 * descriptor.  Otherwise, just set it to 0.
6474	 */
6475	if (dbd == 0) {
6476		if (control_dev == 0)
6477			scsi_ulto3b(lun->be_lun->blocksize,
6478				    block_desc->block_len);
6479		else
6480			scsi_ulto3b(0, block_desc->block_len);
6481	}
6482
6483	switch (page_code) {
6484	case SMS_ALL_PAGES_PAGE: {
6485		int i, data_used;
6486
6487		data_used = header_len;
6488		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6489			struct ctl_page_index *page_index;
6490
6491			page_index = &lun->mode_pages.index[i];
6492
6493			if ((control_dev != 0)
6494			 && (page_index->page_flags &
6495			    CTL_PAGE_FLAG_DISK_ONLY))
6496				continue;
6497
6498			/*
6499			 * We don't use this subpage if the user didn't
6500			 * request all subpages.  We already checked (above)
6501			 * to make sure the user only specified a subpage
6502			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6503			 */
6504			if ((page_index->subpage != 0)
6505			 && (subpage == SMS_SUBPAGE_PAGE_0))
6506				continue;
6507
6508			/*
6509			 * Call the handler, if it exists, to update the
6510			 * page to the latest values.
6511			 */
6512			if (page_index->sense_handler != NULL)
6513				page_index->sense_handler(ctsio, page_index,pc);
6514
6515			memcpy(ctsio->kern_data_ptr + data_used,
6516			       page_index->page_data +
6517			       (page_index->page_len * pc),
6518			       page_index->page_len);
6519			data_used += page_index->page_len;
6520		}
6521		break;
6522	}
6523	default: {
6524		int i, data_used;
6525
6526		data_used = header_len;
6527
6528		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6529			struct ctl_page_index *page_index;
6530
6531			page_index = &lun->mode_pages.index[i];
6532
6533			/* Look for the right page code */
6534			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6535				continue;
6536
6537			/* Look for the right subpage or the subpage wildcard*/
6538			if ((page_index->subpage != subpage)
6539			 && (subpage != SMS_SUBPAGE_ALL))
6540				continue;
6541
6542			/* Make sure the page is supported for this dev type */
6543			if ((control_dev != 0)
6544			 && (page_index->page_flags &
6545			     CTL_PAGE_FLAG_DISK_ONLY))
6546				continue;
6547
6548			/*
6549			 * Call the handler, if it exists, to update the
6550			 * page to the latest values.
6551			 */
6552			if (page_index->sense_handler != NULL)
6553				page_index->sense_handler(ctsio, page_index,pc);
6554
6555			memcpy(ctsio->kern_data_ptr + data_used,
6556			       page_index->page_data +
6557			       (page_index->page_len * pc),
6558			       page_index->page_len);
6559			data_used += page_index->page_len;
6560		}
6561		break;
6562	}
6563	}
6564
6565	ctl_set_success(ctsio);
6566	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6567	ctsio->be_move_done = ctl_config_move_done;
6568	ctl_datamove((union ctl_io *)ctsio);
6569	return (CTL_RETVAL_COMPLETE);
6570}
6571
6572int
6573ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6574			       struct ctl_page_index *page_index,
6575			       int pc)
6576{
6577	struct ctl_lun *lun;
6578	struct scsi_log_param_header *phdr;
6579	uint8_t *data;
6580	uint64_t val;
6581
6582	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6583	data = page_index->page_data;
6584
6585	if (lun->backend->lun_attr != NULL &&
6586	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6587	     != UINT64_MAX) {
6588		phdr = (struct scsi_log_param_header *)data;
6589		scsi_ulto2b(0x0001, phdr->param_code);
6590		phdr->param_control = SLP_LBIN | SLP_LP;
6591		phdr->param_len = 8;
6592		data = (uint8_t *)(phdr + 1);
6593		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6594		data[4] = 0x02; /* per-pool */
6595		data += phdr->param_len;
6596	}
6597
6598	if (lun->backend->lun_attr != NULL &&
6599	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6600	     != UINT64_MAX) {
6601		phdr = (struct scsi_log_param_header *)data;
6602		scsi_ulto2b(0x0002, phdr->param_code);
6603		phdr->param_control = SLP_LBIN | SLP_LP;
6604		phdr->param_len = 8;
6605		data = (uint8_t *)(phdr + 1);
6606		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6607		data[4] = 0x01; /* per-LUN */
6608		data += phdr->param_len;
6609	}
6610
6611	if (lun->backend->lun_attr != NULL &&
6612	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6613	     != UINT64_MAX) {
6614		phdr = (struct scsi_log_param_header *)data;
6615		scsi_ulto2b(0x00f1, phdr->param_code);
6616		phdr->param_control = SLP_LBIN | SLP_LP;
6617		phdr->param_len = 8;
6618		data = (uint8_t *)(phdr + 1);
6619		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6620		data[4] = 0x02; /* per-pool */
6621		data += phdr->param_len;
6622	}
6623
6624	if (lun->backend->lun_attr != NULL &&
6625	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6626	     != UINT64_MAX) {
6627		phdr = (struct scsi_log_param_header *)data;
6628		scsi_ulto2b(0x00f2, phdr->param_code);
6629		phdr->param_control = SLP_LBIN | SLP_LP;
6630		phdr->param_len = 8;
6631		data = (uint8_t *)(phdr + 1);
6632		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6633		data[4] = 0x02; /* per-pool */
6634		data += phdr->param_len;
6635	}
6636
6637	page_index->page_len = data - page_index->page_data;
6638	return (0);
6639}
6640
6641int
6642ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6643			       struct ctl_page_index *page_index,
6644			       int pc)
6645{
6646	struct ctl_lun *lun;
6647	struct stat_page *data;
6648	uint64_t rn, wn, rb, wb;
6649	struct bintime rt, wt;
6650	int i;
6651
6652	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6653	data = (struct stat_page *)page_index->page_data;
6654
6655	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6656	data->sap.hdr.param_control = SLP_LBIN;
6657	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6658	    sizeof(struct scsi_log_param_header);
6659	rn = wn = rb = wb = 0;
6660	bintime_clear(&rt);
6661	bintime_clear(&wt);
6662	for (i = 0; i < CTL_MAX_PORTS; i++) {
6663		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6664		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6665		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6666		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6667		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6668		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6669	}
6670	scsi_u64to8b(rn, data->sap.read_num);
6671	scsi_u64to8b(wn, data->sap.write_num);
6672	if (lun->stats.blocksize > 0) {
6673		scsi_u64to8b(wb / lun->stats.blocksize,
6674		    data->sap.recvieved_lba);
6675		scsi_u64to8b(rb / lun->stats.blocksize,
6676		    data->sap.transmitted_lba);
6677	}
6678	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6679	    data->sap.read_int);
6680	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6681	    data->sap.write_int);
6682	scsi_u64to8b(0, data->sap.weighted_num);
6683	scsi_u64to8b(0, data->sap.weighted_int);
6684	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6685	data->it.hdr.param_control = SLP_LBIN;
6686	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6687	    sizeof(struct scsi_log_param_header);
6688#ifdef CTL_TIME_IO
6689	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6690#endif
6691	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6692	data->it.hdr.param_control = SLP_LBIN;
6693	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6694	    sizeof(struct scsi_log_param_header);
6695	scsi_ulto4b(3, data->ti.exponent);
6696	scsi_ulto4b(1, data->ti.integer);
6697
6698	page_index->page_len = sizeof(*data);
6699	return (0);
6700}
6701
6702int
6703ctl_log_sense(struct ctl_scsiio *ctsio)
6704{
6705	struct ctl_lun *lun;
6706	int i, pc, page_code, subpage;
6707	int alloc_len, total_len;
6708	struct ctl_page_index *page_index;
6709	struct scsi_log_sense *cdb;
6710	struct scsi_log_header *header;
6711
6712	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6713
6714	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6715	cdb = (struct scsi_log_sense *)ctsio->cdb;
6716	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6717	page_code = cdb->page & SLS_PAGE_CODE;
6718	subpage = cdb->subpage;
6719	alloc_len = scsi_2btoul(cdb->length);
6720
6721	page_index = NULL;
6722	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6723		page_index = &lun->log_pages.index[i];
6724
6725		/* Look for the right page code */
6726		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6727			continue;
6728
6729		/* Look for the right subpage or the subpage wildcard*/
6730		if (page_index->subpage != subpage)
6731			continue;
6732
6733		break;
6734	}
6735	if (i >= CTL_NUM_LOG_PAGES) {
6736		ctl_set_invalid_field(ctsio,
6737				      /*sks_valid*/ 1,
6738				      /*command*/ 1,
6739				      /*field*/ 2,
6740				      /*bit_valid*/ 0,
6741				      /*bit*/ 0);
6742		ctl_done((union ctl_io *)ctsio);
6743		return (CTL_RETVAL_COMPLETE);
6744	}
6745
6746	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6747
6748	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6749	ctsio->kern_sg_entries = 0;
6750	ctsio->kern_data_resid = 0;
6751	ctsio->kern_rel_offset = 0;
6752	if (total_len < alloc_len) {
6753		ctsio->residual = alloc_len - total_len;
6754		ctsio->kern_data_len = total_len;
6755		ctsio->kern_total_len = total_len;
6756	} else {
6757		ctsio->residual = 0;
6758		ctsio->kern_data_len = alloc_len;
6759		ctsio->kern_total_len = alloc_len;
6760	}
6761
6762	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6763	header->page = page_index->page_code;
6764	if (page_index->subpage) {
6765		header->page |= SL_SPF;
6766		header->subpage = page_index->subpage;
6767	}
6768	scsi_ulto2b(page_index->page_len, header->datalen);
6769
6770	/*
6771	 * Call the handler, if it exists, to update the
6772	 * page to the latest values.
6773	 */
6774	if (page_index->sense_handler != NULL)
6775		page_index->sense_handler(ctsio, page_index, pc);
6776
6777	memcpy(header + 1, page_index->page_data, page_index->page_len);
6778
6779	ctl_set_success(ctsio);
6780	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6781	ctsio->be_move_done = ctl_config_move_done;
6782	ctl_datamove((union ctl_io *)ctsio);
6783	return (CTL_RETVAL_COMPLETE);
6784}
6785
6786int
6787ctl_read_capacity(struct ctl_scsiio *ctsio)
6788{
6789	struct scsi_read_capacity *cdb;
6790	struct scsi_read_capacity_data *data;
6791	struct ctl_lun *lun;
6792	uint32_t lba;
6793
6794	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6795
6796	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6797
6798	lba = scsi_4btoul(cdb->addr);
6799	if (((cdb->pmi & SRC_PMI) == 0)
6800	 && (lba != 0)) {
6801		ctl_set_invalid_field(/*ctsio*/ ctsio,
6802				      /*sks_valid*/ 1,
6803				      /*command*/ 1,
6804				      /*field*/ 2,
6805				      /*bit_valid*/ 0,
6806				      /*bit*/ 0);
6807		ctl_done((union ctl_io *)ctsio);
6808		return (CTL_RETVAL_COMPLETE);
6809	}
6810
6811	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6812
6813	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6814	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6815	ctsio->residual = 0;
6816	ctsio->kern_data_len = sizeof(*data);
6817	ctsio->kern_total_len = sizeof(*data);
6818	ctsio->kern_data_resid = 0;
6819	ctsio->kern_rel_offset = 0;
6820	ctsio->kern_sg_entries = 0;
6821
6822	/*
6823	 * If the maximum LBA is greater than 0xfffffffe, the user must
6824	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6825	 * serivce action set.
6826	 */
6827	if (lun->be_lun->maxlba > 0xfffffffe)
6828		scsi_ulto4b(0xffffffff, data->addr);
6829	else
6830		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6831
6832	/*
6833	 * XXX KDM this may not be 512 bytes...
6834	 */
6835	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6836
6837	ctl_set_success(ctsio);
6838	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6839	ctsio->be_move_done = ctl_config_move_done;
6840	ctl_datamove((union ctl_io *)ctsio);
6841	return (CTL_RETVAL_COMPLETE);
6842}
6843
6844int
6845ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6846{
6847	struct scsi_read_capacity_16 *cdb;
6848	struct scsi_read_capacity_data_long *data;
6849	struct ctl_lun *lun;
6850	uint64_t lba;
6851	uint32_t alloc_len;
6852
6853	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6854
6855	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6856
6857	alloc_len = scsi_4btoul(cdb->alloc_len);
6858	lba = scsi_8btou64(cdb->addr);
6859
6860	if ((cdb->reladr & SRC16_PMI)
6861	 && (lba != 0)) {
6862		ctl_set_invalid_field(/*ctsio*/ ctsio,
6863				      /*sks_valid*/ 1,
6864				      /*command*/ 1,
6865				      /*field*/ 2,
6866				      /*bit_valid*/ 0,
6867				      /*bit*/ 0);
6868		ctl_done((union ctl_io *)ctsio);
6869		return (CTL_RETVAL_COMPLETE);
6870	}
6871
6872	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6873
6874	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6875	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6876
6877	if (sizeof(*data) < alloc_len) {
6878		ctsio->residual = alloc_len - sizeof(*data);
6879		ctsio->kern_data_len = sizeof(*data);
6880		ctsio->kern_total_len = sizeof(*data);
6881	} else {
6882		ctsio->residual = 0;
6883		ctsio->kern_data_len = alloc_len;
6884		ctsio->kern_total_len = alloc_len;
6885	}
6886	ctsio->kern_data_resid = 0;
6887	ctsio->kern_rel_offset = 0;
6888	ctsio->kern_sg_entries = 0;
6889
6890	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6891	/* XXX KDM this may not be 512 bytes... */
6892	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6893	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6894	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6895	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6896		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6897
6898	ctl_set_success(ctsio);
6899	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6900	ctsio->be_move_done = ctl_config_move_done;
6901	ctl_datamove((union ctl_io *)ctsio);
6902	return (CTL_RETVAL_COMPLETE);
6903}
6904
6905int
6906ctl_get_lba_status(struct ctl_scsiio *ctsio)
6907{
6908	struct scsi_get_lba_status *cdb;
6909	struct scsi_get_lba_status_data *data;
6910	struct ctl_lun *lun;
6911	struct ctl_lba_len_flags *lbalen;
6912	uint64_t lba;
6913	uint32_t alloc_len, total_len;
6914	int retval;
6915
6916	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6917
6918	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6919	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6920	lba = scsi_8btou64(cdb->addr);
6921	alloc_len = scsi_4btoul(cdb->alloc_len);
6922
6923	if (lba > lun->be_lun->maxlba) {
6924		ctl_set_lba_out_of_range(ctsio);
6925		ctl_done((union ctl_io *)ctsio);
6926		return (CTL_RETVAL_COMPLETE);
6927	}
6928
6929	total_len = sizeof(*data) + sizeof(data->descr[0]);
6930	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6931	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6932
6933	if (total_len < alloc_len) {
6934		ctsio->residual = alloc_len - total_len;
6935		ctsio->kern_data_len = total_len;
6936		ctsio->kern_total_len = total_len;
6937	} else {
6938		ctsio->residual = 0;
6939		ctsio->kern_data_len = alloc_len;
6940		ctsio->kern_total_len = alloc_len;
6941	}
6942	ctsio->kern_data_resid = 0;
6943	ctsio->kern_rel_offset = 0;
6944	ctsio->kern_sg_entries = 0;
6945
6946	/* Fill dummy data in case backend can't tell anything. */
6947	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6948	scsi_u64to8b(lba, data->descr[0].addr);
6949	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6950	    data->descr[0].length);
6951	data->descr[0].status = 0; /* Mapped or unknown. */
6952
6953	ctl_set_success(ctsio);
6954	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6955	ctsio->be_move_done = ctl_config_move_done;
6956
6957	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6958	lbalen->lba = lba;
6959	lbalen->len = total_len;
6960	lbalen->flags = 0;
6961	retval = lun->backend->config_read((union ctl_io *)ctsio);
6962	return (CTL_RETVAL_COMPLETE);
6963}
6964
6965int
6966ctl_read_defect(struct ctl_scsiio *ctsio)
6967{
6968	struct scsi_read_defect_data_10 *ccb10;
6969	struct scsi_read_defect_data_12 *ccb12;
6970	struct scsi_read_defect_data_hdr_10 *data10;
6971	struct scsi_read_defect_data_hdr_12 *data12;
6972	uint32_t alloc_len, data_len;
6973	uint8_t format;
6974
6975	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6976
6977	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6978		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6979		format = ccb10->format;
6980		alloc_len = scsi_2btoul(ccb10->alloc_length);
6981		data_len = sizeof(*data10);
6982	} else {
6983		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6984		format = ccb12->format;
6985		alloc_len = scsi_4btoul(ccb12->alloc_length);
6986		data_len = sizeof(*data12);
6987	}
6988	if (alloc_len == 0) {
6989		ctl_set_success(ctsio);
6990		ctl_done((union ctl_io *)ctsio);
6991		return (CTL_RETVAL_COMPLETE);
6992	}
6993
6994	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6995	if (data_len < alloc_len) {
6996		ctsio->residual = alloc_len - data_len;
6997		ctsio->kern_data_len = data_len;
6998		ctsio->kern_total_len = data_len;
6999	} else {
7000		ctsio->residual = 0;
7001		ctsio->kern_data_len = alloc_len;
7002		ctsio->kern_total_len = alloc_len;
7003	}
7004	ctsio->kern_data_resid = 0;
7005	ctsio->kern_rel_offset = 0;
7006	ctsio->kern_sg_entries = 0;
7007
7008	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7009		data10 = (struct scsi_read_defect_data_hdr_10 *)
7010		    ctsio->kern_data_ptr;
7011		data10->format = format;
7012		scsi_ulto2b(0, data10->length);
7013	} else {
7014		data12 = (struct scsi_read_defect_data_hdr_12 *)
7015		    ctsio->kern_data_ptr;
7016		data12->format = format;
7017		scsi_ulto2b(0, data12->generation);
7018		scsi_ulto4b(0, data12->length);
7019	}
7020
7021	ctl_set_success(ctsio);
7022	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7023	ctsio->be_move_done = ctl_config_move_done;
7024	ctl_datamove((union ctl_io *)ctsio);
7025	return (CTL_RETVAL_COMPLETE);
7026}
7027
7028int
7029ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7030{
7031	struct scsi_maintenance_in *cdb;
7032	int retval;
7033	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7034	int num_target_port_groups, num_target_ports;
7035	struct ctl_lun *lun;
7036	struct ctl_softc *softc;
7037	struct ctl_port *port;
7038	struct scsi_target_group_data *rtg_ptr;
7039	struct scsi_target_group_data_extended *rtg_ext_ptr;
7040	struct scsi_target_port_group_descriptor *tpg_desc;
7041
7042	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7043
7044	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7045	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7046	softc = lun->ctl_softc;
7047
7048	retval = CTL_RETVAL_COMPLETE;
7049
7050	switch (cdb->byte2 & STG_PDF_MASK) {
7051	case STG_PDF_LENGTH:
7052		ext = 0;
7053		break;
7054	case STG_PDF_EXTENDED:
7055		ext = 1;
7056		break;
7057	default:
7058		ctl_set_invalid_field(/*ctsio*/ ctsio,
7059				      /*sks_valid*/ 1,
7060				      /*command*/ 1,
7061				      /*field*/ 2,
7062				      /*bit_valid*/ 1,
7063				      /*bit*/ 5);
7064		ctl_done((union ctl_io *)ctsio);
7065		return(retval);
7066	}
7067
7068	if (softc->is_single)
7069		num_target_port_groups = 1;
7070	else
7071		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7072	num_target_ports = 0;
7073	mtx_lock(&softc->ctl_lock);
7074	STAILQ_FOREACH(port, &softc->port_list, links) {
7075		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7076			continue;
7077		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7078			continue;
7079		num_target_ports++;
7080	}
7081	mtx_unlock(&softc->ctl_lock);
7082
7083	if (ext)
7084		total_len = sizeof(struct scsi_target_group_data_extended);
7085	else
7086		total_len = sizeof(struct scsi_target_group_data);
7087	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7088		num_target_port_groups +
7089	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7090
7091	alloc_len = scsi_4btoul(cdb->length);
7092
7093	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7094
7095	ctsio->kern_sg_entries = 0;
7096
7097	if (total_len < alloc_len) {
7098		ctsio->residual = alloc_len - total_len;
7099		ctsio->kern_data_len = total_len;
7100		ctsio->kern_total_len = total_len;
7101	} else {
7102		ctsio->residual = 0;
7103		ctsio->kern_data_len = alloc_len;
7104		ctsio->kern_total_len = alloc_len;
7105	}
7106	ctsio->kern_data_resid = 0;
7107	ctsio->kern_rel_offset = 0;
7108
7109	if (ext) {
7110		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7111		    ctsio->kern_data_ptr;
7112		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7113		rtg_ext_ptr->format_type = 0x10;
7114		rtg_ext_ptr->implicit_transition_time = 0;
7115		tpg_desc = &rtg_ext_ptr->groups[0];
7116	} else {
7117		rtg_ptr = (struct scsi_target_group_data *)
7118		    ctsio->kern_data_ptr;
7119		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7120		tpg_desc = &rtg_ptr->groups[0];
7121	}
7122
7123	mtx_lock(&softc->ctl_lock);
7124	pg = softc->port_min / softc->port_cnt;
7125	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7126		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7127	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7128		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7129	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7130		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7131	else
7132		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7133	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7134		os = gs;
7135		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7136	} else
7137		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7138	for (g = 0; g < num_target_port_groups; g++) {
7139		tpg_desc->pref_state = (g == pg) ? gs : os;
7140		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7141		    TPG_U_SUP | TPG_T_SUP;
7142		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7143		tpg_desc->status = TPG_IMPLICIT;
7144		pc = 0;
7145		STAILQ_FOREACH(port, &softc->port_list, links) {
7146			if (port->targ_port < g * softc->port_cnt ||
7147			    port->targ_port >= (g + 1) * softc->port_cnt)
7148				continue;
7149			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7150				continue;
7151			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7152				continue;
7153			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7154			    relative_target_port_identifier);
7155			pc++;
7156		}
7157		tpg_desc->target_port_count = pc;
7158		tpg_desc = (struct scsi_target_port_group_descriptor *)
7159		    &tpg_desc->descriptors[pc];
7160	}
7161	mtx_unlock(&softc->ctl_lock);
7162
7163	ctl_set_success(ctsio);
7164	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7165	ctsio->be_move_done = ctl_config_move_done;
7166	ctl_datamove((union ctl_io *)ctsio);
7167	return(retval);
7168}
7169
7170int
7171ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7172{
7173	struct ctl_lun *lun;
7174	struct scsi_report_supported_opcodes *cdb;
7175	const struct ctl_cmd_entry *entry, *sentry;
7176	struct scsi_report_supported_opcodes_all *all;
7177	struct scsi_report_supported_opcodes_descr *descr;
7178	struct scsi_report_supported_opcodes_one *one;
7179	int retval;
7180	int alloc_len, total_len;
7181	int opcode, service_action, i, j, num;
7182
7183	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7184
7185	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7186	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7187
7188	retval = CTL_RETVAL_COMPLETE;
7189
7190	opcode = cdb->requested_opcode;
7191	service_action = scsi_2btoul(cdb->requested_service_action);
7192	switch (cdb->options & RSO_OPTIONS_MASK) {
7193	case RSO_OPTIONS_ALL:
7194		num = 0;
7195		for (i = 0; i < 256; i++) {
7196			entry = &ctl_cmd_table[i];
7197			if (entry->flags & CTL_CMD_FLAG_SA5) {
7198				for (j = 0; j < 32; j++) {
7199					sentry = &((const struct ctl_cmd_entry *)
7200					    entry->execute)[j];
7201					if (ctl_cmd_applicable(
7202					    lun->be_lun->lun_type, sentry))
7203						num++;
7204				}
7205			} else {
7206				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7207				    entry))
7208					num++;
7209			}
7210		}
7211		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7212		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7213		break;
7214	case RSO_OPTIONS_OC:
7215		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7216			ctl_set_invalid_field(/*ctsio*/ ctsio,
7217					      /*sks_valid*/ 1,
7218					      /*command*/ 1,
7219					      /*field*/ 2,
7220					      /*bit_valid*/ 1,
7221					      /*bit*/ 2);
7222			ctl_done((union ctl_io *)ctsio);
7223			return (CTL_RETVAL_COMPLETE);
7224		}
7225		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7226		break;
7227	case RSO_OPTIONS_OC_SA:
7228		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7229		    service_action >= 32) {
7230			ctl_set_invalid_field(/*ctsio*/ ctsio,
7231					      /*sks_valid*/ 1,
7232					      /*command*/ 1,
7233					      /*field*/ 2,
7234					      /*bit_valid*/ 1,
7235					      /*bit*/ 2);
7236			ctl_done((union ctl_io *)ctsio);
7237			return (CTL_RETVAL_COMPLETE);
7238		}
7239		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7240		break;
7241	default:
7242		ctl_set_invalid_field(/*ctsio*/ ctsio,
7243				      /*sks_valid*/ 1,
7244				      /*command*/ 1,
7245				      /*field*/ 2,
7246				      /*bit_valid*/ 1,
7247				      /*bit*/ 2);
7248		ctl_done((union ctl_io *)ctsio);
7249		return (CTL_RETVAL_COMPLETE);
7250	}
7251
7252	alloc_len = scsi_4btoul(cdb->length);
7253
7254	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7255
7256	ctsio->kern_sg_entries = 0;
7257
7258	if (total_len < alloc_len) {
7259		ctsio->residual = alloc_len - total_len;
7260		ctsio->kern_data_len = total_len;
7261		ctsio->kern_total_len = total_len;
7262	} else {
7263		ctsio->residual = 0;
7264		ctsio->kern_data_len = alloc_len;
7265		ctsio->kern_total_len = alloc_len;
7266	}
7267	ctsio->kern_data_resid = 0;
7268	ctsio->kern_rel_offset = 0;
7269
7270	switch (cdb->options & RSO_OPTIONS_MASK) {
7271	case RSO_OPTIONS_ALL:
7272		all = (struct scsi_report_supported_opcodes_all *)
7273		    ctsio->kern_data_ptr;
7274		num = 0;
7275		for (i = 0; i < 256; i++) {
7276			entry = &ctl_cmd_table[i];
7277			if (entry->flags & CTL_CMD_FLAG_SA5) {
7278				for (j = 0; j < 32; j++) {
7279					sentry = &((const struct ctl_cmd_entry *)
7280					    entry->execute)[j];
7281					if (!ctl_cmd_applicable(
7282					    lun->be_lun->lun_type, sentry))
7283						continue;
7284					descr = &all->descr[num++];
7285					descr->opcode = i;
7286					scsi_ulto2b(j, descr->service_action);
7287					descr->flags = RSO_SERVACTV;
7288					scsi_ulto2b(sentry->length,
7289					    descr->cdb_length);
7290				}
7291			} else {
7292				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7293				    entry))
7294					continue;
7295				descr = &all->descr[num++];
7296				descr->opcode = i;
7297				scsi_ulto2b(0, descr->service_action);
7298				descr->flags = 0;
7299				scsi_ulto2b(entry->length, descr->cdb_length);
7300			}
7301		}
7302		scsi_ulto4b(
7303		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7304		    all->length);
7305		break;
7306	case RSO_OPTIONS_OC:
7307		one = (struct scsi_report_supported_opcodes_one *)
7308		    ctsio->kern_data_ptr;
7309		entry = &ctl_cmd_table[opcode];
7310		goto fill_one;
7311	case RSO_OPTIONS_OC_SA:
7312		one = (struct scsi_report_supported_opcodes_one *)
7313		    ctsio->kern_data_ptr;
7314		entry = &ctl_cmd_table[opcode];
7315		entry = &((const struct ctl_cmd_entry *)
7316		    entry->execute)[service_action];
7317fill_one:
7318		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7319			one->support = 3;
7320			scsi_ulto2b(entry->length, one->cdb_length);
7321			one->cdb_usage[0] = opcode;
7322			memcpy(&one->cdb_usage[1], entry->usage,
7323			    entry->length - 1);
7324		} else
7325			one->support = 1;
7326		break;
7327	}
7328
7329	ctl_set_success(ctsio);
7330	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7331	ctsio->be_move_done = ctl_config_move_done;
7332	ctl_datamove((union ctl_io *)ctsio);
7333	return(retval);
7334}
7335
7336int
7337ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7338{
7339	struct scsi_report_supported_tmf *cdb;
7340	struct scsi_report_supported_tmf_data *data;
7341	int retval;
7342	int alloc_len, total_len;
7343
7344	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7345
7346	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7347
7348	retval = CTL_RETVAL_COMPLETE;
7349
7350	total_len = sizeof(struct scsi_report_supported_tmf_data);
7351	alloc_len = scsi_4btoul(cdb->length);
7352
7353	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7354
7355	ctsio->kern_sg_entries = 0;
7356
7357	if (total_len < alloc_len) {
7358		ctsio->residual = alloc_len - total_len;
7359		ctsio->kern_data_len = total_len;
7360		ctsio->kern_total_len = total_len;
7361	} else {
7362		ctsio->residual = 0;
7363		ctsio->kern_data_len = alloc_len;
7364		ctsio->kern_total_len = alloc_len;
7365	}
7366	ctsio->kern_data_resid = 0;
7367	ctsio->kern_rel_offset = 0;
7368
7369	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7370	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7371	    RST_TRS;
7372	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7373
7374	ctl_set_success(ctsio);
7375	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7376	ctsio->be_move_done = ctl_config_move_done;
7377	ctl_datamove((union ctl_io *)ctsio);
7378	return (retval);
7379}
7380
7381int
7382ctl_report_timestamp(struct ctl_scsiio *ctsio)
7383{
7384	struct scsi_report_timestamp *cdb;
7385	struct scsi_report_timestamp_data *data;
7386	struct timeval tv;
7387	int64_t timestamp;
7388	int retval;
7389	int alloc_len, total_len;
7390
7391	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7392
7393	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7394
7395	retval = CTL_RETVAL_COMPLETE;
7396
7397	total_len = sizeof(struct scsi_report_timestamp_data);
7398	alloc_len = scsi_4btoul(cdb->length);
7399
7400	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7401
7402	ctsio->kern_sg_entries = 0;
7403
7404	if (total_len < alloc_len) {
7405		ctsio->residual = alloc_len - total_len;
7406		ctsio->kern_data_len = total_len;
7407		ctsio->kern_total_len = total_len;
7408	} else {
7409		ctsio->residual = 0;
7410		ctsio->kern_data_len = alloc_len;
7411		ctsio->kern_total_len = alloc_len;
7412	}
7413	ctsio->kern_data_resid = 0;
7414	ctsio->kern_rel_offset = 0;
7415
7416	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7417	scsi_ulto2b(sizeof(*data) - 2, data->length);
7418	data->origin = RTS_ORIG_OUTSIDE;
7419	getmicrotime(&tv);
7420	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7421	scsi_ulto4b(timestamp >> 16, data->timestamp);
7422	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7423
7424	ctl_set_success(ctsio);
7425	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7426	ctsio->be_move_done = ctl_config_move_done;
7427	ctl_datamove((union ctl_io *)ctsio);
7428	return (retval);
7429}
7430
7431int
7432ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7433{
7434	struct scsi_per_res_in *cdb;
7435	int alloc_len, total_len = 0;
7436	/* struct scsi_per_res_in_rsrv in_data; */
7437	struct ctl_lun *lun;
7438	struct ctl_softc *softc;
7439	uint64_t key;
7440
7441	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7442
7443	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7444
7445	alloc_len = scsi_2btoul(cdb->length);
7446
7447	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7448	softc = lun->ctl_softc;
7449
7450retry:
7451	mtx_lock(&lun->lun_lock);
7452	switch (cdb->action) {
7453	case SPRI_RK: /* read keys */
7454		total_len = sizeof(struct scsi_per_res_in_keys) +
7455			lun->pr_key_count *
7456			sizeof(struct scsi_per_res_key);
7457		break;
7458	case SPRI_RR: /* read reservation */
7459		if (lun->flags & CTL_LUN_PR_RESERVED)
7460			total_len = sizeof(struct scsi_per_res_in_rsrv);
7461		else
7462			total_len = sizeof(struct scsi_per_res_in_header);
7463		break;
7464	case SPRI_RC: /* report capabilities */
7465		total_len = sizeof(struct scsi_per_res_cap);
7466		break;
7467	case SPRI_RS: /* read full status */
7468		total_len = sizeof(struct scsi_per_res_in_header) +
7469		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7470		    lun->pr_key_count;
7471		break;
7472	default:
7473		panic("Invalid PR type %x", cdb->action);
7474	}
7475	mtx_unlock(&lun->lun_lock);
7476
7477	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7478
7479	if (total_len < alloc_len) {
7480		ctsio->residual = alloc_len - total_len;
7481		ctsio->kern_data_len = total_len;
7482		ctsio->kern_total_len = total_len;
7483	} else {
7484		ctsio->residual = 0;
7485		ctsio->kern_data_len = alloc_len;
7486		ctsio->kern_total_len = alloc_len;
7487	}
7488
7489	ctsio->kern_data_resid = 0;
7490	ctsio->kern_rel_offset = 0;
7491	ctsio->kern_sg_entries = 0;
7492
7493	mtx_lock(&lun->lun_lock);
7494	switch (cdb->action) {
7495	case SPRI_RK: { // read keys
7496        struct scsi_per_res_in_keys *res_keys;
7497		int i, key_count;
7498
7499		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7500
7501		/*
7502		 * We had to drop the lock to allocate our buffer, which
7503		 * leaves time for someone to come in with another
7504		 * persistent reservation.  (That is unlikely, though,
7505		 * since this should be the only persistent reservation
7506		 * command active right now.)
7507		 */
7508		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7509		    (lun->pr_key_count *
7510		     sizeof(struct scsi_per_res_key)))){
7511			mtx_unlock(&lun->lun_lock);
7512			free(ctsio->kern_data_ptr, M_CTL);
7513			printf("%s: reservation length changed, retrying\n",
7514			       __func__);
7515			goto retry;
7516		}
7517
7518		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7519
7520		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7521			     lun->pr_key_count, res_keys->header.length);
7522
7523		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7524			if ((key = ctl_get_prkey(lun, i)) == 0)
7525				continue;
7526
7527			/*
7528			 * We used lun->pr_key_count to calculate the
7529			 * size to allocate.  If it turns out the number of
7530			 * initiators with the registered flag set is
7531			 * larger than that (i.e. they haven't been kept in
7532			 * sync), we've got a problem.
7533			 */
7534			if (key_count >= lun->pr_key_count) {
7535#ifdef NEEDTOPORT
7536				csevent_log(CSC_CTL | CSC_SHELF_SW |
7537					    CTL_PR_ERROR,
7538					    csevent_LogType_Fault,
7539					    csevent_AlertLevel_Yellow,
7540					    csevent_FRU_ShelfController,
7541					    csevent_FRU_Firmware,
7542				        csevent_FRU_Unknown,
7543					    "registered keys %d >= key "
7544					    "count %d", key_count,
7545					    lun->pr_key_count);
7546#endif
7547				key_count++;
7548				continue;
7549			}
7550			scsi_u64to8b(key, res_keys->keys[key_count].key);
7551			key_count++;
7552		}
7553		break;
7554	}
7555	case SPRI_RR: { // read reservation
7556		struct scsi_per_res_in_rsrv *res;
7557		int tmp_len, header_only;
7558
7559		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7560
7561		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7562
7563		if (lun->flags & CTL_LUN_PR_RESERVED)
7564		{
7565			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7566			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7567				    res->header.length);
7568			header_only = 0;
7569		} else {
7570			tmp_len = sizeof(struct scsi_per_res_in_header);
7571			scsi_ulto4b(0, res->header.length);
7572			header_only = 1;
7573		}
7574
7575		/*
7576		 * We had to drop the lock to allocate our buffer, which
7577		 * leaves time for someone to come in with another
7578		 * persistent reservation.  (That is unlikely, though,
7579		 * since this should be the only persistent reservation
7580		 * command active right now.)
7581		 */
7582		if (tmp_len != total_len) {
7583			mtx_unlock(&lun->lun_lock);
7584			free(ctsio->kern_data_ptr, M_CTL);
7585			printf("%s: reservation status changed, retrying\n",
7586			       __func__);
7587			goto retry;
7588		}
7589
7590		/*
7591		 * No reservation held, so we're done.
7592		 */
7593		if (header_only != 0)
7594			break;
7595
7596		/*
7597		 * If the registration is an All Registrants type, the key
7598		 * is 0, since it doesn't really matter.
7599		 */
7600		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7601			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7602			    res->data.reservation);
7603		}
7604		res->data.scopetype = lun->res_type;
7605		break;
7606	}
7607	case SPRI_RC:     //report capabilities
7608	{
7609		struct scsi_per_res_cap *res_cap;
7610		uint16_t type_mask;
7611
7612		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7613		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7614		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7615		type_mask = SPRI_TM_WR_EX_AR |
7616			    SPRI_TM_EX_AC_RO |
7617			    SPRI_TM_WR_EX_RO |
7618			    SPRI_TM_EX_AC |
7619			    SPRI_TM_WR_EX |
7620			    SPRI_TM_EX_AC_AR;
7621		scsi_ulto2b(type_mask, res_cap->type_mask);
7622		break;
7623	}
7624	case SPRI_RS: { // read full status
7625		struct scsi_per_res_in_full *res_status;
7626		struct scsi_per_res_in_full_desc *res_desc;
7627		struct ctl_port *port;
7628		int i, len;
7629
7630		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7631
7632		/*
7633		 * We had to drop the lock to allocate our buffer, which
7634		 * leaves time for someone to come in with another
7635		 * persistent reservation.  (That is unlikely, though,
7636		 * since this should be the only persistent reservation
7637		 * command active right now.)
7638		 */
7639		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7640		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7641		     lun->pr_key_count)){
7642			mtx_unlock(&lun->lun_lock);
7643			free(ctsio->kern_data_ptr, M_CTL);
7644			printf("%s: reservation length changed, retrying\n",
7645			       __func__);
7646			goto retry;
7647		}
7648
7649		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7650
7651		res_desc = &res_status->desc[0];
7652		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7653			if ((key = ctl_get_prkey(lun, i)) == 0)
7654				continue;
7655
7656			scsi_u64to8b(key, res_desc->res_key.key);
7657			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7658			    (lun->pr_res_idx == i ||
7659			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7660				res_desc->flags = SPRI_FULL_R_HOLDER;
7661				res_desc->scopetype = lun->res_type;
7662			}
7663			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7664			    res_desc->rel_trgt_port_id);
7665			len = 0;
7666			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7667			if (port != NULL)
7668				len = ctl_create_iid(port,
7669				    i % CTL_MAX_INIT_PER_PORT,
7670				    res_desc->transport_id);
7671			scsi_ulto4b(len, res_desc->additional_length);
7672			res_desc = (struct scsi_per_res_in_full_desc *)
7673			    &res_desc->transport_id[len];
7674		}
7675		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7676		    res_status->header.length);
7677		break;
7678	}
7679	default:
7680		/*
7681		 * This is a bug, because we just checked for this above,
7682		 * and should have returned an error.
7683		 */
7684		panic("Invalid PR type %x", cdb->action);
7685		break; /* NOTREACHED */
7686	}
7687	mtx_unlock(&lun->lun_lock);
7688
7689	ctl_set_success(ctsio);
7690	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7691	ctsio->be_move_done = ctl_config_move_done;
7692	ctl_datamove((union ctl_io *)ctsio);
7693	return (CTL_RETVAL_COMPLETE);
7694}
7695
7696/*
7697 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7698 * it should return.
7699 */
7700static int
7701ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7702		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7703		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7704		struct scsi_per_res_out_parms* param)
7705{
7706	union ctl_ha_msg persis_io;
7707	int i;
7708
7709	mtx_lock(&lun->lun_lock);
7710	if (sa_res_key == 0) {
7711		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7712			/* validate scope and type */
7713			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7714			     SPR_LU_SCOPE) {
7715				mtx_unlock(&lun->lun_lock);
7716				ctl_set_invalid_field(/*ctsio*/ ctsio,
7717						      /*sks_valid*/ 1,
7718						      /*command*/ 1,
7719						      /*field*/ 2,
7720						      /*bit_valid*/ 1,
7721						      /*bit*/ 4);
7722				ctl_done((union ctl_io *)ctsio);
7723				return (1);
7724			}
7725
7726		        if (type>8 || type==2 || type==4 || type==0) {
7727				mtx_unlock(&lun->lun_lock);
7728				ctl_set_invalid_field(/*ctsio*/ ctsio,
7729       	           				      /*sks_valid*/ 1,
7730						      /*command*/ 1,
7731						      /*field*/ 2,
7732						      /*bit_valid*/ 1,
7733						      /*bit*/ 0);
7734				ctl_done((union ctl_io *)ctsio);
7735				return (1);
7736		        }
7737
7738			/*
7739			 * Unregister everybody else and build UA for
7740			 * them
7741			 */
7742			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7743				if (i == residx || ctl_get_prkey(lun, i) == 0)
7744					continue;
7745
7746				ctl_clr_prkey(lun, i);
7747				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7748			}
7749			lun->pr_key_count = 1;
7750			lun->res_type = type;
7751			if (lun->res_type != SPR_TYPE_WR_EX_AR
7752			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7753				lun->pr_res_idx = residx;
7754			lun->PRGeneration++;
7755			mtx_unlock(&lun->lun_lock);
7756
7757			/* send msg to other side */
7758			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7759			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7760			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7761			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7762			persis_io.pr.pr_info.res_type = type;
7763			memcpy(persis_io.pr.pr_info.sa_res_key,
7764			       param->serv_act_res_key,
7765			       sizeof(param->serv_act_res_key));
7766			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7767			    sizeof(persis_io.pr), M_WAITOK);
7768		} else {
7769			/* not all registrants */
7770			mtx_unlock(&lun->lun_lock);
7771			free(ctsio->kern_data_ptr, M_CTL);
7772			ctl_set_invalid_field(ctsio,
7773					      /*sks_valid*/ 1,
7774					      /*command*/ 0,
7775					      /*field*/ 8,
7776					      /*bit_valid*/ 0,
7777					      /*bit*/ 0);
7778			ctl_done((union ctl_io *)ctsio);
7779			return (1);
7780		}
7781	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7782		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7783		int found = 0;
7784
7785		if (res_key == sa_res_key) {
7786			/* special case */
7787			/*
7788			 * The spec implies this is not good but doesn't
7789			 * say what to do. There are two choices either
7790			 * generate a res conflict or check condition
7791			 * with illegal field in parameter data. Since
7792			 * that is what is done when the sa_res_key is
7793			 * zero I'll take that approach since this has
7794			 * to do with the sa_res_key.
7795			 */
7796			mtx_unlock(&lun->lun_lock);
7797			free(ctsio->kern_data_ptr, M_CTL);
7798			ctl_set_invalid_field(ctsio,
7799					      /*sks_valid*/ 1,
7800					      /*command*/ 0,
7801					      /*field*/ 8,
7802					      /*bit_valid*/ 0,
7803					      /*bit*/ 0);
7804			ctl_done((union ctl_io *)ctsio);
7805			return (1);
7806		}
7807
7808		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7809			if (ctl_get_prkey(lun, i) != sa_res_key)
7810				continue;
7811
7812			found = 1;
7813			ctl_clr_prkey(lun, i);
7814			lun->pr_key_count--;
7815			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7816		}
7817		if (!found) {
7818			mtx_unlock(&lun->lun_lock);
7819			free(ctsio->kern_data_ptr, M_CTL);
7820			ctl_set_reservation_conflict(ctsio);
7821			ctl_done((union ctl_io *)ctsio);
7822			return (CTL_RETVAL_COMPLETE);
7823		}
7824		lun->PRGeneration++;
7825		mtx_unlock(&lun->lun_lock);
7826
7827		/* send msg to other side */
7828		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7829		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7830		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7831		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7832		persis_io.pr.pr_info.res_type = type;
7833		memcpy(persis_io.pr.pr_info.sa_res_key,
7834		       param->serv_act_res_key,
7835		       sizeof(param->serv_act_res_key));
7836		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7837		    sizeof(persis_io.pr), M_WAITOK);
7838	} else {
7839		/* Reserved but not all registrants */
7840		/* sa_res_key is res holder */
7841		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7842			/* validate scope and type */
7843			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7844			     SPR_LU_SCOPE) {
7845				mtx_unlock(&lun->lun_lock);
7846				ctl_set_invalid_field(/*ctsio*/ ctsio,
7847						      /*sks_valid*/ 1,
7848						      /*command*/ 1,
7849						      /*field*/ 2,
7850						      /*bit_valid*/ 1,
7851						      /*bit*/ 4);
7852				ctl_done((union ctl_io *)ctsio);
7853				return (1);
7854			}
7855
7856			if (type>8 || type==2 || type==4 || type==0) {
7857				mtx_unlock(&lun->lun_lock);
7858				ctl_set_invalid_field(/*ctsio*/ ctsio,
7859						      /*sks_valid*/ 1,
7860						      /*command*/ 1,
7861						      /*field*/ 2,
7862						      /*bit_valid*/ 1,
7863						      /*bit*/ 0);
7864				ctl_done((union ctl_io *)ctsio);
7865				return (1);
7866			}
7867
7868			/*
7869			 * Do the following:
7870			 * if sa_res_key != res_key remove all
7871			 * registrants w/sa_res_key and generate UA
7872			 * for these registrants(Registrations
7873			 * Preempted) if it wasn't an exclusive
7874			 * reservation generate UA(Reservations
7875			 * Preempted) for all other registered nexuses
7876			 * if the type has changed. Establish the new
7877			 * reservation and holder. If res_key and
7878			 * sa_res_key are the same do the above
7879			 * except don't unregister the res holder.
7880			 */
7881
7882			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7883				if (i == residx || ctl_get_prkey(lun, i) == 0)
7884					continue;
7885
7886				if (sa_res_key == ctl_get_prkey(lun, i)) {
7887					ctl_clr_prkey(lun, i);
7888					lun->pr_key_count--;
7889					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7890				} else if (type != lun->res_type
7891					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7892					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7893					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7894				}
7895			}
7896			lun->res_type = type;
7897			if (lun->res_type != SPR_TYPE_WR_EX_AR
7898			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7899				lun->pr_res_idx = residx;
7900			else
7901				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7902			lun->PRGeneration++;
7903			mtx_unlock(&lun->lun_lock);
7904
7905			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7906			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7907			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7908			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7909			persis_io.pr.pr_info.res_type = type;
7910			memcpy(persis_io.pr.pr_info.sa_res_key,
7911			       param->serv_act_res_key,
7912			       sizeof(param->serv_act_res_key));
7913			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7914			    sizeof(persis_io.pr), M_WAITOK);
7915		} else {
7916			/*
7917			 * sa_res_key is not the res holder just
7918			 * remove registrants
7919			 */
7920			int found=0;
7921
7922			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7923				if (sa_res_key != ctl_get_prkey(lun, i))
7924					continue;
7925
7926				found = 1;
7927				ctl_clr_prkey(lun, i);
7928				lun->pr_key_count--;
7929				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7930			}
7931
7932			if (!found) {
7933				mtx_unlock(&lun->lun_lock);
7934				free(ctsio->kern_data_ptr, M_CTL);
7935				ctl_set_reservation_conflict(ctsio);
7936				ctl_done((union ctl_io *)ctsio);
7937		        	return (1);
7938			}
7939			lun->PRGeneration++;
7940			mtx_unlock(&lun->lun_lock);
7941
7942			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7943			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7944			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7945			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7946			persis_io.pr.pr_info.res_type = type;
7947			memcpy(persis_io.pr.pr_info.sa_res_key,
7948			       param->serv_act_res_key,
7949			       sizeof(param->serv_act_res_key));
7950			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7951			    sizeof(persis_io.pr), M_WAITOK);
7952		}
7953	}
7954	return (0);
7955}
7956
7957static void
7958ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7959{
7960	uint64_t sa_res_key;
7961	int i;
7962
7963	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7964
7965	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7966	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7967	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7968		if (sa_res_key == 0) {
7969			/*
7970			 * Unregister everybody else and build UA for
7971			 * them
7972			 */
7973			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7974				if (i == msg->pr.pr_info.residx ||
7975				    ctl_get_prkey(lun, i) == 0)
7976					continue;
7977
7978				ctl_clr_prkey(lun, i);
7979				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7980			}
7981
7982			lun->pr_key_count = 1;
7983			lun->res_type = msg->pr.pr_info.res_type;
7984			if (lun->res_type != SPR_TYPE_WR_EX_AR
7985			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7986				lun->pr_res_idx = msg->pr.pr_info.residx;
7987		} else {
7988		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7989				if (sa_res_key == ctl_get_prkey(lun, i))
7990					continue;
7991
7992				ctl_clr_prkey(lun, i);
7993				lun->pr_key_count--;
7994				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7995			}
7996		}
7997	} else {
7998		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7999			if (i == msg->pr.pr_info.residx ||
8000			    ctl_get_prkey(lun, i) == 0)
8001				continue;
8002
8003			if (sa_res_key == ctl_get_prkey(lun, i)) {
8004				ctl_clr_prkey(lun, i);
8005				lun->pr_key_count--;
8006				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8007			} else if (msg->pr.pr_info.res_type != lun->res_type
8008				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8009				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8010				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8011			}
8012		}
8013		lun->res_type = msg->pr.pr_info.res_type;
8014		if (lun->res_type != SPR_TYPE_WR_EX_AR
8015		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8016			lun->pr_res_idx = msg->pr.pr_info.residx;
8017		else
8018			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8019	}
8020	lun->PRGeneration++;
8021
8022}
8023
8024
8025int
8026ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8027{
8028	int retval;
8029	u_int32_t param_len;
8030	struct scsi_per_res_out *cdb;
8031	struct ctl_lun *lun;
8032	struct scsi_per_res_out_parms* param;
8033	struct ctl_softc *softc;
8034	uint32_t residx;
8035	uint64_t res_key, sa_res_key, key;
8036	uint8_t type;
8037	union ctl_ha_msg persis_io;
8038	int    i;
8039
8040	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8041
8042	retval = CTL_RETVAL_COMPLETE;
8043
8044	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8045	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8046	softc = lun->ctl_softc;
8047
8048	/*
8049	 * We only support whole-LUN scope.  The scope & type are ignored for
8050	 * register, register and ignore existing key and clear.
8051	 * We sometimes ignore scope and type on preempts too!!
8052	 * Verify reservation type here as well.
8053	 */
8054	type = cdb->scope_type & SPR_TYPE_MASK;
8055	if ((cdb->action == SPRO_RESERVE)
8056	 || (cdb->action == SPRO_RELEASE)) {
8057		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8058			ctl_set_invalid_field(/*ctsio*/ ctsio,
8059					      /*sks_valid*/ 1,
8060					      /*command*/ 1,
8061					      /*field*/ 2,
8062					      /*bit_valid*/ 1,
8063					      /*bit*/ 4);
8064			ctl_done((union ctl_io *)ctsio);
8065			return (CTL_RETVAL_COMPLETE);
8066		}
8067
8068		if (type>8 || type==2 || type==4 || type==0) {
8069			ctl_set_invalid_field(/*ctsio*/ ctsio,
8070					      /*sks_valid*/ 1,
8071					      /*command*/ 1,
8072					      /*field*/ 2,
8073					      /*bit_valid*/ 1,
8074					      /*bit*/ 0);
8075			ctl_done((union ctl_io *)ctsio);
8076			return (CTL_RETVAL_COMPLETE);
8077		}
8078	}
8079
8080	param_len = scsi_4btoul(cdb->length);
8081
8082	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8083		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8084		ctsio->kern_data_len = param_len;
8085		ctsio->kern_total_len = param_len;
8086		ctsio->kern_data_resid = 0;
8087		ctsio->kern_rel_offset = 0;
8088		ctsio->kern_sg_entries = 0;
8089		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8090		ctsio->be_move_done = ctl_config_move_done;
8091		ctl_datamove((union ctl_io *)ctsio);
8092
8093		return (CTL_RETVAL_COMPLETE);
8094	}
8095
8096	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8097
8098	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8099	res_key = scsi_8btou64(param->res_key.key);
8100	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8101
8102	/*
8103	 * Validate the reservation key here except for SPRO_REG_IGNO
8104	 * This must be done for all other service actions
8105	 */
8106	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8107		mtx_lock(&lun->lun_lock);
8108		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8109			if (res_key != key) {
8110				/*
8111				 * The current key passed in doesn't match
8112				 * the one the initiator previously
8113				 * registered.
8114				 */
8115				mtx_unlock(&lun->lun_lock);
8116				free(ctsio->kern_data_ptr, M_CTL);
8117				ctl_set_reservation_conflict(ctsio);
8118				ctl_done((union ctl_io *)ctsio);
8119				return (CTL_RETVAL_COMPLETE);
8120			}
8121		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8122			/*
8123			 * We are not registered
8124			 */
8125			mtx_unlock(&lun->lun_lock);
8126			free(ctsio->kern_data_ptr, M_CTL);
8127			ctl_set_reservation_conflict(ctsio);
8128			ctl_done((union ctl_io *)ctsio);
8129			return (CTL_RETVAL_COMPLETE);
8130		} else if (res_key != 0) {
8131			/*
8132			 * We are not registered and trying to register but
8133			 * the register key isn't zero.
8134			 */
8135			mtx_unlock(&lun->lun_lock);
8136			free(ctsio->kern_data_ptr, M_CTL);
8137			ctl_set_reservation_conflict(ctsio);
8138			ctl_done((union ctl_io *)ctsio);
8139			return (CTL_RETVAL_COMPLETE);
8140		}
8141		mtx_unlock(&lun->lun_lock);
8142	}
8143
8144	switch (cdb->action & SPRO_ACTION_MASK) {
8145	case SPRO_REGISTER:
8146	case SPRO_REG_IGNO: {
8147
8148#if 0
8149		printf("Registration received\n");
8150#endif
8151
8152		/*
8153		 * We don't support any of these options, as we report in
8154		 * the read capabilities request (see
8155		 * ctl_persistent_reserve_in(), above).
8156		 */
8157		if ((param->flags & SPR_SPEC_I_PT)
8158		 || (param->flags & SPR_ALL_TG_PT)
8159		 || (param->flags & SPR_APTPL)) {
8160			int bit_ptr;
8161
8162			if (param->flags & SPR_APTPL)
8163				bit_ptr = 0;
8164			else if (param->flags & SPR_ALL_TG_PT)
8165				bit_ptr = 2;
8166			else /* SPR_SPEC_I_PT */
8167				bit_ptr = 3;
8168
8169			free(ctsio->kern_data_ptr, M_CTL);
8170			ctl_set_invalid_field(ctsio,
8171					      /*sks_valid*/ 1,
8172					      /*command*/ 0,
8173					      /*field*/ 20,
8174					      /*bit_valid*/ 1,
8175					      /*bit*/ bit_ptr);
8176			ctl_done((union ctl_io *)ctsio);
8177			return (CTL_RETVAL_COMPLETE);
8178		}
8179
8180		mtx_lock(&lun->lun_lock);
8181
8182		/*
8183		 * The initiator wants to clear the
8184		 * key/unregister.
8185		 */
8186		if (sa_res_key == 0) {
8187			if ((res_key == 0
8188			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8189			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8190			  && ctl_get_prkey(lun, residx) == 0)) {
8191				mtx_unlock(&lun->lun_lock);
8192				goto done;
8193			}
8194
8195			ctl_clr_prkey(lun, residx);
8196			lun->pr_key_count--;
8197
8198			if (residx == lun->pr_res_idx) {
8199				lun->flags &= ~CTL_LUN_PR_RESERVED;
8200				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8201
8202				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8203				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8204				 && lun->pr_key_count) {
8205					/*
8206					 * If the reservation is a registrants
8207					 * only type we need to generate a UA
8208					 * for other registered inits.  The
8209					 * sense code should be RESERVATIONS
8210					 * RELEASED
8211					 */
8212
8213					for (i = softc->init_min; i < softc->init_max; i++){
8214						if (ctl_get_prkey(lun, i) == 0)
8215							continue;
8216						ctl_est_ua(lun, i,
8217						    CTL_UA_RES_RELEASE);
8218					}
8219				}
8220				lun->res_type = 0;
8221			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8222				if (lun->pr_key_count==0) {
8223					lun->flags &= ~CTL_LUN_PR_RESERVED;
8224					lun->res_type = 0;
8225					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8226				}
8227			}
8228			lun->PRGeneration++;
8229			mtx_unlock(&lun->lun_lock);
8230
8231			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8232			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8233			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8234			persis_io.pr.pr_info.residx = residx;
8235			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8236			    sizeof(persis_io.pr), M_WAITOK);
8237		} else /* sa_res_key != 0 */ {
8238
8239			/*
8240			 * If we aren't registered currently then increment
8241			 * the key count and set the registered flag.
8242			 */
8243			ctl_alloc_prkey(lun, residx);
8244			if (ctl_get_prkey(lun, residx) == 0)
8245				lun->pr_key_count++;
8246			ctl_set_prkey(lun, residx, sa_res_key);
8247			lun->PRGeneration++;
8248			mtx_unlock(&lun->lun_lock);
8249
8250			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8251			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8252			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8253			persis_io.pr.pr_info.residx = residx;
8254			memcpy(persis_io.pr.pr_info.sa_res_key,
8255			       param->serv_act_res_key,
8256			       sizeof(param->serv_act_res_key));
8257			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8258			    sizeof(persis_io.pr), M_WAITOK);
8259		}
8260
8261		break;
8262	}
8263	case SPRO_RESERVE:
8264#if 0
8265                printf("Reserve executed type %d\n", type);
8266#endif
8267		mtx_lock(&lun->lun_lock);
8268		if (lun->flags & CTL_LUN_PR_RESERVED) {
8269			/*
8270			 * if this isn't the reservation holder and it's
8271			 * not a "all registrants" type or if the type is
8272			 * different then we have a conflict
8273			 */
8274			if ((lun->pr_res_idx != residx
8275			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8276			 || lun->res_type != type) {
8277				mtx_unlock(&lun->lun_lock);
8278				free(ctsio->kern_data_ptr, M_CTL);
8279				ctl_set_reservation_conflict(ctsio);
8280				ctl_done((union ctl_io *)ctsio);
8281				return (CTL_RETVAL_COMPLETE);
8282			}
8283			mtx_unlock(&lun->lun_lock);
8284		} else /* create a reservation */ {
8285			/*
8286			 * If it's not an "all registrants" type record
8287			 * reservation holder
8288			 */
8289			if (type != SPR_TYPE_WR_EX_AR
8290			 && type != SPR_TYPE_EX_AC_AR)
8291				lun->pr_res_idx = residx; /* Res holder */
8292			else
8293				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8294
8295			lun->flags |= CTL_LUN_PR_RESERVED;
8296			lun->res_type = type;
8297
8298			mtx_unlock(&lun->lun_lock);
8299
8300			/* send msg to other side */
8301			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8302			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8303			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8304			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8305			persis_io.pr.pr_info.res_type = type;
8306			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8307			    sizeof(persis_io.pr), M_WAITOK);
8308		}
8309		break;
8310
8311	case SPRO_RELEASE:
8312		mtx_lock(&lun->lun_lock);
8313		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8314			/* No reservation exists return good status */
8315			mtx_unlock(&lun->lun_lock);
8316			goto done;
8317		}
8318		/*
8319		 * Is this nexus a reservation holder?
8320		 */
8321		if (lun->pr_res_idx != residx
8322		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8323			/*
8324			 * not a res holder return good status but
8325			 * do nothing
8326			 */
8327			mtx_unlock(&lun->lun_lock);
8328			goto done;
8329		}
8330
8331		if (lun->res_type != type) {
8332			mtx_unlock(&lun->lun_lock);
8333			free(ctsio->kern_data_ptr, M_CTL);
8334			ctl_set_illegal_pr_release(ctsio);
8335			ctl_done((union ctl_io *)ctsio);
8336			return (CTL_RETVAL_COMPLETE);
8337		}
8338
8339		/* okay to release */
8340		lun->flags &= ~CTL_LUN_PR_RESERVED;
8341		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8342		lun->res_type = 0;
8343
8344		/*
8345		 * if this isn't an exclusive access
8346		 * res generate UA for all other
8347		 * registrants.
8348		 */
8349		if (type != SPR_TYPE_EX_AC
8350		 && type != SPR_TYPE_WR_EX) {
8351			for (i = softc->init_min; i < softc->init_max; i++) {
8352				if (i == residx || ctl_get_prkey(lun, i) == 0)
8353					continue;
8354				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8355			}
8356		}
8357		mtx_unlock(&lun->lun_lock);
8358
8359		/* Send msg to other side */
8360		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8361		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8362		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8363		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8364		     sizeof(persis_io.pr), M_WAITOK);
8365		break;
8366
8367	case SPRO_CLEAR:
8368		/* send msg to other side */
8369
8370		mtx_lock(&lun->lun_lock);
8371		lun->flags &= ~CTL_LUN_PR_RESERVED;
8372		lun->res_type = 0;
8373		lun->pr_key_count = 0;
8374		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8375
8376		ctl_clr_prkey(lun, residx);
8377		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8378			if (ctl_get_prkey(lun, i) != 0) {
8379				ctl_clr_prkey(lun, i);
8380				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8381			}
8382		lun->PRGeneration++;
8383		mtx_unlock(&lun->lun_lock);
8384
8385		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8386		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8387		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8388		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8389		     sizeof(persis_io.pr), M_WAITOK);
8390		break;
8391
8392	case SPRO_PREEMPT:
8393	case SPRO_PRE_ABO: {
8394		int nretval;
8395
8396		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8397					  residx, ctsio, cdb, param);
8398		if (nretval != 0)
8399			return (CTL_RETVAL_COMPLETE);
8400		break;
8401	}
8402	default:
8403		panic("Invalid PR type %x", cdb->action);
8404	}
8405
8406done:
8407	free(ctsio->kern_data_ptr, M_CTL);
8408	ctl_set_success(ctsio);
8409	ctl_done((union ctl_io *)ctsio);
8410
8411	return (retval);
8412}
8413
8414/*
8415 * This routine is for handling a message from the other SC pertaining to
8416 * persistent reserve out. All the error checking will have been done
8417 * so only perorming the action need be done here to keep the two
8418 * in sync.
8419 */
8420static void
8421ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8422{
8423	struct ctl_lun *lun;
8424	struct ctl_softc *softc;
8425	int i;
8426	uint32_t residx, targ_lun;
8427
8428	softc = control_softc;
8429	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8430	mtx_lock(&softc->ctl_lock);
8431	if ((targ_lun >= CTL_MAX_LUNS) ||
8432	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8433		mtx_unlock(&softc->ctl_lock);
8434		return;
8435	}
8436	mtx_lock(&lun->lun_lock);
8437	mtx_unlock(&softc->ctl_lock);
8438	if (lun->flags & CTL_LUN_DISABLED) {
8439		mtx_unlock(&lun->lun_lock);
8440		return;
8441	}
8442	residx = ctl_get_initindex(&msg->hdr.nexus);
8443	switch(msg->pr.pr_info.action) {
8444	case CTL_PR_REG_KEY:
8445		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8446		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8447			lun->pr_key_count++;
8448		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8449		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8450		lun->PRGeneration++;
8451		break;
8452
8453	case CTL_PR_UNREG_KEY:
8454		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8455		lun->pr_key_count--;
8456
8457		/* XXX Need to see if the reservation has been released */
8458		/* if so do we need to generate UA? */
8459		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8460			lun->flags &= ~CTL_LUN_PR_RESERVED;
8461			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8462
8463			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8464			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8465			 && lun->pr_key_count) {
8466				/*
8467				 * If the reservation is a registrants
8468				 * only type we need to generate a UA
8469				 * for other registered inits.  The
8470				 * sense code should be RESERVATIONS
8471				 * RELEASED
8472				 */
8473
8474				for (i = softc->init_min; i < softc->init_max; i++) {
8475					if (ctl_get_prkey(lun, i) == 0)
8476						continue;
8477
8478					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8479				}
8480			}
8481			lun->res_type = 0;
8482		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8483			if (lun->pr_key_count==0) {
8484				lun->flags &= ~CTL_LUN_PR_RESERVED;
8485				lun->res_type = 0;
8486				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8487			}
8488		}
8489		lun->PRGeneration++;
8490		break;
8491
8492	case CTL_PR_RESERVE:
8493		lun->flags |= CTL_LUN_PR_RESERVED;
8494		lun->res_type = msg->pr.pr_info.res_type;
8495		lun->pr_res_idx = msg->pr.pr_info.residx;
8496
8497		break;
8498
8499	case CTL_PR_RELEASE:
8500		/*
8501		 * if this isn't an exclusive access res generate UA for all
8502		 * other registrants.
8503		 */
8504		if (lun->res_type != SPR_TYPE_EX_AC
8505		 && lun->res_type != SPR_TYPE_WR_EX) {
8506			for (i = softc->init_min; i < softc->init_max; i++)
8507				if (i == residx || ctl_get_prkey(lun, i) == 0)
8508					continue;
8509				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8510		}
8511
8512		lun->flags &= ~CTL_LUN_PR_RESERVED;
8513		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8514		lun->res_type = 0;
8515		break;
8516
8517	case CTL_PR_PREEMPT:
8518		ctl_pro_preempt_other(lun, msg);
8519		break;
8520	case CTL_PR_CLEAR:
8521		lun->flags &= ~CTL_LUN_PR_RESERVED;
8522		lun->res_type = 0;
8523		lun->pr_key_count = 0;
8524		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8525
8526		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8527			if (ctl_get_prkey(lun, i) == 0)
8528				continue;
8529			ctl_clr_prkey(lun, i);
8530			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8531		}
8532		lun->PRGeneration++;
8533		break;
8534	}
8535
8536	mtx_unlock(&lun->lun_lock);
8537}
8538
8539int
8540ctl_read_write(struct ctl_scsiio *ctsio)
8541{
8542	struct ctl_lun *lun;
8543	struct ctl_lba_len_flags *lbalen;
8544	uint64_t lba;
8545	uint32_t num_blocks;
8546	int flags, retval;
8547	int isread;
8548
8549	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8550
8551	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8552
8553	flags = 0;
8554	retval = CTL_RETVAL_COMPLETE;
8555
8556	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8557	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8558	switch (ctsio->cdb[0]) {
8559	case READ_6:
8560	case WRITE_6: {
8561		struct scsi_rw_6 *cdb;
8562
8563		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8564
8565		lba = scsi_3btoul(cdb->addr);
8566		/* only 5 bits are valid in the most significant address byte */
8567		lba &= 0x1fffff;
8568		num_blocks = cdb->length;
8569		/*
8570		 * This is correct according to SBC-2.
8571		 */
8572		if (num_blocks == 0)
8573			num_blocks = 256;
8574		break;
8575	}
8576	case READ_10:
8577	case WRITE_10: {
8578		struct scsi_rw_10 *cdb;
8579
8580		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8581		if (cdb->byte2 & SRW10_FUA)
8582			flags |= CTL_LLF_FUA;
8583		if (cdb->byte2 & SRW10_DPO)
8584			flags |= CTL_LLF_DPO;
8585		lba = scsi_4btoul(cdb->addr);
8586		num_blocks = scsi_2btoul(cdb->length);
8587		break;
8588	}
8589	case WRITE_VERIFY_10: {
8590		struct scsi_write_verify_10 *cdb;
8591
8592		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8593		flags |= CTL_LLF_FUA;
8594		if (cdb->byte2 & SWV_DPO)
8595			flags |= CTL_LLF_DPO;
8596		lba = scsi_4btoul(cdb->addr);
8597		num_blocks = scsi_2btoul(cdb->length);
8598		break;
8599	}
8600	case READ_12:
8601	case WRITE_12: {
8602		struct scsi_rw_12 *cdb;
8603
8604		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8605		if (cdb->byte2 & SRW12_FUA)
8606			flags |= CTL_LLF_FUA;
8607		if (cdb->byte2 & SRW12_DPO)
8608			flags |= CTL_LLF_DPO;
8609		lba = scsi_4btoul(cdb->addr);
8610		num_blocks = scsi_4btoul(cdb->length);
8611		break;
8612	}
8613	case WRITE_VERIFY_12: {
8614		struct scsi_write_verify_12 *cdb;
8615
8616		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8617		flags |= CTL_LLF_FUA;
8618		if (cdb->byte2 & SWV_DPO)
8619			flags |= CTL_LLF_DPO;
8620		lba = scsi_4btoul(cdb->addr);
8621		num_blocks = scsi_4btoul(cdb->length);
8622		break;
8623	}
8624	case READ_16:
8625	case WRITE_16: {
8626		struct scsi_rw_16 *cdb;
8627
8628		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8629		if (cdb->byte2 & SRW12_FUA)
8630			flags |= CTL_LLF_FUA;
8631		if (cdb->byte2 & SRW12_DPO)
8632			flags |= CTL_LLF_DPO;
8633		lba = scsi_8btou64(cdb->addr);
8634		num_blocks = scsi_4btoul(cdb->length);
8635		break;
8636	}
8637	case WRITE_ATOMIC_16: {
8638		struct scsi_rw_16 *cdb;
8639
8640		if (lun->be_lun->atomicblock == 0) {
8641			ctl_set_invalid_opcode(ctsio);
8642			ctl_done((union ctl_io *)ctsio);
8643			return (CTL_RETVAL_COMPLETE);
8644		}
8645
8646		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8647		if (cdb->byte2 & SRW12_FUA)
8648			flags |= CTL_LLF_FUA;
8649		if (cdb->byte2 & SRW12_DPO)
8650			flags |= CTL_LLF_DPO;
8651		lba = scsi_8btou64(cdb->addr);
8652		num_blocks = scsi_4btoul(cdb->length);
8653		if (num_blocks > lun->be_lun->atomicblock) {
8654			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8655			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8656			    /*bit*/ 0);
8657			ctl_done((union ctl_io *)ctsio);
8658			return (CTL_RETVAL_COMPLETE);
8659		}
8660		break;
8661	}
8662	case WRITE_VERIFY_16: {
8663		struct scsi_write_verify_16 *cdb;
8664
8665		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8666		flags |= CTL_LLF_FUA;
8667		if (cdb->byte2 & SWV_DPO)
8668			flags |= CTL_LLF_DPO;
8669		lba = scsi_8btou64(cdb->addr);
8670		num_blocks = scsi_4btoul(cdb->length);
8671		break;
8672	}
8673	default:
8674		/*
8675		 * We got a command we don't support.  This shouldn't
8676		 * happen, commands should be filtered out above us.
8677		 */
8678		ctl_set_invalid_opcode(ctsio);
8679		ctl_done((union ctl_io *)ctsio);
8680
8681		return (CTL_RETVAL_COMPLETE);
8682		break; /* NOTREACHED */
8683	}
8684
8685	/*
8686	 * The first check is to make sure we're in bounds, the second
8687	 * check is to catch wrap-around problems.  If the lba + num blocks
8688	 * is less than the lba, then we've wrapped around and the block
8689	 * range is invalid anyway.
8690	 */
8691	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8692	 || ((lba + num_blocks) < lba)) {
8693		ctl_set_lba_out_of_range(ctsio);
8694		ctl_done((union ctl_io *)ctsio);
8695		return (CTL_RETVAL_COMPLETE);
8696	}
8697
8698	/*
8699	 * According to SBC-3, a transfer length of 0 is not an error.
8700	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8701	 * translates to 256 blocks for those commands.
8702	 */
8703	if (num_blocks == 0) {
8704		ctl_set_success(ctsio);
8705		ctl_done((union ctl_io *)ctsio);
8706		return (CTL_RETVAL_COMPLETE);
8707	}
8708
8709	/* Set FUA and/or DPO if caches are disabled. */
8710	if (isread) {
8711		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8712		    SCP_RCD) != 0)
8713			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8714	} else {
8715		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8716		    SCP_WCE) == 0)
8717			flags |= CTL_LLF_FUA;
8718	}
8719
8720	lbalen = (struct ctl_lba_len_flags *)
8721	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8722	lbalen->lba = lba;
8723	lbalen->len = num_blocks;
8724	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8725
8726	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8727	ctsio->kern_rel_offset = 0;
8728
8729	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8730
8731	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8732
8733	return (retval);
8734}
8735
8736static int
8737ctl_cnw_cont(union ctl_io *io)
8738{
8739	struct ctl_scsiio *ctsio;
8740	struct ctl_lun *lun;
8741	struct ctl_lba_len_flags *lbalen;
8742	int retval;
8743
8744	ctsio = &io->scsiio;
8745	ctsio->io_hdr.status = CTL_STATUS_NONE;
8746	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8747	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8748	lbalen = (struct ctl_lba_len_flags *)
8749	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8750	lbalen->flags &= ~CTL_LLF_COMPARE;
8751	lbalen->flags |= CTL_LLF_WRITE;
8752
8753	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8754	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8755	return (retval);
8756}
8757
8758int
8759ctl_cnw(struct ctl_scsiio *ctsio)
8760{
8761	struct ctl_lun *lun;
8762	struct ctl_lba_len_flags *lbalen;
8763	uint64_t lba;
8764	uint32_t num_blocks;
8765	int flags, retval;
8766
8767	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8768
8769	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8770
8771	flags = 0;
8772	retval = CTL_RETVAL_COMPLETE;
8773
8774	switch (ctsio->cdb[0]) {
8775	case COMPARE_AND_WRITE: {
8776		struct scsi_compare_and_write *cdb;
8777
8778		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8779		if (cdb->byte2 & SRW10_FUA)
8780			flags |= CTL_LLF_FUA;
8781		if (cdb->byte2 & SRW10_DPO)
8782			flags |= CTL_LLF_DPO;
8783		lba = scsi_8btou64(cdb->addr);
8784		num_blocks = cdb->length;
8785		break;
8786	}
8787	default:
8788		/*
8789		 * We got a command we don't support.  This shouldn't
8790		 * happen, commands should be filtered out above us.
8791		 */
8792		ctl_set_invalid_opcode(ctsio);
8793		ctl_done((union ctl_io *)ctsio);
8794
8795		return (CTL_RETVAL_COMPLETE);
8796		break; /* NOTREACHED */
8797	}
8798
8799	/*
8800	 * The first check is to make sure we're in bounds, the second
8801	 * check is to catch wrap-around problems.  If the lba + num blocks
8802	 * is less than the lba, then we've wrapped around and the block
8803	 * range is invalid anyway.
8804	 */
8805	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8806	 || ((lba + num_blocks) < lba)) {
8807		ctl_set_lba_out_of_range(ctsio);
8808		ctl_done((union ctl_io *)ctsio);
8809		return (CTL_RETVAL_COMPLETE);
8810	}
8811
8812	/*
8813	 * According to SBC-3, a transfer length of 0 is not an error.
8814	 */
8815	if (num_blocks == 0) {
8816		ctl_set_success(ctsio);
8817		ctl_done((union ctl_io *)ctsio);
8818		return (CTL_RETVAL_COMPLETE);
8819	}
8820
8821	/* Set FUA if write cache is disabled. */
8822	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8823	    SCP_WCE) == 0)
8824		flags |= CTL_LLF_FUA;
8825
8826	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8827	ctsio->kern_rel_offset = 0;
8828
8829	/*
8830	 * Set the IO_CONT flag, so that if this I/O gets passed to
8831	 * ctl_data_submit_done(), it'll get passed back to
8832	 * ctl_ctl_cnw_cont() for further processing.
8833	 */
8834	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8835	ctsio->io_cont = ctl_cnw_cont;
8836
8837	lbalen = (struct ctl_lba_len_flags *)
8838	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8839	lbalen->lba = lba;
8840	lbalen->len = num_blocks;
8841	lbalen->flags = CTL_LLF_COMPARE | flags;
8842
8843	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8844	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8845	return (retval);
8846}
8847
8848int
8849ctl_verify(struct ctl_scsiio *ctsio)
8850{
8851	struct ctl_lun *lun;
8852	struct ctl_lba_len_flags *lbalen;
8853	uint64_t lba;
8854	uint32_t num_blocks;
8855	int bytchk, flags;
8856	int retval;
8857
8858	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8859
8860	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8861
8862	bytchk = 0;
8863	flags = CTL_LLF_FUA;
8864	retval = CTL_RETVAL_COMPLETE;
8865
8866	switch (ctsio->cdb[0]) {
8867	case VERIFY_10: {
8868		struct scsi_verify_10 *cdb;
8869
8870		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8871		if (cdb->byte2 & SVFY_BYTCHK)
8872			bytchk = 1;
8873		if (cdb->byte2 & SVFY_DPO)
8874			flags |= CTL_LLF_DPO;
8875		lba = scsi_4btoul(cdb->addr);
8876		num_blocks = scsi_2btoul(cdb->length);
8877		break;
8878	}
8879	case VERIFY_12: {
8880		struct scsi_verify_12 *cdb;
8881
8882		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8883		if (cdb->byte2 & SVFY_BYTCHK)
8884			bytchk = 1;
8885		if (cdb->byte2 & SVFY_DPO)
8886			flags |= CTL_LLF_DPO;
8887		lba = scsi_4btoul(cdb->addr);
8888		num_blocks = scsi_4btoul(cdb->length);
8889		break;
8890	}
8891	case VERIFY_16: {
8892		struct scsi_rw_16 *cdb;
8893
8894		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8895		if (cdb->byte2 & SVFY_BYTCHK)
8896			bytchk = 1;
8897		if (cdb->byte2 & SVFY_DPO)
8898			flags |= CTL_LLF_DPO;
8899		lba = scsi_8btou64(cdb->addr);
8900		num_blocks = scsi_4btoul(cdb->length);
8901		break;
8902	}
8903	default:
8904		/*
8905		 * We got a command we don't support.  This shouldn't
8906		 * happen, commands should be filtered out above us.
8907		 */
8908		ctl_set_invalid_opcode(ctsio);
8909		ctl_done((union ctl_io *)ctsio);
8910		return (CTL_RETVAL_COMPLETE);
8911	}
8912
8913	/*
8914	 * The first check is to make sure we're in bounds, the second
8915	 * check is to catch wrap-around problems.  If the lba + num blocks
8916	 * is less than the lba, then we've wrapped around and the block
8917	 * range is invalid anyway.
8918	 */
8919	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8920	 || ((lba + num_blocks) < lba)) {
8921		ctl_set_lba_out_of_range(ctsio);
8922		ctl_done((union ctl_io *)ctsio);
8923		return (CTL_RETVAL_COMPLETE);
8924	}
8925
8926	/*
8927	 * According to SBC-3, a transfer length of 0 is not an error.
8928	 */
8929	if (num_blocks == 0) {
8930		ctl_set_success(ctsio);
8931		ctl_done((union ctl_io *)ctsio);
8932		return (CTL_RETVAL_COMPLETE);
8933	}
8934
8935	lbalen = (struct ctl_lba_len_flags *)
8936	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8937	lbalen->lba = lba;
8938	lbalen->len = num_blocks;
8939	if (bytchk) {
8940		lbalen->flags = CTL_LLF_COMPARE | flags;
8941		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8942	} else {
8943		lbalen->flags = CTL_LLF_VERIFY | flags;
8944		ctsio->kern_total_len = 0;
8945	}
8946	ctsio->kern_rel_offset = 0;
8947
8948	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8949	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8950	return (retval);
8951}
8952
8953int
8954ctl_report_luns(struct ctl_scsiio *ctsio)
8955{
8956	struct ctl_softc *softc = control_softc;
8957	struct scsi_report_luns *cdb;
8958	struct scsi_report_luns_data *lun_data;
8959	struct ctl_lun *lun, *request_lun;
8960	struct ctl_port *port;
8961	int num_luns, retval;
8962	uint32_t alloc_len, lun_datalen;
8963	int num_filled, well_known;
8964	uint32_t initidx, targ_lun_id, lun_id;
8965
8966	retval = CTL_RETVAL_COMPLETE;
8967	well_known = 0;
8968
8969	cdb = (struct scsi_report_luns *)ctsio->cdb;
8970	port = ctl_io_port(&ctsio->io_hdr);
8971
8972	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8973
8974	mtx_lock(&softc->ctl_lock);
8975	num_luns = 0;
8976	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8977		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8978			num_luns++;
8979	}
8980	mtx_unlock(&softc->ctl_lock);
8981
8982	switch (cdb->select_report) {
8983	case RPL_REPORT_DEFAULT:
8984	case RPL_REPORT_ALL:
8985		break;
8986	case RPL_REPORT_WELLKNOWN:
8987		well_known = 1;
8988		num_luns = 0;
8989		break;
8990	default:
8991		ctl_set_invalid_field(ctsio,
8992				      /*sks_valid*/ 1,
8993				      /*command*/ 1,
8994				      /*field*/ 2,
8995				      /*bit_valid*/ 0,
8996				      /*bit*/ 0);
8997		ctl_done((union ctl_io *)ctsio);
8998		return (retval);
8999		break; /* NOTREACHED */
9000	}
9001
9002	alloc_len = scsi_4btoul(cdb->length);
9003	/*
9004	 * The initiator has to allocate at least 16 bytes for this request,
9005	 * so he can at least get the header and the first LUN.  Otherwise
9006	 * we reject the request (per SPC-3 rev 14, section 6.21).
9007	 */
9008	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9009	    sizeof(struct scsi_report_luns_lundata))) {
9010		ctl_set_invalid_field(ctsio,
9011				      /*sks_valid*/ 1,
9012				      /*command*/ 1,
9013				      /*field*/ 6,
9014				      /*bit_valid*/ 0,
9015				      /*bit*/ 0);
9016		ctl_done((union ctl_io *)ctsio);
9017		return (retval);
9018	}
9019
9020	request_lun = (struct ctl_lun *)
9021		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9022
9023	lun_datalen = sizeof(*lun_data) +
9024		(num_luns * sizeof(struct scsi_report_luns_lundata));
9025
9026	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9027	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9028	ctsio->kern_sg_entries = 0;
9029
9030	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9031
9032	mtx_lock(&softc->ctl_lock);
9033	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9034		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9035		if (lun_id >= CTL_MAX_LUNS)
9036			continue;
9037		lun = softc->ctl_luns[lun_id];
9038		if (lun == NULL)
9039			continue;
9040
9041		if (targ_lun_id <= 0xff) {
9042			/*
9043			 * Peripheral addressing method, bus number 0.
9044			 */
9045			lun_data->luns[num_filled].lundata[0] =
9046				RPL_LUNDATA_ATYP_PERIPH;
9047			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9048			num_filled++;
9049		} else if (targ_lun_id <= 0x3fff) {
9050			/*
9051			 * Flat addressing method.
9052			 */
9053			lun_data->luns[num_filled].lundata[0] =
9054				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9055			lun_data->luns[num_filled].lundata[1] =
9056				(targ_lun_id & 0xff);
9057			num_filled++;
9058		} else if (targ_lun_id <= 0xffffff) {
9059			/*
9060			 * Extended flat addressing method.
9061			 */
9062			lun_data->luns[num_filled].lundata[0] =
9063			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9064			scsi_ulto3b(targ_lun_id,
9065			    &lun_data->luns[num_filled].lundata[1]);
9066			num_filled++;
9067		} else {
9068			printf("ctl_report_luns: bogus LUN number %jd, "
9069			       "skipping\n", (intmax_t)targ_lun_id);
9070		}
9071		/*
9072		 * According to SPC-3, rev 14 section 6.21:
9073		 *
9074		 * "The execution of a REPORT LUNS command to any valid and
9075		 * installed logical unit shall clear the REPORTED LUNS DATA
9076		 * HAS CHANGED unit attention condition for all logical
9077		 * units of that target with respect to the requesting
9078		 * initiator. A valid and installed logical unit is one
9079		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9080		 * INQUIRY data (see 6.4.2)."
9081		 *
9082		 * If request_lun is NULL, the LUN this report luns command
9083		 * was issued to is either disabled or doesn't exist. In that
9084		 * case, we shouldn't clear any pending lun change unit
9085		 * attention.
9086		 */
9087		if (request_lun != NULL) {
9088			mtx_lock(&lun->lun_lock);
9089			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9090			mtx_unlock(&lun->lun_lock);
9091		}
9092	}
9093	mtx_unlock(&softc->ctl_lock);
9094
9095	/*
9096	 * It's quite possible that we've returned fewer LUNs than we allocated
9097	 * space for.  Trim it.
9098	 */
9099	lun_datalen = sizeof(*lun_data) +
9100		(num_filled * sizeof(struct scsi_report_luns_lundata));
9101
9102	if (lun_datalen < alloc_len) {
9103		ctsio->residual = alloc_len - lun_datalen;
9104		ctsio->kern_data_len = lun_datalen;
9105		ctsio->kern_total_len = lun_datalen;
9106	} else {
9107		ctsio->residual = 0;
9108		ctsio->kern_data_len = alloc_len;
9109		ctsio->kern_total_len = alloc_len;
9110	}
9111	ctsio->kern_data_resid = 0;
9112	ctsio->kern_rel_offset = 0;
9113	ctsio->kern_sg_entries = 0;
9114
9115	/*
9116	 * We set this to the actual data length, regardless of how much
9117	 * space we actually have to return results.  If the user looks at
9118	 * this value, he'll know whether or not he allocated enough space
9119	 * and reissue the command if necessary.  We don't support well
9120	 * known logical units, so if the user asks for that, return none.
9121	 */
9122	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9123
9124	/*
9125	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9126	 * this request.
9127	 */
9128	ctl_set_success(ctsio);
9129	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9130	ctsio->be_move_done = ctl_config_move_done;
9131	ctl_datamove((union ctl_io *)ctsio);
9132	return (retval);
9133}
9134
9135int
9136ctl_request_sense(struct ctl_scsiio *ctsio)
9137{
9138	struct scsi_request_sense *cdb;
9139	struct scsi_sense_data *sense_ptr;
9140	struct ctl_softc *ctl_softc;
9141	struct ctl_lun *lun;
9142	uint32_t initidx;
9143	int have_error;
9144	scsi_sense_data_type sense_format;
9145	ctl_ua_type ua_type;
9146
9147	cdb = (struct scsi_request_sense *)ctsio->cdb;
9148
9149	ctl_softc = control_softc;
9150	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9151
9152	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9153
9154	/*
9155	 * Determine which sense format the user wants.
9156	 */
9157	if (cdb->byte2 & SRS_DESC)
9158		sense_format = SSD_TYPE_DESC;
9159	else
9160		sense_format = SSD_TYPE_FIXED;
9161
9162	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9163	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9164	ctsio->kern_sg_entries = 0;
9165
9166	/*
9167	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9168	 * larger than the largest allowed value for the length field in the
9169	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9170	 */
9171	ctsio->residual = 0;
9172	ctsio->kern_data_len = cdb->length;
9173	ctsio->kern_total_len = cdb->length;
9174
9175	ctsio->kern_data_resid = 0;
9176	ctsio->kern_rel_offset = 0;
9177	ctsio->kern_sg_entries = 0;
9178
9179	/*
9180	 * If we don't have a LUN, we don't have any pending sense.
9181	 */
9182	if (lun == NULL)
9183		goto no_sense;
9184
9185	have_error = 0;
9186	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9187	/*
9188	 * Check for pending sense, and then for pending unit attentions.
9189	 * Pending sense gets returned first, then pending unit attentions.
9190	 */
9191	mtx_lock(&lun->lun_lock);
9192#ifdef CTL_WITH_CA
9193	if (ctl_is_set(lun->have_ca, initidx)) {
9194		scsi_sense_data_type stored_format;
9195
9196		/*
9197		 * Check to see which sense format was used for the stored
9198		 * sense data.
9199		 */
9200		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9201
9202		/*
9203		 * If the user requested a different sense format than the
9204		 * one we stored, then we need to convert it to the other
9205		 * format.  If we're going from descriptor to fixed format
9206		 * sense data, we may lose things in translation, depending
9207		 * on what options were used.
9208		 *
9209		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9210		 * for some reason we'll just copy it out as-is.
9211		 */
9212		if ((stored_format == SSD_TYPE_FIXED)
9213		 && (sense_format == SSD_TYPE_DESC))
9214			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9215			    &lun->pending_sense[initidx],
9216			    (struct scsi_sense_data_desc *)sense_ptr);
9217		else if ((stored_format == SSD_TYPE_DESC)
9218		      && (sense_format == SSD_TYPE_FIXED))
9219			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9220			    &lun->pending_sense[initidx],
9221			    (struct scsi_sense_data_fixed *)sense_ptr);
9222		else
9223			memcpy(sense_ptr, &lun->pending_sense[initidx],
9224			       MIN(sizeof(*sense_ptr),
9225			       sizeof(lun->pending_sense[initidx])));
9226
9227		ctl_clear_mask(lun->have_ca, initidx);
9228		have_error = 1;
9229	} else
9230#endif
9231	{
9232		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9233		if (ua_type != CTL_UA_NONE)
9234			have_error = 1;
9235		if (ua_type == CTL_UA_LUN_CHANGE) {
9236			mtx_unlock(&lun->lun_lock);
9237			mtx_lock(&ctl_softc->ctl_lock);
9238			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9239			mtx_unlock(&ctl_softc->ctl_lock);
9240			mtx_lock(&lun->lun_lock);
9241		}
9242
9243	}
9244	mtx_unlock(&lun->lun_lock);
9245
9246	/*
9247	 * We already have a pending error, return it.
9248	 */
9249	if (have_error != 0) {
9250		/*
9251		 * We report the SCSI status as OK, since the status of the
9252		 * request sense command itself is OK.
9253		 * We report 0 for the sense length, because we aren't doing
9254		 * autosense in this case.  We're reporting sense as
9255		 * parameter data.
9256		 */
9257		ctl_set_success(ctsio);
9258		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9259		ctsio->be_move_done = ctl_config_move_done;
9260		ctl_datamove((union ctl_io *)ctsio);
9261		return (CTL_RETVAL_COMPLETE);
9262	}
9263
9264no_sense:
9265
9266	/*
9267	 * No sense information to report, so we report that everything is
9268	 * okay.
9269	 */
9270	ctl_set_sense_data(sense_ptr,
9271			   lun,
9272			   sense_format,
9273			   /*current_error*/ 1,
9274			   /*sense_key*/ SSD_KEY_NO_SENSE,
9275			   /*asc*/ 0x00,
9276			   /*ascq*/ 0x00,
9277			   SSD_ELEM_NONE);
9278
9279	/*
9280	 * We report 0 for the sense length, because we aren't doing
9281	 * autosense in this case.  We're reporting sense as parameter data.
9282	 */
9283	ctl_set_success(ctsio);
9284	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9285	ctsio->be_move_done = ctl_config_move_done;
9286	ctl_datamove((union ctl_io *)ctsio);
9287	return (CTL_RETVAL_COMPLETE);
9288}
9289
9290int
9291ctl_tur(struct ctl_scsiio *ctsio)
9292{
9293
9294	CTL_DEBUG_PRINT(("ctl_tur\n"));
9295
9296	ctl_set_success(ctsio);
9297	ctl_done((union ctl_io *)ctsio);
9298
9299	return (CTL_RETVAL_COMPLETE);
9300}
9301
9302/*
9303 * SCSI VPD page 0x00, the Supported VPD Pages page.
9304 */
9305static int
9306ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9307{
9308	struct scsi_vpd_supported_pages *pages;
9309	int sup_page_size;
9310	struct ctl_lun *lun;
9311	int p;
9312
9313	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9314
9315	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9316	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9317	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9318	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9319	ctsio->kern_sg_entries = 0;
9320
9321	if (sup_page_size < alloc_len) {
9322		ctsio->residual = alloc_len - sup_page_size;
9323		ctsio->kern_data_len = sup_page_size;
9324		ctsio->kern_total_len = sup_page_size;
9325	} else {
9326		ctsio->residual = 0;
9327		ctsio->kern_data_len = alloc_len;
9328		ctsio->kern_total_len = alloc_len;
9329	}
9330	ctsio->kern_data_resid = 0;
9331	ctsio->kern_rel_offset = 0;
9332	ctsio->kern_sg_entries = 0;
9333
9334	/*
9335	 * The control device is always connected.  The disk device, on the
9336	 * other hand, may not be online all the time.  Need to change this
9337	 * to figure out whether the disk device is actually online or not.
9338	 */
9339	if (lun != NULL)
9340		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9341				lun->be_lun->lun_type;
9342	else
9343		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9344
9345	p = 0;
9346	/* Supported VPD pages */
9347	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9348	/* Serial Number */
9349	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9350	/* Device Identification */
9351	pages->page_list[p++] = SVPD_DEVICE_ID;
9352	/* Extended INQUIRY Data */
9353	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9354	/* Mode Page Policy */
9355	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9356	/* SCSI Ports */
9357	pages->page_list[p++] = SVPD_SCSI_PORTS;
9358	/* Third-party Copy */
9359	pages->page_list[p++] = SVPD_SCSI_TPC;
9360	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9361		/* Block limits */
9362		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9363		/* Block Device Characteristics */
9364		pages->page_list[p++] = SVPD_BDC;
9365		/* Logical Block Provisioning */
9366		pages->page_list[p++] = SVPD_LBP;
9367	}
9368	pages->length = p;
9369
9370	ctl_set_success(ctsio);
9371	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9372	ctsio->be_move_done = ctl_config_move_done;
9373	ctl_datamove((union ctl_io *)ctsio);
9374	return (CTL_RETVAL_COMPLETE);
9375}
9376
9377/*
9378 * SCSI VPD page 0x80, the Unit Serial Number page.
9379 */
9380static int
9381ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9382{
9383	struct scsi_vpd_unit_serial_number *sn_ptr;
9384	struct ctl_lun *lun;
9385	int data_len;
9386
9387	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9388
9389	data_len = 4 + CTL_SN_LEN;
9390	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9391	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9392	if (data_len < alloc_len) {
9393		ctsio->residual = alloc_len - data_len;
9394		ctsio->kern_data_len = data_len;
9395		ctsio->kern_total_len = data_len;
9396	} else {
9397		ctsio->residual = 0;
9398		ctsio->kern_data_len = alloc_len;
9399		ctsio->kern_total_len = alloc_len;
9400	}
9401	ctsio->kern_data_resid = 0;
9402	ctsio->kern_rel_offset = 0;
9403	ctsio->kern_sg_entries = 0;
9404
9405	/*
9406	 * The control device is always connected.  The disk device, on the
9407	 * other hand, may not be online all the time.  Need to change this
9408	 * to figure out whether the disk device is actually online or not.
9409	 */
9410	if (lun != NULL)
9411		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9412				  lun->be_lun->lun_type;
9413	else
9414		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9415
9416	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9417	sn_ptr->length = CTL_SN_LEN;
9418	/*
9419	 * If we don't have a LUN, we just leave the serial number as
9420	 * all spaces.
9421	 */
9422	if (lun != NULL) {
9423		strncpy((char *)sn_ptr->serial_num,
9424			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9425	} else
9426		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9427
9428	ctl_set_success(ctsio);
9429	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9430	ctsio->be_move_done = ctl_config_move_done;
9431	ctl_datamove((union ctl_io *)ctsio);
9432	return (CTL_RETVAL_COMPLETE);
9433}
9434
9435
9436/*
9437 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9438 */
9439static int
9440ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9441{
9442	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9443	struct ctl_lun *lun;
9444	int data_len;
9445
9446	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9447
9448	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9449	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9450	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9451	ctsio->kern_sg_entries = 0;
9452
9453	if (data_len < alloc_len) {
9454		ctsio->residual = alloc_len - data_len;
9455		ctsio->kern_data_len = data_len;
9456		ctsio->kern_total_len = data_len;
9457	} else {
9458		ctsio->residual = 0;
9459		ctsio->kern_data_len = alloc_len;
9460		ctsio->kern_total_len = alloc_len;
9461	}
9462	ctsio->kern_data_resid = 0;
9463	ctsio->kern_rel_offset = 0;
9464	ctsio->kern_sg_entries = 0;
9465
9466	/*
9467	 * The control device is always connected.  The disk device, on the
9468	 * other hand, may not be online all the time.
9469	 */
9470	if (lun != NULL)
9471		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9472				     lun->be_lun->lun_type;
9473	else
9474		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9475	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9476	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9477	/*
9478	 * We support head of queue, ordered and simple tags.
9479	 */
9480	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9481	/*
9482	 * Volatile cache supported.
9483	 */
9484	eid_ptr->flags3 = SVPD_EID_V_SUP;
9485
9486	/*
9487	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9488	 * attention for a particular IT nexus on all LUNs once we report
9489	 * it to that nexus once.  This bit is required as of SPC-4.
9490	 */
9491	eid_ptr->flags4 = SVPD_EID_LUICLT;
9492
9493	/*
9494	 * XXX KDM in order to correctly answer this, we would need
9495	 * information from the SIM to determine how much sense data it
9496	 * can send.  So this would really be a path inquiry field, most
9497	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9498	 * but the hardware may or may not be able to support that much.
9499	 * 0 just means that the maximum sense data length is not reported.
9500	 */
9501	eid_ptr->max_sense_length = 0;
9502
9503	ctl_set_success(ctsio);
9504	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9505	ctsio->be_move_done = ctl_config_move_done;
9506	ctl_datamove((union ctl_io *)ctsio);
9507	return (CTL_RETVAL_COMPLETE);
9508}
9509
9510static int
9511ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9512{
9513	struct scsi_vpd_mode_page_policy *mpp_ptr;
9514	struct ctl_lun *lun;
9515	int data_len;
9516
9517	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9518
9519	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9520	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9521
9522	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9523	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9524	ctsio->kern_sg_entries = 0;
9525
9526	if (data_len < alloc_len) {
9527		ctsio->residual = alloc_len - data_len;
9528		ctsio->kern_data_len = data_len;
9529		ctsio->kern_total_len = data_len;
9530	} else {
9531		ctsio->residual = 0;
9532		ctsio->kern_data_len = alloc_len;
9533		ctsio->kern_total_len = alloc_len;
9534	}
9535	ctsio->kern_data_resid = 0;
9536	ctsio->kern_rel_offset = 0;
9537	ctsio->kern_sg_entries = 0;
9538
9539	/*
9540	 * The control device is always connected.  The disk device, on the
9541	 * other hand, may not be online all the time.
9542	 */
9543	if (lun != NULL)
9544		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9545				     lun->be_lun->lun_type;
9546	else
9547		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9548	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9549	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9550	mpp_ptr->descr[0].page_code = 0x3f;
9551	mpp_ptr->descr[0].subpage_code = 0xff;
9552	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9553
9554	ctl_set_success(ctsio);
9555	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9556	ctsio->be_move_done = ctl_config_move_done;
9557	ctl_datamove((union ctl_io *)ctsio);
9558	return (CTL_RETVAL_COMPLETE);
9559}
9560
9561/*
9562 * SCSI VPD page 0x83, the Device Identification page.
9563 */
9564static int
9565ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9566{
9567	struct scsi_vpd_device_id *devid_ptr;
9568	struct scsi_vpd_id_descriptor *desc;
9569	struct ctl_softc *softc;
9570	struct ctl_lun *lun;
9571	struct ctl_port *port;
9572	int data_len;
9573	uint8_t proto;
9574
9575	softc = control_softc;
9576
9577	port = ctl_io_port(&ctsio->io_hdr);
9578	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9579
9580	data_len = sizeof(struct scsi_vpd_device_id) +
9581	    sizeof(struct scsi_vpd_id_descriptor) +
9582		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9583	    sizeof(struct scsi_vpd_id_descriptor) +
9584		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9585	if (lun && lun->lun_devid)
9586		data_len += lun->lun_devid->len;
9587	if (port && port->port_devid)
9588		data_len += port->port_devid->len;
9589	if (port && port->target_devid)
9590		data_len += port->target_devid->len;
9591
9592	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9593	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9594	ctsio->kern_sg_entries = 0;
9595
9596	if (data_len < alloc_len) {
9597		ctsio->residual = alloc_len - data_len;
9598		ctsio->kern_data_len = data_len;
9599		ctsio->kern_total_len = data_len;
9600	} else {
9601		ctsio->residual = 0;
9602		ctsio->kern_data_len = alloc_len;
9603		ctsio->kern_total_len = alloc_len;
9604	}
9605	ctsio->kern_data_resid = 0;
9606	ctsio->kern_rel_offset = 0;
9607	ctsio->kern_sg_entries = 0;
9608
9609	/*
9610	 * The control device is always connected.  The disk device, on the
9611	 * other hand, may not be online all the time.
9612	 */
9613	if (lun != NULL)
9614		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9615				     lun->be_lun->lun_type;
9616	else
9617		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9618	devid_ptr->page_code = SVPD_DEVICE_ID;
9619	scsi_ulto2b(data_len - 4, devid_ptr->length);
9620
9621	if (port && port->port_type == CTL_PORT_FC)
9622		proto = SCSI_PROTO_FC << 4;
9623	else if (port && port->port_type == CTL_PORT_ISCSI)
9624		proto = SCSI_PROTO_ISCSI << 4;
9625	else
9626		proto = SCSI_PROTO_SPI << 4;
9627	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9628
9629	/*
9630	 * We're using a LUN association here.  i.e., this device ID is a
9631	 * per-LUN identifier.
9632	 */
9633	if (lun && lun->lun_devid) {
9634		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9635		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9636		    lun->lun_devid->len);
9637	}
9638
9639	/*
9640	 * This is for the WWPN which is a port association.
9641	 */
9642	if (port && port->port_devid) {
9643		memcpy(desc, port->port_devid->data, port->port_devid->len);
9644		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9645		    port->port_devid->len);
9646	}
9647
9648	/*
9649	 * This is for the Relative Target Port(type 4h) identifier
9650	 */
9651	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9652	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9653	    SVPD_ID_TYPE_RELTARG;
9654	desc->length = 4;
9655	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9656	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9657	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9658
9659	/*
9660	 * This is for the Target Port Group(type 5h) identifier
9661	 */
9662	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9663	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9664	    SVPD_ID_TYPE_TPORTGRP;
9665	desc->length = 4;
9666	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9667	    &desc->identifier[2]);
9668	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9669	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9670
9671	/*
9672	 * This is for the Target identifier
9673	 */
9674	if (port && port->target_devid) {
9675		memcpy(desc, port->target_devid->data, port->target_devid->len);
9676	}
9677
9678	ctl_set_success(ctsio);
9679	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9680	ctsio->be_move_done = ctl_config_move_done;
9681	ctl_datamove((union ctl_io *)ctsio);
9682	return (CTL_RETVAL_COMPLETE);
9683}
9684
9685static int
9686ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9687{
9688	struct ctl_softc *softc = control_softc;
9689	struct scsi_vpd_scsi_ports *sp;
9690	struct scsi_vpd_port_designation *pd;
9691	struct scsi_vpd_port_designation_cont *pdc;
9692	struct ctl_lun *lun;
9693	struct ctl_port *port;
9694	int data_len, num_target_ports, iid_len, id_len;
9695
9696	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9697
9698	num_target_ports = 0;
9699	iid_len = 0;
9700	id_len = 0;
9701	mtx_lock(&softc->ctl_lock);
9702	STAILQ_FOREACH(port, &softc->port_list, links) {
9703		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9704			continue;
9705		if (lun != NULL &&
9706		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9707			continue;
9708		num_target_ports++;
9709		if (port->init_devid)
9710			iid_len += port->init_devid->len;
9711		if (port->port_devid)
9712			id_len += port->port_devid->len;
9713	}
9714	mtx_unlock(&softc->ctl_lock);
9715
9716	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9717	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9718	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9719	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9720	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9721	ctsio->kern_sg_entries = 0;
9722
9723	if (data_len < alloc_len) {
9724		ctsio->residual = alloc_len - data_len;
9725		ctsio->kern_data_len = data_len;
9726		ctsio->kern_total_len = data_len;
9727	} else {
9728		ctsio->residual = 0;
9729		ctsio->kern_data_len = alloc_len;
9730		ctsio->kern_total_len = alloc_len;
9731	}
9732	ctsio->kern_data_resid = 0;
9733	ctsio->kern_rel_offset = 0;
9734	ctsio->kern_sg_entries = 0;
9735
9736	/*
9737	 * The control device is always connected.  The disk device, on the
9738	 * other hand, may not be online all the time.  Need to change this
9739	 * to figure out whether the disk device is actually online or not.
9740	 */
9741	if (lun != NULL)
9742		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9743				  lun->be_lun->lun_type;
9744	else
9745		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9746
9747	sp->page_code = SVPD_SCSI_PORTS;
9748	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9749	    sp->page_length);
9750	pd = &sp->design[0];
9751
9752	mtx_lock(&softc->ctl_lock);
9753	STAILQ_FOREACH(port, &softc->port_list, links) {
9754		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9755			continue;
9756		if (lun != NULL &&
9757		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9758			continue;
9759		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9760		if (port->init_devid) {
9761			iid_len = port->init_devid->len;
9762			memcpy(pd->initiator_transportid,
9763			    port->init_devid->data, port->init_devid->len);
9764		} else
9765			iid_len = 0;
9766		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9767		pdc = (struct scsi_vpd_port_designation_cont *)
9768		    (&pd->initiator_transportid[iid_len]);
9769		if (port->port_devid) {
9770			id_len = port->port_devid->len;
9771			memcpy(pdc->target_port_descriptors,
9772			    port->port_devid->data, port->port_devid->len);
9773		} else
9774			id_len = 0;
9775		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9776		pd = (struct scsi_vpd_port_designation *)
9777		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9778	}
9779	mtx_unlock(&softc->ctl_lock);
9780
9781	ctl_set_success(ctsio);
9782	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9783	ctsio->be_move_done = ctl_config_move_done;
9784	ctl_datamove((union ctl_io *)ctsio);
9785	return (CTL_RETVAL_COMPLETE);
9786}
9787
9788static int
9789ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9790{
9791	struct scsi_vpd_block_limits *bl_ptr;
9792	struct ctl_lun *lun;
9793	int bs;
9794
9795	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9796
9797	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9798	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9799	ctsio->kern_sg_entries = 0;
9800
9801	if (sizeof(*bl_ptr) < alloc_len) {
9802		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9803		ctsio->kern_data_len = sizeof(*bl_ptr);
9804		ctsio->kern_total_len = sizeof(*bl_ptr);
9805	} else {
9806		ctsio->residual = 0;
9807		ctsio->kern_data_len = alloc_len;
9808		ctsio->kern_total_len = alloc_len;
9809	}
9810	ctsio->kern_data_resid = 0;
9811	ctsio->kern_rel_offset = 0;
9812	ctsio->kern_sg_entries = 0;
9813
9814	/*
9815	 * The control device is always connected.  The disk device, on the
9816	 * other hand, may not be online all the time.  Need to change this
9817	 * to figure out whether the disk device is actually online or not.
9818	 */
9819	if (lun != NULL)
9820		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9821				  lun->be_lun->lun_type;
9822	else
9823		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9824
9825	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9826	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9827	bl_ptr->max_cmp_write_len = 0xff;
9828	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9829	if (lun != NULL) {
9830		bs = lun->be_lun->blocksize;
9831		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9832		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9833			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9834			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9835			if (lun->be_lun->ublockexp != 0) {
9836				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9837				    bl_ptr->opt_unmap_grain);
9838				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9839				    bl_ptr->unmap_grain_align);
9840			}
9841		}
9842		scsi_ulto4b(lun->be_lun->atomicblock,
9843		    bl_ptr->max_atomic_transfer_length);
9844		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9845		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9846	}
9847	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9848
9849	ctl_set_success(ctsio);
9850	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9851	ctsio->be_move_done = ctl_config_move_done;
9852	ctl_datamove((union ctl_io *)ctsio);
9853	return (CTL_RETVAL_COMPLETE);
9854}
9855
9856static int
9857ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9858{
9859	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9860	struct ctl_lun *lun;
9861	const char *value;
9862	u_int i;
9863
9864	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9865
9866	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9867	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9868	ctsio->kern_sg_entries = 0;
9869
9870	if (sizeof(*bdc_ptr) < alloc_len) {
9871		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9872		ctsio->kern_data_len = sizeof(*bdc_ptr);
9873		ctsio->kern_total_len = sizeof(*bdc_ptr);
9874	} else {
9875		ctsio->residual = 0;
9876		ctsio->kern_data_len = alloc_len;
9877		ctsio->kern_total_len = alloc_len;
9878	}
9879	ctsio->kern_data_resid = 0;
9880	ctsio->kern_rel_offset = 0;
9881	ctsio->kern_sg_entries = 0;
9882
9883	/*
9884	 * The control device is always connected.  The disk device, on the
9885	 * other hand, may not be online all the time.  Need to change this
9886	 * to figure out whether the disk device is actually online or not.
9887	 */
9888	if (lun != NULL)
9889		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9890				  lun->be_lun->lun_type;
9891	else
9892		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9893	bdc_ptr->page_code = SVPD_BDC;
9894	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9895	if (lun != NULL &&
9896	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9897		i = strtol(value, NULL, 0);
9898	else
9899		i = CTL_DEFAULT_ROTATION_RATE;
9900	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9901	if (lun != NULL &&
9902	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9903		i = strtol(value, NULL, 0);
9904	else
9905		i = 0;
9906	bdc_ptr->wab_wac_ff = (i & 0x0f);
9907	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9908
9909	ctl_set_success(ctsio);
9910	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9911	ctsio->be_move_done = ctl_config_move_done;
9912	ctl_datamove((union ctl_io *)ctsio);
9913	return (CTL_RETVAL_COMPLETE);
9914}
9915
9916static int
9917ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9918{
9919	struct scsi_vpd_logical_block_prov *lbp_ptr;
9920	struct ctl_lun *lun;
9921
9922	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9923
9924	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9925	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9926	ctsio->kern_sg_entries = 0;
9927
9928	if (sizeof(*lbp_ptr) < alloc_len) {
9929		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9930		ctsio->kern_data_len = sizeof(*lbp_ptr);
9931		ctsio->kern_total_len = sizeof(*lbp_ptr);
9932	} else {
9933		ctsio->residual = 0;
9934		ctsio->kern_data_len = alloc_len;
9935		ctsio->kern_total_len = alloc_len;
9936	}
9937	ctsio->kern_data_resid = 0;
9938	ctsio->kern_rel_offset = 0;
9939	ctsio->kern_sg_entries = 0;
9940
9941	/*
9942	 * The control device is always connected.  The disk device, on the
9943	 * other hand, may not be online all the time.  Need to change this
9944	 * to figure out whether the disk device is actually online or not.
9945	 */
9946	if (lun != NULL)
9947		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9948				  lun->be_lun->lun_type;
9949	else
9950		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9951
9952	lbp_ptr->page_code = SVPD_LBP;
9953	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9954	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9955	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9956		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9957		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9958		lbp_ptr->prov_type = SVPD_LBP_THIN;
9959	}
9960
9961	ctl_set_success(ctsio);
9962	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9963	ctsio->be_move_done = ctl_config_move_done;
9964	ctl_datamove((union ctl_io *)ctsio);
9965	return (CTL_RETVAL_COMPLETE);
9966}
9967
9968/*
9969 * INQUIRY with the EVPD bit set.
9970 */
9971static int
9972ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9973{
9974	struct ctl_lun *lun;
9975	struct scsi_inquiry *cdb;
9976	int alloc_len, retval;
9977
9978	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9979	cdb = (struct scsi_inquiry *)ctsio->cdb;
9980	alloc_len = scsi_2btoul(cdb->length);
9981
9982	switch (cdb->page_code) {
9983	case SVPD_SUPPORTED_PAGES:
9984		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9985		break;
9986	case SVPD_UNIT_SERIAL_NUMBER:
9987		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9988		break;
9989	case SVPD_DEVICE_ID:
9990		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9991		break;
9992	case SVPD_EXTENDED_INQUIRY_DATA:
9993		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9994		break;
9995	case SVPD_MODE_PAGE_POLICY:
9996		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
9997		break;
9998	case SVPD_SCSI_PORTS:
9999		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10000		break;
10001	case SVPD_SCSI_TPC:
10002		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10003		break;
10004	case SVPD_BLOCK_LIMITS:
10005		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10006			goto err;
10007		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10008		break;
10009	case SVPD_BDC:
10010		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10011			goto err;
10012		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10013		break;
10014	case SVPD_LBP:
10015		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10016			goto err;
10017		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10018		break;
10019	default:
10020err:
10021		ctl_set_invalid_field(ctsio,
10022				      /*sks_valid*/ 1,
10023				      /*command*/ 1,
10024				      /*field*/ 2,
10025				      /*bit_valid*/ 0,
10026				      /*bit*/ 0);
10027		ctl_done((union ctl_io *)ctsio);
10028		retval = CTL_RETVAL_COMPLETE;
10029		break;
10030	}
10031
10032	return (retval);
10033}
10034
10035/*
10036 * Standard INQUIRY data.
10037 */
10038static int
10039ctl_inquiry_std(struct ctl_scsiio *ctsio)
10040{
10041	struct scsi_inquiry_data *inq_ptr;
10042	struct scsi_inquiry *cdb;
10043	struct ctl_softc *softc;
10044	struct ctl_port *port;
10045	struct ctl_lun *lun;
10046	char *val;
10047	uint32_t alloc_len, data_len;
10048	ctl_port_type port_type;
10049
10050	softc = control_softc;
10051
10052	/*
10053	 * Figure out whether we're talking to a Fibre Channel port or not.
10054	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10055	 * SCSI front ends.
10056	 */
10057	port = ctl_io_port(&ctsio->io_hdr);
10058	if (port != NULL)
10059		port_type = port->port_type;
10060	else
10061		port_type = CTL_PORT_SCSI;
10062	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10063		port_type = CTL_PORT_SCSI;
10064
10065	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10066	cdb = (struct scsi_inquiry *)ctsio->cdb;
10067	alloc_len = scsi_2btoul(cdb->length);
10068
10069	/*
10070	 * We malloc the full inquiry data size here and fill it
10071	 * in.  If the user only asks for less, we'll give him
10072	 * that much.
10073	 */
10074	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10075	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10076	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10077	ctsio->kern_sg_entries = 0;
10078	ctsio->kern_data_resid = 0;
10079	ctsio->kern_rel_offset = 0;
10080
10081	if (data_len < alloc_len) {
10082		ctsio->residual = alloc_len - data_len;
10083		ctsio->kern_data_len = data_len;
10084		ctsio->kern_total_len = data_len;
10085	} else {
10086		ctsio->residual = 0;
10087		ctsio->kern_data_len = alloc_len;
10088		ctsio->kern_total_len = alloc_len;
10089	}
10090
10091	if (lun != NULL) {
10092		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10093		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10094			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10095			    lun->be_lun->lun_type;
10096		} else {
10097			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10098			    lun->be_lun->lun_type;
10099		}
10100	} else
10101		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10102
10103	/* RMB in byte 2 is 0 */
10104	inq_ptr->version = SCSI_REV_SPC4;
10105
10106	/*
10107	 * According to SAM-3, even if a device only supports a single
10108	 * level of LUN addressing, it should still set the HISUP bit:
10109	 *
10110	 * 4.9.1 Logical unit numbers overview
10111	 *
10112	 * All logical unit number formats described in this standard are
10113	 * hierarchical in structure even when only a single level in that
10114	 * hierarchy is used. The HISUP bit shall be set to one in the
10115	 * standard INQUIRY data (see SPC-2) when any logical unit number
10116	 * format described in this standard is used.  Non-hierarchical
10117	 * formats are outside the scope of this standard.
10118	 *
10119	 * Therefore we set the HiSup bit here.
10120	 *
10121	 * The reponse format is 2, per SPC-3.
10122	 */
10123	inq_ptr->response_format = SID_HiSup | 2;
10124
10125	inq_ptr->additional_length = data_len -
10126	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10127	CTL_DEBUG_PRINT(("additional_length = %d\n",
10128			 inq_ptr->additional_length));
10129
10130	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10131	/* 16 bit addressing */
10132	if (port_type == CTL_PORT_SCSI)
10133		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10134	/* XXX set the SID_MultiP bit here if we're actually going to
10135	   respond on multiple ports */
10136	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10137
10138	/* 16 bit data bus, synchronous transfers */
10139	if (port_type == CTL_PORT_SCSI)
10140		inq_ptr->flags = SID_WBus16 | SID_Sync;
10141	/*
10142	 * XXX KDM do we want to support tagged queueing on the control
10143	 * device at all?
10144	 */
10145	if ((lun == NULL)
10146	 || (lun->be_lun->lun_type != T_PROCESSOR))
10147		inq_ptr->flags |= SID_CmdQue;
10148	/*
10149	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10150	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10151	 * name and 4 bytes for the revision.
10152	 */
10153	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10154	    "vendor")) == NULL) {
10155		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10156	} else {
10157		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10158		strncpy(inq_ptr->vendor, val,
10159		    min(sizeof(inq_ptr->vendor), strlen(val)));
10160	}
10161	if (lun == NULL) {
10162		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10163		    sizeof(inq_ptr->product));
10164	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10165		switch (lun->be_lun->lun_type) {
10166		case T_DIRECT:
10167			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10168			    sizeof(inq_ptr->product));
10169			break;
10170		case T_PROCESSOR:
10171			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10172			    sizeof(inq_ptr->product));
10173			break;
10174		default:
10175			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10176			    sizeof(inq_ptr->product));
10177			break;
10178		}
10179	} else {
10180		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10181		strncpy(inq_ptr->product, val,
10182		    min(sizeof(inq_ptr->product), strlen(val)));
10183	}
10184
10185	/*
10186	 * XXX make this a macro somewhere so it automatically gets
10187	 * incremented when we make changes.
10188	 */
10189	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10190	    "revision")) == NULL) {
10191		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10192	} else {
10193		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10194		strncpy(inq_ptr->revision, val,
10195		    min(sizeof(inq_ptr->revision), strlen(val)));
10196	}
10197
10198	/*
10199	 * For parallel SCSI, we support double transition and single
10200	 * transition clocking.  We also support QAS (Quick Arbitration
10201	 * and Selection) and Information Unit transfers on both the
10202	 * control and array devices.
10203	 */
10204	if (port_type == CTL_PORT_SCSI)
10205		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10206				    SID_SPI_IUS;
10207
10208	/* SAM-5 (no version claimed) */
10209	scsi_ulto2b(0x00A0, inq_ptr->version1);
10210	/* SPC-4 (no version claimed) */
10211	scsi_ulto2b(0x0460, inq_ptr->version2);
10212	if (port_type == CTL_PORT_FC) {
10213		/* FCP-2 ANSI INCITS.350:2003 */
10214		scsi_ulto2b(0x0917, inq_ptr->version3);
10215	} else if (port_type == CTL_PORT_SCSI) {
10216		/* SPI-4 ANSI INCITS.362:200x */
10217		scsi_ulto2b(0x0B56, inq_ptr->version3);
10218	} else if (port_type == CTL_PORT_ISCSI) {
10219		/* iSCSI (no version claimed) */
10220		scsi_ulto2b(0x0960, inq_ptr->version3);
10221	} else if (port_type == CTL_PORT_SAS) {
10222		/* SAS (no version claimed) */
10223		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10224	}
10225
10226	if (lun == NULL) {
10227		/* SBC-4 (no version claimed) */
10228		scsi_ulto2b(0x0600, inq_ptr->version4);
10229	} else {
10230		switch (lun->be_lun->lun_type) {
10231		case T_DIRECT:
10232			/* SBC-4 (no version claimed) */
10233			scsi_ulto2b(0x0600, inq_ptr->version4);
10234			break;
10235		case T_PROCESSOR:
10236		default:
10237			break;
10238		}
10239	}
10240
10241	ctl_set_success(ctsio);
10242	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10243	ctsio->be_move_done = ctl_config_move_done;
10244	ctl_datamove((union ctl_io *)ctsio);
10245	return (CTL_RETVAL_COMPLETE);
10246}
10247
10248int
10249ctl_inquiry(struct ctl_scsiio *ctsio)
10250{
10251	struct scsi_inquiry *cdb;
10252	int retval;
10253
10254	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10255
10256	cdb = (struct scsi_inquiry *)ctsio->cdb;
10257	if (cdb->byte2 & SI_EVPD)
10258		retval = ctl_inquiry_evpd(ctsio);
10259	else if (cdb->page_code == 0)
10260		retval = ctl_inquiry_std(ctsio);
10261	else {
10262		ctl_set_invalid_field(ctsio,
10263				      /*sks_valid*/ 1,
10264				      /*command*/ 1,
10265				      /*field*/ 2,
10266				      /*bit_valid*/ 0,
10267				      /*bit*/ 0);
10268		ctl_done((union ctl_io *)ctsio);
10269		return (CTL_RETVAL_COMPLETE);
10270	}
10271
10272	return (retval);
10273}
10274
10275/*
10276 * For known CDB types, parse the LBA and length.
10277 */
10278static int
10279ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10280{
10281	if (io->io_hdr.io_type != CTL_IO_SCSI)
10282		return (1);
10283
10284	switch (io->scsiio.cdb[0]) {
10285	case COMPARE_AND_WRITE: {
10286		struct scsi_compare_and_write *cdb;
10287
10288		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10289
10290		*lba = scsi_8btou64(cdb->addr);
10291		*len = cdb->length;
10292		break;
10293	}
10294	case READ_6:
10295	case WRITE_6: {
10296		struct scsi_rw_6 *cdb;
10297
10298		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10299
10300		*lba = scsi_3btoul(cdb->addr);
10301		/* only 5 bits are valid in the most significant address byte */
10302		*lba &= 0x1fffff;
10303		*len = cdb->length;
10304		break;
10305	}
10306	case READ_10:
10307	case WRITE_10: {
10308		struct scsi_rw_10 *cdb;
10309
10310		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10311
10312		*lba = scsi_4btoul(cdb->addr);
10313		*len = scsi_2btoul(cdb->length);
10314		break;
10315	}
10316	case WRITE_VERIFY_10: {
10317		struct scsi_write_verify_10 *cdb;
10318
10319		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10320
10321		*lba = scsi_4btoul(cdb->addr);
10322		*len = scsi_2btoul(cdb->length);
10323		break;
10324	}
10325	case READ_12:
10326	case WRITE_12: {
10327		struct scsi_rw_12 *cdb;
10328
10329		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10330
10331		*lba = scsi_4btoul(cdb->addr);
10332		*len = scsi_4btoul(cdb->length);
10333		break;
10334	}
10335	case WRITE_VERIFY_12: {
10336		struct scsi_write_verify_12 *cdb;
10337
10338		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10339
10340		*lba = scsi_4btoul(cdb->addr);
10341		*len = scsi_4btoul(cdb->length);
10342		break;
10343	}
10344	case READ_16:
10345	case WRITE_16:
10346	case WRITE_ATOMIC_16: {
10347		struct scsi_rw_16 *cdb;
10348
10349		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10350
10351		*lba = scsi_8btou64(cdb->addr);
10352		*len = scsi_4btoul(cdb->length);
10353		break;
10354	}
10355	case WRITE_VERIFY_16: {
10356		struct scsi_write_verify_16 *cdb;
10357
10358		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10359
10360		*lba = scsi_8btou64(cdb->addr);
10361		*len = scsi_4btoul(cdb->length);
10362		break;
10363	}
10364	case WRITE_SAME_10: {
10365		struct scsi_write_same_10 *cdb;
10366
10367		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10368
10369		*lba = scsi_4btoul(cdb->addr);
10370		*len = scsi_2btoul(cdb->length);
10371		break;
10372	}
10373	case WRITE_SAME_16: {
10374		struct scsi_write_same_16 *cdb;
10375
10376		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10377
10378		*lba = scsi_8btou64(cdb->addr);
10379		*len = scsi_4btoul(cdb->length);
10380		break;
10381	}
10382	case VERIFY_10: {
10383		struct scsi_verify_10 *cdb;
10384
10385		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10386
10387		*lba = scsi_4btoul(cdb->addr);
10388		*len = scsi_2btoul(cdb->length);
10389		break;
10390	}
10391	case VERIFY_12: {
10392		struct scsi_verify_12 *cdb;
10393
10394		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10395
10396		*lba = scsi_4btoul(cdb->addr);
10397		*len = scsi_4btoul(cdb->length);
10398		break;
10399	}
10400	case VERIFY_16: {
10401		struct scsi_verify_16 *cdb;
10402
10403		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10404
10405		*lba = scsi_8btou64(cdb->addr);
10406		*len = scsi_4btoul(cdb->length);
10407		break;
10408	}
10409	case UNMAP: {
10410		*lba = 0;
10411		*len = UINT64_MAX;
10412		break;
10413	}
10414	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10415		struct scsi_get_lba_status *cdb;
10416
10417		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10418		*lba = scsi_8btou64(cdb->addr);
10419		*len = UINT32_MAX;
10420		break;
10421	}
10422	default:
10423		return (1);
10424		break; /* NOTREACHED */
10425	}
10426
10427	return (0);
10428}
10429
10430static ctl_action
10431ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10432    bool seq)
10433{
10434	uint64_t endlba1, endlba2;
10435
10436	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10437	endlba2 = lba2 + len2 - 1;
10438
10439	if ((endlba1 < lba2) || (endlba2 < lba1))
10440		return (CTL_ACTION_PASS);
10441	else
10442		return (CTL_ACTION_BLOCK);
10443}
10444
10445static int
10446ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10447{
10448	struct ctl_ptr_len_flags *ptrlen;
10449	struct scsi_unmap_desc *buf, *end, *range;
10450	uint64_t lba;
10451	uint32_t len;
10452
10453	/* If not UNMAP -- go other way. */
10454	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10455	    io->scsiio.cdb[0] != UNMAP)
10456		return (CTL_ACTION_ERROR);
10457
10458	/* If UNMAP without data -- block and wait for data. */
10459	ptrlen = (struct ctl_ptr_len_flags *)
10460	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10461	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10462	    ptrlen->ptr == NULL)
10463		return (CTL_ACTION_BLOCK);
10464
10465	/* UNMAP with data -- check for collision. */
10466	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10467	end = buf + ptrlen->len / sizeof(*buf);
10468	for (range = buf; range < end; range++) {
10469		lba = scsi_8btou64(range->lba);
10470		len = scsi_4btoul(range->length);
10471		if ((lba < lba2 + len2) && (lba + len > lba2))
10472			return (CTL_ACTION_BLOCK);
10473	}
10474	return (CTL_ACTION_PASS);
10475}
10476
10477static ctl_action
10478ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10479{
10480	uint64_t lba1, lba2;
10481	uint64_t len1, len2;
10482	int retval;
10483
10484	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10485		return (CTL_ACTION_ERROR);
10486
10487	retval = ctl_extent_check_unmap(io1, lba2, len2);
10488	if (retval != CTL_ACTION_ERROR)
10489		return (retval);
10490
10491	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10492		return (CTL_ACTION_ERROR);
10493
10494	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10495}
10496
10497static ctl_action
10498ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10499{
10500	uint64_t lba1, lba2;
10501	uint64_t len1, len2;
10502
10503	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10504		return (CTL_ACTION_ERROR);
10505	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10506		return (CTL_ACTION_ERROR);
10507
10508	if (lba1 + len1 == lba2)
10509		return (CTL_ACTION_BLOCK);
10510	return (CTL_ACTION_PASS);
10511}
10512
10513static ctl_action
10514ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10515    union ctl_io *ooa_io)
10516{
10517	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10518	ctl_serialize_action *serialize_row;
10519
10520	/*
10521	 * The initiator attempted multiple untagged commands at the same
10522	 * time.  Can't do that.
10523	 */
10524	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10525	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10526	 && ((pending_io->io_hdr.nexus.targ_port ==
10527	      ooa_io->io_hdr.nexus.targ_port)
10528	  && (pending_io->io_hdr.nexus.initid ==
10529	      ooa_io->io_hdr.nexus.initid))
10530	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10531	      CTL_FLAG_STATUS_SENT)) == 0))
10532		return (CTL_ACTION_OVERLAP);
10533
10534	/*
10535	 * The initiator attempted to send multiple tagged commands with
10536	 * the same ID.  (It's fine if different initiators have the same
10537	 * tag ID.)
10538	 *
10539	 * Even if all of those conditions are true, we don't kill the I/O
10540	 * if the command ahead of us has been aborted.  We won't end up
10541	 * sending it to the FETD, and it's perfectly legal to resend a
10542	 * command with the same tag number as long as the previous
10543	 * instance of this tag number has been aborted somehow.
10544	 */
10545	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10546	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10547	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10548	 && ((pending_io->io_hdr.nexus.targ_port ==
10549	      ooa_io->io_hdr.nexus.targ_port)
10550	  && (pending_io->io_hdr.nexus.initid ==
10551	      ooa_io->io_hdr.nexus.initid))
10552	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10553	      CTL_FLAG_STATUS_SENT)) == 0))
10554		return (CTL_ACTION_OVERLAP_TAG);
10555
10556	/*
10557	 * If we get a head of queue tag, SAM-3 says that we should
10558	 * immediately execute it.
10559	 *
10560	 * What happens if this command would normally block for some other
10561	 * reason?  e.g. a request sense with a head of queue tag
10562	 * immediately after a write.  Normally that would block, but this
10563	 * will result in its getting executed immediately...
10564	 *
10565	 * We currently return "pass" instead of "skip", so we'll end up
10566	 * going through the rest of the queue to check for overlapped tags.
10567	 *
10568	 * XXX KDM check for other types of blockage first??
10569	 */
10570	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10571		return (CTL_ACTION_PASS);
10572
10573	/*
10574	 * Ordered tags have to block until all items ahead of them
10575	 * have completed.  If we get called with an ordered tag, we always
10576	 * block, if something else is ahead of us in the queue.
10577	 */
10578	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10579		return (CTL_ACTION_BLOCK);
10580
10581	/*
10582	 * Simple tags get blocked until all head of queue and ordered tags
10583	 * ahead of them have completed.  I'm lumping untagged commands in
10584	 * with simple tags here.  XXX KDM is that the right thing to do?
10585	 */
10586	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10587	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10588	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10589	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10590		return (CTL_ACTION_BLOCK);
10591
10592	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10593	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10594
10595	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10596
10597	switch (serialize_row[pending_entry->seridx]) {
10598	case CTL_SER_BLOCK:
10599		return (CTL_ACTION_BLOCK);
10600	case CTL_SER_EXTENT:
10601		return (ctl_extent_check(ooa_io, pending_io,
10602		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10603	case CTL_SER_EXTENTOPT:
10604		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10605		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10606			return (ctl_extent_check(ooa_io, pending_io,
10607			    (lun->be_lun &&
10608			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10609		return (CTL_ACTION_PASS);
10610	case CTL_SER_EXTENTSEQ:
10611		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10612			return (ctl_extent_check_seq(ooa_io, pending_io));
10613		return (CTL_ACTION_PASS);
10614	case CTL_SER_PASS:
10615		return (CTL_ACTION_PASS);
10616	case CTL_SER_BLOCKOPT:
10617		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10618		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10619			return (CTL_ACTION_BLOCK);
10620		return (CTL_ACTION_PASS);
10621	case CTL_SER_SKIP:
10622		return (CTL_ACTION_SKIP);
10623	default:
10624		panic("invalid serialization value %d",
10625		      serialize_row[pending_entry->seridx]);
10626	}
10627
10628	return (CTL_ACTION_ERROR);
10629}
10630
10631/*
10632 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10633 * Assumptions:
10634 * - pending_io is generally either incoming, or on the blocked queue
10635 * - starting I/O is the I/O we want to start the check with.
10636 */
10637static ctl_action
10638ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10639	      union ctl_io *starting_io)
10640{
10641	union ctl_io *ooa_io;
10642	ctl_action action;
10643
10644	mtx_assert(&lun->lun_lock, MA_OWNED);
10645
10646	/*
10647	 * Run back along the OOA queue, starting with the current
10648	 * blocked I/O and going through every I/O before it on the
10649	 * queue.  If starting_io is NULL, we'll just end up returning
10650	 * CTL_ACTION_PASS.
10651	 */
10652	for (ooa_io = starting_io; ooa_io != NULL;
10653	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10654	     ooa_links)){
10655
10656		/*
10657		 * This routine just checks to see whether
10658		 * cur_blocked is blocked by ooa_io, which is ahead
10659		 * of it in the queue.  It doesn't queue/dequeue
10660		 * cur_blocked.
10661		 */
10662		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10663		switch (action) {
10664		case CTL_ACTION_BLOCK:
10665		case CTL_ACTION_OVERLAP:
10666		case CTL_ACTION_OVERLAP_TAG:
10667		case CTL_ACTION_SKIP:
10668		case CTL_ACTION_ERROR:
10669			return (action);
10670			break; /* NOTREACHED */
10671		case CTL_ACTION_PASS:
10672			break;
10673		default:
10674			panic("invalid action %d", action);
10675			break;  /* NOTREACHED */
10676		}
10677	}
10678
10679	return (CTL_ACTION_PASS);
10680}
10681
10682/*
10683 * Assumptions:
10684 * - An I/O has just completed, and has been removed from the per-LUN OOA
10685 *   queue, so some items on the blocked queue may now be unblocked.
10686 */
10687static int
10688ctl_check_blocked(struct ctl_lun *lun)
10689{
10690	struct ctl_softc *softc = lun->ctl_softc;
10691	union ctl_io *cur_blocked, *next_blocked;
10692
10693	mtx_assert(&lun->lun_lock, MA_OWNED);
10694
10695	/*
10696	 * Run forward from the head of the blocked queue, checking each
10697	 * entry against the I/Os prior to it on the OOA queue to see if
10698	 * there is still any blockage.
10699	 *
10700	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10701	 * with our removing a variable on it while it is traversing the
10702	 * list.
10703	 */
10704	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10705	     cur_blocked != NULL; cur_blocked = next_blocked) {
10706		union ctl_io *prev_ooa;
10707		ctl_action action;
10708
10709		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10710							  blocked_links);
10711
10712		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10713						      ctl_ooaq, ooa_links);
10714
10715		/*
10716		 * If cur_blocked happens to be the first item in the OOA
10717		 * queue now, prev_ooa will be NULL, and the action
10718		 * returned will just be CTL_ACTION_PASS.
10719		 */
10720		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10721
10722		switch (action) {
10723		case CTL_ACTION_BLOCK:
10724			/* Nothing to do here, still blocked */
10725			break;
10726		case CTL_ACTION_OVERLAP:
10727		case CTL_ACTION_OVERLAP_TAG:
10728			/*
10729			 * This shouldn't happen!  In theory we've already
10730			 * checked this command for overlap...
10731			 */
10732			break;
10733		case CTL_ACTION_PASS:
10734		case CTL_ACTION_SKIP: {
10735			const struct ctl_cmd_entry *entry;
10736
10737			/*
10738			 * The skip case shouldn't happen, this transaction
10739			 * should have never made it onto the blocked queue.
10740			 */
10741			/*
10742			 * This I/O is no longer blocked, we can remove it
10743			 * from the blocked queue.  Since this is a TAILQ
10744			 * (doubly linked list), we can do O(1) removals
10745			 * from any place on the list.
10746			 */
10747			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10748				     blocked_links);
10749			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10750
10751			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10752			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10753				/*
10754				 * Need to send IO back to original side to
10755				 * run
10756				 */
10757				union ctl_ha_msg msg_info;
10758
10759				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10760				msg_info.hdr.original_sc =
10761					cur_blocked->io_hdr.original_sc;
10762				msg_info.hdr.serializing_sc = cur_blocked;
10763				msg_info.hdr.msg_type = CTL_MSG_R2R;
10764				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10765				    sizeof(msg_info.hdr), M_NOWAIT);
10766				break;
10767			}
10768			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10769
10770			/*
10771			 * Check this I/O for LUN state changes that may
10772			 * have happened while this command was blocked.
10773			 * The LUN state may have been changed by a command
10774			 * ahead of us in the queue, so we need to re-check
10775			 * for any states that can be caused by SCSI
10776			 * commands.
10777			 */
10778			if (ctl_scsiio_lun_check(lun, entry,
10779						 &cur_blocked->scsiio) == 0) {
10780				cur_blocked->io_hdr.flags |=
10781				                      CTL_FLAG_IS_WAS_ON_RTR;
10782				ctl_enqueue_rtr(cur_blocked);
10783			} else
10784				ctl_done(cur_blocked);
10785			break;
10786		}
10787		default:
10788			/*
10789			 * This probably shouldn't happen -- we shouldn't
10790			 * get CTL_ACTION_ERROR, or anything else.
10791			 */
10792			break;
10793		}
10794	}
10795
10796	return (CTL_RETVAL_COMPLETE);
10797}
10798
10799/*
10800 * This routine (with one exception) checks LUN flags that can be set by
10801 * commands ahead of us in the OOA queue.  These flags have to be checked
10802 * when a command initially comes in, and when we pull a command off the
10803 * blocked queue and are preparing to execute it.  The reason we have to
10804 * check these flags for commands on the blocked queue is that the LUN
10805 * state may have been changed by a command ahead of us while we're on the
10806 * blocked queue.
10807 *
10808 * Ordering is somewhat important with these checks, so please pay
10809 * careful attention to the placement of any new checks.
10810 */
10811static int
10812ctl_scsiio_lun_check(struct ctl_lun *lun,
10813    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10814{
10815	struct ctl_softc *softc = lun->ctl_softc;
10816	int retval;
10817	uint32_t residx;
10818
10819	retval = 0;
10820
10821	mtx_assert(&lun->lun_lock, MA_OWNED);
10822
10823	/*
10824	 * If this shelf is a secondary shelf controller, we may have to
10825	 * reject some commands disallowed by HA mode and link state.
10826	 */
10827	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10828		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10829		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10830			ctl_set_lun_unavail(ctsio);
10831			retval = 1;
10832			goto bailout;
10833		}
10834		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10835		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10836			ctl_set_lun_transit(ctsio);
10837			retval = 1;
10838			goto bailout;
10839		}
10840		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10841		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10842			ctl_set_lun_standby(ctsio);
10843			retval = 1;
10844			goto bailout;
10845		}
10846
10847		/* The rest of checks are only done on executing side */
10848		if (softc->ha_mode == CTL_HA_MODE_XFER)
10849			goto bailout;
10850	}
10851
10852	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10853		if (lun->be_lun &&
10854		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10855			ctl_set_hw_write_protected(ctsio);
10856			retval = 1;
10857			goto bailout;
10858		}
10859		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10860		    .eca_and_aen & SCP_SWP) != 0) {
10861			ctl_set_sense(ctsio, /*current_error*/ 1,
10862			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10863			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10864			retval = 1;
10865			goto bailout;
10866		}
10867	}
10868
10869	/*
10870	 * Check for a reservation conflict.  If this command isn't allowed
10871	 * even on reserved LUNs, and if this initiator isn't the one who
10872	 * reserved us, reject the command with a reservation conflict.
10873	 */
10874	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10875	if ((lun->flags & CTL_LUN_RESERVED)
10876	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10877		if (lun->res_idx != residx) {
10878			ctl_set_reservation_conflict(ctsio);
10879			retval = 1;
10880			goto bailout;
10881		}
10882	}
10883
10884	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10885	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10886		/* No reservation or command is allowed. */;
10887	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10888	    (lun->res_type == SPR_TYPE_WR_EX ||
10889	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10890	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10891		/* The command is allowed for Write Exclusive resv. */;
10892	} else {
10893		/*
10894		 * if we aren't registered or it's a res holder type
10895		 * reservation and this isn't the res holder then set a
10896		 * conflict.
10897		 */
10898		if (ctl_get_prkey(lun, residx) == 0
10899		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10900			ctl_set_reservation_conflict(ctsio);
10901			retval = 1;
10902			goto bailout;
10903		}
10904	}
10905
10906	if ((lun->flags & CTL_LUN_OFFLINE)
10907	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10908		ctl_set_lun_not_ready(ctsio);
10909		retval = 1;
10910		goto bailout;
10911	}
10912
10913	if ((lun->flags & CTL_LUN_STOPPED)
10914	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10915		/* "Logical unit not ready, initializing cmd. required" */
10916		ctl_set_lun_stopped(ctsio);
10917		retval = 1;
10918		goto bailout;
10919	}
10920
10921	if ((lun->flags & CTL_LUN_INOPERABLE)
10922	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10923		/* "Medium format corrupted" */
10924		ctl_set_medium_format_corrupted(ctsio);
10925		retval = 1;
10926		goto bailout;
10927	}
10928
10929bailout:
10930	return (retval);
10931}
10932
10933static void
10934ctl_failover_io(union ctl_io *io, int have_lock)
10935{
10936	ctl_set_busy(&io->scsiio);
10937	ctl_done(io);
10938}
10939
10940static void
10941ctl_failover_lun(struct ctl_lun *lun)
10942{
10943	struct ctl_softc *softc = lun->ctl_softc;
10944	struct ctl_io_hdr *io, *next_io;
10945
10946	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
10947	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10948		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10949			/* We are master */
10950			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10951				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10952					io->flags |= CTL_FLAG_ABORT;
10953					io->flags |= CTL_FLAG_FAILOVER;
10954				} else { /* This can be only due to DATAMOVE */
10955					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10956					io->flags |= CTL_FLAG_IO_ACTIVE;
10957					io->port_status = 31340;
10958					ctl_enqueue_isc((union ctl_io *)io);
10959				}
10960			}
10961			/* We are slave */
10962			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10963				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10964				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10965					io->flags |= CTL_FLAG_FAILOVER;
10966				} else {
10967					ctl_set_busy(&((union ctl_io *)io)->
10968					    scsiio);
10969					ctl_done((union ctl_io *)io);
10970				}
10971			}
10972		}
10973	} else { /* SERIALIZE modes */
10974		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10975		    next_io) {
10976			/* We are master */
10977			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10978				TAILQ_REMOVE(&lun->blocked_queue, io,
10979				    blocked_links);
10980				io->flags &= ~CTL_FLAG_BLOCKED;
10981				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10982				ctl_free_io((union ctl_io *)io);
10983			}
10984		}
10985		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10986			/* We are master */
10987			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10988				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10989				ctl_free_io((union ctl_io *)io);
10990			}
10991			/* We are slave */
10992			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10993				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10994				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
10995					ctl_set_busy(&((union ctl_io *)io)->
10996					    scsiio);
10997					ctl_done((union ctl_io *)io);
10998				}
10999			}
11000		}
11001		ctl_check_blocked(lun);
11002	}
11003}
11004
11005static int
11006ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11007{
11008	struct ctl_lun *lun;
11009	const struct ctl_cmd_entry *entry;
11010	uint32_t initidx, targ_lun;
11011	int retval;
11012
11013	retval = 0;
11014
11015	lun = NULL;
11016
11017	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11018	if ((targ_lun < CTL_MAX_LUNS)
11019	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11020		/*
11021		 * If the LUN is invalid, pretend that it doesn't exist.
11022		 * It will go away as soon as all pending I/O has been
11023		 * completed.
11024		 */
11025		mtx_lock(&lun->lun_lock);
11026		if (lun->flags & CTL_LUN_DISABLED) {
11027			mtx_unlock(&lun->lun_lock);
11028			lun = NULL;
11029			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11030			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11031		} else {
11032			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11033			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11034				lun->be_lun;
11035
11036			/*
11037			 * Every I/O goes into the OOA queue for a
11038			 * particular LUN, and stays there until completion.
11039			 */
11040#ifdef CTL_TIME_IO
11041			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11042				lun->idle_time += getsbinuptime() -
11043				    lun->last_busy;
11044			}
11045#endif
11046			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11047			    ooa_links);
11048		}
11049	} else {
11050		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11051		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11052	}
11053
11054	/* Get command entry and return error if it is unsuppotyed. */
11055	entry = ctl_validate_command(ctsio);
11056	if (entry == NULL) {
11057		if (lun)
11058			mtx_unlock(&lun->lun_lock);
11059		return (retval);
11060	}
11061
11062	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11063	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11064
11065	/*
11066	 * Check to see whether we can send this command to LUNs that don't
11067	 * exist.  This should pretty much only be the case for inquiry
11068	 * and request sense.  Further checks, below, really require having
11069	 * a LUN, so we can't really check the command anymore.  Just put
11070	 * it on the rtr queue.
11071	 */
11072	if (lun == NULL) {
11073		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11074			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11075			ctl_enqueue_rtr((union ctl_io *)ctsio);
11076			return (retval);
11077		}
11078
11079		ctl_set_unsupported_lun(ctsio);
11080		ctl_done((union ctl_io *)ctsio);
11081		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11082		return (retval);
11083	} else {
11084		/*
11085		 * Make sure we support this particular command on this LUN.
11086		 * e.g., we don't support writes to the control LUN.
11087		 */
11088		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11089			mtx_unlock(&lun->lun_lock);
11090			ctl_set_invalid_opcode(ctsio);
11091			ctl_done((union ctl_io *)ctsio);
11092			return (retval);
11093		}
11094	}
11095
11096	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11097
11098#ifdef CTL_WITH_CA
11099	/*
11100	 * If we've got a request sense, it'll clear the contingent
11101	 * allegiance condition.  Otherwise, if we have a CA condition for
11102	 * this initiator, clear it, because it sent down a command other
11103	 * than request sense.
11104	 */
11105	if ((ctsio->cdb[0] != REQUEST_SENSE)
11106	 && (ctl_is_set(lun->have_ca, initidx)))
11107		ctl_clear_mask(lun->have_ca, initidx);
11108#endif
11109
11110	/*
11111	 * If the command has this flag set, it handles its own unit
11112	 * attention reporting, we shouldn't do anything.  Otherwise we
11113	 * check for any pending unit attentions, and send them back to the
11114	 * initiator.  We only do this when a command initially comes in,
11115	 * not when we pull it off the blocked queue.
11116	 *
11117	 * According to SAM-3, section 5.3.2, the order that things get
11118	 * presented back to the host is basically unit attentions caused
11119	 * by some sort of reset event, busy status, reservation conflicts
11120	 * or task set full, and finally any other status.
11121	 *
11122	 * One issue here is that some of the unit attentions we report
11123	 * don't fall into the "reset" category (e.g. "reported luns data
11124	 * has changed").  So reporting it here, before the reservation
11125	 * check, may be technically wrong.  I guess the only thing to do
11126	 * would be to check for and report the reset events here, and then
11127	 * check for the other unit attention types after we check for a
11128	 * reservation conflict.
11129	 *
11130	 * XXX KDM need to fix this
11131	 */
11132	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11133		ctl_ua_type ua_type;
11134		scsi_sense_data_type sense_format;
11135
11136		if (lun->flags & CTL_LUN_SENSE_DESC)
11137			sense_format = SSD_TYPE_DESC;
11138		else
11139			sense_format = SSD_TYPE_FIXED;
11140
11141		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11142		    sense_format);
11143		if (ua_type != CTL_UA_NONE) {
11144			mtx_unlock(&lun->lun_lock);
11145			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11146			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11147			ctsio->sense_len = SSD_FULL_SIZE;
11148			ctl_done((union ctl_io *)ctsio);
11149			return (retval);
11150		}
11151	}
11152
11153
11154	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11155		mtx_unlock(&lun->lun_lock);
11156		ctl_done((union ctl_io *)ctsio);
11157		return (retval);
11158	}
11159
11160	/*
11161	 * XXX CHD this is where we want to send IO to other side if
11162	 * this LUN is secondary on this SC. We will need to make a copy
11163	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11164	 * the copy we send as FROM_OTHER.
11165	 * We also need to stuff the address of the original IO so we can
11166	 * find it easily. Something similar will need be done on the other
11167	 * side so when we are done we can find the copy.
11168	 */
11169	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11170	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0) {
11171		union ctl_ha_msg msg_info;
11172		int isc_retval;
11173
11174		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11175		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11176		mtx_unlock(&lun->lun_lock);
11177
11178		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11179		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11180		msg_info.hdr.serializing_sc = NULL;
11181		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11182		msg_info.scsi.tag_num = ctsio->tag_num;
11183		msg_info.scsi.tag_type = ctsio->tag_type;
11184		msg_info.scsi.cdb_len = ctsio->cdb_len;
11185		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11186
11187		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11188		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11189		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11190			ctl_set_busy(ctsio);
11191			ctl_done((union ctl_io *)ctsio);
11192			return (retval);
11193		}
11194		return (retval);
11195	}
11196
11197	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11198			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11199			      ctl_ooaq, ooa_links))) {
11200	case CTL_ACTION_BLOCK:
11201		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11202		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11203				  blocked_links);
11204		mtx_unlock(&lun->lun_lock);
11205		return (retval);
11206	case CTL_ACTION_PASS:
11207	case CTL_ACTION_SKIP:
11208		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11209		mtx_unlock(&lun->lun_lock);
11210		ctl_enqueue_rtr((union ctl_io *)ctsio);
11211		break;
11212	case CTL_ACTION_OVERLAP:
11213		mtx_unlock(&lun->lun_lock);
11214		ctl_set_overlapped_cmd(ctsio);
11215		ctl_done((union ctl_io *)ctsio);
11216		break;
11217	case CTL_ACTION_OVERLAP_TAG:
11218		mtx_unlock(&lun->lun_lock);
11219		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11220		ctl_done((union ctl_io *)ctsio);
11221		break;
11222	case CTL_ACTION_ERROR:
11223	default:
11224		mtx_unlock(&lun->lun_lock);
11225		ctl_set_internal_failure(ctsio,
11226					 /*sks_valid*/ 0,
11227					 /*retry_count*/ 0);
11228		ctl_done((union ctl_io *)ctsio);
11229		break;
11230	}
11231	return (retval);
11232}
11233
11234const struct ctl_cmd_entry *
11235ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11236{
11237	const struct ctl_cmd_entry *entry;
11238	int service_action;
11239
11240	entry = &ctl_cmd_table[ctsio->cdb[0]];
11241	if (sa)
11242		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11243	if (entry->flags & CTL_CMD_FLAG_SA5) {
11244		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11245		entry = &((const struct ctl_cmd_entry *)
11246		    entry->execute)[service_action];
11247	}
11248	return (entry);
11249}
11250
11251const struct ctl_cmd_entry *
11252ctl_validate_command(struct ctl_scsiio *ctsio)
11253{
11254	const struct ctl_cmd_entry *entry;
11255	int i, sa;
11256	uint8_t diff;
11257
11258	entry = ctl_get_cmd_entry(ctsio, &sa);
11259	if (entry->execute == NULL) {
11260		if (sa)
11261			ctl_set_invalid_field(ctsio,
11262					      /*sks_valid*/ 1,
11263					      /*command*/ 1,
11264					      /*field*/ 1,
11265					      /*bit_valid*/ 1,
11266					      /*bit*/ 4);
11267		else
11268			ctl_set_invalid_opcode(ctsio);
11269		ctl_done((union ctl_io *)ctsio);
11270		return (NULL);
11271	}
11272	KASSERT(entry->length > 0,
11273	    ("Not defined length for command 0x%02x/0x%02x",
11274	     ctsio->cdb[0], ctsio->cdb[1]));
11275	for (i = 1; i < entry->length; i++) {
11276		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11277		if (diff == 0)
11278			continue;
11279		ctl_set_invalid_field(ctsio,
11280				      /*sks_valid*/ 1,
11281				      /*command*/ 1,
11282				      /*field*/ i,
11283				      /*bit_valid*/ 1,
11284				      /*bit*/ fls(diff) - 1);
11285		ctl_done((union ctl_io *)ctsio);
11286		return (NULL);
11287	}
11288	return (entry);
11289}
11290
11291static int
11292ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11293{
11294
11295	switch (lun_type) {
11296	case T_PROCESSOR:
11297		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11298		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11299			return (0);
11300		break;
11301	case T_DIRECT:
11302		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11303		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11304			return (0);
11305		break;
11306	default:
11307		return (0);
11308	}
11309	return (1);
11310}
11311
11312static int
11313ctl_scsiio(struct ctl_scsiio *ctsio)
11314{
11315	int retval;
11316	const struct ctl_cmd_entry *entry;
11317
11318	retval = CTL_RETVAL_COMPLETE;
11319
11320	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11321
11322	entry = ctl_get_cmd_entry(ctsio, NULL);
11323
11324	/*
11325	 * If this I/O has been aborted, just send it straight to
11326	 * ctl_done() without executing it.
11327	 */
11328	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11329		ctl_done((union ctl_io *)ctsio);
11330		goto bailout;
11331	}
11332
11333	/*
11334	 * All the checks should have been handled by ctl_scsiio_precheck().
11335	 * We should be clear now to just execute the I/O.
11336	 */
11337	retval = entry->execute(ctsio);
11338
11339bailout:
11340	return (retval);
11341}
11342
11343/*
11344 * Since we only implement one target right now, a bus reset simply resets
11345 * our single target.
11346 */
11347static int
11348ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11349{
11350	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11351}
11352
11353static int
11354ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11355		 ctl_ua_type ua_type)
11356{
11357	struct ctl_port *port;
11358	struct ctl_lun *lun;
11359	int retval;
11360
11361	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11362		union ctl_ha_msg msg_info;
11363
11364		msg_info.hdr.nexus = io->io_hdr.nexus;
11365		if (ua_type==CTL_UA_TARG_RESET)
11366			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11367		else
11368			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11369		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11370		msg_info.hdr.original_sc = NULL;
11371		msg_info.hdr.serializing_sc = NULL;
11372		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11373		    sizeof(msg_info.task), M_WAITOK);
11374	}
11375	retval = 0;
11376
11377	mtx_lock(&softc->ctl_lock);
11378	port = softc->ctl_ports[io->io_hdr.nexus.targ_port];
11379	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11380		if (port != NULL &&
11381		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11382			continue;
11383		retval += ctl_do_lun_reset(lun, io, ua_type);
11384	}
11385	mtx_unlock(&softc->ctl_lock);
11386	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11387	return (retval);
11388}
11389
11390/*
11391 * The LUN should always be set.  The I/O is optional, and is used to
11392 * distinguish between I/Os sent by this initiator, and by other
11393 * initiators.  We set unit attention for initiators other than this one.
11394 * SAM-3 is vague on this point.  It does say that a unit attention should
11395 * be established for other initiators when a LUN is reset (see section
11396 * 5.7.3), but it doesn't specifically say that the unit attention should
11397 * be established for this particular initiator when a LUN is reset.  Here
11398 * is the relevant text, from SAM-3 rev 8:
11399 *
11400 * 5.7.2 When a SCSI initiator port aborts its own tasks
11401 *
11402 * When a SCSI initiator port causes its own task(s) to be aborted, no
11403 * notification that the task(s) have been aborted shall be returned to
11404 * the SCSI initiator port other than the completion response for the
11405 * command or task management function action that caused the task(s) to
11406 * be aborted and notification(s) associated with related effects of the
11407 * action (e.g., a reset unit attention condition).
11408 *
11409 * XXX KDM for now, we're setting unit attention for all initiators.
11410 */
11411static int
11412ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11413{
11414	union ctl_io *xio;
11415#if 0
11416	uint32_t initidx;
11417#endif
11418#ifdef CTL_WITH_CA
11419	int i;
11420#endif
11421
11422	mtx_lock(&lun->lun_lock);
11423	/*
11424	 * Run through the OOA queue and abort each I/O.
11425	 */
11426	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11427	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11428		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11429	}
11430
11431	/*
11432	 * This version sets unit attention for every
11433	 */
11434#if 0
11435	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11436	ctl_est_ua_all(lun, initidx, ua_type);
11437#else
11438	ctl_est_ua_all(lun, -1, ua_type);
11439#endif
11440
11441	/*
11442	 * A reset (any kind, really) clears reservations established with
11443	 * RESERVE/RELEASE.  It does not clear reservations established
11444	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11445	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11446	 * reservations made with the RESERVE/RELEASE commands, because
11447	 * those commands are obsolete in SPC-3.
11448	 */
11449	lun->flags &= ~CTL_LUN_RESERVED;
11450
11451#ifdef CTL_WITH_CA
11452	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11453		ctl_clear_mask(lun->have_ca, i);
11454#endif
11455	mtx_unlock(&lun->lun_lock);
11456
11457	return (0);
11458}
11459
11460static int
11461ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11462{
11463	struct ctl_lun *lun;
11464	uint32_t targ_lun;
11465	int retval;
11466
11467	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11468	mtx_lock(&softc->ctl_lock);
11469	if ((targ_lun >= CTL_MAX_LUNS) ||
11470	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11471		mtx_unlock(&softc->ctl_lock);
11472		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11473		return (1);
11474	}
11475	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11476	mtx_unlock(&softc->ctl_lock);
11477	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11478
11479	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11480		union ctl_ha_msg msg_info;
11481
11482		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11483		msg_info.hdr.nexus = io->io_hdr.nexus;
11484		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11485		msg_info.hdr.original_sc = NULL;
11486		msg_info.hdr.serializing_sc = NULL;
11487		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11488		    sizeof(msg_info.task), M_WAITOK);
11489	}
11490	return (retval);
11491}
11492
11493static void
11494ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11495    int other_sc)
11496{
11497	union ctl_io *xio;
11498
11499	mtx_assert(&lun->lun_lock, MA_OWNED);
11500
11501	/*
11502	 * Run through the OOA queue and attempt to find the given I/O.
11503	 * The target port, initiator ID, tag type and tag number have to
11504	 * match the values that we got from the initiator.  If we have an
11505	 * untagged command to abort, simply abort the first untagged command
11506	 * we come to.  We only allow one untagged command at a time of course.
11507	 */
11508	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11509	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11510
11511		if ((targ_port == UINT32_MAX ||
11512		     targ_port == xio->io_hdr.nexus.targ_port) &&
11513		    (init_id == UINT32_MAX ||
11514		     init_id == xio->io_hdr.nexus.initid)) {
11515			if (targ_port != xio->io_hdr.nexus.targ_port ||
11516			    init_id != xio->io_hdr.nexus.initid)
11517				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11518			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11519			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11520				union ctl_ha_msg msg_info;
11521
11522				msg_info.hdr.nexus = xio->io_hdr.nexus;
11523				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11524				msg_info.task.tag_num = xio->scsiio.tag_num;
11525				msg_info.task.tag_type = xio->scsiio.tag_type;
11526				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11527				msg_info.hdr.original_sc = NULL;
11528				msg_info.hdr.serializing_sc = NULL;
11529				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11530				    sizeof(msg_info.task), M_NOWAIT);
11531			}
11532		}
11533	}
11534}
11535
11536static int
11537ctl_abort_task_set(union ctl_io *io)
11538{
11539	struct ctl_softc *softc = control_softc;
11540	struct ctl_lun *lun;
11541	uint32_t targ_lun;
11542
11543	/*
11544	 * Look up the LUN.
11545	 */
11546	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11547	mtx_lock(&softc->ctl_lock);
11548	if ((targ_lun >= CTL_MAX_LUNS) ||
11549	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11550		mtx_unlock(&softc->ctl_lock);
11551		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11552		return (1);
11553	}
11554
11555	mtx_lock(&lun->lun_lock);
11556	mtx_unlock(&softc->ctl_lock);
11557	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11558		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11559		    io->io_hdr.nexus.initid,
11560		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11561	} else { /* CTL_TASK_CLEAR_TASK_SET */
11562		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11563		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11564	}
11565	mtx_unlock(&lun->lun_lock);
11566	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11567	return (0);
11568}
11569
11570static int
11571ctl_i_t_nexus_reset(union ctl_io *io)
11572{
11573	struct ctl_softc *softc = control_softc;
11574	struct ctl_lun *lun;
11575	uint32_t initidx;
11576
11577	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11578		union ctl_ha_msg msg_info;
11579
11580		msg_info.hdr.nexus = io->io_hdr.nexus;
11581		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11582		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11583		msg_info.hdr.original_sc = NULL;
11584		msg_info.hdr.serializing_sc = NULL;
11585		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11586		    sizeof(msg_info.task), M_WAITOK);
11587	}
11588
11589	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11590	mtx_lock(&softc->ctl_lock);
11591	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11592		mtx_lock(&lun->lun_lock);
11593		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11594		    io->io_hdr.nexus.initid, 1);
11595#ifdef CTL_WITH_CA
11596		ctl_clear_mask(lun->have_ca, initidx);
11597#endif
11598		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11599			lun->flags &= ~CTL_LUN_RESERVED;
11600		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11601		mtx_unlock(&lun->lun_lock);
11602	}
11603	mtx_unlock(&softc->ctl_lock);
11604	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11605	return (0);
11606}
11607
11608static int
11609ctl_abort_task(union ctl_io *io)
11610{
11611	union ctl_io *xio;
11612	struct ctl_lun *lun;
11613	struct ctl_softc *softc;
11614#if 0
11615	struct sbuf sb;
11616	char printbuf[128];
11617#endif
11618	int found;
11619	uint32_t targ_lun;
11620
11621	softc = control_softc;
11622	found = 0;
11623
11624	/*
11625	 * Look up the LUN.
11626	 */
11627	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11628	mtx_lock(&softc->ctl_lock);
11629	if ((targ_lun >= CTL_MAX_LUNS) ||
11630	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11631		mtx_unlock(&softc->ctl_lock);
11632		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11633		return (1);
11634	}
11635
11636#if 0
11637	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11638	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11639#endif
11640
11641	mtx_lock(&lun->lun_lock);
11642	mtx_unlock(&softc->ctl_lock);
11643	/*
11644	 * Run through the OOA queue and attempt to find the given I/O.
11645	 * The target port, initiator ID, tag type and tag number have to
11646	 * match the values that we got from the initiator.  If we have an
11647	 * untagged command to abort, simply abort the first untagged command
11648	 * we come to.  We only allow one untagged command at a time of course.
11649	 */
11650	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11651	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11652#if 0
11653		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11654
11655		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11656			    lun->lun, xio->scsiio.tag_num,
11657			    xio->scsiio.tag_type,
11658			    (xio->io_hdr.blocked_links.tqe_prev
11659			    == NULL) ? "" : " BLOCKED",
11660			    (xio->io_hdr.flags &
11661			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11662			    (xio->io_hdr.flags &
11663			    CTL_FLAG_ABORT) ? " ABORT" : "",
11664			    (xio->io_hdr.flags &
11665			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11666		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11667		sbuf_finish(&sb);
11668		printf("%s\n", sbuf_data(&sb));
11669#endif
11670
11671		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11672		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11673		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11674			continue;
11675
11676		/*
11677		 * If the abort says that the task is untagged, the
11678		 * task in the queue must be untagged.  Otherwise,
11679		 * we just check to see whether the tag numbers
11680		 * match.  This is because the QLogic firmware
11681		 * doesn't pass back the tag type in an abort
11682		 * request.
11683		 */
11684#if 0
11685		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11686		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11687		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11688#endif
11689		/*
11690		 * XXX KDM we've got problems with FC, because it
11691		 * doesn't send down a tag type with aborts.  So we
11692		 * can only really go by the tag number...
11693		 * This may cause problems with parallel SCSI.
11694		 * Need to figure that out!!
11695		 */
11696		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11697			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11698			found = 1;
11699			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11700			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11701				union ctl_ha_msg msg_info;
11702
11703				msg_info.hdr.nexus = io->io_hdr.nexus;
11704				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11705				msg_info.task.tag_num = io->taskio.tag_num;
11706				msg_info.task.tag_type = io->taskio.tag_type;
11707				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11708				msg_info.hdr.original_sc = NULL;
11709				msg_info.hdr.serializing_sc = NULL;
11710#if 0
11711				printf("Sent Abort to other side\n");
11712#endif
11713				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11714				    sizeof(msg_info.task), M_NOWAIT);
11715			}
11716#if 0
11717			printf("ctl_abort_task: found I/O to abort\n");
11718#endif
11719		}
11720	}
11721	mtx_unlock(&lun->lun_lock);
11722
11723	if (found == 0) {
11724		/*
11725		 * This isn't really an error.  It's entirely possible for
11726		 * the abort and command completion to cross on the wire.
11727		 * This is more of an informative/diagnostic error.
11728		 */
11729#if 0
11730		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11731		       "%u:%u:%u tag %d type %d\n",
11732		       io->io_hdr.nexus.initid,
11733		       io->io_hdr.nexus.targ_port,
11734		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11735		       io->taskio.tag_type);
11736#endif
11737	}
11738	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11739	return (0);
11740}
11741
11742static int
11743ctl_query_task(union ctl_io *io, int task_set)
11744{
11745	union ctl_io *xio;
11746	struct ctl_lun *lun;
11747	struct ctl_softc *softc;
11748	int found = 0;
11749	uint32_t targ_lun;
11750
11751	softc = control_softc;
11752	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11753	mtx_lock(&softc->ctl_lock);
11754	if ((targ_lun >= CTL_MAX_LUNS) ||
11755	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11756		mtx_unlock(&softc->ctl_lock);
11757		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11758		return (1);
11759	}
11760	mtx_lock(&lun->lun_lock);
11761	mtx_unlock(&softc->ctl_lock);
11762	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11763	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11764
11765		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11766		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11767		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11768			continue;
11769
11770		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11771			found = 1;
11772			break;
11773		}
11774	}
11775	mtx_unlock(&lun->lun_lock);
11776	if (found)
11777		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11778	else
11779		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11780	return (0);
11781}
11782
11783static int
11784ctl_query_async_event(union ctl_io *io)
11785{
11786	struct ctl_lun *lun;
11787	struct ctl_softc *softc;
11788	ctl_ua_type ua;
11789	uint32_t targ_lun, initidx;
11790
11791	softc = control_softc;
11792	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11793	mtx_lock(&softc->ctl_lock);
11794	if ((targ_lun >= CTL_MAX_LUNS) ||
11795	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11796		mtx_unlock(&softc->ctl_lock);
11797		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11798		return (1);
11799	}
11800	mtx_lock(&lun->lun_lock);
11801	mtx_unlock(&softc->ctl_lock);
11802	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11803	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11804	mtx_unlock(&lun->lun_lock);
11805	if (ua != CTL_UA_NONE)
11806		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11807	else
11808		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11809	return (0);
11810}
11811
11812static void
11813ctl_run_task(union ctl_io *io)
11814{
11815	struct ctl_softc *softc = control_softc;
11816	int retval = 1;
11817
11818	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11819	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11820	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11821	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11822	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11823	switch (io->taskio.task_action) {
11824	case CTL_TASK_ABORT_TASK:
11825		retval = ctl_abort_task(io);
11826		break;
11827	case CTL_TASK_ABORT_TASK_SET:
11828	case CTL_TASK_CLEAR_TASK_SET:
11829		retval = ctl_abort_task_set(io);
11830		break;
11831	case CTL_TASK_CLEAR_ACA:
11832		break;
11833	case CTL_TASK_I_T_NEXUS_RESET:
11834		retval = ctl_i_t_nexus_reset(io);
11835		break;
11836	case CTL_TASK_LUN_RESET:
11837		retval = ctl_lun_reset(softc, io);
11838		break;
11839	case CTL_TASK_TARGET_RESET:
11840		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11841		break;
11842	case CTL_TASK_BUS_RESET:
11843		retval = ctl_bus_reset(softc, io);
11844		break;
11845	case CTL_TASK_PORT_LOGIN:
11846		break;
11847	case CTL_TASK_PORT_LOGOUT:
11848		break;
11849	case CTL_TASK_QUERY_TASK:
11850		retval = ctl_query_task(io, 0);
11851		break;
11852	case CTL_TASK_QUERY_TASK_SET:
11853		retval = ctl_query_task(io, 1);
11854		break;
11855	case CTL_TASK_QUERY_ASYNC_EVENT:
11856		retval = ctl_query_async_event(io);
11857		break;
11858	default:
11859		printf("%s: got unknown task management event %d\n",
11860		       __func__, io->taskio.task_action);
11861		break;
11862	}
11863	if (retval == 0)
11864		io->io_hdr.status = CTL_SUCCESS;
11865	else
11866		io->io_hdr.status = CTL_ERROR;
11867	ctl_done(io);
11868}
11869
11870/*
11871 * For HA operation.  Handle commands that come in from the other
11872 * controller.
11873 */
11874static void
11875ctl_handle_isc(union ctl_io *io)
11876{
11877	int free_io;
11878	struct ctl_lun *lun;
11879	struct ctl_softc *softc;
11880	uint32_t targ_lun;
11881
11882	softc = control_softc;
11883
11884	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11885	lun = softc->ctl_luns[targ_lun];
11886
11887	switch (io->io_hdr.msg_type) {
11888	case CTL_MSG_SERIALIZE:
11889		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11890		break;
11891	case CTL_MSG_R2R: {
11892		const struct ctl_cmd_entry *entry;
11893
11894		/*
11895		 * This is only used in SER_ONLY mode.
11896		 */
11897		free_io = 0;
11898		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11899		mtx_lock(&lun->lun_lock);
11900		if (ctl_scsiio_lun_check(lun,
11901		    entry, (struct ctl_scsiio *)io) != 0) {
11902			mtx_unlock(&lun->lun_lock);
11903			ctl_done(io);
11904			break;
11905		}
11906		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11907		mtx_unlock(&lun->lun_lock);
11908		ctl_enqueue_rtr(io);
11909		break;
11910	}
11911	case CTL_MSG_FINISH_IO:
11912		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11913			free_io = 0;
11914			ctl_done(io);
11915		} else {
11916			free_io = 1;
11917			mtx_lock(&lun->lun_lock);
11918			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11919				     ooa_links);
11920			ctl_check_blocked(lun);
11921			mtx_unlock(&lun->lun_lock);
11922		}
11923		break;
11924	case CTL_MSG_PERS_ACTION:
11925		ctl_hndl_per_res_out_on_other_sc(
11926			(union ctl_ha_msg *)&io->presio.pr_msg);
11927		free_io = 1;
11928		break;
11929	case CTL_MSG_BAD_JUJU:
11930		free_io = 0;
11931		ctl_done(io);
11932		break;
11933	case CTL_MSG_DATAMOVE:
11934		/* Only used in XFER mode */
11935		free_io = 0;
11936		ctl_datamove_remote(io);
11937		break;
11938	case CTL_MSG_DATAMOVE_DONE:
11939		/* Only used in XFER mode */
11940		free_io = 0;
11941		io->scsiio.be_move_done(io);
11942		break;
11943	case CTL_MSG_FAILOVER:
11944		mtx_lock(&lun->lun_lock);
11945		ctl_failover_lun(lun);
11946		mtx_unlock(&lun->lun_lock);
11947		free_io = 1;
11948		break;
11949	default:
11950		free_io = 1;
11951		printf("%s: Invalid message type %d\n",
11952		       __func__, io->io_hdr.msg_type);
11953		break;
11954	}
11955	if (free_io)
11956		ctl_free_io(io);
11957
11958}
11959
11960
11961/*
11962 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11963 * there is no match.
11964 */
11965static ctl_lun_error_pattern
11966ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11967{
11968	const struct ctl_cmd_entry *entry;
11969	ctl_lun_error_pattern filtered_pattern, pattern;
11970
11971	pattern = desc->error_pattern;
11972
11973	/*
11974	 * XXX KDM we need more data passed into this function to match a
11975	 * custom pattern, and we actually need to implement custom pattern
11976	 * matching.
11977	 */
11978	if (pattern & CTL_LUN_PAT_CMD)
11979		return (CTL_LUN_PAT_CMD);
11980
11981	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11982		return (CTL_LUN_PAT_ANY);
11983
11984	entry = ctl_get_cmd_entry(ctsio, NULL);
11985
11986	filtered_pattern = entry->pattern & pattern;
11987
11988	/*
11989	 * If the user requested specific flags in the pattern (e.g.
11990	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11991	 * flags.
11992	 *
11993	 * If the user did not specify any flags, it doesn't matter whether
11994	 * or not the command supports the flags.
11995	 */
11996	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11997	     (pattern & ~CTL_LUN_PAT_MASK))
11998		return (CTL_LUN_PAT_NONE);
11999
12000	/*
12001	 * If the user asked for a range check, see if the requested LBA
12002	 * range overlaps with this command's LBA range.
12003	 */
12004	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12005		uint64_t lba1;
12006		uint64_t len1;
12007		ctl_action action;
12008		int retval;
12009
12010		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12011		if (retval != 0)
12012			return (CTL_LUN_PAT_NONE);
12013
12014		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12015					      desc->lba_range.len, FALSE);
12016		/*
12017		 * A "pass" means that the LBA ranges don't overlap, so
12018		 * this doesn't match the user's range criteria.
12019		 */
12020		if (action == CTL_ACTION_PASS)
12021			return (CTL_LUN_PAT_NONE);
12022	}
12023
12024	return (filtered_pattern);
12025}
12026
12027static void
12028ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12029{
12030	struct ctl_error_desc *desc, *desc2;
12031
12032	mtx_assert(&lun->lun_lock, MA_OWNED);
12033
12034	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12035		ctl_lun_error_pattern pattern;
12036		/*
12037		 * Check to see whether this particular command matches
12038		 * the pattern in the descriptor.
12039		 */
12040		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12041		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12042			continue;
12043
12044		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12045		case CTL_LUN_INJ_ABORTED:
12046			ctl_set_aborted(&io->scsiio);
12047			break;
12048		case CTL_LUN_INJ_MEDIUM_ERR:
12049			ctl_set_medium_error(&io->scsiio,
12050			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12051			     CTL_FLAG_DATA_OUT);
12052			break;
12053		case CTL_LUN_INJ_UA:
12054			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12055			 * OCCURRED */
12056			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12057			break;
12058		case CTL_LUN_INJ_CUSTOM:
12059			/*
12060			 * We're assuming the user knows what he is doing.
12061			 * Just copy the sense information without doing
12062			 * checks.
12063			 */
12064			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12065			      MIN(sizeof(desc->custom_sense),
12066				  sizeof(io->scsiio.sense_data)));
12067			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12068			io->scsiio.sense_len = SSD_FULL_SIZE;
12069			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12070			break;
12071		case CTL_LUN_INJ_NONE:
12072		default:
12073			/*
12074			 * If this is an error injection type we don't know
12075			 * about, clear the continuous flag (if it is set)
12076			 * so it will get deleted below.
12077			 */
12078			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12079			break;
12080		}
12081		/*
12082		 * By default, each error injection action is a one-shot
12083		 */
12084		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12085			continue;
12086
12087		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12088
12089		free(desc, M_CTL);
12090	}
12091}
12092
12093#ifdef CTL_IO_DELAY
12094static void
12095ctl_datamove_timer_wakeup(void *arg)
12096{
12097	union ctl_io *io;
12098
12099	io = (union ctl_io *)arg;
12100
12101	ctl_datamove(io);
12102}
12103#endif /* CTL_IO_DELAY */
12104
12105void
12106ctl_datamove(union ctl_io *io)
12107{
12108	struct ctl_lun *lun;
12109	void (*fe_datamove)(union ctl_io *io);
12110
12111	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12112
12113	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12114
12115	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12116#ifdef CTL_TIME_IO
12117	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12118		char str[256];
12119		char path_str[64];
12120		struct sbuf sb;
12121
12122		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12123		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12124
12125		sbuf_cat(&sb, path_str);
12126		switch (io->io_hdr.io_type) {
12127		case CTL_IO_SCSI:
12128			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12129			sbuf_printf(&sb, "\n");
12130			sbuf_cat(&sb, path_str);
12131			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12132				    io->scsiio.tag_num, io->scsiio.tag_type);
12133			break;
12134		case CTL_IO_TASK:
12135			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12136				    "Tag Type: %d\n", io->taskio.task_action,
12137				    io->taskio.tag_num, io->taskio.tag_type);
12138			break;
12139		default:
12140			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12141			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12142			break;
12143		}
12144		sbuf_cat(&sb, path_str);
12145		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12146			    (intmax_t)time_uptime - io->io_hdr.start_time);
12147		sbuf_finish(&sb);
12148		printf("%s", sbuf_data(&sb));
12149	}
12150#endif /* CTL_TIME_IO */
12151
12152#ifdef CTL_IO_DELAY
12153	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12154		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12155	} else {
12156		if ((lun != NULL)
12157		 && (lun->delay_info.datamove_delay > 0)) {
12158
12159			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12160			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12161			callout_reset(&io->io_hdr.delay_callout,
12162				      lun->delay_info.datamove_delay * hz,
12163				      ctl_datamove_timer_wakeup, io);
12164			if (lun->delay_info.datamove_type ==
12165			    CTL_DELAY_TYPE_ONESHOT)
12166				lun->delay_info.datamove_delay = 0;
12167			return;
12168		}
12169	}
12170#endif
12171
12172	/*
12173	 * This command has been aborted.  Set the port status, so we fail
12174	 * the data move.
12175	 */
12176	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12177		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12178		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12179		       io->io_hdr.nexus.targ_port,
12180		       io->io_hdr.nexus.targ_lun);
12181		io->io_hdr.port_status = 31337;
12182		/*
12183		 * Note that the backend, in this case, will get the
12184		 * callback in its context.  In other cases it may get
12185		 * called in the frontend's interrupt thread context.
12186		 */
12187		io->scsiio.be_move_done(io);
12188		return;
12189	}
12190
12191	/* Don't confuse frontend with zero length data move. */
12192	if (io->scsiio.kern_data_len == 0) {
12193		io->scsiio.be_move_done(io);
12194		return;
12195	}
12196
12197	/*
12198	 * If we're in XFER mode and this I/O is from the other shelf
12199	 * controller, we need to send the DMA to the other side to
12200	 * actually transfer the data to/from the host.  In serialize only
12201	 * mode the transfer happens below CTL and ctl_datamove() is only
12202	 * called on the machine that originally received the I/O.
12203	 */
12204	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12205	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12206		union ctl_ha_msg msg;
12207		uint32_t sg_entries_sent;
12208		int do_sg_copy;
12209		int i;
12210
12211		memset(&msg, 0, sizeof(msg));
12212		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12213		msg.hdr.original_sc = io->io_hdr.original_sc;
12214		msg.hdr.serializing_sc = io;
12215		msg.hdr.nexus = io->io_hdr.nexus;
12216		msg.hdr.status = io->io_hdr.status;
12217		msg.dt.flags = io->io_hdr.flags;
12218		/*
12219		 * We convert everything into a S/G list here.  We can't
12220		 * pass by reference, only by value between controllers.
12221		 * So we can't pass a pointer to the S/G list, only as many
12222		 * S/G entries as we can fit in here.  If it's possible for
12223		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12224		 * then we need to break this up into multiple transfers.
12225		 */
12226		if (io->scsiio.kern_sg_entries == 0) {
12227			msg.dt.kern_sg_entries = 1;
12228#if 0
12229			/*
12230			 * Convert to a physical address if this is a
12231			 * virtual address.
12232			 */
12233			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12234				msg.dt.sg_list[0].addr =
12235					io->scsiio.kern_data_ptr;
12236			} else {
12237				/*
12238				 * XXX KDM use busdma here!
12239				 */
12240				msg.dt.sg_list[0].addr = (void *)
12241					vtophys(io->scsiio.kern_data_ptr);
12242			}
12243#else
12244			KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12245			    ("HA does not support BUS_ADDR"));
12246			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
12247#endif
12248
12249			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12250			do_sg_copy = 0;
12251		} else {
12252			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12253			do_sg_copy = 1;
12254		}
12255
12256		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12257		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12258		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12259		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12260		msg.dt.sg_sequence = 0;
12261
12262		/*
12263		 * Loop until we've sent all of the S/G entries.  On the
12264		 * other end, we'll recompose these S/G entries into one
12265		 * contiguous list before passing it to the
12266		 */
12267		for (sg_entries_sent = 0; sg_entries_sent <
12268		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12269			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12270				sizeof(msg.dt.sg_list[0])),
12271				msg.dt.kern_sg_entries - sg_entries_sent);
12272
12273			if (do_sg_copy != 0) {
12274				struct ctl_sg_entry *sgl;
12275				int j;
12276
12277				sgl = (struct ctl_sg_entry *)
12278					io->scsiio.kern_data_ptr;
12279				/*
12280				 * If this is in cached memory, flush the cache
12281				 * before we send the DMA request to the other
12282				 * controller.  We want to do this in either
12283				 * the * read or the write case.  The read
12284				 * case is straightforward.  In the write
12285				 * case, we want to make sure nothing is
12286				 * in the local cache that could overwrite
12287				 * the DMAed data.
12288				 */
12289
12290				for (i = sg_entries_sent, j = 0;
12291				     i < msg.dt.cur_sg_entries; i++, j++) {
12292#if 0
12293					if ((io->io_hdr.flags &
12294					     CTL_FLAG_BUS_ADDR) == 0) {
12295						/*
12296						 * XXX KDM use busdma.
12297						 */
12298						msg.dt.sg_list[j].addr =(void *)
12299						       vtophys(sgl[i].addr);
12300					} else {
12301						msg.dt.sg_list[j].addr =
12302							sgl[i].addr;
12303					}
12304#else
12305					KASSERT((io->io_hdr.flags &
12306					    CTL_FLAG_BUS_ADDR) == 0,
12307					    ("HA does not support BUS_ADDR"));
12308					msg.dt.sg_list[j].addr = sgl[i].addr;
12309#endif
12310					msg.dt.sg_list[j].len = sgl[i].len;
12311				}
12312			}
12313
12314			sg_entries_sent += msg.dt.cur_sg_entries;
12315			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12316				msg.dt.sg_last = 1;
12317			else
12318				msg.dt.sg_last = 0;
12319
12320			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12321			    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
12322			    sizeof(struct ctl_sg_entry)*msg.dt.cur_sg_entries,
12323			    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
12324				io->io_hdr.port_status = 31341;
12325				io->scsiio.be_move_done(io);
12326				return;
12327			}
12328
12329			msg.dt.sent_sg_entries = sg_entries_sent;
12330		}
12331
12332		/*
12333		 * Officially handover the request from us to peer.
12334		 * If failover has just happened, then we must return error.
12335		 * If failover happen just after, then it is not our problem.
12336		 */
12337		if (lun)
12338			mtx_lock(&lun->lun_lock);
12339		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12340			if (lun)
12341				mtx_unlock(&lun->lun_lock);
12342			io->io_hdr.port_status = 31342;
12343			io->scsiio.be_move_done(io);
12344			return;
12345		}
12346		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12347		if (lun)
12348			mtx_unlock(&lun->lun_lock);
12349	} else {
12350
12351		/*
12352		 * Lookup the fe_datamove() function for this particular
12353		 * front end.
12354		 */
12355		fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12356
12357		fe_datamove(io);
12358	}
12359}
12360
12361static void
12362ctl_send_datamove_done(union ctl_io *io, int have_lock)
12363{
12364	union ctl_ha_msg msg;
12365
12366	memset(&msg, 0, sizeof(msg));
12367
12368	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12369	msg.hdr.original_sc = io;
12370	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12371	msg.hdr.nexus = io->io_hdr.nexus;
12372	msg.hdr.status = io->io_hdr.status;
12373	msg.scsi.tag_num = io->scsiio.tag_num;
12374	msg.scsi.tag_type = io->scsiio.tag_type;
12375	msg.scsi.scsi_status = io->scsiio.scsi_status;
12376	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12377	       io->scsiio.sense_len);
12378	msg.scsi.sense_len = io->scsiio.sense_len;
12379	msg.scsi.sense_residual = io->scsiio.sense_residual;
12380	msg.scsi.fetd_status = io->io_hdr.port_status;
12381	msg.scsi.residual = io->scsiio.residual;
12382	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12383
12384	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12385		ctl_failover_io(io, /*have_lock*/ have_lock);
12386		return;
12387	}
12388
12389	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12390	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12391	    msg.scsi.sense_len, M_WAITOK);
12392}
12393
12394/*
12395 * The DMA to the remote side is done, now we need to tell the other side
12396 * we're done so it can continue with its data movement.
12397 */
12398static void
12399ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12400{
12401	union ctl_io *io;
12402	int i;
12403
12404	io = rq->context;
12405
12406	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12407		printf("%s: ISC DMA write failed with error %d", __func__,
12408		       rq->ret);
12409		ctl_set_internal_failure(&io->scsiio,
12410					 /*sks_valid*/ 1,
12411					 /*retry_count*/ rq->ret);
12412	}
12413
12414	ctl_dt_req_free(rq);
12415
12416	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12417		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12418	free(io->io_hdr.remote_sglist, M_CTL);
12419	io->io_hdr.remote_sglist = NULL;
12420	io->io_hdr.local_sglist = NULL;
12421
12422	/*
12423	 * The data is in local and remote memory, so now we need to send
12424	 * status (good or back) back to the other side.
12425	 */
12426	ctl_send_datamove_done(io, /*have_lock*/ 0);
12427}
12428
12429/*
12430 * We've moved the data from the host/controller into local memory.  Now we
12431 * need to push it over to the remote controller's memory.
12432 */
12433static int
12434ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12435{
12436	int retval;
12437
12438	retval = 0;
12439
12440	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12441					  ctl_datamove_remote_write_cb);
12442
12443	return (retval);
12444}
12445
12446static void
12447ctl_datamove_remote_write(union ctl_io *io)
12448{
12449	int retval;
12450	void (*fe_datamove)(union ctl_io *io);
12451
12452	/*
12453	 * - Get the data from the host/HBA into local memory.
12454	 * - DMA memory from the local controller to the remote controller.
12455	 * - Send status back to the remote controller.
12456	 */
12457
12458	retval = ctl_datamove_remote_sgl_setup(io);
12459	if (retval != 0)
12460		return;
12461
12462	/* Switch the pointer over so the FETD knows what to do */
12463	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12464
12465	/*
12466	 * Use a custom move done callback, since we need to send completion
12467	 * back to the other controller, not to the backend on this side.
12468	 */
12469	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12470
12471	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12472
12473	fe_datamove(io);
12474
12475	return;
12476
12477}
12478
12479static int
12480ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12481{
12482#if 0
12483	char str[256];
12484	char path_str[64];
12485	struct sbuf sb;
12486#endif
12487	int i;
12488
12489	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12490		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12491	free(io->io_hdr.remote_sglist, M_CTL);
12492	io->io_hdr.remote_sglist = NULL;
12493	io->io_hdr.local_sglist = NULL;
12494
12495#if 0
12496	scsi_path_string(io, path_str, sizeof(path_str));
12497	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12498	sbuf_cat(&sb, path_str);
12499	scsi_command_string(&io->scsiio, NULL, &sb);
12500	sbuf_printf(&sb, "\n");
12501	sbuf_cat(&sb, path_str);
12502	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12503		    io->scsiio.tag_num, io->scsiio.tag_type);
12504	sbuf_cat(&sb, path_str);
12505	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12506		    io->io_hdr.flags, io->io_hdr.status);
12507	sbuf_finish(&sb);
12508	printk("%s", sbuf_data(&sb));
12509#endif
12510
12511
12512	/*
12513	 * The read is done, now we need to send status (good or bad) back
12514	 * to the other side.
12515	 */
12516	ctl_send_datamove_done(io, /*have_lock*/ 0);
12517
12518	return (0);
12519}
12520
12521static void
12522ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12523{
12524	union ctl_io *io;
12525	void (*fe_datamove)(union ctl_io *io);
12526
12527	io = rq->context;
12528
12529	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12530		printf("%s: ISC DMA read failed with error %d\n", __func__,
12531		       rq->ret);
12532		ctl_set_internal_failure(&io->scsiio,
12533					 /*sks_valid*/ 1,
12534					 /*retry_count*/ rq->ret);
12535	}
12536
12537	ctl_dt_req_free(rq);
12538
12539	/* Switch the pointer over so the FETD knows what to do */
12540	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12541
12542	/*
12543	 * Use a custom move done callback, since we need to send completion
12544	 * back to the other controller, not to the backend on this side.
12545	 */
12546	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12547
12548	/* XXX KDM add checks like the ones in ctl_datamove? */
12549
12550	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12551
12552	fe_datamove(io);
12553}
12554
12555static int
12556ctl_datamove_remote_sgl_setup(union ctl_io *io)
12557{
12558	struct ctl_sg_entry *local_sglist, *remote_sglist;
12559	struct ctl_softc *softc;
12560	uint32_t len_to_go;
12561	int retval;
12562	int i;
12563
12564	retval = 0;
12565	softc = control_softc;
12566	local_sglist = io->io_hdr.local_sglist;
12567	remote_sglist = io->io_hdr.remote_sglist;
12568	len_to_go = io->scsiio.kern_data_len;
12569
12570	/*
12571	 * The difficult thing here is that the size of the various
12572	 * S/G segments may be different than the size from the
12573	 * remote controller.  That'll make it harder when DMAing
12574	 * the data back to the other side.
12575	 */
12576	for (i = 0; len_to_go > 0; i++) {
12577		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12578		local_sglist[i].addr =
12579		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12580
12581		len_to_go -= local_sglist[i].len;
12582	}
12583	/*
12584	 * Reset the number of S/G entries accordingly.  The original
12585	 * number of S/G entries is available in rem_sg_entries.
12586	 */
12587	io->scsiio.kern_sg_entries = i;
12588
12589#if 0
12590	printf("%s: kern_sg_entries = %d\n", __func__,
12591	       io->scsiio.kern_sg_entries);
12592	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12593		printf("%s: sg[%d] = %p, %d\n", __func__, i,
12594		       local_sglist[i].addr, local_sglist[i].len);
12595#endif
12596
12597	return (retval);
12598}
12599
12600static int
12601ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12602			 ctl_ha_dt_cb callback)
12603{
12604	struct ctl_ha_dt_req *rq;
12605	struct ctl_sg_entry *remote_sglist, *local_sglist;
12606	uint32_t local_used, remote_used, total_used;
12607	int i, j, isc_ret;
12608
12609	rq = ctl_dt_req_alloc();
12610
12611	/*
12612	 * If we failed to allocate the request, and if the DMA didn't fail
12613	 * anyway, set busy status.  This is just a resource allocation
12614	 * failure.
12615	 */
12616	if ((rq == NULL)
12617	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12618	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12619		ctl_set_busy(&io->scsiio);
12620
12621	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12622	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12623
12624		if (rq != NULL)
12625			ctl_dt_req_free(rq);
12626
12627		/*
12628		 * The data move failed.  We need to return status back
12629		 * to the other controller.  No point in trying to DMA
12630		 * data to the remote controller.
12631		 */
12632
12633		ctl_send_datamove_done(io, /*have_lock*/ 0);
12634
12635		return (1);
12636	}
12637
12638	local_sglist = io->io_hdr.local_sglist;
12639	remote_sglist = io->io_hdr.remote_sglist;
12640	local_used = 0;
12641	remote_used = 0;
12642	total_used = 0;
12643
12644	/*
12645	 * Pull/push the data over the wire from/to the other controller.
12646	 * This takes into account the possibility that the local and
12647	 * remote sglists may not be identical in terms of the size of
12648	 * the elements and the number of elements.
12649	 *
12650	 * One fundamental assumption here is that the length allocated for
12651	 * both the local and remote sglists is identical.  Otherwise, we've
12652	 * essentially got a coding error of some sort.
12653	 */
12654	isc_ret = CTL_HA_STATUS_SUCCESS;
12655	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12656		uint32_t cur_len;
12657		uint8_t *tmp_ptr;
12658
12659		rq->command = command;
12660		rq->context = io;
12661
12662		/*
12663		 * Both pointers should be aligned.  But it is possible
12664		 * that the allocation length is not.  They should both
12665		 * also have enough slack left over at the end, though,
12666		 * to round up to the next 8 byte boundary.
12667		 */
12668		cur_len = MIN(local_sglist[i].len - local_used,
12669			      remote_sglist[j].len - remote_used);
12670		rq->size = cur_len;
12671
12672		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12673		tmp_ptr += local_used;
12674
12675#if 0
12676		/* Use physical addresses when talking to ISC hardware */
12677		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12678			/* XXX KDM use busdma */
12679			rq->local = vtophys(tmp_ptr);
12680		} else
12681			rq->local = tmp_ptr;
12682#else
12683		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12684		    ("HA does not support BUS_ADDR"));
12685		rq->local = tmp_ptr;
12686#endif
12687
12688		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12689		tmp_ptr += remote_used;
12690		rq->remote = tmp_ptr;
12691
12692		rq->callback = NULL;
12693
12694		local_used += cur_len;
12695		if (local_used >= local_sglist[i].len) {
12696			i++;
12697			local_used = 0;
12698		}
12699
12700		remote_used += cur_len;
12701		if (remote_used >= remote_sglist[j].len) {
12702			j++;
12703			remote_used = 0;
12704		}
12705		total_used += cur_len;
12706
12707		if (total_used >= io->scsiio.kern_data_len)
12708			rq->callback = callback;
12709
12710#if 0
12711		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12712		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12713		       rq->local, rq->remote, rq->size);
12714#endif
12715
12716		isc_ret = ctl_dt_single(rq);
12717		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12718			break;
12719	}
12720	if (isc_ret != CTL_HA_STATUS_WAIT) {
12721		rq->ret = isc_ret;
12722		callback(rq);
12723	}
12724
12725	return (0);
12726}
12727
12728static void
12729ctl_datamove_remote_read(union ctl_io *io)
12730{
12731	int retval;
12732	int i;
12733
12734	/*
12735	 * This will send an error to the other controller in the case of a
12736	 * failure.
12737	 */
12738	retval = ctl_datamove_remote_sgl_setup(io);
12739	if (retval != 0)
12740		return;
12741
12742	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12743					  ctl_datamove_remote_read_cb);
12744	if (retval != 0) {
12745		/*
12746		 * Make sure we free memory if there was an error..  The
12747		 * ctl_datamove_remote_xfer() function will send the
12748		 * datamove done message, or call the callback with an
12749		 * error if there is a problem.
12750		 */
12751		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12752			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12753		free(io->io_hdr.remote_sglist, M_CTL);
12754		io->io_hdr.remote_sglist = NULL;
12755		io->io_hdr.local_sglist = NULL;
12756	}
12757
12758	return;
12759}
12760
12761/*
12762 * Process a datamove request from the other controller.  This is used for
12763 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12764 * first.  Once that is complete, the data gets DMAed into the remote
12765 * controller's memory.  For reads, we DMA from the remote controller's
12766 * memory into our memory first, and then move it out to the FETD.
12767 */
12768static void
12769ctl_datamove_remote(union ctl_io *io)
12770{
12771
12772	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12773
12774	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12775		ctl_failover_io(io, /*have_lock*/ 0);
12776		return;
12777	}
12778
12779	/*
12780	 * Note that we look for an aborted I/O here, but don't do some of
12781	 * the other checks that ctl_datamove() normally does.
12782	 * We don't need to run the datamove delay code, since that should
12783	 * have been done if need be on the other controller.
12784	 */
12785	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12786		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12787		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12788		       io->io_hdr.nexus.targ_port,
12789		       io->io_hdr.nexus.targ_lun);
12790		io->io_hdr.port_status = 31338;
12791		ctl_send_datamove_done(io, /*have_lock*/ 0);
12792		return;
12793	}
12794
12795	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12796		ctl_datamove_remote_write(io);
12797	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12798		ctl_datamove_remote_read(io);
12799	else {
12800		io->io_hdr.port_status = 31339;
12801		ctl_send_datamove_done(io, /*have_lock*/ 0);
12802	}
12803}
12804
12805static int
12806ctl_process_done(union ctl_io *io)
12807{
12808	struct ctl_lun *lun;
12809	struct ctl_softc *softc = control_softc;
12810	void (*fe_done)(union ctl_io *io);
12811	union ctl_ha_msg msg;
12812	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12813
12814	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12815
12816	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0)
12817		fe_done = softc->ctl_ports[targ_port]->fe_done;
12818	else
12819		fe_done = NULL;
12820
12821#ifdef CTL_TIME_IO
12822	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12823		char str[256];
12824		char path_str[64];
12825		struct sbuf sb;
12826
12827		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12828		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12829
12830		sbuf_cat(&sb, path_str);
12831		switch (io->io_hdr.io_type) {
12832		case CTL_IO_SCSI:
12833			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12834			sbuf_printf(&sb, "\n");
12835			sbuf_cat(&sb, path_str);
12836			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12837				    io->scsiio.tag_num, io->scsiio.tag_type);
12838			break;
12839		case CTL_IO_TASK:
12840			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12841				    "Tag Type: %d\n", io->taskio.task_action,
12842				    io->taskio.tag_num, io->taskio.tag_type);
12843			break;
12844		default:
12845			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12846			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12847			break;
12848		}
12849		sbuf_cat(&sb, path_str);
12850		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12851			    (intmax_t)time_uptime - io->io_hdr.start_time);
12852		sbuf_finish(&sb);
12853		printf("%s", sbuf_data(&sb));
12854	}
12855#endif /* CTL_TIME_IO */
12856
12857	switch (io->io_hdr.io_type) {
12858	case CTL_IO_SCSI:
12859		break;
12860	case CTL_IO_TASK:
12861		if (ctl_debug & CTL_DEBUG_INFO)
12862			ctl_io_error_print(io, NULL);
12863		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12864			ctl_free_io(io);
12865		else
12866			fe_done(io);
12867		return (CTL_RETVAL_COMPLETE);
12868	default:
12869		panic("ctl_process_done: invalid io type %d\n",
12870		      io->io_hdr.io_type);
12871		break; /* NOTREACHED */
12872	}
12873
12874	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12875	if (lun == NULL) {
12876		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12877				 io->io_hdr.nexus.targ_mapped_lun));
12878		goto bailout;
12879	}
12880
12881	mtx_lock(&lun->lun_lock);
12882
12883	/*
12884	 * Check to see if we have any errors to inject here.  We only
12885	 * inject errors for commands that don't already have errors set.
12886	 */
12887	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12888	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12889	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12890		ctl_inject_error(lun, io);
12891
12892	/*
12893	 * XXX KDM how do we treat commands that aren't completed
12894	 * successfully?
12895	 *
12896	 * XXX KDM should we also track I/O latency?
12897	 */
12898	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12899	    io->io_hdr.io_type == CTL_IO_SCSI) {
12900#ifdef CTL_TIME_IO
12901		struct bintime cur_bt;
12902#endif
12903		int type;
12904
12905		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12906		    CTL_FLAG_DATA_IN)
12907			type = CTL_STATS_READ;
12908		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12909		    CTL_FLAG_DATA_OUT)
12910			type = CTL_STATS_WRITE;
12911		else
12912			type = CTL_STATS_NO_IO;
12913
12914		lun->stats.ports[targ_port].bytes[type] +=
12915		    io->scsiio.kern_total_len;
12916		lun->stats.ports[targ_port].operations[type]++;
12917#ifdef CTL_TIME_IO
12918		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12919		   &io->io_hdr.dma_bt);
12920		lun->stats.ports[targ_port].num_dmas[type] +=
12921		    io->io_hdr.num_dmas;
12922		getbintime(&cur_bt);
12923		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12924		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12925#endif
12926	}
12927
12928	/*
12929	 * Remove this from the OOA queue.
12930	 */
12931	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12932#ifdef CTL_TIME_IO
12933	if (TAILQ_EMPTY(&lun->ooa_queue))
12934		lun->last_busy = getsbinuptime();
12935#endif
12936
12937	/*
12938	 * Run through the blocked queue on this LUN and see if anything
12939	 * has become unblocked, now that this transaction is done.
12940	 */
12941	ctl_check_blocked(lun);
12942
12943	/*
12944	 * If the LUN has been invalidated, free it if there is nothing
12945	 * left on its OOA queue.
12946	 */
12947	if ((lun->flags & CTL_LUN_INVALID)
12948	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12949		mtx_unlock(&lun->lun_lock);
12950		mtx_lock(&softc->ctl_lock);
12951		ctl_free_lun(lun);
12952		mtx_unlock(&softc->ctl_lock);
12953	} else
12954		mtx_unlock(&lun->lun_lock);
12955
12956bailout:
12957
12958	/*
12959	 * If this command has been aborted, make sure we set the status
12960	 * properly.  The FETD is responsible for freeing the I/O and doing
12961	 * whatever it needs to do to clean up its state.
12962	 */
12963	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12964		ctl_set_task_aborted(&io->scsiio);
12965
12966	/*
12967	 * If enabled, print command error status.
12968	 */
12969	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12970	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12971		ctl_io_error_print(io, NULL);
12972
12973	/*
12974	 * Tell the FETD or the other shelf controller we're done with this
12975	 * command.  Note that only SCSI commands get to this point.  Task
12976	 * management commands are completed above.
12977	 */
12978	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12979	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12980		memset(&msg, 0, sizeof(msg));
12981		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12982		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12983		msg.hdr.nexus = io->io_hdr.nexus;
12984		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12985		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12986		    M_WAITOK);
12987	}
12988	if ((softc->ha_mode == CTL_HA_MODE_XFER)
12989	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12990		memset(&msg, 0, sizeof(msg));
12991		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12992		msg.hdr.original_sc = io->io_hdr.original_sc;
12993		msg.hdr.nexus = io->io_hdr.nexus;
12994		msg.hdr.status = io->io_hdr.status;
12995		msg.scsi.scsi_status = io->scsiio.scsi_status;
12996		msg.scsi.tag_num = io->scsiio.tag_num;
12997		msg.scsi.tag_type = io->scsiio.tag_type;
12998		msg.scsi.sense_len = io->scsiio.sense_len;
12999		msg.scsi.sense_residual = io->scsiio.sense_residual;
13000		msg.scsi.residual = io->scsiio.residual;
13001		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13002		       io->scsiio.sense_len);
13003
13004		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13005		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
13006		    msg.scsi.sense_len, M_WAITOK);
13007		ctl_free_io(io);
13008	} else
13009		fe_done(io);
13010
13011	return (CTL_RETVAL_COMPLETE);
13012}
13013
13014#ifdef CTL_WITH_CA
13015/*
13016 * Front end should call this if it doesn't do autosense.  When the request
13017 * sense comes back in from the initiator, we'll dequeue this and send it.
13018 */
13019int
13020ctl_queue_sense(union ctl_io *io)
13021{
13022	struct ctl_lun *lun;
13023	struct ctl_port *port;
13024	struct ctl_softc *softc;
13025	uint32_t initidx, targ_lun;
13026
13027	softc = control_softc;
13028
13029	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13030
13031	/*
13032	 * LUN lookup will likely move to the ctl_work_thread() once we
13033	 * have our new queueing infrastructure (that doesn't put things on
13034	 * a per-LUN queue initially).  That is so that we can handle
13035	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13036	 * can't deal with that right now.
13037	 */
13038	mtx_lock(&softc->ctl_lock);
13039
13040	/*
13041	 * If we don't have a LUN for this, just toss the sense
13042	 * information.
13043	 */
13044	port = ctl_io_port(&ctsio->io_hdr);
13045	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13046	if ((targ_lun < CTL_MAX_LUNS)
13047	 && (softc->ctl_luns[targ_lun] != NULL))
13048		lun = softc->ctl_luns[targ_lun];
13049	else
13050		goto bailout;
13051
13052	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13053
13054	mtx_lock(&lun->lun_lock);
13055	/*
13056	 * Already have CA set for this LUN...toss the sense information.
13057	 */
13058	if (ctl_is_set(lun->have_ca, initidx)) {
13059		mtx_unlock(&lun->lun_lock);
13060		goto bailout;
13061	}
13062
13063	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13064	       MIN(sizeof(lun->pending_sense[initidx]),
13065	       sizeof(io->scsiio.sense_data)));
13066	ctl_set_mask(lun->have_ca, initidx);
13067	mtx_unlock(&lun->lun_lock);
13068
13069bailout:
13070	mtx_unlock(&softc->ctl_lock);
13071
13072	ctl_free_io(io);
13073
13074	return (CTL_RETVAL_COMPLETE);
13075}
13076#endif
13077
13078/*
13079 * Primary command inlet from frontend ports.  All SCSI and task I/O
13080 * requests must go through this function.
13081 */
13082int
13083ctl_queue(union ctl_io *io)
13084{
13085	struct ctl_port *port;
13086
13087	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13088
13089#ifdef CTL_TIME_IO
13090	io->io_hdr.start_time = time_uptime;
13091	getbintime(&io->io_hdr.start_bt);
13092#endif /* CTL_TIME_IO */
13093
13094	/* Map FE-specific LUN ID into global one. */
13095	port = ctl_io_port(&io->io_hdr);
13096	io->io_hdr.nexus.targ_mapped_lun =
13097	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13098
13099	switch (io->io_hdr.io_type) {
13100	case CTL_IO_SCSI:
13101	case CTL_IO_TASK:
13102		if (ctl_debug & CTL_DEBUG_CDB)
13103			ctl_io_print(io);
13104		ctl_enqueue_incoming(io);
13105		break;
13106	default:
13107		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13108		return (EINVAL);
13109	}
13110
13111	return (CTL_RETVAL_COMPLETE);
13112}
13113
13114#ifdef CTL_IO_DELAY
13115static void
13116ctl_done_timer_wakeup(void *arg)
13117{
13118	union ctl_io *io;
13119
13120	io = (union ctl_io *)arg;
13121	ctl_done(io);
13122}
13123#endif /* CTL_IO_DELAY */
13124
13125void
13126ctl_done(union ctl_io *io)
13127{
13128
13129	/*
13130	 * Enable this to catch duplicate completion issues.
13131	 */
13132#if 0
13133	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13134		printf("%s: type %d msg %d cdb %x iptl: "
13135		       "%u:%u:%u tag 0x%04x "
13136		       "flag %#x status %x\n",
13137			__func__,
13138			io->io_hdr.io_type,
13139			io->io_hdr.msg_type,
13140			io->scsiio.cdb[0],
13141			io->io_hdr.nexus.initid,
13142			io->io_hdr.nexus.targ_port,
13143			io->io_hdr.nexus.targ_lun,
13144			(io->io_hdr.io_type ==
13145			CTL_IO_TASK) ?
13146			io->taskio.tag_num :
13147			io->scsiio.tag_num,
13148		        io->io_hdr.flags,
13149			io->io_hdr.status);
13150	} else
13151		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13152#endif
13153
13154	/*
13155	 * This is an internal copy of an I/O, and should not go through
13156	 * the normal done processing logic.
13157	 */
13158	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13159		return;
13160
13161#ifdef CTL_IO_DELAY
13162	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13163		struct ctl_lun *lun;
13164
13165		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13166
13167		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13168	} else {
13169		struct ctl_lun *lun;
13170
13171		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13172
13173		if ((lun != NULL)
13174		 && (lun->delay_info.done_delay > 0)) {
13175
13176			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13177			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13178			callout_reset(&io->io_hdr.delay_callout,
13179				      lun->delay_info.done_delay * hz,
13180				      ctl_done_timer_wakeup, io);
13181			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13182				lun->delay_info.done_delay = 0;
13183			return;
13184		}
13185	}
13186#endif /* CTL_IO_DELAY */
13187
13188	ctl_enqueue_done(io);
13189}
13190
13191static void
13192ctl_work_thread(void *arg)
13193{
13194	struct ctl_thread *thr = (struct ctl_thread *)arg;
13195	struct ctl_softc *softc = thr->ctl_softc;
13196	union ctl_io *io;
13197	int retval;
13198
13199	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13200
13201	for (;;) {
13202		retval = 0;
13203
13204		/*
13205		 * We handle the queues in this order:
13206		 * - ISC
13207		 * - done queue (to free up resources, unblock other commands)
13208		 * - RtR queue
13209		 * - incoming queue
13210		 *
13211		 * If those queues are empty, we break out of the loop and
13212		 * go to sleep.
13213		 */
13214		mtx_lock(&thr->queue_lock);
13215		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13216		if (io != NULL) {
13217			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13218			mtx_unlock(&thr->queue_lock);
13219			ctl_handle_isc(io);
13220			continue;
13221		}
13222		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13223		if (io != NULL) {
13224			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13225			/* clear any blocked commands, call fe_done */
13226			mtx_unlock(&thr->queue_lock);
13227			retval = ctl_process_done(io);
13228			continue;
13229		}
13230		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13231		if (io != NULL) {
13232			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13233			mtx_unlock(&thr->queue_lock);
13234			if (io->io_hdr.io_type == CTL_IO_TASK)
13235				ctl_run_task(io);
13236			else
13237				ctl_scsiio_precheck(softc, &io->scsiio);
13238			continue;
13239		}
13240		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13241		if (io != NULL) {
13242			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13243			mtx_unlock(&thr->queue_lock);
13244			retval = ctl_scsiio(&io->scsiio);
13245			if (retval != CTL_RETVAL_COMPLETE)
13246				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13247			continue;
13248		}
13249
13250		/* Sleep until we have something to do. */
13251		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13252	}
13253}
13254
13255static void
13256ctl_lun_thread(void *arg)
13257{
13258	struct ctl_softc *softc = (struct ctl_softc *)arg;
13259	struct ctl_be_lun *be_lun;
13260	int retval;
13261
13262	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13263
13264	for (;;) {
13265		retval = 0;
13266		mtx_lock(&softc->ctl_lock);
13267		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13268		if (be_lun != NULL) {
13269			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13270			mtx_unlock(&softc->ctl_lock);
13271			ctl_create_lun(be_lun);
13272			continue;
13273		}
13274
13275		/* Sleep until we have something to do. */
13276		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13277		    PDROP | PRIBIO, "-", 0);
13278	}
13279}
13280
13281static void
13282ctl_thresh_thread(void *arg)
13283{
13284	struct ctl_softc *softc = (struct ctl_softc *)arg;
13285	struct ctl_lun *lun;
13286	struct ctl_be_lun *be_lun;
13287	struct scsi_da_rw_recovery_page *rwpage;
13288	struct ctl_logical_block_provisioning_page *page;
13289	const char *attr;
13290	union ctl_ha_msg msg;
13291	uint64_t thres, val;
13292	int i, e, set;
13293
13294	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13295
13296	for (;;) {
13297		mtx_lock(&softc->ctl_lock);
13298		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13299			be_lun = lun->be_lun;
13300			if ((lun->flags & CTL_LUN_DISABLED) ||
13301			    (lun->flags & CTL_LUN_OFFLINE) ||
13302			    lun->backend->lun_attr == NULL)
13303				continue;
13304			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13305			    softc->ha_mode == CTL_HA_MODE_XFER)
13306				continue;
13307			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13308			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13309				continue;
13310			e = 0;
13311			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13312			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13313				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13314					continue;
13315				thres = scsi_4btoul(page->descr[i].count);
13316				thres <<= CTL_LBP_EXPONENT;
13317				switch (page->descr[i].resource) {
13318				case 0x01:
13319					attr = "blocksavail";
13320					break;
13321				case 0x02:
13322					attr = "blocksused";
13323					break;
13324				case 0xf1:
13325					attr = "poolblocksavail";
13326					break;
13327				case 0xf2:
13328					attr = "poolblocksused";
13329					break;
13330				default:
13331					continue;
13332				}
13333				mtx_unlock(&softc->ctl_lock); // XXX
13334				val = lun->backend->lun_attr(
13335				    lun->be_lun->be_lun, attr);
13336				mtx_lock(&softc->ctl_lock);
13337				if (val == UINT64_MAX)
13338					continue;
13339				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13340				    == SLBPPD_ARMING_INC)
13341					e |= (val >= thres);
13342				else
13343					e |= (val <= thres);
13344			}
13345			mtx_lock(&lun->lun_lock);
13346			if (e) {
13347				if (lun->lasttpt == 0 ||
13348				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13349					lun->lasttpt = time_uptime;
13350					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13351					set = 1;
13352				} else
13353					set = 0;
13354			} else {
13355				lun->lasttpt = 0;
13356				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13357				set = -1;
13358			}
13359			mtx_unlock(&lun->lun_lock);
13360			if (set != 0 &&
13361			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13362				/* Send msg to other side. */
13363				bzero(&msg.ua, sizeof(msg.ua));
13364				msg.hdr.msg_type = CTL_MSG_UA;
13365				msg.hdr.nexus.initid = -1;
13366				msg.hdr.nexus.targ_port = -1;
13367				msg.hdr.nexus.targ_lun = lun->lun;
13368				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13369				msg.ua.ua_all = 1;
13370				msg.ua.ua_set = (set > 0);
13371				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13372				mtx_unlock(&softc->ctl_lock); // XXX
13373				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13374				    sizeof(msg.ua), M_WAITOK);
13375				mtx_lock(&softc->ctl_lock);
13376			}
13377		}
13378		mtx_unlock(&softc->ctl_lock);
13379		pause("-", CTL_LBP_PERIOD * hz);
13380	}
13381}
13382
13383static void
13384ctl_enqueue_incoming(union ctl_io *io)
13385{
13386	struct ctl_softc *softc = control_softc;
13387	struct ctl_thread *thr;
13388	u_int idx;
13389
13390	idx = (io->io_hdr.nexus.targ_port * 127 +
13391	       io->io_hdr.nexus.initid) % worker_threads;
13392	thr = &softc->threads[idx];
13393	mtx_lock(&thr->queue_lock);
13394	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13395	mtx_unlock(&thr->queue_lock);
13396	wakeup(thr);
13397}
13398
13399static void
13400ctl_enqueue_rtr(union ctl_io *io)
13401{
13402	struct ctl_softc *softc = control_softc;
13403	struct ctl_thread *thr;
13404
13405	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13406	mtx_lock(&thr->queue_lock);
13407	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13408	mtx_unlock(&thr->queue_lock);
13409	wakeup(thr);
13410}
13411
13412static void
13413ctl_enqueue_done(union ctl_io *io)
13414{
13415	struct ctl_softc *softc = control_softc;
13416	struct ctl_thread *thr;
13417
13418	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13419	mtx_lock(&thr->queue_lock);
13420	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13421	mtx_unlock(&thr->queue_lock);
13422	wakeup(thr);
13423}
13424
13425static void
13426ctl_enqueue_isc(union ctl_io *io)
13427{
13428	struct ctl_softc *softc = control_softc;
13429	struct ctl_thread *thr;
13430
13431	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13432	mtx_lock(&thr->queue_lock);
13433	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13434	mtx_unlock(&thr->queue_lock);
13435	wakeup(thr);
13436}
13437
13438/*
13439 *  vim: ts=8
13440 */
13441