ctl.c revision 287921 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 287921 2015-09-17 17:00:36Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264const static struct scsi_info_exceptions_page ie_page_default = {
265	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
266	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
267	/*info_flags*/SIEP_FLAGS_DEXCPT,
268	/*mrie*/0,
269	/*interval_timer*/{0, 0, 0, 0},
270	/*report_count*/{0, 0, 0, 0}
271};
272
273const static struct scsi_info_exceptions_page ie_page_changeable = {
274	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
275	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
276	/*info_flags*/0,
277	/*mrie*/0,
278	/*interval_timer*/{0, 0, 0, 0},
279	/*report_count*/{0, 0, 0, 0}
280};
281
282#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
283
284const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
286	/*subpage_code*/0x02,
287	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
288	/*flags*/0,
289	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
290	/*descr*/{}},
291	{{/*flags*/0,
292	  /*resource*/0x01,
293	  /*reserved*/{0, 0},
294	  /*count*/{0, 0, 0, 0}},
295	 {/*flags*/0,
296	  /*resource*/0x02,
297	  /*reserved*/{0, 0},
298	  /*count*/{0, 0, 0, 0}},
299	 {/*flags*/0,
300	  /*resource*/0xf1,
301	  /*reserved*/{0, 0},
302	  /*count*/{0, 0, 0, 0}},
303	 {/*flags*/0,
304	  /*resource*/0xf2,
305	  /*reserved*/{0, 0},
306	  /*count*/{0, 0, 0, 0}}
307	}
308};
309
310const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
311	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
312	/*subpage_code*/0x02,
313	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
314	/*flags*/0,
315	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
316	/*descr*/{}},
317	{{/*flags*/0,
318	  /*resource*/0,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}},
325	 {/*flags*/0,
326	  /*resource*/0,
327	  /*reserved*/{0, 0},
328	  /*count*/{0, 0, 0, 0}},
329	 {/*flags*/0,
330	  /*resource*/0,
331	  /*reserved*/{0, 0},
332	  /*count*/{0, 0, 0, 0}}
333	}
334};
335
336SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
337static int worker_threads = -1;
338SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
339    &worker_threads, 1, "Number of worker threads");
340static int ctl_debug = CTL_DEBUG_NONE;
341SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
342    &ctl_debug, 0, "Enabled debug flags");
343
344/*
345 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
346 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
347 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
348 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
349 */
350#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
351
352static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
353				  int param);
354static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
355static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
356static int ctl_init(void);
357void ctl_shutdown(void);
358static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
359static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
360static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
361static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
362			      struct ctl_ooa *ooa_hdr,
363			      struct ctl_ooa_entry *kern_entries);
364static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
365		     struct thread *td);
366static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
367			 struct ctl_be_lun *be_lun);
368static int ctl_free_lun(struct ctl_lun *lun);
369static void ctl_create_lun(struct ctl_be_lun *be_lun);
370static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
371
372static int ctl_do_mode_select(union ctl_io *io);
373static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
374			   uint64_t res_key, uint64_t sa_res_key,
375			   uint8_t type, uint32_t residx,
376			   struct ctl_scsiio *ctsio,
377			   struct scsi_per_res_out *cdb,
378			   struct scsi_per_res_out_parms* param);
379static void ctl_pro_preempt_other(struct ctl_lun *lun,
380				  union ctl_ha_msg *msg);
381static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
382static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
383static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
384static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
385static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
386static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
387static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
388					 int alloc_len);
389static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
390					 int alloc_len);
391static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
392static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
393static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
394static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
395static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
396static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
397    bool seq);
398static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
399static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
400    union ctl_io *pending_io, union ctl_io *ooa_io);
401static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
402				union ctl_io *starting_io);
403static int ctl_check_blocked(struct ctl_lun *lun);
404static int ctl_scsiio_lun_check(struct ctl_lun *lun,
405				const struct ctl_cmd_entry *entry,
406				struct ctl_scsiio *ctsio);
407static void ctl_failover_lun(struct ctl_lun *lun);
408static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
409			       struct ctl_scsiio *ctsio);
410static int ctl_scsiio(struct ctl_scsiio *ctsio);
411
412static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
413static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
414			    ctl_ua_type ua_type);
415static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
416			 ctl_ua_type ua_type);
417static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
418static int ctl_abort_task(union ctl_io *io);
419static int ctl_abort_task_set(union ctl_io *io);
420static int ctl_query_task(union ctl_io *io, int task_set);
421static int ctl_i_t_nexus_reset(union ctl_io *io);
422static int ctl_query_async_event(union ctl_io *io);
423static void ctl_run_task(union ctl_io *io);
424#ifdef CTL_IO_DELAY
425static void ctl_datamove_timer_wakeup(void *arg);
426static void ctl_done_timer_wakeup(void *arg);
427#endif /* CTL_IO_DELAY */
428
429static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
430static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
431static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
432static void ctl_datamove_remote_write(union ctl_io *io);
433static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
434static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
435static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
436static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
437				    ctl_ha_dt_cb callback);
438static void ctl_datamove_remote_read(union ctl_io *io);
439static void ctl_datamove_remote(union ctl_io *io);
440static int ctl_process_done(union ctl_io *io);
441static void ctl_lun_thread(void *arg);
442static void ctl_thresh_thread(void *arg);
443static void ctl_work_thread(void *arg);
444static void ctl_enqueue_incoming(union ctl_io *io);
445static void ctl_enqueue_rtr(union ctl_io *io);
446static void ctl_enqueue_done(union ctl_io *io);
447static void ctl_enqueue_isc(union ctl_io *io);
448static const struct ctl_cmd_entry *
449    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
450static const struct ctl_cmd_entry *
451    ctl_validate_command(struct ctl_scsiio *ctsio);
452static int ctl_cmd_applicable(uint8_t lun_type,
453    const struct ctl_cmd_entry *entry);
454
455static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
456static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
457static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
458static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
459
460/*
461 * Load the serialization table.  This isn't very pretty, but is probably
462 * the easiest way to do it.
463 */
464#include "ctl_ser_table.c"
465
466/*
467 * We only need to define open, close and ioctl routines for this driver.
468 */
469static struct cdevsw ctl_cdevsw = {
470	.d_version =	D_VERSION,
471	.d_flags =	0,
472	.d_open =	ctl_open,
473	.d_close =	ctl_close,
474	.d_ioctl =	ctl_ioctl,
475	.d_name =	"ctl",
476};
477
478
479MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
480
481static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
482
483static moduledata_t ctl_moduledata = {
484	"ctl",
485	ctl_module_event_handler,
486	NULL
487};
488
489DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
490MODULE_VERSION(ctl, 1);
491
492static struct ctl_frontend ha_frontend =
493{
494	.name = "ha",
495};
496
497static void
498ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
499			    union ctl_ha_msg *msg_info)
500{
501	struct ctl_scsiio *ctsio;
502
503	if (msg_info->hdr.original_sc == NULL) {
504		printf("%s: original_sc == NULL!\n", __func__);
505		/* XXX KDM now what? */
506		return;
507	}
508
509	ctsio = &msg_info->hdr.original_sc->scsiio;
510	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
511	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
512	ctsio->io_hdr.status = msg_info->hdr.status;
513	ctsio->scsi_status = msg_info->scsi.scsi_status;
514	ctsio->sense_len = msg_info->scsi.sense_len;
515	ctsio->sense_residual = msg_info->scsi.sense_residual;
516	ctsio->residual = msg_info->scsi.residual;
517	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
518	       msg_info->scsi.sense_len);
519	ctl_enqueue_isc((union ctl_io *)ctsio);
520}
521
522static void
523ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
524				union ctl_ha_msg *msg_info)
525{
526	struct ctl_scsiio *ctsio;
527
528	if (msg_info->hdr.serializing_sc == NULL) {
529		printf("%s: serializing_sc == NULL!\n", __func__);
530		/* XXX KDM now what? */
531		return;
532	}
533
534	ctsio = &msg_info->hdr.serializing_sc->scsiio;
535	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
536	ctl_enqueue_isc((union ctl_io *)ctsio);
537}
538
539void
540ctl_isc_announce_lun(struct ctl_lun *lun)
541{
542	struct ctl_softc *softc = lun->ctl_softc;
543	union ctl_ha_msg *msg;
544	struct ctl_ha_msg_lun_pr_key pr_key;
545	int i, k;
546
547	if (softc->ha_link != CTL_HA_LINK_ONLINE)
548		return;
549	mtx_lock(&lun->lun_lock);
550	i = sizeof(msg->lun);
551	if (lun->lun_devid)
552		i += lun->lun_devid->len;
553	i += sizeof(pr_key) * lun->pr_key_count;
554alloc:
555	mtx_unlock(&lun->lun_lock);
556	msg = malloc(i, M_CTL, M_WAITOK);
557	mtx_lock(&lun->lun_lock);
558	k = sizeof(msg->lun);
559	if (lun->lun_devid)
560		k += lun->lun_devid->len;
561	k += sizeof(pr_key) * lun->pr_key_count;
562	if (i < k) {
563		free(msg, M_CTL);
564		i = k;
565		goto alloc;
566	}
567	bzero(&msg->lun, sizeof(msg->lun));
568	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
569	msg->hdr.nexus.targ_lun = lun->lun;
570	msg->hdr.nexus.targ_mapped_lun = lun->lun;
571	msg->lun.flags = lun->flags;
572	msg->lun.pr_generation = lun->PRGeneration;
573	msg->lun.pr_res_idx = lun->pr_res_idx;
574	msg->lun.pr_res_type = lun->res_type;
575	msg->lun.pr_key_count = lun->pr_key_count;
576	i = 0;
577	if (lun->lun_devid) {
578		msg->lun.lun_devid_len = lun->lun_devid->len;
579		memcpy(&msg->lun.data[i], lun->lun_devid->data,
580		    msg->lun.lun_devid_len);
581		i += msg->lun.lun_devid_len;
582	}
583	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
584		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
585			continue;
586		pr_key.pr_iid = k;
587		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
588		i += sizeof(pr_key);
589	}
590	mtx_unlock(&lun->lun_lock);
591	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
592	    M_WAITOK);
593	free(msg, M_CTL);
594}
595
596void
597ctl_isc_announce_port(struct ctl_port *port)
598{
599	struct ctl_softc *softc = control_softc;
600	union ctl_ha_msg *msg;
601	int i;
602
603	if (port->targ_port < softc->port_min ||
604	    port->targ_port >= softc->port_max ||
605	    softc->ha_link != CTL_HA_LINK_ONLINE)
606		return;
607	i = sizeof(msg->port) + strlen(port->port_name) + 1;
608	if (port->lun_map)
609		i += sizeof(uint32_t) * CTL_MAX_LUNS;
610	if (port->port_devid)
611		i += port->port_devid->len;
612	if (port->target_devid)
613		i += port->target_devid->len;
614	msg = malloc(i, M_CTL, M_WAITOK);
615	bzero(&msg->port, sizeof(msg->port));
616	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
617	msg->hdr.nexus.targ_port = port->targ_port;
618	msg->port.port_type = port->port_type;
619	msg->port.physical_port = port->physical_port;
620	msg->port.virtual_port = port->virtual_port;
621	msg->port.status = port->status;
622	i = 0;
623	msg->port.name_len = sprintf(&msg->port.data[i],
624	    "%d:%s", softc->ha_id, port->port_name) + 1;
625	i += msg->port.name_len;
626	if (port->lun_map) {
627		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
628		memcpy(&msg->port.data[i], port->lun_map,
629		    msg->port.lun_map_len);
630		i += msg->port.lun_map_len;
631	}
632	if (port->port_devid) {
633		msg->port.port_devid_len = port->port_devid->len;
634		memcpy(&msg->port.data[i], port->port_devid->data,
635		    msg->port.port_devid_len);
636		i += msg->port.port_devid_len;
637	}
638	if (port->target_devid) {
639		msg->port.target_devid_len = port->target_devid->len;
640		memcpy(&msg->port.data[i], port->target_devid->data,
641		    msg->port.target_devid_len);
642		i += msg->port.target_devid_len;
643	}
644	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
645	    M_WAITOK);
646	free(msg, M_CTL);
647}
648
649static void
650ctl_isc_ha_link_up(struct ctl_softc *softc)
651{
652	struct ctl_port *port;
653	struct ctl_lun *lun;
654
655	STAILQ_FOREACH(port, &softc->port_list, links)
656		ctl_isc_announce_port(port);
657	STAILQ_FOREACH(lun, &softc->lun_list, links)
658		ctl_isc_announce_lun(lun);
659}
660
661static void
662ctl_isc_ha_link_down(struct ctl_softc *softc)
663{
664	struct ctl_port *port;
665	struct ctl_lun *lun;
666	union ctl_io *io;
667
668	mtx_lock(&softc->ctl_lock);
669	STAILQ_FOREACH(lun, &softc->lun_list, links) {
670		mtx_lock(&lun->lun_lock);
671		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
672			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
673			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
674		}
675		mtx_unlock(&lun->lun_lock);
676
677		mtx_unlock(&softc->ctl_lock);
678		io = ctl_alloc_io(softc->othersc_pool);
679		mtx_lock(&softc->ctl_lock);
680		ctl_zero_io(io);
681		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
682		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
683		ctl_enqueue_isc(io);
684	}
685
686	STAILQ_FOREACH(port, &softc->port_list, links) {
687		if (port->targ_port >= softc->port_min &&
688		    port->targ_port < softc->port_max)
689			continue;
690		port->status &= ~CTL_PORT_STATUS_ONLINE;
691	}
692	mtx_unlock(&softc->ctl_lock);
693}
694
695static void
696ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
697{
698	struct ctl_lun *lun;
699	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
700
701	mtx_lock(&softc->ctl_lock);
702	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
703	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
704		mtx_lock(&lun->lun_lock);
705		mtx_unlock(&softc->ctl_lock);
706		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
707		    msg->ua.ua_set)
708			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
709		if (msg->ua.ua_all) {
710			if (msg->ua.ua_set)
711				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
712			else
713				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
714		} else {
715			if (msg->ua.ua_set)
716				ctl_est_ua(lun, iid, msg->ua.ua_type);
717			else
718				ctl_clr_ua(lun, iid, msg->ua.ua_type);
719		}
720		mtx_unlock(&lun->lun_lock);
721	} else
722		mtx_unlock(&softc->ctl_lock);
723}
724
725static void
726ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
727{
728	struct ctl_lun *lun;
729	struct ctl_ha_msg_lun_pr_key pr_key;
730	int i, k;
731	ctl_lun_flags oflags;
732	uint32_t targ_lun;
733
734	targ_lun = msg->hdr.nexus.targ_mapped_lun;
735	mtx_lock(&softc->ctl_lock);
736	if ((targ_lun >= CTL_MAX_LUNS) ||
737	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
738		mtx_unlock(&softc->ctl_lock);
739		return;
740	}
741	mtx_lock(&lun->lun_lock);
742	mtx_unlock(&softc->ctl_lock);
743	if (lun->flags & CTL_LUN_DISABLED) {
744		mtx_unlock(&lun->lun_lock);
745		return;
746	}
747	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
748	if (msg->lun.lun_devid_len != i || (i > 0 &&
749	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
750		mtx_unlock(&lun->lun_lock);
751		printf("%s: Received conflicting HA LUN %d\n",
752		    __func__, msg->hdr.nexus.targ_lun);
753		return;
754	} else {
755		/* Record whether peer is primary. */
756		oflags = lun->flags;
757		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
758		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
759			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
760		else
761			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
762		if (oflags != lun->flags)
763			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
764
765		/* If peer is primary and we are not -- use data */
766		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
767		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
768			lun->PRGeneration = msg->lun.pr_generation;
769			lun->pr_res_idx = msg->lun.pr_res_idx;
770			lun->res_type = msg->lun.pr_res_type;
771			lun->pr_key_count = msg->lun.pr_key_count;
772			for (k = 0; k < CTL_MAX_INITIATORS; k++)
773				ctl_clr_prkey(lun, k);
774			for (k = 0; k < msg->lun.pr_key_count; k++) {
775				memcpy(&pr_key, &msg->lun.data[i],
776				    sizeof(pr_key));
777				ctl_alloc_prkey(lun, pr_key.pr_iid);
778				ctl_set_prkey(lun, pr_key.pr_iid,
779				    pr_key.pr_key);
780				i += sizeof(pr_key);
781			}
782		}
783
784		mtx_unlock(&lun->lun_lock);
785		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
786		    __func__, msg->hdr.nexus.targ_lun,
787		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
788		    "primary" : "secondary"));
789
790		/* If we are primary but peer doesn't know -- notify */
791		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
792		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
793			ctl_isc_announce_lun(lun);
794	}
795}
796
797static void
798ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
799{
800	struct ctl_port *port;
801	struct ctl_lun *lun;
802	int i, new;
803
804	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
805	if (port == NULL) {
806		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
807		    msg->hdr.nexus.targ_port));
808		new = 1;
809		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
810		port->frontend = &ha_frontend;
811		port->targ_port = msg->hdr.nexus.targ_port;
812	} else if (port->frontend == &ha_frontend) {
813		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
814		    msg->hdr.nexus.targ_port));
815		new = 0;
816	} else {
817		printf("%s: Received conflicting HA port %d\n",
818		    __func__, msg->hdr.nexus.targ_port);
819		return;
820	}
821	port->port_type = msg->port.port_type;
822	port->physical_port = msg->port.physical_port;
823	port->virtual_port = msg->port.virtual_port;
824	port->status = msg->port.status;
825	i = 0;
826	free(port->port_name, M_CTL);
827	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
828	    M_CTL);
829	i += msg->port.name_len;
830	if (msg->port.lun_map_len != 0) {
831		if (port->lun_map == NULL)
832			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
833			    M_CTL, M_WAITOK);
834		memcpy(port->lun_map, &msg->port.data[i],
835		    sizeof(uint32_t) * CTL_MAX_LUNS);
836		i += msg->port.lun_map_len;
837	} else {
838		free(port->lun_map, M_CTL);
839		port->lun_map = NULL;
840	}
841	if (msg->port.port_devid_len != 0) {
842		if (port->port_devid == NULL ||
843		    port->port_devid->len != msg->port.port_devid_len) {
844			free(port->port_devid, M_CTL);
845			port->port_devid = malloc(sizeof(struct ctl_devid) +
846			    msg->port.port_devid_len, M_CTL, M_WAITOK);
847		}
848		memcpy(port->port_devid->data, &msg->port.data[i],
849		    msg->port.port_devid_len);
850		port->port_devid->len = msg->port.port_devid_len;
851		i += msg->port.port_devid_len;
852	} else {
853		free(port->port_devid, M_CTL);
854		port->port_devid = NULL;
855	}
856	if (msg->port.target_devid_len != 0) {
857		if (port->target_devid == NULL ||
858		    port->target_devid->len != msg->port.target_devid_len) {
859			free(port->target_devid, M_CTL);
860			port->target_devid = malloc(sizeof(struct ctl_devid) +
861			    msg->port.target_devid_len, M_CTL, M_WAITOK);
862		}
863		memcpy(port->target_devid->data, &msg->port.data[i],
864		    msg->port.target_devid_len);
865		port->target_devid->len = msg->port.target_devid_len;
866		i += msg->port.target_devid_len;
867	} else {
868		free(port->port_devid, M_CTL);
869		port->port_devid = NULL;
870	}
871	if (new) {
872		if (ctl_port_register(port) != 0) {
873			printf("%s: ctl_port_register() failed with error\n",
874			    __func__);
875		}
876	}
877	mtx_lock(&softc->ctl_lock);
878	STAILQ_FOREACH(lun, &softc->lun_list, links) {
879		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
880			continue;
881		mtx_lock(&lun->lun_lock);
882		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
883		mtx_unlock(&lun->lun_lock);
884	}
885	mtx_unlock(&softc->ctl_lock);
886}
887
888/*
889 * ISC (Inter Shelf Communication) event handler.  Events from the HA
890 * subsystem come in here.
891 */
892static void
893ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
894{
895	struct ctl_softc *softc;
896	union ctl_io *io;
897	struct ctl_prio *presio;
898	ctl_ha_status isc_status;
899
900	softc = control_softc;
901	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
902	if (event == CTL_HA_EVT_MSG_RECV) {
903		union ctl_ha_msg *msg, msgbuf;
904
905		if (param > sizeof(msgbuf))
906			msg = malloc(param, M_CTL, M_WAITOK);
907		else
908			msg = &msgbuf;
909		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
910		    M_WAITOK);
911		if (isc_status != CTL_HA_STATUS_SUCCESS) {
912			printf("%s: Error receiving message: %d\n",
913			    __func__, isc_status);
914			if (msg != &msgbuf)
915				free(msg, M_CTL);
916			return;
917		}
918
919		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
920		switch (msg->hdr.msg_type) {
921		case CTL_MSG_SERIALIZE:
922			io = ctl_alloc_io(softc->othersc_pool);
923			ctl_zero_io(io);
924			// populate ctsio from msg
925			io->io_hdr.io_type = CTL_IO_SCSI;
926			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
927			io->io_hdr.original_sc = msg->hdr.original_sc;
928			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
929					    CTL_FLAG_IO_ACTIVE;
930			/*
931			 * If we're in serialization-only mode, we don't
932			 * want to go through full done processing.  Thus
933			 * the COPY flag.
934			 *
935			 * XXX KDM add another flag that is more specific.
936			 */
937			if (softc->ha_mode != CTL_HA_MODE_XFER)
938				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
939			io->io_hdr.nexus = msg->hdr.nexus;
940#if 0
941			printf("port %u, iid %u, lun %u\n",
942			       io->io_hdr.nexus.targ_port,
943			       io->io_hdr.nexus.initid,
944			       io->io_hdr.nexus.targ_lun);
945#endif
946			io->scsiio.tag_num = msg->scsi.tag_num;
947			io->scsiio.tag_type = msg->scsi.tag_type;
948#ifdef CTL_TIME_IO
949			io->io_hdr.start_time = time_uptime;
950			getbintime(&io->io_hdr.start_bt);
951#endif /* CTL_TIME_IO */
952			io->scsiio.cdb_len = msg->scsi.cdb_len;
953			memcpy(io->scsiio.cdb, msg->scsi.cdb,
954			       CTL_MAX_CDBLEN);
955			if (softc->ha_mode == CTL_HA_MODE_XFER) {
956				const struct ctl_cmd_entry *entry;
957
958				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
959				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
960				io->io_hdr.flags |=
961					entry->flags & CTL_FLAG_DATA_MASK;
962			}
963			ctl_enqueue_isc(io);
964			break;
965
966		/* Performed on the Originating SC, XFER mode only */
967		case CTL_MSG_DATAMOVE: {
968			struct ctl_sg_entry *sgl;
969			int i, j;
970
971			io = msg->hdr.original_sc;
972			if (io == NULL) {
973				printf("%s: original_sc == NULL!\n", __func__);
974				/* XXX KDM do something here */
975				break;
976			}
977			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
978			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
979			/*
980			 * Keep track of this, we need to send it back over
981			 * when the datamove is complete.
982			 */
983			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
984			if (msg->hdr.status == CTL_SUCCESS)
985				io->io_hdr.status = msg->hdr.status;
986
987			if (msg->dt.sg_sequence == 0) {
988				i = msg->dt.kern_sg_entries +
989				    io->scsiio.kern_data_len /
990				    CTL_HA_DATAMOVE_SEGMENT + 1;
991				sgl = malloc(sizeof(*sgl) * i, M_CTL,
992				    M_WAITOK | M_ZERO);
993				io->io_hdr.remote_sglist = sgl;
994				io->io_hdr.local_sglist =
995				    &sgl[msg->dt.kern_sg_entries];
996
997				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
998
999				io->scsiio.kern_sg_entries =
1000					msg->dt.kern_sg_entries;
1001				io->scsiio.rem_sg_entries =
1002					msg->dt.kern_sg_entries;
1003				io->scsiio.kern_data_len =
1004					msg->dt.kern_data_len;
1005				io->scsiio.kern_total_len =
1006					msg->dt.kern_total_len;
1007				io->scsiio.kern_data_resid =
1008					msg->dt.kern_data_resid;
1009				io->scsiio.kern_rel_offset =
1010					msg->dt.kern_rel_offset;
1011				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1012				io->io_hdr.flags |= msg->dt.flags &
1013				    CTL_FLAG_BUS_ADDR;
1014			} else
1015				sgl = (struct ctl_sg_entry *)
1016					io->scsiio.kern_data_ptr;
1017
1018			for (i = msg->dt.sent_sg_entries, j = 0;
1019			     i < (msg->dt.sent_sg_entries +
1020			     msg->dt.cur_sg_entries); i++, j++) {
1021				sgl[i].addr = msg->dt.sg_list[j].addr;
1022				sgl[i].len = msg->dt.sg_list[j].len;
1023
1024#if 0
1025				printf("%s: L: %p,%d -> %p,%d j=%d, i=%d\n",
1026				       __func__,
1027				       msg->dt.sg_list[j].addr,
1028				       msg->dt.sg_list[j].len,
1029				       sgl[i].addr, sgl[i].len, j, i);
1030#endif
1031			}
1032
1033			/*
1034			 * If this is the last piece of the I/O, we've got
1035			 * the full S/G list.  Queue processing in the thread.
1036			 * Otherwise wait for the next piece.
1037			 */
1038			if (msg->dt.sg_last != 0)
1039				ctl_enqueue_isc(io);
1040			break;
1041		}
1042		/* Performed on the Serializing (primary) SC, XFER mode only */
1043		case CTL_MSG_DATAMOVE_DONE: {
1044			if (msg->hdr.serializing_sc == NULL) {
1045				printf("%s: serializing_sc == NULL!\n",
1046				       __func__);
1047				/* XXX KDM now what? */
1048				break;
1049			}
1050			/*
1051			 * We grab the sense information here in case
1052			 * there was a failure, so we can return status
1053			 * back to the initiator.
1054			 */
1055			io = msg->hdr.serializing_sc;
1056			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1057			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1058			io->io_hdr.port_status = msg->scsi.fetd_status;
1059			io->scsiio.residual = msg->scsi.residual;
1060			if (msg->hdr.status != CTL_STATUS_NONE) {
1061				io->io_hdr.status = msg->hdr.status;
1062				io->scsiio.scsi_status = msg->scsi.scsi_status;
1063				io->scsiio.sense_len = msg->scsi.sense_len;
1064				io->scsiio.sense_residual =msg->scsi.sense_residual;
1065				memcpy(&io->scsiio.sense_data,
1066				    &msg->scsi.sense_data,
1067				    msg->scsi.sense_len);
1068				if (msg->hdr.status == CTL_SUCCESS)
1069					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1070			}
1071			ctl_enqueue_isc(io);
1072			break;
1073		}
1074
1075		/* Preformed on Originating SC, SER_ONLY mode */
1076		case CTL_MSG_R2R:
1077			io = msg->hdr.original_sc;
1078			if (io == NULL) {
1079				printf("%s: original_sc == NULL!\n",
1080				    __func__);
1081				break;
1082			}
1083			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1084			io->io_hdr.msg_type = CTL_MSG_R2R;
1085			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1086			ctl_enqueue_isc(io);
1087			break;
1088
1089		/*
1090		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1091		 * mode.
1092		 * Performed on the Originating (i.e. secondary) SC in XFER
1093		 * mode
1094		 */
1095		case CTL_MSG_FINISH_IO:
1096			if (softc->ha_mode == CTL_HA_MODE_XFER)
1097				ctl_isc_handler_finish_xfer(softc, msg);
1098			else
1099				ctl_isc_handler_finish_ser_only(softc, msg);
1100			break;
1101
1102		/* Preformed on Originating SC */
1103		case CTL_MSG_BAD_JUJU:
1104			io = msg->hdr.original_sc;
1105			if (io == NULL) {
1106				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1107				       __func__);
1108				break;
1109			}
1110			ctl_copy_sense_data(msg, io);
1111			/*
1112			 * IO should have already been cleaned up on other
1113			 * SC so clear this flag so we won't send a message
1114			 * back to finish the IO there.
1115			 */
1116			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1117			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1118
1119			/* io = msg->hdr.serializing_sc; */
1120			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1121			ctl_enqueue_isc(io);
1122			break;
1123
1124		/* Handle resets sent from the other side */
1125		case CTL_MSG_MANAGE_TASKS: {
1126			struct ctl_taskio *taskio;
1127			taskio = (struct ctl_taskio *)ctl_alloc_io(
1128			    softc->othersc_pool);
1129			ctl_zero_io((union ctl_io *)taskio);
1130			taskio->io_hdr.io_type = CTL_IO_TASK;
1131			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1132			taskio->io_hdr.nexus = msg->hdr.nexus;
1133			taskio->task_action = msg->task.task_action;
1134			taskio->tag_num = msg->task.tag_num;
1135			taskio->tag_type = msg->task.tag_type;
1136#ifdef CTL_TIME_IO
1137			taskio->io_hdr.start_time = time_uptime;
1138			getbintime(&taskio->io_hdr.start_bt);
1139#endif /* CTL_TIME_IO */
1140			ctl_run_task((union ctl_io *)taskio);
1141			break;
1142		}
1143		/* Persistent Reserve action which needs attention */
1144		case CTL_MSG_PERS_ACTION:
1145			presio = (struct ctl_prio *)ctl_alloc_io(
1146			    softc->othersc_pool);
1147			ctl_zero_io((union ctl_io *)presio);
1148			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1149			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1150			presio->io_hdr.nexus = msg->hdr.nexus;
1151			presio->pr_msg = msg->pr;
1152			ctl_enqueue_isc((union ctl_io *)presio);
1153			break;
1154		case CTL_MSG_UA:
1155			ctl_isc_ua(softc, msg, param);
1156			break;
1157		case CTL_MSG_PORT_SYNC:
1158			ctl_isc_port_sync(softc, msg, param);
1159			break;
1160		case CTL_MSG_LUN_SYNC:
1161			ctl_isc_lun_sync(softc, msg, param);
1162			break;
1163		default:
1164			printf("Received HA message of unknown type %d\n",
1165			    msg->hdr.msg_type);
1166			break;
1167		}
1168		if (msg != &msgbuf)
1169			free(msg, M_CTL);
1170	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1171		printf("CTL: HA link status changed from %d to %d\n",
1172		    softc->ha_link, param);
1173		if (param == softc->ha_link)
1174			return;
1175		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1176			softc->ha_link = param;
1177			ctl_isc_ha_link_down(softc);
1178		} else {
1179			softc->ha_link = param;
1180			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1181				ctl_isc_ha_link_up(softc);
1182		}
1183		return;
1184	} else {
1185		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1186		return;
1187	}
1188}
1189
1190static void
1191ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1192{
1193
1194	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1195	    src->scsi.sense_len);
1196	dest->scsiio.scsi_status = src->scsi.scsi_status;
1197	dest->scsiio.sense_len = src->scsi.sense_len;
1198	dest->io_hdr.status = src->hdr.status;
1199}
1200
1201static void
1202ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1203{
1204
1205	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1206	    src->scsiio.sense_len);
1207	dest->scsi.scsi_status = src->scsiio.scsi_status;
1208	dest->scsi.sense_len = src->scsiio.sense_len;
1209	dest->hdr.status = src->io_hdr.status;
1210}
1211
1212void
1213ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1214{
1215	struct ctl_softc *softc = lun->ctl_softc;
1216	ctl_ua_type *pu;
1217
1218	if (initidx < softc->init_min || initidx >= softc->init_max)
1219		return;
1220	mtx_assert(&lun->lun_lock, MA_OWNED);
1221	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1222	if (pu == NULL)
1223		return;
1224	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1225}
1226
1227void
1228ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1229{
1230	int i;
1231
1232	mtx_assert(&lun->lun_lock, MA_OWNED);
1233	if (lun->pending_ua[port] == NULL)
1234		return;
1235	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1236		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1237			continue;
1238		lun->pending_ua[port][i] |= ua;
1239	}
1240}
1241
1242void
1243ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1244{
1245	struct ctl_softc *softc = lun->ctl_softc;
1246	int i;
1247
1248	mtx_assert(&lun->lun_lock, MA_OWNED);
1249	for (i = softc->port_min; i < softc->port_max; i++)
1250		ctl_est_ua_port(lun, i, except, ua);
1251}
1252
1253void
1254ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1255{
1256	struct ctl_softc *softc = lun->ctl_softc;
1257	ctl_ua_type *pu;
1258
1259	if (initidx < softc->init_min || initidx >= softc->init_max)
1260		return;
1261	mtx_assert(&lun->lun_lock, MA_OWNED);
1262	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1263	if (pu == NULL)
1264		return;
1265	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1266}
1267
1268void
1269ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1270{
1271	struct ctl_softc *softc = lun->ctl_softc;
1272	int i, j;
1273
1274	mtx_assert(&lun->lun_lock, MA_OWNED);
1275	for (i = softc->port_min; i < softc->port_max; i++) {
1276		if (lun->pending_ua[i] == NULL)
1277			continue;
1278		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1279			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1280				continue;
1281			lun->pending_ua[i][j] &= ~ua;
1282		}
1283	}
1284}
1285
1286void
1287ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1288    ctl_ua_type ua_type)
1289{
1290	struct ctl_lun *lun;
1291
1292	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1293	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1294		mtx_lock(&lun->lun_lock);
1295		ctl_clr_ua(lun, initidx, ua_type);
1296		mtx_unlock(&lun->lun_lock);
1297	}
1298}
1299
1300static int
1301ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1302{
1303	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1304	struct ctl_lun *lun;
1305	struct ctl_lun_req ireq;
1306	int error, value;
1307
1308	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1309	error = sysctl_handle_int(oidp, &value, 0, req);
1310	if ((error != 0) || (req->newptr == NULL))
1311		return (error);
1312
1313	mtx_lock(&softc->ctl_lock);
1314	if (value == 0)
1315		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1316	else
1317		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1318	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1319		mtx_unlock(&softc->ctl_lock);
1320		bzero(&ireq, sizeof(ireq));
1321		ireq.reqtype = CTL_LUNREQ_MODIFY;
1322		ireq.reqdata.modify.lun_id = lun->lun;
1323		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1324		    curthread);
1325		if (ireq.status != CTL_LUN_OK) {
1326			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1327			    __func__, ireq.status, ireq.error_str);
1328		}
1329		mtx_lock(&softc->ctl_lock);
1330	}
1331	mtx_unlock(&softc->ctl_lock);
1332	return (0);
1333}
1334
1335static int
1336ctl_init(void)
1337{
1338	struct ctl_softc *softc;
1339	void *other_pool;
1340	int i, error, retval;
1341
1342	retval = 0;
1343	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1344			       M_WAITOK | M_ZERO);
1345	softc = control_softc;
1346
1347	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1348			      "cam/ctl");
1349
1350	softc->dev->si_drv1 = softc;
1351
1352	sysctl_ctx_init(&softc->sysctl_ctx);
1353	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1354		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1355		CTLFLAG_RD, 0, "CAM Target Layer");
1356
1357	if (softc->sysctl_tree == NULL) {
1358		printf("%s: unable to allocate sysctl tree\n", __func__);
1359		destroy_dev(softc->dev);
1360		free(control_softc, M_DEVBUF);
1361		control_softc = NULL;
1362		return (ENOMEM);
1363	}
1364
1365	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1366	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1367	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1368	softc->open_count = 0;
1369
1370	/*
1371	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1372	 * the drive.
1373	 */
1374	softc->flags = CTL_FLAG_REAL_SYNC;
1375
1376	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1377	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1378	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1379
1380	/*
1381	 * In Copan's HA scheme, the "master" and "slave" roles are
1382	 * figured out through the slot the controller is in.  Although it
1383	 * is an active/active system, someone has to be in charge.
1384	 */
1385	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1386	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1387	    "HA head ID (0 - no HA)");
1388	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1389		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1390		softc->is_single = 1;
1391		softc->port_cnt = CTL_MAX_PORTS;
1392		softc->port_min = 0;
1393	} else {
1394		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1395		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1396	}
1397	softc->port_max = softc->port_min + softc->port_cnt;
1398	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1399	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1400
1401	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1402	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1403	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1404
1405	STAILQ_INIT(&softc->lun_list);
1406	STAILQ_INIT(&softc->pending_lun_queue);
1407	STAILQ_INIT(&softc->fe_list);
1408	STAILQ_INIT(&softc->port_list);
1409	STAILQ_INIT(&softc->be_list);
1410	ctl_tpc_init(softc);
1411
1412	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1413	                    &other_pool) != 0)
1414	{
1415		printf("ctl: can't allocate %d entry other SC pool, "
1416		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1417		return (ENOMEM);
1418	}
1419	softc->othersc_pool = other_pool;
1420
1421	if (worker_threads <= 0)
1422		worker_threads = max(1, mp_ncpus / 4);
1423	if (worker_threads > CTL_MAX_THREADS)
1424		worker_threads = CTL_MAX_THREADS;
1425
1426	for (i = 0; i < worker_threads; i++) {
1427		struct ctl_thread *thr = &softc->threads[i];
1428
1429		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1430		thr->ctl_softc = softc;
1431		STAILQ_INIT(&thr->incoming_queue);
1432		STAILQ_INIT(&thr->rtr_queue);
1433		STAILQ_INIT(&thr->done_queue);
1434		STAILQ_INIT(&thr->isc_queue);
1435
1436		error = kproc_kthread_add(ctl_work_thread, thr,
1437		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1438		if (error != 0) {
1439			printf("error creating CTL work thread!\n");
1440			ctl_pool_free(other_pool);
1441			return (error);
1442		}
1443	}
1444	error = kproc_kthread_add(ctl_lun_thread, softc,
1445	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1446	if (error != 0) {
1447		printf("error creating CTL lun thread!\n");
1448		ctl_pool_free(other_pool);
1449		return (error);
1450	}
1451	error = kproc_kthread_add(ctl_thresh_thread, softc,
1452	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1453	if (error != 0) {
1454		printf("error creating CTL threshold thread!\n");
1455		ctl_pool_free(other_pool);
1456		return (error);
1457	}
1458
1459	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1460	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1461	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1462
1463	if (softc->is_single == 0) {
1464		ctl_frontend_register(&ha_frontend);
1465		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1466			printf("ctl_init: ctl_ha_msg_init failed.\n");
1467			softc->is_single = 1;
1468		} else
1469		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1470		    != CTL_HA_STATUS_SUCCESS) {
1471			printf("ctl_init: ctl_ha_msg_register failed.\n");
1472			softc->is_single = 1;
1473		}
1474	}
1475	return (0);
1476}
1477
1478void
1479ctl_shutdown(void)
1480{
1481	struct ctl_softc *softc;
1482	struct ctl_lun *lun, *next_lun;
1483
1484	softc = (struct ctl_softc *)control_softc;
1485
1486	if (softc->is_single == 0) {
1487		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1488		    != CTL_HA_STATUS_SUCCESS) {
1489			printf("ctl_shutdown: ctl_ha_msg_deregister failed.\n");
1490		}
1491		if (ctl_ha_msg_shutdown(softc) != CTL_HA_STATUS_SUCCESS) {
1492			printf("ctl_shutdown: ctl_ha_msg_shutdown failed.\n");
1493		}
1494		ctl_frontend_deregister(&ha_frontend);
1495	}
1496
1497	mtx_lock(&softc->ctl_lock);
1498
1499	/*
1500	 * Free up each LUN.
1501	 */
1502	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1503		next_lun = STAILQ_NEXT(lun, links);
1504		ctl_free_lun(lun);
1505	}
1506
1507	mtx_unlock(&softc->ctl_lock);
1508
1509#if 0
1510	ctl_shutdown_thread(softc->work_thread);
1511	mtx_destroy(&softc->queue_lock);
1512#endif
1513
1514	ctl_tpc_shutdown(softc);
1515	uma_zdestroy(softc->io_zone);
1516	mtx_destroy(&softc->ctl_lock);
1517
1518	destroy_dev(softc->dev);
1519
1520	sysctl_ctx_free(&softc->sysctl_ctx);
1521
1522	free(control_softc, M_DEVBUF);
1523	control_softc = NULL;
1524}
1525
1526static int
1527ctl_module_event_handler(module_t mod, int what, void *arg)
1528{
1529
1530	switch (what) {
1531	case MOD_LOAD:
1532		return (ctl_init());
1533	case MOD_UNLOAD:
1534		return (EBUSY);
1535	default:
1536		return (EOPNOTSUPP);
1537	}
1538}
1539
1540/*
1541 * XXX KDM should we do some access checks here?  Bump a reference count to
1542 * prevent a CTL module from being unloaded while someone has it open?
1543 */
1544static int
1545ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1546{
1547	return (0);
1548}
1549
1550static int
1551ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1552{
1553	return (0);
1554}
1555
1556/*
1557 * Remove an initiator by port number and initiator ID.
1558 * Returns 0 for success, -1 for failure.
1559 */
1560int
1561ctl_remove_initiator(struct ctl_port *port, int iid)
1562{
1563	struct ctl_softc *softc = control_softc;
1564
1565	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1566
1567	if (iid > CTL_MAX_INIT_PER_PORT) {
1568		printf("%s: initiator ID %u > maximun %u!\n",
1569		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1570		return (-1);
1571	}
1572
1573	mtx_lock(&softc->ctl_lock);
1574	port->wwpn_iid[iid].in_use--;
1575	port->wwpn_iid[iid].last_use = time_uptime;
1576	mtx_unlock(&softc->ctl_lock);
1577
1578	return (0);
1579}
1580
1581/*
1582 * Add an initiator to the initiator map.
1583 * Returns iid for success, < 0 for failure.
1584 */
1585int
1586ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1587{
1588	struct ctl_softc *softc = control_softc;
1589	time_t best_time;
1590	int i, best;
1591
1592	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1593
1594	if (iid >= CTL_MAX_INIT_PER_PORT) {
1595		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1596		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1597		free(name, M_CTL);
1598		return (-1);
1599	}
1600
1601	mtx_lock(&softc->ctl_lock);
1602
1603	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1604		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1605			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1606				iid = i;
1607				break;
1608			}
1609			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1610			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1611				iid = i;
1612				break;
1613			}
1614		}
1615	}
1616
1617	if (iid < 0) {
1618		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1619			if (port->wwpn_iid[i].in_use == 0 &&
1620			    port->wwpn_iid[i].wwpn == 0 &&
1621			    port->wwpn_iid[i].name == NULL) {
1622				iid = i;
1623				break;
1624			}
1625		}
1626	}
1627
1628	if (iid < 0) {
1629		best = -1;
1630		best_time = INT32_MAX;
1631		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1632			if (port->wwpn_iid[i].in_use == 0) {
1633				if (port->wwpn_iid[i].last_use < best_time) {
1634					best = i;
1635					best_time = port->wwpn_iid[i].last_use;
1636				}
1637			}
1638		}
1639		iid = best;
1640	}
1641
1642	if (iid < 0) {
1643		mtx_unlock(&softc->ctl_lock);
1644		free(name, M_CTL);
1645		return (-2);
1646	}
1647
1648	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1649		/*
1650		 * This is not an error yet.
1651		 */
1652		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1653#if 0
1654			printf("%s: port %d iid %u WWPN %#jx arrived"
1655			    " again\n", __func__, port->targ_port,
1656			    iid, (uintmax_t)wwpn);
1657#endif
1658			goto take;
1659		}
1660		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1661		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1662#if 0
1663			printf("%s: port %d iid %u name '%s' arrived"
1664			    " again\n", __func__, port->targ_port,
1665			    iid, name);
1666#endif
1667			goto take;
1668		}
1669
1670		/*
1671		 * This is an error, but what do we do about it?  The
1672		 * driver is telling us we have a new WWPN for this
1673		 * initiator ID, so we pretty much need to use it.
1674		 */
1675		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1676		    " but WWPN %#jx '%s' is still at that address\n",
1677		    __func__, port->targ_port, iid, wwpn, name,
1678		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1679		    port->wwpn_iid[iid].name);
1680
1681		/*
1682		 * XXX KDM clear have_ca and ua_pending on each LUN for
1683		 * this initiator.
1684		 */
1685	}
1686take:
1687	free(port->wwpn_iid[iid].name, M_CTL);
1688	port->wwpn_iid[iid].name = name;
1689	port->wwpn_iid[iid].wwpn = wwpn;
1690	port->wwpn_iid[iid].in_use++;
1691	mtx_unlock(&softc->ctl_lock);
1692
1693	return (iid);
1694}
1695
1696static int
1697ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1698{
1699	int len;
1700
1701	switch (port->port_type) {
1702	case CTL_PORT_FC:
1703	{
1704		struct scsi_transportid_fcp *id =
1705		    (struct scsi_transportid_fcp *)buf;
1706		if (port->wwpn_iid[iid].wwpn == 0)
1707			return (0);
1708		memset(id, 0, sizeof(*id));
1709		id->format_protocol = SCSI_PROTO_FC;
1710		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1711		return (sizeof(*id));
1712	}
1713	case CTL_PORT_ISCSI:
1714	{
1715		struct scsi_transportid_iscsi_port *id =
1716		    (struct scsi_transportid_iscsi_port *)buf;
1717		if (port->wwpn_iid[iid].name == NULL)
1718			return (0);
1719		memset(id, 0, 256);
1720		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1721		    SCSI_PROTO_ISCSI;
1722		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1723		len = roundup2(min(len, 252), 4);
1724		scsi_ulto2b(len, id->additional_length);
1725		return (sizeof(*id) + len);
1726	}
1727	case CTL_PORT_SAS:
1728	{
1729		struct scsi_transportid_sas *id =
1730		    (struct scsi_transportid_sas *)buf;
1731		if (port->wwpn_iid[iid].wwpn == 0)
1732			return (0);
1733		memset(id, 0, sizeof(*id));
1734		id->format_protocol = SCSI_PROTO_SAS;
1735		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1736		return (sizeof(*id));
1737	}
1738	default:
1739	{
1740		struct scsi_transportid_spi *id =
1741		    (struct scsi_transportid_spi *)buf;
1742		memset(id, 0, sizeof(*id));
1743		id->format_protocol = SCSI_PROTO_SPI;
1744		scsi_ulto2b(iid, id->scsi_addr);
1745		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1746		return (sizeof(*id));
1747	}
1748	}
1749}
1750
1751/*
1752 * Serialize a command that went down the "wrong" side, and so was sent to
1753 * this controller for execution.  The logic is a little different than the
1754 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1755 * sent back to the other side, but in the success case, we execute the
1756 * command on this side (XFER mode) or tell the other side to execute it
1757 * (SER_ONLY mode).
1758 */
1759static int
1760ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1761{
1762	struct ctl_softc *softc;
1763	union ctl_ha_msg msg_info;
1764	struct ctl_lun *lun;
1765	const struct ctl_cmd_entry *entry;
1766	int retval = 0;
1767	uint32_t targ_lun;
1768
1769	softc = control_softc;
1770
1771	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1772	mtx_lock(&softc->ctl_lock);
1773	if ((targ_lun < CTL_MAX_LUNS) &&
1774	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
1775		mtx_lock(&lun->lun_lock);
1776		mtx_unlock(&softc->ctl_lock);
1777		/*
1778		 * If the LUN is invalid, pretend that it doesn't exist.
1779		 * It will go away as soon as all pending I/O has been
1780		 * completed.
1781		 */
1782		if (lun->flags & CTL_LUN_DISABLED) {
1783			mtx_unlock(&lun->lun_lock);
1784			lun = NULL;
1785		}
1786	} else {
1787		mtx_unlock(&softc->ctl_lock);
1788		lun = NULL;
1789	}
1790	if (lun == NULL) {
1791		/*
1792		 * The other node would not send this request to us unless
1793		 * received announce that we are primary node for this LUN.
1794		 * If this LUN does not exist now, it is probably result of
1795		 * a race, so respond to initiator in the most opaque way.
1796		 */
1797		ctl_set_busy(ctsio);
1798		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1799		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1800		msg_info.hdr.serializing_sc = NULL;
1801		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1802		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1803		    sizeof(msg_info.scsi), M_WAITOK);
1804		return(1);
1805	}
1806
1807	entry = ctl_get_cmd_entry(ctsio, NULL);
1808	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
1809		mtx_unlock(&lun->lun_lock);
1810		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1811		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1812		msg_info.hdr.serializing_sc = NULL;
1813		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1814		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1815		    sizeof(msg_info.scsi), M_WAITOK);
1816		return(1);
1817	}
1818
1819	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
1820	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
1821
1822	/*
1823	 * Every I/O goes into the OOA queue for a
1824	 * particular LUN, and stays there until completion.
1825	 */
1826#ifdef CTL_TIME_IO
1827	if (TAILQ_EMPTY(&lun->ooa_queue))
1828		lun->idle_time += getsbinuptime() - lun->last_busy;
1829#endif
1830	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1831
1832	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1833		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1834		 ooa_links))) {
1835	case CTL_ACTION_BLOCK:
1836		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1837		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1838				  blocked_links);
1839		mtx_unlock(&lun->lun_lock);
1840		break;
1841	case CTL_ACTION_PASS:
1842	case CTL_ACTION_SKIP:
1843		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1844			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1845			ctl_enqueue_rtr((union ctl_io *)ctsio);
1846			mtx_unlock(&lun->lun_lock);
1847		} else {
1848			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
1849			mtx_unlock(&lun->lun_lock);
1850
1851			/* send msg back to other side */
1852			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1853			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1854			msg_info.hdr.msg_type = CTL_MSG_R2R;
1855			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1856			    sizeof(msg_info.hdr), M_WAITOK);
1857		}
1858		break;
1859	case CTL_ACTION_OVERLAP:
1860		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1861		mtx_unlock(&lun->lun_lock);
1862		retval = 1;
1863
1864		ctl_set_overlapped_cmd(ctsio);
1865		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1866		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1867		msg_info.hdr.serializing_sc = NULL;
1868		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1869		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1870		    sizeof(msg_info.scsi), M_WAITOK);
1871		break;
1872	case CTL_ACTION_OVERLAP_TAG:
1873		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1874		mtx_unlock(&lun->lun_lock);
1875		retval = 1;
1876		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
1877		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1878		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1879		msg_info.hdr.serializing_sc = NULL;
1880		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1881		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1882		    sizeof(msg_info.scsi), M_WAITOK);
1883		break;
1884	case CTL_ACTION_ERROR:
1885	default:
1886		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1887		mtx_unlock(&lun->lun_lock);
1888		retval = 1;
1889
1890		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
1891					 /*retry_count*/ 0);
1892		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1893		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1894		msg_info.hdr.serializing_sc = NULL;
1895		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1896		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1897		    sizeof(msg_info.scsi), M_WAITOK);
1898		break;
1899	}
1900	return (retval);
1901}
1902
1903/*
1904 * Returns 0 for success, errno for failure.
1905 */
1906static int
1907ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
1908		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
1909{
1910	union ctl_io *io;
1911	int retval;
1912
1913	retval = 0;
1914
1915	mtx_lock(&lun->lun_lock);
1916	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
1917	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
1918	     ooa_links)) {
1919		struct ctl_ooa_entry *entry;
1920
1921		/*
1922		 * If we've got more than we can fit, just count the
1923		 * remaining entries.
1924		 */
1925		if (*cur_fill_num >= ooa_hdr->alloc_num)
1926			continue;
1927
1928		entry = &kern_entries[*cur_fill_num];
1929
1930		entry->tag_num = io->scsiio.tag_num;
1931		entry->lun_num = lun->lun;
1932#ifdef CTL_TIME_IO
1933		entry->start_bt = io->io_hdr.start_bt;
1934#endif
1935		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
1936		entry->cdb_len = io->scsiio.cdb_len;
1937		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
1938			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
1939
1940		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
1941			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
1942
1943		if (io->io_hdr.flags & CTL_FLAG_ABORT)
1944			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
1945
1946		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
1947			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
1948
1949		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
1950			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
1951	}
1952	mtx_unlock(&lun->lun_lock);
1953
1954	return (retval);
1955}
1956
1957static void *
1958ctl_copyin_alloc(void *user_addr, int len, char *error_str,
1959		 size_t error_str_len)
1960{
1961	void *kptr;
1962
1963	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
1964
1965	if (copyin(user_addr, kptr, len) != 0) {
1966		snprintf(error_str, error_str_len, "Error copying %d bytes "
1967			 "from user address %p to kernel address %p", len,
1968			 user_addr, kptr);
1969		free(kptr, M_CTL);
1970		return (NULL);
1971	}
1972
1973	return (kptr);
1974}
1975
1976static void
1977ctl_free_args(int num_args, struct ctl_be_arg *args)
1978{
1979	int i;
1980
1981	if (args == NULL)
1982		return;
1983
1984	for (i = 0; i < num_args; i++) {
1985		free(args[i].kname, M_CTL);
1986		free(args[i].kvalue, M_CTL);
1987	}
1988
1989	free(args, M_CTL);
1990}
1991
1992static struct ctl_be_arg *
1993ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
1994		char *error_str, size_t error_str_len)
1995{
1996	struct ctl_be_arg *args;
1997	int i;
1998
1999	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2000				error_str, error_str_len);
2001
2002	if (args == NULL)
2003		goto bailout;
2004
2005	for (i = 0; i < num_args; i++) {
2006		args[i].kname = NULL;
2007		args[i].kvalue = NULL;
2008	}
2009
2010	for (i = 0; i < num_args; i++) {
2011		uint8_t *tmpptr;
2012
2013		args[i].kname = ctl_copyin_alloc(args[i].name,
2014			args[i].namelen, error_str, error_str_len);
2015		if (args[i].kname == NULL)
2016			goto bailout;
2017
2018		if (args[i].kname[args[i].namelen - 1] != '\0') {
2019			snprintf(error_str, error_str_len, "Argument %d "
2020				 "name is not NUL-terminated", i);
2021			goto bailout;
2022		}
2023
2024		if (args[i].flags & CTL_BEARG_RD) {
2025			tmpptr = ctl_copyin_alloc(args[i].value,
2026				args[i].vallen, error_str, error_str_len);
2027			if (tmpptr == NULL)
2028				goto bailout;
2029			if ((args[i].flags & CTL_BEARG_ASCII)
2030			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2031				snprintf(error_str, error_str_len, "Argument "
2032				    "%d value is not NUL-terminated", i);
2033				goto bailout;
2034			}
2035			args[i].kvalue = tmpptr;
2036		} else {
2037			args[i].kvalue = malloc(args[i].vallen,
2038			    M_CTL, M_WAITOK | M_ZERO);
2039		}
2040	}
2041
2042	return (args);
2043bailout:
2044
2045	ctl_free_args(num_args, args);
2046
2047	return (NULL);
2048}
2049
2050static void
2051ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2052{
2053	int i;
2054
2055	for (i = 0; i < num_args; i++) {
2056		if (args[i].flags & CTL_BEARG_WR)
2057			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2058	}
2059}
2060
2061/*
2062 * Escape characters that are illegal or not recommended in XML.
2063 */
2064int
2065ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2066{
2067	char *end = str + size;
2068	int retval;
2069
2070	retval = 0;
2071
2072	for (; *str && str < end; str++) {
2073		switch (*str) {
2074		case '&':
2075			retval = sbuf_printf(sb, "&amp;");
2076			break;
2077		case '>':
2078			retval = sbuf_printf(sb, "&gt;");
2079			break;
2080		case '<':
2081			retval = sbuf_printf(sb, "&lt;");
2082			break;
2083		default:
2084			retval = sbuf_putc(sb, *str);
2085			break;
2086		}
2087
2088		if (retval != 0)
2089			break;
2090
2091	}
2092
2093	return (retval);
2094}
2095
2096static void
2097ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2098{
2099	struct scsi_vpd_id_descriptor *desc;
2100	int i;
2101
2102	if (id == NULL || id->len < 4)
2103		return;
2104	desc = (struct scsi_vpd_id_descriptor *)id->data;
2105	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2106	case SVPD_ID_TYPE_T10:
2107		sbuf_printf(sb, "t10.");
2108		break;
2109	case SVPD_ID_TYPE_EUI64:
2110		sbuf_printf(sb, "eui.");
2111		break;
2112	case SVPD_ID_TYPE_NAA:
2113		sbuf_printf(sb, "naa.");
2114		break;
2115	case SVPD_ID_TYPE_SCSI_NAME:
2116		break;
2117	}
2118	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2119	case SVPD_ID_CODESET_BINARY:
2120		for (i = 0; i < desc->length; i++)
2121			sbuf_printf(sb, "%02x", desc->identifier[i]);
2122		break;
2123	case SVPD_ID_CODESET_ASCII:
2124		sbuf_printf(sb, "%.*s", (int)desc->length,
2125		    (char *)desc->identifier);
2126		break;
2127	case SVPD_ID_CODESET_UTF8:
2128		sbuf_printf(sb, "%s", (char *)desc->identifier);
2129		break;
2130	}
2131}
2132
2133static int
2134ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2135	  struct thread *td)
2136{
2137	struct ctl_softc *softc;
2138	struct ctl_lun *lun;
2139	int retval;
2140
2141	softc = control_softc;
2142
2143	retval = 0;
2144
2145	switch (cmd) {
2146	case CTL_IO:
2147		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2148		break;
2149	case CTL_ENABLE_PORT:
2150	case CTL_DISABLE_PORT:
2151	case CTL_SET_PORT_WWNS: {
2152		struct ctl_port *port;
2153		struct ctl_port_entry *entry;
2154
2155		entry = (struct ctl_port_entry *)addr;
2156
2157		mtx_lock(&softc->ctl_lock);
2158		STAILQ_FOREACH(port, &softc->port_list, links) {
2159			int action, done;
2160
2161			if (port->targ_port < softc->port_min ||
2162			    port->targ_port >= softc->port_max)
2163				continue;
2164
2165			action = 0;
2166			done = 0;
2167			if ((entry->port_type == CTL_PORT_NONE)
2168			 && (entry->targ_port == port->targ_port)) {
2169				/*
2170				 * If the user only wants to enable or
2171				 * disable or set WWNs on a specific port,
2172				 * do the operation and we're done.
2173				 */
2174				action = 1;
2175				done = 1;
2176			} else if (entry->port_type & port->port_type) {
2177				/*
2178				 * Compare the user's type mask with the
2179				 * particular frontend type to see if we
2180				 * have a match.
2181				 */
2182				action = 1;
2183				done = 0;
2184
2185				/*
2186				 * Make sure the user isn't trying to set
2187				 * WWNs on multiple ports at the same time.
2188				 */
2189				if (cmd == CTL_SET_PORT_WWNS) {
2190					printf("%s: Can't set WWNs on "
2191					       "multiple ports\n", __func__);
2192					retval = EINVAL;
2193					break;
2194				}
2195			}
2196			if (action == 0)
2197				continue;
2198
2199			/*
2200			 * XXX KDM we have to drop the lock here, because
2201			 * the online/offline operations can potentially
2202			 * block.  We need to reference count the frontends
2203			 * so they can't go away,
2204			 */
2205			if (cmd == CTL_ENABLE_PORT) {
2206				mtx_unlock(&softc->ctl_lock);
2207				ctl_port_online(port);
2208				mtx_lock(&softc->ctl_lock);
2209			} else if (cmd == CTL_DISABLE_PORT) {
2210				mtx_unlock(&softc->ctl_lock);
2211				ctl_port_offline(port);
2212				mtx_lock(&softc->ctl_lock);
2213			} else if (cmd == CTL_SET_PORT_WWNS) {
2214				ctl_port_set_wwns(port,
2215				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2216				    1 : 0, entry->wwnn,
2217				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2218				    1 : 0, entry->wwpn);
2219			}
2220			if (done != 0)
2221				break;
2222		}
2223		mtx_unlock(&softc->ctl_lock);
2224		break;
2225	}
2226	case CTL_GET_PORT_LIST: {
2227		struct ctl_port *port;
2228		struct ctl_port_list *list;
2229		int i;
2230
2231		list = (struct ctl_port_list *)addr;
2232
2233		if (list->alloc_len != (list->alloc_num *
2234		    sizeof(struct ctl_port_entry))) {
2235			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2236			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2237			       "%zu\n", __func__, list->alloc_len,
2238			       list->alloc_num, sizeof(struct ctl_port_entry));
2239			retval = EINVAL;
2240			break;
2241		}
2242		list->fill_len = 0;
2243		list->fill_num = 0;
2244		list->dropped_num = 0;
2245		i = 0;
2246		mtx_lock(&softc->ctl_lock);
2247		STAILQ_FOREACH(port, &softc->port_list, links) {
2248			struct ctl_port_entry entry, *list_entry;
2249
2250			if (list->fill_num >= list->alloc_num) {
2251				list->dropped_num++;
2252				continue;
2253			}
2254
2255			entry.port_type = port->port_type;
2256			strlcpy(entry.port_name, port->port_name,
2257				sizeof(entry.port_name));
2258			entry.targ_port = port->targ_port;
2259			entry.physical_port = port->physical_port;
2260			entry.virtual_port = port->virtual_port;
2261			entry.wwnn = port->wwnn;
2262			entry.wwpn = port->wwpn;
2263			if (port->status & CTL_PORT_STATUS_ONLINE)
2264				entry.online = 1;
2265			else
2266				entry.online = 0;
2267
2268			list_entry = &list->entries[i];
2269
2270			retval = copyout(&entry, list_entry, sizeof(entry));
2271			if (retval != 0) {
2272				printf("%s: CTL_GET_PORT_LIST: copyout "
2273				       "returned %d\n", __func__, retval);
2274				break;
2275			}
2276			i++;
2277			list->fill_num++;
2278			list->fill_len += sizeof(entry);
2279		}
2280		mtx_unlock(&softc->ctl_lock);
2281
2282		/*
2283		 * If this is non-zero, we had a copyout fault, so there's
2284		 * probably no point in attempting to set the status inside
2285		 * the structure.
2286		 */
2287		if (retval != 0)
2288			break;
2289
2290		if (list->dropped_num > 0)
2291			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2292		else
2293			list->status = CTL_PORT_LIST_OK;
2294		break;
2295	}
2296	case CTL_DUMP_OOA: {
2297		union ctl_io *io;
2298		char printbuf[128];
2299		struct sbuf sb;
2300
2301		mtx_lock(&softc->ctl_lock);
2302		printf("Dumping OOA queues:\n");
2303		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2304			mtx_lock(&lun->lun_lock);
2305			for (io = (union ctl_io *)TAILQ_FIRST(
2306			     &lun->ooa_queue); io != NULL;
2307			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2308			     ooa_links)) {
2309				sbuf_new(&sb, printbuf, sizeof(printbuf),
2310					 SBUF_FIXEDLEN);
2311				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2312					    (intmax_t)lun->lun,
2313					    io->scsiio.tag_num,
2314					    (io->io_hdr.flags &
2315					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2316					    (io->io_hdr.flags &
2317					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2318					    (io->io_hdr.flags &
2319					    CTL_FLAG_ABORT) ? " ABORT" : "",
2320			                    (io->io_hdr.flags &
2321		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2322				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2323				sbuf_finish(&sb);
2324				printf("%s\n", sbuf_data(&sb));
2325			}
2326			mtx_unlock(&lun->lun_lock);
2327		}
2328		printf("OOA queues dump done\n");
2329		mtx_unlock(&softc->ctl_lock);
2330		break;
2331	}
2332	case CTL_GET_OOA: {
2333		struct ctl_ooa *ooa_hdr;
2334		struct ctl_ooa_entry *entries;
2335		uint32_t cur_fill_num;
2336
2337		ooa_hdr = (struct ctl_ooa *)addr;
2338
2339		if ((ooa_hdr->alloc_len == 0)
2340		 || (ooa_hdr->alloc_num == 0)) {
2341			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2342			       "must be non-zero\n", __func__,
2343			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2344			retval = EINVAL;
2345			break;
2346		}
2347
2348		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2349		    sizeof(struct ctl_ooa_entry))) {
2350			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2351			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2352			       __func__, ooa_hdr->alloc_len,
2353			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2354			retval = EINVAL;
2355			break;
2356		}
2357
2358		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2359		if (entries == NULL) {
2360			printf("%s: could not allocate %d bytes for OOA "
2361			       "dump\n", __func__, ooa_hdr->alloc_len);
2362			retval = ENOMEM;
2363			break;
2364		}
2365
2366		mtx_lock(&softc->ctl_lock);
2367		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2368		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2369		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2370			mtx_unlock(&softc->ctl_lock);
2371			free(entries, M_CTL);
2372			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2373			       __func__, (uintmax_t)ooa_hdr->lun_num);
2374			retval = EINVAL;
2375			break;
2376		}
2377
2378		cur_fill_num = 0;
2379
2380		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2381			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2382				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2383					ooa_hdr, entries);
2384				if (retval != 0)
2385					break;
2386			}
2387			if (retval != 0) {
2388				mtx_unlock(&softc->ctl_lock);
2389				free(entries, M_CTL);
2390				break;
2391			}
2392		} else {
2393			lun = softc->ctl_luns[ooa_hdr->lun_num];
2394
2395			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2396						    entries);
2397		}
2398		mtx_unlock(&softc->ctl_lock);
2399
2400		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2401		ooa_hdr->fill_len = ooa_hdr->fill_num *
2402			sizeof(struct ctl_ooa_entry);
2403		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2404		if (retval != 0) {
2405			printf("%s: error copying out %d bytes for OOA dump\n",
2406			       __func__, ooa_hdr->fill_len);
2407		}
2408
2409		getbintime(&ooa_hdr->cur_bt);
2410
2411		if (cur_fill_num > ooa_hdr->alloc_num) {
2412			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2413			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2414		} else {
2415			ooa_hdr->dropped_num = 0;
2416			ooa_hdr->status = CTL_OOA_OK;
2417		}
2418
2419		free(entries, M_CTL);
2420		break;
2421	}
2422	case CTL_CHECK_OOA: {
2423		union ctl_io *io;
2424		struct ctl_ooa_info *ooa_info;
2425
2426
2427		ooa_info = (struct ctl_ooa_info *)addr;
2428
2429		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2430			ooa_info->status = CTL_OOA_INVALID_LUN;
2431			break;
2432		}
2433		mtx_lock(&softc->ctl_lock);
2434		lun = softc->ctl_luns[ooa_info->lun_id];
2435		if (lun == NULL) {
2436			mtx_unlock(&softc->ctl_lock);
2437			ooa_info->status = CTL_OOA_INVALID_LUN;
2438			break;
2439		}
2440		mtx_lock(&lun->lun_lock);
2441		mtx_unlock(&softc->ctl_lock);
2442		ooa_info->num_entries = 0;
2443		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2444		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2445		     &io->io_hdr, ooa_links)) {
2446			ooa_info->num_entries++;
2447		}
2448		mtx_unlock(&lun->lun_lock);
2449
2450		ooa_info->status = CTL_OOA_SUCCESS;
2451
2452		break;
2453	}
2454	case CTL_DELAY_IO: {
2455		struct ctl_io_delay_info *delay_info;
2456
2457		delay_info = (struct ctl_io_delay_info *)addr;
2458
2459#ifdef CTL_IO_DELAY
2460		mtx_lock(&softc->ctl_lock);
2461
2462		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2463		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2464			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2465		} else {
2466			lun = softc->ctl_luns[delay_info->lun_id];
2467			mtx_lock(&lun->lun_lock);
2468
2469			delay_info->status = CTL_DELAY_STATUS_OK;
2470
2471			switch (delay_info->delay_type) {
2472			case CTL_DELAY_TYPE_CONT:
2473				break;
2474			case CTL_DELAY_TYPE_ONESHOT:
2475				break;
2476			default:
2477				delay_info->status =
2478					CTL_DELAY_STATUS_INVALID_TYPE;
2479				break;
2480			}
2481
2482			switch (delay_info->delay_loc) {
2483			case CTL_DELAY_LOC_DATAMOVE:
2484				lun->delay_info.datamove_type =
2485					delay_info->delay_type;
2486				lun->delay_info.datamove_delay =
2487					delay_info->delay_secs;
2488				break;
2489			case CTL_DELAY_LOC_DONE:
2490				lun->delay_info.done_type =
2491					delay_info->delay_type;
2492				lun->delay_info.done_delay =
2493					delay_info->delay_secs;
2494				break;
2495			default:
2496				delay_info->status =
2497					CTL_DELAY_STATUS_INVALID_LOC;
2498				break;
2499			}
2500			mtx_unlock(&lun->lun_lock);
2501		}
2502
2503		mtx_unlock(&softc->ctl_lock);
2504#else
2505		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2506#endif /* CTL_IO_DELAY */
2507		break;
2508	}
2509	case CTL_REALSYNC_SET: {
2510		int *syncstate;
2511
2512		syncstate = (int *)addr;
2513
2514		mtx_lock(&softc->ctl_lock);
2515		switch (*syncstate) {
2516		case 0:
2517			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2518			break;
2519		case 1:
2520			softc->flags |= CTL_FLAG_REAL_SYNC;
2521			break;
2522		default:
2523			retval = EINVAL;
2524			break;
2525		}
2526		mtx_unlock(&softc->ctl_lock);
2527		break;
2528	}
2529	case CTL_REALSYNC_GET: {
2530		int *syncstate;
2531
2532		syncstate = (int*)addr;
2533
2534		mtx_lock(&softc->ctl_lock);
2535		if (softc->flags & CTL_FLAG_REAL_SYNC)
2536			*syncstate = 1;
2537		else
2538			*syncstate = 0;
2539		mtx_unlock(&softc->ctl_lock);
2540
2541		break;
2542	}
2543	case CTL_SETSYNC:
2544	case CTL_GETSYNC: {
2545		struct ctl_sync_info *sync_info;
2546
2547		sync_info = (struct ctl_sync_info *)addr;
2548
2549		mtx_lock(&softc->ctl_lock);
2550		lun = softc->ctl_luns[sync_info->lun_id];
2551		if (lun == NULL) {
2552			mtx_unlock(&softc->ctl_lock);
2553			sync_info->status = CTL_GS_SYNC_NO_LUN;
2554			break;
2555		}
2556		/*
2557		 * Get or set the sync interval.  We're not bounds checking
2558		 * in the set case, hopefully the user won't do something
2559		 * silly.
2560		 */
2561		mtx_lock(&lun->lun_lock);
2562		mtx_unlock(&softc->ctl_lock);
2563		if (cmd == CTL_GETSYNC)
2564			sync_info->sync_interval = lun->sync_interval;
2565		else
2566			lun->sync_interval = sync_info->sync_interval;
2567		mtx_unlock(&lun->lun_lock);
2568
2569		sync_info->status = CTL_GS_SYNC_OK;
2570
2571		break;
2572	}
2573	case CTL_GETSTATS: {
2574		struct ctl_stats *stats;
2575		int i;
2576
2577		stats = (struct ctl_stats *)addr;
2578
2579		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2580		     stats->alloc_len) {
2581			stats->status = CTL_SS_NEED_MORE_SPACE;
2582			stats->num_luns = softc->num_luns;
2583			break;
2584		}
2585		/*
2586		 * XXX KDM no locking here.  If the LUN list changes,
2587		 * things can blow up.
2588		 */
2589		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2590		     i++, lun = STAILQ_NEXT(lun, links)) {
2591			retval = copyout(&lun->stats, &stats->lun_stats[i],
2592					 sizeof(lun->stats));
2593			if (retval != 0)
2594				break;
2595		}
2596		stats->num_luns = softc->num_luns;
2597		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2598				 softc->num_luns;
2599		stats->status = CTL_SS_OK;
2600#ifdef CTL_TIME_IO
2601		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2602#else
2603		stats->flags = CTL_STATS_FLAG_NONE;
2604#endif
2605		getnanouptime(&stats->timestamp);
2606		break;
2607	}
2608	case CTL_ERROR_INJECT: {
2609		struct ctl_error_desc *err_desc, *new_err_desc;
2610
2611		err_desc = (struct ctl_error_desc *)addr;
2612
2613		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2614				      M_WAITOK | M_ZERO);
2615		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2616
2617		mtx_lock(&softc->ctl_lock);
2618		lun = softc->ctl_luns[err_desc->lun_id];
2619		if (lun == NULL) {
2620			mtx_unlock(&softc->ctl_lock);
2621			free(new_err_desc, M_CTL);
2622			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2623			       __func__, (uintmax_t)err_desc->lun_id);
2624			retval = EINVAL;
2625			break;
2626		}
2627		mtx_lock(&lun->lun_lock);
2628		mtx_unlock(&softc->ctl_lock);
2629
2630		/*
2631		 * We could do some checking here to verify the validity
2632		 * of the request, but given the complexity of error
2633		 * injection requests, the checking logic would be fairly
2634		 * complex.
2635		 *
2636		 * For now, if the request is invalid, it just won't get
2637		 * executed and might get deleted.
2638		 */
2639		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2640
2641		/*
2642		 * XXX KDM check to make sure the serial number is unique,
2643		 * in case we somehow manage to wrap.  That shouldn't
2644		 * happen for a very long time, but it's the right thing to
2645		 * do.
2646		 */
2647		new_err_desc->serial = lun->error_serial;
2648		err_desc->serial = lun->error_serial;
2649		lun->error_serial++;
2650
2651		mtx_unlock(&lun->lun_lock);
2652		break;
2653	}
2654	case CTL_ERROR_INJECT_DELETE: {
2655		struct ctl_error_desc *delete_desc, *desc, *desc2;
2656		int delete_done;
2657
2658		delete_desc = (struct ctl_error_desc *)addr;
2659		delete_done = 0;
2660
2661		mtx_lock(&softc->ctl_lock);
2662		lun = softc->ctl_luns[delete_desc->lun_id];
2663		if (lun == NULL) {
2664			mtx_unlock(&softc->ctl_lock);
2665			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2666			       __func__, (uintmax_t)delete_desc->lun_id);
2667			retval = EINVAL;
2668			break;
2669		}
2670		mtx_lock(&lun->lun_lock);
2671		mtx_unlock(&softc->ctl_lock);
2672		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2673			if (desc->serial != delete_desc->serial)
2674				continue;
2675
2676			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2677				      links);
2678			free(desc, M_CTL);
2679			delete_done = 1;
2680		}
2681		mtx_unlock(&lun->lun_lock);
2682		if (delete_done == 0) {
2683			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2684			       "error serial %ju on LUN %u\n", __func__,
2685			       delete_desc->serial, delete_desc->lun_id);
2686			retval = EINVAL;
2687			break;
2688		}
2689		break;
2690	}
2691	case CTL_DUMP_STRUCTS: {
2692		int i, j, k;
2693		struct ctl_port *port;
2694		struct ctl_frontend *fe;
2695
2696		mtx_lock(&softc->ctl_lock);
2697		printf("CTL Persistent Reservation information start:\n");
2698		for (i = 0; i < CTL_MAX_LUNS; i++) {
2699			lun = softc->ctl_luns[i];
2700
2701			if ((lun == NULL)
2702			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2703				continue;
2704
2705			for (j = 0; j < CTL_MAX_PORTS; j++) {
2706				if (lun->pr_keys[j] == NULL)
2707					continue;
2708				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2709					if (lun->pr_keys[j][k] == 0)
2710						continue;
2711					printf("  LUN %d port %d iid %d key "
2712					       "%#jx\n", i, j, k,
2713					       (uintmax_t)lun->pr_keys[j][k]);
2714				}
2715			}
2716		}
2717		printf("CTL Persistent Reservation information end\n");
2718		printf("CTL Ports:\n");
2719		STAILQ_FOREACH(port, &softc->port_list, links) {
2720			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2721			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2722			       port->frontend->name, port->port_type,
2723			       port->physical_port, port->virtual_port,
2724			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2725			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2726				if (port->wwpn_iid[j].in_use == 0 &&
2727				    port->wwpn_iid[j].wwpn == 0 &&
2728				    port->wwpn_iid[j].name == NULL)
2729					continue;
2730
2731				printf("    iid %u use %d WWPN %#jx '%s'\n",
2732				    j, port->wwpn_iid[j].in_use,
2733				    (uintmax_t)port->wwpn_iid[j].wwpn,
2734				    port->wwpn_iid[j].name);
2735			}
2736		}
2737		printf("CTL Port information end\n");
2738		mtx_unlock(&softc->ctl_lock);
2739		/*
2740		 * XXX KDM calling this without a lock.  We'd likely want
2741		 * to drop the lock before calling the frontend's dump
2742		 * routine anyway.
2743		 */
2744		printf("CTL Frontends:\n");
2745		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2746			printf("  Frontend '%s'\n", fe->name);
2747			if (fe->fe_dump != NULL)
2748				fe->fe_dump();
2749		}
2750		printf("CTL Frontend information end\n");
2751		break;
2752	}
2753	case CTL_LUN_REQ: {
2754		struct ctl_lun_req *lun_req;
2755		struct ctl_backend_driver *backend;
2756
2757		lun_req = (struct ctl_lun_req *)addr;
2758
2759		backend = ctl_backend_find(lun_req->backend);
2760		if (backend == NULL) {
2761			lun_req->status = CTL_LUN_ERROR;
2762			snprintf(lun_req->error_str,
2763				 sizeof(lun_req->error_str),
2764				 "Backend \"%s\" not found.",
2765				 lun_req->backend);
2766			break;
2767		}
2768		if (lun_req->num_be_args > 0) {
2769			lun_req->kern_be_args = ctl_copyin_args(
2770				lun_req->num_be_args,
2771				lun_req->be_args,
2772				lun_req->error_str,
2773				sizeof(lun_req->error_str));
2774			if (lun_req->kern_be_args == NULL) {
2775				lun_req->status = CTL_LUN_ERROR;
2776				break;
2777			}
2778		}
2779
2780		retval = backend->ioctl(dev, cmd, addr, flag, td);
2781
2782		if (lun_req->num_be_args > 0) {
2783			ctl_copyout_args(lun_req->num_be_args,
2784				      lun_req->kern_be_args);
2785			ctl_free_args(lun_req->num_be_args,
2786				      lun_req->kern_be_args);
2787		}
2788		break;
2789	}
2790	case CTL_LUN_LIST: {
2791		struct sbuf *sb;
2792		struct ctl_lun_list *list;
2793		struct ctl_option *opt;
2794
2795		list = (struct ctl_lun_list *)addr;
2796
2797		/*
2798		 * Allocate a fixed length sbuf here, based on the length
2799		 * of the user's buffer.  We could allocate an auto-extending
2800		 * buffer, and then tell the user how much larger our
2801		 * amount of data is than his buffer, but that presents
2802		 * some problems:
2803		 *
2804		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2805		 *     we can't hold a lock while calling them with an
2806		 *     auto-extending buffer.
2807 		 *
2808		 * 2.  There is not currently a LUN reference counting
2809		 *     mechanism, outside of outstanding transactions on
2810		 *     the LUN's OOA queue.  So a LUN could go away on us
2811		 *     while we're getting the LUN number, backend-specific
2812		 *     information, etc.  Thus, given the way things
2813		 *     currently work, we need to hold the CTL lock while
2814		 *     grabbing LUN information.
2815		 *
2816		 * So, from the user's standpoint, the best thing to do is
2817		 * allocate what he thinks is a reasonable buffer length,
2818		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2819		 * double the buffer length and try again.  (And repeat
2820		 * that until he succeeds.)
2821		 */
2822		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2823		if (sb == NULL) {
2824			list->status = CTL_LUN_LIST_ERROR;
2825			snprintf(list->error_str, sizeof(list->error_str),
2826				 "Unable to allocate %d bytes for LUN list",
2827				 list->alloc_len);
2828			break;
2829		}
2830
2831		sbuf_printf(sb, "<ctllunlist>\n");
2832
2833		mtx_lock(&softc->ctl_lock);
2834		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2835			mtx_lock(&lun->lun_lock);
2836			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2837					     (uintmax_t)lun->lun);
2838
2839			/*
2840			 * Bail out as soon as we see that we've overfilled
2841			 * the buffer.
2842			 */
2843			if (retval != 0)
2844				break;
2845
2846			retval = sbuf_printf(sb, "\t<backend_type>%s"
2847					     "</backend_type>\n",
2848					     (lun->backend == NULL) ?  "none" :
2849					     lun->backend->name);
2850
2851			if (retval != 0)
2852				break;
2853
2854			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
2855					     lun->be_lun->lun_type);
2856
2857			if (retval != 0)
2858				break;
2859
2860			if (lun->backend == NULL) {
2861				retval = sbuf_printf(sb, "</lun>\n");
2862				if (retval != 0)
2863					break;
2864				continue;
2865			}
2866
2867			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
2868					     (lun->be_lun->maxlba > 0) ?
2869					     lun->be_lun->maxlba + 1 : 0);
2870
2871			if (retval != 0)
2872				break;
2873
2874			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
2875					     lun->be_lun->blocksize);
2876
2877			if (retval != 0)
2878				break;
2879
2880			retval = sbuf_printf(sb, "\t<serial_number>");
2881
2882			if (retval != 0)
2883				break;
2884
2885			retval = ctl_sbuf_printf_esc(sb,
2886			    lun->be_lun->serial_num,
2887			    sizeof(lun->be_lun->serial_num));
2888
2889			if (retval != 0)
2890				break;
2891
2892			retval = sbuf_printf(sb, "</serial_number>\n");
2893
2894			if (retval != 0)
2895				break;
2896
2897			retval = sbuf_printf(sb, "\t<device_id>");
2898
2899			if (retval != 0)
2900				break;
2901
2902			retval = ctl_sbuf_printf_esc(sb,
2903			    lun->be_lun->device_id,
2904			    sizeof(lun->be_lun->device_id));
2905
2906			if (retval != 0)
2907				break;
2908
2909			retval = sbuf_printf(sb, "</device_id>\n");
2910
2911			if (retval != 0)
2912				break;
2913
2914			if (lun->backend->lun_info != NULL) {
2915				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
2916				if (retval != 0)
2917					break;
2918			}
2919			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
2920				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
2921				    opt->name, opt->value, opt->name);
2922				if (retval != 0)
2923					break;
2924			}
2925
2926			retval = sbuf_printf(sb, "</lun>\n");
2927
2928			if (retval != 0)
2929				break;
2930			mtx_unlock(&lun->lun_lock);
2931		}
2932		if (lun != NULL)
2933			mtx_unlock(&lun->lun_lock);
2934		mtx_unlock(&softc->ctl_lock);
2935
2936		if ((retval != 0)
2937		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
2938			retval = 0;
2939			sbuf_delete(sb);
2940			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
2941			snprintf(list->error_str, sizeof(list->error_str),
2942				 "Out of space, %d bytes is too small",
2943				 list->alloc_len);
2944			break;
2945		}
2946
2947		sbuf_finish(sb);
2948
2949		retval = copyout(sbuf_data(sb), list->lun_xml,
2950				 sbuf_len(sb) + 1);
2951
2952		list->fill_len = sbuf_len(sb) + 1;
2953		list->status = CTL_LUN_LIST_OK;
2954		sbuf_delete(sb);
2955		break;
2956	}
2957	case CTL_ISCSI: {
2958		struct ctl_iscsi *ci;
2959		struct ctl_frontend *fe;
2960
2961		ci = (struct ctl_iscsi *)addr;
2962
2963		fe = ctl_frontend_find("iscsi");
2964		if (fe == NULL) {
2965			ci->status = CTL_ISCSI_ERROR;
2966			snprintf(ci->error_str, sizeof(ci->error_str),
2967			    "Frontend \"iscsi\" not found.");
2968			break;
2969		}
2970
2971		retval = fe->ioctl(dev, cmd, addr, flag, td);
2972		break;
2973	}
2974	case CTL_PORT_REQ: {
2975		struct ctl_req *req;
2976		struct ctl_frontend *fe;
2977
2978		req = (struct ctl_req *)addr;
2979
2980		fe = ctl_frontend_find(req->driver);
2981		if (fe == NULL) {
2982			req->status = CTL_LUN_ERROR;
2983			snprintf(req->error_str, sizeof(req->error_str),
2984			    "Frontend \"%s\" not found.", req->driver);
2985			break;
2986		}
2987		if (req->num_args > 0) {
2988			req->kern_args = ctl_copyin_args(req->num_args,
2989			    req->args, req->error_str, sizeof(req->error_str));
2990			if (req->kern_args == NULL) {
2991				req->status = CTL_LUN_ERROR;
2992				break;
2993			}
2994		}
2995
2996		if (fe->ioctl)
2997			retval = fe->ioctl(dev, cmd, addr, flag, td);
2998		else
2999			retval = ENODEV;
3000
3001		if (req->num_args > 0) {
3002			ctl_copyout_args(req->num_args, req->kern_args);
3003			ctl_free_args(req->num_args, req->kern_args);
3004		}
3005		break;
3006	}
3007	case CTL_PORT_LIST: {
3008		struct sbuf *sb;
3009		struct ctl_port *port;
3010		struct ctl_lun_list *list;
3011		struct ctl_option *opt;
3012		int j;
3013		uint32_t plun;
3014
3015		list = (struct ctl_lun_list *)addr;
3016
3017		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3018		if (sb == NULL) {
3019			list->status = CTL_LUN_LIST_ERROR;
3020			snprintf(list->error_str, sizeof(list->error_str),
3021				 "Unable to allocate %d bytes for LUN list",
3022				 list->alloc_len);
3023			break;
3024		}
3025
3026		sbuf_printf(sb, "<ctlportlist>\n");
3027
3028		mtx_lock(&softc->ctl_lock);
3029		STAILQ_FOREACH(port, &softc->port_list, links) {
3030			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3031					     (uintmax_t)port->targ_port);
3032
3033			/*
3034			 * Bail out as soon as we see that we've overfilled
3035			 * the buffer.
3036			 */
3037			if (retval != 0)
3038				break;
3039
3040			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3041			    "</frontend_type>\n", port->frontend->name);
3042			if (retval != 0)
3043				break;
3044
3045			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3046					     port->port_type);
3047			if (retval != 0)
3048				break;
3049
3050			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3051			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3052			if (retval != 0)
3053				break;
3054
3055			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3056			    port->port_name);
3057			if (retval != 0)
3058				break;
3059
3060			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3061			    port->physical_port);
3062			if (retval != 0)
3063				break;
3064
3065			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3066			    port->virtual_port);
3067			if (retval != 0)
3068				break;
3069
3070			if (port->target_devid != NULL) {
3071				sbuf_printf(sb, "\t<target>");
3072				ctl_id_sbuf(port->target_devid, sb);
3073				sbuf_printf(sb, "</target>\n");
3074			}
3075
3076			if (port->port_devid != NULL) {
3077				sbuf_printf(sb, "\t<port>");
3078				ctl_id_sbuf(port->port_devid, sb);
3079				sbuf_printf(sb, "</port>\n");
3080			}
3081
3082			if (port->port_info != NULL) {
3083				retval = port->port_info(port->onoff_arg, sb);
3084				if (retval != 0)
3085					break;
3086			}
3087			STAILQ_FOREACH(opt, &port->options, links) {
3088				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3089				    opt->name, opt->value, opt->name);
3090				if (retval != 0)
3091					break;
3092			}
3093
3094			if (port->lun_map != NULL) {
3095				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3096				for (j = 0; j < CTL_MAX_LUNS; j++) {
3097					plun = ctl_lun_map_from_port(port, j);
3098					if (plun >= CTL_MAX_LUNS)
3099						continue;
3100					sbuf_printf(sb,
3101					    "\t<lun id=\"%u\">%u</lun>\n",
3102					    j, plun);
3103				}
3104			}
3105
3106			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3107				if (port->wwpn_iid[j].in_use == 0 ||
3108				    (port->wwpn_iid[j].wwpn == 0 &&
3109				     port->wwpn_iid[j].name == NULL))
3110					continue;
3111
3112				if (port->wwpn_iid[j].name != NULL)
3113					retval = sbuf_printf(sb,
3114					    "\t<initiator id=\"%u\">%s</initiator>\n",
3115					    j, port->wwpn_iid[j].name);
3116				else
3117					retval = sbuf_printf(sb,
3118					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3119					    j, port->wwpn_iid[j].wwpn);
3120				if (retval != 0)
3121					break;
3122			}
3123			if (retval != 0)
3124				break;
3125
3126			retval = sbuf_printf(sb, "</targ_port>\n");
3127			if (retval != 0)
3128				break;
3129		}
3130		mtx_unlock(&softc->ctl_lock);
3131
3132		if ((retval != 0)
3133		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3134			retval = 0;
3135			sbuf_delete(sb);
3136			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3137			snprintf(list->error_str, sizeof(list->error_str),
3138				 "Out of space, %d bytes is too small",
3139				 list->alloc_len);
3140			break;
3141		}
3142
3143		sbuf_finish(sb);
3144
3145		retval = copyout(sbuf_data(sb), list->lun_xml,
3146				 sbuf_len(sb) + 1);
3147
3148		list->fill_len = sbuf_len(sb) + 1;
3149		list->status = CTL_LUN_LIST_OK;
3150		sbuf_delete(sb);
3151		break;
3152	}
3153	case CTL_LUN_MAP: {
3154		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3155		struct ctl_port *port;
3156
3157		mtx_lock(&softc->ctl_lock);
3158		if (lm->port < softc->port_min ||
3159		    lm->port >= softc->port_max ||
3160		    (port = softc->ctl_ports[lm->port]) == NULL) {
3161			mtx_unlock(&softc->ctl_lock);
3162			return (ENXIO);
3163		}
3164		if (port->status & CTL_PORT_STATUS_ONLINE) {
3165			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3166				if (ctl_lun_map_to_port(port, lun->lun) >=
3167				    CTL_MAX_LUNS)
3168					continue;
3169				mtx_lock(&lun->lun_lock);
3170				ctl_est_ua_port(lun, lm->port, -1,
3171				    CTL_UA_LUN_CHANGE);
3172				mtx_unlock(&lun->lun_lock);
3173			}
3174		}
3175		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3176		if (lm->plun < CTL_MAX_LUNS) {
3177			if (lm->lun == UINT32_MAX)
3178				retval = ctl_lun_map_unset(port, lm->plun);
3179			else if (lm->lun < CTL_MAX_LUNS &&
3180			    softc->ctl_luns[lm->lun] != NULL)
3181				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3182			else
3183				return (ENXIO);
3184		} else if (lm->plun == UINT32_MAX) {
3185			if (lm->lun == UINT32_MAX)
3186				retval = ctl_lun_map_deinit(port);
3187			else
3188				retval = ctl_lun_map_init(port);
3189		} else
3190			return (ENXIO);
3191		if (port->status & CTL_PORT_STATUS_ONLINE)
3192			ctl_isc_announce_port(port);
3193		break;
3194	}
3195	default: {
3196		/* XXX KDM should we fix this? */
3197#if 0
3198		struct ctl_backend_driver *backend;
3199		unsigned int type;
3200		int found;
3201
3202		found = 0;
3203
3204		/*
3205		 * We encode the backend type as the ioctl type for backend
3206		 * ioctls.  So parse it out here, and then search for a
3207		 * backend of this type.
3208		 */
3209		type = _IOC_TYPE(cmd);
3210
3211		STAILQ_FOREACH(backend, &softc->be_list, links) {
3212			if (backend->type == type) {
3213				found = 1;
3214				break;
3215			}
3216		}
3217		if (found == 0) {
3218			printf("ctl: unknown ioctl command %#lx or backend "
3219			       "%d\n", cmd, type);
3220			retval = EINVAL;
3221			break;
3222		}
3223		retval = backend->ioctl(dev, cmd, addr, flag, td);
3224#endif
3225		retval = ENOTTY;
3226		break;
3227	}
3228	}
3229	return (retval);
3230}
3231
3232uint32_t
3233ctl_get_initindex(struct ctl_nexus *nexus)
3234{
3235	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3236}
3237
3238int
3239ctl_lun_map_init(struct ctl_port *port)
3240{
3241	struct ctl_softc *softc = control_softc;
3242	struct ctl_lun *lun;
3243	uint32_t i;
3244
3245	if (port->lun_map == NULL)
3246		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3247		    M_CTL, M_NOWAIT);
3248	if (port->lun_map == NULL)
3249		return (ENOMEM);
3250	for (i = 0; i < CTL_MAX_LUNS; i++)
3251		port->lun_map[i] = UINT32_MAX;
3252	if (port->status & CTL_PORT_STATUS_ONLINE) {
3253		if (port->lun_disable != NULL) {
3254			STAILQ_FOREACH(lun, &softc->lun_list, links)
3255				port->lun_disable(port->targ_lun_arg, lun->lun);
3256		}
3257		ctl_isc_announce_port(port);
3258	}
3259	return (0);
3260}
3261
3262int
3263ctl_lun_map_deinit(struct ctl_port *port)
3264{
3265	struct ctl_softc *softc = control_softc;
3266	struct ctl_lun *lun;
3267
3268	if (port->lun_map == NULL)
3269		return (0);
3270	free(port->lun_map, M_CTL);
3271	port->lun_map = NULL;
3272	if (port->status & CTL_PORT_STATUS_ONLINE) {
3273		if (port->lun_enable != NULL) {
3274			STAILQ_FOREACH(lun, &softc->lun_list, links)
3275				port->lun_enable(port->targ_lun_arg, lun->lun);
3276		}
3277		ctl_isc_announce_port(port);
3278	}
3279	return (0);
3280}
3281
3282int
3283ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3284{
3285	int status;
3286	uint32_t old;
3287
3288	if (port->lun_map == NULL) {
3289		status = ctl_lun_map_init(port);
3290		if (status != 0)
3291			return (status);
3292	}
3293	old = port->lun_map[plun];
3294	port->lun_map[plun] = glun;
3295	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3296		if (port->lun_enable != NULL)
3297			port->lun_enable(port->targ_lun_arg, plun);
3298		ctl_isc_announce_port(port);
3299	}
3300	return (0);
3301}
3302
3303int
3304ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3305{
3306	uint32_t old;
3307
3308	if (port->lun_map == NULL)
3309		return (0);
3310	old = port->lun_map[plun];
3311	port->lun_map[plun] = UINT32_MAX;
3312	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3313		if (port->lun_disable != NULL)
3314			port->lun_disable(port->targ_lun_arg, plun);
3315		ctl_isc_announce_port(port);
3316	}
3317	return (0);
3318}
3319
3320uint32_t
3321ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3322{
3323
3324	if (port == NULL)
3325		return (UINT32_MAX);
3326	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3327		return (lun_id);
3328	return (port->lun_map[lun_id]);
3329}
3330
3331uint32_t
3332ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3333{
3334	uint32_t i;
3335
3336	if (port == NULL)
3337		return (UINT32_MAX);
3338	if (port->lun_map == NULL)
3339		return (lun_id);
3340	for (i = 0; i < CTL_MAX_LUNS; i++) {
3341		if (port->lun_map[i] == lun_id)
3342			return (i);
3343	}
3344	return (UINT32_MAX);
3345}
3346
3347static struct ctl_port *
3348ctl_io_port(struct ctl_io_hdr *io_hdr)
3349{
3350
3351	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3352}
3353
3354int
3355ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3356{
3357	int i;
3358
3359	for (i = first; i < last; i++) {
3360		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3361			return (i);
3362	}
3363	return (-1);
3364}
3365
3366int
3367ctl_set_mask(uint32_t *mask, uint32_t bit)
3368{
3369	uint32_t chunk, piece;
3370
3371	chunk = bit >> 5;
3372	piece = bit % (sizeof(uint32_t) * 8);
3373
3374	if ((mask[chunk] & (1 << piece)) != 0)
3375		return (-1);
3376	else
3377		mask[chunk] |= (1 << piece);
3378
3379	return (0);
3380}
3381
3382int
3383ctl_clear_mask(uint32_t *mask, uint32_t bit)
3384{
3385	uint32_t chunk, piece;
3386
3387	chunk = bit >> 5;
3388	piece = bit % (sizeof(uint32_t) * 8);
3389
3390	if ((mask[chunk] & (1 << piece)) == 0)
3391		return (-1);
3392	else
3393		mask[chunk] &= ~(1 << piece);
3394
3395	return (0);
3396}
3397
3398int
3399ctl_is_set(uint32_t *mask, uint32_t bit)
3400{
3401	uint32_t chunk, piece;
3402
3403	chunk = bit >> 5;
3404	piece = bit % (sizeof(uint32_t) * 8);
3405
3406	if ((mask[chunk] & (1 << piece)) == 0)
3407		return (0);
3408	else
3409		return (1);
3410}
3411
3412static uint64_t
3413ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3414{
3415	uint64_t *t;
3416
3417	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3418	if (t == NULL)
3419		return (0);
3420	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3421}
3422
3423static void
3424ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3425{
3426	uint64_t *t;
3427
3428	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3429	if (t == NULL)
3430		return;
3431	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3432}
3433
3434static void
3435ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3436{
3437	uint64_t *p;
3438	u_int i;
3439
3440	i = residx/CTL_MAX_INIT_PER_PORT;
3441	if (lun->pr_keys[i] != NULL)
3442		return;
3443	mtx_unlock(&lun->lun_lock);
3444	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3445	    M_WAITOK | M_ZERO);
3446	mtx_lock(&lun->lun_lock);
3447	if (lun->pr_keys[i] == NULL)
3448		lun->pr_keys[i] = p;
3449	else
3450		free(p, M_CTL);
3451}
3452
3453static void
3454ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3455{
3456	uint64_t *t;
3457
3458	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3459	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3460	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3461}
3462
3463/*
3464 * ctl_softc, pool_name, total_ctl_io are passed in.
3465 * npool is passed out.
3466 */
3467int
3468ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3469		uint32_t total_ctl_io, void **npool)
3470{
3471#ifdef IO_POOLS
3472	struct ctl_io_pool *pool;
3473
3474	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3475					    M_NOWAIT | M_ZERO);
3476	if (pool == NULL)
3477		return (ENOMEM);
3478
3479	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3480	pool->ctl_softc = ctl_softc;
3481	pool->zone = uma_zsecond_create(pool->name, NULL,
3482	    NULL, NULL, NULL, ctl_softc->io_zone);
3483	/* uma_prealloc(pool->zone, total_ctl_io); */
3484
3485	*npool = pool;
3486#else
3487	*npool = ctl_softc->io_zone;
3488#endif
3489	return (0);
3490}
3491
3492void
3493ctl_pool_free(struct ctl_io_pool *pool)
3494{
3495
3496	if (pool == NULL)
3497		return;
3498
3499#ifdef IO_POOLS
3500	uma_zdestroy(pool->zone);
3501	free(pool, M_CTL);
3502#endif
3503}
3504
3505union ctl_io *
3506ctl_alloc_io(void *pool_ref)
3507{
3508	union ctl_io *io;
3509#ifdef IO_POOLS
3510	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3511
3512	io = uma_zalloc(pool->zone, M_WAITOK);
3513#else
3514	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3515#endif
3516	if (io != NULL)
3517		io->io_hdr.pool = pool_ref;
3518	return (io);
3519}
3520
3521union ctl_io *
3522ctl_alloc_io_nowait(void *pool_ref)
3523{
3524	union ctl_io *io;
3525#ifdef IO_POOLS
3526	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3527
3528	io = uma_zalloc(pool->zone, M_NOWAIT);
3529#else
3530	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3531#endif
3532	if (io != NULL)
3533		io->io_hdr.pool = pool_ref;
3534	return (io);
3535}
3536
3537void
3538ctl_free_io(union ctl_io *io)
3539{
3540#ifdef IO_POOLS
3541	struct ctl_io_pool *pool;
3542#endif
3543
3544	if (io == NULL)
3545		return;
3546
3547#ifdef IO_POOLS
3548	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3549	uma_zfree(pool->zone, io);
3550#else
3551	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3552#endif
3553}
3554
3555void
3556ctl_zero_io(union ctl_io *io)
3557{
3558	void *pool_ref;
3559
3560	if (io == NULL)
3561		return;
3562
3563	/*
3564	 * May need to preserve linked list pointers at some point too.
3565	 */
3566	pool_ref = io->io_hdr.pool;
3567	memset(io, 0, sizeof(*io));
3568	io->io_hdr.pool = pool_ref;
3569}
3570
3571/*
3572 * This routine is currently used for internal copies of ctl_ios that need
3573 * to persist for some reason after we've already returned status to the
3574 * FETD.  (Thus the flag set.)
3575 *
3576 * XXX XXX
3577 * Note that this makes a blind copy of all fields in the ctl_io, except
3578 * for the pool reference.  This includes any memory that has been
3579 * allocated!  That memory will no longer be valid after done has been
3580 * called, so this would be VERY DANGEROUS for command that actually does
3581 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3582 * start and stop commands, which don't transfer any data, so this is not a
3583 * problem.  If it is used for anything else, the caller would also need to
3584 * allocate data buffer space and this routine would need to be modified to
3585 * copy the data buffer(s) as well.
3586 */
3587void
3588ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3589{
3590	void *pool_ref;
3591
3592	if ((src == NULL)
3593	 || (dest == NULL))
3594		return;
3595
3596	/*
3597	 * May need to preserve linked list pointers at some point too.
3598	 */
3599	pool_ref = dest->io_hdr.pool;
3600
3601	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3602
3603	dest->io_hdr.pool = pool_ref;
3604	/*
3605	 * We need to know that this is an internal copy, and doesn't need
3606	 * to get passed back to the FETD that allocated it.
3607	 */
3608	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3609}
3610
3611int
3612ctl_expand_number(const char *buf, uint64_t *num)
3613{
3614	char *endptr;
3615	uint64_t number;
3616	unsigned shift;
3617
3618	number = strtoq(buf, &endptr, 0);
3619
3620	switch (tolower((unsigned char)*endptr)) {
3621	case 'e':
3622		shift = 60;
3623		break;
3624	case 'p':
3625		shift = 50;
3626		break;
3627	case 't':
3628		shift = 40;
3629		break;
3630	case 'g':
3631		shift = 30;
3632		break;
3633	case 'm':
3634		shift = 20;
3635		break;
3636	case 'k':
3637		shift = 10;
3638		break;
3639	case 'b':
3640	case '\0': /* No unit. */
3641		*num = number;
3642		return (0);
3643	default:
3644		/* Unrecognized unit. */
3645		return (-1);
3646	}
3647
3648	if ((number << shift) >> shift != number) {
3649		/* Overflow */
3650		return (-1);
3651	}
3652	*num = number << shift;
3653	return (0);
3654}
3655
3656
3657/*
3658 * This routine could be used in the future to load default and/or saved
3659 * mode page parameters for a particuar lun.
3660 */
3661static int
3662ctl_init_page_index(struct ctl_lun *lun)
3663{
3664	int i;
3665	struct ctl_page_index *page_index;
3666	const char *value;
3667	uint64_t ival;
3668
3669	memcpy(&lun->mode_pages.index, page_index_template,
3670	       sizeof(page_index_template));
3671
3672	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3673
3674		page_index = &lun->mode_pages.index[i];
3675		/*
3676		 * If this is a disk-only mode page, there's no point in
3677		 * setting it up.  For some pages, we have to have some
3678		 * basic information about the disk in order to calculate the
3679		 * mode page data.
3680		 */
3681		if ((lun->be_lun->lun_type != T_DIRECT)
3682		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3683			continue;
3684
3685		switch (page_index->page_code & SMPH_PC_MASK) {
3686		case SMS_RW_ERROR_RECOVERY_PAGE: {
3687			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3688				panic("subpage is incorrect!");
3689			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3690			       &rw_er_page_default,
3691			       sizeof(rw_er_page_default));
3692			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3693			       &rw_er_page_changeable,
3694			       sizeof(rw_er_page_changeable));
3695			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3696			       &rw_er_page_default,
3697			       sizeof(rw_er_page_default));
3698			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3699			       &rw_er_page_default,
3700			       sizeof(rw_er_page_default));
3701			page_index->page_data =
3702				(uint8_t *)lun->mode_pages.rw_er_page;
3703			break;
3704		}
3705		case SMS_FORMAT_DEVICE_PAGE: {
3706			struct scsi_format_page *format_page;
3707
3708			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3709				panic("subpage is incorrect!");
3710
3711			/*
3712			 * Sectors per track are set above.  Bytes per
3713			 * sector need to be set here on a per-LUN basis.
3714			 */
3715			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3716			       &format_page_default,
3717			       sizeof(format_page_default));
3718			memcpy(&lun->mode_pages.format_page[
3719			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3720			       sizeof(format_page_changeable));
3721			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3722			       &format_page_default,
3723			       sizeof(format_page_default));
3724			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3725			       &format_page_default,
3726			       sizeof(format_page_default));
3727
3728			format_page = &lun->mode_pages.format_page[
3729				CTL_PAGE_CURRENT];
3730			scsi_ulto2b(lun->be_lun->blocksize,
3731				    format_page->bytes_per_sector);
3732
3733			format_page = &lun->mode_pages.format_page[
3734				CTL_PAGE_DEFAULT];
3735			scsi_ulto2b(lun->be_lun->blocksize,
3736				    format_page->bytes_per_sector);
3737
3738			format_page = &lun->mode_pages.format_page[
3739				CTL_PAGE_SAVED];
3740			scsi_ulto2b(lun->be_lun->blocksize,
3741				    format_page->bytes_per_sector);
3742
3743			page_index->page_data =
3744				(uint8_t *)lun->mode_pages.format_page;
3745			break;
3746		}
3747		case SMS_RIGID_DISK_PAGE: {
3748			struct scsi_rigid_disk_page *rigid_disk_page;
3749			uint32_t sectors_per_cylinder;
3750			uint64_t cylinders;
3751#ifndef	__XSCALE__
3752			int shift;
3753#endif /* !__XSCALE__ */
3754
3755			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3756				panic("invalid subpage value %d",
3757				      page_index->subpage);
3758
3759			/*
3760			 * Rotation rate and sectors per track are set
3761			 * above.  We calculate the cylinders here based on
3762			 * capacity.  Due to the number of heads and
3763			 * sectors per track we're using, smaller arrays
3764			 * may turn out to have 0 cylinders.  Linux and
3765			 * FreeBSD don't pay attention to these mode pages
3766			 * to figure out capacity, but Solaris does.  It
3767			 * seems to deal with 0 cylinders just fine, and
3768			 * works out a fake geometry based on the capacity.
3769			 */
3770			memcpy(&lun->mode_pages.rigid_disk_page[
3771			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3772			       sizeof(rigid_disk_page_default));
3773			memcpy(&lun->mode_pages.rigid_disk_page[
3774			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3775			       sizeof(rigid_disk_page_changeable));
3776
3777			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3778				CTL_DEFAULT_HEADS;
3779
3780			/*
3781			 * The divide method here will be more accurate,
3782			 * probably, but results in floating point being
3783			 * used in the kernel on i386 (__udivdi3()).  On the
3784			 * XScale, though, __udivdi3() is implemented in
3785			 * software.
3786			 *
3787			 * The shift method for cylinder calculation is
3788			 * accurate if sectors_per_cylinder is a power of
3789			 * 2.  Otherwise it might be slightly off -- you
3790			 * might have a bit of a truncation problem.
3791			 */
3792#ifdef	__XSCALE__
3793			cylinders = (lun->be_lun->maxlba + 1) /
3794				sectors_per_cylinder;
3795#else
3796			for (shift = 31; shift > 0; shift--) {
3797				if (sectors_per_cylinder & (1 << shift))
3798					break;
3799			}
3800			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3801#endif
3802
3803			/*
3804			 * We've basically got 3 bytes, or 24 bits for the
3805			 * cylinder size in the mode page.  If we're over,
3806			 * just round down to 2^24.
3807			 */
3808			if (cylinders > 0xffffff)
3809				cylinders = 0xffffff;
3810
3811			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3812				CTL_PAGE_DEFAULT];
3813			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3814
3815			if ((value = ctl_get_opt(&lun->be_lun->options,
3816			    "rpm")) != NULL) {
3817				scsi_ulto2b(strtol(value, NULL, 0),
3818				     rigid_disk_page->rotation_rate);
3819			}
3820
3821			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3822			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3823			       sizeof(rigid_disk_page_default));
3824			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3825			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3826			       sizeof(rigid_disk_page_default));
3827
3828			page_index->page_data =
3829				(uint8_t *)lun->mode_pages.rigid_disk_page;
3830			break;
3831		}
3832		case SMS_CACHING_PAGE: {
3833			struct scsi_caching_page *caching_page;
3834
3835			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3836				panic("invalid subpage value %d",
3837				      page_index->subpage);
3838			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3839			       &caching_page_default,
3840			       sizeof(caching_page_default));
3841			memcpy(&lun->mode_pages.caching_page[
3842			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3843			       sizeof(caching_page_changeable));
3844			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3845			       &caching_page_default,
3846			       sizeof(caching_page_default));
3847			caching_page = &lun->mode_pages.caching_page[
3848			    CTL_PAGE_SAVED];
3849			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3850			if (value != NULL && strcmp(value, "off") == 0)
3851				caching_page->flags1 &= ~SCP_WCE;
3852			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3853			if (value != NULL && strcmp(value, "off") == 0)
3854				caching_page->flags1 |= SCP_RCD;
3855			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3856			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3857			       sizeof(caching_page_default));
3858			page_index->page_data =
3859				(uint8_t *)lun->mode_pages.caching_page;
3860			break;
3861		}
3862		case SMS_CONTROL_MODE_PAGE: {
3863			struct scsi_control_page *control_page;
3864
3865			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3866				panic("invalid subpage value %d",
3867				      page_index->subpage);
3868
3869			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
3870			       &control_page_default,
3871			       sizeof(control_page_default));
3872			memcpy(&lun->mode_pages.control_page[
3873			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
3874			       sizeof(control_page_changeable));
3875			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
3876			       &control_page_default,
3877			       sizeof(control_page_default));
3878			control_page = &lun->mode_pages.control_page[
3879			    CTL_PAGE_SAVED];
3880			value = ctl_get_opt(&lun->be_lun->options, "reordering");
3881			if (value != NULL && strcmp(value, "unrestricted") == 0) {
3882				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
3883				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
3884			}
3885			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3886			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
3887			       sizeof(control_page_default));
3888			page_index->page_data =
3889				(uint8_t *)lun->mode_pages.control_page;
3890			break;
3891
3892		}
3893		case SMS_INFO_EXCEPTIONS_PAGE: {
3894			switch (page_index->subpage) {
3895			case SMS_SUBPAGE_PAGE_0:
3896				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
3897				       &ie_page_default,
3898				       sizeof(ie_page_default));
3899				memcpy(&lun->mode_pages.ie_page[
3900				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
3901				       sizeof(ie_page_changeable));
3902				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
3903				       &ie_page_default,
3904				       sizeof(ie_page_default));
3905				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
3906				       &ie_page_default,
3907				       sizeof(ie_page_default));
3908				page_index->page_data =
3909					(uint8_t *)lun->mode_pages.ie_page;
3910				break;
3911			case 0x02: {
3912				struct ctl_logical_block_provisioning_page *page;
3913
3914				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
3915				       &lbp_page_default,
3916				       sizeof(lbp_page_default));
3917				memcpy(&lun->mode_pages.lbp_page[
3918				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
3919				       sizeof(lbp_page_changeable));
3920				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3921				       &lbp_page_default,
3922				       sizeof(lbp_page_default));
3923				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
3924				value = ctl_get_opt(&lun->be_lun->options,
3925				    "avail-threshold");
3926				if (value != NULL &&
3927				    ctl_expand_number(value, &ival) == 0) {
3928					page->descr[0].flags |= SLBPPD_ENABLED |
3929					    SLBPPD_ARMING_DEC;
3930					if (lun->be_lun->blocksize)
3931						ival /= lun->be_lun->blocksize;
3932					else
3933						ival /= 512;
3934					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3935					    page->descr[0].count);
3936				}
3937				value = ctl_get_opt(&lun->be_lun->options,
3938				    "used-threshold");
3939				if (value != NULL &&
3940				    ctl_expand_number(value, &ival) == 0) {
3941					page->descr[1].flags |= SLBPPD_ENABLED |
3942					    SLBPPD_ARMING_INC;
3943					if (lun->be_lun->blocksize)
3944						ival /= lun->be_lun->blocksize;
3945					else
3946						ival /= 512;
3947					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3948					    page->descr[1].count);
3949				}
3950				value = ctl_get_opt(&lun->be_lun->options,
3951				    "pool-avail-threshold");
3952				if (value != NULL &&
3953				    ctl_expand_number(value, &ival) == 0) {
3954					page->descr[2].flags |= SLBPPD_ENABLED |
3955					    SLBPPD_ARMING_DEC;
3956					if (lun->be_lun->blocksize)
3957						ival /= lun->be_lun->blocksize;
3958					else
3959						ival /= 512;
3960					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3961					    page->descr[2].count);
3962				}
3963				value = ctl_get_opt(&lun->be_lun->options,
3964				    "pool-used-threshold");
3965				if (value != NULL &&
3966				    ctl_expand_number(value, &ival) == 0) {
3967					page->descr[3].flags |= SLBPPD_ENABLED |
3968					    SLBPPD_ARMING_INC;
3969					if (lun->be_lun->blocksize)
3970						ival /= lun->be_lun->blocksize;
3971					else
3972						ival /= 512;
3973					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
3974					    page->descr[3].count);
3975				}
3976				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
3977				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
3978				       sizeof(lbp_page_default));
3979				page_index->page_data =
3980					(uint8_t *)lun->mode_pages.lbp_page;
3981			}}
3982			break;
3983		}
3984		case SMS_VENDOR_SPECIFIC_PAGE:{
3985			switch (page_index->subpage) {
3986			case DBGCNF_SUBPAGE_CODE: {
3987				struct copan_debugconf_subpage *current_page,
3988							       *saved_page;
3989
3990				memcpy(&lun->mode_pages.debugconf_subpage[
3991				       CTL_PAGE_CURRENT],
3992				       &debugconf_page_default,
3993				       sizeof(debugconf_page_default));
3994				memcpy(&lun->mode_pages.debugconf_subpage[
3995				       CTL_PAGE_CHANGEABLE],
3996				       &debugconf_page_changeable,
3997				       sizeof(debugconf_page_changeable));
3998				memcpy(&lun->mode_pages.debugconf_subpage[
3999				       CTL_PAGE_DEFAULT],
4000				       &debugconf_page_default,
4001				       sizeof(debugconf_page_default));
4002				memcpy(&lun->mode_pages.debugconf_subpage[
4003				       CTL_PAGE_SAVED],
4004				       &debugconf_page_default,
4005				       sizeof(debugconf_page_default));
4006				page_index->page_data =
4007					(uint8_t *)lun->mode_pages.debugconf_subpage;
4008
4009				current_page = (struct copan_debugconf_subpage *)
4010					(page_index->page_data +
4011					 (page_index->page_len *
4012					  CTL_PAGE_CURRENT));
4013				saved_page = (struct copan_debugconf_subpage *)
4014					(page_index->page_data +
4015					 (page_index->page_len *
4016					  CTL_PAGE_SAVED));
4017				break;
4018			}
4019			default:
4020				panic("invalid subpage value %d",
4021				      page_index->subpage);
4022				break;
4023			}
4024   			break;
4025		}
4026		default:
4027			panic("invalid page value %d",
4028			      page_index->page_code & SMPH_PC_MASK);
4029			break;
4030    	}
4031	}
4032
4033	return (CTL_RETVAL_COMPLETE);
4034}
4035
4036static int
4037ctl_init_log_page_index(struct ctl_lun *lun)
4038{
4039	struct ctl_page_index *page_index;
4040	int i, j, k, prev;
4041
4042	memcpy(&lun->log_pages.index, log_page_index_template,
4043	       sizeof(log_page_index_template));
4044
4045	prev = -1;
4046	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4047
4048		page_index = &lun->log_pages.index[i];
4049		/*
4050		 * If this is a disk-only mode page, there's no point in
4051		 * setting it up.  For some pages, we have to have some
4052		 * basic information about the disk in order to calculate the
4053		 * mode page data.
4054		 */
4055		if ((lun->be_lun->lun_type != T_DIRECT)
4056		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4057			continue;
4058
4059		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4060		     lun->backend->lun_attr == NULL)
4061			continue;
4062
4063		if (page_index->page_code != prev) {
4064			lun->log_pages.pages_page[j] = page_index->page_code;
4065			prev = page_index->page_code;
4066			j++;
4067		}
4068		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4069		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4070		k++;
4071	}
4072	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4073	lun->log_pages.index[0].page_len = j;
4074	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4075	lun->log_pages.index[1].page_len = k * 2;
4076	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4077	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4078	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4079	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4080
4081	return (CTL_RETVAL_COMPLETE);
4082}
4083
4084static int
4085hex2bin(const char *str, uint8_t *buf, int buf_size)
4086{
4087	int i;
4088	u_char c;
4089
4090	memset(buf, 0, buf_size);
4091	while (isspace(str[0]))
4092		str++;
4093	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4094		str += 2;
4095	buf_size *= 2;
4096	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4097		c = str[i];
4098		if (isdigit(c))
4099			c -= '0';
4100		else if (isalpha(c))
4101			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4102		else
4103			break;
4104		if (c >= 16)
4105			break;
4106		if ((i & 1) == 0)
4107			buf[i / 2] |= (c << 4);
4108		else
4109			buf[i / 2] |= c;
4110	}
4111	return ((i + 1) / 2);
4112}
4113
4114/*
4115 * LUN allocation.
4116 *
4117 * Requirements:
4118 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4119 *   wants us to allocate the LUN and he can block.
4120 * - ctl_softc is always set
4121 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4122 *
4123 * Returns 0 for success, non-zero (errno) for failure.
4124 */
4125static int
4126ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4127	      struct ctl_be_lun *const be_lun)
4128{
4129	struct ctl_lun *nlun, *lun;
4130	struct scsi_vpd_id_descriptor *desc;
4131	struct scsi_vpd_id_t10 *t10id;
4132	const char *eui, *naa, *scsiname, *vendor;
4133	int lun_number, i, lun_malloced;
4134	int devidlen, idlen1, idlen2 = 0, len;
4135
4136	if (be_lun == NULL)
4137		return (EINVAL);
4138
4139	/*
4140	 * We currently only support Direct Access or Processor LUN types.
4141	 */
4142	switch (be_lun->lun_type) {
4143	case T_DIRECT:
4144		break;
4145	case T_PROCESSOR:
4146		break;
4147	case T_SEQUENTIAL:
4148	case T_CHANGER:
4149	default:
4150		be_lun->lun_config_status(be_lun->be_lun,
4151					  CTL_LUN_CONFIG_FAILURE);
4152		break;
4153	}
4154	if (ctl_lun == NULL) {
4155		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4156		lun_malloced = 1;
4157	} else {
4158		lun_malloced = 0;
4159		lun = ctl_lun;
4160	}
4161
4162	memset(lun, 0, sizeof(*lun));
4163	if (lun_malloced)
4164		lun->flags = CTL_LUN_MALLOCED;
4165
4166	/* Generate LUN ID. */
4167	devidlen = max(CTL_DEVID_MIN_LEN,
4168	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4169	idlen1 = sizeof(*t10id) + devidlen;
4170	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4171	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4172	if (scsiname != NULL) {
4173		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4174		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4175	}
4176	eui = ctl_get_opt(&be_lun->options, "eui");
4177	if (eui != NULL) {
4178		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4179	}
4180	naa = ctl_get_opt(&be_lun->options, "naa");
4181	if (naa != NULL) {
4182		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4183	}
4184	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4185	    M_CTL, M_WAITOK | M_ZERO);
4186	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4187	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4188	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4189	desc->length = idlen1;
4190	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4191	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4192	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4193		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4194	} else {
4195		strncpy(t10id->vendor, vendor,
4196		    min(sizeof(t10id->vendor), strlen(vendor)));
4197	}
4198	strncpy((char *)t10id->vendor_spec_id,
4199	    (char *)be_lun->device_id, devidlen);
4200	if (scsiname != NULL) {
4201		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4202		    desc->length);
4203		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4204		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4205		    SVPD_ID_TYPE_SCSI_NAME;
4206		desc->length = idlen2;
4207		strlcpy(desc->identifier, scsiname, idlen2);
4208	}
4209	if (eui != NULL) {
4210		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4211		    desc->length);
4212		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4213		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4214		    SVPD_ID_TYPE_EUI64;
4215		desc->length = hex2bin(eui, desc->identifier, 16);
4216		desc->length = desc->length > 12 ? 16 :
4217		    (desc->length > 8 ? 12 : 8);
4218		len -= 16 - desc->length;
4219	}
4220	if (naa != NULL) {
4221		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4222		    desc->length);
4223		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4224		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4225		    SVPD_ID_TYPE_NAA;
4226		desc->length = hex2bin(naa, desc->identifier, 16);
4227		desc->length = desc->length > 8 ? 16 : 8;
4228		len -= 16 - desc->length;
4229	}
4230	lun->lun_devid->len = len;
4231
4232	mtx_lock(&ctl_softc->ctl_lock);
4233	/*
4234	 * See if the caller requested a particular LUN number.  If so, see
4235	 * if it is available.  Otherwise, allocate the first available LUN.
4236	 */
4237	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4238		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4239		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4240			mtx_unlock(&ctl_softc->ctl_lock);
4241			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4242				printf("ctl: requested LUN ID %d is higher "
4243				       "than CTL_MAX_LUNS - 1 (%d)\n",
4244				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4245			} else {
4246				/*
4247				 * XXX KDM return an error, or just assign
4248				 * another LUN ID in this case??
4249				 */
4250				printf("ctl: requested LUN ID %d is already "
4251				       "in use\n", be_lun->req_lun_id);
4252			}
4253			if (lun->flags & CTL_LUN_MALLOCED)
4254				free(lun, M_CTL);
4255			be_lun->lun_config_status(be_lun->be_lun,
4256						  CTL_LUN_CONFIG_FAILURE);
4257			return (ENOSPC);
4258		}
4259		lun_number = be_lun->req_lun_id;
4260	} else {
4261		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4262		if (lun_number == -1) {
4263			mtx_unlock(&ctl_softc->ctl_lock);
4264			printf("ctl: can't allocate LUN, out of LUNs\n");
4265			if (lun->flags & CTL_LUN_MALLOCED)
4266				free(lun, M_CTL);
4267			be_lun->lun_config_status(be_lun->be_lun,
4268						  CTL_LUN_CONFIG_FAILURE);
4269			return (ENOSPC);
4270		}
4271	}
4272	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4273
4274	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4275	lun->lun = lun_number;
4276	lun->be_lun = be_lun;
4277	/*
4278	 * The processor LUN is always enabled.  Disk LUNs come on line
4279	 * disabled, and must be enabled by the backend.
4280	 */
4281	lun->flags |= CTL_LUN_DISABLED;
4282	lun->backend = be_lun->be;
4283	be_lun->ctl_lun = lun;
4284	be_lun->lun_id = lun_number;
4285	atomic_add_int(&be_lun->be->num_luns, 1);
4286	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4287		lun->flags |= CTL_LUN_OFFLINE;
4288
4289	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4290		lun->flags |= CTL_LUN_STOPPED;
4291
4292	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4293		lun->flags |= CTL_LUN_INOPERABLE;
4294
4295	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4296		lun->flags |= CTL_LUN_PRIMARY_SC;
4297
4298	lun->ctl_softc = ctl_softc;
4299#ifdef CTL_TIME_IO
4300	lun->last_busy = getsbinuptime();
4301#endif
4302	TAILQ_INIT(&lun->ooa_queue);
4303	TAILQ_INIT(&lun->blocked_queue);
4304	STAILQ_INIT(&lun->error_list);
4305	ctl_tpc_lun_init(lun);
4306
4307	/*
4308	 * Initialize the mode and log page index.
4309	 */
4310	ctl_init_page_index(lun);
4311	ctl_init_log_page_index(lun);
4312
4313	/*
4314	 * Now, before we insert this lun on the lun list, set the lun
4315	 * inventory changed UA for all other luns.
4316	 */
4317	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4318		mtx_lock(&nlun->lun_lock);
4319		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4320		mtx_unlock(&nlun->lun_lock);
4321	}
4322
4323	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4324
4325	ctl_softc->ctl_luns[lun_number] = lun;
4326
4327	ctl_softc->num_luns++;
4328
4329	/* Setup statistics gathering */
4330	lun->stats.device_type = be_lun->lun_type;
4331	lun->stats.lun_number = lun_number;
4332	if (lun->stats.device_type == T_DIRECT)
4333		lun->stats.blocksize = be_lun->blocksize;
4334	else
4335		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4336	for (i = 0;i < CTL_MAX_PORTS;i++)
4337		lun->stats.ports[i].targ_port = i;
4338
4339	mtx_unlock(&ctl_softc->ctl_lock);
4340
4341	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4342	return (0);
4343}
4344
4345/*
4346 * Delete a LUN.
4347 * Assumptions:
4348 * - LUN has already been marked invalid and any pending I/O has been taken
4349 *   care of.
4350 */
4351static int
4352ctl_free_lun(struct ctl_lun *lun)
4353{
4354	struct ctl_softc *softc;
4355	struct ctl_lun *nlun;
4356	int i;
4357
4358	softc = lun->ctl_softc;
4359
4360	mtx_assert(&softc->ctl_lock, MA_OWNED);
4361
4362	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4363
4364	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4365
4366	softc->ctl_luns[lun->lun] = NULL;
4367
4368	if (!TAILQ_EMPTY(&lun->ooa_queue))
4369		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4370
4371	softc->num_luns--;
4372
4373	/*
4374	 * Tell the backend to free resources, if this LUN has a backend.
4375	 */
4376	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4377	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4378
4379	ctl_tpc_lun_shutdown(lun);
4380	mtx_destroy(&lun->lun_lock);
4381	free(lun->lun_devid, M_CTL);
4382	for (i = 0; i < CTL_MAX_PORTS; i++)
4383		free(lun->pending_ua[i], M_CTL);
4384	for (i = 0; i < CTL_MAX_PORTS; i++)
4385		free(lun->pr_keys[i], M_CTL);
4386	free(lun->write_buffer, M_CTL);
4387	if (lun->flags & CTL_LUN_MALLOCED)
4388		free(lun, M_CTL);
4389
4390	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4391		mtx_lock(&nlun->lun_lock);
4392		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4393		mtx_unlock(&nlun->lun_lock);
4394	}
4395
4396	return (0);
4397}
4398
4399static void
4400ctl_create_lun(struct ctl_be_lun *be_lun)
4401{
4402	struct ctl_softc *softc;
4403
4404	softc = control_softc;
4405
4406	/*
4407	 * ctl_alloc_lun() should handle all potential failure cases.
4408	 */
4409	ctl_alloc_lun(softc, NULL, be_lun);
4410}
4411
4412int
4413ctl_add_lun(struct ctl_be_lun *be_lun)
4414{
4415	struct ctl_softc *softc = control_softc;
4416
4417	mtx_lock(&softc->ctl_lock);
4418	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4419	mtx_unlock(&softc->ctl_lock);
4420	wakeup(&softc->pending_lun_queue);
4421
4422	return (0);
4423}
4424
4425int
4426ctl_enable_lun(struct ctl_be_lun *be_lun)
4427{
4428	struct ctl_softc *softc;
4429	struct ctl_port *port, *nport;
4430	struct ctl_lun *lun;
4431	int retval;
4432
4433	lun = (struct ctl_lun *)be_lun->ctl_lun;
4434	softc = lun->ctl_softc;
4435
4436	mtx_lock(&softc->ctl_lock);
4437	mtx_lock(&lun->lun_lock);
4438	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4439		/*
4440		 * eh?  Why did we get called if the LUN is already
4441		 * enabled?
4442		 */
4443		mtx_unlock(&lun->lun_lock);
4444		mtx_unlock(&softc->ctl_lock);
4445		return (0);
4446	}
4447	lun->flags &= ~CTL_LUN_DISABLED;
4448	mtx_unlock(&lun->lun_lock);
4449
4450	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4451		nport = STAILQ_NEXT(port, links);
4452		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4453		    port->lun_map != NULL || port->lun_enable == NULL)
4454			continue;
4455
4456		/*
4457		 * Drop the lock while we call the FETD's enable routine.
4458		 * This can lead to a callback into CTL (at least in the
4459		 * case of the internal initiator frontend.
4460		 */
4461		mtx_unlock(&softc->ctl_lock);
4462		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4463		mtx_lock(&softc->ctl_lock);
4464		if (retval != 0) {
4465			printf("%s: FETD %s port %d returned error "
4466			       "%d for lun_enable on lun %jd\n",
4467			       __func__, port->port_name, port->targ_port,
4468			       retval, (intmax_t)lun->lun);
4469		}
4470	}
4471
4472	mtx_unlock(&softc->ctl_lock);
4473	ctl_isc_announce_lun(lun);
4474
4475	return (0);
4476}
4477
4478int
4479ctl_disable_lun(struct ctl_be_lun *be_lun)
4480{
4481	struct ctl_softc *softc;
4482	struct ctl_port *port;
4483	struct ctl_lun *lun;
4484	int retval;
4485
4486	lun = (struct ctl_lun *)be_lun->ctl_lun;
4487	softc = lun->ctl_softc;
4488
4489	mtx_lock(&softc->ctl_lock);
4490	mtx_lock(&lun->lun_lock);
4491	if (lun->flags & CTL_LUN_DISABLED) {
4492		mtx_unlock(&lun->lun_lock);
4493		mtx_unlock(&softc->ctl_lock);
4494		return (0);
4495	}
4496	lun->flags |= CTL_LUN_DISABLED;
4497	mtx_unlock(&lun->lun_lock);
4498
4499	STAILQ_FOREACH(port, &softc->port_list, links) {
4500		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4501		    port->lun_map != NULL || port->lun_disable == NULL)
4502			continue;
4503
4504		/*
4505		 * Drop the lock before we call the frontend's disable
4506		 * routine, to avoid lock order reversals.
4507		 *
4508		 * XXX KDM what happens if the frontend list changes while
4509		 * we're traversing it?  It's unlikely, but should be handled.
4510		 */
4511		mtx_unlock(&softc->ctl_lock);
4512		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4513		mtx_lock(&softc->ctl_lock);
4514		if (retval != 0) {
4515			printf("%s: FETD %s port %d returned error "
4516			       "%d for lun_disable on lun %jd\n",
4517			       __func__, port->port_name, port->targ_port,
4518			       retval, (intmax_t)lun->lun);
4519		}
4520	}
4521
4522	mtx_unlock(&softc->ctl_lock);
4523	ctl_isc_announce_lun(lun);
4524
4525	return (0);
4526}
4527
4528int
4529ctl_start_lun(struct ctl_be_lun *be_lun)
4530{
4531	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4532
4533	mtx_lock(&lun->lun_lock);
4534	lun->flags &= ~CTL_LUN_STOPPED;
4535	mtx_unlock(&lun->lun_lock);
4536	return (0);
4537}
4538
4539int
4540ctl_stop_lun(struct ctl_be_lun *be_lun)
4541{
4542	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4543
4544	mtx_lock(&lun->lun_lock);
4545	lun->flags |= CTL_LUN_STOPPED;
4546	mtx_unlock(&lun->lun_lock);
4547	return (0);
4548}
4549
4550int
4551ctl_lun_offline(struct ctl_be_lun *be_lun)
4552{
4553	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4554
4555	mtx_lock(&lun->lun_lock);
4556	lun->flags |= CTL_LUN_OFFLINE;
4557	mtx_unlock(&lun->lun_lock);
4558	return (0);
4559}
4560
4561int
4562ctl_lun_online(struct ctl_be_lun *be_lun)
4563{
4564	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4565
4566	mtx_lock(&lun->lun_lock);
4567	lun->flags &= ~CTL_LUN_OFFLINE;
4568	mtx_unlock(&lun->lun_lock);
4569	return (0);
4570}
4571
4572int
4573ctl_lun_primary(struct ctl_be_lun *be_lun)
4574{
4575	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4576
4577	mtx_lock(&lun->lun_lock);
4578	lun->flags |= CTL_LUN_PRIMARY_SC;
4579	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4580	mtx_unlock(&lun->lun_lock);
4581	ctl_isc_announce_lun(lun);
4582	return (0);
4583}
4584
4585int
4586ctl_lun_secondary(struct ctl_be_lun *be_lun)
4587{
4588	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4589
4590	mtx_lock(&lun->lun_lock);
4591	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4592	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4593	mtx_unlock(&lun->lun_lock);
4594	ctl_isc_announce_lun(lun);
4595	return (0);
4596}
4597
4598int
4599ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4600{
4601	struct ctl_softc *softc;
4602	struct ctl_lun *lun;
4603
4604	lun = (struct ctl_lun *)be_lun->ctl_lun;
4605	softc = lun->ctl_softc;
4606
4607	mtx_lock(&lun->lun_lock);
4608
4609	/*
4610	 * The LUN needs to be disabled before it can be marked invalid.
4611	 */
4612	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4613		mtx_unlock(&lun->lun_lock);
4614		return (-1);
4615	}
4616	/*
4617	 * Mark the LUN invalid.
4618	 */
4619	lun->flags |= CTL_LUN_INVALID;
4620
4621	/*
4622	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4623	 * If we have something in the OOA queue, we'll free it when the
4624	 * last I/O completes.
4625	 */
4626	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4627		mtx_unlock(&lun->lun_lock);
4628		mtx_lock(&softc->ctl_lock);
4629		ctl_free_lun(lun);
4630		mtx_unlock(&softc->ctl_lock);
4631	} else
4632		mtx_unlock(&lun->lun_lock);
4633
4634	return (0);
4635}
4636
4637int
4638ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4639{
4640	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4641
4642	mtx_lock(&lun->lun_lock);
4643	lun->flags |= CTL_LUN_INOPERABLE;
4644	mtx_unlock(&lun->lun_lock);
4645	return (0);
4646}
4647
4648int
4649ctl_lun_operable(struct ctl_be_lun *be_lun)
4650{
4651	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4652
4653	mtx_lock(&lun->lun_lock);
4654	lun->flags &= ~CTL_LUN_INOPERABLE;
4655	mtx_unlock(&lun->lun_lock);
4656	return (0);
4657}
4658
4659void
4660ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4661{
4662	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4663	union ctl_ha_msg msg;
4664
4665	mtx_lock(&lun->lun_lock);
4666	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4667	mtx_unlock(&lun->lun_lock);
4668	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4669		/* Send msg to other side. */
4670		bzero(&msg.ua, sizeof(msg.ua));
4671		msg.hdr.msg_type = CTL_MSG_UA;
4672		msg.hdr.nexus.initid = -1;
4673		msg.hdr.nexus.targ_port = -1;
4674		msg.hdr.nexus.targ_lun = lun->lun;
4675		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4676		msg.ua.ua_all = 1;
4677		msg.ua.ua_set = 1;
4678		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4679		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4680		    M_WAITOK);
4681	}
4682}
4683
4684/*
4685 * Backend "memory move is complete" callback for requests that never
4686 * make it down to say RAIDCore's configuration code.
4687 */
4688int
4689ctl_config_move_done(union ctl_io *io)
4690{
4691	int retval;
4692
4693	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4694	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4695	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4696
4697	if ((io->io_hdr.port_status != 0) &&
4698	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4699	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4700		/*
4701		 * For hardware error sense keys, the sense key
4702		 * specific value is defined to be a retry count,
4703		 * but we use it to pass back an internal FETD
4704		 * error code.  XXX KDM  Hopefully the FETD is only
4705		 * using 16 bits for an error code, since that's
4706		 * all the space we have in the sks field.
4707		 */
4708		ctl_set_internal_failure(&io->scsiio,
4709					 /*sks_valid*/ 1,
4710					 /*retry_count*/
4711					 io->io_hdr.port_status);
4712	}
4713
4714	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4715		ctl_data_print(io);
4716	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4717	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4718	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4719	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4720		/*
4721		 * XXX KDM just assuming a single pointer here, and not a
4722		 * S/G list.  If we start using S/G lists for config data,
4723		 * we'll need to know how to clean them up here as well.
4724		 */
4725		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4726			free(io->scsiio.kern_data_ptr, M_CTL);
4727		ctl_done(io);
4728		retval = CTL_RETVAL_COMPLETE;
4729	} else {
4730		/*
4731		 * XXX KDM now we need to continue data movement.  Some
4732		 * options:
4733		 * - call ctl_scsiio() again?  We don't do this for data
4734		 *   writes, because for those at least we know ahead of
4735		 *   time where the write will go and how long it is.  For
4736		 *   config writes, though, that information is largely
4737		 *   contained within the write itself, thus we need to
4738		 *   parse out the data again.
4739		 *
4740		 * - Call some other function once the data is in?
4741		 */
4742
4743		/*
4744		 * XXX KDM call ctl_scsiio() again for now, and check flag
4745		 * bits to see whether we're allocated or not.
4746		 */
4747		retval = ctl_scsiio(&io->scsiio);
4748	}
4749	return (retval);
4750}
4751
4752/*
4753 * This gets called by a backend driver when it is done with a
4754 * data_submit method.
4755 */
4756void
4757ctl_data_submit_done(union ctl_io *io)
4758{
4759	/*
4760	 * If the IO_CONT flag is set, we need to call the supplied
4761	 * function to continue processing the I/O, instead of completing
4762	 * the I/O just yet.
4763	 *
4764	 * If there is an error, though, we don't want to keep processing.
4765	 * Instead, just send status back to the initiator.
4766	 */
4767	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4768	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4769	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4770	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4771		io->scsiio.io_cont(io);
4772		return;
4773	}
4774	ctl_done(io);
4775}
4776
4777/*
4778 * This gets called by a backend driver when it is done with a
4779 * configuration write.
4780 */
4781void
4782ctl_config_write_done(union ctl_io *io)
4783{
4784	uint8_t *buf;
4785
4786	/*
4787	 * If the IO_CONT flag is set, we need to call the supplied
4788	 * function to continue processing the I/O, instead of completing
4789	 * the I/O just yet.
4790	 *
4791	 * If there is an error, though, we don't want to keep processing.
4792	 * Instead, just send status back to the initiator.
4793	 */
4794	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4795	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4796	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4797	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4798		io->scsiio.io_cont(io);
4799		return;
4800	}
4801	/*
4802	 * Since a configuration write can be done for commands that actually
4803	 * have data allocated, like write buffer, and commands that have
4804	 * no data, like start/stop unit, we need to check here.
4805	 */
4806	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4807		buf = io->scsiio.kern_data_ptr;
4808	else
4809		buf = NULL;
4810	ctl_done(io);
4811	if (buf)
4812		free(buf, M_CTL);
4813}
4814
4815void
4816ctl_config_read_done(union ctl_io *io)
4817{
4818	uint8_t *buf;
4819
4820	/*
4821	 * If there is some error -- we are done, skip data transfer.
4822	 */
4823	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4824	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4825	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4826		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4827			buf = io->scsiio.kern_data_ptr;
4828		else
4829			buf = NULL;
4830		ctl_done(io);
4831		if (buf)
4832			free(buf, M_CTL);
4833		return;
4834	}
4835
4836	/*
4837	 * If the IO_CONT flag is set, we need to call the supplied
4838	 * function to continue processing the I/O, instead of completing
4839	 * the I/O just yet.
4840	 */
4841	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4842		io->scsiio.io_cont(io);
4843		return;
4844	}
4845
4846	ctl_datamove(io);
4847}
4848
4849/*
4850 * SCSI release command.
4851 */
4852int
4853ctl_scsi_release(struct ctl_scsiio *ctsio)
4854{
4855	int length, longid, thirdparty_id, resv_id;
4856	struct ctl_lun *lun;
4857	uint32_t residx;
4858
4859	length = 0;
4860	resv_id = 0;
4861
4862	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4863
4864	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4865	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4866
4867	switch (ctsio->cdb[0]) {
4868	case RELEASE_10: {
4869		struct scsi_release_10 *cdb;
4870
4871		cdb = (struct scsi_release_10 *)ctsio->cdb;
4872
4873		if (cdb->byte2 & SR10_LONGID)
4874			longid = 1;
4875		else
4876			thirdparty_id = cdb->thirdparty_id;
4877
4878		resv_id = cdb->resv_id;
4879		length = scsi_2btoul(cdb->length);
4880		break;
4881	}
4882	}
4883
4884
4885	/*
4886	 * XXX KDM right now, we only support LUN reservation.  We don't
4887	 * support 3rd party reservations, or extent reservations, which
4888	 * might actually need the parameter list.  If we've gotten this
4889	 * far, we've got a LUN reservation.  Anything else got kicked out
4890	 * above.  So, according to SPC, ignore the length.
4891	 */
4892	length = 0;
4893
4894	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4895	 && (length > 0)) {
4896		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4897		ctsio->kern_data_len = length;
4898		ctsio->kern_total_len = length;
4899		ctsio->kern_data_resid = 0;
4900		ctsio->kern_rel_offset = 0;
4901		ctsio->kern_sg_entries = 0;
4902		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4903		ctsio->be_move_done = ctl_config_move_done;
4904		ctl_datamove((union ctl_io *)ctsio);
4905
4906		return (CTL_RETVAL_COMPLETE);
4907	}
4908
4909	if (length > 0)
4910		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
4911
4912	mtx_lock(&lun->lun_lock);
4913
4914	/*
4915	 * According to SPC, it is not an error for an intiator to attempt
4916	 * to release a reservation on a LUN that isn't reserved, or that
4917	 * is reserved by another initiator.  The reservation can only be
4918	 * released, though, by the initiator who made it or by one of
4919	 * several reset type events.
4920	 */
4921	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
4922			lun->flags &= ~CTL_LUN_RESERVED;
4923
4924	mtx_unlock(&lun->lun_lock);
4925
4926	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
4927		free(ctsio->kern_data_ptr, M_CTL);
4928		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
4929	}
4930
4931	ctl_set_success(ctsio);
4932	ctl_done((union ctl_io *)ctsio);
4933	return (CTL_RETVAL_COMPLETE);
4934}
4935
4936int
4937ctl_scsi_reserve(struct ctl_scsiio *ctsio)
4938{
4939	int extent, thirdparty, longid;
4940	int resv_id, length;
4941	uint64_t thirdparty_id;
4942	struct ctl_lun *lun;
4943	uint32_t residx;
4944
4945	extent = 0;
4946	thirdparty = 0;
4947	longid = 0;
4948	resv_id = 0;
4949	length = 0;
4950	thirdparty_id = 0;
4951
4952	CTL_DEBUG_PRINT(("ctl_reserve\n"));
4953
4954	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4955	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4956
4957	switch (ctsio->cdb[0]) {
4958	case RESERVE_10: {
4959		struct scsi_reserve_10 *cdb;
4960
4961		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
4962
4963		if (cdb->byte2 & SR10_LONGID)
4964			longid = 1;
4965		else
4966			thirdparty_id = cdb->thirdparty_id;
4967
4968		resv_id = cdb->resv_id;
4969		length = scsi_2btoul(cdb->length);
4970		break;
4971	}
4972	}
4973
4974	/*
4975	 * XXX KDM right now, we only support LUN reservation.  We don't
4976	 * support 3rd party reservations, or extent reservations, which
4977	 * might actually need the parameter list.  If we've gotten this
4978	 * far, we've got a LUN reservation.  Anything else got kicked out
4979	 * above.  So, according to SPC, ignore the length.
4980	 */
4981	length = 0;
4982
4983	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4984	 && (length > 0)) {
4985		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4986		ctsio->kern_data_len = length;
4987		ctsio->kern_total_len = length;
4988		ctsio->kern_data_resid = 0;
4989		ctsio->kern_rel_offset = 0;
4990		ctsio->kern_sg_entries = 0;
4991		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4992		ctsio->be_move_done = ctl_config_move_done;
4993		ctl_datamove((union ctl_io *)ctsio);
4994
4995		return (CTL_RETVAL_COMPLETE);
4996	}
4997
4998	if (length > 0)
4999		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5000
5001	mtx_lock(&lun->lun_lock);
5002	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5003		ctl_set_reservation_conflict(ctsio);
5004		goto bailout;
5005	}
5006
5007	lun->flags |= CTL_LUN_RESERVED;
5008	lun->res_idx = residx;
5009
5010	ctl_set_success(ctsio);
5011
5012bailout:
5013	mtx_unlock(&lun->lun_lock);
5014
5015	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5016		free(ctsio->kern_data_ptr, M_CTL);
5017		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5018	}
5019
5020	ctl_done((union ctl_io *)ctsio);
5021	return (CTL_RETVAL_COMPLETE);
5022}
5023
5024int
5025ctl_start_stop(struct ctl_scsiio *ctsio)
5026{
5027	struct scsi_start_stop_unit *cdb;
5028	struct ctl_lun *lun;
5029	int retval;
5030
5031	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5032
5033	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5034	retval = 0;
5035
5036	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5037
5038	/*
5039	 * XXX KDM
5040	 * We don't support the immediate bit on a stop unit.  In order to
5041	 * do that, we would need to code up a way to know that a stop is
5042	 * pending, and hold off any new commands until it completes, one
5043	 * way or another.  Then we could accept or reject those commands
5044	 * depending on its status.  We would almost need to do the reverse
5045	 * of what we do below for an immediate start -- return the copy of
5046	 * the ctl_io to the FETD with status to send to the host (and to
5047	 * free the copy!) and then free the original I/O once the stop
5048	 * actually completes.  That way, the OOA queue mechanism can work
5049	 * to block commands that shouldn't proceed.  Another alternative
5050	 * would be to put the copy in the queue in place of the original,
5051	 * and return the original back to the caller.  That could be
5052	 * slightly safer..
5053	 */
5054	if ((cdb->byte2 & SSS_IMMED)
5055	 && ((cdb->how & SSS_START) == 0)) {
5056		ctl_set_invalid_field(ctsio,
5057				      /*sks_valid*/ 1,
5058				      /*command*/ 1,
5059				      /*field*/ 1,
5060				      /*bit_valid*/ 1,
5061				      /*bit*/ 0);
5062		ctl_done((union ctl_io *)ctsio);
5063		return (CTL_RETVAL_COMPLETE);
5064	}
5065
5066	if ((lun->flags & CTL_LUN_PR_RESERVED)
5067	 && ((cdb->how & SSS_START)==0)) {
5068		uint32_t residx;
5069
5070		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5071		if (ctl_get_prkey(lun, residx) == 0
5072		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5073
5074			ctl_set_reservation_conflict(ctsio);
5075			ctl_done((union ctl_io *)ctsio);
5076			return (CTL_RETVAL_COMPLETE);
5077		}
5078	}
5079
5080	/*
5081	 * If there is no backend on this device, we can't start or stop
5082	 * it.  In theory we shouldn't get any start/stop commands in the
5083	 * first place at this level if the LUN doesn't have a backend.
5084	 * That should get stopped by the command decode code.
5085	 */
5086	if (lun->backend == NULL) {
5087		ctl_set_invalid_opcode(ctsio);
5088		ctl_done((union ctl_io *)ctsio);
5089		return (CTL_RETVAL_COMPLETE);
5090	}
5091
5092	/*
5093	 * XXX KDM Copan-specific offline behavior.
5094	 * Figure out a reasonable way to port this?
5095	 */
5096#ifdef NEEDTOPORT
5097	mtx_lock(&lun->lun_lock);
5098
5099	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5100	 && (lun->flags & CTL_LUN_OFFLINE)) {
5101		/*
5102		 * If the LUN is offline, and the on/offline bit isn't set,
5103		 * reject the start or stop.  Otherwise, let it through.
5104		 */
5105		mtx_unlock(&lun->lun_lock);
5106		ctl_set_lun_not_ready(ctsio);
5107		ctl_done((union ctl_io *)ctsio);
5108	} else {
5109		mtx_unlock(&lun->lun_lock);
5110#endif /* NEEDTOPORT */
5111		/*
5112		 * This could be a start or a stop when we're online,
5113		 * or a stop/offline or start/online.  A start or stop when
5114		 * we're offline is covered in the case above.
5115		 */
5116		/*
5117		 * In the non-immediate case, we send the request to
5118		 * the backend and return status to the user when
5119		 * it is done.
5120		 *
5121		 * In the immediate case, we allocate a new ctl_io
5122		 * to hold a copy of the request, and send that to
5123		 * the backend.  We then set good status on the
5124		 * user's request and return it immediately.
5125		 */
5126		if (cdb->byte2 & SSS_IMMED) {
5127			union ctl_io *new_io;
5128
5129			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5130			ctl_copy_io((union ctl_io *)ctsio, new_io);
5131			retval = lun->backend->config_write(new_io);
5132			ctl_set_success(ctsio);
5133			ctl_done((union ctl_io *)ctsio);
5134		} else {
5135			retval = lun->backend->config_write(
5136				(union ctl_io *)ctsio);
5137		}
5138#ifdef NEEDTOPORT
5139	}
5140#endif
5141	return (retval);
5142}
5143
5144/*
5145 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5146 * we don't really do anything with the LBA and length fields if the user
5147 * passes them in.  Instead we'll just flush out the cache for the entire
5148 * LUN.
5149 */
5150int
5151ctl_sync_cache(struct ctl_scsiio *ctsio)
5152{
5153	struct ctl_lun *lun;
5154	struct ctl_softc *softc;
5155	struct ctl_lba_len_flags *lbalen;
5156	uint64_t starting_lba;
5157	uint32_t block_count;
5158	int retval;
5159	uint8_t byte2;
5160
5161	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5162
5163	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5164	softc = lun->ctl_softc;
5165	retval = 0;
5166
5167	switch (ctsio->cdb[0]) {
5168	case SYNCHRONIZE_CACHE: {
5169		struct scsi_sync_cache *cdb;
5170		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5171
5172		starting_lba = scsi_4btoul(cdb->begin_lba);
5173		block_count = scsi_2btoul(cdb->lb_count);
5174		byte2 = cdb->byte2;
5175		break;
5176	}
5177	case SYNCHRONIZE_CACHE_16: {
5178		struct scsi_sync_cache_16 *cdb;
5179		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5180
5181		starting_lba = scsi_8btou64(cdb->begin_lba);
5182		block_count = scsi_4btoul(cdb->lb_count);
5183		byte2 = cdb->byte2;
5184		break;
5185	}
5186	default:
5187		ctl_set_invalid_opcode(ctsio);
5188		ctl_done((union ctl_io *)ctsio);
5189		goto bailout;
5190		break; /* NOTREACHED */
5191	}
5192
5193	/*
5194	 * We check the LBA and length, but don't do anything with them.
5195	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5196	 * get flushed.  This check will just help satisfy anyone who wants
5197	 * to see an error for an out of range LBA.
5198	 */
5199	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5200		ctl_set_lba_out_of_range(ctsio);
5201		ctl_done((union ctl_io *)ctsio);
5202		goto bailout;
5203	}
5204
5205	/*
5206	 * If this LUN has no backend, we can't flush the cache anyway.
5207	 */
5208	if (lun->backend == NULL) {
5209		ctl_set_invalid_opcode(ctsio);
5210		ctl_done((union ctl_io *)ctsio);
5211		goto bailout;
5212	}
5213
5214	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5215	lbalen->lba = starting_lba;
5216	lbalen->len = block_count;
5217	lbalen->flags = byte2;
5218
5219	/*
5220	 * Check to see whether we're configured to send the SYNCHRONIZE
5221	 * CACHE command directly to the back end.
5222	 */
5223	mtx_lock(&lun->lun_lock);
5224	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5225	 && (++(lun->sync_count) >= lun->sync_interval)) {
5226		lun->sync_count = 0;
5227		mtx_unlock(&lun->lun_lock);
5228		retval = lun->backend->config_write((union ctl_io *)ctsio);
5229	} else {
5230		mtx_unlock(&lun->lun_lock);
5231		ctl_set_success(ctsio);
5232		ctl_done((union ctl_io *)ctsio);
5233	}
5234
5235bailout:
5236
5237	return (retval);
5238}
5239
5240int
5241ctl_format(struct ctl_scsiio *ctsio)
5242{
5243	struct scsi_format *cdb;
5244	struct ctl_lun *lun;
5245	int length, defect_list_len;
5246
5247	CTL_DEBUG_PRINT(("ctl_format\n"));
5248
5249	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5250
5251	cdb = (struct scsi_format *)ctsio->cdb;
5252
5253	length = 0;
5254	if (cdb->byte2 & SF_FMTDATA) {
5255		if (cdb->byte2 & SF_LONGLIST)
5256			length = sizeof(struct scsi_format_header_long);
5257		else
5258			length = sizeof(struct scsi_format_header_short);
5259	}
5260
5261	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5262	 && (length > 0)) {
5263		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5264		ctsio->kern_data_len = length;
5265		ctsio->kern_total_len = length;
5266		ctsio->kern_data_resid = 0;
5267		ctsio->kern_rel_offset = 0;
5268		ctsio->kern_sg_entries = 0;
5269		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5270		ctsio->be_move_done = ctl_config_move_done;
5271		ctl_datamove((union ctl_io *)ctsio);
5272
5273		return (CTL_RETVAL_COMPLETE);
5274	}
5275
5276	defect_list_len = 0;
5277
5278	if (cdb->byte2 & SF_FMTDATA) {
5279		if (cdb->byte2 & SF_LONGLIST) {
5280			struct scsi_format_header_long *header;
5281
5282			header = (struct scsi_format_header_long *)
5283				ctsio->kern_data_ptr;
5284
5285			defect_list_len = scsi_4btoul(header->defect_list_len);
5286			if (defect_list_len != 0) {
5287				ctl_set_invalid_field(ctsio,
5288						      /*sks_valid*/ 1,
5289						      /*command*/ 0,
5290						      /*field*/ 2,
5291						      /*bit_valid*/ 0,
5292						      /*bit*/ 0);
5293				goto bailout;
5294			}
5295		} else {
5296			struct scsi_format_header_short *header;
5297
5298			header = (struct scsi_format_header_short *)
5299				ctsio->kern_data_ptr;
5300
5301			defect_list_len = scsi_2btoul(header->defect_list_len);
5302			if (defect_list_len != 0) {
5303				ctl_set_invalid_field(ctsio,
5304						      /*sks_valid*/ 1,
5305						      /*command*/ 0,
5306						      /*field*/ 2,
5307						      /*bit_valid*/ 0,
5308						      /*bit*/ 0);
5309				goto bailout;
5310			}
5311		}
5312	}
5313
5314	/*
5315	 * The format command will clear out the "Medium format corrupted"
5316	 * status if set by the configuration code.  That status is really
5317	 * just a way to notify the host that we have lost the media, and
5318	 * get them to issue a command that will basically make them think
5319	 * they're blowing away the media.
5320	 */
5321	mtx_lock(&lun->lun_lock);
5322	lun->flags &= ~CTL_LUN_INOPERABLE;
5323	mtx_unlock(&lun->lun_lock);
5324
5325	ctl_set_success(ctsio);
5326bailout:
5327
5328	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5329		free(ctsio->kern_data_ptr, M_CTL);
5330		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5331	}
5332
5333	ctl_done((union ctl_io *)ctsio);
5334	return (CTL_RETVAL_COMPLETE);
5335}
5336
5337int
5338ctl_read_buffer(struct ctl_scsiio *ctsio)
5339{
5340	struct scsi_read_buffer *cdb;
5341	struct ctl_lun *lun;
5342	int buffer_offset, len;
5343	static uint8_t descr[4];
5344	static uint8_t echo_descr[4] = { 0 };
5345
5346	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5347
5348	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5349	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5350
5351	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5352	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5353	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5354		ctl_set_invalid_field(ctsio,
5355				      /*sks_valid*/ 1,
5356				      /*command*/ 1,
5357				      /*field*/ 1,
5358				      /*bit_valid*/ 1,
5359				      /*bit*/ 4);
5360		ctl_done((union ctl_io *)ctsio);
5361		return (CTL_RETVAL_COMPLETE);
5362	}
5363
5364	len = scsi_3btoul(cdb->length);
5365	buffer_offset = scsi_3btoul(cdb->offset);
5366
5367	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5368		ctl_set_invalid_field(ctsio,
5369				      /*sks_valid*/ 1,
5370				      /*command*/ 1,
5371				      /*field*/ 6,
5372				      /*bit_valid*/ 0,
5373				      /*bit*/ 0);
5374		ctl_done((union ctl_io *)ctsio);
5375		return (CTL_RETVAL_COMPLETE);
5376	}
5377
5378	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5379		descr[0] = 0;
5380		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5381		ctsio->kern_data_ptr = descr;
5382		len = min(len, sizeof(descr));
5383	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5384		ctsio->kern_data_ptr = echo_descr;
5385		len = min(len, sizeof(echo_descr));
5386	} else {
5387		if (lun->write_buffer == NULL) {
5388			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5389			    M_CTL, M_WAITOK);
5390		}
5391		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5392	}
5393	ctsio->kern_data_len = len;
5394	ctsio->kern_total_len = len;
5395	ctsio->kern_data_resid = 0;
5396	ctsio->kern_rel_offset = 0;
5397	ctsio->kern_sg_entries = 0;
5398	ctl_set_success(ctsio);
5399	ctsio->be_move_done = ctl_config_move_done;
5400	ctl_datamove((union ctl_io *)ctsio);
5401	return (CTL_RETVAL_COMPLETE);
5402}
5403
5404int
5405ctl_write_buffer(struct ctl_scsiio *ctsio)
5406{
5407	struct scsi_write_buffer *cdb;
5408	struct ctl_lun *lun;
5409	int buffer_offset, len;
5410
5411	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5412
5413	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5414	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5415
5416	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5417		ctl_set_invalid_field(ctsio,
5418				      /*sks_valid*/ 1,
5419				      /*command*/ 1,
5420				      /*field*/ 1,
5421				      /*bit_valid*/ 1,
5422				      /*bit*/ 4);
5423		ctl_done((union ctl_io *)ctsio);
5424		return (CTL_RETVAL_COMPLETE);
5425	}
5426
5427	len = scsi_3btoul(cdb->length);
5428	buffer_offset = scsi_3btoul(cdb->offset);
5429
5430	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5431		ctl_set_invalid_field(ctsio,
5432				      /*sks_valid*/ 1,
5433				      /*command*/ 1,
5434				      /*field*/ 6,
5435				      /*bit_valid*/ 0,
5436				      /*bit*/ 0);
5437		ctl_done((union ctl_io *)ctsio);
5438		return (CTL_RETVAL_COMPLETE);
5439	}
5440
5441	/*
5442	 * If we've got a kernel request that hasn't been malloced yet,
5443	 * malloc it and tell the caller the data buffer is here.
5444	 */
5445	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5446		if (lun->write_buffer == NULL) {
5447			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5448			    M_CTL, M_WAITOK);
5449		}
5450		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5451		ctsio->kern_data_len = len;
5452		ctsio->kern_total_len = len;
5453		ctsio->kern_data_resid = 0;
5454		ctsio->kern_rel_offset = 0;
5455		ctsio->kern_sg_entries = 0;
5456		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5457		ctsio->be_move_done = ctl_config_move_done;
5458		ctl_datamove((union ctl_io *)ctsio);
5459
5460		return (CTL_RETVAL_COMPLETE);
5461	}
5462
5463	ctl_set_success(ctsio);
5464	ctl_done((union ctl_io *)ctsio);
5465	return (CTL_RETVAL_COMPLETE);
5466}
5467
5468int
5469ctl_write_same(struct ctl_scsiio *ctsio)
5470{
5471	struct ctl_lun *lun;
5472	struct ctl_lba_len_flags *lbalen;
5473	uint64_t lba;
5474	uint32_t num_blocks;
5475	int len, retval;
5476	uint8_t byte2;
5477
5478	retval = CTL_RETVAL_COMPLETE;
5479
5480	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5481
5482	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5483
5484	switch (ctsio->cdb[0]) {
5485	case WRITE_SAME_10: {
5486		struct scsi_write_same_10 *cdb;
5487
5488		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5489
5490		lba = scsi_4btoul(cdb->addr);
5491		num_blocks = scsi_2btoul(cdb->length);
5492		byte2 = cdb->byte2;
5493		break;
5494	}
5495	case WRITE_SAME_16: {
5496		struct scsi_write_same_16 *cdb;
5497
5498		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5499
5500		lba = scsi_8btou64(cdb->addr);
5501		num_blocks = scsi_4btoul(cdb->length);
5502		byte2 = cdb->byte2;
5503		break;
5504	}
5505	default:
5506		/*
5507		 * We got a command we don't support.  This shouldn't
5508		 * happen, commands should be filtered out above us.
5509		 */
5510		ctl_set_invalid_opcode(ctsio);
5511		ctl_done((union ctl_io *)ctsio);
5512
5513		return (CTL_RETVAL_COMPLETE);
5514		break; /* NOTREACHED */
5515	}
5516
5517	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5518	if ((byte2 & SWS_UNMAP) == 0 &&
5519	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5520		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5521		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5522		ctl_done((union ctl_io *)ctsio);
5523		return (CTL_RETVAL_COMPLETE);
5524	}
5525
5526	/*
5527	 * The first check is to make sure we're in bounds, the second
5528	 * check is to catch wrap-around problems.  If the lba + num blocks
5529	 * is less than the lba, then we've wrapped around and the block
5530	 * range is invalid anyway.
5531	 */
5532	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5533	 || ((lba + num_blocks) < lba)) {
5534		ctl_set_lba_out_of_range(ctsio);
5535		ctl_done((union ctl_io *)ctsio);
5536		return (CTL_RETVAL_COMPLETE);
5537	}
5538
5539	/* Zero number of blocks means "to the last logical block" */
5540	if (num_blocks == 0) {
5541		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5542			ctl_set_invalid_field(ctsio,
5543					      /*sks_valid*/ 0,
5544					      /*command*/ 1,
5545					      /*field*/ 0,
5546					      /*bit_valid*/ 0,
5547					      /*bit*/ 0);
5548			ctl_done((union ctl_io *)ctsio);
5549			return (CTL_RETVAL_COMPLETE);
5550		}
5551		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5552	}
5553
5554	len = lun->be_lun->blocksize;
5555
5556	/*
5557	 * If we've got a kernel request that hasn't been malloced yet,
5558	 * malloc it and tell the caller the data buffer is here.
5559	 */
5560	if ((byte2 & SWS_NDOB) == 0 &&
5561	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5562		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5563		ctsio->kern_data_len = len;
5564		ctsio->kern_total_len = len;
5565		ctsio->kern_data_resid = 0;
5566		ctsio->kern_rel_offset = 0;
5567		ctsio->kern_sg_entries = 0;
5568		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5569		ctsio->be_move_done = ctl_config_move_done;
5570		ctl_datamove((union ctl_io *)ctsio);
5571
5572		return (CTL_RETVAL_COMPLETE);
5573	}
5574
5575	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5576	lbalen->lba = lba;
5577	lbalen->len = num_blocks;
5578	lbalen->flags = byte2;
5579	retval = lun->backend->config_write((union ctl_io *)ctsio);
5580
5581	return (retval);
5582}
5583
5584int
5585ctl_unmap(struct ctl_scsiio *ctsio)
5586{
5587	struct ctl_lun *lun;
5588	struct scsi_unmap *cdb;
5589	struct ctl_ptr_len_flags *ptrlen;
5590	struct scsi_unmap_header *hdr;
5591	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5592	uint64_t lba;
5593	uint32_t num_blocks;
5594	int len, retval;
5595	uint8_t byte2;
5596
5597	retval = CTL_RETVAL_COMPLETE;
5598
5599	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5600
5601	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5602	cdb = (struct scsi_unmap *)ctsio->cdb;
5603
5604	len = scsi_2btoul(cdb->length);
5605	byte2 = cdb->byte2;
5606
5607	/*
5608	 * If we've got a kernel request that hasn't been malloced yet,
5609	 * malloc it and tell the caller the data buffer is here.
5610	 */
5611	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5612		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5613		ctsio->kern_data_len = len;
5614		ctsio->kern_total_len = len;
5615		ctsio->kern_data_resid = 0;
5616		ctsio->kern_rel_offset = 0;
5617		ctsio->kern_sg_entries = 0;
5618		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5619		ctsio->be_move_done = ctl_config_move_done;
5620		ctl_datamove((union ctl_io *)ctsio);
5621
5622		return (CTL_RETVAL_COMPLETE);
5623	}
5624
5625	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5626	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5627	if (len < sizeof (*hdr) ||
5628	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5629	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5630	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5631		ctl_set_invalid_field(ctsio,
5632				      /*sks_valid*/ 0,
5633				      /*command*/ 0,
5634				      /*field*/ 0,
5635				      /*bit_valid*/ 0,
5636				      /*bit*/ 0);
5637		goto done;
5638	}
5639	len = scsi_2btoul(hdr->desc_length);
5640	buf = (struct scsi_unmap_desc *)(hdr + 1);
5641	end = buf + len / sizeof(*buf);
5642
5643	endnz = buf;
5644	for (range = buf; range < end; range++) {
5645		lba = scsi_8btou64(range->lba);
5646		num_blocks = scsi_4btoul(range->length);
5647		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5648		 || ((lba + num_blocks) < lba)) {
5649			ctl_set_lba_out_of_range(ctsio);
5650			ctl_done((union ctl_io *)ctsio);
5651			return (CTL_RETVAL_COMPLETE);
5652		}
5653		if (num_blocks != 0)
5654			endnz = range + 1;
5655	}
5656
5657	/*
5658	 * Block backend can not handle zero last range.
5659	 * Filter it out and return if there is nothing left.
5660	 */
5661	len = (uint8_t *)endnz - (uint8_t *)buf;
5662	if (len == 0) {
5663		ctl_set_success(ctsio);
5664		goto done;
5665	}
5666
5667	mtx_lock(&lun->lun_lock);
5668	ptrlen = (struct ctl_ptr_len_flags *)
5669	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5670	ptrlen->ptr = (void *)buf;
5671	ptrlen->len = len;
5672	ptrlen->flags = byte2;
5673	ctl_check_blocked(lun);
5674	mtx_unlock(&lun->lun_lock);
5675
5676	retval = lun->backend->config_write((union ctl_io *)ctsio);
5677	return (retval);
5678
5679done:
5680	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5681		free(ctsio->kern_data_ptr, M_CTL);
5682		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5683	}
5684	ctl_done((union ctl_io *)ctsio);
5685	return (CTL_RETVAL_COMPLETE);
5686}
5687
5688/*
5689 * Note that this function currently doesn't actually do anything inside
5690 * CTL to enforce things if the DQue bit is turned on.
5691 *
5692 * Also note that this function can't be used in the default case, because
5693 * the DQue bit isn't set in the changeable mask for the control mode page
5694 * anyway.  This is just here as an example for how to implement a page
5695 * handler, and a placeholder in case we want to allow the user to turn
5696 * tagged queueing on and off.
5697 *
5698 * The D_SENSE bit handling is functional, however, and will turn
5699 * descriptor sense on and off for a given LUN.
5700 */
5701int
5702ctl_control_page_handler(struct ctl_scsiio *ctsio,
5703			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5704{
5705	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5706	struct ctl_lun *lun;
5707	int set_ua;
5708	uint32_t initidx;
5709
5710	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5711	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5712	set_ua = 0;
5713
5714	user_cp = (struct scsi_control_page *)page_ptr;
5715	current_cp = (struct scsi_control_page *)
5716		(page_index->page_data + (page_index->page_len *
5717		CTL_PAGE_CURRENT));
5718	saved_cp = (struct scsi_control_page *)
5719		(page_index->page_data + (page_index->page_len *
5720		CTL_PAGE_SAVED));
5721
5722	mtx_lock(&lun->lun_lock);
5723	if (((current_cp->rlec & SCP_DSENSE) == 0)
5724	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5725		/*
5726		 * Descriptor sense is currently turned off and the user
5727		 * wants to turn it on.
5728		 */
5729		current_cp->rlec |= SCP_DSENSE;
5730		saved_cp->rlec |= SCP_DSENSE;
5731		lun->flags |= CTL_LUN_SENSE_DESC;
5732		set_ua = 1;
5733	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5734		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5735		/*
5736		 * Descriptor sense is currently turned on, and the user
5737		 * wants to turn it off.
5738		 */
5739		current_cp->rlec &= ~SCP_DSENSE;
5740		saved_cp->rlec &= ~SCP_DSENSE;
5741		lun->flags &= ~CTL_LUN_SENSE_DESC;
5742		set_ua = 1;
5743	}
5744	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5745	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5746		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5747		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5748		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5749		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5750		set_ua = 1;
5751	}
5752	if ((current_cp->eca_and_aen & SCP_SWP) !=
5753	    (user_cp->eca_and_aen & SCP_SWP)) {
5754		current_cp->eca_and_aen &= ~SCP_SWP;
5755		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5756		saved_cp->eca_and_aen &= ~SCP_SWP;
5757		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5758		set_ua = 1;
5759	}
5760	if (set_ua != 0)
5761		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5762	mtx_unlock(&lun->lun_lock);
5763
5764	return (0);
5765}
5766
5767int
5768ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5769		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5770{
5771	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5772	struct ctl_lun *lun;
5773	int set_ua;
5774	uint32_t initidx;
5775
5776	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5777	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5778	set_ua = 0;
5779
5780	user_cp = (struct scsi_caching_page *)page_ptr;
5781	current_cp = (struct scsi_caching_page *)
5782		(page_index->page_data + (page_index->page_len *
5783		CTL_PAGE_CURRENT));
5784	saved_cp = (struct scsi_caching_page *)
5785		(page_index->page_data + (page_index->page_len *
5786		CTL_PAGE_SAVED));
5787
5788	mtx_lock(&lun->lun_lock);
5789	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5790	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5791		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5792		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5793		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5794		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5795		set_ua = 1;
5796	}
5797	if (set_ua != 0)
5798		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5799	mtx_unlock(&lun->lun_lock);
5800
5801	return (0);
5802}
5803
5804int
5805ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5806				struct ctl_page_index *page_index,
5807				uint8_t *page_ptr)
5808{
5809	uint8_t *c;
5810	int i;
5811
5812	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5813	ctl_time_io_secs =
5814		(c[0] << 8) |
5815		(c[1] << 0) |
5816		0;
5817	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5818	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5819	printf("page data:");
5820	for (i=0; i<8; i++)
5821		printf(" %.2x",page_ptr[i]);
5822	printf("\n");
5823	return (0);
5824}
5825
5826int
5827ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5828			       struct ctl_page_index *page_index,
5829			       int pc)
5830{
5831	struct copan_debugconf_subpage *page;
5832
5833	page = (struct copan_debugconf_subpage *)page_index->page_data +
5834		(page_index->page_len * pc);
5835
5836	switch (pc) {
5837	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5838	case SMS_PAGE_CTRL_DEFAULT >> 6:
5839	case SMS_PAGE_CTRL_SAVED >> 6:
5840		/*
5841		 * We don't update the changable or default bits for this page.
5842		 */
5843		break;
5844	case SMS_PAGE_CTRL_CURRENT >> 6:
5845		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5846		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5847		break;
5848	default:
5849#ifdef NEEDTOPORT
5850		EPRINT(0, "Invalid PC %d!!", pc);
5851#endif /* NEEDTOPORT */
5852		break;
5853	}
5854	return (0);
5855}
5856
5857
5858static int
5859ctl_do_mode_select(union ctl_io *io)
5860{
5861	struct scsi_mode_page_header *page_header;
5862	struct ctl_page_index *page_index;
5863	struct ctl_scsiio *ctsio;
5864	int control_dev, page_len;
5865	int page_len_offset, page_len_size;
5866	union ctl_modepage_info *modepage_info;
5867	struct ctl_lun *lun;
5868	int *len_left, *len_used;
5869	int retval, i;
5870
5871	ctsio = &io->scsiio;
5872	page_index = NULL;
5873	page_len = 0;
5874	retval = CTL_RETVAL_COMPLETE;
5875
5876	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5877
5878	if (lun->be_lun->lun_type != T_DIRECT)
5879		control_dev = 1;
5880	else
5881		control_dev = 0;
5882
5883	modepage_info = (union ctl_modepage_info *)
5884		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5885	len_left = &modepage_info->header.len_left;
5886	len_used = &modepage_info->header.len_used;
5887
5888do_next_page:
5889
5890	page_header = (struct scsi_mode_page_header *)
5891		(ctsio->kern_data_ptr + *len_used);
5892
5893	if (*len_left == 0) {
5894		free(ctsio->kern_data_ptr, M_CTL);
5895		ctl_set_success(ctsio);
5896		ctl_done((union ctl_io *)ctsio);
5897		return (CTL_RETVAL_COMPLETE);
5898	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5899
5900		free(ctsio->kern_data_ptr, M_CTL);
5901		ctl_set_param_len_error(ctsio);
5902		ctl_done((union ctl_io *)ctsio);
5903		return (CTL_RETVAL_COMPLETE);
5904
5905	} else if ((page_header->page_code & SMPH_SPF)
5906		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
5907
5908		free(ctsio->kern_data_ptr, M_CTL);
5909		ctl_set_param_len_error(ctsio);
5910		ctl_done((union ctl_io *)ctsio);
5911		return (CTL_RETVAL_COMPLETE);
5912	}
5913
5914
5915	/*
5916	 * XXX KDM should we do something with the block descriptor?
5917	 */
5918	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
5919
5920		if ((control_dev != 0)
5921		 && (lun->mode_pages.index[i].page_flags &
5922		     CTL_PAGE_FLAG_DISK_ONLY))
5923			continue;
5924
5925		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
5926		    (page_header->page_code & SMPH_PC_MASK))
5927			continue;
5928
5929		/*
5930		 * If neither page has a subpage code, then we've got a
5931		 * match.
5932		 */
5933		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
5934		 && ((page_header->page_code & SMPH_SPF) == 0)) {
5935			page_index = &lun->mode_pages.index[i];
5936			page_len = page_header->page_length;
5937			break;
5938		}
5939
5940		/*
5941		 * If both pages have subpages, then the subpage numbers
5942		 * have to match.
5943		 */
5944		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
5945		  && (page_header->page_code & SMPH_SPF)) {
5946			struct scsi_mode_page_header_sp *sph;
5947
5948			sph = (struct scsi_mode_page_header_sp *)page_header;
5949
5950			if (lun->mode_pages.index[i].subpage ==
5951			    sph->subpage) {
5952				page_index = &lun->mode_pages.index[i];
5953				page_len = scsi_2btoul(sph->page_length);
5954				break;
5955			}
5956		}
5957	}
5958
5959	/*
5960	 * If we couldn't find the page, or if we don't have a mode select
5961	 * handler for it, send back an error to the user.
5962	 */
5963	if ((page_index == NULL)
5964	 || (page_index->select_handler == NULL)) {
5965		ctl_set_invalid_field(ctsio,
5966				      /*sks_valid*/ 1,
5967				      /*command*/ 0,
5968				      /*field*/ *len_used,
5969				      /*bit_valid*/ 0,
5970				      /*bit*/ 0);
5971		free(ctsio->kern_data_ptr, M_CTL);
5972		ctl_done((union ctl_io *)ctsio);
5973		return (CTL_RETVAL_COMPLETE);
5974	}
5975
5976	if (page_index->page_code & SMPH_SPF) {
5977		page_len_offset = 2;
5978		page_len_size = 2;
5979	} else {
5980		page_len_size = 1;
5981		page_len_offset = 1;
5982	}
5983
5984	/*
5985	 * If the length the initiator gives us isn't the one we specify in
5986	 * the mode page header, or if they didn't specify enough data in
5987	 * the CDB to avoid truncating this page, kick out the request.
5988	 */
5989	if ((page_len != (page_index->page_len - page_len_offset -
5990			  page_len_size))
5991	 || (*len_left < page_index->page_len)) {
5992
5993
5994		ctl_set_invalid_field(ctsio,
5995				      /*sks_valid*/ 1,
5996				      /*command*/ 0,
5997				      /*field*/ *len_used + page_len_offset,
5998				      /*bit_valid*/ 0,
5999				      /*bit*/ 0);
6000		free(ctsio->kern_data_ptr, M_CTL);
6001		ctl_done((union ctl_io *)ctsio);
6002		return (CTL_RETVAL_COMPLETE);
6003	}
6004
6005	/*
6006	 * Run through the mode page, checking to make sure that the bits
6007	 * the user changed are actually legal for him to change.
6008	 */
6009	for (i = 0; i < page_index->page_len; i++) {
6010		uint8_t *user_byte, *change_mask, *current_byte;
6011		int bad_bit;
6012		int j;
6013
6014		user_byte = (uint8_t *)page_header + i;
6015		change_mask = page_index->page_data +
6016			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6017		current_byte = page_index->page_data +
6018			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6019
6020		/*
6021		 * Check to see whether the user set any bits in this byte
6022		 * that he is not allowed to set.
6023		 */
6024		if ((*user_byte & ~(*change_mask)) ==
6025		    (*current_byte & ~(*change_mask)))
6026			continue;
6027
6028		/*
6029		 * Go through bit by bit to determine which one is illegal.
6030		 */
6031		bad_bit = 0;
6032		for (j = 7; j >= 0; j--) {
6033			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6034			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6035				bad_bit = i;
6036				break;
6037			}
6038		}
6039		ctl_set_invalid_field(ctsio,
6040				      /*sks_valid*/ 1,
6041				      /*command*/ 0,
6042				      /*field*/ *len_used + i,
6043				      /*bit_valid*/ 1,
6044				      /*bit*/ bad_bit);
6045		free(ctsio->kern_data_ptr, M_CTL);
6046		ctl_done((union ctl_io *)ctsio);
6047		return (CTL_RETVAL_COMPLETE);
6048	}
6049
6050	/*
6051	 * Decrement these before we call the page handler, since we may
6052	 * end up getting called back one way or another before the handler
6053	 * returns to this context.
6054	 */
6055	*len_left -= page_index->page_len;
6056	*len_used += page_index->page_len;
6057
6058	retval = page_index->select_handler(ctsio, page_index,
6059					    (uint8_t *)page_header);
6060
6061	/*
6062	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6063	 * wait until this queued command completes to finish processing
6064	 * the mode page.  If it returns anything other than
6065	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6066	 * already set the sense information, freed the data pointer, and
6067	 * completed the io for us.
6068	 */
6069	if (retval != CTL_RETVAL_COMPLETE)
6070		goto bailout_no_done;
6071
6072	/*
6073	 * If the initiator sent us more than one page, parse the next one.
6074	 */
6075	if (*len_left > 0)
6076		goto do_next_page;
6077
6078	ctl_set_success(ctsio);
6079	free(ctsio->kern_data_ptr, M_CTL);
6080	ctl_done((union ctl_io *)ctsio);
6081
6082bailout_no_done:
6083
6084	return (CTL_RETVAL_COMPLETE);
6085
6086}
6087
6088int
6089ctl_mode_select(struct ctl_scsiio *ctsio)
6090{
6091	int param_len, pf, sp;
6092	int header_size, bd_len;
6093	int len_left, len_used;
6094	struct ctl_page_index *page_index;
6095	struct ctl_lun *lun;
6096	int control_dev, page_len;
6097	union ctl_modepage_info *modepage_info;
6098	int retval;
6099
6100	pf = 0;
6101	sp = 0;
6102	page_len = 0;
6103	len_used = 0;
6104	len_left = 0;
6105	retval = 0;
6106	bd_len = 0;
6107	page_index = NULL;
6108
6109	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6110
6111	if (lun->be_lun->lun_type != T_DIRECT)
6112		control_dev = 1;
6113	else
6114		control_dev = 0;
6115
6116	switch (ctsio->cdb[0]) {
6117	case MODE_SELECT_6: {
6118		struct scsi_mode_select_6 *cdb;
6119
6120		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6121
6122		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6123		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6124
6125		param_len = cdb->length;
6126		header_size = sizeof(struct scsi_mode_header_6);
6127		break;
6128	}
6129	case MODE_SELECT_10: {
6130		struct scsi_mode_select_10 *cdb;
6131
6132		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6133
6134		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6135		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6136
6137		param_len = scsi_2btoul(cdb->length);
6138		header_size = sizeof(struct scsi_mode_header_10);
6139		break;
6140	}
6141	default:
6142		ctl_set_invalid_opcode(ctsio);
6143		ctl_done((union ctl_io *)ctsio);
6144		return (CTL_RETVAL_COMPLETE);
6145		break; /* NOTREACHED */
6146	}
6147
6148	/*
6149	 * From SPC-3:
6150	 * "A parameter list length of zero indicates that the Data-Out Buffer
6151	 * shall be empty. This condition shall not be considered as an error."
6152	 */
6153	if (param_len == 0) {
6154		ctl_set_success(ctsio);
6155		ctl_done((union ctl_io *)ctsio);
6156		return (CTL_RETVAL_COMPLETE);
6157	}
6158
6159	/*
6160	 * Since we'll hit this the first time through, prior to
6161	 * allocation, we don't need to free a data buffer here.
6162	 */
6163	if (param_len < header_size) {
6164		ctl_set_param_len_error(ctsio);
6165		ctl_done((union ctl_io *)ctsio);
6166		return (CTL_RETVAL_COMPLETE);
6167	}
6168
6169	/*
6170	 * Allocate the data buffer and grab the user's data.  In theory,
6171	 * we shouldn't have to sanity check the parameter list length here
6172	 * because the maximum size is 64K.  We should be able to malloc
6173	 * that much without too many problems.
6174	 */
6175	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6176		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6177		ctsio->kern_data_len = param_len;
6178		ctsio->kern_total_len = param_len;
6179		ctsio->kern_data_resid = 0;
6180		ctsio->kern_rel_offset = 0;
6181		ctsio->kern_sg_entries = 0;
6182		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6183		ctsio->be_move_done = ctl_config_move_done;
6184		ctl_datamove((union ctl_io *)ctsio);
6185
6186		return (CTL_RETVAL_COMPLETE);
6187	}
6188
6189	switch (ctsio->cdb[0]) {
6190	case MODE_SELECT_6: {
6191		struct scsi_mode_header_6 *mh6;
6192
6193		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6194		bd_len = mh6->blk_desc_len;
6195		break;
6196	}
6197	case MODE_SELECT_10: {
6198		struct scsi_mode_header_10 *mh10;
6199
6200		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6201		bd_len = scsi_2btoul(mh10->blk_desc_len);
6202		break;
6203	}
6204	default:
6205		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6206		break;
6207	}
6208
6209	if (param_len < (header_size + bd_len)) {
6210		free(ctsio->kern_data_ptr, M_CTL);
6211		ctl_set_param_len_error(ctsio);
6212		ctl_done((union ctl_io *)ctsio);
6213		return (CTL_RETVAL_COMPLETE);
6214	}
6215
6216	/*
6217	 * Set the IO_CONT flag, so that if this I/O gets passed to
6218	 * ctl_config_write_done(), it'll get passed back to
6219	 * ctl_do_mode_select() for further processing, or completion if
6220	 * we're all done.
6221	 */
6222	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6223	ctsio->io_cont = ctl_do_mode_select;
6224
6225	modepage_info = (union ctl_modepage_info *)
6226		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6227
6228	memset(modepage_info, 0, sizeof(*modepage_info));
6229
6230	len_left = param_len - header_size - bd_len;
6231	len_used = header_size + bd_len;
6232
6233	modepage_info->header.len_left = len_left;
6234	modepage_info->header.len_used = len_used;
6235
6236	return (ctl_do_mode_select((union ctl_io *)ctsio));
6237}
6238
6239int
6240ctl_mode_sense(struct ctl_scsiio *ctsio)
6241{
6242	struct ctl_lun *lun;
6243	int pc, page_code, dbd, llba, subpage;
6244	int alloc_len, page_len, header_len, total_len;
6245	struct scsi_mode_block_descr *block_desc;
6246	struct ctl_page_index *page_index;
6247	int control_dev;
6248
6249	dbd = 0;
6250	llba = 0;
6251	block_desc = NULL;
6252	page_index = NULL;
6253
6254	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6255
6256	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6257
6258	if (lun->be_lun->lun_type != T_DIRECT)
6259		control_dev = 1;
6260	else
6261		control_dev = 0;
6262
6263	switch (ctsio->cdb[0]) {
6264	case MODE_SENSE_6: {
6265		struct scsi_mode_sense_6 *cdb;
6266
6267		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6268
6269		header_len = sizeof(struct scsi_mode_hdr_6);
6270		if (cdb->byte2 & SMS_DBD)
6271			dbd = 1;
6272		else
6273			header_len += sizeof(struct scsi_mode_block_descr);
6274
6275		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6276		page_code = cdb->page & SMS_PAGE_CODE;
6277		subpage = cdb->subpage;
6278		alloc_len = cdb->length;
6279		break;
6280	}
6281	case MODE_SENSE_10: {
6282		struct scsi_mode_sense_10 *cdb;
6283
6284		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6285
6286		header_len = sizeof(struct scsi_mode_hdr_10);
6287
6288		if (cdb->byte2 & SMS_DBD)
6289			dbd = 1;
6290		else
6291			header_len += sizeof(struct scsi_mode_block_descr);
6292		if (cdb->byte2 & SMS10_LLBAA)
6293			llba = 1;
6294		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6295		page_code = cdb->page & SMS_PAGE_CODE;
6296		subpage = cdb->subpage;
6297		alloc_len = scsi_2btoul(cdb->length);
6298		break;
6299	}
6300	default:
6301		ctl_set_invalid_opcode(ctsio);
6302		ctl_done((union ctl_io *)ctsio);
6303		return (CTL_RETVAL_COMPLETE);
6304		break; /* NOTREACHED */
6305	}
6306
6307	/*
6308	 * We have to make a first pass through to calculate the size of
6309	 * the pages that match the user's query.  Then we allocate enough
6310	 * memory to hold it, and actually copy the data into the buffer.
6311	 */
6312	switch (page_code) {
6313	case SMS_ALL_PAGES_PAGE: {
6314		int i;
6315
6316		page_len = 0;
6317
6318		/*
6319		 * At the moment, values other than 0 and 0xff here are
6320		 * reserved according to SPC-3.
6321		 */
6322		if ((subpage != SMS_SUBPAGE_PAGE_0)
6323		 && (subpage != SMS_SUBPAGE_ALL)) {
6324			ctl_set_invalid_field(ctsio,
6325					      /*sks_valid*/ 1,
6326					      /*command*/ 1,
6327					      /*field*/ 3,
6328					      /*bit_valid*/ 0,
6329					      /*bit*/ 0);
6330			ctl_done((union ctl_io *)ctsio);
6331			return (CTL_RETVAL_COMPLETE);
6332		}
6333
6334		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6335			if ((control_dev != 0)
6336			 && (lun->mode_pages.index[i].page_flags &
6337			     CTL_PAGE_FLAG_DISK_ONLY))
6338				continue;
6339
6340			/*
6341			 * We don't use this subpage if the user didn't
6342			 * request all subpages.
6343			 */
6344			if ((lun->mode_pages.index[i].subpage != 0)
6345			 && (subpage == SMS_SUBPAGE_PAGE_0))
6346				continue;
6347
6348#if 0
6349			printf("found page %#x len %d\n",
6350			       lun->mode_pages.index[i].page_code &
6351			       SMPH_PC_MASK,
6352			       lun->mode_pages.index[i].page_len);
6353#endif
6354			page_len += lun->mode_pages.index[i].page_len;
6355		}
6356		break;
6357	}
6358	default: {
6359		int i;
6360
6361		page_len = 0;
6362
6363		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6364			/* Look for the right page code */
6365			if ((lun->mode_pages.index[i].page_code &
6366			     SMPH_PC_MASK) != page_code)
6367				continue;
6368
6369			/* Look for the right subpage or the subpage wildcard*/
6370			if ((lun->mode_pages.index[i].subpage != subpage)
6371			 && (subpage != SMS_SUBPAGE_ALL))
6372				continue;
6373
6374			/* Make sure the page is supported for this dev type */
6375			if ((control_dev != 0)
6376			 && (lun->mode_pages.index[i].page_flags &
6377			     CTL_PAGE_FLAG_DISK_ONLY))
6378				continue;
6379
6380#if 0
6381			printf("found page %#x len %d\n",
6382			       lun->mode_pages.index[i].page_code &
6383			       SMPH_PC_MASK,
6384			       lun->mode_pages.index[i].page_len);
6385#endif
6386
6387			page_len += lun->mode_pages.index[i].page_len;
6388		}
6389
6390		if (page_len == 0) {
6391			ctl_set_invalid_field(ctsio,
6392					      /*sks_valid*/ 1,
6393					      /*command*/ 1,
6394					      /*field*/ 2,
6395					      /*bit_valid*/ 1,
6396					      /*bit*/ 5);
6397			ctl_done((union ctl_io *)ctsio);
6398			return (CTL_RETVAL_COMPLETE);
6399		}
6400		break;
6401	}
6402	}
6403
6404	total_len = header_len + page_len;
6405#if 0
6406	printf("header_len = %d, page_len = %d, total_len = %d\n",
6407	       header_len, page_len, total_len);
6408#endif
6409
6410	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6411	ctsio->kern_sg_entries = 0;
6412	ctsio->kern_data_resid = 0;
6413	ctsio->kern_rel_offset = 0;
6414	if (total_len < alloc_len) {
6415		ctsio->residual = alloc_len - total_len;
6416		ctsio->kern_data_len = total_len;
6417		ctsio->kern_total_len = total_len;
6418	} else {
6419		ctsio->residual = 0;
6420		ctsio->kern_data_len = alloc_len;
6421		ctsio->kern_total_len = alloc_len;
6422	}
6423
6424	switch (ctsio->cdb[0]) {
6425	case MODE_SENSE_6: {
6426		struct scsi_mode_hdr_6 *header;
6427
6428		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6429
6430		header->datalen = MIN(total_len - 1, 254);
6431		if (control_dev == 0) {
6432			header->dev_specific = 0x10; /* DPOFUA */
6433			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6434			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6435			    .eca_and_aen & SCP_SWP) != 0)
6436				    header->dev_specific |= 0x80; /* WP */
6437		}
6438		if (dbd)
6439			header->block_descr_len = 0;
6440		else
6441			header->block_descr_len =
6442				sizeof(struct scsi_mode_block_descr);
6443		block_desc = (struct scsi_mode_block_descr *)&header[1];
6444		break;
6445	}
6446	case MODE_SENSE_10: {
6447		struct scsi_mode_hdr_10 *header;
6448		int datalen;
6449
6450		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6451
6452		datalen = MIN(total_len - 2, 65533);
6453		scsi_ulto2b(datalen, header->datalen);
6454		if (control_dev == 0) {
6455			header->dev_specific = 0x10; /* DPOFUA */
6456			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6457			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6458			    .eca_and_aen & SCP_SWP) != 0)
6459				    header->dev_specific |= 0x80; /* WP */
6460		}
6461		if (dbd)
6462			scsi_ulto2b(0, header->block_descr_len);
6463		else
6464			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6465				    header->block_descr_len);
6466		block_desc = (struct scsi_mode_block_descr *)&header[1];
6467		break;
6468	}
6469	default:
6470		panic("invalid CDB type %#x", ctsio->cdb[0]);
6471		break; /* NOTREACHED */
6472	}
6473
6474	/*
6475	 * If we've got a disk, use its blocksize in the block
6476	 * descriptor.  Otherwise, just set it to 0.
6477	 */
6478	if (dbd == 0) {
6479		if (control_dev == 0)
6480			scsi_ulto3b(lun->be_lun->blocksize,
6481				    block_desc->block_len);
6482		else
6483			scsi_ulto3b(0, block_desc->block_len);
6484	}
6485
6486	switch (page_code) {
6487	case SMS_ALL_PAGES_PAGE: {
6488		int i, data_used;
6489
6490		data_used = header_len;
6491		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6492			struct ctl_page_index *page_index;
6493
6494			page_index = &lun->mode_pages.index[i];
6495
6496			if ((control_dev != 0)
6497			 && (page_index->page_flags &
6498			    CTL_PAGE_FLAG_DISK_ONLY))
6499				continue;
6500
6501			/*
6502			 * We don't use this subpage if the user didn't
6503			 * request all subpages.  We already checked (above)
6504			 * to make sure the user only specified a subpage
6505			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6506			 */
6507			if ((page_index->subpage != 0)
6508			 && (subpage == SMS_SUBPAGE_PAGE_0))
6509				continue;
6510
6511			/*
6512			 * Call the handler, if it exists, to update the
6513			 * page to the latest values.
6514			 */
6515			if (page_index->sense_handler != NULL)
6516				page_index->sense_handler(ctsio, page_index,pc);
6517
6518			memcpy(ctsio->kern_data_ptr + data_used,
6519			       page_index->page_data +
6520			       (page_index->page_len * pc),
6521			       page_index->page_len);
6522			data_used += page_index->page_len;
6523		}
6524		break;
6525	}
6526	default: {
6527		int i, data_used;
6528
6529		data_used = header_len;
6530
6531		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6532			struct ctl_page_index *page_index;
6533
6534			page_index = &lun->mode_pages.index[i];
6535
6536			/* Look for the right page code */
6537			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6538				continue;
6539
6540			/* Look for the right subpage or the subpage wildcard*/
6541			if ((page_index->subpage != subpage)
6542			 && (subpage != SMS_SUBPAGE_ALL))
6543				continue;
6544
6545			/* Make sure the page is supported for this dev type */
6546			if ((control_dev != 0)
6547			 && (page_index->page_flags &
6548			     CTL_PAGE_FLAG_DISK_ONLY))
6549				continue;
6550
6551			/*
6552			 * Call the handler, if it exists, to update the
6553			 * page to the latest values.
6554			 */
6555			if (page_index->sense_handler != NULL)
6556				page_index->sense_handler(ctsio, page_index,pc);
6557
6558			memcpy(ctsio->kern_data_ptr + data_used,
6559			       page_index->page_data +
6560			       (page_index->page_len * pc),
6561			       page_index->page_len);
6562			data_used += page_index->page_len;
6563		}
6564		break;
6565	}
6566	}
6567
6568	ctl_set_success(ctsio);
6569	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6570	ctsio->be_move_done = ctl_config_move_done;
6571	ctl_datamove((union ctl_io *)ctsio);
6572	return (CTL_RETVAL_COMPLETE);
6573}
6574
6575int
6576ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6577			       struct ctl_page_index *page_index,
6578			       int pc)
6579{
6580	struct ctl_lun *lun;
6581	struct scsi_log_param_header *phdr;
6582	uint8_t *data;
6583	uint64_t val;
6584
6585	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6586	data = page_index->page_data;
6587
6588	if (lun->backend->lun_attr != NULL &&
6589	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6590	     != UINT64_MAX) {
6591		phdr = (struct scsi_log_param_header *)data;
6592		scsi_ulto2b(0x0001, phdr->param_code);
6593		phdr->param_control = SLP_LBIN | SLP_LP;
6594		phdr->param_len = 8;
6595		data = (uint8_t *)(phdr + 1);
6596		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6597		data[4] = 0x02; /* per-pool */
6598		data += phdr->param_len;
6599	}
6600
6601	if (lun->backend->lun_attr != NULL &&
6602	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6603	     != UINT64_MAX) {
6604		phdr = (struct scsi_log_param_header *)data;
6605		scsi_ulto2b(0x0002, phdr->param_code);
6606		phdr->param_control = SLP_LBIN | SLP_LP;
6607		phdr->param_len = 8;
6608		data = (uint8_t *)(phdr + 1);
6609		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6610		data[4] = 0x01; /* per-LUN */
6611		data += phdr->param_len;
6612	}
6613
6614	if (lun->backend->lun_attr != NULL &&
6615	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6616	     != UINT64_MAX) {
6617		phdr = (struct scsi_log_param_header *)data;
6618		scsi_ulto2b(0x00f1, phdr->param_code);
6619		phdr->param_control = SLP_LBIN | SLP_LP;
6620		phdr->param_len = 8;
6621		data = (uint8_t *)(phdr + 1);
6622		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6623		data[4] = 0x02; /* per-pool */
6624		data += phdr->param_len;
6625	}
6626
6627	if (lun->backend->lun_attr != NULL &&
6628	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6629	     != UINT64_MAX) {
6630		phdr = (struct scsi_log_param_header *)data;
6631		scsi_ulto2b(0x00f2, phdr->param_code);
6632		phdr->param_control = SLP_LBIN | SLP_LP;
6633		phdr->param_len = 8;
6634		data = (uint8_t *)(phdr + 1);
6635		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6636		data[4] = 0x02; /* per-pool */
6637		data += phdr->param_len;
6638	}
6639
6640	page_index->page_len = data - page_index->page_data;
6641	return (0);
6642}
6643
6644int
6645ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6646			       struct ctl_page_index *page_index,
6647			       int pc)
6648{
6649	struct ctl_lun *lun;
6650	struct stat_page *data;
6651	uint64_t rn, wn, rb, wb;
6652	struct bintime rt, wt;
6653	int i;
6654
6655	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6656	data = (struct stat_page *)page_index->page_data;
6657
6658	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6659	data->sap.hdr.param_control = SLP_LBIN;
6660	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6661	    sizeof(struct scsi_log_param_header);
6662	rn = wn = rb = wb = 0;
6663	bintime_clear(&rt);
6664	bintime_clear(&wt);
6665	for (i = 0; i < CTL_MAX_PORTS; i++) {
6666		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6667		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6668		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6669		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6670		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6671		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6672	}
6673	scsi_u64to8b(rn, data->sap.read_num);
6674	scsi_u64to8b(wn, data->sap.write_num);
6675	if (lun->stats.blocksize > 0) {
6676		scsi_u64to8b(wb / lun->stats.blocksize,
6677		    data->sap.recvieved_lba);
6678		scsi_u64to8b(rb / lun->stats.blocksize,
6679		    data->sap.transmitted_lba);
6680	}
6681	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6682	    data->sap.read_int);
6683	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6684	    data->sap.write_int);
6685	scsi_u64to8b(0, data->sap.weighted_num);
6686	scsi_u64to8b(0, data->sap.weighted_int);
6687	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6688	data->it.hdr.param_control = SLP_LBIN;
6689	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6690	    sizeof(struct scsi_log_param_header);
6691#ifdef CTL_TIME_IO
6692	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6693#endif
6694	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6695	data->it.hdr.param_control = SLP_LBIN;
6696	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6697	    sizeof(struct scsi_log_param_header);
6698	scsi_ulto4b(3, data->ti.exponent);
6699	scsi_ulto4b(1, data->ti.integer);
6700
6701	page_index->page_len = sizeof(*data);
6702	return (0);
6703}
6704
6705int
6706ctl_log_sense(struct ctl_scsiio *ctsio)
6707{
6708	struct ctl_lun *lun;
6709	int i, pc, page_code, subpage;
6710	int alloc_len, total_len;
6711	struct ctl_page_index *page_index;
6712	struct scsi_log_sense *cdb;
6713	struct scsi_log_header *header;
6714
6715	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6716
6717	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6718	cdb = (struct scsi_log_sense *)ctsio->cdb;
6719	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6720	page_code = cdb->page & SLS_PAGE_CODE;
6721	subpage = cdb->subpage;
6722	alloc_len = scsi_2btoul(cdb->length);
6723
6724	page_index = NULL;
6725	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6726		page_index = &lun->log_pages.index[i];
6727
6728		/* Look for the right page code */
6729		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6730			continue;
6731
6732		/* Look for the right subpage or the subpage wildcard*/
6733		if (page_index->subpage != subpage)
6734			continue;
6735
6736		break;
6737	}
6738	if (i >= CTL_NUM_LOG_PAGES) {
6739		ctl_set_invalid_field(ctsio,
6740				      /*sks_valid*/ 1,
6741				      /*command*/ 1,
6742				      /*field*/ 2,
6743				      /*bit_valid*/ 0,
6744				      /*bit*/ 0);
6745		ctl_done((union ctl_io *)ctsio);
6746		return (CTL_RETVAL_COMPLETE);
6747	}
6748
6749	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6750
6751	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6752	ctsio->kern_sg_entries = 0;
6753	ctsio->kern_data_resid = 0;
6754	ctsio->kern_rel_offset = 0;
6755	if (total_len < alloc_len) {
6756		ctsio->residual = alloc_len - total_len;
6757		ctsio->kern_data_len = total_len;
6758		ctsio->kern_total_len = total_len;
6759	} else {
6760		ctsio->residual = 0;
6761		ctsio->kern_data_len = alloc_len;
6762		ctsio->kern_total_len = alloc_len;
6763	}
6764
6765	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6766	header->page = page_index->page_code;
6767	if (page_index->subpage) {
6768		header->page |= SL_SPF;
6769		header->subpage = page_index->subpage;
6770	}
6771	scsi_ulto2b(page_index->page_len, header->datalen);
6772
6773	/*
6774	 * Call the handler, if it exists, to update the
6775	 * page to the latest values.
6776	 */
6777	if (page_index->sense_handler != NULL)
6778		page_index->sense_handler(ctsio, page_index, pc);
6779
6780	memcpy(header + 1, page_index->page_data, page_index->page_len);
6781
6782	ctl_set_success(ctsio);
6783	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6784	ctsio->be_move_done = ctl_config_move_done;
6785	ctl_datamove((union ctl_io *)ctsio);
6786	return (CTL_RETVAL_COMPLETE);
6787}
6788
6789int
6790ctl_read_capacity(struct ctl_scsiio *ctsio)
6791{
6792	struct scsi_read_capacity *cdb;
6793	struct scsi_read_capacity_data *data;
6794	struct ctl_lun *lun;
6795	uint32_t lba;
6796
6797	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6798
6799	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6800
6801	lba = scsi_4btoul(cdb->addr);
6802	if (((cdb->pmi & SRC_PMI) == 0)
6803	 && (lba != 0)) {
6804		ctl_set_invalid_field(/*ctsio*/ ctsio,
6805				      /*sks_valid*/ 1,
6806				      /*command*/ 1,
6807				      /*field*/ 2,
6808				      /*bit_valid*/ 0,
6809				      /*bit*/ 0);
6810		ctl_done((union ctl_io *)ctsio);
6811		return (CTL_RETVAL_COMPLETE);
6812	}
6813
6814	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6815
6816	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6817	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6818	ctsio->residual = 0;
6819	ctsio->kern_data_len = sizeof(*data);
6820	ctsio->kern_total_len = sizeof(*data);
6821	ctsio->kern_data_resid = 0;
6822	ctsio->kern_rel_offset = 0;
6823	ctsio->kern_sg_entries = 0;
6824
6825	/*
6826	 * If the maximum LBA is greater than 0xfffffffe, the user must
6827	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6828	 * serivce action set.
6829	 */
6830	if (lun->be_lun->maxlba > 0xfffffffe)
6831		scsi_ulto4b(0xffffffff, data->addr);
6832	else
6833		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6834
6835	/*
6836	 * XXX KDM this may not be 512 bytes...
6837	 */
6838	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6839
6840	ctl_set_success(ctsio);
6841	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6842	ctsio->be_move_done = ctl_config_move_done;
6843	ctl_datamove((union ctl_io *)ctsio);
6844	return (CTL_RETVAL_COMPLETE);
6845}
6846
6847int
6848ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6849{
6850	struct scsi_read_capacity_16 *cdb;
6851	struct scsi_read_capacity_data_long *data;
6852	struct ctl_lun *lun;
6853	uint64_t lba;
6854	uint32_t alloc_len;
6855
6856	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6857
6858	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6859
6860	alloc_len = scsi_4btoul(cdb->alloc_len);
6861	lba = scsi_8btou64(cdb->addr);
6862
6863	if ((cdb->reladr & SRC16_PMI)
6864	 && (lba != 0)) {
6865		ctl_set_invalid_field(/*ctsio*/ ctsio,
6866				      /*sks_valid*/ 1,
6867				      /*command*/ 1,
6868				      /*field*/ 2,
6869				      /*bit_valid*/ 0,
6870				      /*bit*/ 0);
6871		ctl_done((union ctl_io *)ctsio);
6872		return (CTL_RETVAL_COMPLETE);
6873	}
6874
6875	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6876
6877	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6878	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6879
6880	if (sizeof(*data) < alloc_len) {
6881		ctsio->residual = alloc_len - sizeof(*data);
6882		ctsio->kern_data_len = sizeof(*data);
6883		ctsio->kern_total_len = sizeof(*data);
6884	} else {
6885		ctsio->residual = 0;
6886		ctsio->kern_data_len = alloc_len;
6887		ctsio->kern_total_len = alloc_len;
6888	}
6889	ctsio->kern_data_resid = 0;
6890	ctsio->kern_rel_offset = 0;
6891	ctsio->kern_sg_entries = 0;
6892
6893	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6894	/* XXX KDM this may not be 512 bytes... */
6895	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6896	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6897	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6898	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6899		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6900
6901	ctl_set_success(ctsio);
6902	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6903	ctsio->be_move_done = ctl_config_move_done;
6904	ctl_datamove((union ctl_io *)ctsio);
6905	return (CTL_RETVAL_COMPLETE);
6906}
6907
6908int
6909ctl_get_lba_status(struct ctl_scsiio *ctsio)
6910{
6911	struct scsi_get_lba_status *cdb;
6912	struct scsi_get_lba_status_data *data;
6913	struct ctl_lun *lun;
6914	struct ctl_lba_len_flags *lbalen;
6915	uint64_t lba;
6916	uint32_t alloc_len, total_len;
6917	int retval;
6918
6919	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
6920
6921	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6922	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
6923	lba = scsi_8btou64(cdb->addr);
6924	alloc_len = scsi_4btoul(cdb->alloc_len);
6925
6926	if (lba > lun->be_lun->maxlba) {
6927		ctl_set_lba_out_of_range(ctsio);
6928		ctl_done((union ctl_io *)ctsio);
6929		return (CTL_RETVAL_COMPLETE);
6930	}
6931
6932	total_len = sizeof(*data) + sizeof(data->descr[0]);
6933	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6934	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
6935
6936	if (total_len < alloc_len) {
6937		ctsio->residual = alloc_len - total_len;
6938		ctsio->kern_data_len = total_len;
6939		ctsio->kern_total_len = total_len;
6940	} else {
6941		ctsio->residual = 0;
6942		ctsio->kern_data_len = alloc_len;
6943		ctsio->kern_total_len = alloc_len;
6944	}
6945	ctsio->kern_data_resid = 0;
6946	ctsio->kern_rel_offset = 0;
6947	ctsio->kern_sg_entries = 0;
6948
6949	/* Fill dummy data in case backend can't tell anything. */
6950	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
6951	scsi_u64to8b(lba, data->descr[0].addr);
6952	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
6953	    data->descr[0].length);
6954	data->descr[0].status = 0; /* Mapped or unknown. */
6955
6956	ctl_set_success(ctsio);
6957	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6958	ctsio->be_move_done = ctl_config_move_done;
6959
6960	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
6961	lbalen->lba = lba;
6962	lbalen->len = total_len;
6963	lbalen->flags = 0;
6964	retval = lun->backend->config_read((union ctl_io *)ctsio);
6965	return (CTL_RETVAL_COMPLETE);
6966}
6967
6968int
6969ctl_read_defect(struct ctl_scsiio *ctsio)
6970{
6971	struct scsi_read_defect_data_10 *ccb10;
6972	struct scsi_read_defect_data_12 *ccb12;
6973	struct scsi_read_defect_data_hdr_10 *data10;
6974	struct scsi_read_defect_data_hdr_12 *data12;
6975	uint32_t alloc_len, data_len;
6976	uint8_t format;
6977
6978	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
6979
6980	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
6981		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
6982		format = ccb10->format;
6983		alloc_len = scsi_2btoul(ccb10->alloc_length);
6984		data_len = sizeof(*data10);
6985	} else {
6986		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
6987		format = ccb12->format;
6988		alloc_len = scsi_4btoul(ccb12->alloc_length);
6989		data_len = sizeof(*data12);
6990	}
6991	if (alloc_len == 0) {
6992		ctl_set_success(ctsio);
6993		ctl_done((union ctl_io *)ctsio);
6994		return (CTL_RETVAL_COMPLETE);
6995	}
6996
6997	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
6998	if (data_len < alloc_len) {
6999		ctsio->residual = alloc_len - data_len;
7000		ctsio->kern_data_len = data_len;
7001		ctsio->kern_total_len = data_len;
7002	} else {
7003		ctsio->residual = 0;
7004		ctsio->kern_data_len = alloc_len;
7005		ctsio->kern_total_len = alloc_len;
7006	}
7007	ctsio->kern_data_resid = 0;
7008	ctsio->kern_rel_offset = 0;
7009	ctsio->kern_sg_entries = 0;
7010
7011	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7012		data10 = (struct scsi_read_defect_data_hdr_10 *)
7013		    ctsio->kern_data_ptr;
7014		data10->format = format;
7015		scsi_ulto2b(0, data10->length);
7016	} else {
7017		data12 = (struct scsi_read_defect_data_hdr_12 *)
7018		    ctsio->kern_data_ptr;
7019		data12->format = format;
7020		scsi_ulto2b(0, data12->generation);
7021		scsi_ulto4b(0, data12->length);
7022	}
7023
7024	ctl_set_success(ctsio);
7025	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7026	ctsio->be_move_done = ctl_config_move_done;
7027	ctl_datamove((union ctl_io *)ctsio);
7028	return (CTL_RETVAL_COMPLETE);
7029}
7030
7031int
7032ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7033{
7034	struct scsi_maintenance_in *cdb;
7035	int retval;
7036	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7037	int num_target_port_groups, num_target_ports;
7038	struct ctl_lun *lun;
7039	struct ctl_softc *softc;
7040	struct ctl_port *port;
7041	struct scsi_target_group_data *rtg_ptr;
7042	struct scsi_target_group_data_extended *rtg_ext_ptr;
7043	struct scsi_target_port_group_descriptor *tpg_desc;
7044
7045	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7046
7047	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7048	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7049	softc = lun->ctl_softc;
7050
7051	retval = CTL_RETVAL_COMPLETE;
7052
7053	switch (cdb->byte2 & STG_PDF_MASK) {
7054	case STG_PDF_LENGTH:
7055		ext = 0;
7056		break;
7057	case STG_PDF_EXTENDED:
7058		ext = 1;
7059		break;
7060	default:
7061		ctl_set_invalid_field(/*ctsio*/ ctsio,
7062				      /*sks_valid*/ 1,
7063				      /*command*/ 1,
7064				      /*field*/ 2,
7065				      /*bit_valid*/ 1,
7066				      /*bit*/ 5);
7067		ctl_done((union ctl_io *)ctsio);
7068		return(retval);
7069	}
7070
7071	if (softc->is_single)
7072		num_target_port_groups = 1;
7073	else
7074		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7075	num_target_ports = 0;
7076	mtx_lock(&softc->ctl_lock);
7077	STAILQ_FOREACH(port, &softc->port_list, links) {
7078		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7079			continue;
7080		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7081			continue;
7082		num_target_ports++;
7083	}
7084	mtx_unlock(&softc->ctl_lock);
7085
7086	if (ext)
7087		total_len = sizeof(struct scsi_target_group_data_extended);
7088	else
7089		total_len = sizeof(struct scsi_target_group_data);
7090	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7091		num_target_port_groups +
7092	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7093
7094	alloc_len = scsi_4btoul(cdb->length);
7095
7096	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7097
7098	ctsio->kern_sg_entries = 0;
7099
7100	if (total_len < alloc_len) {
7101		ctsio->residual = alloc_len - total_len;
7102		ctsio->kern_data_len = total_len;
7103		ctsio->kern_total_len = total_len;
7104	} else {
7105		ctsio->residual = 0;
7106		ctsio->kern_data_len = alloc_len;
7107		ctsio->kern_total_len = alloc_len;
7108	}
7109	ctsio->kern_data_resid = 0;
7110	ctsio->kern_rel_offset = 0;
7111
7112	if (ext) {
7113		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7114		    ctsio->kern_data_ptr;
7115		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7116		rtg_ext_ptr->format_type = 0x10;
7117		rtg_ext_ptr->implicit_transition_time = 0;
7118		tpg_desc = &rtg_ext_ptr->groups[0];
7119	} else {
7120		rtg_ptr = (struct scsi_target_group_data *)
7121		    ctsio->kern_data_ptr;
7122		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7123		tpg_desc = &rtg_ptr->groups[0];
7124	}
7125
7126	mtx_lock(&softc->ctl_lock);
7127	pg = softc->port_min / softc->port_cnt;
7128	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7129		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7130	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7131		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7132	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7133		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7134	else
7135		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7136	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7137		os = gs;
7138		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7139	} else
7140		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7141	for (g = 0; g < num_target_port_groups; g++) {
7142		tpg_desc->pref_state = (g == pg) ? gs : os;
7143		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7144		    TPG_U_SUP | TPG_T_SUP;
7145		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7146		tpg_desc->status = TPG_IMPLICIT;
7147		pc = 0;
7148		STAILQ_FOREACH(port, &softc->port_list, links) {
7149			if (port->targ_port < g * softc->port_cnt ||
7150			    port->targ_port >= (g + 1) * softc->port_cnt)
7151				continue;
7152			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7153				continue;
7154			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7155				continue;
7156			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7157			    relative_target_port_identifier);
7158			pc++;
7159		}
7160		tpg_desc->target_port_count = pc;
7161		tpg_desc = (struct scsi_target_port_group_descriptor *)
7162		    &tpg_desc->descriptors[pc];
7163	}
7164	mtx_unlock(&softc->ctl_lock);
7165
7166	ctl_set_success(ctsio);
7167	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7168	ctsio->be_move_done = ctl_config_move_done;
7169	ctl_datamove((union ctl_io *)ctsio);
7170	return(retval);
7171}
7172
7173int
7174ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7175{
7176	struct ctl_lun *lun;
7177	struct scsi_report_supported_opcodes *cdb;
7178	const struct ctl_cmd_entry *entry, *sentry;
7179	struct scsi_report_supported_opcodes_all *all;
7180	struct scsi_report_supported_opcodes_descr *descr;
7181	struct scsi_report_supported_opcodes_one *one;
7182	int retval;
7183	int alloc_len, total_len;
7184	int opcode, service_action, i, j, num;
7185
7186	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7187
7188	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7189	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7190
7191	retval = CTL_RETVAL_COMPLETE;
7192
7193	opcode = cdb->requested_opcode;
7194	service_action = scsi_2btoul(cdb->requested_service_action);
7195	switch (cdb->options & RSO_OPTIONS_MASK) {
7196	case RSO_OPTIONS_ALL:
7197		num = 0;
7198		for (i = 0; i < 256; i++) {
7199			entry = &ctl_cmd_table[i];
7200			if (entry->flags & CTL_CMD_FLAG_SA5) {
7201				for (j = 0; j < 32; j++) {
7202					sentry = &((const struct ctl_cmd_entry *)
7203					    entry->execute)[j];
7204					if (ctl_cmd_applicable(
7205					    lun->be_lun->lun_type, sentry))
7206						num++;
7207				}
7208			} else {
7209				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7210				    entry))
7211					num++;
7212			}
7213		}
7214		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7215		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7216		break;
7217	case RSO_OPTIONS_OC:
7218		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7219			ctl_set_invalid_field(/*ctsio*/ ctsio,
7220					      /*sks_valid*/ 1,
7221					      /*command*/ 1,
7222					      /*field*/ 2,
7223					      /*bit_valid*/ 1,
7224					      /*bit*/ 2);
7225			ctl_done((union ctl_io *)ctsio);
7226			return (CTL_RETVAL_COMPLETE);
7227		}
7228		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7229		break;
7230	case RSO_OPTIONS_OC_SA:
7231		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7232		    service_action >= 32) {
7233			ctl_set_invalid_field(/*ctsio*/ ctsio,
7234					      /*sks_valid*/ 1,
7235					      /*command*/ 1,
7236					      /*field*/ 2,
7237					      /*bit_valid*/ 1,
7238					      /*bit*/ 2);
7239			ctl_done((union ctl_io *)ctsio);
7240			return (CTL_RETVAL_COMPLETE);
7241		}
7242		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7243		break;
7244	default:
7245		ctl_set_invalid_field(/*ctsio*/ ctsio,
7246				      /*sks_valid*/ 1,
7247				      /*command*/ 1,
7248				      /*field*/ 2,
7249				      /*bit_valid*/ 1,
7250				      /*bit*/ 2);
7251		ctl_done((union ctl_io *)ctsio);
7252		return (CTL_RETVAL_COMPLETE);
7253	}
7254
7255	alloc_len = scsi_4btoul(cdb->length);
7256
7257	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7258
7259	ctsio->kern_sg_entries = 0;
7260
7261	if (total_len < alloc_len) {
7262		ctsio->residual = alloc_len - total_len;
7263		ctsio->kern_data_len = total_len;
7264		ctsio->kern_total_len = total_len;
7265	} else {
7266		ctsio->residual = 0;
7267		ctsio->kern_data_len = alloc_len;
7268		ctsio->kern_total_len = alloc_len;
7269	}
7270	ctsio->kern_data_resid = 0;
7271	ctsio->kern_rel_offset = 0;
7272
7273	switch (cdb->options & RSO_OPTIONS_MASK) {
7274	case RSO_OPTIONS_ALL:
7275		all = (struct scsi_report_supported_opcodes_all *)
7276		    ctsio->kern_data_ptr;
7277		num = 0;
7278		for (i = 0; i < 256; i++) {
7279			entry = &ctl_cmd_table[i];
7280			if (entry->flags & CTL_CMD_FLAG_SA5) {
7281				for (j = 0; j < 32; j++) {
7282					sentry = &((const struct ctl_cmd_entry *)
7283					    entry->execute)[j];
7284					if (!ctl_cmd_applicable(
7285					    lun->be_lun->lun_type, sentry))
7286						continue;
7287					descr = &all->descr[num++];
7288					descr->opcode = i;
7289					scsi_ulto2b(j, descr->service_action);
7290					descr->flags = RSO_SERVACTV;
7291					scsi_ulto2b(sentry->length,
7292					    descr->cdb_length);
7293				}
7294			} else {
7295				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7296				    entry))
7297					continue;
7298				descr = &all->descr[num++];
7299				descr->opcode = i;
7300				scsi_ulto2b(0, descr->service_action);
7301				descr->flags = 0;
7302				scsi_ulto2b(entry->length, descr->cdb_length);
7303			}
7304		}
7305		scsi_ulto4b(
7306		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7307		    all->length);
7308		break;
7309	case RSO_OPTIONS_OC:
7310		one = (struct scsi_report_supported_opcodes_one *)
7311		    ctsio->kern_data_ptr;
7312		entry = &ctl_cmd_table[opcode];
7313		goto fill_one;
7314	case RSO_OPTIONS_OC_SA:
7315		one = (struct scsi_report_supported_opcodes_one *)
7316		    ctsio->kern_data_ptr;
7317		entry = &ctl_cmd_table[opcode];
7318		entry = &((const struct ctl_cmd_entry *)
7319		    entry->execute)[service_action];
7320fill_one:
7321		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7322			one->support = 3;
7323			scsi_ulto2b(entry->length, one->cdb_length);
7324			one->cdb_usage[0] = opcode;
7325			memcpy(&one->cdb_usage[1], entry->usage,
7326			    entry->length - 1);
7327		} else
7328			one->support = 1;
7329		break;
7330	}
7331
7332	ctl_set_success(ctsio);
7333	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7334	ctsio->be_move_done = ctl_config_move_done;
7335	ctl_datamove((union ctl_io *)ctsio);
7336	return(retval);
7337}
7338
7339int
7340ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7341{
7342	struct scsi_report_supported_tmf *cdb;
7343	struct scsi_report_supported_tmf_data *data;
7344	int retval;
7345	int alloc_len, total_len;
7346
7347	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7348
7349	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7350
7351	retval = CTL_RETVAL_COMPLETE;
7352
7353	total_len = sizeof(struct scsi_report_supported_tmf_data);
7354	alloc_len = scsi_4btoul(cdb->length);
7355
7356	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7357
7358	ctsio->kern_sg_entries = 0;
7359
7360	if (total_len < alloc_len) {
7361		ctsio->residual = alloc_len - total_len;
7362		ctsio->kern_data_len = total_len;
7363		ctsio->kern_total_len = total_len;
7364	} else {
7365		ctsio->residual = 0;
7366		ctsio->kern_data_len = alloc_len;
7367		ctsio->kern_total_len = alloc_len;
7368	}
7369	ctsio->kern_data_resid = 0;
7370	ctsio->kern_rel_offset = 0;
7371
7372	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7373	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7374	    RST_TRS;
7375	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7376
7377	ctl_set_success(ctsio);
7378	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7379	ctsio->be_move_done = ctl_config_move_done;
7380	ctl_datamove((union ctl_io *)ctsio);
7381	return (retval);
7382}
7383
7384int
7385ctl_report_timestamp(struct ctl_scsiio *ctsio)
7386{
7387	struct scsi_report_timestamp *cdb;
7388	struct scsi_report_timestamp_data *data;
7389	struct timeval tv;
7390	int64_t timestamp;
7391	int retval;
7392	int alloc_len, total_len;
7393
7394	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7395
7396	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7397
7398	retval = CTL_RETVAL_COMPLETE;
7399
7400	total_len = sizeof(struct scsi_report_timestamp_data);
7401	alloc_len = scsi_4btoul(cdb->length);
7402
7403	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7404
7405	ctsio->kern_sg_entries = 0;
7406
7407	if (total_len < alloc_len) {
7408		ctsio->residual = alloc_len - total_len;
7409		ctsio->kern_data_len = total_len;
7410		ctsio->kern_total_len = total_len;
7411	} else {
7412		ctsio->residual = 0;
7413		ctsio->kern_data_len = alloc_len;
7414		ctsio->kern_total_len = alloc_len;
7415	}
7416	ctsio->kern_data_resid = 0;
7417	ctsio->kern_rel_offset = 0;
7418
7419	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7420	scsi_ulto2b(sizeof(*data) - 2, data->length);
7421	data->origin = RTS_ORIG_OUTSIDE;
7422	getmicrotime(&tv);
7423	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7424	scsi_ulto4b(timestamp >> 16, data->timestamp);
7425	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7426
7427	ctl_set_success(ctsio);
7428	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7429	ctsio->be_move_done = ctl_config_move_done;
7430	ctl_datamove((union ctl_io *)ctsio);
7431	return (retval);
7432}
7433
7434int
7435ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7436{
7437	struct scsi_per_res_in *cdb;
7438	int alloc_len, total_len = 0;
7439	/* struct scsi_per_res_in_rsrv in_data; */
7440	struct ctl_lun *lun;
7441	struct ctl_softc *softc;
7442	uint64_t key;
7443
7444	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7445
7446	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7447
7448	alloc_len = scsi_2btoul(cdb->length);
7449
7450	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7451	softc = lun->ctl_softc;
7452
7453retry:
7454	mtx_lock(&lun->lun_lock);
7455	switch (cdb->action) {
7456	case SPRI_RK: /* read keys */
7457		total_len = sizeof(struct scsi_per_res_in_keys) +
7458			lun->pr_key_count *
7459			sizeof(struct scsi_per_res_key);
7460		break;
7461	case SPRI_RR: /* read reservation */
7462		if (lun->flags & CTL_LUN_PR_RESERVED)
7463			total_len = sizeof(struct scsi_per_res_in_rsrv);
7464		else
7465			total_len = sizeof(struct scsi_per_res_in_header);
7466		break;
7467	case SPRI_RC: /* report capabilities */
7468		total_len = sizeof(struct scsi_per_res_cap);
7469		break;
7470	case SPRI_RS: /* read full status */
7471		total_len = sizeof(struct scsi_per_res_in_header) +
7472		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7473		    lun->pr_key_count;
7474		break;
7475	default:
7476		panic("Invalid PR type %x", cdb->action);
7477	}
7478	mtx_unlock(&lun->lun_lock);
7479
7480	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7481
7482	if (total_len < alloc_len) {
7483		ctsio->residual = alloc_len - total_len;
7484		ctsio->kern_data_len = total_len;
7485		ctsio->kern_total_len = total_len;
7486	} else {
7487		ctsio->residual = 0;
7488		ctsio->kern_data_len = alloc_len;
7489		ctsio->kern_total_len = alloc_len;
7490	}
7491
7492	ctsio->kern_data_resid = 0;
7493	ctsio->kern_rel_offset = 0;
7494	ctsio->kern_sg_entries = 0;
7495
7496	mtx_lock(&lun->lun_lock);
7497	switch (cdb->action) {
7498	case SPRI_RK: { // read keys
7499        struct scsi_per_res_in_keys *res_keys;
7500		int i, key_count;
7501
7502		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7503
7504		/*
7505		 * We had to drop the lock to allocate our buffer, which
7506		 * leaves time for someone to come in with another
7507		 * persistent reservation.  (That is unlikely, though,
7508		 * since this should be the only persistent reservation
7509		 * command active right now.)
7510		 */
7511		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7512		    (lun->pr_key_count *
7513		     sizeof(struct scsi_per_res_key)))){
7514			mtx_unlock(&lun->lun_lock);
7515			free(ctsio->kern_data_ptr, M_CTL);
7516			printf("%s: reservation length changed, retrying\n",
7517			       __func__);
7518			goto retry;
7519		}
7520
7521		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7522
7523		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7524			     lun->pr_key_count, res_keys->header.length);
7525
7526		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7527			if ((key = ctl_get_prkey(lun, i)) == 0)
7528				continue;
7529
7530			/*
7531			 * We used lun->pr_key_count to calculate the
7532			 * size to allocate.  If it turns out the number of
7533			 * initiators with the registered flag set is
7534			 * larger than that (i.e. they haven't been kept in
7535			 * sync), we've got a problem.
7536			 */
7537			if (key_count >= lun->pr_key_count) {
7538#ifdef NEEDTOPORT
7539				csevent_log(CSC_CTL | CSC_SHELF_SW |
7540					    CTL_PR_ERROR,
7541					    csevent_LogType_Fault,
7542					    csevent_AlertLevel_Yellow,
7543					    csevent_FRU_ShelfController,
7544					    csevent_FRU_Firmware,
7545				        csevent_FRU_Unknown,
7546					    "registered keys %d >= key "
7547					    "count %d", key_count,
7548					    lun->pr_key_count);
7549#endif
7550				key_count++;
7551				continue;
7552			}
7553			scsi_u64to8b(key, res_keys->keys[key_count].key);
7554			key_count++;
7555		}
7556		break;
7557	}
7558	case SPRI_RR: { // read reservation
7559		struct scsi_per_res_in_rsrv *res;
7560		int tmp_len, header_only;
7561
7562		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7563
7564		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7565
7566		if (lun->flags & CTL_LUN_PR_RESERVED)
7567		{
7568			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7569			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7570				    res->header.length);
7571			header_only = 0;
7572		} else {
7573			tmp_len = sizeof(struct scsi_per_res_in_header);
7574			scsi_ulto4b(0, res->header.length);
7575			header_only = 1;
7576		}
7577
7578		/*
7579		 * We had to drop the lock to allocate our buffer, which
7580		 * leaves time for someone to come in with another
7581		 * persistent reservation.  (That is unlikely, though,
7582		 * since this should be the only persistent reservation
7583		 * command active right now.)
7584		 */
7585		if (tmp_len != total_len) {
7586			mtx_unlock(&lun->lun_lock);
7587			free(ctsio->kern_data_ptr, M_CTL);
7588			printf("%s: reservation status changed, retrying\n",
7589			       __func__);
7590			goto retry;
7591		}
7592
7593		/*
7594		 * No reservation held, so we're done.
7595		 */
7596		if (header_only != 0)
7597			break;
7598
7599		/*
7600		 * If the registration is an All Registrants type, the key
7601		 * is 0, since it doesn't really matter.
7602		 */
7603		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7604			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7605			    res->data.reservation);
7606		}
7607		res->data.scopetype = lun->res_type;
7608		break;
7609	}
7610	case SPRI_RC:     //report capabilities
7611	{
7612		struct scsi_per_res_cap *res_cap;
7613		uint16_t type_mask;
7614
7615		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7616		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7617		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7618		type_mask = SPRI_TM_WR_EX_AR |
7619			    SPRI_TM_EX_AC_RO |
7620			    SPRI_TM_WR_EX_RO |
7621			    SPRI_TM_EX_AC |
7622			    SPRI_TM_WR_EX |
7623			    SPRI_TM_EX_AC_AR;
7624		scsi_ulto2b(type_mask, res_cap->type_mask);
7625		break;
7626	}
7627	case SPRI_RS: { // read full status
7628		struct scsi_per_res_in_full *res_status;
7629		struct scsi_per_res_in_full_desc *res_desc;
7630		struct ctl_port *port;
7631		int i, len;
7632
7633		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7634
7635		/*
7636		 * We had to drop the lock to allocate our buffer, which
7637		 * leaves time for someone to come in with another
7638		 * persistent reservation.  (That is unlikely, though,
7639		 * since this should be the only persistent reservation
7640		 * command active right now.)
7641		 */
7642		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7643		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7644		     lun->pr_key_count)){
7645			mtx_unlock(&lun->lun_lock);
7646			free(ctsio->kern_data_ptr, M_CTL);
7647			printf("%s: reservation length changed, retrying\n",
7648			       __func__);
7649			goto retry;
7650		}
7651
7652		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7653
7654		res_desc = &res_status->desc[0];
7655		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7656			if ((key = ctl_get_prkey(lun, i)) == 0)
7657				continue;
7658
7659			scsi_u64to8b(key, res_desc->res_key.key);
7660			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7661			    (lun->pr_res_idx == i ||
7662			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7663				res_desc->flags = SPRI_FULL_R_HOLDER;
7664				res_desc->scopetype = lun->res_type;
7665			}
7666			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7667			    res_desc->rel_trgt_port_id);
7668			len = 0;
7669			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7670			if (port != NULL)
7671				len = ctl_create_iid(port,
7672				    i % CTL_MAX_INIT_PER_PORT,
7673				    res_desc->transport_id);
7674			scsi_ulto4b(len, res_desc->additional_length);
7675			res_desc = (struct scsi_per_res_in_full_desc *)
7676			    &res_desc->transport_id[len];
7677		}
7678		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7679		    res_status->header.length);
7680		break;
7681	}
7682	default:
7683		/*
7684		 * This is a bug, because we just checked for this above,
7685		 * and should have returned an error.
7686		 */
7687		panic("Invalid PR type %x", cdb->action);
7688		break; /* NOTREACHED */
7689	}
7690	mtx_unlock(&lun->lun_lock);
7691
7692	ctl_set_success(ctsio);
7693	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7694	ctsio->be_move_done = ctl_config_move_done;
7695	ctl_datamove((union ctl_io *)ctsio);
7696	return (CTL_RETVAL_COMPLETE);
7697}
7698
7699/*
7700 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7701 * it should return.
7702 */
7703static int
7704ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7705		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7706		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7707		struct scsi_per_res_out_parms* param)
7708{
7709	union ctl_ha_msg persis_io;
7710	int i;
7711
7712	mtx_lock(&lun->lun_lock);
7713	if (sa_res_key == 0) {
7714		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7715			/* validate scope and type */
7716			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7717			     SPR_LU_SCOPE) {
7718				mtx_unlock(&lun->lun_lock);
7719				ctl_set_invalid_field(/*ctsio*/ ctsio,
7720						      /*sks_valid*/ 1,
7721						      /*command*/ 1,
7722						      /*field*/ 2,
7723						      /*bit_valid*/ 1,
7724						      /*bit*/ 4);
7725				ctl_done((union ctl_io *)ctsio);
7726				return (1);
7727			}
7728
7729		        if (type>8 || type==2 || type==4 || type==0) {
7730				mtx_unlock(&lun->lun_lock);
7731				ctl_set_invalid_field(/*ctsio*/ ctsio,
7732       	           				      /*sks_valid*/ 1,
7733						      /*command*/ 1,
7734						      /*field*/ 2,
7735						      /*bit_valid*/ 1,
7736						      /*bit*/ 0);
7737				ctl_done((union ctl_io *)ctsio);
7738				return (1);
7739		        }
7740
7741			/*
7742			 * Unregister everybody else and build UA for
7743			 * them
7744			 */
7745			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7746				if (i == residx || ctl_get_prkey(lun, i) == 0)
7747					continue;
7748
7749				ctl_clr_prkey(lun, i);
7750				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7751			}
7752			lun->pr_key_count = 1;
7753			lun->res_type = type;
7754			if (lun->res_type != SPR_TYPE_WR_EX_AR
7755			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7756				lun->pr_res_idx = residx;
7757			lun->PRGeneration++;
7758			mtx_unlock(&lun->lun_lock);
7759
7760			/* send msg to other side */
7761			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7762			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7763			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7764			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7765			persis_io.pr.pr_info.res_type = type;
7766			memcpy(persis_io.pr.pr_info.sa_res_key,
7767			       param->serv_act_res_key,
7768			       sizeof(param->serv_act_res_key));
7769			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7770			    sizeof(persis_io.pr), M_WAITOK);
7771		} else {
7772			/* not all registrants */
7773			mtx_unlock(&lun->lun_lock);
7774			free(ctsio->kern_data_ptr, M_CTL);
7775			ctl_set_invalid_field(ctsio,
7776					      /*sks_valid*/ 1,
7777					      /*command*/ 0,
7778					      /*field*/ 8,
7779					      /*bit_valid*/ 0,
7780					      /*bit*/ 0);
7781			ctl_done((union ctl_io *)ctsio);
7782			return (1);
7783		}
7784	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7785		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7786		int found = 0;
7787
7788		if (res_key == sa_res_key) {
7789			/* special case */
7790			/*
7791			 * The spec implies this is not good but doesn't
7792			 * say what to do. There are two choices either
7793			 * generate a res conflict or check condition
7794			 * with illegal field in parameter data. Since
7795			 * that is what is done when the sa_res_key is
7796			 * zero I'll take that approach since this has
7797			 * to do with the sa_res_key.
7798			 */
7799			mtx_unlock(&lun->lun_lock);
7800			free(ctsio->kern_data_ptr, M_CTL);
7801			ctl_set_invalid_field(ctsio,
7802					      /*sks_valid*/ 1,
7803					      /*command*/ 0,
7804					      /*field*/ 8,
7805					      /*bit_valid*/ 0,
7806					      /*bit*/ 0);
7807			ctl_done((union ctl_io *)ctsio);
7808			return (1);
7809		}
7810
7811		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7812			if (ctl_get_prkey(lun, i) != sa_res_key)
7813				continue;
7814
7815			found = 1;
7816			ctl_clr_prkey(lun, i);
7817			lun->pr_key_count--;
7818			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7819		}
7820		if (!found) {
7821			mtx_unlock(&lun->lun_lock);
7822			free(ctsio->kern_data_ptr, M_CTL);
7823			ctl_set_reservation_conflict(ctsio);
7824			ctl_done((union ctl_io *)ctsio);
7825			return (CTL_RETVAL_COMPLETE);
7826		}
7827		lun->PRGeneration++;
7828		mtx_unlock(&lun->lun_lock);
7829
7830		/* send msg to other side */
7831		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7832		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7833		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7834		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7835		persis_io.pr.pr_info.res_type = type;
7836		memcpy(persis_io.pr.pr_info.sa_res_key,
7837		       param->serv_act_res_key,
7838		       sizeof(param->serv_act_res_key));
7839		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7840		    sizeof(persis_io.pr), M_WAITOK);
7841	} else {
7842		/* Reserved but not all registrants */
7843		/* sa_res_key is res holder */
7844		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7845			/* validate scope and type */
7846			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7847			     SPR_LU_SCOPE) {
7848				mtx_unlock(&lun->lun_lock);
7849				ctl_set_invalid_field(/*ctsio*/ ctsio,
7850						      /*sks_valid*/ 1,
7851						      /*command*/ 1,
7852						      /*field*/ 2,
7853						      /*bit_valid*/ 1,
7854						      /*bit*/ 4);
7855				ctl_done((union ctl_io *)ctsio);
7856				return (1);
7857			}
7858
7859			if (type>8 || type==2 || type==4 || type==0) {
7860				mtx_unlock(&lun->lun_lock);
7861				ctl_set_invalid_field(/*ctsio*/ ctsio,
7862						      /*sks_valid*/ 1,
7863						      /*command*/ 1,
7864						      /*field*/ 2,
7865						      /*bit_valid*/ 1,
7866						      /*bit*/ 0);
7867				ctl_done((union ctl_io *)ctsio);
7868				return (1);
7869			}
7870
7871			/*
7872			 * Do the following:
7873			 * if sa_res_key != res_key remove all
7874			 * registrants w/sa_res_key and generate UA
7875			 * for these registrants(Registrations
7876			 * Preempted) if it wasn't an exclusive
7877			 * reservation generate UA(Reservations
7878			 * Preempted) for all other registered nexuses
7879			 * if the type has changed. Establish the new
7880			 * reservation and holder. If res_key and
7881			 * sa_res_key are the same do the above
7882			 * except don't unregister the res holder.
7883			 */
7884
7885			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7886				if (i == residx || ctl_get_prkey(lun, i) == 0)
7887					continue;
7888
7889				if (sa_res_key == ctl_get_prkey(lun, i)) {
7890					ctl_clr_prkey(lun, i);
7891					lun->pr_key_count--;
7892					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7893				} else if (type != lun->res_type
7894					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7895					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7896					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7897				}
7898			}
7899			lun->res_type = type;
7900			if (lun->res_type != SPR_TYPE_WR_EX_AR
7901			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7902				lun->pr_res_idx = residx;
7903			else
7904				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
7905			lun->PRGeneration++;
7906			mtx_unlock(&lun->lun_lock);
7907
7908			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7909			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7910			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7911			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7912			persis_io.pr.pr_info.res_type = type;
7913			memcpy(persis_io.pr.pr_info.sa_res_key,
7914			       param->serv_act_res_key,
7915			       sizeof(param->serv_act_res_key));
7916			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7917			    sizeof(persis_io.pr), M_WAITOK);
7918		} else {
7919			/*
7920			 * sa_res_key is not the res holder just
7921			 * remove registrants
7922			 */
7923			int found=0;
7924
7925			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7926				if (sa_res_key != ctl_get_prkey(lun, i))
7927					continue;
7928
7929				found = 1;
7930				ctl_clr_prkey(lun, i);
7931				lun->pr_key_count--;
7932				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7933			}
7934
7935			if (!found) {
7936				mtx_unlock(&lun->lun_lock);
7937				free(ctsio->kern_data_ptr, M_CTL);
7938				ctl_set_reservation_conflict(ctsio);
7939				ctl_done((union ctl_io *)ctsio);
7940		        	return (1);
7941			}
7942			lun->PRGeneration++;
7943			mtx_unlock(&lun->lun_lock);
7944
7945			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7946			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7947			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7948			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7949			persis_io.pr.pr_info.res_type = type;
7950			memcpy(persis_io.pr.pr_info.sa_res_key,
7951			       param->serv_act_res_key,
7952			       sizeof(param->serv_act_res_key));
7953			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7954			    sizeof(persis_io.pr), M_WAITOK);
7955		}
7956	}
7957	return (0);
7958}
7959
7960static void
7961ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
7962{
7963	uint64_t sa_res_key;
7964	int i;
7965
7966	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
7967
7968	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7969	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
7970	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
7971		if (sa_res_key == 0) {
7972			/*
7973			 * Unregister everybody else and build UA for
7974			 * them
7975			 */
7976			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7977				if (i == msg->pr.pr_info.residx ||
7978				    ctl_get_prkey(lun, i) == 0)
7979					continue;
7980
7981				ctl_clr_prkey(lun, i);
7982				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7983			}
7984
7985			lun->pr_key_count = 1;
7986			lun->res_type = msg->pr.pr_info.res_type;
7987			if (lun->res_type != SPR_TYPE_WR_EX_AR
7988			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7989				lun->pr_res_idx = msg->pr.pr_info.residx;
7990		} else {
7991		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7992				if (sa_res_key == ctl_get_prkey(lun, i))
7993					continue;
7994
7995				ctl_clr_prkey(lun, i);
7996				lun->pr_key_count--;
7997				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7998			}
7999		}
8000	} else {
8001		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8002			if (i == msg->pr.pr_info.residx ||
8003			    ctl_get_prkey(lun, i) == 0)
8004				continue;
8005
8006			if (sa_res_key == ctl_get_prkey(lun, i)) {
8007				ctl_clr_prkey(lun, i);
8008				lun->pr_key_count--;
8009				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8010			} else if (msg->pr.pr_info.res_type != lun->res_type
8011				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8012				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8013				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8014			}
8015		}
8016		lun->res_type = msg->pr.pr_info.res_type;
8017		if (lun->res_type != SPR_TYPE_WR_EX_AR
8018		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8019			lun->pr_res_idx = msg->pr.pr_info.residx;
8020		else
8021			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8022	}
8023	lun->PRGeneration++;
8024
8025}
8026
8027
8028int
8029ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8030{
8031	int retval;
8032	u_int32_t param_len;
8033	struct scsi_per_res_out *cdb;
8034	struct ctl_lun *lun;
8035	struct scsi_per_res_out_parms* param;
8036	struct ctl_softc *softc;
8037	uint32_t residx;
8038	uint64_t res_key, sa_res_key, key;
8039	uint8_t type;
8040	union ctl_ha_msg persis_io;
8041	int    i;
8042
8043	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8044
8045	retval = CTL_RETVAL_COMPLETE;
8046
8047	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8048	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8049	softc = lun->ctl_softc;
8050
8051	/*
8052	 * We only support whole-LUN scope.  The scope & type are ignored for
8053	 * register, register and ignore existing key and clear.
8054	 * We sometimes ignore scope and type on preempts too!!
8055	 * Verify reservation type here as well.
8056	 */
8057	type = cdb->scope_type & SPR_TYPE_MASK;
8058	if ((cdb->action == SPRO_RESERVE)
8059	 || (cdb->action == SPRO_RELEASE)) {
8060		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8061			ctl_set_invalid_field(/*ctsio*/ ctsio,
8062					      /*sks_valid*/ 1,
8063					      /*command*/ 1,
8064					      /*field*/ 2,
8065					      /*bit_valid*/ 1,
8066					      /*bit*/ 4);
8067			ctl_done((union ctl_io *)ctsio);
8068			return (CTL_RETVAL_COMPLETE);
8069		}
8070
8071		if (type>8 || type==2 || type==4 || type==0) {
8072			ctl_set_invalid_field(/*ctsio*/ ctsio,
8073					      /*sks_valid*/ 1,
8074					      /*command*/ 1,
8075					      /*field*/ 2,
8076					      /*bit_valid*/ 1,
8077					      /*bit*/ 0);
8078			ctl_done((union ctl_io *)ctsio);
8079			return (CTL_RETVAL_COMPLETE);
8080		}
8081	}
8082
8083	param_len = scsi_4btoul(cdb->length);
8084
8085	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8086		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8087		ctsio->kern_data_len = param_len;
8088		ctsio->kern_total_len = param_len;
8089		ctsio->kern_data_resid = 0;
8090		ctsio->kern_rel_offset = 0;
8091		ctsio->kern_sg_entries = 0;
8092		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8093		ctsio->be_move_done = ctl_config_move_done;
8094		ctl_datamove((union ctl_io *)ctsio);
8095
8096		return (CTL_RETVAL_COMPLETE);
8097	}
8098
8099	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8100
8101	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8102	res_key = scsi_8btou64(param->res_key.key);
8103	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8104
8105	/*
8106	 * Validate the reservation key here except for SPRO_REG_IGNO
8107	 * This must be done for all other service actions
8108	 */
8109	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8110		mtx_lock(&lun->lun_lock);
8111		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8112			if (res_key != key) {
8113				/*
8114				 * The current key passed in doesn't match
8115				 * the one the initiator previously
8116				 * registered.
8117				 */
8118				mtx_unlock(&lun->lun_lock);
8119				free(ctsio->kern_data_ptr, M_CTL);
8120				ctl_set_reservation_conflict(ctsio);
8121				ctl_done((union ctl_io *)ctsio);
8122				return (CTL_RETVAL_COMPLETE);
8123			}
8124		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8125			/*
8126			 * We are not registered
8127			 */
8128			mtx_unlock(&lun->lun_lock);
8129			free(ctsio->kern_data_ptr, M_CTL);
8130			ctl_set_reservation_conflict(ctsio);
8131			ctl_done((union ctl_io *)ctsio);
8132			return (CTL_RETVAL_COMPLETE);
8133		} else if (res_key != 0) {
8134			/*
8135			 * We are not registered and trying to register but
8136			 * the register key isn't zero.
8137			 */
8138			mtx_unlock(&lun->lun_lock);
8139			free(ctsio->kern_data_ptr, M_CTL);
8140			ctl_set_reservation_conflict(ctsio);
8141			ctl_done((union ctl_io *)ctsio);
8142			return (CTL_RETVAL_COMPLETE);
8143		}
8144		mtx_unlock(&lun->lun_lock);
8145	}
8146
8147	switch (cdb->action & SPRO_ACTION_MASK) {
8148	case SPRO_REGISTER:
8149	case SPRO_REG_IGNO: {
8150
8151#if 0
8152		printf("Registration received\n");
8153#endif
8154
8155		/*
8156		 * We don't support any of these options, as we report in
8157		 * the read capabilities request (see
8158		 * ctl_persistent_reserve_in(), above).
8159		 */
8160		if ((param->flags & SPR_SPEC_I_PT)
8161		 || (param->flags & SPR_ALL_TG_PT)
8162		 || (param->flags & SPR_APTPL)) {
8163			int bit_ptr;
8164
8165			if (param->flags & SPR_APTPL)
8166				bit_ptr = 0;
8167			else if (param->flags & SPR_ALL_TG_PT)
8168				bit_ptr = 2;
8169			else /* SPR_SPEC_I_PT */
8170				bit_ptr = 3;
8171
8172			free(ctsio->kern_data_ptr, M_CTL);
8173			ctl_set_invalid_field(ctsio,
8174					      /*sks_valid*/ 1,
8175					      /*command*/ 0,
8176					      /*field*/ 20,
8177					      /*bit_valid*/ 1,
8178					      /*bit*/ bit_ptr);
8179			ctl_done((union ctl_io *)ctsio);
8180			return (CTL_RETVAL_COMPLETE);
8181		}
8182
8183		mtx_lock(&lun->lun_lock);
8184
8185		/*
8186		 * The initiator wants to clear the
8187		 * key/unregister.
8188		 */
8189		if (sa_res_key == 0) {
8190			if ((res_key == 0
8191			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8192			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8193			  && ctl_get_prkey(lun, residx) == 0)) {
8194				mtx_unlock(&lun->lun_lock);
8195				goto done;
8196			}
8197
8198			ctl_clr_prkey(lun, residx);
8199			lun->pr_key_count--;
8200
8201			if (residx == lun->pr_res_idx) {
8202				lun->flags &= ~CTL_LUN_PR_RESERVED;
8203				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8204
8205				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8206				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8207				 && lun->pr_key_count) {
8208					/*
8209					 * If the reservation is a registrants
8210					 * only type we need to generate a UA
8211					 * for other registered inits.  The
8212					 * sense code should be RESERVATIONS
8213					 * RELEASED
8214					 */
8215
8216					for (i = softc->init_min; i < softc->init_max; i++){
8217						if (ctl_get_prkey(lun, i) == 0)
8218							continue;
8219						ctl_est_ua(lun, i,
8220						    CTL_UA_RES_RELEASE);
8221					}
8222				}
8223				lun->res_type = 0;
8224			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8225				if (lun->pr_key_count==0) {
8226					lun->flags &= ~CTL_LUN_PR_RESERVED;
8227					lun->res_type = 0;
8228					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8229				}
8230			}
8231			lun->PRGeneration++;
8232			mtx_unlock(&lun->lun_lock);
8233
8234			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8235			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8236			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8237			persis_io.pr.pr_info.residx = residx;
8238			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8239			    sizeof(persis_io.pr), M_WAITOK);
8240		} else /* sa_res_key != 0 */ {
8241
8242			/*
8243			 * If we aren't registered currently then increment
8244			 * the key count and set the registered flag.
8245			 */
8246			ctl_alloc_prkey(lun, residx);
8247			if (ctl_get_prkey(lun, residx) == 0)
8248				lun->pr_key_count++;
8249			ctl_set_prkey(lun, residx, sa_res_key);
8250			lun->PRGeneration++;
8251			mtx_unlock(&lun->lun_lock);
8252
8253			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8254			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8255			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8256			persis_io.pr.pr_info.residx = residx;
8257			memcpy(persis_io.pr.pr_info.sa_res_key,
8258			       param->serv_act_res_key,
8259			       sizeof(param->serv_act_res_key));
8260			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8261			    sizeof(persis_io.pr), M_WAITOK);
8262		}
8263
8264		break;
8265	}
8266	case SPRO_RESERVE:
8267#if 0
8268                printf("Reserve executed type %d\n", type);
8269#endif
8270		mtx_lock(&lun->lun_lock);
8271		if (lun->flags & CTL_LUN_PR_RESERVED) {
8272			/*
8273			 * if this isn't the reservation holder and it's
8274			 * not a "all registrants" type or if the type is
8275			 * different then we have a conflict
8276			 */
8277			if ((lun->pr_res_idx != residx
8278			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8279			 || lun->res_type != type) {
8280				mtx_unlock(&lun->lun_lock);
8281				free(ctsio->kern_data_ptr, M_CTL);
8282				ctl_set_reservation_conflict(ctsio);
8283				ctl_done((union ctl_io *)ctsio);
8284				return (CTL_RETVAL_COMPLETE);
8285			}
8286			mtx_unlock(&lun->lun_lock);
8287		} else /* create a reservation */ {
8288			/*
8289			 * If it's not an "all registrants" type record
8290			 * reservation holder
8291			 */
8292			if (type != SPR_TYPE_WR_EX_AR
8293			 && type != SPR_TYPE_EX_AC_AR)
8294				lun->pr_res_idx = residx; /* Res holder */
8295			else
8296				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8297
8298			lun->flags |= CTL_LUN_PR_RESERVED;
8299			lun->res_type = type;
8300
8301			mtx_unlock(&lun->lun_lock);
8302
8303			/* send msg to other side */
8304			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8305			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8306			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8307			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8308			persis_io.pr.pr_info.res_type = type;
8309			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8310			    sizeof(persis_io.pr), M_WAITOK);
8311		}
8312		break;
8313
8314	case SPRO_RELEASE:
8315		mtx_lock(&lun->lun_lock);
8316		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8317			/* No reservation exists return good status */
8318			mtx_unlock(&lun->lun_lock);
8319			goto done;
8320		}
8321		/*
8322		 * Is this nexus a reservation holder?
8323		 */
8324		if (lun->pr_res_idx != residx
8325		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8326			/*
8327			 * not a res holder return good status but
8328			 * do nothing
8329			 */
8330			mtx_unlock(&lun->lun_lock);
8331			goto done;
8332		}
8333
8334		if (lun->res_type != type) {
8335			mtx_unlock(&lun->lun_lock);
8336			free(ctsio->kern_data_ptr, M_CTL);
8337			ctl_set_illegal_pr_release(ctsio);
8338			ctl_done((union ctl_io *)ctsio);
8339			return (CTL_RETVAL_COMPLETE);
8340		}
8341
8342		/* okay to release */
8343		lun->flags &= ~CTL_LUN_PR_RESERVED;
8344		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8345		lun->res_type = 0;
8346
8347		/*
8348		 * if this isn't an exclusive access
8349		 * res generate UA for all other
8350		 * registrants.
8351		 */
8352		if (type != SPR_TYPE_EX_AC
8353		 && type != SPR_TYPE_WR_EX) {
8354			for (i = softc->init_min; i < softc->init_max; i++) {
8355				if (i == residx || ctl_get_prkey(lun, i) == 0)
8356					continue;
8357				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8358			}
8359		}
8360		mtx_unlock(&lun->lun_lock);
8361
8362		/* Send msg to other side */
8363		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8364		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8365		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8366		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8367		     sizeof(persis_io.pr), M_WAITOK);
8368		break;
8369
8370	case SPRO_CLEAR:
8371		/* send msg to other side */
8372
8373		mtx_lock(&lun->lun_lock);
8374		lun->flags &= ~CTL_LUN_PR_RESERVED;
8375		lun->res_type = 0;
8376		lun->pr_key_count = 0;
8377		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8378
8379		ctl_clr_prkey(lun, residx);
8380		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8381			if (ctl_get_prkey(lun, i) != 0) {
8382				ctl_clr_prkey(lun, i);
8383				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8384			}
8385		lun->PRGeneration++;
8386		mtx_unlock(&lun->lun_lock);
8387
8388		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8389		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8390		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8391		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8392		     sizeof(persis_io.pr), M_WAITOK);
8393		break;
8394
8395	case SPRO_PREEMPT:
8396	case SPRO_PRE_ABO: {
8397		int nretval;
8398
8399		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8400					  residx, ctsio, cdb, param);
8401		if (nretval != 0)
8402			return (CTL_RETVAL_COMPLETE);
8403		break;
8404	}
8405	default:
8406		panic("Invalid PR type %x", cdb->action);
8407	}
8408
8409done:
8410	free(ctsio->kern_data_ptr, M_CTL);
8411	ctl_set_success(ctsio);
8412	ctl_done((union ctl_io *)ctsio);
8413
8414	return (retval);
8415}
8416
8417/*
8418 * This routine is for handling a message from the other SC pertaining to
8419 * persistent reserve out. All the error checking will have been done
8420 * so only perorming the action need be done here to keep the two
8421 * in sync.
8422 */
8423static void
8424ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8425{
8426	struct ctl_lun *lun;
8427	struct ctl_softc *softc;
8428	int i;
8429	uint32_t residx, targ_lun;
8430
8431	softc = control_softc;
8432	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8433	mtx_lock(&softc->ctl_lock);
8434	if ((targ_lun >= CTL_MAX_LUNS) ||
8435	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8436		mtx_unlock(&softc->ctl_lock);
8437		return;
8438	}
8439	mtx_lock(&lun->lun_lock);
8440	mtx_unlock(&softc->ctl_lock);
8441	if (lun->flags & CTL_LUN_DISABLED) {
8442		mtx_unlock(&lun->lun_lock);
8443		return;
8444	}
8445	residx = ctl_get_initindex(&msg->hdr.nexus);
8446	switch(msg->pr.pr_info.action) {
8447	case CTL_PR_REG_KEY:
8448		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8449		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8450			lun->pr_key_count++;
8451		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8452		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8453		lun->PRGeneration++;
8454		break;
8455
8456	case CTL_PR_UNREG_KEY:
8457		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8458		lun->pr_key_count--;
8459
8460		/* XXX Need to see if the reservation has been released */
8461		/* if so do we need to generate UA? */
8462		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8463			lun->flags &= ~CTL_LUN_PR_RESERVED;
8464			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8465
8466			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8467			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8468			 && lun->pr_key_count) {
8469				/*
8470				 * If the reservation is a registrants
8471				 * only type we need to generate a UA
8472				 * for other registered inits.  The
8473				 * sense code should be RESERVATIONS
8474				 * RELEASED
8475				 */
8476
8477				for (i = softc->init_min; i < softc->init_max; i++) {
8478					if (ctl_get_prkey(lun, i) == 0)
8479						continue;
8480
8481					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8482				}
8483			}
8484			lun->res_type = 0;
8485		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8486			if (lun->pr_key_count==0) {
8487				lun->flags &= ~CTL_LUN_PR_RESERVED;
8488				lun->res_type = 0;
8489				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8490			}
8491		}
8492		lun->PRGeneration++;
8493		break;
8494
8495	case CTL_PR_RESERVE:
8496		lun->flags |= CTL_LUN_PR_RESERVED;
8497		lun->res_type = msg->pr.pr_info.res_type;
8498		lun->pr_res_idx = msg->pr.pr_info.residx;
8499
8500		break;
8501
8502	case CTL_PR_RELEASE:
8503		/*
8504		 * if this isn't an exclusive access res generate UA for all
8505		 * other registrants.
8506		 */
8507		if (lun->res_type != SPR_TYPE_EX_AC
8508		 && lun->res_type != SPR_TYPE_WR_EX) {
8509			for (i = softc->init_min; i < softc->init_max; i++)
8510				if (i == residx || ctl_get_prkey(lun, i) == 0)
8511					continue;
8512				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8513		}
8514
8515		lun->flags &= ~CTL_LUN_PR_RESERVED;
8516		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8517		lun->res_type = 0;
8518		break;
8519
8520	case CTL_PR_PREEMPT:
8521		ctl_pro_preempt_other(lun, msg);
8522		break;
8523	case CTL_PR_CLEAR:
8524		lun->flags &= ~CTL_LUN_PR_RESERVED;
8525		lun->res_type = 0;
8526		lun->pr_key_count = 0;
8527		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8528
8529		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8530			if (ctl_get_prkey(lun, i) == 0)
8531				continue;
8532			ctl_clr_prkey(lun, i);
8533			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8534		}
8535		lun->PRGeneration++;
8536		break;
8537	}
8538
8539	mtx_unlock(&lun->lun_lock);
8540}
8541
8542int
8543ctl_read_write(struct ctl_scsiio *ctsio)
8544{
8545	struct ctl_lun *lun;
8546	struct ctl_lba_len_flags *lbalen;
8547	uint64_t lba;
8548	uint32_t num_blocks;
8549	int flags, retval;
8550	int isread;
8551
8552	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8553
8554	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8555
8556	flags = 0;
8557	retval = CTL_RETVAL_COMPLETE;
8558
8559	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8560	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8561	switch (ctsio->cdb[0]) {
8562	case READ_6:
8563	case WRITE_6: {
8564		struct scsi_rw_6 *cdb;
8565
8566		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8567
8568		lba = scsi_3btoul(cdb->addr);
8569		/* only 5 bits are valid in the most significant address byte */
8570		lba &= 0x1fffff;
8571		num_blocks = cdb->length;
8572		/*
8573		 * This is correct according to SBC-2.
8574		 */
8575		if (num_blocks == 0)
8576			num_blocks = 256;
8577		break;
8578	}
8579	case READ_10:
8580	case WRITE_10: {
8581		struct scsi_rw_10 *cdb;
8582
8583		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8584		if (cdb->byte2 & SRW10_FUA)
8585			flags |= CTL_LLF_FUA;
8586		if (cdb->byte2 & SRW10_DPO)
8587			flags |= CTL_LLF_DPO;
8588		lba = scsi_4btoul(cdb->addr);
8589		num_blocks = scsi_2btoul(cdb->length);
8590		break;
8591	}
8592	case WRITE_VERIFY_10: {
8593		struct scsi_write_verify_10 *cdb;
8594
8595		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8596		flags |= CTL_LLF_FUA;
8597		if (cdb->byte2 & SWV_DPO)
8598			flags |= CTL_LLF_DPO;
8599		lba = scsi_4btoul(cdb->addr);
8600		num_blocks = scsi_2btoul(cdb->length);
8601		break;
8602	}
8603	case READ_12:
8604	case WRITE_12: {
8605		struct scsi_rw_12 *cdb;
8606
8607		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8608		if (cdb->byte2 & SRW12_FUA)
8609			flags |= CTL_LLF_FUA;
8610		if (cdb->byte2 & SRW12_DPO)
8611			flags |= CTL_LLF_DPO;
8612		lba = scsi_4btoul(cdb->addr);
8613		num_blocks = scsi_4btoul(cdb->length);
8614		break;
8615	}
8616	case WRITE_VERIFY_12: {
8617		struct scsi_write_verify_12 *cdb;
8618
8619		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8620		flags |= CTL_LLF_FUA;
8621		if (cdb->byte2 & SWV_DPO)
8622			flags |= CTL_LLF_DPO;
8623		lba = scsi_4btoul(cdb->addr);
8624		num_blocks = scsi_4btoul(cdb->length);
8625		break;
8626	}
8627	case READ_16:
8628	case WRITE_16: {
8629		struct scsi_rw_16 *cdb;
8630
8631		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8632		if (cdb->byte2 & SRW12_FUA)
8633			flags |= CTL_LLF_FUA;
8634		if (cdb->byte2 & SRW12_DPO)
8635			flags |= CTL_LLF_DPO;
8636		lba = scsi_8btou64(cdb->addr);
8637		num_blocks = scsi_4btoul(cdb->length);
8638		break;
8639	}
8640	case WRITE_ATOMIC_16: {
8641		struct scsi_rw_16 *cdb;
8642
8643		if (lun->be_lun->atomicblock == 0) {
8644			ctl_set_invalid_opcode(ctsio);
8645			ctl_done((union ctl_io *)ctsio);
8646			return (CTL_RETVAL_COMPLETE);
8647		}
8648
8649		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8650		if (cdb->byte2 & SRW12_FUA)
8651			flags |= CTL_LLF_FUA;
8652		if (cdb->byte2 & SRW12_DPO)
8653			flags |= CTL_LLF_DPO;
8654		lba = scsi_8btou64(cdb->addr);
8655		num_blocks = scsi_4btoul(cdb->length);
8656		if (num_blocks > lun->be_lun->atomicblock) {
8657			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8658			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8659			    /*bit*/ 0);
8660			ctl_done((union ctl_io *)ctsio);
8661			return (CTL_RETVAL_COMPLETE);
8662		}
8663		break;
8664	}
8665	case WRITE_VERIFY_16: {
8666		struct scsi_write_verify_16 *cdb;
8667
8668		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8669		flags |= CTL_LLF_FUA;
8670		if (cdb->byte2 & SWV_DPO)
8671			flags |= CTL_LLF_DPO;
8672		lba = scsi_8btou64(cdb->addr);
8673		num_blocks = scsi_4btoul(cdb->length);
8674		break;
8675	}
8676	default:
8677		/*
8678		 * We got a command we don't support.  This shouldn't
8679		 * happen, commands should be filtered out above us.
8680		 */
8681		ctl_set_invalid_opcode(ctsio);
8682		ctl_done((union ctl_io *)ctsio);
8683
8684		return (CTL_RETVAL_COMPLETE);
8685		break; /* NOTREACHED */
8686	}
8687
8688	/*
8689	 * The first check is to make sure we're in bounds, the second
8690	 * check is to catch wrap-around problems.  If the lba + num blocks
8691	 * is less than the lba, then we've wrapped around and the block
8692	 * range is invalid anyway.
8693	 */
8694	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8695	 || ((lba + num_blocks) < lba)) {
8696		ctl_set_lba_out_of_range(ctsio);
8697		ctl_done((union ctl_io *)ctsio);
8698		return (CTL_RETVAL_COMPLETE);
8699	}
8700
8701	/*
8702	 * According to SBC-3, a transfer length of 0 is not an error.
8703	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8704	 * translates to 256 blocks for those commands.
8705	 */
8706	if (num_blocks == 0) {
8707		ctl_set_success(ctsio);
8708		ctl_done((union ctl_io *)ctsio);
8709		return (CTL_RETVAL_COMPLETE);
8710	}
8711
8712	/* Set FUA and/or DPO if caches are disabled. */
8713	if (isread) {
8714		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8715		    SCP_RCD) != 0)
8716			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8717	} else {
8718		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8719		    SCP_WCE) == 0)
8720			flags |= CTL_LLF_FUA;
8721	}
8722
8723	lbalen = (struct ctl_lba_len_flags *)
8724	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8725	lbalen->lba = lba;
8726	lbalen->len = num_blocks;
8727	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8728
8729	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8730	ctsio->kern_rel_offset = 0;
8731
8732	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8733
8734	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8735
8736	return (retval);
8737}
8738
8739static int
8740ctl_cnw_cont(union ctl_io *io)
8741{
8742	struct ctl_scsiio *ctsio;
8743	struct ctl_lun *lun;
8744	struct ctl_lba_len_flags *lbalen;
8745	int retval;
8746
8747	ctsio = &io->scsiio;
8748	ctsio->io_hdr.status = CTL_STATUS_NONE;
8749	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8750	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8751	lbalen = (struct ctl_lba_len_flags *)
8752	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8753	lbalen->flags &= ~CTL_LLF_COMPARE;
8754	lbalen->flags |= CTL_LLF_WRITE;
8755
8756	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8757	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8758	return (retval);
8759}
8760
8761int
8762ctl_cnw(struct ctl_scsiio *ctsio)
8763{
8764	struct ctl_lun *lun;
8765	struct ctl_lba_len_flags *lbalen;
8766	uint64_t lba;
8767	uint32_t num_blocks;
8768	int flags, retval;
8769
8770	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8771
8772	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8773
8774	flags = 0;
8775	retval = CTL_RETVAL_COMPLETE;
8776
8777	switch (ctsio->cdb[0]) {
8778	case COMPARE_AND_WRITE: {
8779		struct scsi_compare_and_write *cdb;
8780
8781		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8782		if (cdb->byte2 & SRW10_FUA)
8783			flags |= CTL_LLF_FUA;
8784		if (cdb->byte2 & SRW10_DPO)
8785			flags |= CTL_LLF_DPO;
8786		lba = scsi_8btou64(cdb->addr);
8787		num_blocks = cdb->length;
8788		break;
8789	}
8790	default:
8791		/*
8792		 * We got a command we don't support.  This shouldn't
8793		 * happen, commands should be filtered out above us.
8794		 */
8795		ctl_set_invalid_opcode(ctsio);
8796		ctl_done((union ctl_io *)ctsio);
8797
8798		return (CTL_RETVAL_COMPLETE);
8799		break; /* NOTREACHED */
8800	}
8801
8802	/*
8803	 * The first check is to make sure we're in bounds, the second
8804	 * check is to catch wrap-around problems.  If the lba + num blocks
8805	 * is less than the lba, then we've wrapped around and the block
8806	 * range is invalid anyway.
8807	 */
8808	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8809	 || ((lba + num_blocks) < lba)) {
8810		ctl_set_lba_out_of_range(ctsio);
8811		ctl_done((union ctl_io *)ctsio);
8812		return (CTL_RETVAL_COMPLETE);
8813	}
8814
8815	/*
8816	 * According to SBC-3, a transfer length of 0 is not an error.
8817	 */
8818	if (num_blocks == 0) {
8819		ctl_set_success(ctsio);
8820		ctl_done((union ctl_io *)ctsio);
8821		return (CTL_RETVAL_COMPLETE);
8822	}
8823
8824	/* Set FUA if write cache is disabled. */
8825	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8826	    SCP_WCE) == 0)
8827		flags |= CTL_LLF_FUA;
8828
8829	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8830	ctsio->kern_rel_offset = 0;
8831
8832	/*
8833	 * Set the IO_CONT flag, so that if this I/O gets passed to
8834	 * ctl_data_submit_done(), it'll get passed back to
8835	 * ctl_ctl_cnw_cont() for further processing.
8836	 */
8837	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8838	ctsio->io_cont = ctl_cnw_cont;
8839
8840	lbalen = (struct ctl_lba_len_flags *)
8841	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8842	lbalen->lba = lba;
8843	lbalen->len = num_blocks;
8844	lbalen->flags = CTL_LLF_COMPARE | flags;
8845
8846	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8847	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8848	return (retval);
8849}
8850
8851int
8852ctl_verify(struct ctl_scsiio *ctsio)
8853{
8854	struct ctl_lun *lun;
8855	struct ctl_lba_len_flags *lbalen;
8856	uint64_t lba;
8857	uint32_t num_blocks;
8858	int bytchk, flags;
8859	int retval;
8860
8861	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8862
8863	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8864
8865	bytchk = 0;
8866	flags = CTL_LLF_FUA;
8867	retval = CTL_RETVAL_COMPLETE;
8868
8869	switch (ctsio->cdb[0]) {
8870	case VERIFY_10: {
8871		struct scsi_verify_10 *cdb;
8872
8873		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8874		if (cdb->byte2 & SVFY_BYTCHK)
8875			bytchk = 1;
8876		if (cdb->byte2 & SVFY_DPO)
8877			flags |= CTL_LLF_DPO;
8878		lba = scsi_4btoul(cdb->addr);
8879		num_blocks = scsi_2btoul(cdb->length);
8880		break;
8881	}
8882	case VERIFY_12: {
8883		struct scsi_verify_12 *cdb;
8884
8885		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8886		if (cdb->byte2 & SVFY_BYTCHK)
8887			bytchk = 1;
8888		if (cdb->byte2 & SVFY_DPO)
8889			flags |= CTL_LLF_DPO;
8890		lba = scsi_4btoul(cdb->addr);
8891		num_blocks = scsi_4btoul(cdb->length);
8892		break;
8893	}
8894	case VERIFY_16: {
8895		struct scsi_rw_16 *cdb;
8896
8897		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8898		if (cdb->byte2 & SVFY_BYTCHK)
8899			bytchk = 1;
8900		if (cdb->byte2 & SVFY_DPO)
8901			flags |= CTL_LLF_DPO;
8902		lba = scsi_8btou64(cdb->addr);
8903		num_blocks = scsi_4btoul(cdb->length);
8904		break;
8905	}
8906	default:
8907		/*
8908		 * We got a command we don't support.  This shouldn't
8909		 * happen, commands should be filtered out above us.
8910		 */
8911		ctl_set_invalid_opcode(ctsio);
8912		ctl_done((union ctl_io *)ctsio);
8913		return (CTL_RETVAL_COMPLETE);
8914	}
8915
8916	/*
8917	 * The first check is to make sure we're in bounds, the second
8918	 * check is to catch wrap-around problems.  If the lba + num blocks
8919	 * is less than the lba, then we've wrapped around and the block
8920	 * range is invalid anyway.
8921	 */
8922	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8923	 || ((lba + num_blocks) < lba)) {
8924		ctl_set_lba_out_of_range(ctsio);
8925		ctl_done((union ctl_io *)ctsio);
8926		return (CTL_RETVAL_COMPLETE);
8927	}
8928
8929	/*
8930	 * According to SBC-3, a transfer length of 0 is not an error.
8931	 */
8932	if (num_blocks == 0) {
8933		ctl_set_success(ctsio);
8934		ctl_done((union ctl_io *)ctsio);
8935		return (CTL_RETVAL_COMPLETE);
8936	}
8937
8938	lbalen = (struct ctl_lba_len_flags *)
8939	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8940	lbalen->lba = lba;
8941	lbalen->len = num_blocks;
8942	if (bytchk) {
8943		lbalen->flags = CTL_LLF_COMPARE | flags;
8944		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8945	} else {
8946		lbalen->flags = CTL_LLF_VERIFY | flags;
8947		ctsio->kern_total_len = 0;
8948	}
8949	ctsio->kern_rel_offset = 0;
8950
8951	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
8952	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8953	return (retval);
8954}
8955
8956int
8957ctl_report_luns(struct ctl_scsiio *ctsio)
8958{
8959	struct ctl_softc *softc = control_softc;
8960	struct scsi_report_luns *cdb;
8961	struct scsi_report_luns_data *lun_data;
8962	struct ctl_lun *lun, *request_lun;
8963	struct ctl_port *port;
8964	int num_luns, retval;
8965	uint32_t alloc_len, lun_datalen;
8966	int num_filled, well_known;
8967	uint32_t initidx, targ_lun_id, lun_id;
8968
8969	retval = CTL_RETVAL_COMPLETE;
8970	well_known = 0;
8971
8972	cdb = (struct scsi_report_luns *)ctsio->cdb;
8973	port = ctl_io_port(&ctsio->io_hdr);
8974
8975	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
8976
8977	mtx_lock(&softc->ctl_lock);
8978	num_luns = 0;
8979	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
8980		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
8981			num_luns++;
8982	}
8983	mtx_unlock(&softc->ctl_lock);
8984
8985	switch (cdb->select_report) {
8986	case RPL_REPORT_DEFAULT:
8987	case RPL_REPORT_ALL:
8988		break;
8989	case RPL_REPORT_WELLKNOWN:
8990		well_known = 1;
8991		num_luns = 0;
8992		break;
8993	default:
8994		ctl_set_invalid_field(ctsio,
8995				      /*sks_valid*/ 1,
8996				      /*command*/ 1,
8997				      /*field*/ 2,
8998				      /*bit_valid*/ 0,
8999				      /*bit*/ 0);
9000		ctl_done((union ctl_io *)ctsio);
9001		return (retval);
9002		break; /* NOTREACHED */
9003	}
9004
9005	alloc_len = scsi_4btoul(cdb->length);
9006	/*
9007	 * The initiator has to allocate at least 16 bytes for this request,
9008	 * so he can at least get the header and the first LUN.  Otherwise
9009	 * we reject the request (per SPC-3 rev 14, section 6.21).
9010	 */
9011	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9012	    sizeof(struct scsi_report_luns_lundata))) {
9013		ctl_set_invalid_field(ctsio,
9014				      /*sks_valid*/ 1,
9015				      /*command*/ 1,
9016				      /*field*/ 6,
9017				      /*bit_valid*/ 0,
9018				      /*bit*/ 0);
9019		ctl_done((union ctl_io *)ctsio);
9020		return (retval);
9021	}
9022
9023	request_lun = (struct ctl_lun *)
9024		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9025
9026	lun_datalen = sizeof(*lun_data) +
9027		(num_luns * sizeof(struct scsi_report_luns_lundata));
9028
9029	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9030	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9031	ctsio->kern_sg_entries = 0;
9032
9033	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9034
9035	mtx_lock(&softc->ctl_lock);
9036	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9037		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9038		if (lun_id >= CTL_MAX_LUNS)
9039			continue;
9040		lun = softc->ctl_luns[lun_id];
9041		if (lun == NULL)
9042			continue;
9043
9044		if (targ_lun_id <= 0xff) {
9045			/*
9046			 * Peripheral addressing method, bus number 0.
9047			 */
9048			lun_data->luns[num_filled].lundata[0] =
9049				RPL_LUNDATA_ATYP_PERIPH;
9050			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9051			num_filled++;
9052		} else if (targ_lun_id <= 0x3fff) {
9053			/*
9054			 * Flat addressing method.
9055			 */
9056			lun_data->luns[num_filled].lundata[0] =
9057				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9058			lun_data->luns[num_filled].lundata[1] =
9059				(targ_lun_id & 0xff);
9060			num_filled++;
9061		} else if (targ_lun_id <= 0xffffff) {
9062			/*
9063			 * Extended flat addressing method.
9064			 */
9065			lun_data->luns[num_filled].lundata[0] =
9066			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9067			scsi_ulto3b(targ_lun_id,
9068			    &lun_data->luns[num_filled].lundata[1]);
9069			num_filled++;
9070		} else {
9071			printf("ctl_report_luns: bogus LUN number %jd, "
9072			       "skipping\n", (intmax_t)targ_lun_id);
9073		}
9074		/*
9075		 * According to SPC-3, rev 14 section 6.21:
9076		 *
9077		 * "The execution of a REPORT LUNS command to any valid and
9078		 * installed logical unit shall clear the REPORTED LUNS DATA
9079		 * HAS CHANGED unit attention condition for all logical
9080		 * units of that target with respect to the requesting
9081		 * initiator. A valid and installed logical unit is one
9082		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9083		 * INQUIRY data (see 6.4.2)."
9084		 *
9085		 * If request_lun is NULL, the LUN this report luns command
9086		 * was issued to is either disabled or doesn't exist. In that
9087		 * case, we shouldn't clear any pending lun change unit
9088		 * attention.
9089		 */
9090		if (request_lun != NULL) {
9091			mtx_lock(&lun->lun_lock);
9092			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9093			mtx_unlock(&lun->lun_lock);
9094		}
9095	}
9096	mtx_unlock(&softc->ctl_lock);
9097
9098	/*
9099	 * It's quite possible that we've returned fewer LUNs than we allocated
9100	 * space for.  Trim it.
9101	 */
9102	lun_datalen = sizeof(*lun_data) +
9103		(num_filled * sizeof(struct scsi_report_luns_lundata));
9104
9105	if (lun_datalen < alloc_len) {
9106		ctsio->residual = alloc_len - lun_datalen;
9107		ctsio->kern_data_len = lun_datalen;
9108		ctsio->kern_total_len = lun_datalen;
9109	} else {
9110		ctsio->residual = 0;
9111		ctsio->kern_data_len = alloc_len;
9112		ctsio->kern_total_len = alloc_len;
9113	}
9114	ctsio->kern_data_resid = 0;
9115	ctsio->kern_rel_offset = 0;
9116	ctsio->kern_sg_entries = 0;
9117
9118	/*
9119	 * We set this to the actual data length, regardless of how much
9120	 * space we actually have to return results.  If the user looks at
9121	 * this value, he'll know whether or not he allocated enough space
9122	 * and reissue the command if necessary.  We don't support well
9123	 * known logical units, so if the user asks for that, return none.
9124	 */
9125	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9126
9127	/*
9128	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9129	 * this request.
9130	 */
9131	ctl_set_success(ctsio);
9132	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9133	ctsio->be_move_done = ctl_config_move_done;
9134	ctl_datamove((union ctl_io *)ctsio);
9135	return (retval);
9136}
9137
9138int
9139ctl_request_sense(struct ctl_scsiio *ctsio)
9140{
9141	struct scsi_request_sense *cdb;
9142	struct scsi_sense_data *sense_ptr;
9143	struct ctl_softc *ctl_softc;
9144	struct ctl_lun *lun;
9145	uint32_t initidx;
9146	int have_error;
9147	scsi_sense_data_type sense_format;
9148	ctl_ua_type ua_type;
9149
9150	cdb = (struct scsi_request_sense *)ctsio->cdb;
9151
9152	ctl_softc = control_softc;
9153	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9154
9155	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9156
9157	/*
9158	 * Determine which sense format the user wants.
9159	 */
9160	if (cdb->byte2 & SRS_DESC)
9161		sense_format = SSD_TYPE_DESC;
9162	else
9163		sense_format = SSD_TYPE_FIXED;
9164
9165	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9166	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9167	ctsio->kern_sg_entries = 0;
9168
9169	/*
9170	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9171	 * larger than the largest allowed value for the length field in the
9172	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9173	 */
9174	ctsio->residual = 0;
9175	ctsio->kern_data_len = cdb->length;
9176	ctsio->kern_total_len = cdb->length;
9177
9178	ctsio->kern_data_resid = 0;
9179	ctsio->kern_rel_offset = 0;
9180	ctsio->kern_sg_entries = 0;
9181
9182	/*
9183	 * If we don't have a LUN, we don't have any pending sense.
9184	 */
9185	if (lun == NULL)
9186		goto no_sense;
9187
9188	have_error = 0;
9189	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9190	/*
9191	 * Check for pending sense, and then for pending unit attentions.
9192	 * Pending sense gets returned first, then pending unit attentions.
9193	 */
9194	mtx_lock(&lun->lun_lock);
9195#ifdef CTL_WITH_CA
9196	if (ctl_is_set(lun->have_ca, initidx)) {
9197		scsi_sense_data_type stored_format;
9198
9199		/*
9200		 * Check to see which sense format was used for the stored
9201		 * sense data.
9202		 */
9203		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9204
9205		/*
9206		 * If the user requested a different sense format than the
9207		 * one we stored, then we need to convert it to the other
9208		 * format.  If we're going from descriptor to fixed format
9209		 * sense data, we may lose things in translation, depending
9210		 * on what options were used.
9211		 *
9212		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9213		 * for some reason we'll just copy it out as-is.
9214		 */
9215		if ((stored_format == SSD_TYPE_FIXED)
9216		 && (sense_format == SSD_TYPE_DESC))
9217			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9218			    &lun->pending_sense[initidx],
9219			    (struct scsi_sense_data_desc *)sense_ptr);
9220		else if ((stored_format == SSD_TYPE_DESC)
9221		      && (sense_format == SSD_TYPE_FIXED))
9222			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9223			    &lun->pending_sense[initidx],
9224			    (struct scsi_sense_data_fixed *)sense_ptr);
9225		else
9226			memcpy(sense_ptr, &lun->pending_sense[initidx],
9227			       MIN(sizeof(*sense_ptr),
9228			       sizeof(lun->pending_sense[initidx])));
9229
9230		ctl_clear_mask(lun->have_ca, initidx);
9231		have_error = 1;
9232	} else
9233#endif
9234	{
9235		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9236		if (ua_type != CTL_UA_NONE)
9237			have_error = 1;
9238		if (ua_type == CTL_UA_LUN_CHANGE) {
9239			mtx_unlock(&lun->lun_lock);
9240			mtx_lock(&ctl_softc->ctl_lock);
9241			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9242			mtx_unlock(&ctl_softc->ctl_lock);
9243			mtx_lock(&lun->lun_lock);
9244		}
9245
9246	}
9247	mtx_unlock(&lun->lun_lock);
9248
9249	/*
9250	 * We already have a pending error, return it.
9251	 */
9252	if (have_error != 0) {
9253		/*
9254		 * We report the SCSI status as OK, since the status of the
9255		 * request sense command itself is OK.
9256		 * We report 0 for the sense length, because we aren't doing
9257		 * autosense in this case.  We're reporting sense as
9258		 * parameter data.
9259		 */
9260		ctl_set_success(ctsio);
9261		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9262		ctsio->be_move_done = ctl_config_move_done;
9263		ctl_datamove((union ctl_io *)ctsio);
9264		return (CTL_RETVAL_COMPLETE);
9265	}
9266
9267no_sense:
9268
9269	/*
9270	 * No sense information to report, so we report that everything is
9271	 * okay.
9272	 */
9273	ctl_set_sense_data(sense_ptr,
9274			   lun,
9275			   sense_format,
9276			   /*current_error*/ 1,
9277			   /*sense_key*/ SSD_KEY_NO_SENSE,
9278			   /*asc*/ 0x00,
9279			   /*ascq*/ 0x00,
9280			   SSD_ELEM_NONE);
9281
9282	/*
9283	 * We report 0 for the sense length, because we aren't doing
9284	 * autosense in this case.  We're reporting sense as parameter data.
9285	 */
9286	ctl_set_success(ctsio);
9287	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9288	ctsio->be_move_done = ctl_config_move_done;
9289	ctl_datamove((union ctl_io *)ctsio);
9290	return (CTL_RETVAL_COMPLETE);
9291}
9292
9293int
9294ctl_tur(struct ctl_scsiio *ctsio)
9295{
9296
9297	CTL_DEBUG_PRINT(("ctl_tur\n"));
9298
9299	ctl_set_success(ctsio);
9300	ctl_done((union ctl_io *)ctsio);
9301
9302	return (CTL_RETVAL_COMPLETE);
9303}
9304
9305/*
9306 * SCSI VPD page 0x00, the Supported VPD Pages page.
9307 */
9308static int
9309ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9310{
9311	struct scsi_vpd_supported_pages *pages;
9312	int sup_page_size;
9313	struct ctl_lun *lun;
9314	int p;
9315
9316	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9317
9318	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9319	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9320	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9321	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9322	ctsio->kern_sg_entries = 0;
9323
9324	if (sup_page_size < alloc_len) {
9325		ctsio->residual = alloc_len - sup_page_size;
9326		ctsio->kern_data_len = sup_page_size;
9327		ctsio->kern_total_len = sup_page_size;
9328	} else {
9329		ctsio->residual = 0;
9330		ctsio->kern_data_len = alloc_len;
9331		ctsio->kern_total_len = alloc_len;
9332	}
9333	ctsio->kern_data_resid = 0;
9334	ctsio->kern_rel_offset = 0;
9335	ctsio->kern_sg_entries = 0;
9336
9337	/*
9338	 * The control device is always connected.  The disk device, on the
9339	 * other hand, may not be online all the time.  Need to change this
9340	 * to figure out whether the disk device is actually online or not.
9341	 */
9342	if (lun != NULL)
9343		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9344				lun->be_lun->lun_type;
9345	else
9346		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9347
9348	p = 0;
9349	/* Supported VPD pages */
9350	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9351	/* Serial Number */
9352	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9353	/* Device Identification */
9354	pages->page_list[p++] = SVPD_DEVICE_ID;
9355	/* Extended INQUIRY Data */
9356	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9357	/* Mode Page Policy */
9358	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9359	/* SCSI Ports */
9360	pages->page_list[p++] = SVPD_SCSI_PORTS;
9361	/* Third-party Copy */
9362	pages->page_list[p++] = SVPD_SCSI_TPC;
9363	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9364		/* Block limits */
9365		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9366		/* Block Device Characteristics */
9367		pages->page_list[p++] = SVPD_BDC;
9368		/* Logical Block Provisioning */
9369		pages->page_list[p++] = SVPD_LBP;
9370	}
9371	pages->length = p;
9372
9373	ctl_set_success(ctsio);
9374	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9375	ctsio->be_move_done = ctl_config_move_done;
9376	ctl_datamove((union ctl_io *)ctsio);
9377	return (CTL_RETVAL_COMPLETE);
9378}
9379
9380/*
9381 * SCSI VPD page 0x80, the Unit Serial Number page.
9382 */
9383static int
9384ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9385{
9386	struct scsi_vpd_unit_serial_number *sn_ptr;
9387	struct ctl_lun *lun;
9388	int data_len;
9389
9390	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9391
9392	data_len = 4 + CTL_SN_LEN;
9393	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9394	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9395	if (data_len < alloc_len) {
9396		ctsio->residual = alloc_len - data_len;
9397		ctsio->kern_data_len = data_len;
9398		ctsio->kern_total_len = data_len;
9399	} else {
9400		ctsio->residual = 0;
9401		ctsio->kern_data_len = alloc_len;
9402		ctsio->kern_total_len = alloc_len;
9403	}
9404	ctsio->kern_data_resid = 0;
9405	ctsio->kern_rel_offset = 0;
9406	ctsio->kern_sg_entries = 0;
9407
9408	/*
9409	 * The control device is always connected.  The disk device, on the
9410	 * other hand, may not be online all the time.  Need to change this
9411	 * to figure out whether the disk device is actually online or not.
9412	 */
9413	if (lun != NULL)
9414		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9415				  lun->be_lun->lun_type;
9416	else
9417		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9418
9419	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9420	sn_ptr->length = CTL_SN_LEN;
9421	/*
9422	 * If we don't have a LUN, we just leave the serial number as
9423	 * all spaces.
9424	 */
9425	if (lun != NULL) {
9426		strncpy((char *)sn_ptr->serial_num,
9427			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9428	} else
9429		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9430
9431	ctl_set_success(ctsio);
9432	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9433	ctsio->be_move_done = ctl_config_move_done;
9434	ctl_datamove((union ctl_io *)ctsio);
9435	return (CTL_RETVAL_COMPLETE);
9436}
9437
9438
9439/*
9440 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9441 */
9442static int
9443ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9444{
9445	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9446	struct ctl_lun *lun;
9447	int data_len;
9448
9449	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9450
9451	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9452	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9453	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9454	ctsio->kern_sg_entries = 0;
9455
9456	if (data_len < alloc_len) {
9457		ctsio->residual = alloc_len - data_len;
9458		ctsio->kern_data_len = data_len;
9459		ctsio->kern_total_len = data_len;
9460	} else {
9461		ctsio->residual = 0;
9462		ctsio->kern_data_len = alloc_len;
9463		ctsio->kern_total_len = alloc_len;
9464	}
9465	ctsio->kern_data_resid = 0;
9466	ctsio->kern_rel_offset = 0;
9467	ctsio->kern_sg_entries = 0;
9468
9469	/*
9470	 * The control device is always connected.  The disk device, on the
9471	 * other hand, may not be online all the time.
9472	 */
9473	if (lun != NULL)
9474		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9475				     lun->be_lun->lun_type;
9476	else
9477		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9478	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9479	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9480	/*
9481	 * We support head of queue, ordered and simple tags.
9482	 */
9483	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9484	/*
9485	 * Volatile cache supported.
9486	 */
9487	eid_ptr->flags3 = SVPD_EID_V_SUP;
9488
9489	/*
9490	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9491	 * attention for a particular IT nexus on all LUNs once we report
9492	 * it to that nexus once.  This bit is required as of SPC-4.
9493	 */
9494	eid_ptr->flags4 = SVPD_EID_LUICLT;
9495
9496	/*
9497	 * XXX KDM in order to correctly answer this, we would need
9498	 * information from the SIM to determine how much sense data it
9499	 * can send.  So this would really be a path inquiry field, most
9500	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9501	 * but the hardware may or may not be able to support that much.
9502	 * 0 just means that the maximum sense data length is not reported.
9503	 */
9504	eid_ptr->max_sense_length = 0;
9505
9506	ctl_set_success(ctsio);
9507	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9508	ctsio->be_move_done = ctl_config_move_done;
9509	ctl_datamove((union ctl_io *)ctsio);
9510	return (CTL_RETVAL_COMPLETE);
9511}
9512
9513static int
9514ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9515{
9516	struct scsi_vpd_mode_page_policy *mpp_ptr;
9517	struct ctl_lun *lun;
9518	int data_len;
9519
9520	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9521
9522	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9523	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9524
9525	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9526	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9527	ctsio->kern_sg_entries = 0;
9528
9529	if (data_len < alloc_len) {
9530		ctsio->residual = alloc_len - data_len;
9531		ctsio->kern_data_len = data_len;
9532		ctsio->kern_total_len = data_len;
9533	} else {
9534		ctsio->residual = 0;
9535		ctsio->kern_data_len = alloc_len;
9536		ctsio->kern_total_len = alloc_len;
9537	}
9538	ctsio->kern_data_resid = 0;
9539	ctsio->kern_rel_offset = 0;
9540	ctsio->kern_sg_entries = 0;
9541
9542	/*
9543	 * The control device is always connected.  The disk device, on the
9544	 * other hand, may not be online all the time.
9545	 */
9546	if (lun != NULL)
9547		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9548				     lun->be_lun->lun_type;
9549	else
9550		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9551	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9552	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9553	mpp_ptr->descr[0].page_code = 0x3f;
9554	mpp_ptr->descr[0].subpage_code = 0xff;
9555	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9556
9557	ctl_set_success(ctsio);
9558	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9559	ctsio->be_move_done = ctl_config_move_done;
9560	ctl_datamove((union ctl_io *)ctsio);
9561	return (CTL_RETVAL_COMPLETE);
9562}
9563
9564/*
9565 * SCSI VPD page 0x83, the Device Identification page.
9566 */
9567static int
9568ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9569{
9570	struct scsi_vpd_device_id *devid_ptr;
9571	struct scsi_vpd_id_descriptor *desc;
9572	struct ctl_softc *softc;
9573	struct ctl_lun *lun;
9574	struct ctl_port *port;
9575	int data_len;
9576	uint8_t proto;
9577
9578	softc = control_softc;
9579
9580	port = ctl_io_port(&ctsio->io_hdr);
9581	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9582
9583	data_len = sizeof(struct scsi_vpd_device_id) +
9584	    sizeof(struct scsi_vpd_id_descriptor) +
9585		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9586	    sizeof(struct scsi_vpd_id_descriptor) +
9587		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9588	if (lun && lun->lun_devid)
9589		data_len += lun->lun_devid->len;
9590	if (port && port->port_devid)
9591		data_len += port->port_devid->len;
9592	if (port && port->target_devid)
9593		data_len += port->target_devid->len;
9594
9595	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9596	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9597	ctsio->kern_sg_entries = 0;
9598
9599	if (data_len < alloc_len) {
9600		ctsio->residual = alloc_len - data_len;
9601		ctsio->kern_data_len = data_len;
9602		ctsio->kern_total_len = data_len;
9603	} else {
9604		ctsio->residual = 0;
9605		ctsio->kern_data_len = alloc_len;
9606		ctsio->kern_total_len = alloc_len;
9607	}
9608	ctsio->kern_data_resid = 0;
9609	ctsio->kern_rel_offset = 0;
9610	ctsio->kern_sg_entries = 0;
9611
9612	/*
9613	 * The control device is always connected.  The disk device, on the
9614	 * other hand, may not be online all the time.
9615	 */
9616	if (lun != NULL)
9617		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9618				     lun->be_lun->lun_type;
9619	else
9620		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9621	devid_ptr->page_code = SVPD_DEVICE_ID;
9622	scsi_ulto2b(data_len - 4, devid_ptr->length);
9623
9624	if (port && port->port_type == CTL_PORT_FC)
9625		proto = SCSI_PROTO_FC << 4;
9626	else if (port && port->port_type == CTL_PORT_ISCSI)
9627		proto = SCSI_PROTO_ISCSI << 4;
9628	else
9629		proto = SCSI_PROTO_SPI << 4;
9630	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9631
9632	/*
9633	 * We're using a LUN association here.  i.e., this device ID is a
9634	 * per-LUN identifier.
9635	 */
9636	if (lun && lun->lun_devid) {
9637		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9638		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9639		    lun->lun_devid->len);
9640	}
9641
9642	/*
9643	 * This is for the WWPN which is a port association.
9644	 */
9645	if (port && port->port_devid) {
9646		memcpy(desc, port->port_devid->data, port->port_devid->len);
9647		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9648		    port->port_devid->len);
9649	}
9650
9651	/*
9652	 * This is for the Relative Target Port(type 4h) identifier
9653	 */
9654	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9655	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9656	    SVPD_ID_TYPE_RELTARG;
9657	desc->length = 4;
9658	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9659	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9660	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9661
9662	/*
9663	 * This is for the Target Port Group(type 5h) identifier
9664	 */
9665	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9666	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9667	    SVPD_ID_TYPE_TPORTGRP;
9668	desc->length = 4;
9669	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9670	    &desc->identifier[2]);
9671	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9672	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9673
9674	/*
9675	 * This is for the Target identifier
9676	 */
9677	if (port && port->target_devid) {
9678		memcpy(desc, port->target_devid->data, port->target_devid->len);
9679	}
9680
9681	ctl_set_success(ctsio);
9682	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9683	ctsio->be_move_done = ctl_config_move_done;
9684	ctl_datamove((union ctl_io *)ctsio);
9685	return (CTL_RETVAL_COMPLETE);
9686}
9687
9688static int
9689ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9690{
9691	struct ctl_softc *softc = control_softc;
9692	struct scsi_vpd_scsi_ports *sp;
9693	struct scsi_vpd_port_designation *pd;
9694	struct scsi_vpd_port_designation_cont *pdc;
9695	struct ctl_lun *lun;
9696	struct ctl_port *port;
9697	int data_len, num_target_ports, iid_len, id_len;
9698
9699	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9700
9701	num_target_ports = 0;
9702	iid_len = 0;
9703	id_len = 0;
9704	mtx_lock(&softc->ctl_lock);
9705	STAILQ_FOREACH(port, &softc->port_list, links) {
9706		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9707			continue;
9708		if (lun != NULL &&
9709		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9710			continue;
9711		num_target_ports++;
9712		if (port->init_devid)
9713			iid_len += port->init_devid->len;
9714		if (port->port_devid)
9715			id_len += port->port_devid->len;
9716	}
9717	mtx_unlock(&softc->ctl_lock);
9718
9719	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9720	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9721	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9722	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9723	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9724	ctsio->kern_sg_entries = 0;
9725
9726	if (data_len < alloc_len) {
9727		ctsio->residual = alloc_len - data_len;
9728		ctsio->kern_data_len = data_len;
9729		ctsio->kern_total_len = data_len;
9730	} else {
9731		ctsio->residual = 0;
9732		ctsio->kern_data_len = alloc_len;
9733		ctsio->kern_total_len = alloc_len;
9734	}
9735	ctsio->kern_data_resid = 0;
9736	ctsio->kern_rel_offset = 0;
9737	ctsio->kern_sg_entries = 0;
9738
9739	/*
9740	 * The control device is always connected.  The disk device, on the
9741	 * other hand, may not be online all the time.  Need to change this
9742	 * to figure out whether the disk device is actually online or not.
9743	 */
9744	if (lun != NULL)
9745		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9746				  lun->be_lun->lun_type;
9747	else
9748		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9749
9750	sp->page_code = SVPD_SCSI_PORTS;
9751	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9752	    sp->page_length);
9753	pd = &sp->design[0];
9754
9755	mtx_lock(&softc->ctl_lock);
9756	STAILQ_FOREACH(port, &softc->port_list, links) {
9757		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9758			continue;
9759		if (lun != NULL &&
9760		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9761			continue;
9762		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9763		if (port->init_devid) {
9764			iid_len = port->init_devid->len;
9765			memcpy(pd->initiator_transportid,
9766			    port->init_devid->data, port->init_devid->len);
9767		} else
9768			iid_len = 0;
9769		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9770		pdc = (struct scsi_vpd_port_designation_cont *)
9771		    (&pd->initiator_transportid[iid_len]);
9772		if (port->port_devid) {
9773			id_len = port->port_devid->len;
9774			memcpy(pdc->target_port_descriptors,
9775			    port->port_devid->data, port->port_devid->len);
9776		} else
9777			id_len = 0;
9778		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9779		pd = (struct scsi_vpd_port_designation *)
9780		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9781	}
9782	mtx_unlock(&softc->ctl_lock);
9783
9784	ctl_set_success(ctsio);
9785	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9786	ctsio->be_move_done = ctl_config_move_done;
9787	ctl_datamove((union ctl_io *)ctsio);
9788	return (CTL_RETVAL_COMPLETE);
9789}
9790
9791static int
9792ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9793{
9794	struct scsi_vpd_block_limits *bl_ptr;
9795	struct ctl_lun *lun;
9796	int bs;
9797
9798	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9799
9800	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9801	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9802	ctsio->kern_sg_entries = 0;
9803
9804	if (sizeof(*bl_ptr) < alloc_len) {
9805		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9806		ctsio->kern_data_len = sizeof(*bl_ptr);
9807		ctsio->kern_total_len = sizeof(*bl_ptr);
9808	} else {
9809		ctsio->residual = 0;
9810		ctsio->kern_data_len = alloc_len;
9811		ctsio->kern_total_len = alloc_len;
9812	}
9813	ctsio->kern_data_resid = 0;
9814	ctsio->kern_rel_offset = 0;
9815	ctsio->kern_sg_entries = 0;
9816
9817	/*
9818	 * The control device is always connected.  The disk device, on the
9819	 * other hand, may not be online all the time.  Need to change this
9820	 * to figure out whether the disk device is actually online or not.
9821	 */
9822	if (lun != NULL)
9823		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9824				  lun->be_lun->lun_type;
9825	else
9826		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9827
9828	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9829	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9830	bl_ptr->max_cmp_write_len = 0xff;
9831	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9832	if (lun != NULL) {
9833		bs = lun->be_lun->blocksize;
9834		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9835		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9836			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9837			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9838			if (lun->be_lun->ublockexp != 0) {
9839				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9840				    bl_ptr->opt_unmap_grain);
9841				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9842				    bl_ptr->unmap_grain_align);
9843			}
9844		}
9845		scsi_ulto4b(lun->be_lun->atomicblock,
9846		    bl_ptr->max_atomic_transfer_length);
9847		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9848		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9849	}
9850	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9851
9852	ctl_set_success(ctsio);
9853	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9854	ctsio->be_move_done = ctl_config_move_done;
9855	ctl_datamove((union ctl_io *)ctsio);
9856	return (CTL_RETVAL_COMPLETE);
9857}
9858
9859static int
9860ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9861{
9862	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9863	struct ctl_lun *lun;
9864	const char *value;
9865	u_int i;
9866
9867	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9868
9869	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9870	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9871	ctsio->kern_sg_entries = 0;
9872
9873	if (sizeof(*bdc_ptr) < alloc_len) {
9874		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9875		ctsio->kern_data_len = sizeof(*bdc_ptr);
9876		ctsio->kern_total_len = sizeof(*bdc_ptr);
9877	} else {
9878		ctsio->residual = 0;
9879		ctsio->kern_data_len = alloc_len;
9880		ctsio->kern_total_len = alloc_len;
9881	}
9882	ctsio->kern_data_resid = 0;
9883	ctsio->kern_rel_offset = 0;
9884	ctsio->kern_sg_entries = 0;
9885
9886	/*
9887	 * The control device is always connected.  The disk device, on the
9888	 * other hand, may not be online all the time.  Need to change this
9889	 * to figure out whether the disk device is actually online or not.
9890	 */
9891	if (lun != NULL)
9892		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9893				  lun->be_lun->lun_type;
9894	else
9895		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9896	bdc_ptr->page_code = SVPD_BDC;
9897	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9898	if (lun != NULL &&
9899	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9900		i = strtol(value, NULL, 0);
9901	else
9902		i = CTL_DEFAULT_ROTATION_RATE;
9903	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
9904	if (lun != NULL &&
9905	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
9906		i = strtol(value, NULL, 0);
9907	else
9908		i = 0;
9909	bdc_ptr->wab_wac_ff = (i & 0x0f);
9910	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
9911
9912	ctl_set_success(ctsio);
9913	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9914	ctsio->be_move_done = ctl_config_move_done;
9915	ctl_datamove((union ctl_io *)ctsio);
9916	return (CTL_RETVAL_COMPLETE);
9917}
9918
9919static int
9920ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
9921{
9922	struct scsi_vpd_logical_block_prov *lbp_ptr;
9923	struct ctl_lun *lun;
9924
9925	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9926
9927	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
9928	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
9929	ctsio->kern_sg_entries = 0;
9930
9931	if (sizeof(*lbp_ptr) < alloc_len) {
9932		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
9933		ctsio->kern_data_len = sizeof(*lbp_ptr);
9934		ctsio->kern_total_len = sizeof(*lbp_ptr);
9935	} else {
9936		ctsio->residual = 0;
9937		ctsio->kern_data_len = alloc_len;
9938		ctsio->kern_total_len = alloc_len;
9939	}
9940	ctsio->kern_data_resid = 0;
9941	ctsio->kern_rel_offset = 0;
9942	ctsio->kern_sg_entries = 0;
9943
9944	/*
9945	 * The control device is always connected.  The disk device, on the
9946	 * other hand, may not be online all the time.  Need to change this
9947	 * to figure out whether the disk device is actually online or not.
9948	 */
9949	if (lun != NULL)
9950		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9951				  lun->be_lun->lun_type;
9952	else
9953		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9954
9955	lbp_ptr->page_code = SVPD_LBP;
9956	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
9957	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
9958	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9959		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
9960		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
9961		lbp_ptr->prov_type = SVPD_LBP_THIN;
9962	}
9963
9964	ctl_set_success(ctsio);
9965	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9966	ctsio->be_move_done = ctl_config_move_done;
9967	ctl_datamove((union ctl_io *)ctsio);
9968	return (CTL_RETVAL_COMPLETE);
9969}
9970
9971/*
9972 * INQUIRY with the EVPD bit set.
9973 */
9974static int
9975ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
9976{
9977	struct ctl_lun *lun;
9978	struct scsi_inquiry *cdb;
9979	int alloc_len, retval;
9980
9981	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9982	cdb = (struct scsi_inquiry *)ctsio->cdb;
9983	alloc_len = scsi_2btoul(cdb->length);
9984
9985	switch (cdb->page_code) {
9986	case SVPD_SUPPORTED_PAGES:
9987		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
9988		break;
9989	case SVPD_UNIT_SERIAL_NUMBER:
9990		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
9991		break;
9992	case SVPD_DEVICE_ID:
9993		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
9994		break;
9995	case SVPD_EXTENDED_INQUIRY_DATA:
9996		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
9997		break;
9998	case SVPD_MODE_PAGE_POLICY:
9999		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10000		break;
10001	case SVPD_SCSI_PORTS:
10002		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10003		break;
10004	case SVPD_SCSI_TPC:
10005		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10006		break;
10007	case SVPD_BLOCK_LIMITS:
10008		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10009			goto err;
10010		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10011		break;
10012	case SVPD_BDC:
10013		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10014			goto err;
10015		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10016		break;
10017	case SVPD_LBP:
10018		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10019			goto err;
10020		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10021		break;
10022	default:
10023err:
10024		ctl_set_invalid_field(ctsio,
10025				      /*sks_valid*/ 1,
10026				      /*command*/ 1,
10027				      /*field*/ 2,
10028				      /*bit_valid*/ 0,
10029				      /*bit*/ 0);
10030		ctl_done((union ctl_io *)ctsio);
10031		retval = CTL_RETVAL_COMPLETE;
10032		break;
10033	}
10034
10035	return (retval);
10036}
10037
10038/*
10039 * Standard INQUIRY data.
10040 */
10041static int
10042ctl_inquiry_std(struct ctl_scsiio *ctsio)
10043{
10044	struct scsi_inquiry_data *inq_ptr;
10045	struct scsi_inquiry *cdb;
10046	struct ctl_softc *softc;
10047	struct ctl_port *port;
10048	struct ctl_lun *lun;
10049	char *val;
10050	uint32_t alloc_len, data_len;
10051	ctl_port_type port_type;
10052
10053	softc = control_softc;
10054
10055	/*
10056	 * Figure out whether we're talking to a Fibre Channel port or not.
10057	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10058	 * SCSI front ends.
10059	 */
10060	port = ctl_io_port(&ctsio->io_hdr);
10061	if (port != NULL)
10062		port_type = port->port_type;
10063	else
10064		port_type = CTL_PORT_SCSI;
10065	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10066		port_type = CTL_PORT_SCSI;
10067
10068	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10069	cdb = (struct scsi_inquiry *)ctsio->cdb;
10070	alloc_len = scsi_2btoul(cdb->length);
10071
10072	/*
10073	 * We malloc the full inquiry data size here and fill it
10074	 * in.  If the user only asks for less, we'll give him
10075	 * that much.
10076	 */
10077	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10078	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10079	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10080	ctsio->kern_sg_entries = 0;
10081	ctsio->kern_data_resid = 0;
10082	ctsio->kern_rel_offset = 0;
10083
10084	if (data_len < alloc_len) {
10085		ctsio->residual = alloc_len - data_len;
10086		ctsio->kern_data_len = data_len;
10087		ctsio->kern_total_len = data_len;
10088	} else {
10089		ctsio->residual = 0;
10090		ctsio->kern_data_len = alloc_len;
10091		ctsio->kern_total_len = alloc_len;
10092	}
10093
10094	if (lun != NULL) {
10095		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10096		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10097			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10098			    lun->be_lun->lun_type;
10099		} else {
10100			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10101			    lun->be_lun->lun_type;
10102		}
10103	} else
10104		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10105
10106	/* RMB in byte 2 is 0 */
10107	inq_ptr->version = SCSI_REV_SPC4;
10108
10109	/*
10110	 * According to SAM-3, even if a device only supports a single
10111	 * level of LUN addressing, it should still set the HISUP bit:
10112	 *
10113	 * 4.9.1 Logical unit numbers overview
10114	 *
10115	 * All logical unit number formats described in this standard are
10116	 * hierarchical in structure even when only a single level in that
10117	 * hierarchy is used. The HISUP bit shall be set to one in the
10118	 * standard INQUIRY data (see SPC-2) when any logical unit number
10119	 * format described in this standard is used.  Non-hierarchical
10120	 * formats are outside the scope of this standard.
10121	 *
10122	 * Therefore we set the HiSup bit here.
10123	 *
10124	 * The reponse format is 2, per SPC-3.
10125	 */
10126	inq_ptr->response_format = SID_HiSup | 2;
10127
10128	inq_ptr->additional_length = data_len -
10129	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10130	CTL_DEBUG_PRINT(("additional_length = %d\n",
10131			 inq_ptr->additional_length));
10132
10133	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10134	/* 16 bit addressing */
10135	if (port_type == CTL_PORT_SCSI)
10136		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10137	/* XXX set the SID_MultiP bit here if we're actually going to
10138	   respond on multiple ports */
10139	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10140
10141	/* 16 bit data bus, synchronous transfers */
10142	if (port_type == CTL_PORT_SCSI)
10143		inq_ptr->flags = SID_WBus16 | SID_Sync;
10144	/*
10145	 * XXX KDM do we want to support tagged queueing on the control
10146	 * device at all?
10147	 */
10148	if ((lun == NULL)
10149	 || (lun->be_lun->lun_type != T_PROCESSOR))
10150		inq_ptr->flags |= SID_CmdQue;
10151	/*
10152	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10153	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10154	 * name and 4 bytes for the revision.
10155	 */
10156	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10157	    "vendor")) == NULL) {
10158		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10159	} else {
10160		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10161		strncpy(inq_ptr->vendor, val,
10162		    min(sizeof(inq_ptr->vendor), strlen(val)));
10163	}
10164	if (lun == NULL) {
10165		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10166		    sizeof(inq_ptr->product));
10167	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10168		switch (lun->be_lun->lun_type) {
10169		case T_DIRECT:
10170			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10171			    sizeof(inq_ptr->product));
10172			break;
10173		case T_PROCESSOR:
10174			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10175			    sizeof(inq_ptr->product));
10176			break;
10177		default:
10178			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10179			    sizeof(inq_ptr->product));
10180			break;
10181		}
10182	} else {
10183		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10184		strncpy(inq_ptr->product, val,
10185		    min(sizeof(inq_ptr->product), strlen(val)));
10186	}
10187
10188	/*
10189	 * XXX make this a macro somewhere so it automatically gets
10190	 * incremented when we make changes.
10191	 */
10192	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10193	    "revision")) == NULL) {
10194		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10195	} else {
10196		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10197		strncpy(inq_ptr->revision, val,
10198		    min(sizeof(inq_ptr->revision), strlen(val)));
10199	}
10200
10201	/*
10202	 * For parallel SCSI, we support double transition and single
10203	 * transition clocking.  We also support QAS (Quick Arbitration
10204	 * and Selection) and Information Unit transfers on both the
10205	 * control and array devices.
10206	 */
10207	if (port_type == CTL_PORT_SCSI)
10208		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10209				    SID_SPI_IUS;
10210
10211	/* SAM-5 (no version claimed) */
10212	scsi_ulto2b(0x00A0, inq_ptr->version1);
10213	/* SPC-4 (no version claimed) */
10214	scsi_ulto2b(0x0460, inq_ptr->version2);
10215	if (port_type == CTL_PORT_FC) {
10216		/* FCP-2 ANSI INCITS.350:2003 */
10217		scsi_ulto2b(0x0917, inq_ptr->version3);
10218	} else if (port_type == CTL_PORT_SCSI) {
10219		/* SPI-4 ANSI INCITS.362:200x */
10220		scsi_ulto2b(0x0B56, inq_ptr->version3);
10221	} else if (port_type == CTL_PORT_ISCSI) {
10222		/* iSCSI (no version claimed) */
10223		scsi_ulto2b(0x0960, inq_ptr->version3);
10224	} else if (port_type == CTL_PORT_SAS) {
10225		/* SAS (no version claimed) */
10226		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10227	}
10228
10229	if (lun == NULL) {
10230		/* SBC-4 (no version claimed) */
10231		scsi_ulto2b(0x0600, inq_ptr->version4);
10232	} else {
10233		switch (lun->be_lun->lun_type) {
10234		case T_DIRECT:
10235			/* SBC-4 (no version claimed) */
10236			scsi_ulto2b(0x0600, inq_ptr->version4);
10237			break;
10238		case T_PROCESSOR:
10239		default:
10240			break;
10241		}
10242	}
10243
10244	ctl_set_success(ctsio);
10245	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10246	ctsio->be_move_done = ctl_config_move_done;
10247	ctl_datamove((union ctl_io *)ctsio);
10248	return (CTL_RETVAL_COMPLETE);
10249}
10250
10251int
10252ctl_inquiry(struct ctl_scsiio *ctsio)
10253{
10254	struct scsi_inquiry *cdb;
10255	int retval;
10256
10257	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10258
10259	cdb = (struct scsi_inquiry *)ctsio->cdb;
10260	if (cdb->byte2 & SI_EVPD)
10261		retval = ctl_inquiry_evpd(ctsio);
10262	else if (cdb->page_code == 0)
10263		retval = ctl_inquiry_std(ctsio);
10264	else {
10265		ctl_set_invalid_field(ctsio,
10266				      /*sks_valid*/ 1,
10267				      /*command*/ 1,
10268				      /*field*/ 2,
10269				      /*bit_valid*/ 0,
10270				      /*bit*/ 0);
10271		ctl_done((union ctl_io *)ctsio);
10272		return (CTL_RETVAL_COMPLETE);
10273	}
10274
10275	return (retval);
10276}
10277
10278/*
10279 * For known CDB types, parse the LBA and length.
10280 */
10281static int
10282ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10283{
10284	if (io->io_hdr.io_type != CTL_IO_SCSI)
10285		return (1);
10286
10287	switch (io->scsiio.cdb[0]) {
10288	case COMPARE_AND_WRITE: {
10289		struct scsi_compare_and_write *cdb;
10290
10291		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10292
10293		*lba = scsi_8btou64(cdb->addr);
10294		*len = cdb->length;
10295		break;
10296	}
10297	case READ_6:
10298	case WRITE_6: {
10299		struct scsi_rw_6 *cdb;
10300
10301		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10302
10303		*lba = scsi_3btoul(cdb->addr);
10304		/* only 5 bits are valid in the most significant address byte */
10305		*lba &= 0x1fffff;
10306		*len = cdb->length;
10307		break;
10308	}
10309	case READ_10:
10310	case WRITE_10: {
10311		struct scsi_rw_10 *cdb;
10312
10313		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10314
10315		*lba = scsi_4btoul(cdb->addr);
10316		*len = scsi_2btoul(cdb->length);
10317		break;
10318	}
10319	case WRITE_VERIFY_10: {
10320		struct scsi_write_verify_10 *cdb;
10321
10322		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10323
10324		*lba = scsi_4btoul(cdb->addr);
10325		*len = scsi_2btoul(cdb->length);
10326		break;
10327	}
10328	case READ_12:
10329	case WRITE_12: {
10330		struct scsi_rw_12 *cdb;
10331
10332		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10333
10334		*lba = scsi_4btoul(cdb->addr);
10335		*len = scsi_4btoul(cdb->length);
10336		break;
10337	}
10338	case WRITE_VERIFY_12: {
10339		struct scsi_write_verify_12 *cdb;
10340
10341		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10342
10343		*lba = scsi_4btoul(cdb->addr);
10344		*len = scsi_4btoul(cdb->length);
10345		break;
10346	}
10347	case READ_16:
10348	case WRITE_16:
10349	case WRITE_ATOMIC_16: {
10350		struct scsi_rw_16 *cdb;
10351
10352		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10353
10354		*lba = scsi_8btou64(cdb->addr);
10355		*len = scsi_4btoul(cdb->length);
10356		break;
10357	}
10358	case WRITE_VERIFY_16: {
10359		struct scsi_write_verify_16 *cdb;
10360
10361		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10362
10363		*lba = scsi_8btou64(cdb->addr);
10364		*len = scsi_4btoul(cdb->length);
10365		break;
10366	}
10367	case WRITE_SAME_10: {
10368		struct scsi_write_same_10 *cdb;
10369
10370		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10371
10372		*lba = scsi_4btoul(cdb->addr);
10373		*len = scsi_2btoul(cdb->length);
10374		break;
10375	}
10376	case WRITE_SAME_16: {
10377		struct scsi_write_same_16 *cdb;
10378
10379		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10380
10381		*lba = scsi_8btou64(cdb->addr);
10382		*len = scsi_4btoul(cdb->length);
10383		break;
10384	}
10385	case VERIFY_10: {
10386		struct scsi_verify_10 *cdb;
10387
10388		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10389
10390		*lba = scsi_4btoul(cdb->addr);
10391		*len = scsi_2btoul(cdb->length);
10392		break;
10393	}
10394	case VERIFY_12: {
10395		struct scsi_verify_12 *cdb;
10396
10397		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10398
10399		*lba = scsi_4btoul(cdb->addr);
10400		*len = scsi_4btoul(cdb->length);
10401		break;
10402	}
10403	case VERIFY_16: {
10404		struct scsi_verify_16 *cdb;
10405
10406		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10407
10408		*lba = scsi_8btou64(cdb->addr);
10409		*len = scsi_4btoul(cdb->length);
10410		break;
10411	}
10412	case UNMAP: {
10413		*lba = 0;
10414		*len = UINT64_MAX;
10415		break;
10416	}
10417	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10418		struct scsi_get_lba_status *cdb;
10419
10420		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10421		*lba = scsi_8btou64(cdb->addr);
10422		*len = UINT32_MAX;
10423		break;
10424	}
10425	default:
10426		return (1);
10427		break; /* NOTREACHED */
10428	}
10429
10430	return (0);
10431}
10432
10433static ctl_action
10434ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10435    bool seq)
10436{
10437	uint64_t endlba1, endlba2;
10438
10439	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10440	endlba2 = lba2 + len2 - 1;
10441
10442	if ((endlba1 < lba2) || (endlba2 < lba1))
10443		return (CTL_ACTION_PASS);
10444	else
10445		return (CTL_ACTION_BLOCK);
10446}
10447
10448static int
10449ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10450{
10451	struct ctl_ptr_len_flags *ptrlen;
10452	struct scsi_unmap_desc *buf, *end, *range;
10453	uint64_t lba;
10454	uint32_t len;
10455
10456	/* If not UNMAP -- go other way. */
10457	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10458	    io->scsiio.cdb[0] != UNMAP)
10459		return (CTL_ACTION_ERROR);
10460
10461	/* If UNMAP without data -- block and wait for data. */
10462	ptrlen = (struct ctl_ptr_len_flags *)
10463	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10464	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10465	    ptrlen->ptr == NULL)
10466		return (CTL_ACTION_BLOCK);
10467
10468	/* UNMAP with data -- check for collision. */
10469	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10470	end = buf + ptrlen->len / sizeof(*buf);
10471	for (range = buf; range < end; range++) {
10472		lba = scsi_8btou64(range->lba);
10473		len = scsi_4btoul(range->length);
10474		if ((lba < lba2 + len2) && (lba + len > lba2))
10475			return (CTL_ACTION_BLOCK);
10476	}
10477	return (CTL_ACTION_PASS);
10478}
10479
10480static ctl_action
10481ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10482{
10483	uint64_t lba1, lba2;
10484	uint64_t len1, len2;
10485	int retval;
10486
10487	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10488		return (CTL_ACTION_ERROR);
10489
10490	retval = ctl_extent_check_unmap(io1, lba2, len2);
10491	if (retval != CTL_ACTION_ERROR)
10492		return (retval);
10493
10494	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10495		return (CTL_ACTION_ERROR);
10496
10497	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10498}
10499
10500static ctl_action
10501ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10502{
10503	uint64_t lba1, lba2;
10504	uint64_t len1, len2;
10505
10506	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10507		return (CTL_ACTION_ERROR);
10508	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10509		return (CTL_ACTION_ERROR);
10510
10511	if (lba1 + len1 == lba2)
10512		return (CTL_ACTION_BLOCK);
10513	return (CTL_ACTION_PASS);
10514}
10515
10516static ctl_action
10517ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10518    union ctl_io *ooa_io)
10519{
10520	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10521	ctl_serialize_action *serialize_row;
10522
10523	/*
10524	 * The initiator attempted multiple untagged commands at the same
10525	 * time.  Can't do that.
10526	 */
10527	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10528	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10529	 && ((pending_io->io_hdr.nexus.targ_port ==
10530	      ooa_io->io_hdr.nexus.targ_port)
10531	  && (pending_io->io_hdr.nexus.initid ==
10532	      ooa_io->io_hdr.nexus.initid))
10533	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10534	      CTL_FLAG_STATUS_SENT)) == 0))
10535		return (CTL_ACTION_OVERLAP);
10536
10537	/*
10538	 * The initiator attempted to send multiple tagged commands with
10539	 * the same ID.  (It's fine if different initiators have the same
10540	 * tag ID.)
10541	 *
10542	 * Even if all of those conditions are true, we don't kill the I/O
10543	 * if the command ahead of us has been aborted.  We won't end up
10544	 * sending it to the FETD, and it's perfectly legal to resend a
10545	 * command with the same tag number as long as the previous
10546	 * instance of this tag number has been aborted somehow.
10547	 */
10548	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10549	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10550	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10551	 && ((pending_io->io_hdr.nexus.targ_port ==
10552	      ooa_io->io_hdr.nexus.targ_port)
10553	  && (pending_io->io_hdr.nexus.initid ==
10554	      ooa_io->io_hdr.nexus.initid))
10555	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10556	      CTL_FLAG_STATUS_SENT)) == 0))
10557		return (CTL_ACTION_OVERLAP_TAG);
10558
10559	/*
10560	 * If we get a head of queue tag, SAM-3 says that we should
10561	 * immediately execute it.
10562	 *
10563	 * What happens if this command would normally block for some other
10564	 * reason?  e.g. a request sense with a head of queue tag
10565	 * immediately after a write.  Normally that would block, but this
10566	 * will result in its getting executed immediately...
10567	 *
10568	 * We currently return "pass" instead of "skip", so we'll end up
10569	 * going through the rest of the queue to check for overlapped tags.
10570	 *
10571	 * XXX KDM check for other types of blockage first??
10572	 */
10573	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10574		return (CTL_ACTION_PASS);
10575
10576	/*
10577	 * Ordered tags have to block until all items ahead of them
10578	 * have completed.  If we get called with an ordered tag, we always
10579	 * block, if something else is ahead of us in the queue.
10580	 */
10581	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10582		return (CTL_ACTION_BLOCK);
10583
10584	/*
10585	 * Simple tags get blocked until all head of queue and ordered tags
10586	 * ahead of them have completed.  I'm lumping untagged commands in
10587	 * with simple tags here.  XXX KDM is that the right thing to do?
10588	 */
10589	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10590	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10591	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10592	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10593		return (CTL_ACTION_BLOCK);
10594
10595	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10596	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10597
10598	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10599
10600	switch (serialize_row[pending_entry->seridx]) {
10601	case CTL_SER_BLOCK:
10602		return (CTL_ACTION_BLOCK);
10603	case CTL_SER_EXTENT:
10604		return (ctl_extent_check(ooa_io, pending_io,
10605		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10606	case CTL_SER_EXTENTOPT:
10607		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10608		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10609			return (ctl_extent_check(ooa_io, pending_io,
10610			    (lun->be_lun &&
10611			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10612		return (CTL_ACTION_PASS);
10613	case CTL_SER_EXTENTSEQ:
10614		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10615			return (ctl_extent_check_seq(ooa_io, pending_io));
10616		return (CTL_ACTION_PASS);
10617	case CTL_SER_PASS:
10618		return (CTL_ACTION_PASS);
10619	case CTL_SER_BLOCKOPT:
10620		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10621		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10622			return (CTL_ACTION_BLOCK);
10623		return (CTL_ACTION_PASS);
10624	case CTL_SER_SKIP:
10625		return (CTL_ACTION_SKIP);
10626	default:
10627		panic("invalid serialization value %d",
10628		      serialize_row[pending_entry->seridx]);
10629	}
10630
10631	return (CTL_ACTION_ERROR);
10632}
10633
10634/*
10635 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10636 * Assumptions:
10637 * - pending_io is generally either incoming, or on the blocked queue
10638 * - starting I/O is the I/O we want to start the check with.
10639 */
10640static ctl_action
10641ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10642	      union ctl_io *starting_io)
10643{
10644	union ctl_io *ooa_io;
10645	ctl_action action;
10646
10647	mtx_assert(&lun->lun_lock, MA_OWNED);
10648
10649	/*
10650	 * Run back along the OOA queue, starting with the current
10651	 * blocked I/O and going through every I/O before it on the
10652	 * queue.  If starting_io is NULL, we'll just end up returning
10653	 * CTL_ACTION_PASS.
10654	 */
10655	for (ooa_io = starting_io; ooa_io != NULL;
10656	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10657	     ooa_links)){
10658
10659		/*
10660		 * This routine just checks to see whether
10661		 * cur_blocked is blocked by ooa_io, which is ahead
10662		 * of it in the queue.  It doesn't queue/dequeue
10663		 * cur_blocked.
10664		 */
10665		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10666		switch (action) {
10667		case CTL_ACTION_BLOCK:
10668		case CTL_ACTION_OVERLAP:
10669		case CTL_ACTION_OVERLAP_TAG:
10670		case CTL_ACTION_SKIP:
10671		case CTL_ACTION_ERROR:
10672			return (action);
10673			break; /* NOTREACHED */
10674		case CTL_ACTION_PASS:
10675			break;
10676		default:
10677			panic("invalid action %d", action);
10678			break;  /* NOTREACHED */
10679		}
10680	}
10681
10682	return (CTL_ACTION_PASS);
10683}
10684
10685/*
10686 * Assumptions:
10687 * - An I/O has just completed, and has been removed from the per-LUN OOA
10688 *   queue, so some items on the blocked queue may now be unblocked.
10689 */
10690static int
10691ctl_check_blocked(struct ctl_lun *lun)
10692{
10693	struct ctl_softc *softc = lun->ctl_softc;
10694	union ctl_io *cur_blocked, *next_blocked;
10695
10696	mtx_assert(&lun->lun_lock, MA_OWNED);
10697
10698	/*
10699	 * Run forward from the head of the blocked queue, checking each
10700	 * entry against the I/Os prior to it on the OOA queue to see if
10701	 * there is still any blockage.
10702	 *
10703	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10704	 * with our removing a variable on it while it is traversing the
10705	 * list.
10706	 */
10707	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10708	     cur_blocked != NULL; cur_blocked = next_blocked) {
10709		union ctl_io *prev_ooa;
10710		ctl_action action;
10711
10712		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10713							  blocked_links);
10714
10715		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10716						      ctl_ooaq, ooa_links);
10717
10718		/*
10719		 * If cur_blocked happens to be the first item in the OOA
10720		 * queue now, prev_ooa will be NULL, and the action
10721		 * returned will just be CTL_ACTION_PASS.
10722		 */
10723		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10724
10725		switch (action) {
10726		case CTL_ACTION_BLOCK:
10727			/* Nothing to do here, still blocked */
10728			break;
10729		case CTL_ACTION_OVERLAP:
10730		case CTL_ACTION_OVERLAP_TAG:
10731			/*
10732			 * This shouldn't happen!  In theory we've already
10733			 * checked this command for overlap...
10734			 */
10735			break;
10736		case CTL_ACTION_PASS:
10737		case CTL_ACTION_SKIP: {
10738			const struct ctl_cmd_entry *entry;
10739
10740			/*
10741			 * The skip case shouldn't happen, this transaction
10742			 * should have never made it onto the blocked queue.
10743			 */
10744			/*
10745			 * This I/O is no longer blocked, we can remove it
10746			 * from the blocked queue.  Since this is a TAILQ
10747			 * (doubly linked list), we can do O(1) removals
10748			 * from any place on the list.
10749			 */
10750			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10751				     blocked_links);
10752			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10753
10754			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10755			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10756				/*
10757				 * Need to send IO back to original side to
10758				 * run
10759				 */
10760				union ctl_ha_msg msg_info;
10761
10762				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10763				msg_info.hdr.original_sc =
10764					cur_blocked->io_hdr.original_sc;
10765				msg_info.hdr.serializing_sc = cur_blocked;
10766				msg_info.hdr.msg_type = CTL_MSG_R2R;
10767				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10768				    sizeof(msg_info.hdr), M_NOWAIT);
10769				break;
10770			}
10771			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10772
10773			/*
10774			 * Check this I/O for LUN state changes that may
10775			 * have happened while this command was blocked.
10776			 * The LUN state may have been changed by a command
10777			 * ahead of us in the queue, so we need to re-check
10778			 * for any states that can be caused by SCSI
10779			 * commands.
10780			 */
10781			if (ctl_scsiio_lun_check(lun, entry,
10782						 &cur_blocked->scsiio) == 0) {
10783				cur_blocked->io_hdr.flags |=
10784				                      CTL_FLAG_IS_WAS_ON_RTR;
10785				ctl_enqueue_rtr(cur_blocked);
10786			} else
10787				ctl_done(cur_blocked);
10788			break;
10789		}
10790		default:
10791			/*
10792			 * This probably shouldn't happen -- we shouldn't
10793			 * get CTL_ACTION_ERROR, or anything else.
10794			 */
10795			break;
10796		}
10797	}
10798
10799	return (CTL_RETVAL_COMPLETE);
10800}
10801
10802/*
10803 * This routine (with one exception) checks LUN flags that can be set by
10804 * commands ahead of us in the OOA queue.  These flags have to be checked
10805 * when a command initially comes in, and when we pull a command off the
10806 * blocked queue and are preparing to execute it.  The reason we have to
10807 * check these flags for commands on the blocked queue is that the LUN
10808 * state may have been changed by a command ahead of us while we're on the
10809 * blocked queue.
10810 *
10811 * Ordering is somewhat important with these checks, so please pay
10812 * careful attention to the placement of any new checks.
10813 */
10814static int
10815ctl_scsiio_lun_check(struct ctl_lun *lun,
10816    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10817{
10818	struct ctl_softc *softc = lun->ctl_softc;
10819	int retval;
10820	uint32_t residx;
10821
10822	retval = 0;
10823
10824	mtx_assert(&lun->lun_lock, MA_OWNED);
10825
10826	/*
10827	 * If this shelf is a secondary shelf controller, we may have to
10828	 * reject some commands disallowed by HA mode and link state.
10829	 */
10830	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10831		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10832		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10833			ctl_set_lun_unavail(ctsio);
10834			retval = 1;
10835			goto bailout;
10836		}
10837		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10838		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10839			ctl_set_lun_transit(ctsio);
10840			retval = 1;
10841			goto bailout;
10842		}
10843		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10844		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10845			ctl_set_lun_standby(ctsio);
10846			retval = 1;
10847			goto bailout;
10848		}
10849
10850		/* The rest of checks are only done on executing side */
10851		if (softc->ha_mode == CTL_HA_MODE_XFER)
10852			goto bailout;
10853	}
10854
10855	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10856		if (lun->be_lun &&
10857		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10858			ctl_set_hw_write_protected(ctsio);
10859			retval = 1;
10860			goto bailout;
10861		}
10862		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10863		    .eca_and_aen & SCP_SWP) != 0) {
10864			ctl_set_sense(ctsio, /*current_error*/ 1,
10865			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10866			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10867			retval = 1;
10868			goto bailout;
10869		}
10870	}
10871
10872	/*
10873	 * Check for a reservation conflict.  If this command isn't allowed
10874	 * even on reserved LUNs, and if this initiator isn't the one who
10875	 * reserved us, reject the command with a reservation conflict.
10876	 */
10877	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10878	if ((lun->flags & CTL_LUN_RESERVED)
10879	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10880		if (lun->res_idx != residx) {
10881			ctl_set_reservation_conflict(ctsio);
10882			retval = 1;
10883			goto bailout;
10884		}
10885	}
10886
10887	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10888	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10889		/* No reservation or command is allowed. */;
10890	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10891	    (lun->res_type == SPR_TYPE_WR_EX ||
10892	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10893	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10894		/* The command is allowed for Write Exclusive resv. */;
10895	} else {
10896		/*
10897		 * if we aren't registered or it's a res holder type
10898		 * reservation and this isn't the res holder then set a
10899		 * conflict.
10900		 */
10901		if (ctl_get_prkey(lun, residx) == 0
10902		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
10903			ctl_set_reservation_conflict(ctsio);
10904			retval = 1;
10905			goto bailout;
10906		}
10907	}
10908
10909	if ((lun->flags & CTL_LUN_OFFLINE)
10910	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
10911		ctl_set_lun_not_ready(ctsio);
10912		retval = 1;
10913		goto bailout;
10914	}
10915
10916	if ((lun->flags & CTL_LUN_STOPPED)
10917	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
10918		/* "Logical unit not ready, initializing cmd. required" */
10919		ctl_set_lun_stopped(ctsio);
10920		retval = 1;
10921		goto bailout;
10922	}
10923
10924	if ((lun->flags & CTL_LUN_INOPERABLE)
10925	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
10926		/* "Medium format corrupted" */
10927		ctl_set_medium_format_corrupted(ctsio);
10928		retval = 1;
10929		goto bailout;
10930	}
10931
10932bailout:
10933	return (retval);
10934}
10935
10936static void
10937ctl_failover_io(union ctl_io *io, int have_lock)
10938{
10939	ctl_set_busy(&io->scsiio);
10940	ctl_done(io);
10941}
10942
10943static void
10944ctl_failover_lun(struct ctl_lun *lun)
10945{
10946	struct ctl_softc *softc = lun->ctl_softc;
10947	struct ctl_io_hdr *io, *next_io;
10948
10949	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
10950	if (softc->ha_mode == CTL_HA_MODE_XFER) {
10951		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10952			/* We are master */
10953			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10954				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10955					io->flags |= CTL_FLAG_ABORT;
10956					io->flags |= CTL_FLAG_FAILOVER;
10957				} else { /* This can be only due to DATAMOVE */
10958					io->msg_type = CTL_MSG_DATAMOVE_DONE;
10959					io->flags |= CTL_FLAG_IO_ACTIVE;
10960					io->port_status = 31340;
10961					ctl_enqueue_isc((union ctl_io *)io);
10962				}
10963			}
10964			/* We are slave */
10965			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10966				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10967				if (io->flags & CTL_FLAG_IO_ACTIVE) {
10968					io->flags |= CTL_FLAG_FAILOVER;
10969				} else {
10970					ctl_set_busy(&((union ctl_io *)io)->
10971					    scsiio);
10972					ctl_done((union ctl_io *)io);
10973				}
10974			}
10975		}
10976	} else { /* SERIALIZE modes */
10977		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
10978		    next_io) {
10979			/* We are master */
10980			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10981				TAILQ_REMOVE(&lun->blocked_queue, io,
10982				    blocked_links);
10983				io->flags &= ~CTL_FLAG_BLOCKED;
10984				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10985				ctl_free_io((union ctl_io *)io);
10986			}
10987		}
10988		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
10989			/* We are master */
10990			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
10991				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
10992				ctl_free_io((union ctl_io *)io);
10993			}
10994			/* We are slave */
10995			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
10996				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
10997				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
10998					ctl_set_busy(&((union ctl_io *)io)->
10999					    scsiio);
11000					ctl_done((union ctl_io *)io);
11001				}
11002			}
11003		}
11004		ctl_check_blocked(lun);
11005	}
11006}
11007
11008static int
11009ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11010{
11011	struct ctl_lun *lun;
11012	const struct ctl_cmd_entry *entry;
11013	uint32_t initidx, targ_lun;
11014	int retval;
11015
11016	retval = 0;
11017
11018	lun = NULL;
11019
11020	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11021	if ((targ_lun < CTL_MAX_LUNS)
11022	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11023		/*
11024		 * If the LUN is invalid, pretend that it doesn't exist.
11025		 * It will go away as soon as all pending I/O has been
11026		 * completed.
11027		 */
11028		mtx_lock(&lun->lun_lock);
11029		if (lun->flags & CTL_LUN_DISABLED) {
11030			mtx_unlock(&lun->lun_lock);
11031			lun = NULL;
11032			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11033			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11034		} else {
11035			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11036			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11037				lun->be_lun;
11038
11039			/*
11040			 * Every I/O goes into the OOA queue for a
11041			 * particular LUN, and stays there until completion.
11042			 */
11043#ifdef CTL_TIME_IO
11044			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11045				lun->idle_time += getsbinuptime() -
11046				    lun->last_busy;
11047			}
11048#endif
11049			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11050			    ooa_links);
11051		}
11052	} else {
11053		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11054		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11055	}
11056
11057	/* Get command entry and return error if it is unsuppotyed. */
11058	entry = ctl_validate_command(ctsio);
11059	if (entry == NULL) {
11060		if (lun)
11061			mtx_unlock(&lun->lun_lock);
11062		return (retval);
11063	}
11064
11065	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11066	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11067
11068	/*
11069	 * Check to see whether we can send this command to LUNs that don't
11070	 * exist.  This should pretty much only be the case for inquiry
11071	 * and request sense.  Further checks, below, really require having
11072	 * a LUN, so we can't really check the command anymore.  Just put
11073	 * it on the rtr queue.
11074	 */
11075	if (lun == NULL) {
11076		if (entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) {
11077			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11078			ctl_enqueue_rtr((union ctl_io *)ctsio);
11079			return (retval);
11080		}
11081
11082		ctl_set_unsupported_lun(ctsio);
11083		ctl_done((union ctl_io *)ctsio);
11084		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11085		return (retval);
11086	} else {
11087		/*
11088		 * Make sure we support this particular command on this LUN.
11089		 * e.g., we don't support writes to the control LUN.
11090		 */
11091		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11092			mtx_unlock(&lun->lun_lock);
11093			ctl_set_invalid_opcode(ctsio);
11094			ctl_done((union ctl_io *)ctsio);
11095			return (retval);
11096		}
11097	}
11098
11099	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11100
11101#ifdef CTL_WITH_CA
11102	/*
11103	 * If we've got a request sense, it'll clear the contingent
11104	 * allegiance condition.  Otherwise, if we have a CA condition for
11105	 * this initiator, clear it, because it sent down a command other
11106	 * than request sense.
11107	 */
11108	if ((ctsio->cdb[0] != REQUEST_SENSE)
11109	 && (ctl_is_set(lun->have_ca, initidx)))
11110		ctl_clear_mask(lun->have_ca, initidx);
11111#endif
11112
11113	/*
11114	 * If the command has this flag set, it handles its own unit
11115	 * attention reporting, we shouldn't do anything.  Otherwise we
11116	 * check for any pending unit attentions, and send them back to the
11117	 * initiator.  We only do this when a command initially comes in,
11118	 * not when we pull it off the blocked queue.
11119	 *
11120	 * According to SAM-3, section 5.3.2, the order that things get
11121	 * presented back to the host is basically unit attentions caused
11122	 * by some sort of reset event, busy status, reservation conflicts
11123	 * or task set full, and finally any other status.
11124	 *
11125	 * One issue here is that some of the unit attentions we report
11126	 * don't fall into the "reset" category (e.g. "reported luns data
11127	 * has changed").  So reporting it here, before the reservation
11128	 * check, may be technically wrong.  I guess the only thing to do
11129	 * would be to check for and report the reset events here, and then
11130	 * check for the other unit attention types after we check for a
11131	 * reservation conflict.
11132	 *
11133	 * XXX KDM need to fix this
11134	 */
11135	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11136		ctl_ua_type ua_type;
11137
11138		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11139		    SSD_TYPE_NONE);
11140		if (ua_type != CTL_UA_NONE) {
11141			mtx_unlock(&lun->lun_lock);
11142			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11143			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11144			ctsio->sense_len = SSD_FULL_SIZE;
11145			ctl_done((union ctl_io *)ctsio);
11146			return (retval);
11147		}
11148	}
11149
11150
11151	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11152		mtx_unlock(&lun->lun_lock);
11153		ctl_done((union ctl_io *)ctsio);
11154		return (retval);
11155	}
11156
11157	/*
11158	 * XXX CHD this is where we want to send IO to other side if
11159	 * this LUN is secondary on this SC. We will need to make a copy
11160	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11161	 * the copy we send as FROM_OTHER.
11162	 * We also need to stuff the address of the original IO so we can
11163	 * find it easily. Something similar will need be done on the other
11164	 * side so when we are done we can find the copy.
11165	 */
11166	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11167	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0) {
11168		union ctl_ha_msg msg_info;
11169		int isc_retval;
11170
11171		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11172		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11173		mtx_unlock(&lun->lun_lock);
11174
11175		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11176		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11177		msg_info.hdr.serializing_sc = NULL;
11178		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11179		msg_info.scsi.tag_num = ctsio->tag_num;
11180		msg_info.scsi.tag_type = ctsio->tag_type;
11181		msg_info.scsi.cdb_len = ctsio->cdb_len;
11182		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11183
11184		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11185		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11186		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11187			ctl_set_busy(ctsio);
11188			ctl_done((union ctl_io *)ctsio);
11189			return (retval);
11190		}
11191		return (retval);
11192	}
11193
11194	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11195			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11196			      ctl_ooaq, ooa_links))) {
11197	case CTL_ACTION_BLOCK:
11198		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11199		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11200				  blocked_links);
11201		mtx_unlock(&lun->lun_lock);
11202		return (retval);
11203	case CTL_ACTION_PASS:
11204	case CTL_ACTION_SKIP:
11205		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11206		mtx_unlock(&lun->lun_lock);
11207		ctl_enqueue_rtr((union ctl_io *)ctsio);
11208		break;
11209	case CTL_ACTION_OVERLAP:
11210		mtx_unlock(&lun->lun_lock);
11211		ctl_set_overlapped_cmd(ctsio);
11212		ctl_done((union ctl_io *)ctsio);
11213		break;
11214	case CTL_ACTION_OVERLAP_TAG:
11215		mtx_unlock(&lun->lun_lock);
11216		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11217		ctl_done((union ctl_io *)ctsio);
11218		break;
11219	case CTL_ACTION_ERROR:
11220	default:
11221		mtx_unlock(&lun->lun_lock);
11222		ctl_set_internal_failure(ctsio,
11223					 /*sks_valid*/ 0,
11224					 /*retry_count*/ 0);
11225		ctl_done((union ctl_io *)ctsio);
11226		break;
11227	}
11228	return (retval);
11229}
11230
11231const struct ctl_cmd_entry *
11232ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11233{
11234	const struct ctl_cmd_entry *entry;
11235	int service_action;
11236
11237	entry = &ctl_cmd_table[ctsio->cdb[0]];
11238	if (sa)
11239		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11240	if (entry->flags & CTL_CMD_FLAG_SA5) {
11241		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11242		entry = &((const struct ctl_cmd_entry *)
11243		    entry->execute)[service_action];
11244	}
11245	return (entry);
11246}
11247
11248const struct ctl_cmd_entry *
11249ctl_validate_command(struct ctl_scsiio *ctsio)
11250{
11251	const struct ctl_cmd_entry *entry;
11252	int i, sa;
11253	uint8_t diff;
11254
11255	entry = ctl_get_cmd_entry(ctsio, &sa);
11256	if (entry->execute == NULL) {
11257		if (sa)
11258			ctl_set_invalid_field(ctsio,
11259					      /*sks_valid*/ 1,
11260					      /*command*/ 1,
11261					      /*field*/ 1,
11262					      /*bit_valid*/ 1,
11263					      /*bit*/ 4);
11264		else
11265			ctl_set_invalid_opcode(ctsio);
11266		ctl_done((union ctl_io *)ctsio);
11267		return (NULL);
11268	}
11269	KASSERT(entry->length > 0,
11270	    ("Not defined length for command 0x%02x/0x%02x",
11271	     ctsio->cdb[0], ctsio->cdb[1]));
11272	for (i = 1; i < entry->length; i++) {
11273		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11274		if (diff == 0)
11275			continue;
11276		ctl_set_invalid_field(ctsio,
11277				      /*sks_valid*/ 1,
11278				      /*command*/ 1,
11279				      /*field*/ i,
11280				      /*bit_valid*/ 1,
11281				      /*bit*/ fls(diff) - 1);
11282		ctl_done((union ctl_io *)ctsio);
11283		return (NULL);
11284	}
11285	return (entry);
11286}
11287
11288static int
11289ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11290{
11291
11292	switch (lun_type) {
11293	case T_PROCESSOR:
11294		if (((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0) &&
11295		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11296			return (0);
11297		break;
11298	case T_DIRECT:
11299		if (((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0) &&
11300		    ((entry->flags & CTL_CMD_FLAG_OK_ON_ALL_LUNS) == 0))
11301			return (0);
11302		break;
11303	default:
11304		return (0);
11305	}
11306	return (1);
11307}
11308
11309static int
11310ctl_scsiio(struct ctl_scsiio *ctsio)
11311{
11312	int retval;
11313	const struct ctl_cmd_entry *entry;
11314
11315	retval = CTL_RETVAL_COMPLETE;
11316
11317	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11318
11319	entry = ctl_get_cmd_entry(ctsio, NULL);
11320
11321	/*
11322	 * If this I/O has been aborted, just send it straight to
11323	 * ctl_done() without executing it.
11324	 */
11325	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11326		ctl_done((union ctl_io *)ctsio);
11327		goto bailout;
11328	}
11329
11330	/*
11331	 * All the checks should have been handled by ctl_scsiio_precheck().
11332	 * We should be clear now to just execute the I/O.
11333	 */
11334	retval = entry->execute(ctsio);
11335
11336bailout:
11337	return (retval);
11338}
11339
11340/*
11341 * Since we only implement one target right now, a bus reset simply resets
11342 * our single target.
11343 */
11344static int
11345ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11346{
11347	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11348}
11349
11350static int
11351ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11352		 ctl_ua_type ua_type)
11353{
11354	struct ctl_port *port;
11355	struct ctl_lun *lun;
11356	int retval;
11357
11358	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11359		union ctl_ha_msg msg_info;
11360
11361		msg_info.hdr.nexus = io->io_hdr.nexus;
11362		if (ua_type==CTL_UA_TARG_RESET)
11363			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11364		else
11365			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11366		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11367		msg_info.hdr.original_sc = NULL;
11368		msg_info.hdr.serializing_sc = NULL;
11369		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11370		    sizeof(msg_info.task), M_WAITOK);
11371	}
11372	retval = 0;
11373
11374	mtx_lock(&softc->ctl_lock);
11375	port = softc->ctl_ports[io->io_hdr.nexus.targ_port];
11376	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11377		if (port != NULL &&
11378		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11379			continue;
11380		retval += ctl_do_lun_reset(lun, io, ua_type);
11381	}
11382	mtx_unlock(&softc->ctl_lock);
11383	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11384	return (retval);
11385}
11386
11387/*
11388 * The LUN should always be set.  The I/O is optional, and is used to
11389 * distinguish between I/Os sent by this initiator, and by other
11390 * initiators.  We set unit attention for initiators other than this one.
11391 * SAM-3 is vague on this point.  It does say that a unit attention should
11392 * be established for other initiators when a LUN is reset (see section
11393 * 5.7.3), but it doesn't specifically say that the unit attention should
11394 * be established for this particular initiator when a LUN is reset.  Here
11395 * is the relevant text, from SAM-3 rev 8:
11396 *
11397 * 5.7.2 When a SCSI initiator port aborts its own tasks
11398 *
11399 * When a SCSI initiator port causes its own task(s) to be aborted, no
11400 * notification that the task(s) have been aborted shall be returned to
11401 * the SCSI initiator port other than the completion response for the
11402 * command or task management function action that caused the task(s) to
11403 * be aborted and notification(s) associated with related effects of the
11404 * action (e.g., a reset unit attention condition).
11405 *
11406 * XXX KDM for now, we're setting unit attention for all initiators.
11407 */
11408static int
11409ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11410{
11411	union ctl_io *xio;
11412#if 0
11413	uint32_t initidx;
11414#endif
11415#ifdef CTL_WITH_CA
11416	int i;
11417#endif
11418
11419	mtx_lock(&lun->lun_lock);
11420	/*
11421	 * Run through the OOA queue and abort each I/O.
11422	 */
11423	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11424	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11425		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11426	}
11427
11428	/*
11429	 * This version sets unit attention for every
11430	 */
11431#if 0
11432	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11433	ctl_est_ua_all(lun, initidx, ua_type);
11434#else
11435	ctl_est_ua_all(lun, -1, ua_type);
11436#endif
11437
11438	/*
11439	 * A reset (any kind, really) clears reservations established with
11440	 * RESERVE/RELEASE.  It does not clear reservations established
11441	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11442	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11443	 * reservations made with the RESERVE/RELEASE commands, because
11444	 * those commands are obsolete in SPC-3.
11445	 */
11446	lun->flags &= ~CTL_LUN_RESERVED;
11447
11448#ifdef CTL_WITH_CA
11449	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11450		ctl_clear_mask(lun->have_ca, i);
11451#endif
11452	mtx_unlock(&lun->lun_lock);
11453
11454	return (0);
11455}
11456
11457static int
11458ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11459{
11460	struct ctl_lun *lun;
11461	uint32_t targ_lun;
11462	int retval;
11463
11464	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11465	mtx_lock(&softc->ctl_lock);
11466	if ((targ_lun >= CTL_MAX_LUNS) ||
11467	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11468		mtx_unlock(&softc->ctl_lock);
11469		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11470		return (1);
11471	}
11472	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11473	mtx_unlock(&softc->ctl_lock);
11474	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11475
11476	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11477		union ctl_ha_msg msg_info;
11478
11479		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11480		msg_info.hdr.nexus = io->io_hdr.nexus;
11481		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11482		msg_info.hdr.original_sc = NULL;
11483		msg_info.hdr.serializing_sc = NULL;
11484		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11485		    sizeof(msg_info.task), M_WAITOK);
11486	}
11487	return (retval);
11488}
11489
11490static void
11491ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11492    int other_sc)
11493{
11494	union ctl_io *xio;
11495
11496	mtx_assert(&lun->lun_lock, MA_OWNED);
11497
11498	/*
11499	 * Run through the OOA queue and attempt to find the given I/O.
11500	 * The target port, initiator ID, tag type and tag number have to
11501	 * match the values that we got from the initiator.  If we have an
11502	 * untagged command to abort, simply abort the first untagged command
11503	 * we come to.  We only allow one untagged command at a time of course.
11504	 */
11505	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11506	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11507
11508		if ((targ_port == UINT32_MAX ||
11509		     targ_port == xio->io_hdr.nexus.targ_port) &&
11510		    (init_id == UINT32_MAX ||
11511		     init_id == xio->io_hdr.nexus.initid)) {
11512			if (targ_port != xio->io_hdr.nexus.targ_port ||
11513			    init_id != xio->io_hdr.nexus.initid)
11514				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11515			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11516			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11517				union ctl_ha_msg msg_info;
11518
11519				msg_info.hdr.nexus = xio->io_hdr.nexus;
11520				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11521				msg_info.task.tag_num = xio->scsiio.tag_num;
11522				msg_info.task.tag_type = xio->scsiio.tag_type;
11523				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11524				msg_info.hdr.original_sc = NULL;
11525				msg_info.hdr.serializing_sc = NULL;
11526				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11527				    sizeof(msg_info.task), M_NOWAIT);
11528			}
11529		}
11530	}
11531}
11532
11533static int
11534ctl_abort_task_set(union ctl_io *io)
11535{
11536	struct ctl_softc *softc = control_softc;
11537	struct ctl_lun *lun;
11538	uint32_t targ_lun;
11539
11540	/*
11541	 * Look up the LUN.
11542	 */
11543	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11544	mtx_lock(&softc->ctl_lock);
11545	if ((targ_lun >= CTL_MAX_LUNS) ||
11546	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11547		mtx_unlock(&softc->ctl_lock);
11548		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11549		return (1);
11550	}
11551
11552	mtx_lock(&lun->lun_lock);
11553	mtx_unlock(&softc->ctl_lock);
11554	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11555		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11556		    io->io_hdr.nexus.initid,
11557		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11558	} else { /* CTL_TASK_CLEAR_TASK_SET */
11559		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11560		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11561	}
11562	mtx_unlock(&lun->lun_lock);
11563	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11564	return (0);
11565}
11566
11567static int
11568ctl_i_t_nexus_reset(union ctl_io *io)
11569{
11570	struct ctl_softc *softc = control_softc;
11571	struct ctl_lun *lun;
11572	uint32_t initidx;
11573
11574	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11575		union ctl_ha_msg msg_info;
11576
11577		msg_info.hdr.nexus = io->io_hdr.nexus;
11578		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11579		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11580		msg_info.hdr.original_sc = NULL;
11581		msg_info.hdr.serializing_sc = NULL;
11582		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11583		    sizeof(msg_info.task), M_WAITOK);
11584	}
11585
11586	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11587	mtx_lock(&softc->ctl_lock);
11588	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11589		mtx_lock(&lun->lun_lock);
11590		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11591		    io->io_hdr.nexus.initid, 1);
11592#ifdef CTL_WITH_CA
11593		ctl_clear_mask(lun->have_ca, initidx);
11594#endif
11595		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11596			lun->flags &= ~CTL_LUN_RESERVED;
11597		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11598		mtx_unlock(&lun->lun_lock);
11599	}
11600	mtx_unlock(&softc->ctl_lock);
11601	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11602	return (0);
11603}
11604
11605static int
11606ctl_abort_task(union ctl_io *io)
11607{
11608	union ctl_io *xio;
11609	struct ctl_lun *lun;
11610	struct ctl_softc *softc;
11611#if 0
11612	struct sbuf sb;
11613	char printbuf[128];
11614#endif
11615	int found;
11616	uint32_t targ_lun;
11617
11618	softc = control_softc;
11619	found = 0;
11620
11621	/*
11622	 * Look up the LUN.
11623	 */
11624	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11625	mtx_lock(&softc->ctl_lock);
11626	if ((targ_lun >= CTL_MAX_LUNS) ||
11627	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11628		mtx_unlock(&softc->ctl_lock);
11629		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11630		return (1);
11631	}
11632
11633#if 0
11634	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11635	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11636#endif
11637
11638	mtx_lock(&lun->lun_lock);
11639	mtx_unlock(&softc->ctl_lock);
11640	/*
11641	 * Run through the OOA queue and attempt to find the given I/O.
11642	 * The target port, initiator ID, tag type and tag number have to
11643	 * match the values that we got from the initiator.  If we have an
11644	 * untagged command to abort, simply abort the first untagged command
11645	 * we come to.  We only allow one untagged command at a time of course.
11646	 */
11647	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11648	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11649#if 0
11650		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11651
11652		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11653			    lun->lun, xio->scsiio.tag_num,
11654			    xio->scsiio.tag_type,
11655			    (xio->io_hdr.blocked_links.tqe_prev
11656			    == NULL) ? "" : " BLOCKED",
11657			    (xio->io_hdr.flags &
11658			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11659			    (xio->io_hdr.flags &
11660			    CTL_FLAG_ABORT) ? " ABORT" : "",
11661			    (xio->io_hdr.flags &
11662			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11663		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11664		sbuf_finish(&sb);
11665		printf("%s\n", sbuf_data(&sb));
11666#endif
11667
11668		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11669		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11670		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11671			continue;
11672
11673		/*
11674		 * If the abort says that the task is untagged, the
11675		 * task in the queue must be untagged.  Otherwise,
11676		 * we just check to see whether the tag numbers
11677		 * match.  This is because the QLogic firmware
11678		 * doesn't pass back the tag type in an abort
11679		 * request.
11680		 */
11681#if 0
11682		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11683		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11684		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11685#endif
11686		/*
11687		 * XXX KDM we've got problems with FC, because it
11688		 * doesn't send down a tag type with aborts.  So we
11689		 * can only really go by the tag number...
11690		 * This may cause problems with parallel SCSI.
11691		 * Need to figure that out!!
11692		 */
11693		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11694			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11695			found = 1;
11696			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11697			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11698				union ctl_ha_msg msg_info;
11699
11700				msg_info.hdr.nexus = io->io_hdr.nexus;
11701				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11702				msg_info.task.tag_num = io->taskio.tag_num;
11703				msg_info.task.tag_type = io->taskio.tag_type;
11704				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11705				msg_info.hdr.original_sc = NULL;
11706				msg_info.hdr.serializing_sc = NULL;
11707#if 0
11708				printf("Sent Abort to other side\n");
11709#endif
11710				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11711				    sizeof(msg_info.task), M_NOWAIT);
11712			}
11713#if 0
11714			printf("ctl_abort_task: found I/O to abort\n");
11715#endif
11716		}
11717	}
11718	mtx_unlock(&lun->lun_lock);
11719
11720	if (found == 0) {
11721		/*
11722		 * This isn't really an error.  It's entirely possible for
11723		 * the abort and command completion to cross on the wire.
11724		 * This is more of an informative/diagnostic error.
11725		 */
11726#if 0
11727		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11728		       "%u:%u:%u tag %d type %d\n",
11729		       io->io_hdr.nexus.initid,
11730		       io->io_hdr.nexus.targ_port,
11731		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11732		       io->taskio.tag_type);
11733#endif
11734	}
11735	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11736	return (0);
11737}
11738
11739static int
11740ctl_query_task(union ctl_io *io, int task_set)
11741{
11742	union ctl_io *xio;
11743	struct ctl_lun *lun;
11744	struct ctl_softc *softc;
11745	int found = 0;
11746	uint32_t targ_lun;
11747
11748	softc = control_softc;
11749	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11750	mtx_lock(&softc->ctl_lock);
11751	if ((targ_lun >= CTL_MAX_LUNS) ||
11752	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11753		mtx_unlock(&softc->ctl_lock);
11754		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11755		return (1);
11756	}
11757	mtx_lock(&lun->lun_lock);
11758	mtx_unlock(&softc->ctl_lock);
11759	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11760	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11761
11762		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11763		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11764		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11765			continue;
11766
11767		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11768			found = 1;
11769			break;
11770		}
11771	}
11772	mtx_unlock(&lun->lun_lock);
11773	if (found)
11774		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11775	else
11776		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11777	return (0);
11778}
11779
11780static int
11781ctl_query_async_event(union ctl_io *io)
11782{
11783	struct ctl_lun *lun;
11784	struct ctl_softc *softc;
11785	ctl_ua_type ua;
11786	uint32_t targ_lun, initidx;
11787
11788	softc = control_softc;
11789	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11790	mtx_lock(&softc->ctl_lock);
11791	if ((targ_lun >= CTL_MAX_LUNS) ||
11792	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11793		mtx_unlock(&softc->ctl_lock);
11794		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11795		return (1);
11796	}
11797	mtx_lock(&lun->lun_lock);
11798	mtx_unlock(&softc->ctl_lock);
11799	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11800	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11801	mtx_unlock(&lun->lun_lock);
11802	if (ua != CTL_UA_NONE)
11803		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11804	else
11805		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11806	return (0);
11807}
11808
11809static void
11810ctl_run_task(union ctl_io *io)
11811{
11812	struct ctl_softc *softc = control_softc;
11813	int retval = 1;
11814
11815	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11816	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11817	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11818	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11819	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11820	switch (io->taskio.task_action) {
11821	case CTL_TASK_ABORT_TASK:
11822		retval = ctl_abort_task(io);
11823		break;
11824	case CTL_TASK_ABORT_TASK_SET:
11825	case CTL_TASK_CLEAR_TASK_SET:
11826		retval = ctl_abort_task_set(io);
11827		break;
11828	case CTL_TASK_CLEAR_ACA:
11829		break;
11830	case CTL_TASK_I_T_NEXUS_RESET:
11831		retval = ctl_i_t_nexus_reset(io);
11832		break;
11833	case CTL_TASK_LUN_RESET:
11834		retval = ctl_lun_reset(softc, io);
11835		break;
11836	case CTL_TASK_TARGET_RESET:
11837		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11838		break;
11839	case CTL_TASK_BUS_RESET:
11840		retval = ctl_bus_reset(softc, io);
11841		break;
11842	case CTL_TASK_PORT_LOGIN:
11843		break;
11844	case CTL_TASK_PORT_LOGOUT:
11845		break;
11846	case CTL_TASK_QUERY_TASK:
11847		retval = ctl_query_task(io, 0);
11848		break;
11849	case CTL_TASK_QUERY_TASK_SET:
11850		retval = ctl_query_task(io, 1);
11851		break;
11852	case CTL_TASK_QUERY_ASYNC_EVENT:
11853		retval = ctl_query_async_event(io);
11854		break;
11855	default:
11856		printf("%s: got unknown task management event %d\n",
11857		       __func__, io->taskio.task_action);
11858		break;
11859	}
11860	if (retval == 0)
11861		io->io_hdr.status = CTL_SUCCESS;
11862	else
11863		io->io_hdr.status = CTL_ERROR;
11864	ctl_done(io);
11865}
11866
11867/*
11868 * For HA operation.  Handle commands that come in from the other
11869 * controller.
11870 */
11871static void
11872ctl_handle_isc(union ctl_io *io)
11873{
11874	int free_io;
11875	struct ctl_lun *lun;
11876	struct ctl_softc *softc;
11877	uint32_t targ_lun;
11878
11879	softc = control_softc;
11880
11881	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11882	lun = softc->ctl_luns[targ_lun];
11883
11884	switch (io->io_hdr.msg_type) {
11885	case CTL_MSG_SERIALIZE:
11886		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11887		break;
11888	case CTL_MSG_R2R: {
11889		const struct ctl_cmd_entry *entry;
11890
11891		/*
11892		 * This is only used in SER_ONLY mode.
11893		 */
11894		free_io = 0;
11895		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11896		mtx_lock(&lun->lun_lock);
11897		if (ctl_scsiio_lun_check(lun,
11898		    entry, (struct ctl_scsiio *)io) != 0) {
11899			mtx_unlock(&lun->lun_lock);
11900			ctl_done(io);
11901			break;
11902		}
11903		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11904		mtx_unlock(&lun->lun_lock);
11905		ctl_enqueue_rtr(io);
11906		break;
11907	}
11908	case CTL_MSG_FINISH_IO:
11909		if (softc->ha_mode == CTL_HA_MODE_XFER) {
11910			free_io = 0;
11911			ctl_done(io);
11912		} else {
11913			free_io = 1;
11914			mtx_lock(&lun->lun_lock);
11915			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
11916				     ooa_links);
11917			ctl_check_blocked(lun);
11918			mtx_unlock(&lun->lun_lock);
11919		}
11920		break;
11921	case CTL_MSG_PERS_ACTION:
11922		ctl_hndl_per_res_out_on_other_sc(
11923			(union ctl_ha_msg *)&io->presio.pr_msg);
11924		free_io = 1;
11925		break;
11926	case CTL_MSG_BAD_JUJU:
11927		free_io = 0;
11928		ctl_done(io);
11929		break;
11930	case CTL_MSG_DATAMOVE:
11931		/* Only used in XFER mode */
11932		free_io = 0;
11933		ctl_datamove_remote(io);
11934		break;
11935	case CTL_MSG_DATAMOVE_DONE:
11936		/* Only used in XFER mode */
11937		free_io = 0;
11938		io->scsiio.be_move_done(io);
11939		break;
11940	case CTL_MSG_FAILOVER:
11941		mtx_lock(&lun->lun_lock);
11942		ctl_failover_lun(lun);
11943		mtx_unlock(&lun->lun_lock);
11944		free_io = 1;
11945		break;
11946	default:
11947		free_io = 1;
11948		printf("%s: Invalid message type %d\n",
11949		       __func__, io->io_hdr.msg_type);
11950		break;
11951	}
11952	if (free_io)
11953		ctl_free_io(io);
11954
11955}
11956
11957
11958/*
11959 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
11960 * there is no match.
11961 */
11962static ctl_lun_error_pattern
11963ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
11964{
11965	const struct ctl_cmd_entry *entry;
11966	ctl_lun_error_pattern filtered_pattern, pattern;
11967
11968	pattern = desc->error_pattern;
11969
11970	/*
11971	 * XXX KDM we need more data passed into this function to match a
11972	 * custom pattern, and we actually need to implement custom pattern
11973	 * matching.
11974	 */
11975	if (pattern & CTL_LUN_PAT_CMD)
11976		return (CTL_LUN_PAT_CMD);
11977
11978	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
11979		return (CTL_LUN_PAT_ANY);
11980
11981	entry = ctl_get_cmd_entry(ctsio, NULL);
11982
11983	filtered_pattern = entry->pattern & pattern;
11984
11985	/*
11986	 * If the user requested specific flags in the pattern (e.g.
11987	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
11988	 * flags.
11989	 *
11990	 * If the user did not specify any flags, it doesn't matter whether
11991	 * or not the command supports the flags.
11992	 */
11993	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
11994	     (pattern & ~CTL_LUN_PAT_MASK))
11995		return (CTL_LUN_PAT_NONE);
11996
11997	/*
11998	 * If the user asked for a range check, see if the requested LBA
11999	 * range overlaps with this command's LBA range.
12000	 */
12001	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12002		uint64_t lba1;
12003		uint64_t len1;
12004		ctl_action action;
12005		int retval;
12006
12007		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12008		if (retval != 0)
12009			return (CTL_LUN_PAT_NONE);
12010
12011		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12012					      desc->lba_range.len, FALSE);
12013		/*
12014		 * A "pass" means that the LBA ranges don't overlap, so
12015		 * this doesn't match the user's range criteria.
12016		 */
12017		if (action == CTL_ACTION_PASS)
12018			return (CTL_LUN_PAT_NONE);
12019	}
12020
12021	return (filtered_pattern);
12022}
12023
12024static void
12025ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12026{
12027	struct ctl_error_desc *desc, *desc2;
12028
12029	mtx_assert(&lun->lun_lock, MA_OWNED);
12030
12031	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12032		ctl_lun_error_pattern pattern;
12033		/*
12034		 * Check to see whether this particular command matches
12035		 * the pattern in the descriptor.
12036		 */
12037		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12038		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12039			continue;
12040
12041		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12042		case CTL_LUN_INJ_ABORTED:
12043			ctl_set_aborted(&io->scsiio);
12044			break;
12045		case CTL_LUN_INJ_MEDIUM_ERR:
12046			ctl_set_medium_error(&io->scsiio,
12047			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12048			     CTL_FLAG_DATA_OUT);
12049			break;
12050		case CTL_LUN_INJ_UA:
12051			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12052			 * OCCURRED */
12053			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12054			break;
12055		case CTL_LUN_INJ_CUSTOM:
12056			/*
12057			 * We're assuming the user knows what he is doing.
12058			 * Just copy the sense information without doing
12059			 * checks.
12060			 */
12061			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12062			      MIN(sizeof(desc->custom_sense),
12063				  sizeof(io->scsiio.sense_data)));
12064			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12065			io->scsiio.sense_len = SSD_FULL_SIZE;
12066			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12067			break;
12068		case CTL_LUN_INJ_NONE:
12069		default:
12070			/*
12071			 * If this is an error injection type we don't know
12072			 * about, clear the continuous flag (if it is set)
12073			 * so it will get deleted below.
12074			 */
12075			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12076			break;
12077		}
12078		/*
12079		 * By default, each error injection action is a one-shot
12080		 */
12081		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12082			continue;
12083
12084		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12085
12086		free(desc, M_CTL);
12087	}
12088}
12089
12090#ifdef CTL_IO_DELAY
12091static void
12092ctl_datamove_timer_wakeup(void *arg)
12093{
12094	union ctl_io *io;
12095
12096	io = (union ctl_io *)arg;
12097
12098	ctl_datamove(io);
12099}
12100#endif /* CTL_IO_DELAY */
12101
12102void
12103ctl_datamove(union ctl_io *io)
12104{
12105	struct ctl_lun *lun;
12106	void (*fe_datamove)(union ctl_io *io);
12107
12108	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12109
12110	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12111
12112	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12113#ifdef CTL_TIME_IO
12114	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12115		char str[256];
12116		char path_str[64];
12117		struct sbuf sb;
12118
12119		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12120		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12121
12122		sbuf_cat(&sb, path_str);
12123		switch (io->io_hdr.io_type) {
12124		case CTL_IO_SCSI:
12125			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12126			sbuf_printf(&sb, "\n");
12127			sbuf_cat(&sb, path_str);
12128			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12129				    io->scsiio.tag_num, io->scsiio.tag_type);
12130			break;
12131		case CTL_IO_TASK:
12132			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12133				    "Tag Type: %d\n", io->taskio.task_action,
12134				    io->taskio.tag_num, io->taskio.tag_type);
12135			break;
12136		default:
12137			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12138			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12139			break;
12140		}
12141		sbuf_cat(&sb, path_str);
12142		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12143			    (intmax_t)time_uptime - io->io_hdr.start_time);
12144		sbuf_finish(&sb);
12145		printf("%s", sbuf_data(&sb));
12146	}
12147#endif /* CTL_TIME_IO */
12148
12149#ifdef CTL_IO_DELAY
12150	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12151		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12152	} else {
12153		if ((lun != NULL)
12154		 && (lun->delay_info.datamove_delay > 0)) {
12155
12156			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12157			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12158			callout_reset(&io->io_hdr.delay_callout,
12159				      lun->delay_info.datamove_delay * hz,
12160				      ctl_datamove_timer_wakeup, io);
12161			if (lun->delay_info.datamove_type ==
12162			    CTL_DELAY_TYPE_ONESHOT)
12163				lun->delay_info.datamove_delay = 0;
12164			return;
12165		}
12166	}
12167#endif
12168
12169	/*
12170	 * This command has been aborted.  Set the port status, so we fail
12171	 * the data move.
12172	 */
12173	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12174		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12175		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12176		       io->io_hdr.nexus.targ_port,
12177		       io->io_hdr.nexus.targ_lun);
12178		io->io_hdr.port_status = 31337;
12179		/*
12180		 * Note that the backend, in this case, will get the
12181		 * callback in its context.  In other cases it may get
12182		 * called in the frontend's interrupt thread context.
12183		 */
12184		io->scsiio.be_move_done(io);
12185		return;
12186	}
12187
12188	/* Don't confuse frontend with zero length data move. */
12189	if (io->scsiio.kern_data_len == 0) {
12190		io->scsiio.be_move_done(io);
12191		return;
12192	}
12193
12194	/*
12195	 * If we're in XFER mode and this I/O is from the other shelf
12196	 * controller, we need to send the DMA to the other side to
12197	 * actually transfer the data to/from the host.  In serialize only
12198	 * mode the transfer happens below CTL and ctl_datamove() is only
12199	 * called on the machine that originally received the I/O.
12200	 */
12201	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12202	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12203		union ctl_ha_msg msg;
12204		uint32_t sg_entries_sent;
12205		int do_sg_copy;
12206		int i;
12207
12208		memset(&msg, 0, sizeof(msg));
12209		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12210		msg.hdr.original_sc = io->io_hdr.original_sc;
12211		msg.hdr.serializing_sc = io;
12212		msg.hdr.nexus = io->io_hdr.nexus;
12213		msg.hdr.status = io->io_hdr.status;
12214		msg.dt.flags = io->io_hdr.flags;
12215		/*
12216		 * We convert everything into a S/G list here.  We can't
12217		 * pass by reference, only by value between controllers.
12218		 * So we can't pass a pointer to the S/G list, only as many
12219		 * S/G entries as we can fit in here.  If it's possible for
12220		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12221		 * then we need to break this up into multiple transfers.
12222		 */
12223		if (io->scsiio.kern_sg_entries == 0) {
12224			msg.dt.kern_sg_entries = 1;
12225#if 0
12226			/*
12227			 * Convert to a physical address if this is a
12228			 * virtual address.
12229			 */
12230			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12231				msg.dt.sg_list[0].addr =
12232					io->scsiio.kern_data_ptr;
12233			} else {
12234				/*
12235				 * XXX KDM use busdma here!
12236				 */
12237				msg.dt.sg_list[0].addr = (void *)
12238					vtophys(io->scsiio.kern_data_ptr);
12239			}
12240#else
12241			KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12242			    ("HA does not support BUS_ADDR"));
12243			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
12244#endif
12245
12246			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12247			do_sg_copy = 0;
12248		} else {
12249			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12250			do_sg_copy = 1;
12251		}
12252
12253		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12254		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12255		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12256		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12257		msg.dt.sg_sequence = 0;
12258
12259		/*
12260		 * Loop until we've sent all of the S/G entries.  On the
12261		 * other end, we'll recompose these S/G entries into one
12262		 * contiguous list before passing it to the
12263		 */
12264		for (sg_entries_sent = 0; sg_entries_sent <
12265		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12266			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12267				sizeof(msg.dt.sg_list[0])),
12268				msg.dt.kern_sg_entries - sg_entries_sent);
12269
12270			if (do_sg_copy != 0) {
12271				struct ctl_sg_entry *sgl;
12272				int j;
12273
12274				sgl = (struct ctl_sg_entry *)
12275					io->scsiio.kern_data_ptr;
12276				/*
12277				 * If this is in cached memory, flush the cache
12278				 * before we send the DMA request to the other
12279				 * controller.  We want to do this in either
12280				 * the * read or the write case.  The read
12281				 * case is straightforward.  In the write
12282				 * case, we want to make sure nothing is
12283				 * in the local cache that could overwrite
12284				 * the DMAed data.
12285				 */
12286
12287				for (i = sg_entries_sent, j = 0;
12288				     i < msg.dt.cur_sg_entries; i++, j++) {
12289#if 0
12290					if ((io->io_hdr.flags &
12291					     CTL_FLAG_BUS_ADDR) == 0) {
12292						/*
12293						 * XXX KDM use busdma.
12294						 */
12295						msg.dt.sg_list[j].addr =(void *)
12296						       vtophys(sgl[i].addr);
12297					} else {
12298						msg.dt.sg_list[j].addr =
12299							sgl[i].addr;
12300					}
12301#else
12302					KASSERT((io->io_hdr.flags &
12303					    CTL_FLAG_BUS_ADDR) == 0,
12304					    ("HA does not support BUS_ADDR"));
12305					msg.dt.sg_list[j].addr = sgl[i].addr;
12306#endif
12307					msg.dt.sg_list[j].len = sgl[i].len;
12308				}
12309			}
12310
12311			sg_entries_sent += msg.dt.cur_sg_entries;
12312			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12313				msg.dt.sg_last = 1;
12314			else
12315				msg.dt.sg_last = 0;
12316
12317			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12318			    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
12319			    sizeof(struct ctl_sg_entry)*msg.dt.cur_sg_entries,
12320			    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
12321				io->io_hdr.port_status = 31341;
12322				io->scsiio.be_move_done(io);
12323				return;
12324			}
12325
12326			msg.dt.sent_sg_entries = sg_entries_sent;
12327		}
12328
12329		/*
12330		 * Officially handover the request from us to peer.
12331		 * If failover has just happened, then we must return error.
12332		 * If failover happen just after, then it is not our problem.
12333		 */
12334		if (lun)
12335			mtx_lock(&lun->lun_lock);
12336		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12337			if (lun)
12338				mtx_unlock(&lun->lun_lock);
12339			io->io_hdr.port_status = 31342;
12340			io->scsiio.be_move_done(io);
12341			return;
12342		}
12343		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12344		if (lun)
12345			mtx_unlock(&lun->lun_lock);
12346	} else {
12347
12348		/*
12349		 * Lookup the fe_datamove() function for this particular
12350		 * front end.
12351		 */
12352		fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12353
12354		fe_datamove(io);
12355	}
12356}
12357
12358static void
12359ctl_send_datamove_done(union ctl_io *io, int have_lock)
12360{
12361	union ctl_ha_msg msg;
12362
12363	memset(&msg, 0, sizeof(msg));
12364
12365	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12366	msg.hdr.original_sc = io;
12367	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12368	msg.hdr.nexus = io->io_hdr.nexus;
12369	msg.hdr.status = io->io_hdr.status;
12370	msg.scsi.tag_num = io->scsiio.tag_num;
12371	msg.scsi.tag_type = io->scsiio.tag_type;
12372	msg.scsi.scsi_status = io->scsiio.scsi_status;
12373	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12374	       io->scsiio.sense_len);
12375	msg.scsi.sense_len = io->scsiio.sense_len;
12376	msg.scsi.sense_residual = io->scsiio.sense_residual;
12377	msg.scsi.fetd_status = io->io_hdr.port_status;
12378	msg.scsi.residual = io->scsiio.residual;
12379	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12380
12381	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12382		ctl_failover_io(io, /*have_lock*/ have_lock);
12383		return;
12384	}
12385
12386	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12387	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12388	    msg.scsi.sense_len, M_WAITOK);
12389}
12390
12391/*
12392 * The DMA to the remote side is done, now we need to tell the other side
12393 * we're done so it can continue with its data movement.
12394 */
12395static void
12396ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12397{
12398	union ctl_io *io;
12399	int i;
12400
12401	io = rq->context;
12402
12403	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12404		printf("%s: ISC DMA write failed with error %d", __func__,
12405		       rq->ret);
12406		ctl_set_internal_failure(&io->scsiio,
12407					 /*sks_valid*/ 1,
12408					 /*retry_count*/ rq->ret);
12409	}
12410
12411	ctl_dt_req_free(rq);
12412
12413	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12414		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12415	free(io->io_hdr.remote_sglist, M_CTL);
12416	io->io_hdr.remote_sglist = NULL;
12417	io->io_hdr.local_sglist = NULL;
12418
12419	/*
12420	 * The data is in local and remote memory, so now we need to send
12421	 * status (good or back) back to the other side.
12422	 */
12423	ctl_send_datamove_done(io, /*have_lock*/ 0);
12424}
12425
12426/*
12427 * We've moved the data from the host/controller into local memory.  Now we
12428 * need to push it over to the remote controller's memory.
12429 */
12430static int
12431ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12432{
12433	int retval;
12434
12435	retval = 0;
12436
12437	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12438					  ctl_datamove_remote_write_cb);
12439
12440	return (retval);
12441}
12442
12443static void
12444ctl_datamove_remote_write(union ctl_io *io)
12445{
12446	int retval;
12447	void (*fe_datamove)(union ctl_io *io);
12448
12449	/*
12450	 * - Get the data from the host/HBA into local memory.
12451	 * - DMA memory from the local controller to the remote controller.
12452	 * - Send status back to the remote controller.
12453	 */
12454
12455	retval = ctl_datamove_remote_sgl_setup(io);
12456	if (retval != 0)
12457		return;
12458
12459	/* Switch the pointer over so the FETD knows what to do */
12460	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12461
12462	/*
12463	 * Use a custom move done callback, since we need to send completion
12464	 * back to the other controller, not to the backend on this side.
12465	 */
12466	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12467
12468	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12469
12470	fe_datamove(io);
12471
12472	return;
12473
12474}
12475
12476static int
12477ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12478{
12479#if 0
12480	char str[256];
12481	char path_str[64];
12482	struct sbuf sb;
12483#endif
12484	int i;
12485
12486	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12487		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12488	free(io->io_hdr.remote_sglist, M_CTL);
12489	io->io_hdr.remote_sglist = NULL;
12490	io->io_hdr.local_sglist = NULL;
12491
12492#if 0
12493	scsi_path_string(io, path_str, sizeof(path_str));
12494	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12495	sbuf_cat(&sb, path_str);
12496	scsi_command_string(&io->scsiio, NULL, &sb);
12497	sbuf_printf(&sb, "\n");
12498	sbuf_cat(&sb, path_str);
12499	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12500		    io->scsiio.tag_num, io->scsiio.tag_type);
12501	sbuf_cat(&sb, path_str);
12502	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12503		    io->io_hdr.flags, io->io_hdr.status);
12504	sbuf_finish(&sb);
12505	printk("%s", sbuf_data(&sb));
12506#endif
12507
12508
12509	/*
12510	 * The read is done, now we need to send status (good or bad) back
12511	 * to the other side.
12512	 */
12513	ctl_send_datamove_done(io, /*have_lock*/ 0);
12514
12515	return (0);
12516}
12517
12518static void
12519ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12520{
12521	union ctl_io *io;
12522	void (*fe_datamove)(union ctl_io *io);
12523
12524	io = rq->context;
12525
12526	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12527		printf("%s: ISC DMA read failed with error %d\n", __func__,
12528		       rq->ret);
12529		ctl_set_internal_failure(&io->scsiio,
12530					 /*sks_valid*/ 1,
12531					 /*retry_count*/ rq->ret);
12532	}
12533
12534	ctl_dt_req_free(rq);
12535
12536	/* Switch the pointer over so the FETD knows what to do */
12537	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12538
12539	/*
12540	 * Use a custom move done callback, since we need to send completion
12541	 * back to the other controller, not to the backend on this side.
12542	 */
12543	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12544
12545	/* XXX KDM add checks like the ones in ctl_datamove? */
12546
12547	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12548
12549	fe_datamove(io);
12550}
12551
12552static int
12553ctl_datamove_remote_sgl_setup(union ctl_io *io)
12554{
12555	struct ctl_sg_entry *local_sglist, *remote_sglist;
12556	struct ctl_softc *softc;
12557	uint32_t len_to_go;
12558	int retval;
12559	int i;
12560
12561	retval = 0;
12562	softc = control_softc;
12563	local_sglist = io->io_hdr.local_sglist;
12564	remote_sglist = io->io_hdr.remote_sglist;
12565	len_to_go = io->scsiio.kern_data_len;
12566
12567	/*
12568	 * The difficult thing here is that the size of the various
12569	 * S/G segments may be different than the size from the
12570	 * remote controller.  That'll make it harder when DMAing
12571	 * the data back to the other side.
12572	 */
12573	for (i = 0; len_to_go > 0; i++) {
12574		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12575		local_sglist[i].addr =
12576		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12577
12578		len_to_go -= local_sglist[i].len;
12579	}
12580	/*
12581	 * Reset the number of S/G entries accordingly.  The original
12582	 * number of S/G entries is available in rem_sg_entries.
12583	 */
12584	io->scsiio.kern_sg_entries = i;
12585
12586#if 0
12587	printf("%s: kern_sg_entries = %d\n", __func__,
12588	       io->scsiio.kern_sg_entries);
12589	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12590		printf("%s: sg[%d] = %p, %d\n", __func__, i,
12591		       local_sglist[i].addr, local_sglist[i].len);
12592#endif
12593
12594	return (retval);
12595}
12596
12597static int
12598ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12599			 ctl_ha_dt_cb callback)
12600{
12601	struct ctl_ha_dt_req *rq;
12602	struct ctl_sg_entry *remote_sglist, *local_sglist;
12603	uint32_t local_used, remote_used, total_used;
12604	int i, j, isc_ret;
12605
12606	rq = ctl_dt_req_alloc();
12607
12608	/*
12609	 * If we failed to allocate the request, and if the DMA didn't fail
12610	 * anyway, set busy status.  This is just a resource allocation
12611	 * failure.
12612	 */
12613	if ((rq == NULL)
12614	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12615	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12616		ctl_set_busy(&io->scsiio);
12617
12618	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12619	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12620
12621		if (rq != NULL)
12622			ctl_dt_req_free(rq);
12623
12624		/*
12625		 * The data move failed.  We need to return status back
12626		 * to the other controller.  No point in trying to DMA
12627		 * data to the remote controller.
12628		 */
12629
12630		ctl_send_datamove_done(io, /*have_lock*/ 0);
12631
12632		return (1);
12633	}
12634
12635	local_sglist = io->io_hdr.local_sglist;
12636	remote_sglist = io->io_hdr.remote_sglist;
12637	local_used = 0;
12638	remote_used = 0;
12639	total_used = 0;
12640
12641	/*
12642	 * Pull/push the data over the wire from/to the other controller.
12643	 * This takes into account the possibility that the local and
12644	 * remote sglists may not be identical in terms of the size of
12645	 * the elements and the number of elements.
12646	 *
12647	 * One fundamental assumption here is that the length allocated for
12648	 * both the local and remote sglists is identical.  Otherwise, we've
12649	 * essentially got a coding error of some sort.
12650	 */
12651	isc_ret = CTL_HA_STATUS_SUCCESS;
12652	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12653		uint32_t cur_len;
12654		uint8_t *tmp_ptr;
12655
12656		rq->command = command;
12657		rq->context = io;
12658
12659		/*
12660		 * Both pointers should be aligned.  But it is possible
12661		 * that the allocation length is not.  They should both
12662		 * also have enough slack left over at the end, though,
12663		 * to round up to the next 8 byte boundary.
12664		 */
12665		cur_len = MIN(local_sglist[i].len - local_used,
12666			      remote_sglist[j].len - remote_used);
12667		rq->size = cur_len;
12668
12669		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12670		tmp_ptr += local_used;
12671
12672#if 0
12673		/* Use physical addresses when talking to ISC hardware */
12674		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12675			/* XXX KDM use busdma */
12676			rq->local = vtophys(tmp_ptr);
12677		} else
12678			rq->local = tmp_ptr;
12679#else
12680		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12681		    ("HA does not support BUS_ADDR"));
12682		rq->local = tmp_ptr;
12683#endif
12684
12685		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12686		tmp_ptr += remote_used;
12687		rq->remote = tmp_ptr;
12688
12689		rq->callback = NULL;
12690
12691		local_used += cur_len;
12692		if (local_used >= local_sglist[i].len) {
12693			i++;
12694			local_used = 0;
12695		}
12696
12697		remote_used += cur_len;
12698		if (remote_used >= remote_sglist[j].len) {
12699			j++;
12700			remote_used = 0;
12701		}
12702		total_used += cur_len;
12703
12704		if (total_used >= io->scsiio.kern_data_len)
12705			rq->callback = callback;
12706
12707#if 0
12708		printf("%s: %s: local %#x remote %#x size %d\n", __func__,
12709		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12710		       rq->local, rq->remote, rq->size);
12711#endif
12712
12713		isc_ret = ctl_dt_single(rq);
12714		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12715			break;
12716	}
12717	if (isc_ret != CTL_HA_STATUS_WAIT) {
12718		rq->ret = isc_ret;
12719		callback(rq);
12720	}
12721
12722	return (0);
12723}
12724
12725static void
12726ctl_datamove_remote_read(union ctl_io *io)
12727{
12728	int retval;
12729	int i;
12730
12731	/*
12732	 * This will send an error to the other controller in the case of a
12733	 * failure.
12734	 */
12735	retval = ctl_datamove_remote_sgl_setup(io);
12736	if (retval != 0)
12737		return;
12738
12739	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12740					  ctl_datamove_remote_read_cb);
12741	if (retval != 0) {
12742		/*
12743		 * Make sure we free memory if there was an error..  The
12744		 * ctl_datamove_remote_xfer() function will send the
12745		 * datamove done message, or call the callback with an
12746		 * error if there is a problem.
12747		 */
12748		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12749			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12750		free(io->io_hdr.remote_sglist, M_CTL);
12751		io->io_hdr.remote_sglist = NULL;
12752		io->io_hdr.local_sglist = NULL;
12753	}
12754
12755	return;
12756}
12757
12758/*
12759 * Process a datamove request from the other controller.  This is used for
12760 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12761 * first.  Once that is complete, the data gets DMAed into the remote
12762 * controller's memory.  For reads, we DMA from the remote controller's
12763 * memory into our memory first, and then move it out to the FETD.
12764 */
12765static void
12766ctl_datamove_remote(union ctl_io *io)
12767{
12768
12769	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12770
12771	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12772		ctl_failover_io(io, /*have_lock*/ 0);
12773		return;
12774	}
12775
12776	/*
12777	 * Note that we look for an aborted I/O here, but don't do some of
12778	 * the other checks that ctl_datamove() normally does.
12779	 * We don't need to run the datamove delay code, since that should
12780	 * have been done if need be on the other controller.
12781	 */
12782	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12783		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12784		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12785		       io->io_hdr.nexus.targ_port,
12786		       io->io_hdr.nexus.targ_lun);
12787		io->io_hdr.port_status = 31338;
12788		ctl_send_datamove_done(io, /*have_lock*/ 0);
12789		return;
12790	}
12791
12792	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12793		ctl_datamove_remote_write(io);
12794	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12795		ctl_datamove_remote_read(io);
12796	else {
12797		io->io_hdr.port_status = 31339;
12798		ctl_send_datamove_done(io, /*have_lock*/ 0);
12799	}
12800}
12801
12802static int
12803ctl_process_done(union ctl_io *io)
12804{
12805	struct ctl_lun *lun;
12806	struct ctl_softc *softc = control_softc;
12807	void (*fe_done)(union ctl_io *io);
12808	union ctl_ha_msg msg;
12809	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12810
12811	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12812
12813	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0)
12814		fe_done = softc->ctl_ports[targ_port]->fe_done;
12815	else
12816		fe_done = NULL;
12817
12818#ifdef CTL_TIME_IO
12819	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12820		char str[256];
12821		char path_str[64];
12822		struct sbuf sb;
12823
12824		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12825		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12826
12827		sbuf_cat(&sb, path_str);
12828		switch (io->io_hdr.io_type) {
12829		case CTL_IO_SCSI:
12830			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12831			sbuf_printf(&sb, "\n");
12832			sbuf_cat(&sb, path_str);
12833			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12834				    io->scsiio.tag_num, io->scsiio.tag_type);
12835			break;
12836		case CTL_IO_TASK:
12837			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12838				    "Tag Type: %d\n", io->taskio.task_action,
12839				    io->taskio.tag_num, io->taskio.tag_type);
12840			break;
12841		default:
12842			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12843			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12844			break;
12845		}
12846		sbuf_cat(&sb, path_str);
12847		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12848			    (intmax_t)time_uptime - io->io_hdr.start_time);
12849		sbuf_finish(&sb);
12850		printf("%s", sbuf_data(&sb));
12851	}
12852#endif /* CTL_TIME_IO */
12853
12854	switch (io->io_hdr.io_type) {
12855	case CTL_IO_SCSI:
12856		break;
12857	case CTL_IO_TASK:
12858		if (ctl_debug & CTL_DEBUG_INFO)
12859			ctl_io_error_print(io, NULL);
12860		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12861			ctl_free_io(io);
12862		else
12863			fe_done(io);
12864		return (CTL_RETVAL_COMPLETE);
12865	default:
12866		panic("ctl_process_done: invalid io type %d\n",
12867		      io->io_hdr.io_type);
12868		break; /* NOTREACHED */
12869	}
12870
12871	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12872	if (lun == NULL) {
12873		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12874				 io->io_hdr.nexus.targ_mapped_lun));
12875		goto bailout;
12876	}
12877
12878	mtx_lock(&lun->lun_lock);
12879
12880	/*
12881	 * Check to see if we have any errors to inject here.  We only
12882	 * inject errors for commands that don't already have errors set.
12883	 */
12884	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12885	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12886	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12887		ctl_inject_error(lun, io);
12888
12889	/*
12890	 * XXX KDM how do we treat commands that aren't completed
12891	 * successfully?
12892	 *
12893	 * XXX KDM should we also track I/O latency?
12894	 */
12895	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12896	    io->io_hdr.io_type == CTL_IO_SCSI) {
12897#ifdef CTL_TIME_IO
12898		struct bintime cur_bt;
12899#endif
12900		int type;
12901
12902		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12903		    CTL_FLAG_DATA_IN)
12904			type = CTL_STATS_READ;
12905		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12906		    CTL_FLAG_DATA_OUT)
12907			type = CTL_STATS_WRITE;
12908		else
12909			type = CTL_STATS_NO_IO;
12910
12911		lun->stats.ports[targ_port].bytes[type] +=
12912		    io->scsiio.kern_total_len;
12913		lun->stats.ports[targ_port].operations[type]++;
12914#ifdef CTL_TIME_IO
12915		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
12916		   &io->io_hdr.dma_bt);
12917		lun->stats.ports[targ_port].num_dmas[type] +=
12918		    io->io_hdr.num_dmas;
12919		getbintime(&cur_bt);
12920		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
12921		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
12922#endif
12923	}
12924
12925	/*
12926	 * Remove this from the OOA queue.
12927	 */
12928	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
12929#ifdef CTL_TIME_IO
12930	if (TAILQ_EMPTY(&lun->ooa_queue))
12931		lun->last_busy = getsbinuptime();
12932#endif
12933
12934	/*
12935	 * Run through the blocked queue on this LUN and see if anything
12936	 * has become unblocked, now that this transaction is done.
12937	 */
12938	ctl_check_blocked(lun);
12939
12940	/*
12941	 * If the LUN has been invalidated, free it if there is nothing
12942	 * left on its OOA queue.
12943	 */
12944	if ((lun->flags & CTL_LUN_INVALID)
12945	 && TAILQ_EMPTY(&lun->ooa_queue)) {
12946		mtx_unlock(&lun->lun_lock);
12947		mtx_lock(&softc->ctl_lock);
12948		ctl_free_lun(lun);
12949		mtx_unlock(&softc->ctl_lock);
12950	} else
12951		mtx_unlock(&lun->lun_lock);
12952
12953bailout:
12954
12955	/*
12956	 * If this command has been aborted, make sure we set the status
12957	 * properly.  The FETD is responsible for freeing the I/O and doing
12958	 * whatever it needs to do to clean up its state.
12959	 */
12960	if (io->io_hdr.flags & CTL_FLAG_ABORT)
12961		ctl_set_task_aborted(&io->scsiio);
12962
12963	/*
12964	 * If enabled, print command error status.
12965	 */
12966	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
12967	    (ctl_debug & CTL_DEBUG_INFO) != 0)
12968		ctl_io_error_print(io, NULL);
12969
12970	/*
12971	 * Tell the FETD or the other shelf controller we're done with this
12972	 * command.  Note that only SCSI commands get to this point.  Task
12973	 * management commands are completed above.
12974	 */
12975	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
12976	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
12977		memset(&msg, 0, sizeof(msg));
12978		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12979		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12980		msg.hdr.nexus = io->io_hdr.nexus;
12981		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12982		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
12983		    M_WAITOK);
12984	}
12985	if ((softc->ha_mode == CTL_HA_MODE_XFER)
12986	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12987		memset(&msg, 0, sizeof(msg));
12988		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
12989		msg.hdr.original_sc = io->io_hdr.original_sc;
12990		msg.hdr.nexus = io->io_hdr.nexus;
12991		msg.hdr.status = io->io_hdr.status;
12992		msg.scsi.scsi_status = io->scsiio.scsi_status;
12993		msg.scsi.tag_num = io->scsiio.tag_num;
12994		msg.scsi.tag_type = io->scsiio.tag_type;
12995		msg.scsi.sense_len = io->scsiio.sense_len;
12996		msg.scsi.sense_residual = io->scsiio.sense_residual;
12997		msg.scsi.residual = io->scsiio.residual;
12998		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12999		       io->scsiio.sense_len);
13000
13001		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13002		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
13003		    msg.scsi.sense_len, M_WAITOK);
13004		ctl_free_io(io);
13005	} else
13006		fe_done(io);
13007
13008	return (CTL_RETVAL_COMPLETE);
13009}
13010
13011#ifdef CTL_WITH_CA
13012/*
13013 * Front end should call this if it doesn't do autosense.  When the request
13014 * sense comes back in from the initiator, we'll dequeue this and send it.
13015 */
13016int
13017ctl_queue_sense(union ctl_io *io)
13018{
13019	struct ctl_lun *lun;
13020	struct ctl_port *port;
13021	struct ctl_softc *softc;
13022	uint32_t initidx, targ_lun;
13023
13024	softc = control_softc;
13025
13026	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13027
13028	/*
13029	 * LUN lookup will likely move to the ctl_work_thread() once we
13030	 * have our new queueing infrastructure (that doesn't put things on
13031	 * a per-LUN queue initially).  That is so that we can handle
13032	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13033	 * can't deal with that right now.
13034	 */
13035	mtx_lock(&softc->ctl_lock);
13036
13037	/*
13038	 * If we don't have a LUN for this, just toss the sense
13039	 * information.
13040	 */
13041	port = ctl_io_port(&ctsio->io_hdr);
13042	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13043	if ((targ_lun < CTL_MAX_LUNS)
13044	 && (softc->ctl_luns[targ_lun] != NULL))
13045		lun = softc->ctl_luns[targ_lun];
13046	else
13047		goto bailout;
13048
13049	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13050
13051	mtx_lock(&lun->lun_lock);
13052	/*
13053	 * Already have CA set for this LUN...toss the sense information.
13054	 */
13055	if (ctl_is_set(lun->have_ca, initidx)) {
13056		mtx_unlock(&lun->lun_lock);
13057		goto bailout;
13058	}
13059
13060	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13061	       MIN(sizeof(lun->pending_sense[initidx]),
13062	       sizeof(io->scsiio.sense_data)));
13063	ctl_set_mask(lun->have_ca, initidx);
13064	mtx_unlock(&lun->lun_lock);
13065
13066bailout:
13067	mtx_unlock(&softc->ctl_lock);
13068
13069	ctl_free_io(io);
13070
13071	return (CTL_RETVAL_COMPLETE);
13072}
13073#endif
13074
13075/*
13076 * Primary command inlet from frontend ports.  All SCSI and task I/O
13077 * requests must go through this function.
13078 */
13079int
13080ctl_queue(union ctl_io *io)
13081{
13082	struct ctl_port *port;
13083
13084	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13085
13086#ifdef CTL_TIME_IO
13087	io->io_hdr.start_time = time_uptime;
13088	getbintime(&io->io_hdr.start_bt);
13089#endif /* CTL_TIME_IO */
13090
13091	/* Map FE-specific LUN ID into global one. */
13092	port = ctl_io_port(&io->io_hdr);
13093	io->io_hdr.nexus.targ_mapped_lun =
13094	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13095
13096	switch (io->io_hdr.io_type) {
13097	case CTL_IO_SCSI:
13098	case CTL_IO_TASK:
13099		if (ctl_debug & CTL_DEBUG_CDB)
13100			ctl_io_print(io);
13101		ctl_enqueue_incoming(io);
13102		break;
13103	default:
13104		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13105		return (EINVAL);
13106	}
13107
13108	return (CTL_RETVAL_COMPLETE);
13109}
13110
13111#ifdef CTL_IO_DELAY
13112static void
13113ctl_done_timer_wakeup(void *arg)
13114{
13115	union ctl_io *io;
13116
13117	io = (union ctl_io *)arg;
13118	ctl_done(io);
13119}
13120#endif /* CTL_IO_DELAY */
13121
13122void
13123ctl_done(union ctl_io *io)
13124{
13125
13126	/*
13127	 * Enable this to catch duplicate completion issues.
13128	 */
13129#if 0
13130	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13131		printf("%s: type %d msg %d cdb %x iptl: "
13132		       "%u:%u:%u tag 0x%04x "
13133		       "flag %#x status %x\n",
13134			__func__,
13135			io->io_hdr.io_type,
13136			io->io_hdr.msg_type,
13137			io->scsiio.cdb[0],
13138			io->io_hdr.nexus.initid,
13139			io->io_hdr.nexus.targ_port,
13140			io->io_hdr.nexus.targ_lun,
13141			(io->io_hdr.io_type ==
13142			CTL_IO_TASK) ?
13143			io->taskio.tag_num :
13144			io->scsiio.tag_num,
13145		        io->io_hdr.flags,
13146			io->io_hdr.status);
13147	} else
13148		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13149#endif
13150
13151	/*
13152	 * This is an internal copy of an I/O, and should not go through
13153	 * the normal done processing logic.
13154	 */
13155	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13156		return;
13157
13158#ifdef CTL_IO_DELAY
13159	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13160		struct ctl_lun *lun;
13161
13162		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13163
13164		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13165	} else {
13166		struct ctl_lun *lun;
13167
13168		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13169
13170		if ((lun != NULL)
13171		 && (lun->delay_info.done_delay > 0)) {
13172
13173			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13174			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13175			callout_reset(&io->io_hdr.delay_callout,
13176				      lun->delay_info.done_delay * hz,
13177				      ctl_done_timer_wakeup, io);
13178			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13179				lun->delay_info.done_delay = 0;
13180			return;
13181		}
13182	}
13183#endif /* CTL_IO_DELAY */
13184
13185	ctl_enqueue_done(io);
13186}
13187
13188static void
13189ctl_work_thread(void *arg)
13190{
13191	struct ctl_thread *thr = (struct ctl_thread *)arg;
13192	struct ctl_softc *softc = thr->ctl_softc;
13193	union ctl_io *io;
13194	int retval;
13195
13196	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13197
13198	for (;;) {
13199		retval = 0;
13200
13201		/*
13202		 * We handle the queues in this order:
13203		 * - ISC
13204		 * - done queue (to free up resources, unblock other commands)
13205		 * - RtR queue
13206		 * - incoming queue
13207		 *
13208		 * If those queues are empty, we break out of the loop and
13209		 * go to sleep.
13210		 */
13211		mtx_lock(&thr->queue_lock);
13212		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13213		if (io != NULL) {
13214			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13215			mtx_unlock(&thr->queue_lock);
13216			ctl_handle_isc(io);
13217			continue;
13218		}
13219		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13220		if (io != NULL) {
13221			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13222			/* clear any blocked commands, call fe_done */
13223			mtx_unlock(&thr->queue_lock);
13224			retval = ctl_process_done(io);
13225			continue;
13226		}
13227		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13228		if (io != NULL) {
13229			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13230			mtx_unlock(&thr->queue_lock);
13231			if (io->io_hdr.io_type == CTL_IO_TASK)
13232				ctl_run_task(io);
13233			else
13234				ctl_scsiio_precheck(softc, &io->scsiio);
13235			continue;
13236		}
13237		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13238		if (io != NULL) {
13239			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13240			mtx_unlock(&thr->queue_lock);
13241			retval = ctl_scsiio(&io->scsiio);
13242			if (retval != CTL_RETVAL_COMPLETE)
13243				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13244			continue;
13245		}
13246
13247		/* Sleep until we have something to do. */
13248		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13249	}
13250}
13251
13252static void
13253ctl_lun_thread(void *arg)
13254{
13255	struct ctl_softc *softc = (struct ctl_softc *)arg;
13256	struct ctl_be_lun *be_lun;
13257	int retval;
13258
13259	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13260
13261	for (;;) {
13262		retval = 0;
13263		mtx_lock(&softc->ctl_lock);
13264		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13265		if (be_lun != NULL) {
13266			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13267			mtx_unlock(&softc->ctl_lock);
13268			ctl_create_lun(be_lun);
13269			continue;
13270		}
13271
13272		/* Sleep until we have something to do. */
13273		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13274		    PDROP | PRIBIO, "-", 0);
13275	}
13276}
13277
13278static void
13279ctl_thresh_thread(void *arg)
13280{
13281	struct ctl_softc *softc = (struct ctl_softc *)arg;
13282	struct ctl_lun *lun;
13283	struct ctl_be_lun *be_lun;
13284	struct scsi_da_rw_recovery_page *rwpage;
13285	struct ctl_logical_block_provisioning_page *page;
13286	const char *attr;
13287	union ctl_ha_msg msg;
13288	uint64_t thres, val;
13289	int i, e, set;
13290
13291	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13292
13293	for (;;) {
13294		mtx_lock(&softc->ctl_lock);
13295		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13296			be_lun = lun->be_lun;
13297			if ((lun->flags & CTL_LUN_DISABLED) ||
13298			    (lun->flags & CTL_LUN_OFFLINE) ||
13299			    lun->backend->lun_attr == NULL)
13300				continue;
13301			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13302			    softc->ha_mode == CTL_HA_MODE_XFER)
13303				continue;
13304			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13305			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13306				continue;
13307			e = 0;
13308			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13309			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13310				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13311					continue;
13312				thres = scsi_4btoul(page->descr[i].count);
13313				thres <<= CTL_LBP_EXPONENT;
13314				switch (page->descr[i].resource) {
13315				case 0x01:
13316					attr = "blocksavail";
13317					break;
13318				case 0x02:
13319					attr = "blocksused";
13320					break;
13321				case 0xf1:
13322					attr = "poolblocksavail";
13323					break;
13324				case 0xf2:
13325					attr = "poolblocksused";
13326					break;
13327				default:
13328					continue;
13329				}
13330				mtx_unlock(&softc->ctl_lock); // XXX
13331				val = lun->backend->lun_attr(
13332				    lun->be_lun->be_lun, attr);
13333				mtx_lock(&softc->ctl_lock);
13334				if (val == UINT64_MAX)
13335					continue;
13336				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13337				    == SLBPPD_ARMING_INC)
13338					e = (val >= thres);
13339				else
13340					e = (val <= thres);
13341				if (e)
13342					break;
13343			}
13344			mtx_lock(&lun->lun_lock);
13345			if (e) {
13346				scsi_u64to8b((uint8_t *)&page->descr[i] -
13347				    (uint8_t *)page, lun->ua_tpt_info);
13348				if (lun->lasttpt == 0 ||
13349				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13350					lun->lasttpt = time_uptime;
13351					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13352					set = 1;
13353				} else
13354					set = 0;
13355			} else {
13356				lun->lasttpt = 0;
13357				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13358				set = -1;
13359			}
13360			mtx_unlock(&lun->lun_lock);
13361			if (set != 0 &&
13362			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13363				/* Send msg to other side. */
13364				bzero(&msg.ua, sizeof(msg.ua));
13365				msg.hdr.msg_type = CTL_MSG_UA;
13366				msg.hdr.nexus.initid = -1;
13367				msg.hdr.nexus.targ_port = -1;
13368				msg.hdr.nexus.targ_lun = lun->lun;
13369				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13370				msg.ua.ua_all = 1;
13371				msg.ua.ua_set = (set > 0);
13372				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13373				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13374				mtx_unlock(&softc->ctl_lock); // XXX
13375				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13376				    sizeof(msg.ua), M_WAITOK);
13377				mtx_lock(&softc->ctl_lock);
13378			}
13379		}
13380		mtx_unlock(&softc->ctl_lock);
13381		pause("-", CTL_LBP_PERIOD * hz);
13382	}
13383}
13384
13385static void
13386ctl_enqueue_incoming(union ctl_io *io)
13387{
13388	struct ctl_softc *softc = control_softc;
13389	struct ctl_thread *thr;
13390	u_int idx;
13391
13392	idx = (io->io_hdr.nexus.targ_port * 127 +
13393	       io->io_hdr.nexus.initid) % worker_threads;
13394	thr = &softc->threads[idx];
13395	mtx_lock(&thr->queue_lock);
13396	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13397	mtx_unlock(&thr->queue_lock);
13398	wakeup(thr);
13399}
13400
13401static void
13402ctl_enqueue_rtr(union ctl_io *io)
13403{
13404	struct ctl_softc *softc = control_softc;
13405	struct ctl_thread *thr;
13406
13407	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13408	mtx_lock(&thr->queue_lock);
13409	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13410	mtx_unlock(&thr->queue_lock);
13411	wakeup(thr);
13412}
13413
13414static void
13415ctl_enqueue_done(union ctl_io *io)
13416{
13417	struct ctl_softc *softc = control_softc;
13418	struct ctl_thread *thr;
13419
13420	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13421	mtx_lock(&thr->queue_lock);
13422	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13423	mtx_unlock(&thr->queue_lock);
13424	wakeup(thr);
13425}
13426
13427static void
13428ctl_enqueue_isc(union ctl_io *io)
13429{
13430	struct ctl_softc *softc = control_softc;
13431	struct ctl_thread *thr;
13432
13433	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13434	mtx_lock(&thr->queue_lock);
13435	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13436	mtx_unlock(&thr->queue_lock);
13437	wakeup(thr);
13438}
13439
13440/*
13441 *  vim: ts=8
13442 */
13443