ctl.c revision 287994 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 287994 2015-09-19 19:30:55Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264const static struct scsi_info_exceptions_page ie_page_default = {
265	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
266	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
267	/*info_flags*/SIEP_FLAGS_DEXCPT,
268	/*mrie*/0,
269	/*interval_timer*/{0, 0, 0, 0},
270	/*report_count*/{0, 0, 0, 0}
271};
272
273const static struct scsi_info_exceptions_page ie_page_changeable = {
274	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
275	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
276	/*info_flags*/0,
277	/*mrie*/0,
278	/*interval_timer*/{0, 0, 0, 0},
279	/*report_count*/{0, 0, 0, 0}
280};
281
282#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
283
284const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
286	/*subpage_code*/0x02,
287	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
288	/*flags*/0,
289	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
290	/*descr*/{}},
291	{{/*flags*/0,
292	  /*resource*/0x01,
293	  /*reserved*/{0, 0},
294	  /*count*/{0, 0, 0, 0}},
295	 {/*flags*/0,
296	  /*resource*/0x02,
297	  /*reserved*/{0, 0},
298	  /*count*/{0, 0, 0, 0}},
299	 {/*flags*/0,
300	  /*resource*/0xf1,
301	  /*reserved*/{0, 0},
302	  /*count*/{0, 0, 0, 0}},
303	 {/*flags*/0,
304	  /*resource*/0xf2,
305	  /*reserved*/{0, 0},
306	  /*count*/{0, 0, 0, 0}}
307	}
308};
309
310const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
311	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
312	/*subpage_code*/0x02,
313	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
314	/*flags*/0,
315	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
316	/*descr*/{}},
317	{{/*flags*/0,
318	  /*resource*/0,
319	  /*reserved*/{0, 0},
320	  /*count*/{0, 0, 0, 0}},
321	 {/*flags*/0,
322	  /*resource*/0,
323	  /*reserved*/{0, 0},
324	  /*count*/{0, 0, 0, 0}},
325	 {/*flags*/0,
326	  /*resource*/0,
327	  /*reserved*/{0, 0},
328	  /*count*/{0, 0, 0, 0}},
329	 {/*flags*/0,
330	  /*resource*/0,
331	  /*reserved*/{0, 0},
332	  /*count*/{0, 0, 0, 0}}
333	}
334};
335
336SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
337static int worker_threads = -1;
338SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
339    &worker_threads, 1, "Number of worker threads");
340static int ctl_debug = CTL_DEBUG_NONE;
341SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
342    &ctl_debug, 0, "Enabled debug flags");
343
344/*
345 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
346 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
347 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
348 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
349 */
350#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
351
352static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
353				  int param);
354static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
355static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
356static int ctl_init(void);
357void ctl_shutdown(void);
358static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
359static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
360static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
361static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
362			      struct ctl_ooa *ooa_hdr,
363			      struct ctl_ooa_entry *kern_entries);
364static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
365		     struct thread *td);
366static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
367			 struct ctl_be_lun *be_lun);
368static int ctl_free_lun(struct ctl_lun *lun);
369static void ctl_create_lun(struct ctl_be_lun *be_lun);
370static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
371
372static int ctl_do_mode_select(union ctl_io *io);
373static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
374			   uint64_t res_key, uint64_t sa_res_key,
375			   uint8_t type, uint32_t residx,
376			   struct ctl_scsiio *ctsio,
377			   struct scsi_per_res_out *cdb,
378			   struct scsi_per_res_out_parms* param);
379static void ctl_pro_preempt_other(struct ctl_lun *lun,
380				  union ctl_ha_msg *msg);
381static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
382static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
383static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
384static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
385static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
386static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
387static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
388					 int alloc_len);
389static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
390					 int alloc_len);
391static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
392static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
393static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
394static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
395static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
396static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
397    bool seq);
398static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
399static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
400    union ctl_io *pending_io, union ctl_io *ooa_io);
401static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
402				union ctl_io *starting_io);
403static int ctl_check_blocked(struct ctl_lun *lun);
404static int ctl_scsiio_lun_check(struct ctl_lun *lun,
405				const struct ctl_cmd_entry *entry,
406				struct ctl_scsiio *ctsio);
407static void ctl_failover_lun(struct ctl_lun *lun);
408static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
409			       struct ctl_scsiio *ctsio);
410static int ctl_scsiio(struct ctl_scsiio *ctsio);
411
412static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
413static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
414			    ctl_ua_type ua_type);
415static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
416			 ctl_ua_type ua_type);
417static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
418static int ctl_abort_task(union ctl_io *io);
419static int ctl_abort_task_set(union ctl_io *io);
420static int ctl_query_task(union ctl_io *io, int task_set);
421static int ctl_i_t_nexus_reset(union ctl_io *io);
422static int ctl_query_async_event(union ctl_io *io);
423static void ctl_run_task(union ctl_io *io);
424#ifdef CTL_IO_DELAY
425static void ctl_datamove_timer_wakeup(void *arg);
426static void ctl_done_timer_wakeup(void *arg);
427#endif /* CTL_IO_DELAY */
428
429static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
430static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
431static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
432static void ctl_datamove_remote_write(union ctl_io *io);
433static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
434static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
435static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
436static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
437				    ctl_ha_dt_cb callback);
438static void ctl_datamove_remote_read(union ctl_io *io);
439static void ctl_datamove_remote(union ctl_io *io);
440static int ctl_process_done(union ctl_io *io);
441static void ctl_lun_thread(void *arg);
442static void ctl_thresh_thread(void *arg);
443static void ctl_work_thread(void *arg);
444static void ctl_enqueue_incoming(union ctl_io *io);
445static void ctl_enqueue_rtr(union ctl_io *io);
446static void ctl_enqueue_done(union ctl_io *io);
447static void ctl_enqueue_isc(union ctl_io *io);
448static const struct ctl_cmd_entry *
449    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
450static const struct ctl_cmd_entry *
451    ctl_validate_command(struct ctl_scsiio *ctsio);
452static int ctl_cmd_applicable(uint8_t lun_type,
453    const struct ctl_cmd_entry *entry);
454
455static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
456static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
457static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
458static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
459
460/*
461 * Load the serialization table.  This isn't very pretty, but is probably
462 * the easiest way to do it.
463 */
464#include "ctl_ser_table.c"
465
466/*
467 * We only need to define open, close and ioctl routines for this driver.
468 */
469static struct cdevsw ctl_cdevsw = {
470	.d_version =	D_VERSION,
471	.d_flags =	0,
472	.d_open =	ctl_open,
473	.d_close =	ctl_close,
474	.d_ioctl =	ctl_ioctl,
475	.d_name =	"ctl",
476};
477
478
479MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
480
481static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
482
483static moduledata_t ctl_moduledata = {
484	"ctl",
485	ctl_module_event_handler,
486	NULL
487};
488
489DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
490MODULE_VERSION(ctl, 1);
491
492static struct ctl_frontend ha_frontend =
493{
494	.name = "ha",
495};
496
497static void
498ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
499			    union ctl_ha_msg *msg_info)
500{
501	struct ctl_scsiio *ctsio;
502
503	if (msg_info->hdr.original_sc == NULL) {
504		printf("%s: original_sc == NULL!\n", __func__);
505		/* XXX KDM now what? */
506		return;
507	}
508
509	ctsio = &msg_info->hdr.original_sc->scsiio;
510	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
511	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
512	ctsio->io_hdr.status = msg_info->hdr.status;
513	ctsio->scsi_status = msg_info->scsi.scsi_status;
514	ctsio->sense_len = msg_info->scsi.sense_len;
515	ctsio->sense_residual = msg_info->scsi.sense_residual;
516	ctsio->residual = msg_info->scsi.residual;
517	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
518	       msg_info->scsi.sense_len);
519	ctl_enqueue_isc((union ctl_io *)ctsio);
520}
521
522static void
523ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
524				union ctl_ha_msg *msg_info)
525{
526	struct ctl_scsiio *ctsio;
527
528	if (msg_info->hdr.serializing_sc == NULL) {
529		printf("%s: serializing_sc == NULL!\n", __func__);
530		/* XXX KDM now what? */
531		return;
532	}
533
534	ctsio = &msg_info->hdr.serializing_sc->scsiio;
535	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
536	ctl_enqueue_isc((union ctl_io *)ctsio);
537}
538
539void
540ctl_isc_announce_lun(struct ctl_lun *lun)
541{
542	struct ctl_softc *softc = lun->ctl_softc;
543	union ctl_ha_msg *msg;
544	struct ctl_ha_msg_lun_pr_key pr_key;
545	int i, k;
546
547	if (softc->ha_link != CTL_HA_LINK_ONLINE)
548		return;
549	mtx_lock(&lun->lun_lock);
550	i = sizeof(msg->lun);
551	if (lun->lun_devid)
552		i += lun->lun_devid->len;
553	i += sizeof(pr_key) * lun->pr_key_count;
554alloc:
555	mtx_unlock(&lun->lun_lock);
556	msg = malloc(i, M_CTL, M_WAITOK);
557	mtx_lock(&lun->lun_lock);
558	k = sizeof(msg->lun);
559	if (lun->lun_devid)
560		k += lun->lun_devid->len;
561	k += sizeof(pr_key) * lun->pr_key_count;
562	if (i < k) {
563		free(msg, M_CTL);
564		i = k;
565		goto alloc;
566	}
567	bzero(&msg->lun, sizeof(msg->lun));
568	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
569	msg->hdr.nexus.targ_lun = lun->lun;
570	msg->hdr.nexus.targ_mapped_lun = lun->lun;
571	msg->lun.flags = lun->flags;
572	msg->lun.pr_generation = lun->PRGeneration;
573	msg->lun.pr_res_idx = lun->pr_res_idx;
574	msg->lun.pr_res_type = lun->res_type;
575	msg->lun.pr_key_count = lun->pr_key_count;
576	i = 0;
577	if (lun->lun_devid) {
578		msg->lun.lun_devid_len = lun->lun_devid->len;
579		memcpy(&msg->lun.data[i], lun->lun_devid->data,
580		    msg->lun.lun_devid_len);
581		i += msg->lun.lun_devid_len;
582	}
583	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
584		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
585			continue;
586		pr_key.pr_iid = k;
587		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
588		i += sizeof(pr_key);
589	}
590	mtx_unlock(&lun->lun_lock);
591	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
592	    M_WAITOK);
593	free(msg, M_CTL);
594}
595
596void
597ctl_isc_announce_port(struct ctl_port *port)
598{
599	struct ctl_softc *softc = control_softc;
600	union ctl_ha_msg *msg;
601	int i;
602
603	if (port->targ_port < softc->port_min ||
604	    port->targ_port >= softc->port_max ||
605	    softc->ha_link != CTL_HA_LINK_ONLINE)
606		return;
607	i = sizeof(msg->port) + strlen(port->port_name) + 1;
608	if (port->lun_map)
609		i += sizeof(uint32_t) * CTL_MAX_LUNS;
610	if (port->port_devid)
611		i += port->port_devid->len;
612	if (port->target_devid)
613		i += port->target_devid->len;
614	if (port->init_devid)
615		i += port->init_devid->len;
616	msg = malloc(i, M_CTL, M_WAITOK);
617	bzero(&msg->port, sizeof(msg->port));
618	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
619	msg->hdr.nexus.targ_port = port->targ_port;
620	msg->port.port_type = port->port_type;
621	msg->port.physical_port = port->physical_port;
622	msg->port.virtual_port = port->virtual_port;
623	msg->port.status = port->status;
624	i = 0;
625	msg->port.name_len = sprintf(&msg->port.data[i],
626	    "%d:%s", softc->ha_id, port->port_name) + 1;
627	i += msg->port.name_len;
628	if (port->lun_map) {
629		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
630		memcpy(&msg->port.data[i], port->lun_map,
631		    msg->port.lun_map_len);
632		i += msg->port.lun_map_len;
633	}
634	if (port->port_devid) {
635		msg->port.port_devid_len = port->port_devid->len;
636		memcpy(&msg->port.data[i], port->port_devid->data,
637		    msg->port.port_devid_len);
638		i += msg->port.port_devid_len;
639	}
640	if (port->target_devid) {
641		msg->port.target_devid_len = port->target_devid->len;
642		memcpy(&msg->port.data[i], port->target_devid->data,
643		    msg->port.target_devid_len);
644		i += msg->port.target_devid_len;
645	}
646	if (port->init_devid) {
647		msg->port.init_devid_len = port->init_devid->len;
648		memcpy(&msg->port.data[i], port->init_devid->data,
649		    msg->port.init_devid_len);
650		i += msg->port.init_devid_len;
651	}
652	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
653	    M_WAITOK);
654	free(msg, M_CTL);
655}
656
657void
658ctl_isc_announce_iid(struct ctl_port *port, int iid)
659{
660	struct ctl_softc *softc = control_softc;
661	union ctl_ha_msg *msg;
662	int i, l;
663
664	if (port->targ_port < softc->port_min ||
665	    port->targ_port >= softc->port_max ||
666	    softc->ha_link != CTL_HA_LINK_ONLINE)
667		return;
668	mtx_lock(&softc->ctl_lock);
669	i = sizeof(msg->iid);
670	l = 0;
671	if (port->wwpn_iid[iid].name)
672		l = strlen(port->wwpn_iid[iid].name) + 1;
673	i += l;
674	msg = malloc(i, M_CTL, M_NOWAIT);
675	if (msg == NULL) {
676		mtx_unlock(&softc->ctl_lock);
677		return;
678	}
679	bzero(&msg->iid, sizeof(msg->iid));
680	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
681	msg->hdr.nexus.targ_port = port->targ_port;
682	msg->hdr.nexus.initid = iid;
683	msg->iid.in_use = port->wwpn_iid[iid].in_use;
684	msg->iid.name_len = l;
685	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
686	if (port->wwpn_iid[iid].name)
687		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
688	mtx_unlock(&softc->ctl_lock);
689	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
690	free(msg, M_CTL);
691}
692
693static void
694ctl_isc_ha_link_up(struct ctl_softc *softc)
695{
696	struct ctl_port *port;
697	struct ctl_lun *lun;
698	int i;
699
700	STAILQ_FOREACH(port, &softc->port_list, links) {
701		ctl_isc_announce_port(port);
702		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
703			if (port->wwpn_iid[i].in_use)
704				ctl_isc_announce_iid(port, i);
705		}
706	}
707	STAILQ_FOREACH(lun, &softc->lun_list, links)
708		ctl_isc_announce_lun(lun);
709}
710
711static void
712ctl_isc_ha_link_down(struct ctl_softc *softc)
713{
714	struct ctl_port *port;
715	struct ctl_lun *lun;
716	union ctl_io *io;
717	int i;
718
719	mtx_lock(&softc->ctl_lock);
720	STAILQ_FOREACH(lun, &softc->lun_list, links) {
721		mtx_lock(&lun->lun_lock);
722		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
723			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
724			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
725		}
726		mtx_unlock(&lun->lun_lock);
727
728		mtx_unlock(&softc->ctl_lock);
729		io = ctl_alloc_io(softc->othersc_pool);
730		mtx_lock(&softc->ctl_lock);
731		ctl_zero_io(io);
732		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
733		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
734		ctl_enqueue_isc(io);
735	}
736
737	STAILQ_FOREACH(port, &softc->port_list, links) {
738		if (port->targ_port >= softc->port_min &&
739		    port->targ_port < softc->port_max)
740			continue;
741		port->status &= ~CTL_PORT_STATUS_ONLINE;
742		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
743			port->wwpn_iid[i].in_use = 0;
744			free(port->wwpn_iid[i].name, M_CTL);
745			port->wwpn_iid[i].name = NULL;
746		}
747	}
748	mtx_unlock(&softc->ctl_lock);
749}
750
751static void
752ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
753{
754	struct ctl_lun *lun;
755	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
756
757	mtx_lock(&softc->ctl_lock);
758	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
759	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
760		mtx_lock(&lun->lun_lock);
761		mtx_unlock(&softc->ctl_lock);
762		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
763		    msg->ua.ua_set)
764			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
765		if (msg->ua.ua_all) {
766			if (msg->ua.ua_set)
767				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
768			else
769				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
770		} else {
771			if (msg->ua.ua_set)
772				ctl_est_ua(lun, iid, msg->ua.ua_type);
773			else
774				ctl_clr_ua(lun, iid, msg->ua.ua_type);
775		}
776		mtx_unlock(&lun->lun_lock);
777	} else
778		mtx_unlock(&softc->ctl_lock);
779}
780
781static void
782ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
783{
784	struct ctl_lun *lun;
785	struct ctl_ha_msg_lun_pr_key pr_key;
786	int i, k;
787	ctl_lun_flags oflags;
788	uint32_t targ_lun;
789
790	targ_lun = msg->hdr.nexus.targ_mapped_lun;
791	mtx_lock(&softc->ctl_lock);
792	if ((targ_lun >= CTL_MAX_LUNS) ||
793	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
794		mtx_unlock(&softc->ctl_lock);
795		return;
796	}
797	mtx_lock(&lun->lun_lock);
798	mtx_unlock(&softc->ctl_lock);
799	if (lun->flags & CTL_LUN_DISABLED) {
800		mtx_unlock(&lun->lun_lock);
801		return;
802	}
803	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
804	if (msg->lun.lun_devid_len != i || (i > 0 &&
805	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
806		mtx_unlock(&lun->lun_lock);
807		printf("%s: Received conflicting HA LUN %d\n",
808		    __func__, msg->hdr.nexus.targ_lun);
809		return;
810	} else {
811		/* Record whether peer is primary. */
812		oflags = lun->flags;
813		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
814		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
815			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
816		else
817			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
818		if (oflags != lun->flags)
819			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
820
821		/* If peer is primary and we are not -- use data */
822		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
823		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
824			lun->PRGeneration = msg->lun.pr_generation;
825			lun->pr_res_idx = msg->lun.pr_res_idx;
826			lun->res_type = msg->lun.pr_res_type;
827			lun->pr_key_count = msg->lun.pr_key_count;
828			for (k = 0; k < CTL_MAX_INITIATORS; k++)
829				ctl_clr_prkey(lun, k);
830			for (k = 0; k < msg->lun.pr_key_count; k++) {
831				memcpy(&pr_key, &msg->lun.data[i],
832				    sizeof(pr_key));
833				ctl_alloc_prkey(lun, pr_key.pr_iid);
834				ctl_set_prkey(lun, pr_key.pr_iid,
835				    pr_key.pr_key);
836				i += sizeof(pr_key);
837			}
838		}
839
840		mtx_unlock(&lun->lun_lock);
841		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
842		    __func__, msg->hdr.nexus.targ_lun,
843		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
844		    "primary" : "secondary"));
845
846		/* If we are primary but peer doesn't know -- notify */
847		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
848		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
849			ctl_isc_announce_lun(lun);
850	}
851}
852
853static void
854ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
855{
856	struct ctl_port *port;
857	struct ctl_lun *lun;
858	int i, new;
859
860	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
861	if (port == NULL) {
862		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
863		    msg->hdr.nexus.targ_port));
864		new = 1;
865		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
866		port->frontend = &ha_frontend;
867		port->targ_port = msg->hdr.nexus.targ_port;
868	} else if (port->frontend == &ha_frontend) {
869		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
870		    msg->hdr.nexus.targ_port));
871		new = 0;
872	} else {
873		printf("%s: Received conflicting HA port %d\n",
874		    __func__, msg->hdr.nexus.targ_port);
875		return;
876	}
877	port->port_type = msg->port.port_type;
878	port->physical_port = msg->port.physical_port;
879	port->virtual_port = msg->port.virtual_port;
880	port->status = msg->port.status;
881	i = 0;
882	free(port->port_name, M_CTL);
883	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
884	    M_CTL);
885	i += msg->port.name_len;
886	if (msg->port.lun_map_len != 0) {
887		if (port->lun_map == NULL)
888			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
889			    M_CTL, M_WAITOK);
890		memcpy(port->lun_map, &msg->port.data[i],
891		    sizeof(uint32_t) * CTL_MAX_LUNS);
892		i += msg->port.lun_map_len;
893	} else {
894		free(port->lun_map, M_CTL);
895		port->lun_map = NULL;
896	}
897	if (msg->port.port_devid_len != 0) {
898		if (port->port_devid == NULL ||
899		    port->port_devid->len != msg->port.port_devid_len) {
900			free(port->port_devid, M_CTL);
901			port->port_devid = malloc(sizeof(struct ctl_devid) +
902			    msg->port.port_devid_len, M_CTL, M_WAITOK);
903		}
904		memcpy(port->port_devid->data, &msg->port.data[i],
905		    msg->port.port_devid_len);
906		port->port_devid->len = msg->port.port_devid_len;
907		i += msg->port.port_devid_len;
908	} else {
909		free(port->port_devid, M_CTL);
910		port->port_devid = NULL;
911	}
912	if (msg->port.target_devid_len != 0) {
913		if (port->target_devid == NULL ||
914		    port->target_devid->len != msg->port.target_devid_len) {
915			free(port->target_devid, M_CTL);
916			port->target_devid = malloc(sizeof(struct ctl_devid) +
917			    msg->port.target_devid_len, M_CTL, M_WAITOK);
918		}
919		memcpy(port->target_devid->data, &msg->port.data[i],
920		    msg->port.target_devid_len);
921		port->target_devid->len = msg->port.target_devid_len;
922		i += msg->port.target_devid_len;
923	} else {
924		free(port->target_devid, M_CTL);
925		port->target_devid = NULL;
926	}
927	if (msg->port.init_devid_len != 0) {
928		if (port->init_devid == NULL ||
929		    port->init_devid->len != msg->port.init_devid_len) {
930			free(port->init_devid, M_CTL);
931			port->init_devid = malloc(sizeof(struct ctl_devid) +
932			    msg->port.init_devid_len, M_CTL, M_WAITOK);
933		}
934		memcpy(port->init_devid->data, &msg->port.data[i],
935		    msg->port.init_devid_len);
936		port->init_devid->len = msg->port.init_devid_len;
937		i += msg->port.init_devid_len;
938	} else {
939		free(port->init_devid, M_CTL);
940		port->init_devid = NULL;
941	}
942	if (new) {
943		if (ctl_port_register(port) != 0) {
944			printf("%s: ctl_port_register() failed with error\n",
945			    __func__);
946		}
947	}
948	mtx_lock(&softc->ctl_lock);
949	STAILQ_FOREACH(lun, &softc->lun_list, links) {
950		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
951			continue;
952		mtx_lock(&lun->lun_lock);
953		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
954		mtx_unlock(&lun->lun_lock);
955	}
956	mtx_unlock(&softc->ctl_lock);
957}
958
959static void
960ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
961{
962	struct ctl_port *port;
963	int iid;
964
965	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
966	if (port == NULL) {
967		printf("%s: Received IID for unknown port %d\n",
968		    __func__, msg->hdr.nexus.targ_port);
969		return;
970	}
971	iid = msg->hdr.nexus.initid;
972	port->wwpn_iid[iid].in_use = msg->iid.in_use;
973	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
974	free(port->wwpn_iid[iid].name, M_CTL);
975	if (msg->iid.name_len) {
976		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
977		    msg->iid.name_len, M_CTL);
978	} else
979		port->wwpn_iid[iid].name = NULL;
980}
981
982/*
983 * ISC (Inter Shelf Communication) event handler.  Events from the HA
984 * subsystem come in here.
985 */
986static void
987ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
988{
989	struct ctl_softc *softc;
990	union ctl_io *io;
991	struct ctl_prio *presio;
992	ctl_ha_status isc_status;
993
994	softc = control_softc;
995	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
996	if (event == CTL_HA_EVT_MSG_RECV) {
997		union ctl_ha_msg *msg, msgbuf;
998
999		if (param > sizeof(msgbuf))
1000			msg = malloc(param, M_CTL, M_WAITOK);
1001		else
1002			msg = &msgbuf;
1003		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1004		    M_WAITOK);
1005		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1006			printf("%s: Error receiving message: %d\n",
1007			    __func__, isc_status);
1008			if (msg != &msgbuf)
1009				free(msg, M_CTL);
1010			return;
1011		}
1012
1013		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1014		switch (msg->hdr.msg_type) {
1015		case CTL_MSG_SERIALIZE:
1016			io = ctl_alloc_io(softc->othersc_pool);
1017			ctl_zero_io(io);
1018			// populate ctsio from msg
1019			io->io_hdr.io_type = CTL_IO_SCSI;
1020			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1021			io->io_hdr.original_sc = msg->hdr.original_sc;
1022			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1023					    CTL_FLAG_IO_ACTIVE;
1024			/*
1025			 * If we're in serialization-only mode, we don't
1026			 * want to go through full done processing.  Thus
1027			 * the COPY flag.
1028			 *
1029			 * XXX KDM add another flag that is more specific.
1030			 */
1031			if (softc->ha_mode != CTL_HA_MODE_XFER)
1032				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1033			io->io_hdr.nexus = msg->hdr.nexus;
1034#if 0
1035			printf("port %u, iid %u, lun %u\n",
1036			       io->io_hdr.nexus.targ_port,
1037			       io->io_hdr.nexus.initid,
1038			       io->io_hdr.nexus.targ_lun);
1039#endif
1040			io->scsiio.tag_num = msg->scsi.tag_num;
1041			io->scsiio.tag_type = msg->scsi.tag_type;
1042#ifdef CTL_TIME_IO
1043			io->io_hdr.start_time = time_uptime;
1044			getbintime(&io->io_hdr.start_bt);
1045#endif /* CTL_TIME_IO */
1046			io->scsiio.cdb_len = msg->scsi.cdb_len;
1047			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1048			       CTL_MAX_CDBLEN);
1049			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1050				const struct ctl_cmd_entry *entry;
1051
1052				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1053				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1054				io->io_hdr.flags |=
1055					entry->flags & CTL_FLAG_DATA_MASK;
1056			}
1057			ctl_enqueue_isc(io);
1058			break;
1059
1060		/* Performed on the Originating SC, XFER mode only */
1061		case CTL_MSG_DATAMOVE: {
1062			struct ctl_sg_entry *sgl;
1063			int i, j;
1064
1065			io = msg->hdr.original_sc;
1066			if (io == NULL) {
1067				printf("%s: original_sc == NULL!\n", __func__);
1068				/* XXX KDM do something here */
1069				break;
1070			}
1071			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1072			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1073			/*
1074			 * Keep track of this, we need to send it back over
1075			 * when the datamove is complete.
1076			 */
1077			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1078			if (msg->hdr.status == CTL_SUCCESS)
1079				io->io_hdr.status = msg->hdr.status;
1080
1081			if (msg->dt.sg_sequence == 0) {
1082				i = msg->dt.kern_sg_entries +
1083				    msg->dt.kern_data_len /
1084				    CTL_HA_DATAMOVE_SEGMENT + 1;
1085				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1086				    M_WAITOK | M_ZERO);
1087				io->io_hdr.remote_sglist = sgl;
1088				io->io_hdr.local_sglist =
1089				    &sgl[msg->dt.kern_sg_entries];
1090
1091				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1092
1093				io->scsiio.kern_sg_entries =
1094					msg->dt.kern_sg_entries;
1095				io->scsiio.rem_sg_entries =
1096					msg->dt.kern_sg_entries;
1097				io->scsiio.kern_data_len =
1098					msg->dt.kern_data_len;
1099				io->scsiio.kern_total_len =
1100					msg->dt.kern_total_len;
1101				io->scsiio.kern_data_resid =
1102					msg->dt.kern_data_resid;
1103				io->scsiio.kern_rel_offset =
1104					msg->dt.kern_rel_offset;
1105				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1106				io->io_hdr.flags |= msg->dt.flags &
1107				    CTL_FLAG_BUS_ADDR;
1108			} else
1109				sgl = (struct ctl_sg_entry *)
1110					io->scsiio.kern_data_ptr;
1111
1112			for (i = msg->dt.sent_sg_entries, j = 0;
1113			     i < (msg->dt.sent_sg_entries +
1114			     msg->dt.cur_sg_entries); i++, j++) {
1115				sgl[i].addr = msg->dt.sg_list[j].addr;
1116				sgl[i].len = msg->dt.sg_list[j].len;
1117
1118#if 0
1119				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1120				    __func__, sgl[i].addr, sgl[i].len, j, i);
1121#endif
1122			}
1123
1124			/*
1125			 * If this is the last piece of the I/O, we've got
1126			 * the full S/G list.  Queue processing in the thread.
1127			 * Otherwise wait for the next piece.
1128			 */
1129			if (msg->dt.sg_last != 0)
1130				ctl_enqueue_isc(io);
1131			break;
1132		}
1133		/* Performed on the Serializing (primary) SC, XFER mode only */
1134		case CTL_MSG_DATAMOVE_DONE: {
1135			if (msg->hdr.serializing_sc == NULL) {
1136				printf("%s: serializing_sc == NULL!\n",
1137				       __func__);
1138				/* XXX KDM now what? */
1139				break;
1140			}
1141			/*
1142			 * We grab the sense information here in case
1143			 * there was a failure, so we can return status
1144			 * back to the initiator.
1145			 */
1146			io = msg->hdr.serializing_sc;
1147			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1148			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1149			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1150			io->io_hdr.port_status = msg->scsi.fetd_status;
1151			io->scsiio.residual = msg->scsi.residual;
1152			if (msg->hdr.status != CTL_STATUS_NONE) {
1153				io->io_hdr.status = msg->hdr.status;
1154				io->scsiio.scsi_status = msg->scsi.scsi_status;
1155				io->scsiio.sense_len = msg->scsi.sense_len;
1156				io->scsiio.sense_residual =msg->scsi.sense_residual;
1157				memcpy(&io->scsiio.sense_data,
1158				    &msg->scsi.sense_data,
1159				    msg->scsi.sense_len);
1160				if (msg->hdr.status == CTL_SUCCESS)
1161					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1162			}
1163			ctl_enqueue_isc(io);
1164			break;
1165		}
1166
1167		/* Preformed on Originating SC, SER_ONLY mode */
1168		case CTL_MSG_R2R:
1169			io = msg->hdr.original_sc;
1170			if (io == NULL) {
1171				printf("%s: original_sc == NULL!\n",
1172				    __func__);
1173				break;
1174			}
1175			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1176			io->io_hdr.msg_type = CTL_MSG_R2R;
1177			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1178			ctl_enqueue_isc(io);
1179			break;
1180
1181		/*
1182		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1183		 * mode.
1184		 * Performed on the Originating (i.e. secondary) SC in XFER
1185		 * mode
1186		 */
1187		case CTL_MSG_FINISH_IO:
1188			if (softc->ha_mode == CTL_HA_MODE_XFER)
1189				ctl_isc_handler_finish_xfer(softc, msg);
1190			else
1191				ctl_isc_handler_finish_ser_only(softc, msg);
1192			break;
1193
1194		/* Preformed on Originating SC */
1195		case CTL_MSG_BAD_JUJU:
1196			io = msg->hdr.original_sc;
1197			if (io == NULL) {
1198				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1199				       __func__);
1200				break;
1201			}
1202			ctl_copy_sense_data(msg, io);
1203			/*
1204			 * IO should have already been cleaned up on other
1205			 * SC so clear this flag so we won't send a message
1206			 * back to finish the IO there.
1207			 */
1208			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1209			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1210
1211			/* io = msg->hdr.serializing_sc; */
1212			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1213			ctl_enqueue_isc(io);
1214			break;
1215
1216		/* Handle resets sent from the other side */
1217		case CTL_MSG_MANAGE_TASKS: {
1218			struct ctl_taskio *taskio;
1219			taskio = (struct ctl_taskio *)ctl_alloc_io(
1220			    softc->othersc_pool);
1221			ctl_zero_io((union ctl_io *)taskio);
1222			taskio->io_hdr.io_type = CTL_IO_TASK;
1223			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1224			taskio->io_hdr.nexus = msg->hdr.nexus;
1225			taskio->task_action = msg->task.task_action;
1226			taskio->tag_num = msg->task.tag_num;
1227			taskio->tag_type = msg->task.tag_type;
1228#ifdef CTL_TIME_IO
1229			taskio->io_hdr.start_time = time_uptime;
1230			getbintime(&taskio->io_hdr.start_bt);
1231#endif /* CTL_TIME_IO */
1232			ctl_run_task((union ctl_io *)taskio);
1233			break;
1234		}
1235		/* Persistent Reserve action which needs attention */
1236		case CTL_MSG_PERS_ACTION:
1237			presio = (struct ctl_prio *)ctl_alloc_io(
1238			    softc->othersc_pool);
1239			ctl_zero_io((union ctl_io *)presio);
1240			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1241			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1242			presio->io_hdr.nexus = msg->hdr.nexus;
1243			presio->pr_msg = msg->pr;
1244			ctl_enqueue_isc((union ctl_io *)presio);
1245			break;
1246		case CTL_MSG_UA:
1247			ctl_isc_ua(softc, msg, param);
1248			break;
1249		case CTL_MSG_PORT_SYNC:
1250			ctl_isc_port_sync(softc, msg, param);
1251			break;
1252		case CTL_MSG_LUN_SYNC:
1253			ctl_isc_lun_sync(softc, msg, param);
1254			break;
1255		case CTL_MSG_IID_SYNC:
1256			ctl_isc_iid_sync(softc, msg, param);
1257			break;
1258		default:
1259			printf("Received HA message of unknown type %d\n",
1260			    msg->hdr.msg_type);
1261			break;
1262		}
1263		if (msg != &msgbuf)
1264			free(msg, M_CTL);
1265	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1266		printf("CTL: HA link status changed from %d to %d\n",
1267		    softc->ha_link, param);
1268		if (param == softc->ha_link)
1269			return;
1270		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1271			softc->ha_link = param;
1272			ctl_isc_ha_link_down(softc);
1273		} else {
1274			softc->ha_link = param;
1275			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1276				ctl_isc_ha_link_up(softc);
1277		}
1278		return;
1279	} else {
1280		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1281		return;
1282	}
1283}
1284
1285static void
1286ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1287{
1288
1289	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1290	    src->scsi.sense_len);
1291	dest->scsiio.scsi_status = src->scsi.scsi_status;
1292	dest->scsiio.sense_len = src->scsi.sense_len;
1293	dest->io_hdr.status = src->hdr.status;
1294}
1295
1296static void
1297ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1298{
1299
1300	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1301	    src->scsiio.sense_len);
1302	dest->scsi.scsi_status = src->scsiio.scsi_status;
1303	dest->scsi.sense_len = src->scsiio.sense_len;
1304	dest->hdr.status = src->io_hdr.status;
1305}
1306
1307void
1308ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1309{
1310	struct ctl_softc *softc = lun->ctl_softc;
1311	ctl_ua_type *pu;
1312
1313	if (initidx < softc->init_min || initidx >= softc->init_max)
1314		return;
1315	mtx_assert(&lun->lun_lock, MA_OWNED);
1316	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1317	if (pu == NULL)
1318		return;
1319	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1320}
1321
1322void
1323ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1324{
1325	int i;
1326
1327	mtx_assert(&lun->lun_lock, MA_OWNED);
1328	if (lun->pending_ua[port] == NULL)
1329		return;
1330	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1331		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1332			continue;
1333		lun->pending_ua[port][i] |= ua;
1334	}
1335}
1336
1337void
1338ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1339{
1340	struct ctl_softc *softc = lun->ctl_softc;
1341	int i;
1342
1343	mtx_assert(&lun->lun_lock, MA_OWNED);
1344	for (i = softc->port_min; i < softc->port_max; i++)
1345		ctl_est_ua_port(lun, i, except, ua);
1346}
1347
1348void
1349ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1350{
1351	struct ctl_softc *softc = lun->ctl_softc;
1352	ctl_ua_type *pu;
1353
1354	if (initidx < softc->init_min || initidx >= softc->init_max)
1355		return;
1356	mtx_assert(&lun->lun_lock, MA_OWNED);
1357	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1358	if (pu == NULL)
1359		return;
1360	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1361}
1362
1363void
1364ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1365{
1366	struct ctl_softc *softc = lun->ctl_softc;
1367	int i, j;
1368
1369	mtx_assert(&lun->lun_lock, MA_OWNED);
1370	for (i = softc->port_min; i < softc->port_max; i++) {
1371		if (lun->pending_ua[i] == NULL)
1372			continue;
1373		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1374			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1375				continue;
1376			lun->pending_ua[i][j] &= ~ua;
1377		}
1378	}
1379}
1380
1381void
1382ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1383    ctl_ua_type ua_type)
1384{
1385	struct ctl_lun *lun;
1386
1387	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1388	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1389		mtx_lock(&lun->lun_lock);
1390		ctl_clr_ua(lun, initidx, ua_type);
1391		mtx_unlock(&lun->lun_lock);
1392	}
1393}
1394
1395static int
1396ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1397{
1398	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1399	struct ctl_lun *lun;
1400	struct ctl_lun_req ireq;
1401	int error, value;
1402
1403	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1404	error = sysctl_handle_int(oidp, &value, 0, req);
1405	if ((error != 0) || (req->newptr == NULL))
1406		return (error);
1407
1408	mtx_lock(&softc->ctl_lock);
1409	if (value == 0)
1410		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1411	else
1412		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1413	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1414		mtx_unlock(&softc->ctl_lock);
1415		bzero(&ireq, sizeof(ireq));
1416		ireq.reqtype = CTL_LUNREQ_MODIFY;
1417		ireq.reqdata.modify.lun_id = lun->lun;
1418		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1419		    curthread);
1420		if (ireq.status != CTL_LUN_OK) {
1421			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1422			    __func__, ireq.status, ireq.error_str);
1423		}
1424		mtx_lock(&softc->ctl_lock);
1425	}
1426	mtx_unlock(&softc->ctl_lock);
1427	return (0);
1428}
1429
1430static int
1431ctl_init(void)
1432{
1433	struct ctl_softc *softc;
1434	void *other_pool;
1435	int i, error, retval;
1436
1437	retval = 0;
1438	control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1439			       M_WAITOK | M_ZERO);
1440	softc = control_softc;
1441
1442	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1443			      "cam/ctl");
1444
1445	softc->dev->si_drv1 = softc;
1446
1447	sysctl_ctx_init(&softc->sysctl_ctx);
1448	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1449		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1450		CTLFLAG_RD, 0, "CAM Target Layer");
1451
1452	if (softc->sysctl_tree == NULL) {
1453		printf("%s: unable to allocate sysctl tree\n", __func__);
1454		destroy_dev(softc->dev);
1455		free(control_softc, M_DEVBUF);
1456		control_softc = NULL;
1457		return (ENOMEM);
1458	}
1459
1460	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1461	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1462	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1463	softc->open_count = 0;
1464
1465	/*
1466	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1467	 * the drive.
1468	 */
1469	softc->flags = CTL_FLAG_REAL_SYNC;
1470
1471	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1472	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1473	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1474
1475	/*
1476	 * In Copan's HA scheme, the "master" and "slave" roles are
1477	 * figured out through the slot the controller is in.  Although it
1478	 * is an active/active system, someone has to be in charge.
1479	 */
1480	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1481	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1482	    "HA head ID (0 - no HA)");
1483	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1484		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1485		softc->is_single = 1;
1486		softc->port_cnt = CTL_MAX_PORTS;
1487		softc->port_min = 0;
1488	} else {
1489		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1490		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1491	}
1492	softc->port_max = softc->port_min + softc->port_cnt;
1493	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1494	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1495
1496	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1497	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1498	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1499
1500	STAILQ_INIT(&softc->lun_list);
1501	STAILQ_INIT(&softc->pending_lun_queue);
1502	STAILQ_INIT(&softc->fe_list);
1503	STAILQ_INIT(&softc->port_list);
1504	STAILQ_INIT(&softc->be_list);
1505	ctl_tpc_init(softc);
1506
1507	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1508	                    &other_pool) != 0)
1509	{
1510		printf("ctl: can't allocate %d entry other SC pool, "
1511		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1512		return (ENOMEM);
1513	}
1514	softc->othersc_pool = other_pool;
1515
1516	if (worker_threads <= 0)
1517		worker_threads = max(1, mp_ncpus / 4);
1518	if (worker_threads > CTL_MAX_THREADS)
1519		worker_threads = CTL_MAX_THREADS;
1520
1521	for (i = 0; i < worker_threads; i++) {
1522		struct ctl_thread *thr = &softc->threads[i];
1523
1524		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1525		thr->ctl_softc = softc;
1526		STAILQ_INIT(&thr->incoming_queue);
1527		STAILQ_INIT(&thr->rtr_queue);
1528		STAILQ_INIT(&thr->done_queue);
1529		STAILQ_INIT(&thr->isc_queue);
1530
1531		error = kproc_kthread_add(ctl_work_thread, thr,
1532		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1533		if (error != 0) {
1534			printf("error creating CTL work thread!\n");
1535			ctl_pool_free(other_pool);
1536			return (error);
1537		}
1538	}
1539	error = kproc_kthread_add(ctl_lun_thread, softc,
1540	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1541	if (error != 0) {
1542		printf("error creating CTL lun thread!\n");
1543		ctl_pool_free(other_pool);
1544		return (error);
1545	}
1546	error = kproc_kthread_add(ctl_thresh_thread, softc,
1547	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1548	if (error != 0) {
1549		printf("error creating CTL threshold thread!\n");
1550		ctl_pool_free(other_pool);
1551		return (error);
1552	}
1553
1554	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1555	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1556	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1557
1558	if (softc->is_single == 0) {
1559		ctl_frontend_register(&ha_frontend);
1560		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1561			printf("ctl_init: ctl_ha_msg_init failed.\n");
1562			softc->is_single = 1;
1563		} else
1564		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1565		    != CTL_HA_STATUS_SUCCESS) {
1566			printf("ctl_init: ctl_ha_msg_register failed.\n");
1567			softc->is_single = 1;
1568		}
1569	}
1570	return (0);
1571}
1572
1573void
1574ctl_shutdown(void)
1575{
1576	struct ctl_softc *softc;
1577	struct ctl_lun *lun, *next_lun;
1578
1579	softc = (struct ctl_softc *)control_softc;
1580
1581	if (softc->is_single == 0) {
1582		ctl_ha_msg_shutdown(softc);
1583		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1584		    != CTL_HA_STATUS_SUCCESS)
1585			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1586		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1587			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1588		ctl_frontend_deregister(&ha_frontend);
1589	}
1590
1591	mtx_lock(&softc->ctl_lock);
1592
1593	/*
1594	 * Free up each LUN.
1595	 */
1596	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1597		next_lun = STAILQ_NEXT(lun, links);
1598		ctl_free_lun(lun);
1599	}
1600
1601	mtx_unlock(&softc->ctl_lock);
1602
1603#if 0
1604	ctl_shutdown_thread(softc->work_thread);
1605	mtx_destroy(&softc->queue_lock);
1606#endif
1607
1608	ctl_tpc_shutdown(softc);
1609	uma_zdestroy(softc->io_zone);
1610	mtx_destroy(&softc->ctl_lock);
1611
1612	destroy_dev(softc->dev);
1613
1614	sysctl_ctx_free(&softc->sysctl_ctx);
1615
1616	free(control_softc, M_DEVBUF);
1617	control_softc = NULL;
1618}
1619
1620static int
1621ctl_module_event_handler(module_t mod, int what, void *arg)
1622{
1623
1624	switch (what) {
1625	case MOD_LOAD:
1626		return (ctl_init());
1627	case MOD_UNLOAD:
1628		return (EBUSY);
1629	default:
1630		return (EOPNOTSUPP);
1631	}
1632}
1633
1634/*
1635 * XXX KDM should we do some access checks here?  Bump a reference count to
1636 * prevent a CTL module from being unloaded while someone has it open?
1637 */
1638static int
1639ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1640{
1641	return (0);
1642}
1643
1644static int
1645ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1646{
1647	return (0);
1648}
1649
1650/*
1651 * Remove an initiator by port number and initiator ID.
1652 * Returns 0 for success, -1 for failure.
1653 */
1654int
1655ctl_remove_initiator(struct ctl_port *port, int iid)
1656{
1657	struct ctl_softc *softc = control_softc;
1658
1659	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1660
1661	if (iid > CTL_MAX_INIT_PER_PORT) {
1662		printf("%s: initiator ID %u > maximun %u!\n",
1663		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1664		return (-1);
1665	}
1666
1667	mtx_lock(&softc->ctl_lock);
1668	port->wwpn_iid[iid].in_use--;
1669	port->wwpn_iid[iid].last_use = time_uptime;
1670	mtx_unlock(&softc->ctl_lock);
1671	ctl_isc_announce_iid(port, iid);
1672
1673	return (0);
1674}
1675
1676/*
1677 * Add an initiator to the initiator map.
1678 * Returns iid for success, < 0 for failure.
1679 */
1680int
1681ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1682{
1683	struct ctl_softc *softc = control_softc;
1684	time_t best_time;
1685	int i, best;
1686
1687	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1688
1689	if (iid >= CTL_MAX_INIT_PER_PORT) {
1690		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1691		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1692		free(name, M_CTL);
1693		return (-1);
1694	}
1695
1696	mtx_lock(&softc->ctl_lock);
1697
1698	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1699		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1700			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1701				iid = i;
1702				break;
1703			}
1704			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1705			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1706				iid = i;
1707				break;
1708			}
1709		}
1710	}
1711
1712	if (iid < 0) {
1713		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1714			if (port->wwpn_iid[i].in_use == 0 &&
1715			    port->wwpn_iid[i].wwpn == 0 &&
1716			    port->wwpn_iid[i].name == NULL) {
1717				iid = i;
1718				break;
1719			}
1720		}
1721	}
1722
1723	if (iid < 0) {
1724		best = -1;
1725		best_time = INT32_MAX;
1726		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1727			if (port->wwpn_iid[i].in_use == 0) {
1728				if (port->wwpn_iid[i].last_use < best_time) {
1729					best = i;
1730					best_time = port->wwpn_iid[i].last_use;
1731				}
1732			}
1733		}
1734		iid = best;
1735	}
1736
1737	if (iid < 0) {
1738		mtx_unlock(&softc->ctl_lock);
1739		free(name, M_CTL);
1740		return (-2);
1741	}
1742
1743	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1744		/*
1745		 * This is not an error yet.
1746		 */
1747		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1748#if 0
1749			printf("%s: port %d iid %u WWPN %#jx arrived"
1750			    " again\n", __func__, port->targ_port,
1751			    iid, (uintmax_t)wwpn);
1752#endif
1753			goto take;
1754		}
1755		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1756		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1757#if 0
1758			printf("%s: port %d iid %u name '%s' arrived"
1759			    " again\n", __func__, port->targ_port,
1760			    iid, name);
1761#endif
1762			goto take;
1763		}
1764
1765		/*
1766		 * This is an error, but what do we do about it?  The
1767		 * driver is telling us we have a new WWPN for this
1768		 * initiator ID, so we pretty much need to use it.
1769		 */
1770		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1771		    " but WWPN %#jx '%s' is still at that address\n",
1772		    __func__, port->targ_port, iid, wwpn, name,
1773		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1774		    port->wwpn_iid[iid].name);
1775
1776		/*
1777		 * XXX KDM clear have_ca and ua_pending on each LUN for
1778		 * this initiator.
1779		 */
1780	}
1781take:
1782	free(port->wwpn_iid[iid].name, M_CTL);
1783	port->wwpn_iid[iid].name = name;
1784	port->wwpn_iid[iid].wwpn = wwpn;
1785	port->wwpn_iid[iid].in_use++;
1786	mtx_unlock(&softc->ctl_lock);
1787	ctl_isc_announce_iid(port, iid);
1788
1789	return (iid);
1790}
1791
1792static int
1793ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1794{
1795	int len;
1796
1797	switch (port->port_type) {
1798	case CTL_PORT_FC:
1799	{
1800		struct scsi_transportid_fcp *id =
1801		    (struct scsi_transportid_fcp *)buf;
1802		if (port->wwpn_iid[iid].wwpn == 0)
1803			return (0);
1804		memset(id, 0, sizeof(*id));
1805		id->format_protocol = SCSI_PROTO_FC;
1806		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1807		return (sizeof(*id));
1808	}
1809	case CTL_PORT_ISCSI:
1810	{
1811		struct scsi_transportid_iscsi_port *id =
1812		    (struct scsi_transportid_iscsi_port *)buf;
1813		if (port->wwpn_iid[iid].name == NULL)
1814			return (0);
1815		memset(id, 0, 256);
1816		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1817		    SCSI_PROTO_ISCSI;
1818		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1819		len = roundup2(min(len, 252), 4);
1820		scsi_ulto2b(len, id->additional_length);
1821		return (sizeof(*id) + len);
1822	}
1823	case CTL_PORT_SAS:
1824	{
1825		struct scsi_transportid_sas *id =
1826		    (struct scsi_transportid_sas *)buf;
1827		if (port->wwpn_iid[iid].wwpn == 0)
1828			return (0);
1829		memset(id, 0, sizeof(*id));
1830		id->format_protocol = SCSI_PROTO_SAS;
1831		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1832		return (sizeof(*id));
1833	}
1834	default:
1835	{
1836		struct scsi_transportid_spi *id =
1837		    (struct scsi_transportid_spi *)buf;
1838		memset(id, 0, sizeof(*id));
1839		id->format_protocol = SCSI_PROTO_SPI;
1840		scsi_ulto2b(iid, id->scsi_addr);
1841		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1842		return (sizeof(*id));
1843	}
1844	}
1845}
1846
1847/*
1848 * Serialize a command that went down the "wrong" side, and so was sent to
1849 * this controller for execution.  The logic is a little different than the
1850 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1851 * sent back to the other side, but in the success case, we execute the
1852 * command on this side (XFER mode) or tell the other side to execute it
1853 * (SER_ONLY mode).
1854 */
1855static int
1856ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1857{
1858	struct ctl_softc *softc;
1859	union ctl_ha_msg msg_info;
1860	struct ctl_lun *lun;
1861	const struct ctl_cmd_entry *entry;
1862	int retval = 0;
1863	uint32_t targ_lun;
1864
1865	softc = control_softc;
1866
1867	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
1868	mtx_lock(&softc->ctl_lock);
1869	if ((targ_lun < CTL_MAX_LUNS) &&
1870	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
1871		mtx_lock(&lun->lun_lock);
1872		mtx_unlock(&softc->ctl_lock);
1873		/*
1874		 * If the LUN is invalid, pretend that it doesn't exist.
1875		 * It will go away as soon as all pending I/O has been
1876		 * completed.
1877		 */
1878		if (lun->flags & CTL_LUN_DISABLED) {
1879			mtx_unlock(&lun->lun_lock);
1880			lun = NULL;
1881		}
1882	} else {
1883		mtx_unlock(&softc->ctl_lock);
1884		lun = NULL;
1885	}
1886	if (lun == NULL) {
1887		/*
1888		 * The other node would not send this request to us unless
1889		 * received announce that we are primary node for this LUN.
1890		 * If this LUN does not exist now, it is probably result of
1891		 * a race, so respond to initiator in the most opaque way.
1892		 */
1893		ctl_set_busy(ctsio);
1894		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1895		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1896		msg_info.hdr.serializing_sc = NULL;
1897		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1898		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1899		    sizeof(msg_info.scsi), M_WAITOK);
1900		return(1);
1901	}
1902
1903	entry = ctl_get_cmd_entry(ctsio, NULL);
1904	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
1905		mtx_unlock(&lun->lun_lock);
1906		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1907		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1908		msg_info.hdr.serializing_sc = NULL;
1909		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1910		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1911		    sizeof(msg_info.scsi), M_WAITOK);
1912		return(1);
1913	}
1914
1915	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
1916	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
1917
1918	/*
1919	 * Every I/O goes into the OOA queue for a
1920	 * particular LUN, and stays there until completion.
1921	 */
1922#ifdef CTL_TIME_IO
1923	if (TAILQ_EMPTY(&lun->ooa_queue))
1924		lun->idle_time += getsbinuptime() - lun->last_busy;
1925#endif
1926	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1927
1928	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
1929		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
1930		 ooa_links))) {
1931	case CTL_ACTION_BLOCK:
1932		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
1933		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
1934				  blocked_links);
1935		mtx_unlock(&lun->lun_lock);
1936		break;
1937	case CTL_ACTION_PASS:
1938	case CTL_ACTION_SKIP:
1939		if (softc->ha_mode == CTL_HA_MODE_XFER) {
1940			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
1941			ctl_enqueue_rtr((union ctl_io *)ctsio);
1942			mtx_unlock(&lun->lun_lock);
1943		} else {
1944			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
1945			mtx_unlock(&lun->lun_lock);
1946
1947			/* send msg back to other side */
1948			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1949			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
1950			msg_info.hdr.msg_type = CTL_MSG_R2R;
1951			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1952			    sizeof(msg_info.hdr), M_WAITOK);
1953		}
1954		break;
1955	case CTL_ACTION_OVERLAP:
1956		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1957		mtx_unlock(&lun->lun_lock);
1958		retval = 1;
1959
1960		ctl_set_overlapped_cmd(ctsio);
1961		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1962		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1963		msg_info.hdr.serializing_sc = NULL;
1964		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1965		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1966		    sizeof(msg_info.scsi), M_WAITOK);
1967		break;
1968	case CTL_ACTION_OVERLAP_TAG:
1969		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1970		mtx_unlock(&lun->lun_lock);
1971		retval = 1;
1972		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
1973		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1974		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1975		msg_info.hdr.serializing_sc = NULL;
1976		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1977		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1978		    sizeof(msg_info.scsi), M_WAITOK);
1979		break;
1980	case CTL_ACTION_ERROR:
1981	default:
1982		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
1983		mtx_unlock(&lun->lun_lock);
1984		retval = 1;
1985
1986		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
1987					 /*retry_count*/ 0);
1988		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
1989		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
1990		msg_info.hdr.serializing_sc = NULL;
1991		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
1992		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
1993		    sizeof(msg_info.scsi), M_WAITOK);
1994		break;
1995	}
1996	return (retval);
1997}
1998
1999/*
2000 * Returns 0 for success, errno for failure.
2001 */
2002static int
2003ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2004		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2005{
2006	union ctl_io *io;
2007	int retval;
2008
2009	retval = 0;
2010
2011	mtx_lock(&lun->lun_lock);
2012	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2013	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2014	     ooa_links)) {
2015		struct ctl_ooa_entry *entry;
2016
2017		/*
2018		 * If we've got more than we can fit, just count the
2019		 * remaining entries.
2020		 */
2021		if (*cur_fill_num >= ooa_hdr->alloc_num)
2022			continue;
2023
2024		entry = &kern_entries[*cur_fill_num];
2025
2026		entry->tag_num = io->scsiio.tag_num;
2027		entry->lun_num = lun->lun;
2028#ifdef CTL_TIME_IO
2029		entry->start_bt = io->io_hdr.start_bt;
2030#endif
2031		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2032		entry->cdb_len = io->scsiio.cdb_len;
2033		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2034			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2035
2036		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2037			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2038
2039		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2040			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2041
2042		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2043			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2044
2045		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2046			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2047	}
2048	mtx_unlock(&lun->lun_lock);
2049
2050	return (retval);
2051}
2052
2053static void *
2054ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2055		 size_t error_str_len)
2056{
2057	void *kptr;
2058
2059	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2060
2061	if (copyin(user_addr, kptr, len) != 0) {
2062		snprintf(error_str, error_str_len, "Error copying %d bytes "
2063			 "from user address %p to kernel address %p", len,
2064			 user_addr, kptr);
2065		free(kptr, M_CTL);
2066		return (NULL);
2067	}
2068
2069	return (kptr);
2070}
2071
2072static void
2073ctl_free_args(int num_args, struct ctl_be_arg *args)
2074{
2075	int i;
2076
2077	if (args == NULL)
2078		return;
2079
2080	for (i = 0; i < num_args; i++) {
2081		free(args[i].kname, M_CTL);
2082		free(args[i].kvalue, M_CTL);
2083	}
2084
2085	free(args, M_CTL);
2086}
2087
2088static struct ctl_be_arg *
2089ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2090		char *error_str, size_t error_str_len)
2091{
2092	struct ctl_be_arg *args;
2093	int i;
2094
2095	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2096				error_str, error_str_len);
2097
2098	if (args == NULL)
2099		goto bailout;
2100
2101	for (i = 0; i < num_args; i++) {
2102		args[i].kname = NULL;
2103		args[i].kvalue = NULL;
2104	}
2105
2106	for (i = 0; i < num_args; i++) {
2107		uint8_t *tmpptr;
2108
2109		args[i].kname = ctl_copyin_alloc(args[i].name,
2110			args[i].namelen, error_str, error_str_len);
2111		if (args[i].kname == NULL)
2112			goto bailout;
2113
2114		if (args[i].kname[args[i].namelen - 1] != '\0') {
2115			snprintf(error_str, error_str_len, "Argument %d "
2116				 "name is not NUL-terminated", i);
2117			goto bailout;
2118		}
2119
2120		if (args[i].flags & CTL_BEARG_RD) {
2121			tmpptr = ctl_copyin_alloc(args[i].value,
2122				args[i].vallen, error_str, error_str_len);
2123			if (tmpptr == NULL)
2124				goto bailout;
2125			if ((args[i].flags & CTL_BEARG_ASCII)
2126			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2127				snprintf(error_str, error_str_len, "Argument "
2128				    "%d value is not NUL-terminated", i);
2129				goto bailout;
2130			}
2131			args[i].kvalue = tmpptr;
2132		} else {
2133			args[i].kvalue = malloc(args[i].vallen,
2134			    M_CTL, M_WAITOK | M_ZERO);
2135		}
2136	}
2137
2138	return (args);
2139bailout:
2140
2141	ctl_free_args(num_args, args);
2142
2143	return (NULL);
2144}
2145
2146static void
2147ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2148{
2149	int i;
2150
2151	for (i = 0; i < num_args; i++) {
2152		if (args[i].flags & CTL_BEARG_WR)
2153			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2154	}
2155}
2156
2157/*
2158 * Escape characters that are illegal or not recommended in XML.
2159 */
2160int
2161ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2162{
2163	char *end = str + size;
2164	int retval;
2165
2166	retval = 0;
2167
2168	for (; *str && str < end; str++) {
2169		switch (*str) {
2170		case '&':
2171			retval = sbuf_printf(sb, "&amp;");
2172			break;
2173		case '>':
2174			retval = sbuf_printf(sb, "&gt;");
2175			break;
2176		case '<':
2177			retval = sbuf_printf(sb, "&lt;");
2178			break;
2179		default:
2180			retval = sbuf_putc(sb, *str);
2181			break;
2182		}
2183
2184		if (retval != 0)
2185			break;
2186
2187	}
2188
2189	return (retval);
2190}
2191
2192static void
2193ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2194{
2195	struct scsi_vpd_id_descriptor *desc;
2196	int i;
2197
2198	if (id == NULL || id->len < 4)
2199		return;
2200	desc = (struct scsi_vpd_id_descriptor *)id->data;
2201	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2202	case SVPD_ID_TYPE_T10:
2203		sbuf_printf(sb, "t10.");
2204		break;
2205	case SVPD_ID_TYPE_EUI64:
2206		sbuf_printf(sb, "eui.");
2207		break;
2208	case SVPD_ID_TYPE_NAA:
2209		sbuf_printf(sb, "naa.");
2210		break;
2211	case SVPD_ID_TYPE_SCSI_NAME:
2212		break;
2213	}
2214	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2215	case SVPD_ID_CODESET_BINARY:
2216		for (i = 0; i < desc->length; i++)
2217			sbuf_printf(sb, "%02x", desc->identifier[i]);
2218		break;
2219	case SVPD_ID_CODESET_ASCII:
2220		sbuf_printf(sb, "%.*s", (int)desc->length,
2221		    (char *)desc->identifier);
2222		break;
2223	case SVPD_ID_CODESET_UTF8:
2224		sbuf_printf(sb, "%s", (char *)desc->identifier);
2225		break;
2226	}
2227}
2228
2229static int
2230ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2231	  struct thread *td)
2232{
2233	struct ctl_softc *softc;
2234	struct ctl_lun *lun;
2235	int retval;
2236
2237	softc = control_softc;
2238
2239	retval = 0;
2240
2241	switch (cmd) {
2242	case CTL_IO:
2243		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2244		break;
2245	case CTL_ENABLE_PORT:
2246	case CTL_DISABLE_PORT:
2247	case CTL_SET_PORT_WWNS: {
2248		struct ctl_port *port;
2249		struct ctl_port_entry *entry;
2250
2251		entry = (struct ctl_port_entry *)addr;
2252
2253		mtx_lock(&softc->ctl_lock);
2254		STAILQ_FOREACH(port, &softc->port_list, links) {
2255			int action, done;
2256
2257			if (port->targ_port < softc->port_min ||
2258			    port->targ_port >= softc->port_max)
2259				continue;
2260
2261			action = 0;
2262			done = 0;
2263			if ((entry->port_type == CTL_PORT_NONE)
2264			 && (entry->targ_port == port->targ_port)) {
2265				/*
2266				 * If the user only wants to enable or
2267				 * disable or set WWNs on a specific port,
2268				 * do the operation and we're done.
2269				 */
2270				action = 1;
2271				done = 1;
2272			} else if (entry->port_type & port->port_type) {
2273				/*
2274				 * Compare the user's type mask with the
2275				 * particular frontend type to see if we
2276				 * have a match.
2277				 */
2278				action = 1;
2279				done = 0;
2280
2281				/*
2282				 * Make sure the user isn't trying to set
2283				 * WWNs on multiple ports at the same time.
2284				 */
2285				if (cmd == CTL_SET_PORT_WWNS) {
2286					printf("%s: Can't set WWNs on "
2287					       "multiple ports\n", __func__);
2288					retval = EINVAL;
2289					break;
2290				}
2291			}
2292			if (action == 0)
2293				continue;
2294
2295			/*
2296			 * XXX KDM we have to drop the lock here, because
2297			 * the online/offline operations can potentially
2298			 * block.  We need to reference count the frontends
2299			 * so they can't go away,
2300			 */
2301			if (cmd == CTL_ENABLE_PORT) {
2302				mtx_unlock(&softc->ctl_lock);
2303				ctl_port_online(port);
2304				mtx_lock(&softc->ctl_lock);
2305			} else if (cmd == CTL_DISABLE_PORT) {
2306				mtx_unlock(&softc->ctl_lock);
2307				ctl_port_offline(port);
2308				mtx_lock(&softc->ctl_lock);
2309			} else if (cmd == CTL_SET_PORT_WWNS) {
2310				ctl_port_set_wwns(port,
2311				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2312				    1 : 0, entry->wwnn,
2313				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2314				    1 : 0, entry->wwpn);
2315			}
2316			if (done != 0)
2317				break;
2318		}
2319		mtx_unlock(&softc->ctl_lock);
2320		break;
2321	}
2322	case CTL_GET_PORT_LIST: {
2323		struct ctl_port *port;
2324		struct ctl_port_list *list;
2325		int i;
2326
2327		list = (struct ctl_port_list *)addr;
2328
2329		if (list->alloc_len != (list->alloc_num *
2330		    sizeof(struct ctl_port_entry))) {
2331			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2332			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2333			       "%zu\n", __func__, list->alloc_len,
2334			       list->alloc_num, sizeof(struct ctl_port_entry));
2335			retval = EINVAL;
2336			break;
2337		}
2338		list->fill_len = 0;
2339		list->fill_num = 0;
2340		list->dropped_num = 0;
2341		i = 0;
2342		mtx_lock(&softc->ctl_lock);
2343		STAILQ_FOREACH(port, &softc->port_list, links) {
2344			struct ctl_port_entry entry, *list_entry;
2345
2346			if (list->fill_num >= list->alloc_num) {
2347				list->dropped_num++;
2348				continue;
2349			}
2350
2351			entry.port_type = port->port_type;
2352			strlcpy(entry.port_name, port->port_name,
2353				sizeof(entry.port_name));
2354			entry.targ_port = port->targ_port;
2355			entry.physical_port = port->physical_port;
2356			entry.virtual_port = port->virtual_port;
2357			entry.wwnn = port->wwnn;
2358			entry.wwpn = port->wwpn;
2359			if (port->status & CTL_PORT_STATUS_ONLINE)
2360				entry.online = 1;
2361			else
2362				entry.online = 0;
2363
2364			list_entry = &list->entries[i];
2365
2366			retval = copyout(&entry, list_entry, sizeof(entry));
2367			if (retval != 0) {
2368				printf("%s: CTL_GET_PORT_LIST: copyout "
2369				       "returned %d\n", __func__, retval);
2370				break;
2371			}
2372			i++;
2373			list->fill_num++;
2374			list->fill_len += sizeof(entry);
2375		}
2376		mtx_unlock(&softc->ctl_lock);
2377
2378		/*
2379		 * If this is non-zero, we had a copyout fault, so there's
2380		 * probably no point in attempting to set the status inside
2381		 * the structure.
2382		 */
2383		if (retval != 0)
2384			break;
2385
2386		if (list->dropped_num > 0)
2387			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2388		else
2389			list->status = CTL_PORT_LIST_OK;
2390		break;
2391	}
2392	case CTL_DUMP_OOA: {
2393		union ctl_io *io;
2394		char printbuf[128];
2395		struct sbuf sb;
2396
2397		mtx_lock(&softc->ctl_lock);
2398		printf("Dumping OOA queues:\n");
2399		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2400			mtx_lock(&lun->lun_lock);
2401			for (io = (union ctl_io *)TAILQ_FIRST(
2402			     &lun->ooa_queue); io != NULL;
2403			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2404			     ooa_links)) {
2405				sbuf_new(&sb, printbuf, sizeof(printbuf),
2406					 SBUF_FIXEDLEN);
2407				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2408					    (intmax_t)lun->lun,
2409					    io->scsiio.tag_num,
2410					    (io->io_hdr.flags &
2411					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2412					    (io->io_hdr.flags &
2413					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2414					    (io->io_hdr.flags &
2415					    CTL_FLAG_ABORT) ? " ABORT" : "",
2416			                    (io->io_hdr.flags &
2417		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2418				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2419				sbuf_finish(&sb);
2420				printf("%s\n", sbuf_data(&sb));
2421			}
2422			mtx_unlock(&lun->lun_lock);
2423		}
2424		printf("OOA queues dump done\n");
2425		mtx_unlock(&softc->ctl_lock);
2426		break;
2427	}
2428	case CTL_GET_OOA: {
2429		struct ctl_ooa *ooa_hdr;
2430		struct ctl_ooa_entry *entries;
2431		uint32_t cur_fill_num;
2432
2433		ooa_hdr = (struct ctl_ooa *)addr;
2434
2435		if ((ooa_hdr->alloc_len == 0)
2436		 || (ooa_hdr->alloc_num == 0)) {
2437			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2438			       "must be non-zero\n", __func__,
2439			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2440			retval = EINVAL;
2441			break;
2442		}
2443
2444		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2445		    sizeof(struct ctl_ooa_entry))) {
2446			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2447			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2448			       __func__, ooa_hdr->alloc_len,
2449			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2450			retval = EINVAL;
2451			break;
2452		}
2453
2454		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2455		if (entries == NULL) {
2456			printf("%s: could not allocate %d bytes for OOA "
2457			       "dump\n", __func__, ooa_hdr->alloc_len);
2458			retval = ENOMEM;
2459			break;
2460		}
2461
2462		mtx_lock(&softc->ctl_lock);
2463		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2464		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2465		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2466			mtx_unlock(&softc->ctl_lock);
2467			free(entries, M_CTL);
2468			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2469			       __func__, (uintmax_t)ooa_hdr->lun_num);
2470			retval = EINVAL;
2471			break;
2472		}
2473
2474		cur_fill_num = 0;
2475
2476		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2477			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2478				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2479					ooa_hdr, entries);
2480				if (retval != 0)
2481					break;
2482			}
2483			if (retval != 0) {
2484				mtx_unlock(&softc->ctl_lock);
2485				free(entries, M_CTL);
2486				break;
2487			}
2488		} else {
2489			lun = softc->ctl_luns[ooa_hdr->lun_num];
2490
2491			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2492						    entries);
2493		}
2494		mtx_unlock(&softc->ctl_lock);
2495
2496		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2497		ooa_hdr->fill_len = ooa_hdr->fill_num *
2498			sizeof(struct ctl_ooa_entry);
2499		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2500		if (retval != 0) {
2501			printf("%s: error copying out %d bytes for OOA dump\n",
2502			       __func__, ooa_hdr->fill_len);
2503		}
2504
2505		getbintime(&ooa_hdr->cur_bt);
2506
2507		if (cur_fill_num > ooa_hdr->alloc_num) {
2508			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2509			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2510		} else {
2511			ooa_hdr->dropped_num = 0;
2512			ooa_hdr->status = CTL_OOA_OK;
2513		}
2514
2515		free(entries, M_CTL);
2516		break;
2517	}
2518	case CTL_CHECK_OOA: {
2519		union ctl_io *io;
2520		struct ctl_ooa_info *ooa_info;
2521
2522
2523		ooa_info = (struct ctl_ooa_info *)addr;
2524
2525		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2526			ooa_info->status = CTL_OOA_INVALID_LUN;
2527			break;
2528		}
2529		mtx_lock(&softc->ctl_lock);
2530		lun = softc->ctl_luns[ooa_info->lun_id];
2531		if (lun == NULL) {
2532			mtx_unlock(&softc->ctl_lock);
2533			ooa_info->status = CTL_OOA_INVALID_LUN;
2534			break;
2535		}
2536		mtx_lock(&lun->lun_lock);
2537		mtx_unlock(&softc->ctl_lock);
2538		ooa_info->num_entries = 0;
2539		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2540		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2541		     &io->io_hdr, ooa_links)) {
2542			ooa_info->num_entries++;
2543		}
2544		mtx_unlock(&lun->lun_lock);
2545
2546		ooa_info->status = CTL_OOA_SUCCESS;
2547
2548		break;
2549	}
2550	case CTL_DELAY_IO: {
2551		struct ctl_io_delay_info *delay_info;
2552
2553		delay_info = (struct ctl_io_delay_info *)addr;
2554
2555#ifdef CTL_IO_DELAY
2556		mtx_lock(&softc->ctl_lock);
2557
2558		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2559		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2560			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2561		} else {
2562			lun = softc->ctl_luns[delay_info->lun_id];
2563			mtx_lock(&lun->lun_lock);
2564
2565			delay_info->status = CTL_DELAY_STATUS_OK;
2566
2567			switch (delay_info->delay_type) {
2568			case CTL_DELAY_TYPE_CONT:
2569				break;
2570			case CTL_DELAY_TYPE_ONESHOT:
2571				break;
2572			default:
2573				delay_info->status =
2574					CTL_DELAY_STATUS_INVALID_TYPE;
2575				break;
2576			}
2577
2578			switch (delay_info->delay_loc) {
2579			case CTL_DELAY_LOC_DATAMOVE:
2580				lun->delay_info.datamove_type =
2581					delay_info->delay_type;
2582				lun->delay_info.datamove_delay =
2583					delay_info->delay_secs;
2584				break;
2585			case CTL_DELAY_LOC_DONE:
2586				lun->delay_info.done_type =
2587					delay_info->delay_type;
2588				lun->delay_info.done_delay =
2589					delay_info->delay_secs;
2590				break;
2591			default:
2592				delay_info->status =
2593					CTL_DELAY_STATUS_INVALID_LOC;
2594				break;
2595			}
2596			mtx_unlock(&lun->lun_lock);
2597		}
2598
2599		mtx_unlock(&softc->ctl_lock);
2600#else
2601		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2602#endif /* CTL_IO_DELAY */
2603		break;
2604	}
2605	case CTL_REALSYNC_SET: {
2606		int *syncstate;
2607
2608		syncstate = (int *)addr;
2609
2610		mtx_lock(&softc->ctl_lock);
2611		switch (*syncstate) {
2612		case 0:
2613			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2614			break;
2615		case 1:
2616			softc->flags |= CTL_FLAG_REAL_SYNC;
2617			break;
2618		default:
2619			retval = EINVAL;
2620			break;
2621		}
2622		mtx_unlock(&softc->ctl_lock);
2623		break;
2624	}
2625	case CTL_REALSYNC_GET: {
2626		int *syncstate;
2627
2628		syncstate = (int*)addr;
2629
2630		mtx_lock(&softc->ctl_lock);
2631		if (softc->flags & CTL_FLAG_REAL_SYNC)
2632			*syncstate = 1;
2633		else
2634			*syncstate = 0;
2635		mtx_unlock(&softc->ctl_lock);
2636
2637		break;
2638	}
2639	case CTL_SETSYNC:
2640	case CTL_GETSYNC: {
2641		struct ctl_sync_info *sync_info;
2642
2643		sync_info = (struct ctl_sync_info *)addr;
2644
2645		mtx_lock(&softc->ctl_lock);
2646		lun = softc->ctl_luns[sync_info->lun_id];
2647		if (lun == NULL) {
2648			mtx_unlock(&softc->ctl_lock);
2649			sync_info->status = CTL_GS_SYNC_NO_LUN;
2650			break;
2651		}
2652		/*
2653		 * Get or set the sync interval.  We're not bounds checking
2654		 * in the set case, hopefully the user won't do something
2655		 * silly.
2656		 */
2657		mtx_lock(&lun->lun_lock);
2658		mtx_unlock(&softc->ctl_lock);
2659		if (cmd == CTL_GETSYNC)
2660			sync_info->sync_interval = lun->sync_interval;
2661		else
2662			lun->sync_interval = sync_info->sync_interval;
2663		mtx_unlock(&lun->lun_lock);
2664
2665		sync_info->status = CTL_GS_SYNC_OK;
2666
2667		break;
2668	}
2669	case CTL_GETSTATS: {
2670		struct ctl_stats *stats;
2671		int i;
2672
2673		stats = (struct ctl_stats *)addr;
2674
2675		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2676		     stats->alloc_len) {
2677			stats->status = CTL_SS_NEED_MORE_SPACE;
2678			stats->num_luns = softc->num_luns;
2679			break;
2680		}
2681		/*
2682		 * XXX KDM no locking here.  If the LUN list changes,
2683		 * things can blow up.
2684		 */
2685		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2686		     i++, lun = STAILQ_NEXT(lun, links)) {
2687			retval = copyout(&lun->stats, &stats->lun_stats[i],
2688					 sizeof(lun->stats));
2689			if (retval != 0)
2690				break;
2691		}
2692		stats->num_luns = softc->num_luns;
2693		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2694				 softc->num_luns;
2695		stats->status = CTL_SS_OK;
2696#ifdef CTL_TIME_IO
2697		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2698#else
2699		stats->flags = CTL_STATS_FLAG_NONE;
2700#endif
2701		getnanouptime(&stats->timestamp);
2702		break;
2703	}
2704	case CTL_ERROR_INJECT: {
2705		struct ctl_error_desc *err_desc, *new_err_desc;
2706
2707		err_desc = (struct ctl_error_desc *)addr;
2708
2709		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2710				      M_WAITOK | M_ZERO);
2711		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2712
2713		mtx_lock(&softc->ctl_lock);
2714		lun = softc->ctl_luns[err_desc->lun_id];
2715		if (lun == NULL) {
2716			mtx_unlock(&softc->ctl_lock);
2717			free(new_err_desc, M_CTL);
2718			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2719			       __func__, (uintmax_t)err_desc->lun_id);
2720			retval = EINVAL;
2721			break;
2722		}
2723		mtx_lock(&lun->lun_lock);
2724		mtx_unlock(&softc->ctl_lock);
2725
2726		/*
2727		 * We could do some checking here to verify the validity
2728		 * of the request, but given the complexity of error
2729		 * injection requests, the checking logic would be fairly
2730		 * complex.
2731		 *
2732		 * For now, if the request is invalid, it just won't get
2733		 * executed and might get deleted.
2734		 */
2735		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2736
2737		/*
2738		 * XXX KDM check to make sure the serial number is unique,
2739		 * in case we somehow manage to wrap.  That shouldn't
2740		 * happen for a very long time, but it's the right thing to
2741		 * do.
2742		 */
2743		new_err_desc->serial = lun->error_serial;
2744		err_desc->serial = lun->error_serial;
2745		lun->error_serial++;
2746
2747		mtx_unlock(&lun->lun_lock);
2748		break;
2749	}
2750	case CTL_ERROR_INJECT_DELETE: {
2751		struct ctl_error_desc *delete_desc, *desc, *desc2;
2752		int delete_done;
2753
2754		delete_desc = (struct ctl_error_desc *)addr;
2755		delete_done = 0;
2756
2757		mtx_lock(&softc->ctl_lock);
2758		lun = softc->ctl_luns[delete_desc->lun_id];
2759		if (lun == NULL) {
2760			mtx_unlock(&softc->ctl_lock);
2761			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2762			       __func__, (uintmax_t)delete_desc->lun_id);
2763			retval = EINVAL;
2764			break;
2765		}
2766		mtx_lock(&lun->lun_lock);
2767		mtx_unlock(&softc->ctl_lock);
2768		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2769			if (desc->serial != delete_desc->serial)
2770				continue;
2771
2772			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2773				      links);
2774			free(desc, M_CTL);
2775			delete_done = 1;
2776		}
2777		mtx_unlock(&lun->lun_lock);
2778		if (delete_done == 0) {
2779			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2780			       "error serial %ju on LUN %u\n", __func__,
2781			       delete_desc->serial, delete_desc->lun_id);
2782			retval = EINVAL;
2783			break;
2784		}
2785		break;
2786	}
2787	case CTL_DUMP_STRUCTS: {
2788		int i, j, k;
2789		struct ctl_port *port;
2790		struct ctl_frontend *fe;
2791
2792		mtx_lock(&softc->ctl_lock);
2793		printf("CTL Persistent Reservation information start:\n");
2794		for (i = 0; i < CTL_MAX_LUNS; i++) {
2795			lun = softc->ctl_luns[i];
2796
2797			if ((lun == NULL)
2798			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2799				continue;
2800
2801			for (j = 0; j < CTL_MAX_PORTS; j++) {
2802				if (lun->pr_keys[j] == NULL)
2803					continue;
2804				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2805					if (lun->pr_keys[j][k] == 0)
2806						continue;
2807					printf("  LUN %d port %d iid %d key "
2808					       "%#jx\n", i, j, k,
2809					       (uintmax_t)lun->pr_keys[j][k]);
2810				}
2811			}
2812		}
2813		printf("CTL Persistent Reservation information end\n");
2814		printf("CTL Ports:\n");
2815		STAILQ_FOREACH(port, &softc->port_list, links) {
2816			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2817			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2818			       port->frontend->name, port->port_type,
2819			       port->physical_port, port->virtual_port,
2820			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2821			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2822				if (port->wwpn_iid[j].in_use == 0 &&
2823				    port->wwpn_iid[j].wwpn == 0 &&
2824				    port->wwpn_iid[j].name == NULL)
2825					continue;
2826
2827				printf("    iid %u use %d WWPN %#jx '%s'\n",
2828				    j, port->wwpn_iid[j].in_use,
2829				    (uintmax_t)port->wwpn_iid[j].wwpn,
2830				    port->wwpn_iid[j].name);
2831			}
2832		}
2833		printf("CTL Port information end\n");
2834		mtx_unlock(&softc->ctl_lock);
2835		/*
2836		 * XXX KDM calling this without a lock.  We'd likely want
2837		 * to drop the lock before calling the frontend's dump
2838		 * routine anyway.
2839		 */
2840		printf("CTL Frontends:\n");
2841		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2842			printf("  Frontend '%s'\n", fe->name);
2843			if (fe->fe_dump != NULL)
2844				fe->fe_dump();
2845		}
2846		printf("CTL Frontend information end\n");
2847		break;
2848	}
2849	case CTL_LUN_REQ: {
2850		struct ctl_lun_req *lun_req;
2851		struct ctl_backend_driver *backend;
2852
2853		lun_req = (struct ctl_lun_req *)addr;
2854
2855		backend = ctl_backend_find(lun_req->backend);
2856		if (backend == NULL) {
2857			lun_req->status = CTL_LUN_ERROR;
2858			snprintf(lun_req->error_str,
2859				 sizeof(lun_req->error_str),
2860				 "Backend \"%s\" not found.",
2861				 lun_req->backend);
2862			break;
2863		}
2864		if (lun_req->num_be_args > 0) {
2865			lun_req->kern_be_args = ctl_copyin_args(
2866				lun_req->num_be_args,
2867				lun_req->be_args,
2868				lun_req->error_str,
2869				sizeof(lun_req->error_str));
2870			if (lun_req->kern_be_args == NULL) {
2871				lun_req->status = CTL_LUN_ERROR;
2872				break;
2873			}
2874		}
2875
2876		retval = backend->ioctl(dev, cmd, addr, flag, td);
2877
2878		if (lun_req->num_be_args > 0) {
2879			ctl_copyout_args(lun_req->num_be_args,
2880				      lun_req->kern_be_args);
2881			ctl_free_args(lun_req->num_be_args,
2882				      lun_req->kern_be_args);
2883		}
2884		break;
2885	}
2886	case CTL_LUN_LIST: {
2887		struct sbuf *sb;
2888		struct ctl_lun_list *list;
2889		struct ctl_option *opt;
2890
2891		list = (struct ctl_lun_list *)addr;
2892
2893		/*
2894		 * Allocate a fixed length sbuf here, based on the length
2895		 * of the user's buffer.  We could allocate an auto-extending
2896		 * buffer, and then tell the user how much larger our
2897		 * amount of data is than his buffer, but that presents
2898		 * some problems:
2899		 *
2900		 * 1.  The sbuf(9) routines use a blocking malloc, and so
2901		 *     we can't hold a lock while calling them with an
2902		 *     auto-extending buffer.
2903 		 *
2904		 * 2.  There is not currently a LUN reference counting
2905		 *     mechanism, outside of outstanding transactions on
2906		 *     the LUN's OOA queue.  So a LUN could go away on us
2907		 *     while we're getting the LUN number, backend-specific
2908		 *     information, etc.  Thus, given the way things
2909		 *     currently work, we need to hold the CTL lock while
2910		 *     grabbing LUN information.
2911		 *
2912		 * So, from the user's standpoint, the best thing to do is
2913		 * allocate what he thinks is a reasonable buffer length,
2914		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
2915		 * double the buffer length and try again.  (And repeat
2916		 * that until he succeeds.)
2917		 */
2918		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
2919		if (sb == NULL) {
2920			list->status = CTL_LUN_LIST_ERROR;
2921			snprintf(list->error_str, sizeof(list->error_str),
2922				 "Unable to allocate %d bytes for LUN list",
2923				 list->alloc_len);
2924			break;
2925		}
2926
2927		sbuf_printf(sb, "<ctllunlist>\n");
2928
2929		mtx_lock(&softc->ctl_lock);
2930		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2931			mtx_lock(&lun->lun_lock);
2932			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
2933					     (uintmax_t)lun->lun);
2934
2935			/*
2936			 * Bail out as soon as we see that we've overfilled
2937			 * the buffer.
2938			 */
2939			if (retval != 0)
2940				break;
2941
2942			retval = sbuf_printf(sb, "\t<backend_type>%s"
2943					     "</backend_type>\n",
2944					     (lun->backend == NULL) ?  "none" :
2945					     lun->backend->name);
2946
2947			if (retval != 0)
2948				break;
2949
2950			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
2951					     lun->be_lun->lun_type);
2952
2953			if (retval != 0)
2954				break;
2955
2956			if (lun->backend == NULL) {
2957				retval = sbuf_printf(sb, "</lun>\n");
2958				if (retval != 0)
2959					break;
2960				continue;
2961			}
2962
2963			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
2964					     (lun->be_lun->maxlba > 0) ?
2965					     lun->be_lun->maxlba + 1 : 0);
2966
2967			if (retval != 0)
2968				break;
2969
2970			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
2971					     lun->be_lun->blocksize);
2972
2973			if (retval != 0)
2974				break;
2975
2976			retval = sbuf_printf(sb, "\t<serial_number>");
2977
2978			if (retval != 0)
2979				break;
2980
2981			retval = ctl_sbuf_printf_esc(sb,
2982			    lun->be_lun->serial_num,
2983			    sizeof(lun->be_lun->serial_num));
2984
2985			if (retval != 0)
2986				break;
2987
2988			retval = sbuf_printf(sb, "</serial_number>\n");
2989
2990			if (retval != 0)
2991				break;
2992
2993			retval = sbuf_printf(sb, "\t<device_id>");
2994
2995			if (retval != 0)
2996				break;
2997
2998			retval = ctl_sbuf_printf_esc(sb,
2999			    lun->be_lun->device_id,
3000			    sizeof(lun->be_lun->device_id));
3001
3002			if (retval != 0)
3003				break;
3004
3005			retval = sbuf_printf(sb, "</device_id>\n");
3006
3007			if (retval != 0)
3008				break;
3009
3010			if (lun->backend->lun_info != NULL) {
3011				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3012				if (retval != 0)
3013					break;
3014			}
3015			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3016				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3017				    opt->name, opt->value, opt->name);
3018				if (retval != 0)
3019					break;
3020			}
3021
3022			retval = sbuf_printf(sb, "</lun>\n");
3023
3024			if (retval != 0)
3025				break;
3026			mtx_unlock(&lun->lun_lock);
3027		}
3028		if (lun != NULL)
3029			mtx_unlock(&lun->lun_lock);
3030		mtx_unlock(&softc->ctl_lock);
3031
3032		if ((retval != 0)
3033		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3034			retval = 0;
3035			sbuf_delete(sb);
3036			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3037			snprintf(list->error_str, sizeof(list->error_str),
3038				 "Out of space, %d bytes is too small",
3039				 list->alloc_len);
3040			break;
3041		}
3042
3043		sbuf_finish(sb);
3044
3045		retval = copyout(sbuf_data(sb), list->lun_xml,
3046				 sbuf_len(sb) + 1);
3047
3048		list->fill_len = sbuf_len(sb) + 1;
3049		list->status = CTL_LUN_LIST_OK;
3050		sbuf_delete(sb);
3051		break;
3052	}
3053	case CTL_ISCSI: {
3054		struct ctl_iscsi *ci;
3055		struct ctl_frontend *fe;
3056
3057		ci = (struct ctl_iscsi *)addr;
3058
3059		fe = ctl_frontend_find("iscsi");
3060		if (fe == NULL) {
3061			ci->status = CTL_ISCSI_ERROR;
3062			snprintf(ci->error_str, sizeof(ci->error_str),
3063			    "Frontend \"iscsi\" not found.");
3064			break;
3065		}
3066
3067		retval = fe->ioctl(dev, cmd, addr, flag, td);
3068		break;
3069	}
3070	case CTL_PORT_REQ: {
3071		struct ctl_req *req;
3072		struct ctl_frontend *fe;
3073
3074		req = (struct ctl_req *)addr;
3075
3076		fe = ctl_frontend_find(req->driver);
3077		if (fe == NULL) {
3078			req->status = CTL_LUN_ERROR;
3079			snprintf(req->error_str, sizeof(req->error_str),
3080			    "Frontend \"%s\" not found.", req->driver);
3081			break;
3082		}
3083		if (req->num_args > 0) {
3084			req->kern_args = ctl_copyin_args(req->num_args,
3085			    req->args, req->error_str, sizeof(req->error_str));
3086			if (req->kern_args == NULL) {
3087				req->status = CTL_LUN_ERROR;
3088				break;
3089			}
3090		}
3091
3092		if (fe->ioctl)
3093			retval = fe->ioctl(dev, cmd, addr, flag, td);
3094		else
3095			retval = ENODEV;
3096
3097		if (req->num_args > 0) {
3098			ctl_copyout_args(req->num_args, req->kern_args);
3099			ctl_free_args(req->num_args, req->kern_args);
3100		}
3101		break;
3102	}
3103	case CTL_PORT_LIST: {
3104		struct sbuf *sb;
3105		struct ctl_port *port;
3106		struct ctl_lun_list *list;
3107		struct ctl_option *opt;
3108		int j;
3109		uint32_t plun;
3110
3111		list = (struct ctl_lun_list *)addr;
3112
3113		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3114		if (sb == NULL) {
3115			list->status = CTL_LUN_LIST_ERROR;
3116			snprintf(list->error_str, sizeof(list->error_str),
3117				 "Unable to allocate %d bytes for LUN list",
3118				 list->alloc_len);
3119			break;
3120		}
3121
3122		sbuf_printf(sb, "<ctlportlist>\n");
3123
3124		mtx_lock(&softc->ctl_lock);
3125		STAILQ_FOREACH(port, &softc->port_list, links) {
3126			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3127					     (uintmax_t)port->targ_port);
3128
3129			/*
3130			 * Bail out as soon as we see that we've overfilled
3131			 * the buffer.
3132			 */
3133			if (retval != 0)
3134				break;
3135
3136			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3137			    "</frontend_type>\n", port->frontend->name);
3138			if (retval != 0)
3139				break;
3140
3141			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3142					     port->port_type);
3143			if (retval != 0)
3144				break;
3145
3146			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3147			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3148			if (retval != 0)
3149				break;
3150
3151			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3152			    port->port_name);
3153			if (retval != 0)
3154				break;
3155
3156			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3157			    port->physical_port);
3158			if (retval != 0)
3159				break;
3160
3161			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3162			    port->virtual_port);
3163			if (retval != 0)
3164				break;
3165
3166			if (port->target_devid != NULL) {
3167				sbuf_printf(sb, "\t<target>");
3168				ctl_id_sbuf(port->target_devid, sb);
3169				sbuf_printf(sb, "</target>\n");
3170			}
3171
3172			if (port->port_devid != NULL) {
3173				sbuf_printf(sb, "\t<port>");
3174				ctl_id_sbuf(port->port_devid, sb);
3175				sbuf_printf(sb, "</port>\n");
3176			}
3177
3178			if (port->port_info != NULL) {
3179				retval = port->port_info(port->onoff_arg, sb);
3180				if (retval != 0)
3181					break;
3182			}
3183			STAILQ_FOREACH(opt, &port->options, links) {
3184				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3185				    opt->name, opt->value, opt->name);
3186				if (retval != 0)
3187					break;
3188			}
3189
3190			if (port->lun_map != NULL) {
3191				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3192				for (j = 0; j < CTL_MAX_LUNS; j++) {
3193					plun = ctl_lun_map_from_port(port, j);
3194					if (plun >= CTL_MAX_LUNS)
3195						continue;
3196					sbuf_printf(sb,
3197					    "\t<lun id=\"%u\">%u</lun>\n",
3198					    j, plun);
3199				}
3200			}
3201
3202			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3203				if (port->wwpn_iid[j].in_use == 0 ||
3204				    (port->wwpn_iid[j].wwpn == 0 &&
3205				     port->wwpn_iid[j].name == NULL))
3206					continue;
3207
3208				if (port->wwpn_iid[j].name != NULL)
3209					retval = sbuf_printf(sb,
3210					    "\t<initiator id=\"%u\">%s</initiator>\n",
3211					    j, port->wwpn_iid[j].name);
3212				else
3213					retval = sbuf_printf(sb,
3214					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3215					    j, port->wwpn_iid[j].wwpn);
3216				if (retval != 0)
3217					break;
3218			}
3219			if (retval != 0)
3220				break;
3221
3222			retval = sbuf_printf(sb, "</targ_port>\n");
3223			if (retval != 0)
3224				break;
3225		}
3226		mtx_unlock(&softc->ctl_lock);
3227
3228		if ((retval != 0)
3229		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3230			retval = 0;
3231			sbuf_delete(sb);
3232			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3233			snprintf(list->error_str, sizeof(list->error_str),
3234				 "Out of space, %d bytes is too small",
3235				 list->alloc_len);
3236			break;
3237		}
3238
3239		sbuf_finish(sb);
3240
3241		retval = copyout(sbuf_data(sb), list->lun_xml,
3242				 sbuf_len(sb) + 1);
3243
3244		list->fill_len = sbuf_len(sb) + 1;
3245		list->status = CTL_LUN_LIST_OK;
3246		sbuf_delete(sb);
3247		break;
3248	}
3249	case CTL_LUN_MAP: {
3250		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3251		struct ctl_port *port;
3252
3253		mtx_lock(&softc->ctl_lock);
3254		if (lm->port < softc->port_min ||
3255		    lm->port >= softc->port_max ||
3256		    (port = softc->ctl_ports[lm->port]) == NULL) {
3257			mtx_unlock(&softc->ctl_lock);
3258			return (ENXIO);
3259		}
3260		if (port->status & CTL_PORT_STATUS_ONLINE) {
3261			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3262				if (ctl_lun_map_to_port(port, lun->lun) >=
3263				    CTL_MAX_LUNS)
3264					continue;
3265				mtx_lock(&lun->lun_lock);
3266				ctl_est_ua_port(lun, lm->port, -1,
3267				    CTL_UA_LUN_CHANGE);
3268				mtx_unlock(&lun->lun_lock);
3269			}
3270		}
3271		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3272		if (lm->plun < CTL_MAX_LUNS) {
3273			if (lm->lun == UINT32_MAX)
3274				retval = ctl_lun_map_unset(port, lm->plun);
3275			else if (lm->lun < CTL_MAX_LUNS &&
3276			    softc->ctl_luns[lm->lun] != NULL)
3277				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3278			else
3279				return (ENXIO);
3280		} else if (lm->plun == UINT32_MAX) {
3281			if (lm->lun == UINT32_MAX)
3282				retval = ctl_lun_map_deinit(port);
3283			else
3284				retval = ctl_lun_map_init(port);
3285		} else
3286			return (ENXIO);
3287		if (port->status & CTL_PORT_STATUS_ONLINE)
3288			ctl_isc_announce_port(port);
3289		break;
3290	}
3291	default: {
3292		/* XXX KDM should we fix this? */
3293#if 0
3294		struct ctl_backend_driver *backend;
3295		unsigned int type;
3296		int found;
3297
3298		found = 0;
3299
3300		/*
3301		 * We encode the backend type as the ioctl type for backend
3302		 * ioctls.  So parse it out here, and then search for a
3303		 * backend of this type.
3304		 */
3305		type = _IOC_TYPE(cmd);
3306
3307		STAILQ_FOREACH(backend, &softc->be_list, links) {
3308			if (backend->type == type) {
3309				found = 1;
3310				break;
3311			}
3312		}
3313		if (found == 0) {
3314			printf("ctl: unknown ioctl command %#lx or backend "
3315			       "%d\n", cmd, type);
3316			retval = EINVAL;
3317			break;
3318		}
3319		retval = backend->ioctl(dev, cmd, addr, flag, td);
3320#endif
3321		retval = ENOTTY;
3322		break;
3323	}
3324	}
3325	return (retval);
3326}
3327
3328uint32_t
3329ctl_get_initindex(struct ctl_nexus *nexus)
3330{
3331	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3332}
3333
3334int
3335ctl_lun_map_init(struct ctl_port *port)
3336{
3337	struct ctl_softc *softc = control_softc;
3338	struct ctl_lun *lun;
3339	uint32_t i;
3340
3341	if (port->lun_map == NULL)
3342		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3343		    M_CTL, M_NOWAIT);
3344	if (port->lun_map == NULL)
3345		return (ENOMEM);
3346	for (i = 0; i < CTL_MAX_LUNS; i++)
3347		port->lun_map[i] = UINT32_MAX;
3348	if (port->status & CTL_PORT_STATUS_ONLINE) {
3349		if (port->lun_disable != NULL) {
3350			STAILQ_FOREACH(lun, &softc->lun_list, links)
3351				port->lun_disable(port->targ_lun_arg, lun->lun);
3352		}
3353		ctl_isc_announce_port(port);
3354	}
3355	return (0);
3356}
3357
3358int
3359ctl_lun_map_deinit(struct ctl_port *port)
3360{
3361	struct ctl_softc *softc = control_softc;
3362	struct ctl_lun *lun;
3363
3364	if (port->lun_map == NULL)
3365		return (0);
3366	free(port->lun_map, M_CTL);
3367	port->lun_map = NULL;
3368	if (port->status & CTL_PORT_STATUS_ONLINE) {
3369		if (port->lun_enable != NULL) {
3370			STAILQ_FOREACH(lun, &softc->lun_list, links)
3371				port->lun_enable(port->targ_lun_arg, lun->lun);
3372		}
3373		ctl_isc_announce_port(port);
3374	}
3375	return (0);
3376}
3377
3378int
3379ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3380{
3381	int status;
3382	uint32_t old;
3383
3384	if (port->lun_map == NULL) {
3385		status = ctl_lun_map_init(port);
3386		if (status != 0)
3387			return (status);
3388	}
3389	old = port->lun_map[plun];
3390	port->lun_map[plun] = glun;
3391	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3392		if (port->lun_enable != NULL)
3393			port->lun_enable(port->targ_lun_arg, plun);
3394		ctl_isc_announce_port(port);
3395	}
3396	return (0);
3397}
3398
3399int
3400ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3401{
3402	uint32_t old;
3403
3404	if (port->lun_map == NULL)
3405		return (0);
3406	old = port->lun_map[plun];
3407	port->lun_map[plun] = UINT32_MAX;
3408	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3409		if (port->lun_disable != NULL)
3410			port->lun_disable(port->targ_lun_arg, plun);
3411		ctl_isc_announce_port(port);
3412	}
3413	return (0);
3414}
3415
3416uint32_t
3417ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3418{
3419
3420	if (port == NULL)
3421		return (UINT32_MAX);
3422	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3423		return (lun_id);
3424	return (port->lun_map[lun_id]);
3425}
3426
3427uint32_t
3428ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3429{
3430	uint32_t i;
3431
3432	if (port == NULL)
3433		return (UINT32_MAX);
3434	if (port->lun_map == NULL)
3435		return (lun_id);
3436	for (i = 0; i < CTL_MAX_LUNS; i++) {
3437		if (port->lun_map[i] == lun_id)
3438			return (i);
3439	}
3440	return (UINT32_MAX);
3441}
3442
3443static struct ctl_port *
3444ctl_io_port(struct ctl_io_hdr *io_hdr)
3445{
3446
3447	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3448}
3449
3450int
3451ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3452{
3453	int i;
3454
3455	for (i = first; i < last; i++) {
3456		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3457			return (i);
3458	}
3459	return (-1);
3460}
3461
3462int
3463ctl_set_mask(uint32_t *mask, uint32_t bit)
3464{
3465	uint32_t chunk, piece;
3466
3467	chunk = bit >> 5;
3468	piece = bit % (sizeof(uint32_t) * 8);
3469
3470	if ((mask[chunk] & (1 << piece)) != 0)
3471		return (-1);
3472	else
3473		mask[chunk] |= (1 << piece);
3474
3475	return (0);
3476}
3477
3478int
3479ctl_clear_mask(uint32_t *mask, uint32_t bit)
3480{
3481	uint32_t chunk, piece;
3482
3483	chunk = bit >> 5;
3484	piece = bit % (sizeof(uint32_t) * 8);
3485
3486	if ((mask[chunk] & (1 << piece)) == 0)
3487		return (-1);
3488	else
3489		mask[chunk] &= ~(1 << piece);
3490
3491	return (0);
3492}
3493
3494int
3495ctl_is_set(uint32_t *mask, uint32_t bit)
3496{
3497	uint32_t chunk, piece;
3498
3499	chunk = bit >> 5;
3500	piece = bit % (sizeof(uint32_t) * 8);
3501
3502	if ((mask[chunk] & (1 << piece)) == 0)
3503		return (0);
3504	else
3505		return (1);
3506}
3507
3508static uint64_t
3509ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3510{
3511	uint64_t *t;
3512
3513	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3514	if (t == NULL)
3515		return (0);
3516	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3517}
3518
3519static void
3520ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3521{
3522	uint64_t *t;
3523
3524	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3525	if (t == NULL)
3526		return;
3527	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3528}
3529
3530static void
3531ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3532{
3533	uint64_t *p;
3534	u_int i;
3535
3536	i = residx/CTL_MAX_INIT_PER_PORT;
3537	if (lun->pr_keys[i] != NULL)
3538		return;
3539	mtx_unlock(&lun->lun_lock);
3540	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3541	    M_WAITOK | M_ZERO);
3542	mtx_lock(&lun->lun_lock);
3543	if (lun->pr_keys[i] == NULL)
3544		lun->pr_keys[i] = p;
3545	else
3546		free(p, M_CTL);
3547}
3548
3549static void
3550ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3551{
3552	uint64_t *t;
3553
3554	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3555	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3556	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3557}
3558
3559/*
3560 * ctl_softc, pool_name, total_ctl_io are passed in.
3561 * npool is passed out.
3562 */
3563int
3564ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3565		uint32_t total_ctl_io, void **npool)
3566{
3567#ifdef IO_POOLS
3568	struct ctl_io_pool *pool;
3569
3570	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3571					    M_NOWAIT | M_ZERO);
3572	if (pool == NULL)
3573		return (ENOMEM);
3574
3575	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3576	pool->ctl_softc = ctl_softc;
3577	pool->zone = uma_zsecond_create(pool->name, NULL,
3578	    NULL, NULL, NULL, ctl_softc->io_zone);
3579	/* uma_prealloc(pool->zone, total_ctl_io); */
3580
3581	*npool = pool;
3582#else
3583	*npool = ctl_softc->io_zone;
3584#endif
3585	return (0);
3586}
3587
3588void
3589ctl_pool_free(struct ctl_io_pool *pool)
3590{
3591
3592	if (pool == NULL)
3593		return;
3594
3595#ifdef IO_POOLS
3596	uma_zdestroy(pool->zone);
3597	free(pool, M_CTL);
3598#endif
3599}
3600
3601union ctl_io *
3602ctl_alloc_io(void *pool_ref)
3603{
3604	union ctl_io *io;
3605#ifdef IO_POOLS
3606	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3607
3608	io = uma_zalloc(pool->zone, M_WAITOK);
3609#else
3610	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3611#endif
3612	if (io != NULL)
3613		io->io_hdr.pool = pool_ref;
3614	return (io);
3615}
3616
3617union ctl_io *
3618ctl_alloc_io_nowait(void *pool_ref)
3619{
3620	union ctl_io *io;
3621#ifdef IO_POOLS
3622	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3623
3624	io = uma_zalloc(pool->zone, M_NOWAIT);
3625#else
3626	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3627#endif
3628	if (io != NULL)
3629		io->io_hdr.pool = pool_ref;
3630	return (io);
3631}
3632
3633void
3634ctl_free_io(union ctl_io *io)
3635{
3636#ifdef IO_POOLS
3637	struct ctl_io_pool *pool;
3638#endif
3639
3640	if (io == NULL)
3641		return;
3642
3643#ifdef IO_POOLS
3644	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3645	uma_zfree(pool->zone, io);
3646#else
3647	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3648#endif
3649}
3650
3651void
3652ctl_zero_io(union ctl_io *io)
3653{
3654	void *pool_ref;
3655
3656	if (io == NULL)
3657		return;
3658
3659	/*
3660	 * May need to preserve linked list pointers at some point too.
3661	 */
3662	pool_ref = io->io_hdr.pool;
3663	memset(io, 0, sizeof(*io));
3664	io->io_hdr.pool = pool_ref;
3665}
3666
3667/*
3668 * This routine is currently used for internal copies of ctl_ios that need
3669 * to persist for some reason after we've already returned status to the
3670 * FETD.  (Thus the flag set.)
3671 *
3672 * XXX XXX
3673 * Note that this makes a blind copy of all fields in the ctl_io, except
3674 * for the pool reference.  This includes any memory that has been
3675 * allocated!  That memory will no longer be valid after done has been
3676 * called, so this would be VERY DANGEROUS for command that actually does
3677 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3678 * start and stop commands, which don't transfer any data, so this is not a
3679 * problem.  If it is used for anything else, the caller would also need to
3680 * allocate data buffer space and this routine would need to be modified to
3681 * copy the data buffer(s) as well.
3682 */
3683void
3684ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3685{
3686	void *pool_ref;
3687
3688	if ((src == NULL)
3689	 || (dest == NULL))
3690		return;
3691
3692	/*
3693	 * May need to preserve linked list pointers at some point too.
3694	 */
3695	pool_ref = dest->io_hdr.pool;
3696
3697	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3698
3699	dest->io_hdr.pool = pool_ref;
3700	/*
3701	 * We need to know that this is an internal copy, and doesn't need
3702	 * to get passed back to the FETD that allocated it.
3703	 */
3704	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3705}
3706
3707int
3708ctl_expand_number(const char *buf, uint64_t *num)
3709{
3710	char *endptr;
3711	uint64_t number;
3712	unsigned shift;
3713
3714	number = strtoq(buf, &endptr, 0);
3715
3716	switch (tolower((unsigned char)*endptr)) {
3717	case 'e':
3718		shift = 60;
3719		break;
3720	case 'p':
3721		shift = 50;
3722		break;
3723	case 't':
3724		shift = 40;
3725		break;
3726	case 'g':
3727		shift = 30;
3728		break;
3729	case 'm':
3730		shift = 20;
3731		break;
3732	case 'k':
3733		shift = 10;
3734		break;
3735	case 'b':
3736	case '\0': /* No unit. */
3737		*num = number;
3738		return (0);
3739	default:
3740		/* Unrecognized unit. */
3741		return (-1);
3742	}
3743
3744	if ((number << shift) >> shift != number) {
3745		/* Overflow */
3746		return (-1);
3747	}
3748	*num = number << shift;
3749	return (0);
3750}
3751
3752
3753/*
3754 * This routine could be used in the future to load default and/or saved
3755 * mode page parameters for a particuar lun.
3756 */
3757static int
3758ctl_init_page_index(struct ctl_lun *lun)
3759{
3760	int i;
3761	struct ctl_page_index *page_index;
3762	const char *value;
3763	uint64_t ival;
3764
3765	memcpy(&lun->mode_pages.index, page_index_template,
3766	       sizeof(page_index_template));
3767
3768	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3769
3770		page_index = &lun->mode_pages.index[i];
3771		/*
3772		 * If this is a disk-only mode page, there's no point in
3773		 * setting it up.  For some pages, we have to have some
3774		 * basic information about the disk in order to calculate the
3775		 * mode page data.
3776		 */
3777		if ((lun->be_lun->lun_type != T_DIRECT)
3778		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3779			continue;
3780
3781		switch (page_index->page_code & SMPH_PC_MASK) {
3782		case SMS_RW_ERROR_RECOVERY_PAGE: {
3783			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3784				panic("subpage is incorrect!");
3785			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3786			       &rw_er_page_default,
3787			       sizeof(rw_er_page_default));
3788			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3789			       &rw_er_page_changeable,
3790			       sizeof(rw_er_page_changeable));
3791			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3792			       &rw_er_page_default,
3793			       sizeof(rw_er_page_default));
3794			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3795			       &rw_er_page_default,
3796			       sizeof(rw_er_page_default));
3797			page_index->page_data =
3798				(uint8_t *)lun->mode_pages.rw_er_page;
3799			break;
3800		}
3801		case SMS_FORMAT_DEVICE_PAGE: {
3802			struct scsi_format_page *format_page;
3803
3804			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3805				panic("subpage is incorrect!");
3806
3807			/*
3808			 * Sectors per track are set above.  Bytes per
3809			 * sector need to be set here on a per-LUN basis.
3810			 */
3811			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3812			       &format_page_default,
3813			       sizeof(format_page_default));
3814			memcpy(&lun->mode_pages.format_page[
3815			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3816			       sizeof(format_page_changeable));
3817			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3818			       &format_page_default,
3819			       sizeof(format_page_default));
3820			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3821			       &format_page_default,
3822			       sizeof(format_page_default));
3823
3824			format_page = &lun->mode_pages.format_page[
3825				CTL_PAGE_CURRENT];
3826			scsi_ulto2b(lun->be_lun->blocksize,
3827				    format_page->bytes_per_sector);
3828
3829			format_page = &lun->mode_pages.format_page[
3830				CTL_PAGE_DEFAULT];
3831			scsi_ulto2b(lun->be_lun->blocksize,
3832				    format_page->bytes_per_sector);
3833
3834			format_page = &lun->mode_pages.format_page[
3835				CTL_PAGE_SAVED];
3836			scsi_ulto2b(lun->be_lun->blocksize,
3837				    format_page->bytes_per_sector);
3838
3839			page_index->page_data =
3840				(uint8_t *)lun->mode_pages.format_page;
3841			break;
3842		}
3843		case SMS_RIGID_DISK_PAGE: {
3844			struct scsi_rigid_disk_page *rigid_disk_page;
3845			uint32_t sectors_per_cylinder;
3846			uint64_t cylinders;
3847#ifndef	__XSCALE__
3848			int shift;
3849#endif /* !__XSCALE__ */
3850
3851			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3852				panic("invalid subpage value %d",
3853				      page_index->subpage);
3854
3855			/*
3856			 * Rotation rate and sectors per track are set
3857			 * above.  We calculate the cylinders here based on
3858			 * capacity.  Due to the number of heads and
3859			 * sectors per track we're using, smaller arrays
3860			 * may turn out to have 0 cylinders.  Linux and
3861			 * FreeBSD don't pay attention to these mode pages
3862			 * to figure out capacity, but Solaris does.  It
3863			 * seems to deal with 0 cylinders just fine, and
3864			 * works out a fake geometry based on the capacity.
3865			 */
3866			memcpy(&lun->mode_pages.rigid_disk_page[
3867			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
3868			       sizeof(rigid_disk_page_default));
3869			memcpy(&lun->mode_pages.rigid_disk_page[
3870			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
3871			       sizeof(rigid_disk_page_changeable));
3872
3873			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
3874				CTL_DEFAULT_HEADS;
3875
3876			/*
3877			 * The divide method here will be more accurate,
3878			 * probably, but results in floating point being
3879			 * used in the kernel on i386 (__udivdi3()).  On the
3880			 * XScale, though, __udivdi3() is implemented in
3881			 * software.
3882			 *
3883			 * The shift method for cylinder calculation is
3884			 * accurate if sectors_per_cylinder is a power of
3885			 * 2.  Otherwise it might be slightly off -- you
3886			 * might have a bit of a truncation problem.
3887			 */
3888#ifdef	__XSCALE__
3889			cylinders = (lun->be_lun->maxlba + 1) /
3890				sectors_per_cylinder;
3891#else
3892			for (shift = 31; shift > 0; shift--) {
3893				if (sectors_per_cylinder & (1 << shift))
3894					break;
3895			}
3896			cylinders = (lun->be_lun->maxlba + 1) >> shift;
3897#endif
3898
3899			/*
3900			 * We've basically got 3 bytes, or 24 bits for the
3901			 * cylinder size in the mode page.  If we're over,
3902			 * just round down to 2^24.
3903			 */
3904			if (cylinders > 0xffffff)
3905				cylinders = 0xffffff;
3906
3907			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
3908				CTL_PAGE_DEFAULT];
3909			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
3910
3911			if ((value = ctl_get_opt(&lun->be_lun->options,
3912			    "rpm")) != NULL) {
3913				scsi_ulto2b(strtol(value, NULL, 0),
3914				     rigid_disk_page->rotation_rate);
3915			}
3916
3917			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
3918			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3919			       sizeof(rigid_disk_page_default));
3920			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
3921			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
3922			       sizeof(rigid_disk_page_default));
3923
3924			page_index->page_data =
3925				(uint8_t *)lun->mode_pages.rigid_disk_page;
3926			break;
3927		}
3928		case SMS_CACHING_PAGE: {
3929			struct scsi_caching_page *caching_page;
3930
3931			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3932				panic("invalid subpage value %d",
3933				      page_index->subpage);
3934			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
3935			       &caching_page_default,
3936			       sizeof(caching_page_default));
3937			memcpy(&lun->mode_pages.caching_page[
3938			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
3939			       sizeof(caching_page_changeable));
3940			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3941			       &caching_page_default,
3942			       sizeof(caching_page_default));
3943			caching_page = &lun->mode_pages.caching_page[
3944			    CTL_PAGE_SAVED];
3945			value = ctl_get_opt(&lun->be_lun->options, "writecache");
3946			if (value != NULL && strcmp(value, "off") == 0)
3947				caching_page->flags1 &= ~SCP_WCE;
3948			value = ctl_get_opt(&lun->be_lun->options, "readcache");
3949			if (value != NULL && strcmp(value, "off") == 0)
3950				caching_page->flags1 |= SCP_RCD;
3951			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
3952			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
3953			       sizeof(caching_page_default));
3954			page_index->page_data =
3955				(uint8_t *)lun->mode_pages.caching_page;
3956			break;
3957		}
3958		case SMS_CONTROL_MODE_PAGE: {
3959			struct scsi_control_page *control_page;
3960
3961			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3962				panic("invalid subpage value %d",
3963				      page_index->subpage);
3964
3965			memcpy(&lun->mode_pages.control_page[CTL_PAGE_DEFAULT],
3966			       &control_page_default,
3967			       sizeof(control_page_default));
3968			memcpy(&lun->mode_pages.control_page[
3969			       CTL_PAGE_CHANGEABLE], &control_page_changeable,
3970			       sizeof(control_page_changeable));
3971			memcpy(&lun->mode_pages.control_page[CTL_PAGE_SAVED],
3972			       &control_page_default,
3973			       sizeof(control_page_default));
3974			control_page = &lun->mode_pages.control_page[
3975			    CTL_PAGE_SAVED];
3976			value = ctl_get_opt(&lun->be_lun->options, "reordering");
3977			if (value != NULL && strcmp(value, "unrestricted") == 0) {
3978				control_page->queue_flags &= ~SCP_QUEUE_ALG_MASK;
3979				control_page->queue_flags |= SCP_QUEUE_ALG_UNRESTRICTED;
3980			}
3981			memcpy(&lun->mode_pages.control_page[CTL_PAGE_CURRENT],
3982			       &lun->mode_pages.control_page[CTL_PAGE_SAVED],
3983			       sizeof(control_page_default));
3984			page_index->page_data =
3985				(uint8_t *)lun->mode_pages.control_page;
3986			break;
3987
3988		}
3989		case SMS_INFO_EXCEPTIONS_PAGE: {
3990			switch (page_index->subpage) {
3991			case SMS_SUBPAGE_PAGE_0:
3992				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
3993				       &ie_page_default,
3994				       sizeof(ie_page_default));
3995				memcpy(&lun->mode_pages.ie_page[
3996				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
3997				       sizeof(ie_page_changeable));
3998				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
3999				       &ie_page_default,
4000				       sizeof(ie_page_default));
4001				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4002				       &ie_page_default,
4003				       sizeof(ie_page_default));
4004				page_index->page_data =
4005					(uint8_t *)lun->mode_pages.ie_page;
4006				break;
4007			case 0x02: {
4008				struct ctl_logical_block_provisioning_page *page;
4009
4010				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4011				       &lbp_page_default,
4012				       sizeof(lbp_page_default));
4013				memcpy(&lun->mode_pages.lbp_page[
4014				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4015				       sizeof(lbp_page_changeable));
4016				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4017				       &lbp_page_default,
4018				       sizeof(lbp_page_default));
4019				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4020				value = ctl_get_opt(&lun->be_lun->options,
4021				    "avail-threshold");
4022				if (value != NULL &&
4023				    ctl_expand_number(value, &ival) == 0) {
4024					page->descr[0].flags |= SLBPPD_ENABLED |
4025					    SLBPPD_ARMING_DEC;
4026					if (lun->be_lun->blocksize)
4027						ival /= lun->be_lun->blocksize;
4028					else
4029						ival /= 512;
4030					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4031					    page->descr[0].count);
4032				}
4033				value = ctl_get_opt(&lun->be_lun->options,
4034				    "used-threshold");
4035				if (value != NULL &&
4036				    ctl_expand_number(value, &ival) == 0) {
4037					page->descr[1].flags |= SLBPPD_ENABLED |
4038					    SLBPPD_ARMING_INC;
4039					if (lun->be_lun->blocksize)
4040						ival /= lun->be_lun->blocksize;
4041					else
4042						ival /= 512;
4043					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4044					    page->descr[1].count);
4045				}
4046				value = ctl_get_opt(&lun->be_lun->options,
4047				    "pool-avail-threshold");
4048				if (value != NULL &&
4049				    ctl_expand_number(value, &ival) == 0) {
4050					page->descr[2].flags |= SLBPPD_ENABLED |
4051					    SLBPPD_ARMING_DEC;
4052					if (lun->be_lun->blocksize)
4053						ival /= lun->be_lun->blocksize;
4054					else
4055						ival /= 512;
4056					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4057					    page->descr[2].count);
4058				}
4059				value = ctl_get_opt(&lun->be_lun->options,
4060				    "pool-used-threshold");
4061				if (value != NULL &&
4062				    ctl_expand_number(value, &ival) == 0) {
4063					page->descr[3].flags |= SLBPPD_ENABLED |
4064					    SLBPPD_ARMING_INC;
4065					if (lun->be_lun->blocksize)
4066						ival /= lun->be_lun->blocksize;
4067					else
4068						ival /= 512;
4069					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4070					    page->descr[3].count);
4071				}
4072				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4073				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4074				       sizeof(lbp_page_default));
4075				page_index->page_data =
4076					(uint8_t *)lun->mode_pages.lbp_page;
4077			}}
4078			break;
4079		}
4080		case SMS_VENDOR_SPECIFIC_PAGE:{
4081			switch (page_index->subpage) {
4082			case DBGCNF_SUBPAGE_CODE: {
4083				struct copan_debugconf_subpage *current_page,
4084							       *saved_page;
4085
4086				memcpy(&lun->mode_pages.debugconf_subpage[
4087				       CTL_PAGE_CURRENT],
4088				       &debugconf_page_default,
4089				       sizeof(debugconf_page_default));
4090				memcpy(&lun->mode_pages.debugconf_subpage[
4091				       CTL_PAGE_CHANGEABLE],
4092				       &debugconf_page_changeable,
4093				       sizeof(debugconf_page_changeable));
4094				memcpy(&lun->mode_pages.debugconf_subpage[
4095				       CTL_PAGE_DEFAULT],
4096				       &debugconf_page_default,
4097				       sizeof(debugconf_page_default));
4098				memcpy(&lun->mode_pages.debugconf_subpage[
4099				       CTL_PAGE_SAVED],
4100				       &debugconf_page_default,
4101				       sizeof(debugconf_page_default));
4102				page_index->page_data =
4103					(uint8_t *)lun->mode_pages.debugconf_subpage;
4104
4105				current_page = (struct copan_debugconf_subpage *)
4106					(page_index->page_data +
4107					 (page_index->page_len *
4108					  CTL_PAGE_CURRENT));
4109				saved_page = (struct copan_debugconf_subpage *)
4110					(page_index->page_data +
4111					 (page_index->page_len *
4112					  CTL_PAGE_SAVED));
4113				break;
4114			}
4115			default:
4116				panic("invalid subpage value %d",
4117				      page_index->subpage);
4118				break;
4119			}
4120   			break;
4121		}
4122		default:
4123			panic("invalid page value %d",
4124			      page_index->page_code & SMPH_PC_MASK);
4125			break;
4126    	}
4127	}
4128
4129	return (CTL_RETVAL_COMPLETE);
4130}
4131
4132static int
4133ctl_init_log_page_index(struct ctl_lun *lun)
4134{
4135	struct ctl_page_index *page_index;
4136	int i, j, k, prev;
4137
4138	memcpy(&lun->log_pages.index, log_page_index_template,
4139	       sizeof(log_page_index_template));
4140
4141	prev = -1;
4142	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4143
4144		page_index = &lun->log_pages.index[i];
4145		/*
4146		 * If this is a disk-only mode page, there's no point in
4147		 * setting it up.  For some pages, we have to have some
4148		 * basic information about the disk in order to calculate the
4149		 * mode page data.
4150		 */
4151		if ((lun->be_lun->lun_type != T_DIRECT)
4152		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4153			continue;
4154
4155		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4156		     lun->backend->lun_attr == NULL)
4157			continue;
4158
4159		if (page_index->page_code != prev) {
4160			lun->log_pages.pages_page[j] = page_index->page_code;
4161			prev = page_index->page_code;
4162			j++;
4163		}
4164		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4165		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4166		k++;
4167	}
4168	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4169	lun->log_pages.index[0].page_len = j;
4170	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4171	lun->log_pages.index[1].page_len = k * 2;
4172	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4173	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4174	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4175	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4176
4177	return (CTL_RETVAL_COMPLETE);
4178}
4179
4180static int
4181hex2bin(const char *str, uint8_t *buf, int buf_size)
4182{
4183	int i;
4184	u_char c;
4185
4186	memset(buf, 0, buf_size);
4187	while (isspace(str[0]))
4188		str++;
4189	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4190		str += 2;
4191	buf_size *= 2;
4192	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4193		c = str[i];
4194		if (isdigit(c))
4195			c -= '0';
4196		else if (isalpha(c))
4197			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4198		else
4199			break;
4200		if (c >= 16)
4201			break;
4202		if ((i & 1) == 0)
4203			buf[i / 2] |= (c << 4);
4204		else
4205			buf[i / 2] |= c;
4206	}
4207	return ((i + 1) / 2);
4208}
4209
4210/*
4211 * LUN allocation.
4212 *
4213 * Requirements:
4214 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4215 *   wants us to allocate the LUN and he can block.
4216 * - ctl_softc is always set
4217 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4218 *
4219 * Returns 0 for success, non-zero (errno) for failure.
4220 */
4221static int
4222ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4223	      struct ctl_be_lun *const be_lun)
4224{
4225	struct ctl_lun *nlun, *lun;
4226	struct scsi_vpd_id_descriptor *desc;
4227	struct scsi_vpd_id_t10 *t10id;
4228	const char *eui, *naa, *scsiname, *vendor;
4229	int lun_number, i, lun_malloced;
4230	int devidlen, idlen1, idlen2 = 0, len;
4231
4232	if (be_lun == NULL)
4233		return (EINVAL);
4234
4235	/*
4236	 * We currently only support Direct Access or Processor LUN types.
4237	 */
4238	switch (be_lun->lun_type) {
4239	case T_DIRECT:
4240		break;
4241	case T_PROCESSOR:
4242		break;
4243	case T_SEQUENTIAL:
4244	case T_CHANGER:
4245	default:
4246		be_lun->lun_config_status(be_lun->be_lun,
4247					  CTL_LUN_CONFIG_FAILURE);
4248		break;
4249	}
4250	if (ctl_lun == NULL) {
4251		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4252		lun_malloced = 1;
4253	} else {
4254		lun_malloced = 0;
4255		lun = ctl_lun;
4256	}
4257
4258	memset(lun, 0, sizeof(*lun));
4259	if (lun_malloced)
4260		lun->flags = CTL_LUN_MALLOCED;
4261
4262	/* Generate LUN ID. */
4263	devidlen = max(CTL_DEVID_MIN_LEN,
4264	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4265	idlen1 = sizeof(*t10id) + devidlen;
4266	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4267	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4268	if (scsiname != NULL) {
4269		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4270		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4271	}
4272	eui = ctl_get_opt(&be_lun->options, "eui");
4273	if (eui != NULL) {
4274		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4275	}
4276	naa = ctl_get_opt(&be_lun->options, "naa");
4277	if (naa != NULL) {
4278		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4279	}
4280	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4281	    M_CTL, M_WAITOK | M_ZERO);
4282	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4283	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4284	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4285	desc->length = idlen1;
4286	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4287	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4288	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4289		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4290	} else {
4291		strncpy(t10id->vendor, vendor,
4292		    min(sizeof(t10id->vendor), strlen(vendor)));
4293	}
4294	strncpy((char *)t10id->vendor_spec_id,
4295	    (char *)be_lun->device_id, devidlen);
4296	if (scsiname != NULL) {
4297		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4298		    desc->length);
4299		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4300		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4301		    SVPD_ID_TYPE_SCSI_NAME;
4302		desc->length = idlen2;
4303		strlcpy(desc->identifier, scsiname, idlen2);
4304	}
4305	if (eui != NULL) {
4306		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4307		    desc->length);
4308		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4309		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4310		    SVPD_ID_TYPE_EUI64;
4311		desc->length = hex2bin(eui, desc->identifier, 16);
4312		desc->length = desc->length > 12 ? 16 :
4313		    (desc->length > 8 ? 12 : 8);
4314		len -= 16 - desc->length;
4315	}
4316	if (naa != NULL) {
4317		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4318		    desc->length);
4319		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4320		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4321		    SVPD_ID_TYPE_NAA;
4322		desc->length = hex2bin(naa, desc->identifier, 16);
4323		desc->length = desc->length > 8 ? 16 : 8;
4324		len -= 16 - desc->length;
4325	}
4326	lun->lun_devid->len = len;
4327
4328	mtx_lock(&ctl_softc->ctl_lock);
4329	/*
4330	 * See if the caller requested a particular LUN number.  If so, see
4331	 * if it is available.  Otherwise, allocate the first available LUN.
4332	 */
4333	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4334		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4335		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4336			mtx_unlock(&ctl_softc->ctl_lock);
4337			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4338				printf("ctl: requested LUN ID %d is higher "
4339				       "than CTL_MAX_LUNS - 1 (%d)\n",
4340				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4341			} else {
4342				/*
4343				 * XXX KDM return an error, or just assign
4344				 * another LUN ID in this case??
4345				 */
4346				printf("ctl: requested LUN ID %d is already "
4347				       "in use\n", be_lun->req_lun_id);
4348			}
4349			if (lun->flags & CTL_LUN_MALLOCED)
4350				free(lun, M_CTL);
4351			be_lun->lun_config_status(be_lun->be_lun,
4352						  CTL_LUN_CONFIG_FAILURE);
4353			return (ENOSPC);
4354		}
4355		lun_number = be_lun->req_lun_id;
4356	} else {
4357		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4358		if (lun_number == -1) {
4359			mtx_unlock(&ctl_softc->ctl_lock);
4360			printf("ctl: can't allocate LUN, out of LUNs\n");
4361			if (lun->flags & CTL_LUN_MALLOCED)
4362				free(lun, M_CTL);
4363			be_lun->lun_config_status(be_lun->be_lun,
4364						  CTL_LUN_CONFIG_FAILURE);
4365			return (ENOSPC);
4366		}
4367	}
4368	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4369
4370	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4371	lun->lun = lun_number;
4372	lun->be_lun = be_lun;
4373	/*
4374	 * The processor LUN is always enabled.  Disk LUNs come on line
4375	 * disabled, and must be enabled by the backend.
4376	 */
4377	lun->flags |= CTL_LUN_DISABLED;
4378	lun->backend = be_lun->be;
4379	be_lun->ctl_lun = lun;
4380	be_lun->lun_id = lun_number;
4381	atomic_add_int(&be_lun->be->num_luns, 1);
4382	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4383		lun->flags |= CTL_LUN_OFFLINE;
4384
4385	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4386		lun->flags |= CTL_LUN_STOPPED;
4387
4388	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4389		lun->flags |= CTL_LUN_INOPERABLE;
4390
4391	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4392		lun->flags |= CTL_LUN_PRIMARY_SC;
4393
4394	lun->ctl_softc = ctl_softc;
4395#ifdef CTL_TIME_IO
4396	lun->last_busy = getsbinuptime();
4397#endif
4398	TAILQ_INIT(&lun->ooa_queue);
4399	TAILQ_INIT(&lun->blocked_queue);
4400	STAILQ_INIT(&lun->error_list);
4401	ctl_tpc_lun_init(lun);
4402
4403	/*
4404	 * Initialize the mode and log page index.
4405	 */
4406	ctl_init_page_index(lun);
4407	ctl_init_log_page_index(lun);
4408
4409	/*
4410	 * Now, before we insert this lun on the lun list, set the lun
4411	 * inventory changed UA for all other luns.
4412	 */
4413	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4414		mtx_lock(&nlun->lun_lock);
4415		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4416		mtx_unlock(&nlun->lun_lock);
4417	}
4418
4419	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4420
4421	ctl_softc->ctl_luns[lun_number] = lun;
4422
4423	ctl_softc->num_luns++;
4424
4425	/* Setup statistics gathering */
4426	lun->stats.device_type = be_lun->lun_type;
4427	lun->stats.lun_number = lun_number;
4428	if (lun->stats.device_type == T_DIRECT)
4429		lun->stats.blocksize = be_lun->blocksize;
4430	else
4431		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4432	for (i = 0;i < CTL_MAX_PORTS;i++)
4433		lun->stats.ports[i].targ_port = i;
4434
4435	mtx_unlock(&ctl_softc->ctl_lock);
4436
4437	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4438	return (0);
4439}
4440
4441/*
4442 * Delete a LUN.
4443 * Assumptions:
4444 * - LUN has already been marked invalid and any pending I/O has been taken
4445 *   care of.
4446 */
4447static int
4448ctl_free_lun(struct ctl_lun *lun)
4449{
4450	struct ctl_softc *softc;
4451	struct ctl_lun *nlun;
4452	int i;
4453
4454	softc = lun->ctl_softc;
4455
4456	mtx_assert(&softc->ctl_lock, MA_OWNED);
4457
4458	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4459
4460	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4461
4462	softc->ctl_luns[lun->lun] = NULL;
4463
4464	if (!TAILQ_EMPTY(&lun->ooa_queue))
4465		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4466
4467	softc->num_luns--;
4468
4469	/*
4470	 * Tell the backend to free resources, if this LUN has a backend.
4471	 */
4472	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4473	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4474
4475	ctl_tpc_lun_shutdown(lun);
4476	mtx_destroy(&lun->lun_lock);
4477	free(lun->lun_devid, M_CTL);
4478	for (i = 0; i < CTL_MAX_PORTS; i++)
4479		free(lun->pending_ua[i], M_CTL);
4480	for (i = 0; i < CTL_MAX_PORTS; i++)
4481		free(lun->pr_keys[i], M_CTL);
4482	free(lun->write_buffer, M_CTL);
4483	if (lun->flags & CTL_LUN_MALLOCED)
4484		free(lun, M_CTL);
4485
4486	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4487		mtx_lock(&nlun->lun_lock);
4488		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4489		mtx_unlock(&nlun->lun_lock);
4490	}
4491
4492	return (0);
4493}
4494
4495static void
4496ctl_create_lun(struct ctl_be_lun *be_lun)
4497{
4498	struct ctl_softc *softc;
4499
4500	softc = control_softc;
4501
4502	/*
4503	 * ctl_alloc_lun() should handle all potential failure cases.
4504	 */
4505	ctl_alloc_lun(softc, NULL, be_lun);
4506}
4507
4508int
4509ctl_add_lun(struct ctl_be_lun *be_lun)
4510{
4511	struct ctl_softc *softc = control_softc;
4512
4513	mtx_lock(&softc->ctl_lock);
4514	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4515	mtx_unlock(&softc->ctl_lock);
4516	wakeup(&softc->pending_lun_queue);
4517
4518	return (0);
4519}
4520
4521int
4522ctl_enable_lun(struct ctl_be_lun *be_lun)
4523{
4524	struct ctl_softc *softc;
4525	struct ctl_port *port, *nport;
4526	struct ctl_lun *lun;
4527	int retval;
4528
4529	lun = (struct ctl_lun *)be_lun->ctl_lun;
4530	softc = lun->ctl_softc;
4531
4532	mtx_lock(&softc->ctl_lock);
4533	mtx_lock(&lun->lun_lock);
4534	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4535		/*
4536		 * eh?  Why did we get called if the LUN is already
4537		 * enabled?
4538		 */
4539		mtx_unlock(&lun->lun_lock);
4540		mtx_unlock(&softc->ctl_lock);
4541		return (0);
4542	}
4543	lun->flags &= ~CTL_LUN_DISABLED;
4544	mtx_unlock(&lun->lun_lock);
4545
4546	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4547		nport = STAILQ_NEXT(port, links);
4548		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4549		    port->lun_map != NULL || port->lun_enable == NULL)
4550			continue;
4551
4552		/*
4553		 * Drop the lock while we call the FETD's enable routine.
4554		 * This can lead to a callback into CTL (at least in the
4555		 * case of the internal initiator frontend.
4556		 */
4557		mtx_unlock(&softc->ctl_lock);
4558		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4559		mtx_lock(&softc->ctl_lock);
4560		if (retval != 0) {
4561			printf("%s: FETD %s port %d returned error "
4562			       "%d for lun_enable on lun %jd\n",
4563			       __func__, port->port_name, port->targ_port,
4564			       retval, (intmax_t)lun->lun);
4565		}
4566	}
4567
4568	mtx_unlock(&softc->ctl_lock);
4569	ctl_isc_announce_lun(lun);
4570
4571	return (0);
4572}
4573
4574int
4575ctl_disable_lun(struct ctl_be_lun *be_lun)
4576{
4577	struct ctl_softc *softc;
4578	struct ctl_port *port;
4579	struct ctl_lun *lun;
4580	int retval;
4581
4582	lun = (struct ctl_lun *)be_lun->ctl_lun;
4583	softc = lun->ctl_softc;
4584
4585	mtx_lock(&softc->ctl_lock);
4586	mtx_lock(&lun->lun_lock);
4587	if (lun->flags & CTL_LUN_DISABLED) {
4588		mtx_unlock(&lun->lun_lock);
4589		mtx_unlock(&softc->ctl_lock);
4590		return (0);
4591	}
4592	lun->flags |= CTL_LUN_DISABLED;
4593	mtx_unlock(&lun->lun_lock);
4594
4595	STAILQ_FOREACH(port, &softc->port_list, links) {
4596		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4597		    port->lun_map != NULL || port->lun_disable == NULL)
4598			continue;
4599
4600		/*
4601		 * Drop the lock before we call the frontend's disable
4602		 * routine, to avoid lock order reversals.
4603		 *
4604		 * XXX KDM what happens if the frontend list changes while
4605		 * we're traversing it?  It's unlikely, but should be handled.
4606		 */
4607		mtx_unlock(&softc->ctl_lock);
4608		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4609		mtx_lock(&softc->ctl_lock);
4610		if (retval != 0) {
4611			printf("%s: FETD %s port %d returned error "
4612			       "%d for lun_disable on lun %jd\n",
4613			       __func__, port->port_name, port->targ_port,
4614			       retval, (intmax_t)lun->lun);
4615		}
4616	}
4617
4618	mtx_unlock(&softc->ctl_lock);
4619	ctl_isc_announce_lun(lun);
4620
4621	return (0);
4622}
4623
4624int
4625ctl_start_lun(struct ctl_be_lun *be_lun)
4626{
4627	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4628
4629	mtx_lock(&lun->lun_lock);
4630	lun->flags &= ~CTL_LUN_STOPPED;
4631	mtx_unlock(&lun->lun_lock);
4632	return (0);
4633}
4634
4635int
4636ctl_stop_lun(struct ctl_be_lun *be_lun)
4637{
4638	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4639
4640	mtx_lock(&lun->lun_lock);
4641	lun->flags |= CTL_LUN_STOPPED;
4642	mtx_unlock(&lun->lun_lock);
4643	return (0);
4644}
4645
4646int
4647ctl_lun_offline(struct ctl_be_lun *be_lun)
4648{
4649	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4650
4651	mtx_lock(&lun->lun_lock);
4652	lun->flags |= CTL_LUN_OFFLINE;
4653	mtx_unlock(&lun->lun_lock);
4654	return (0);
4655}
4656
4657int
4658ctl_lun_online(struct ctl_be_lun *be_lun)
4659{
4660	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4661
4662	mtx_lock(&lun->lun_lock);
4663	lun->flags &= ~CTL_LUN_OFFLINE;
4664	mtx_unlock(&lun->lun_lock);
4665	return (0);
4666}
4667
4668int
4669ctl_lun_primary(struct ctl_be_lun *be_lun)
4670{
4671	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4672
4673	mtx_lock(&lun->lun_lock);
4674	lun->flags |= CTL_LUN_PRIMARY_SC;
4675	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4676	mtx_unlock(&lun->lun_lock);
4677	ctl_isc_announce_lun(lun);
4678	return (0);
4679}
4680
4681int
4682ctl_lun_secondary(struct ctl_be_lun *be_lun)
4683{
4684	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4685
4686	mtx_lock(&lun->lun_lock);
4687	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4688	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4689	mtx_unlock(&lun->lun_lock);
4690	ctl_isc_announce_lun(lun);
4691	return (0);
4692}
4693
4694int
4695ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4696{
4697	struct ctl_softc *softc;
4698	struct ctl_lun *lun;
4699
4700	lun = (struct ctl_lun *)be_lun->ctl_lun;
4701	softc = lun->ctl_softc;
4702
4703	mtx_lock(&lun->lun_lock);
4704
4705	/*
4706	 * The LUN needs to be disabled before it can be marked invalid.
4707	 */
4708	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4709		mtx_unlock(&lun->lun_lock);
4710		return (-1);
4711	}
4712	/*
4713	 * Mark the LUN invalid.
4714	 */
4715	lun->flags |= CTL_LUN_INVALID;
4716
4717	/*
4718	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4719	 * If we have something in the OOA queue, we'll free it when the
4720	 * last I/O completes.
4721	 */
4722	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4723		mtx_unlock(&lun->lun_lock);
4724		mtx_lock(&softc->ctl_lock);
4725		ctl_free_lun(lun);
4726		mtx_unlock(&softc->ctl_lock);
4727	} else
4728		mtx_unlock(&lun->lun_lock);
4729
4730	return (0);
4731}
4732
4733int
4734ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4735{
4736	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4737
4738	mtx_lock(&lun->lun_lock);
4739	lun->flags |= CTL_LUN_INOPERABLE;
4740	mtx_unlock(&lun->lun_lock);
4741	return (0);
4742}
4743
4744int
4745ctl_lun_operable(struct ctl_be_lun *be_lun)
4746{
4747	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4748
4749	mtx_lock(&lun->lun_lock);
4750	lun->flags &= ~CTL_LUN_INOPERABLE;
4751	mtx_unlock(&lun->lun_lock);
4752	return (0);
4753}
4754
4755void
4756ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4757{
4758	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4759	union ctl_ha_msg msg;
4760
4761	mtx_lock(&lun->lun_lock);
4762	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4763	mtx_unlock(&lun->lun_lock);
4764	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4765		/* Send msg to other side. */
4766		bzero(&msg.ua, sizeof(msg.ua));
4767		msg.hdr.msg_type = CTL_MSG_UA;
4768		msg.hdr.nexus.initid = -1;
4769		msg.hdr.nexus.targ_port = -1;
4770		msg.hdr.nexus.targ_lun = lun->lun;
4771		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4772		msg.ua.ua_all = 1;
4773		msg.ua.ua_set = 1;
4774		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4775		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4776		    M_WAITOK);
4777	}
4778}
4779
4780/*
4781 * Backend "memory move is complete" callback for requests that never
4782 * make it down to say RAIDCore's configuration code.
4783 */
4784int
4785ctl_config_move_done(union ctl_io *io)
4786{
4787	int retval;
4788
4789	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4790	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4791	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4792
4793	if ((io->io_hdr.port_status != 0) &&
4794	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4795	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4796		/*
4797		 * For hardware error sense keys, the sense key
4798		 * specific value is defined to be a retry count,
4799		 * but we use it to pass back an internal FETD
4800		 * error code.  XXX KDM  Hopefully the FETD is only
4801		 * using 16 bits for an error code, since that's
4802		 * all the space we have in the sks field.
4803		 */
4804		ctl_set_internal_failure(&io->scsiio,
4805					 /*sks_valid*/ 1,
4806					 /*retry_count*/
4807					 io->io_hdr.port_status);
4808	}
4809
4810	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4811		ctl_data_print(io);
4812	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4813	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4814	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4815	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4816		/*
4817		 * XXX KDM just assuming a single pointer here, and not a
4818		 * S/G list.  If we start using S/G lists for config data,
4819		 * we'll need to know how to clean them up here as well.
4820		 */
4821		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4822			free(io->scsiio.kern_data_ptr, M_CTL);
4823		ctl_done(io);
4824		retval = CTL_RETVAL_COMPLETE;
4825	} else {
4826		/*
4827		 * XXX KDM now we need to continue data movement.  Some
4828		 * options:
4829		 * - call ctl_scsiio() again?  We don't do this for data
4830		 *   writes, because for those at least we know ahead of
4831		 *   time where the write will go and how long it is.  For
4832		 *   config writes, though, that information is largely
4833		 *   contained within the write itself, thus we need to
4834		 *   parse out the data again.
4835		 *
4836		 * - Call some other function once the data is in?
4837		 */
4838
4839		/*
4840		 * XXX KDM call ctl_scsiio() again for now, and check flag
4841		 * bits to see whether we're allocated or not.
4842		 */
4843		retval = ctl_scsiio(&io->scsiio);
4844	}
4845	return (retval);
4846}
4847
4848/*
4849 * This gets called by a backend driver when it is done with a
4850 * data_submit method.
4851 */
4852void
4853ctl_data_submit_done(union ctl_io *io)
4854{
4855	/*
4856	 * If the IO_CONT flag is set, we need to call the supplied
4857	 * function to continue processing the I/O, instead of completing
4858	 * the I/O just yet.
4859	 *
4860	 * If there is an error, though, we don't want to keep processing.
4861	 * Instead, just send status back to the initiator.
4862	 */
4863	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4864	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4865	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4866	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4867		io->scsiio.io_cont(io);
4868		return;
4869	}
4870	ctl_done(io);
4871}
4872
4873/*
4874 * This gets called by a backend driver when it is done with a
4875 * configuration write.
4876 */
4877void
4878ctl_config_write_done(union ctl_io *io)
4879{
4880	uint8_t *buf;
4881
4882	/*
4883	 * If the IO_CONT flag is set, we need to call the supplied
4884	 * function to continue processing the I/O, instead of completing
4885	 * the I/O just yet.
4886	 *
4887	 * If there is an error, though, we don't want to keep processing.
4888	 * Instead, just send status back to the initiator.
4889	 */
4890	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
4891	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
4892	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4893	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4894		io->scsiio.io_cont(io);
4895		return;
4896	}
4897	/*
4898	 * Since a configuration write can be done for commands that actually
4899	 * have data allocated, like write buffer, and commands that have
4900	 * no data, like start/stop unit, we need to check here.
4901	 */
4902	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4903		buf = io->scsiio.kern_data_ptr;
4904	else
4905		buf = NULL;
4906	ctl_done(io);
4907	if (buf)
4908		free(buf, M_CTL);
4909}
4910
4911void
4912ctl_config_read_done(union ctl_io *io)
4913{
4914	uint8_t *buf;
4915
4916	/*
4917	 * If there is some error -- we are done, skip data transfer.
4918	 */
4919	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
4920	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4921	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
4922		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4923			buf = io->scsiio.kern_data_ptr;
4924		else
4925			buf = NULL;
4926		ctl_done(io);
4927		if (buf)
4928			free(buf, M_CTL);
4929		return;
4930	}
4931
4932	/*
4933	 * If the IO_CONT flag is set, we need to call the supplied
4934	 * function to continue processing the I/O, instead of completing
4935	 * the I/O just yet.
4936	 */
4937	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
4938		io->scsiio.io_cont(io);
4939		return;
4940	}
4941
4942	ctl_datamove(io);
4943}
4944
4945/*
4946 * SCSI release command.
4947 */
4948int
4949ctl_scsi_release(struct ctl_scsiio *ctsio)
4950{
4951	int length, longid, thirdparty_id, resv_id;
4952	struct ctl_lun *lun;
4953	uint32_t residx;
4954
4955	length = 0;
4956	resv_id = 0;
4957
4958	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
4959
4960	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
4961	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
4962
4963	switch (ctsio->cdb[0]) {
4964	case RELEASE_10: {
4965		struct scsi_release_10 *cdb;
4966
4967		cdb = (struct scsi_release_10 *)ctsio->cdb;
4968
4969		if (cdb->byte2 & SR10_LONGID)
4970			longid = 1;
4971		else
4972			thirdparty_id = cdb->thirdparty_id;
4973
4974		resv_id = cdb->resv_id;
4975		length = scsi_2btoul(cdb->length);
4976		break;
4977	}
4978	}
4979
4980
4981	/*
4982	 * XXX KDM right now, we only support LUN reservation.  We don't
4983	 * support 3rd party reservations, or extent reservations, which
4984	 * might actually need the parameter list.  If we've gotten this
4985	 * far, we've got a LUN reservation.  Anything else got kicked out
4986	 * above.  So, according to SPC, ignore the length.
4987	 */
4988	length = 0;
4989
4990	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
4991	 && (length > 0)) {
4992		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
4993		ctsio->kern_data_len = length;
4994		ctsio->kern_total_len = length;
4995		ctsio->kern_data_resid = 0;
4996		ctsio->kern_rel_offset = 0;
4997		ctsio->kern_sg_entries = 0;
4998		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
4999		ctsio->be_move_done = ctl_config_move_done;
5000		ctl_datamove((union ctl_io *)ctsio);
5001
5002		return (CTL_RETVAL_COMPLETE);
5003	}
5004
5005	if (length > 0)
5006		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5007
5008	mtx_lock(&lun->lun_lock);
5009
5010	/*
5011	 * According to SPC, it is not an error for an intiator to attempt
5012	 * to release a reservation on a LUN that isn't reserved, or that
5013	 * is reserved by another initiator.  The reservation can only be
5014	 * released, though, by the initiator who made it or by one of
5015	 * several reset type events.
5016	 */
5017	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5018			lun->flags &= ~CTL_LUN_RESERVED;
5019
5020	mtx_unlock(&lun->lun_lock);
5021
5022	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5023		free(ctsio->kern_data_ptr, M_CTL);
5024		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5025	}
5026
5027	ctl_set_success(ctsio);
5028	ctl_done((union ctl_io *)ctsio);
5029	return (CTL_RETVAL_COMPLETE);
5030}
5031
5032int
5033ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5034{
5035	int extent, thirdparty, longid;
5036	int resv_id, length;
5037	uint64_t thirdparty_id;
5038	struct ctl_lun *lun;
5039	uint32_t residx;
5040
5041	extent = 0;
5042	thirdparty = 0;
5043	longid = 0;
5044	resv_id = 0;
5045	length = 0;
5046	thirdparty_id = 0;
5047
5048	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5049
5050	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5051	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5052
5053	switch (ctsio->cdb[0]) {
5054	case RESERVE_10: {
5055		struct scsi_reserve_10 *cdb;
5056
5057		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5058
5059		if (cdb->byte2 & SR10_LONGID)
5060			longid = 1;
5061		else
5062			thirdparty_id = cdb->thirdparty_id;
5063
5064		resv_id = cdb->resv_id;
5065		length = scsi_2btoul(cdb->length);
5066		break;
5067	}
5068	}
5069
5070	/*
5071	 * XXX KDM right now, we only support LUN reservation.  We don't
5072	 * support 3rd party reservations, or extent reservations, which
5073	 * might actually need the parameter list.  If we've gotten this
5074	 * far, we've got a LUN reservation.  Anything else got kicked out
5075	 * above.  So, according to SPC, ignore the length.
5076	 */
5077	length = 0;
5078
5079	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5080	 && (length > 0)) {
5081		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5082		ctsio->kern_data_len = length;
5083		ctsio->kern_total_len = length;
5084		ctsio->kern_data_resid = 0;
5085		ctsio->kern_rel_offset = 0;
5086		ctsio->kern_sg_entries = 0;
5087		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5088		ctsio->be_move_done = ctl_config_move_done;
5089		ctl_datamove((union ctl_io *)ctsio);
5090
5091		return (CTL_RETVAL_COMPLETE);
5092	}
5093
5094	if (length > 0)
5095		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5096
5097	mtx_lock(&lun->lun_lock);
5098	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5099		ctl_set_reservation_conflict(ctsio);
5100		goto bailout;
5101	}
5102
5103	lun->flags |= CTL_LUN_RESERVED;
5104	lun->res_idx = residx;
5105
5106	ctl_set_success(ctsio);
5107
5108bailout:
5109	mtx_unlock(&lun->lun_lock);
5110
5111	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5112		free(ctsio->kern_data_ptr, M_CTL);
5113		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5114	}
5115
5116	ctl_done((union ctl_io *)ctsio);
5117	return (CTL_RETVAL_COMPLETE);
5118}
5119
5120int
5121ctl_start_stop(struct ctl_scsiio *ctsio)
5122{
5123	struct scsi_start_stop_unit *cdb;
5124	struct ctl_lun *lun;
5125	int retval;
5126
5127	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5128
5129	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5130	retval = 0;
5131
5132	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5133
5134	/*
5135	 * XXX KDM
5136	 * We don't support the immediate bit on a stop unit.  In order to
5137	 * do that, we would need to code up a way to know that a stop is
5138	 * pending, and hold off any new commands until it completes, one
5139	 * way or another.  Then we could accept or reject those commands
5140	 * depending on its status.  We would almost need to do the reverse
5141	 * of what we do below for an immediate start -- return the copy of
5142	 * the ctl_io to the FETD with status to send to the host (and to
5143	 * free the copy!) and then free the original I/O once the stop
5144	 * actually completes.  That way, the OOA queue mechanism can work
5145	 * to block commands that shouldn't proceed.  Another alternative
5146	 * would be to put the copy in the queue in place of the original,
5147	 * and return the original back to the caller.  That could be
5148	 * slightly safer..
5149	 */
5150	if ((cdb->byte2 & SSS_IMMED)
5151	 && ((cdb->how & SSS_START) == 0)) {
5152		ctl_set_invalid_field(ctsio,
5153				      /*sks_valid*/ 1,
5154				      /*command*/ 1,
5155				      /*field*/ 1,
5156				      /*bit_valid*/ 1,
5157				      /*bit*/ 0);
5158		ctl_done((union ctl_io *)ctsio);
5159		return (CTL_RETVAL_COMPLETE);
5160	}
5161
5162	if ((lun->flags & CTL_LUN_PR_RESERVED)
5163	 && ((cdb->how & SSS_START)==0)) {
5164		uint32_t residx;
5165
5166		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5167		if (ctl_get_prkey(lun, residx) == 0
5168		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5169
5170			ctl_set_reservation_conflict(ctsio);
5171			ctl_done((union ctl_io *)ctsio);
5172			return (CTL_RETVAL_COMPLETE);
5173		}
5174	}
5175
5176	/*
5177	 * If there is no backend on this device, we can't start or stop
5178	 * it.  In theory we shouldn't get any start/stop commands in the
5179	 * first place at this level if the LUN doesn't have a backend.
5180	 * That should get stopped by the command decode code.
5181	 */
5182	if (lun->backend == NULL) {
5183		ctl_set_invalid_opcode(ctsio);
5184		ctl_done((union ctl_io *)ctsio);
5185		return (CTL_RETVAL_COMPLETE);
5186	}
5187
5188	/*
5189	 * XXX KDM Copan-specific offline behavior.
5190	 * Figure out a reasonable way to port this?
5191	 */
5192#ifdef NEEDTOPORT
5193	mtx_lock(&lun->lun_lock);
5194
5195	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5196	 && (lun->flags & CTL_LUN_OFFLINE)) {
5197		/*
5198		 * If the LUN is offline, and the on/offline bit isn't set,
5199		 * reject the start or stop.  Otherwise, let it through.
5200		 */
5201		mtx_unlock(&lun->lun_lock);
5202		ctl_set_lun_not_ready(ctsio);
5203		ctl_done((union ctl_io *)ctsio);
5204	} else {
5205		mtx_unlock(&lun->lun_lock);
5206#endif /* NEEDTOPORT */
5207		/*
5208		 * This could be a start or a stop when we're online,
5209		 * or a stop/offline or start/online.  A start or stop when
5210		 * we're offline is covered in the case above.
5211		 */
5212		/*
5213		 * In the non-immediate case, we send the request to
5214		 * the backend and return status to the user when
5215		 * it is done.
5216		 *
5217		 * In the immediate case, we allocate a new ctl_io
5218		 * to hold a copy of the request, and send that to
5219		 * the backend.  We then set good status on the
5220		 * user's request and return it immediately.
5221		 */
5222		if (cdb->byte2 & SSS_IMMED) {
5223			union ctl_io *new_io;
5224
5225			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5226			ctl_copy_io((union ctl_io *)ctsio, new_io);
5227			retval = lun->backend->config_write(new_io);
5228			ctl_set_success(ctsio);
5229			ctl_done((union ctl_io *)ctsio);
5230		} else {
5231			retval = lun->backend->config_write(
5232				(union ctl_io *)ctsio);
5233		}
5234#ifdef NEEDTOPORT
5235	}
5236#endif
5237	return (retval);
5238}
5239
5240/*
5241 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5242 * we don't really do anything with the LBA and length fields if the user
5243 * passes them in.  Instead we'll just flush out the cache for the entire
5244 * LUN.
5245 */
5246int
5247ctl_sync_cache(struct ctl_scsiio *ctsio)
5248{
5249	struct ctl_lun *lun;
5250	struct ctl_softc *softc;
5251	struct ctl_lba_len_flags *lbalen;
5252	uint64_t starting_lba;
5253	uint32_t block_count;
5254	int retval;
5255	uint8_t byte2;
5256
5257	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5258
5259	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5260	softc = lun->ctl_softc;
5261	retval = 0;
5262
5263	switch (ctsio->cdb[0]) {
5264	case SYNCHRONIZE_CACHE: {
5265		struct scsi_sync_cache *cdb;
5266		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5267
5268		starting_lba = scsi_4btoul(cdb->begin_lba);
5269		block_count = scsi_2btoul(cdb->lb_count);
5270		byte2 = cdb->byte2;
5271		break;
5272	}
5273	case SYNCHRONIZE_CACHE_16: {
5274		struct scsi_sync_cache_16 *cdb;
5275		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5276
5277		starting_lba = scsi_8btou64(cdb->begin_lba);
5278		block_count = scsi_4btoul(cdb->lb_count);
5279		byte2 = cdb->byte2;
5280		break;
5281	}
5282	default:
5283		ctl_set_invalid_opcode(ctsio);
5284		ctl_done((union ctl_io *)ctsio);
5285		goto bailout;
5286		break; /* NOTREACHED */
5287	}
5288
5289	/*
5290	 * We check the LBA and length, but don't do anything with them.
5291	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5292	 * get flushed.  This check will just help satisfy anyone who wants
5293	 * to see an error for an out of range LBA.
5294	 */
5295	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5296		ctl_set_lba_out_of_range(ctsio);
5297		ctl_done((union ctl_io *)ctsio);
5298		goto bailout;
5299	}
5300
5301	/*
5302	 * If this LUN has no backend, we can't flush the cache anyway.
5303	 */
5304	if (lun->backend == NULL) {
5305		ctl_set_invalid_opcode(ctsio);
5306		ctl_done((union ctl_io *)ctsio);
5307		goto bailout;
5308	}
5309
5310	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5311	lbalen->lba = starting_lba;
5312	lbalen->len = block_count;
5313	lbalen->flags = byte2;
5314
5315	/*
5316	 * Check to see whether we're configured to send the SYNCHRONIZE
5317	 * CACHE command directly to the back end.
5318	 */
5319	mtx_lock(&lun->lun_lock);
5320	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5321	 && (++(lun->sync_count) >= lun->sync_interval)) {
5322		lun->sync_count = 0;
5323		mtx_unlock(&lun->lun_lock);
5324		retval = lun->backend->config_write((union ctl_io *)ctsio);
5325	} else {
5326		mtx_unlock(&lun->lun_lock);
5327		ctl_set_success(ctsio);
5328		ctl_done((union ctl_io *)ctsio);
5329	}
5330
5331bailout:
5332
5333	return (retval);
5334}
5335
5336int
5337ctl_format(struct ctl_scsiio *ctsio)
5338{
5339	struct scsi_format *cdb;
5340	struct ctl_lun *lun;
5341	int length, defect_list_len;
5342
5343	CTL_DEBUG_PRINT(("ctl_format\n"));
5344
5345	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5346
5347	cdb = (struct scsi_format *)ctsio->cdb;
5348
5349	length = 0;
5350	if (cdb->byte2 & SF_FMTDATA) {
5351		if (cdb->byte2 & SF_LONGLIST)
5352			length = sizeof(struct scsi_format_header_long);
5353		else
5354			length = sizeof(struct scsi_format_header_short);
5355	}
5356
5357	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5358	 && (length > 0)) {
5359		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5360		ctsio->kern_data_len = length;
5361		ctsio->kern_total_len = length;
5362		ctsio->kern_data_resid = 0;
5363		ctsio->kern_rel_offset = 0;
5364		ctsio->kern_sg_entries = 0;
5365		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5366		ctsio->be_move_done = ctl_config_move_done;
5367		ctl_datamove((union ctl_io *)ctsio);
5368
5369		return (CTL_RETVAL_COMPLETE);
5370	}
5371
5372	defect_list_len = 0;
5373
5374	if (cdb->byte2 & SF_FMTDATA) {
5375		if (cdb->byte2 & SF_LONGLIST) {
5376			struct scsi_format_header_long *header;
5377
5378			header = (struct scsi_format_header_long *)
5379				ctsio->kern_data_ptr;
5380
5381			defect_list_len = scsi_4btoul(header->defect_list_len);
5382			if (defect_list_len != 0) {
5383				ctl_set_invalid_field(ctsio,
5384						      /*sks_valid*/ 1,
5385						      /*command*/ 0,
5386						      /*field*/ 2,
5387						      /*bit_valid*/ 0,
5388						      /*bit*/ 0);
5389				goto bailout;
5390			}
5391		} else {
5392			struct scsi_format_header_short *header;
5393
5394			header = (struct scsi_format_header_short *)
5395				ctsio->kern_data_ptr;
5396
5397			defect_list_len = scsi_2btoul(header->defect_list_len);
5398			if (defect_list_len != 0) {
5399				ctl_set_invalid_field(ctsio,
5400						      /*sks_valid*/ 1,
5401						      /*command*/ 0,
5402						      /*field*/ 2,
5403						      /*bit_valid*/ 0,
5404						      /*bit*/ 0);
5405				goto bailout;
5406			}
5407		}
5408	}
5409
5410	/*
5411	 * The format command will clear out the "Medium format corrupted"
5412	 * status if set by the configuration code.  That status is really
5413	 * just a way to notify the host that we have lost the media, and
5414	 * get them to issue a command that will basically make them think
5415	 * they're blowing away the media.
5416	 */
5417	mtx_lock(&lun->lun_lock);
5418	lun->flags &= ~CTL_LUN_INOPERABLE;
5419	mtx_unlock(&lun->lun_lock);
5420
5421	ctl_set_success(ctsio);
5422bailout:
5423
5424	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5425		free(ctsio->kern_data_ptr, M_CTL);
5426		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5427	}
5428
5429	ctl_done((union ctl_io *)ctsio);
5430	return (CTL_RETVAL_COMPLETE);
5431}
5432
5433int
5434ctl_read_buffer(struct ctl_scsiio *ctsio)
5435{
5436	struct scsi_read_buffer *cdb;
5437	struct ctl_lun *lun;
5438	int buffer_offset, len;
5439	static uint8_t descr[4];
5440	static uint8_t echo_descr[4] = { 0 };
5441
5442	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5443
5444	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5445	cdb = (struct scsi_read_buffer *)ctsio->cdb;
5446
5447	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA &&
5448	    (cdb->byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5449	    (cdb->byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5450		ctl_set_invalid_field(ctsio,
5451				      /*sks_valid*/ 1,
5452				      /*command*/ 1,
5453				      /*field*/ 1,
5454				      /*bit_valid*/ 1,
5455				      /*bit*/ 4);
5456		ctl_done((union ctl_io *)ctsio);
5457		return (CTL_RETVAL_COMPLETE);
5458	}
5459
5460	len = scsi_3btoul(cdb->length);
5461	buffer_offset = scsi_3btoul(cdb->offset);
5462
5463	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5464		ctl_set_invalid_field(ctsio,
5465				      /*sks_valid*/ 1,
5466				      /*command*/ 1,
5467				      /*field*/ 6,
5468				      /*bit_valid*/ 0,
5469				      /*bit*/ 0);
5470		ctl_done((union ctl_io *)ctsio);
5471		return (CTL_RETVAL_COMPLETE);
5472	}
5473
5474	if ((cdb->byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5475		descr[0] = 0;
5476		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5477		ctsio->kern_data_ptr = descr;
5478		len = min(len, sizeof(descr));
5479	} else if ((cdb->byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5480		ctsio->kern_data_ptr = echo_descr;
5481		len = min(len, sizeof(echo_descr));
5482	} else {
5483		if (lun->write_buffer == NULL) {
5484			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5485			    M_CTL, M_WAITOK);
5486		}
5487		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5488	}
5489	ctsio->kern_data_len = len;
5490	ctsio->kern_total_len = len;
5491	ctsio->kern_data_resid = 0;
5492	ctsio->kern_rel_offset = 0;
5493	ctsio->kern_sg_entries = 0;
5494	ctl_set_success(ctsio);
5495	ctsio->be_move_done = ctl_config_move_done;
5496	ctl_datamove((union ctl_io *)ctsio);
5497	return (CTL_RETVAL_COMPLETE);
5498}
5499
5500int
5501ctl_write_buffer(struct ctl_scsiio *ctsio)
5502{
5503	struct scsi_write_buffer *cdb;
5504	struct ctl_lun *lun;
5505	int buffer_offset, len;
5506
5507	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5508
5509	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5510	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5511
5512	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5513		ctl_set_invalid_field(ctsio,
5514				      /*sks_valid*/ 1,
5515				      /*command*/ 1,
5516				      /*field*/ 1,
5517				      /*bit_valid*/ 1,
5518				      /*bit*/ 4);
5519		ctl_done((union ctl_io *)ctsio);
5520		return (CTL_RETVAL_COMPLETE);
5521	}
5522
5523	len = scsi_3btoul(cdb->length);
5524	buffer_offset = scsi_3btoul(cdb->offset);
5525
5526	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5527		ctl_set_invalid_field(ctsio,
5528				      /*sks_valid*/ 1,
5529				      /*command*/ 1,
5530				      /*field*/ 6,
5531				      /*bit_valid*/ 0,
5532				      /*bit*/ 0);
5533		ctl_done((union ctl_io *)ctsio);
5534		return (CTL_RETVAL_COMPLETE);
5535	}
5536
5537	/*
5538	 * If we've got a kernel request that hasn't been malloced yet,
5539	 * malloc it and tell the caller the data buffer is here.
5540	 */
5541	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5542		if (lun->write_buffer == NULL) {
5543			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5544			    M_CTL, M_WAITOK);
5545		}
5546		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5547		ctsio->kern_data_len = len;
5548		ctsio->kern_total_len = len;
5549		ctsio->kern_data_resid = 0;
5550		ctsio->kern_rel_offset = 0;
5551		ctsio->kern_sg_entries = 0;
5552		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5553		ctsio->be_move_done = ctl_config_move_done;
5554		ctl_datamove((union ctl_io *)ctsio);
5555
5556		return (CTL_RETVAL_COMPLETE);
5557	}
5558
5559	ctl_set_success(ctsio);
5560	ctl_done((union ctl_io *)ctsio);
5561	return (CTL_RETVAL_COMPLETE);
5562}
5563
5564int
5565ctl_write_same(struct ctl_scsiio *ctsio)
5566{
5567	struct ctl_lun *lun;
5568	struct ctl_lba_len_flags *lbalen;
5569	uint64_t lba;
5570	uint32_t num_blocks;
5571	int len, retval;
5572	uint8_t byte2;
5573
5574	retval = CTL_RETVAL_COMPLETE;
5575
5576	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5577
5578	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5579
5580	switch (ctsio->cdb[0]) {
5581	case WRITE_SAME_10: {
5582		struct scsi_write_same_10 *cdb;
5583
5584		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5585
5586		lba = scsi_4btoul(cdb->addr);
5587		num_blocks = scsi_2btoul(cdb->length);
5588		byte2 = cdb->byte2;
5589		break;
5590	}
5591	case WRITE_SAME_16: {
5592		struct scsi_write_same_16 *cdb;
5593
5594		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5595
5596		lba = scsi_8btou64(cdb->addr);
5597		num_blocks = scsi_4btoul(cdb->length);
5598		byte2 = cdb->byte2;
5599		break;
5600	}
5601	default:
5602		/*
5603		 * We got a command we don't support.  This shouldn't
5604		 * happen, commands should be filtered out above us.
5605		 */
5606		ctl_set_invalid_opcode(ctsio);
5607		ctl_done((union ctl_io *)ctsio);
5608
5609		return (CTL_RETVAL_COMPLETE);
5610		break; /* NOTREACHED */
5611	}
5612
5613	/* NDOB and ANCHOR flags can be used only together with UNMAP */
5614	if ((byte2 & SWS_UNMAP) == 0 &&
5615	    (byte2 & (SWS_NDOB | SWS_ANCHOR)) != 0) {
5616		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5617		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5618		ctl_done((union ctl_io *)ctsio);
5619		return (CTL_RETVAL_COMPLETE);
5620	}
5621
5622	/*
5623	 * The first check is to make sure we're in bounds, the second
5624	 * check is to catch wrap-around problems.  If the lba + num blocks
5625	 * is less than the lba, then we've wrapped around and the block
5626	 * range is invalid anyway.
5627	 */
5628	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5629	 || ((lba + num_blocks) < lba)) {
5630		ctl_set_lba_out_of_range(ctsio);
5631		ctl_done((union ctl_io *)ctsio);
5632		return (CTL_RETVAL_COMPLETE);
5633	}
5634
5635	/* Zero number of blocks means "to the last logical block" */
5636	if (num_blocks == 0) {
5637		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5638			ctl_set_invalid_field(ctsio,
5639					      /*sks_valid*/ 0,
5640					      /*command*/ 1,
5641					      /*field*/ 0,
5642					      /*bit_valid*/ 0,
5643					      /*bit*/ 0);
5644			ctl_done((union ctl_io *)ctsio);
5645			return (CTL_RETVAL_COMPLETE);
5646		}
5647		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5648	}
5649
5650	len = lun->be_lun->blocksize;
5651
5652	/*
5653	 * If we've got a kernel request that hasn't been malloced yet,
5654	 * malloc it and tell the caller the data buffer is here.
5655	 */
5656	if ((byte2 & SWS_NDOB) == 0 &&
5657	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5658		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5659		ctsio->kern_data_len = len;
5660		ctsio->kern_total_len = len;
5661		ctsio->kern_data_resid = 0;
5662		ctsio->kern_rel_offset = 0;
5663		ctsio->kern_sg_entries = 0;
5664		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5665		ctsio->be_move_done = ctl_config_move_done;
5666		ctl_datamove((union ctl_io *)ctsio);
5667
5668		return (CTL_RETVAL_COMPLETE);
5669	}
5670
5671	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5672	lbalen->lba = lba;
5673	lbalen->len = num_blocks;
5674	lbalen->flags = byte2;
5675	retval = lun->backend->config_write((union ctl_io *)ctsio);
5676
5677	return (retval);
5678}
5679
5680int
5681ctl_unmap(struct ctl_scsiio *ctsio)
5682{
5683	struct ctl_lun *lun;
5684	struct scsi_unmap *cdb;
5685	struct ctl_ptr_len_flags *ptrlen;
5686	struct scsi_unmap_header *hdr;
5687	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5688	uint64_t lba;
5689	uint32_t num_blocks;
5690	int len, retval;
5691	uint8_t byte2;
5692
5693	retval = CTL_RETVAL_COMPLETE;
5694
5695	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5696
5697	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5698	cdb = (struct scsi_unmap *)ctsio->cdb;
5699
5700	len = scsi_2btoul(cdb->length);
5701	byte2 = cdb->byte2;
5702
5703	/*
5704	 * If we've got a kernel request that hasn't been malloced yet,
5705	 * malloc it and tell the caller the data buffer is here.
5706	 */
5707	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5708		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5709		ctsio->kern_data_len = len;
5710		ctsio->kern_total_len = len;
5711		ctsio->kern_data_resid = 0;
5712		ctsio->kern_rel_offset = 0;
5713		ctsio->kern_sg_entries = 0;
5714		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5715		ctsio->be_move_done = ctl_config_move_done;
5716		ctl_datamove((union ctl_io *)ctsio);
5717
5718		return (CTL_RETVAL_COMPLETE);
5719	}
5720
5721	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5722	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5723	if (len < sizeof (*hdr) ||
5724	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5725	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5726	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5727		ctl_set_invalid_field(ctsio,
5728				      /*sks_valid*/ 0,
5729				      /*command*/ 0,
5730				      /*field*/ 0,
5731				      /*bit_valid*/ 0,
5732				      /*bit*/ 0);
5733		goto done;
5734	}
5735	len = scsi_2btoul(hdr->desc_length);
5736	buf = (struct scsi_unmap_desc *)(hdr + 1);
5737	end = buf + len / sizeof(*buf);
5738
5739	endnz = buf;
5740	for (range = buf; range < end; range++) {
5741		lba = scsi_8btou64(range->lba);
5742		num_blocks = scsi_4btoul(range->length);
5743		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5744		 || ((lba + num_blocks) < lba)) {
5745			ctl_set_lba_out_of_range(ctsio);
5746			ctl_done((union ctl_io *)ctsio);
5747			return (CTL_RETVAL_COMPLETE);
5748		}
5749		if (num_blocks != 0)
5750			endnz = range + 1;
5751	}
5752
5753	/*
5754	 * Block backend can not handle zero last range.
5755	 * Filter it out and return if there is nothing left.
5756	 */
5757	len = (uint8_t *)endnz - (uint8_t *)buf;
5758	if (len == 0) {
5759		ctl_set_success(ctsio);
5760		goto done;
5761	}
5762
5763	mtx_lock(&lun->lun_lock);
5764	ptrlen = (struct ctl_ptr_len_flags *)
5765	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5766	ptrlen->ptr = (void *)buf;
5767	ptrlen->len = len;
5768	ptrlen->flags = byte2;
5769	ctl_check_blocked(lun);
5770	mtx_unlock(&lun->lun_lock);
5771
5772	retval = lun->backend->config_write((union ctl_io *)ctsio);
5773	return (retval);
5774
5775done:
5776	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5777		free(ctsio->kern_data_ptr, M_CTL);
5778		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5779	}
5780	ctl_done((union ctl_io *)ctsio);
5781	return (CTL_RETVAL_COMPLETE);
5782}
5783
5784/*
5785 * Note that this function currently doesn't actually do anything inside
5786 * CTL to enforce things if the DQue bit is turned on.
5787 *
5788 * Also note that this function can't be used in the default case, because
5789 * the DQue bit isn't set in the changeable mask for the control mode page
5790 * anyway.  This is just here as an example for how to implement a page
5791 * handler, and a placeholder in case we want to allow the user to turn
5792 * tagged queueing on and off.
5793 *
5794 * The D_SENSE bit handling is functional, however, and will turn
5795 * descriptor sense on and off for a given LUN.
5796 */
5797int
5798ctl_control_page_handler(struct ctl_scsiio *ctsio,
5799			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5800{
5801	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5802	struct ctl_lun *lun;
5803	int set_ua;
5804	uint32_t initidx;
5805
5806	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5807	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5808	set_ua = 0;
5809
5810	user_cp = (struct scsi_control_page *)page_ptr;
5811	current_cp = (struct scsi_control_page *)
5812		(page_index->page_data + (page_index->page_len *
5813		CTL_PAGE_CURRENT));
5814	saved_cp = (struct scsi_control_page *)
5815		(page_index->page_data + (page_index->page_len *
5816		CTL_PAGE_SAVED));
5817
5818	mtx_lock(&lun->lun_lock);
5819	if (((current_cp->rlec & SCP_DSENSE) == 0)
5820	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
5821		/*
5822		 * Descriptor sense is currently turned off and the user
5823		 * wants to turn it on.
5824		 */
5825		current_cp->rlec |= SCP_DSENSE;
5826		saved_cp->rlec |= SCP_DSENSE;
5827		lun->flags |= CTL_LUN_SENSE_DESC;
5828		set_ua = 1;
5829	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
5830		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
5831		/*
5832		 * Descriptor sense is currently turned on, and the user
5833		 * wants to turn it off.
5834		 */
5835		current_cp->rlec &= ~SCP_DSENSE;
5836		saved_cp->rlec &= ~SCP_DSENSE;
5837		lun->flags &= ~CTL_LUN_SENSE_DESC;
5838		set_ua = 1;
5839	}
5840	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
5841	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
5842		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5843		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5844		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
5845		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
5846		set_ua = 1;
5847	}
5848	if ((current_cp->eca_and_aen & SCP_SWP) !=
5849	    (user_cp->eca_and_aen & SCP_SWP)) {
5850		current_cp->eca_and_aen &= ~SCP_SWP;
5851		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5852		saved_cp->eca_and_aen &= ~SCP_SWP;
5853		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
5854		set_ua = 1;
5855	}
5856	if (set_ua != 0)
5857		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5858	mtx_unlock(&lun->lun_lock);
5859
5860	return (0);
5861}
5862
5863int
5864ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
5865		     struct ctl_page_index *page_index, uint8_t *page_ptr)
5866{
5867	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
5868	struct ctl_lun *lun;
5869	int set_ua;
5870	uint32_t initidx;
5871
5872	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5873	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5874	set_ua = 0;
5875
5876	user_cp = (struct scsi_caching_page *)page_ptr;
5877	current_cp = (struct scsi_caching_page *)
5878		(page_index->page_data + (page_index->page_len *
5879		CTL_PAGE_CURRENT));
5880	saved_cp = (struct scsi_caching_page *)
5881		(page_index->page_data + (page_index->page_len *
5882		CTL_PAGE_SAVED));
5883
5884	mtx_lock(&lun->lun_lock);
5885	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
5886	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
5887		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5888		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5889		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
5890		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
5891		set_ua = 1;
5892	}
5893	if (set_ua != 0)
5894		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
5895	mtx_unlock(&lun->lun_lock);
5896
5897	return (0);
5898}
5899
5900int
5901ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
5902				struct ctl_page_index *page_index,
5903				uint8_t *page_ptr)
5904{
5905	uint8_t *c;
5906	int i;
5907
5908	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
5909	ctl_time_io_secs =
5910		(c[0] << 8) |
5911		(c[1] << 0) |
5912		0;
5913	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
5914	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
5915	printf("page data:");
5916	for (i=0; i<8; i++)
5917		printf(" %.2x",page_ptr[i]);
5918	printf("\n");
5919	return (0);
5920}
5921
5922int
5923ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
5924			       struct ctl_page_index *page_index,
5925			       int pc)
5926{
5927	struct copan_debugconf_subpage *page;
5928
5929	page = (struct copan_debugconf_subpage *)page_index->page_data +
5930		(page_index->page_len * pc);
5931
5932	switch (pc) {
5933	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
5934	case SMS_PAGE_CTRL_DEFAULT >> 6:
5935	case SMS_PAGE_CTRL_SAVED >> 6:
5936		/*
5937		 * We don't update the changable or default bits for this page.
5938		 */
5939		break;
5940	case SMS_PAGE_CTRL_CURRENT >> 6:
5941		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
5942		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
5943		break;
5944	default:
5945#ifdef NEEDTOPORT
5946		EPRINT(0, "Invalid PC %d!!", pc);
5947#endif /* NEEDTOPORT */
5948		break;
5949	}
5950	return (0);
5951}
5952
5953
5954static int
5955ctl_do_mode_select(union ctl_io *io)
5956{
5957	struct scsi_mode_page_header *page_header;
5958	struct ctl_page_index *page_index;
5959	struct ctl_scsiio *ctsio;
5960	int control_dev, page_len;
5961	int page_len_offset, page_len_size;
5962	union ctl_modepage_info *modepage_info;
5963	struct ctl_lun *lun;
5964	int *len_left, *len_used;
5965	int retval, i;
5966
5967	ctsio = &io->scsiio;
5968	page_index = NULL;
5969	page_len = 0;
5970	retval = CTL_RETVAL_COMPLETE;
5971
5972	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5973
5974	if (lun->be_lun->lun_type != T_DIRECT)
5975		control_dev = 1;
5976	else
5977		control_dev = 0;
5978
5979	modepage_info = (union ctl_modepage_info *)
5980		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
5981	len_left = &modepage_info->header.len_left;
5982	len_used = &modepage_info->header.len_used;
5983
5984do_next_page:
5985
5986	page_header = (struct scsi_mode_page_header *)
5987		(ctsio->kern_data_ptr + *len_used);
5988
5989	if (*len_left == 0) {
5990		free(ctsio->kern_data_ptr, M_CTL);
5991		ctl_set_success(ctsio);
5992		ctl_done((union ctl_io *)ctsio);
5993		return (CTL_RETVAL_COMPLETE);
5994	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
5995
5996		free(ctsio->kern_data_ptr, M_CTL);
5997		ctl_set_param_len_error(ctsio);
5998		ctl_done((union ctl_io *)ctsio);
5999		return (CTL_RETVAL_COMPLETE);
6000
6001	} else if ((page_header->page_code & SMPH_SPF)
6002		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6003
6004		free(ctsio->kern_data_ptr, M_CTL);
6005		ctl_set_param_len_error(ctsio);
6006		ctl_done((union ctl_io *)ctsio);
6007		return (CTL_RETVAL_COMPLETE);
6008	}
6009
6010
6011	/*
6012	 * XXX KDM should we do something with the block descriptor?
6013	 */
6014	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6015
6016		if ((control_dev != 0)
6017		 && (lun->mode_pages.index[i].page_flags &
6018		     CTL_PAGE_FLAG_DISK_ONLY))
6019			continue;
6020
6021		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6022		    (page_header->page_code & SMPH_PC_MASK))
6023			continue;
6024
6025		/*
6026		 * If neither page has a subpage code, then we've got a
6027		 * match.
6028		 */
6029		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6030		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6031			page_index = &lun->mode_pages.index[i];
6032			page_len = page_header->page_length;
6033			break;
6034		}
6035
6036		/*
6037		 * If both pages have subpages, then the subpage numbers
6038		 * have to match.
6039		 */
6040		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6041		  && (page_header->page_code & SMPH_SPF)) {
6042			struct scsi_mode_page_header_sp *sph;
6043
6044			sph = (struct scsi_mode_page_header_sp *)page_header;
6045
6046			if (lun->mode_pages.index[i].subpage ==
6047			    sph->subpage) {
6048				page_index = &lun->mode_pages.index[i];
6049				page_len = scsi_2btoul(sph->page_length);
6050				break;
6051			}
6052		}
6053	}
6054
6055	/*
6056	 * If we couldn't find the page, or if we don't have a mode select
6057	 * handler for it, send back an error to the user.
6058	 */
6059	if ((page_index == NULL)
6060	 || (page_index->select_handler == NULL)) {
6061		ctl_set_invalid_field(ctsio,
6062				      /*sks_valid*/ 1,
6063				      /*command*/ 0,
6064				      /*field*/ *len_used,
6065				      /*bit_valid*/ 0,
6066				      /*bit*/ 0);
6067		free(ctsio->kern_data_ptr, M_CTL);
6068		ctl_done((union ctl_io *)ctsio);
6069		return (CTL_RETVAL_COMPLETE);
6070	}
6071
6072	if (page_index->page_code & SMPH_SPF) {
6073		page_len_offset = 2;
6074		page_len_size = 2;
6075	} else {
6076		page_len_size = 1;
6077		page_len_offset = 1;
6078	}
6079
6080	/*
6081	 * If the length the initiator gives us isn't the one we specify in
6082	 * the mode page header, or if they didn't specify enough data in
6083	 * the CDB to avoid truncating this page, kick out the request.
6084	 */
6085	if ((page_len != (page_index->page_len - page_len_offset -
6086			  page_len_size))
6087	 || (*len_left < page_index->page_len)) {
6088
6089
6090		ctl_set_invalid_field(ctsio,
6091				      /*sks_valid*/ 1,
6092				      /*command*/ 0,
6093				      /*field*/ *len_used + page_len_offset,
6094				      /*bit_valid*/ 0,
6095				      /*bit*/ 0);
6096		free(ctsio->kern_data_ptr, M_CTL);
6097		ctl_done((union ctl_io *)ctsio);
6098		return (CTL_RETVAL_COMPLETE);
6099	}
6100
6101	/*
6102	 * Run through the mode page, checking to make sure that the bits
6103	 * the user changed are actually legal for him to change.
6104	 */
6105	for (i = 0; i < page_index->page_len; i++) {
6106		uint8_t *user_byte, *change_mask, *current_byte;
6107		int bad_bit;
6108		int j;
6109
6110		user_byte = (uint8_t *)page_header + i;
6111		change_mask = page_index->page_data +
6112			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6113		current_byte = page_index->page_data +
6114			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6115
6116		/*
6117		 * Check to see whether the user set any bits in this byte
6118		 * that he is not allowed to set.
6119		 */
6120		if ((*user_byte & ~(*change_mask)) ==
6121		    (*current_byte & ~(*change_mask)))
6122			continue;
6123
6124		/*
6125		 * Go through bit by bit to determine which one is illegal.
6126		 */
6127		bad_bit = 0;
6128		for (j = 7; j >= 0; j--) {
6129			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6130			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6131				bad_bit = i;
6132				break;
6133			}
6134		}
6135		ctl_set_invalid_field(ctsio,
6136				      /*sks_valid*/ 1,
6137				      /*command*/ 0,
6138				      /*field*/ *len_used + i,
6139				      /*bit_valid*/ 1,
6140				      /*bit*/ bad_bit);
6141		free(ctsio->kern_data_ptr, M_CTL);
6142		ctl_done((union ctl_io *)ctsio);
6143		return (CTL_RETVAL_COMPLETE);
6144	}
6145
6146	/*
6147	 * Decrement these before we call the page handler, since we may
6148	 * end up getting called back one way or another before the handler
6149	 * returns to this context.
6150	 */
6151	*len_left -= page_index->page_len;
6152	*len_used += page_index->page_len;
6153
6154	retval = page_index->select_handler(ctsio, page_index,
6155					    (uint8_t *)page_header);
6156
6157	/*
6158	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6159	 * wait until this queued command completes to finish processing
6160	 * the mode page.  If it returns anything other than
6161	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6162	 * already set the sense information, freed the data pointer, and
6163	 * completed the io for us.
6164	 */
6165	if (retval != CTL_RETVAL_COMPLETE)
6166		goto bailout_no_done;
6167
6168	/*
6169	 * If the initiator sent us more than one page, parse the next one.
6170	 */
6171	if (*len_left > 0)
6172		goto do_next_page;
6173
6174	ctl_set_success(ctsio);
6175	free(ctsio->kern_data_ptr, M_CTL);
6176	ctl_done((union ctl_io *)ctsio);
6177
6178bailout_no_done:
6179
6180	return (CTL_RETVAL_COMPLETE);
6181
6182}
6183
6184int
6185ctl_mode_select(struct ctl_scsiio *ctsio)
6186{
6187	int param_len, pf, sp;
6188	int header_size, bd_len;
6189	int len_left, len_used;
6190	struct ctl_page_index *page_index;
6191	struct ctl_lun *lun;
6192	int control_dev, page_len;
6193	union ctl_modepage_info *modepage_info;
6194	int retval;
6195
6196	pf = 0;
6197	sp = 0;
6198	page_len = 0;
6199	len_used = 0;
6200	len_left = 0;
6201	retval = 0;
6202	bd_len = 0;
6203	page_index = NULL;
6204
6205	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6206
6207	if (lun->be_lun->lun_type != T_DIRECT)
6208		control_dev = 1;
6209	else
6210		control_dev = 0;
6211
6212	switch (ctsio->cdb[0]) {
6213	case MODE_SELECT_6: {
6214		struct scsi_mode_select_6 *cdb;
6215
6216		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6217
6218		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6219		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6220
6221		param_len = cdb->length;
6222		header_size = sizeof(struct scsi_mode_header_6);
6223		break;
6224	}
6225	case MODE_SELECT_10: {
6226		struct scsi_mode_select_10 *cdb;
6227
6228		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6229
6230		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6231		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6232
6233		param_len = scsi_2btoul(cdb->length);
6234		header_size = sizeof(struct scsi_mode_header_10);
6235		break;
6236	}
6237	default:
6238		ctl_set_invalid_opcode(ctsio);
6239		ctl_done((union ctl_io *)ctsio);
6240		return (CTL_RETVAL_COMPLETE);
6241		break; /* NOTREACHED */
6242	}
6243
6244	/*
6245	 * From SPC-3:
6246	 * "A parameter list length of zero indicates that the Data-Out Buffer
6247	 * shall be empty. This condition shall not be considered as an error."
6248	 */
6249	if (param_len == 0) {
6250		ctl_set_success(ctsio);
6251		ctl_done((union ctl_io *)ctsio);
6252		return (CTL_RETVAL_COMPLETE);
6253	}
6254
6255	/*
6256	 * Since we'll hit this the first time through, prior to
6257	 * allocation, we don't need to free a data buffer here.
6258	 */
6259	if (param_len < header_size) {
6260		ctl_set_param_len_error(ctsio);
6261		ctl_done((union ctl_io *)ctsio);
6262		return (CTL_RETVAL_COMPLETE);
6263	}
6264
6265	/*
6266	 * Allocate the data buffer and grab the user's data.  In theory,
6267	 * we shouldn't have to sanity check the parameter list length here
6268	 * because the maximum size is 64K.  We should be able to malloc
6269	 * that much without too many problems.
6270	 */
6271	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6272		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6273		ctsio->kern_data_len = param_len;
6274		ctsio->kern_total_len = param_len;
6275		ctsio->kern_data_resid = 0;
6276		ctsio->kern_rel_offset = 0;
6277		ctsio->kern_sg_entries = 0;
6278		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6279		ctsio->be_move_done = ctl_config_move_done;
6280		ctl_datamove((union ctl_io *)ctsio);
6281
6282		return (CTL_RETVAL_COMPLETE);
6283	}
6284
6285	switch (ctsio->cdb[0]) {
6286	case MODE_SELECT_6: {
6287		struct scsi_mode_header_6 *mh6;
6288
6289		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6290		bd_len = mh6->blk_desc_len;
6291		break;
6292	}
6293	case MODE_SELECT_10: {
6294		struct scsi_mode_header_10 *mh10;
6295
6296		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6297		bd_len = scsi_2btoul(mh10->blk_desc_len);
6298		break;
6299	}
6300	default:
6301		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6302		break;
6303	}
6304
6305	if (param_len < (header_size + bd_len)) {
6306		free(ctsio->kern_data_ptr, M_CTL);
6307		ctl_set_param_len_error(ctsio);
6308		ctl_done((union ctl_io *)ctsio);
6309		return (CTL_RETVAL_COMPLETE);
6310	}
6311
6312	/*
6313	 * Set the IO_CONT flag, so that if this I/O gets passed to
6314	 * ctl_config_write_done(), it'll get passed back to
6315	 * ctl_do_mode_select() for further processing, or completion if
6316	 * we're all done.
6317	 */
6318	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6319	ctsio->io_cont = ctl_do_mode_select;
6320
6321	modepage_info = (union ctl_modepage_info *)
6322		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6323
6324	memset(modepage_info, 0, sizeof(*modepage_info));
6325
6326	len_left = param_len - header_size - bd_len;
6327	len_used = header_size + bd_len;
6328
6329	modepage_info->header.len_left = len_left;
6330	modepage_info->header.len_used = len_used;
6331
6332	return (ctl_do_mode_select((union ctl_io *)ctsio));
6333}
6334
6335int
6336ctl_mode_sense(struct ctl_scsiio *ctsio)
6337{
6338	struct ctl_lun *lun;
6339	int pc, page_code, dbd, llba, subpage;
6340	int alloc_len, page_len, header_len, total_len;
6341	struct scsi_mode_block_descr *block_desc;
6342	struct ctl_page_index *page_index;
6343	int control_dev;
6344
6345	dbd = 0;
6346	llba = 0;
6347	block_desc = NULL;
6348	page_index = NULL;
6349
6350	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6351
6352	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6353
6354	if (lun->be_lun->lun_type != T_DIRECT)
6355		control_dev = 1;
6356	else
6357		control_dev = 0;
6358
6359	switch (ctsio->cdb[0]) {
6360	case MODE_SENSE_6: {
6361		struct scsi_mode_sense_6 *cdb;
6362
6363		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6364
6365		header_len = sizeof(struct scsi_mode_hdr_6);
6366		if (cdb->byte2 & SMS_DBD)
6367			dbd = 1;
6368		else
6369			header_len += sizeof(struct scsi_mode_block_descr);
6370
6371		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6372		page_code = cdb->page & SMS_PAGE_CODE;
6373		subpage = cdb->subpage;
6374		alloc_len = cdb->length;
6375		break;
6376	}
6377	case MODE_SENSE_10: {
6378		struct scsi_mode_sense_10 *cdb;
6379
6380		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6381
6382		header_len = sizeof(struct scsi_mode_hdr_10);
6383
6384		if (cdb->byte2 & SMS_DBD)
6385			dbd = 1;
6386		else
6387			header_len += sizeof(struct scsi_mode_block_descr);
6388		if (cdb->byte2 & SMS10_LLBAA)
6389			llba = 1;
6390		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6391		page_code = cdb->page & SMS_PAGE_CODE;
6392		subpage = cdb->subpage;
6393		alloc_len = scsi_2btoul(cdb->length);
6394		break;
6395	}
6396	default:
6397		ctl_set_invalid_opcode(ctsio);
6398		ctl_done((union ctl_io *)ctsio);
6399		return (CTL_RETVAL_COMPLETE);
6400		break; /* NOTREACHED */
6401	}
6402
6403	/*
6404	 * We have to make a first pass through to calculate the size of
6405	 * the pages that match the user's query.  Then we allocate enough
6406	 * memory to hold it, and actually copy the data into the buffer.
6407	 */
6408	switch (page_code) {
6409	case SMS_ALL_PAGES_PAGE: {
6410		int i;
6411
6412		page_len = 0;
6413
6414		/*
6415		 * At the moment, values other than 0 and 0xff here are
6416		 * reserved according to SPC-3.
6417		 */
6418		if ((subpage != SMS_SUBPAGE_PAGE_0)
6419		 && (subpage != SMS_SUBPAGE_ALL)) {
6420			ctl_set_invalid_field(ctsio,
6421					      /*sks_valid*/ 1,
6422					      /*command*/ 1,
6423					      /*field*/ 3,
6424					      /*bit_valid*/ 0,
6425					      /*bit*/ 0);
6426			ctl_done((union ctl_io *)ctsio);
6427			return (CTL_RETVAL_COMPLETE);
6428		}
6429
6430		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6431			if ((control_dev != 0)
6432			 && (lun->mode_pages.index[i].page_flags &
6433			     CTL_PAGE_FLAG_DISK_ONLY))
6434				continue;
6435
6436			/*
6437			 * We don't use this subpage if the user didn't
6438			 * request all subpages.
6439			 */
6440			if ((lun->mode_pages.index[i].subpage != 0)
6441			 && (subpage == SMS_SUBPAGE_PAGE_0))
6442				continue;
6443
6444#if 0
6445			printf("found page %#x len %d\n",
6446			       lun->mode_pages.index[i].page_code &
6447			       SMPH_PC_MASK,
6448			       lun->mode_pages.index[i].page_len);
6449#endif
6450			page_len += lun->mode_pages.index[i].page_len;
6451		}
6452		break;
6453	}
6454	default: {
6455		int i;
6456
6457		page_len = 0;
6458
6459		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6460			/* Look for the right page code */
6461			if ((lun->mode_pages.index[i].page_code &
6462			     SMPH_PC_MASK) != page_code)
6463				continue;
6464
6465			/* Look for the right subpage or the subpage wildcard*/
6466			if ((lun->mode_pages.index[i].subpage != subpage)
6467			 && (subpage != SMS_SUBPAGE_ALL))
6468				continue;
6469
6470			/* Make sure the page is supported for this dev type */
6471			if ((control_dev != 0)
6472			 && (lun->mode_pages.index[i].page_flags &
6473			     CTL_PAGE_FLAG_DISK_ONLY))
6474				continue;
6475
6476#if 0
6477			printf("found page %#x len %d\n",
6478			       lun->mode_pages.index[i].page_code &
6479			       SMPH_PC_MASK,
6480			       lun->mode_pages.index[i].page_len);
6481#endif
6482
6483			page_len += lun->mode_pages.index[i].page_len;
6484		}
6485
6486		if (page_len == 0) {
6487			ctl_set_invalid_field(ctsio,
6488					      /*sks_valid*/ 1,
6489					      /*command*/ 1,
6490					      /*field*/ 2,
6491					      /*bit_valid*/ 1,
6492					      /*bit*/ 5);
6493			ctl_done((union ctl_io *)ctsio);
6494			return (CTL_RETVAL_COMPLETE);
6495		}
6496		break;
6497	}
6498	}
6499
6500	total_len = header_len + page_len;
6501#if 0
6502	printf("header_len = %d, page_len = %d, total_len = %d\n",
6503	       header_len, page_len, total_len);
6504#endif
6505
6506	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6507	ctsio->kern_sg_entries = 0;
6508	ctsio->kern_data_resid = 0;
6509	ctsio->kern_rel_offset = 0;
6510	if (total_len < alloc_len) {
6511		ctsio->residual = alloc_len - total_len;
6512		ctsio->kern_data_len = total_len;
6513		ctsio->kern_total_len = total_len;
6514	} else {
6515		ctsio->residual = 0;
6516		ctsio->kern_data_len = alloc_len;
6517		ctsio->kern_total_len = alloc_len;
6518	}
6519
6520	switch (ctsio->cdb[0]) {
6521	case MODE_SENSE_6: {
6522		struct scsi_mode_hdr_6 *header;
6523
6524		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6525
6526		header->datalen = MIN(total_len - 1, 254);
6527		if (control_dev == 0) {
6528			header->dev_specific = 0x10; /* DPOFUA */
6529			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6530			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6531			    .eca_and_aen & SCP_SWP) != 0)
6532				    header->dev_specific |= 0x80; /* WP */
6533		}
6534		if (dbd)
6535			header->block_descr_len = 0;
6536		else
6537			header->block_descr_len =
6538				sizeof(struct scsi_mode_block_descr);
6539		block_desc = (struct scsi_mode_block_descr *)&header[1];
6540		break;
6541	}
6542	case MODE_SENSE_10: {
6543		struct scsi_mode_hdr_10 *header;
6544		int datalen;
6545
6546		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6547
6548		datalen = MIN(total_len - 2, 65533);
6549		scsi_ulto2b(datalen, header->datalen);
6550		if (control_dev == 0) {
6551			header->dev_specific = 0x10; /* DPOFUA */
6552			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6553			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6554			    .eca_and_aen & SCP_SWP) != 0)
6555				    header->dev_specific |= 0x80; /* WP */
6556		}
6557		if (dbd)
6558			scsi_ulto2b(0, header->block_descr_len);
6559		else
6560			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6561				    header->block_descr_len);
6562		block_desc = (struct scsi_mode_block_descr *)&header[1];
6563		break;
6564	}
6565	default:
6566		panic("invalid CDB type %#x", ctsio->cdb[0]);
6567		break; /* NOTREACHED */
6568	}
6569
6570	/*
6571	 * If we've got a disk, use its blocksize in the block
6572	 * descriptor.  Otherwise, just set it to 0.
6573	 */
6574	if (dbd == 0) {
6575		if (control_dev == 0)
6576			scsi_ulto3b(lun->be_lun->blocksize,
6577				    block_desc->block_len);
6578		else
6579			scsi_ulto3b(0, block_desc->block_len);
6580	}
6581
6582	switch (page_code) {
6583	case SMS_ALL_PAGES_PAGE: {
6584		int i, data_used;
6585
6586		data_used = header_len;
6587		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6588			struct ctl_page_index *page_index;
6589
6590			page_index = &lun->mode_pages.index[i];
6591
6592			if ((control_dev != 0)
6593			 && (page_index->page_flags &
6594			    CTL_PAGE_FLAG_DISK_ONLY))
6595				continue;
6596
6597			/*
6598			 * We don't use this subpage if the user didn't
6599			 * request all subpages.  We already checked (above)
6600			 * to make sure the user only specified a subpage
6601			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6602			 */
6603			if ((page_index->subpage != 0)
6604			 && (subpage == SMS_SUBPAGE_PAGE_0))
6605				continue;
6606
6607			/*
6608			 * Call the handler, if it exists, to update the
6609			 * page to the latest values.
6610			 */
6611			if (page_index->sense_handler != NULL)
6612				page_index->sense_handler(ctsio, page_index,pc);
6613
6614			memcpy(ctsio->kern_data_ptr + data_used,
6615			       page_index->page_data +
6616			       (page_index->page_len * pc),
6617			       page_index->page_len);
6618			data_used += page_index->page_len;
6619		}
6620		break;
6621	}
6622	default: {
6623		int i, data_used;
6624
6625		data_used = header_len;
6626
6627		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6628			struct ctl_page_index *page_index;
6629
6630			page_index = &lun->mode_pages.index[i];
6631
6632			/* Look for the right page code */
6633			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6634				continue;
6635
6636			/* Look for the right subpage or the subpage wildcard*/
6637			if ((page_index->subpage != subpage)
6638			 && (subpage != SMS_SUBPAGE_ALL))
6639				continue;
6640
6641			/* Make sure the page is supported for this dev type */
6642			if ((control_dev != 0)
6643			 && (page_index->page_flags &
6644			     CTL_PAGE_FLAG_DISK_ONLY))
6645				continue;
6646
6647			/*
6648			 * Call the handler, if it exists, to update the
6649			 * page to the latest values.
6650			 */
6651			if (page_index->sense_handler != NULL)
6652				page_index->sense_handler(ctsio, page_index,pc);
6653
6654			memcpy(ctsio->kern_data_ptr + data_used,
6655			       page_index->page_data +
6656			       (page_index->page_len * pc),
6657			       page_index->page_len);
6658			data_used += page_index->page_len;
6659		}
6660		break;
6661	}
6662	}
6663
6664	ctl_set_success(ctsio);
6665	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6666	ctsio->be_move_done = ctl_config_move_done;
6667	ctl_datamove((union ctl_io *)ctsio);
6668	return (CTL_RETVAL_COMPLETE);
6669}
6670
6671int
6672ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6673			       struct ctl_page_index *page_index,
6674			       int pc)
6675{
6676	struct ctl_lun *lun;
6677	struct scsi_log_param_header *phdr;
6678	uint8_t *data;
6679	uint64_t val;
6680
6681	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6682	data = page_index->page_data;
6683
6684	if (lun->backend->lun_attr != NULL &&
6685	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6686	     != UINT64_MAX) {
6687		phdr = (struct scsi_log_param_header *)data;
6688		scsi_ulto2b(0x0001, phdr->param_code);
6689		phdr->param_control = SLP_LBIN | SLP_LP;
6690		phdr->param_len = 8;
6691		data = (uint8_t *)(phdr + 1);
6692		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6693		data[4] = 0x02; /* per-pool */
6694		data += phdr->param_len;
6695	}
6696
6697	if (lun->backend->lun_attr != NULL &&
6698	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6699	     != UINT64_MAX) {
6700		phdr = (struct scsi_log_param_header *)data;
6701		scsi_ulto2b(0x0002, phdr->param_code);
6702		phdr->param_control = SLP_LBIN | SLP_LP;
6703		phdr->param_len = 8;
6704		data = (uint8_t *)(phdr + 1);
6705		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6706		data[4] = 0x01; /* per-LUN */
6707		data += phdr->param_len;
6708	}
6709
6710	if (lun->backend->lun_attr != NULL &&
6711	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6712	     != UINT64_MAX) {
6713		phdr = (struct scsi_log_param_header *)data;
6714		scsi_ulto2b(0x00f1, phdr->param_code);
6715		phdr->param_control = SLP_LBIN | SLP_LP;
6716		phdr->param_len = 8;
6717		data = (uint8_t *)(phdr + 1);
6718		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6719		data[4] = 0x02; /* per-pool */
6720		data += phdr->param_len;
6721	}
6722
6723	if (lun->backend->lun_attr != NULL &&
6724	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6725	     != UINT64_MAX) {
6726		phdr = (struct scsi_log_param_header *)data;
6727		scsi_ulto2b(0x00f2, phdr->param_code);
6728		phdr->param_control = SLP_LBIN | SLP_LP;
6729		phdr->param_len = 8;
6730		data = (uint8_t *)(phdr + 1);
6731		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6732		data[4] = 0x02; /* per-pool */
6733		data += phdr->param_len;
6734	}
6735
6736	page_index->page_len = data - page_index->page_data;
6737	return (0);
6738}
6739
6740int
6741ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6742			       struct ctl_page_index *page_index,
6743			       int pc)
6744{
6745	struct ctl_lun *lun;
6746	struct stat_page *data;
6747	uint64_t rn, wn, rb, wb;
6748	struct bintime rt, wt;
6749	int i;
6750
6751	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6752	data = (struct stat_page *)page_index->page_data;
6753
6754	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6755	data->sap.hdr.param_control = SLP_LBIN;
6756	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6757	    sizeof(struct scsi_log_param_header);
6758	rn = wn = rb = wb = 0;
6759	bintime_clear(&rt);
6760	bintime_clear(&wt);
6761	for (i = 0; i < CTL_MAX_PORTS; i++) {
6762		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6763		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6764		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6765		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6766		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6767		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6768	}
6769	scsi_u64to8b(rn, data->sap.read_num);
6770	scsi_u64to8b(wn, data->sap.write_num);
6771	if (lun->stats.blocksize > 0) {
6772		scsi_u64to8b(wb / lun->stats.blocksize,
6773		    data->sap.recvieved_lba);
6774		scsi_u64to8b(rb / lun->stats.blocksize,
6775		    data->sap.transmitted_lba);
6776	}
6777	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6778	    data->sap.read_int);
6779	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6780	    data->sap.write_int);
6781	scsi_u64to8b(0, data->sap.weighted_num);
6782	scsi_u64to8b(0, data->sap.weighted_int);
6783	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6784	data->it.hdr.param_control = SLP_LBIN;
6785	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6786	    sizeof(struct scsi_log_param_header);
6787#ifdef CTL_TIME_IO
6788	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6789#endif
6790	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6791	data->it.hdr.param_control = SLP_LBIN;
6792	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6793	    sizeof(struct scsi_log_param_header);
6794	scsi_ulto4b(3, data->ti.exponent);
6795	scsi_ulto4b(1, data->ti.integer);
6796
6797	page_index->page_len = sizeof(*data);
6798	return (0);
6799}
6800
6801int
6802ctl_log_sense(struct ctl_scsiio *ctsio)
6803{
6804	struct ctl_lun *lun;
6805	int i, pc, page_code, subpage;
6806	int alloc_len, total_len;
6807	struct ctl_page_index *page_index;
6808	struct scsi_log_sense *cdb;
6809	struct scsi_log_header *header;
6810
6811	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6812
6813	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6814	cdb = (struct scsi_log_sense *)ctsio->cdb;
6815	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6816	page_code = cdb->page & SLS_PAGE_CODE;
6817	subpage = cdb->subpage;
6818	alloc_len = scsi_2btoul(cdb->length);
6819
6820	page_index = NULL;
6821	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6822		page_index = &lun->log_pages.index[i];
6823
6824		/* Look for the right page code */
6825		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6826			continue;
6827
6828		/* Look for the right subpage or the subpage wildcard*/
6829		if (page_index->subpage != subpage)
6830			continue;
6831
6832		break;
6833	}
6834	if (i >= CTL_NUM_LOG_PAGES) {
6835		ctl_set_invalid_field(ctsio,
6836				      /*sks_valid*/ 1,
6837				      /*command*/ 1,
6838				      /*field*/ 2,
6839				      /*bit_valid*/ 0,
6840				      /*bit*/ 0);
6841		ctl_done((union ctl_io *)ctsio);
6842		return (CTL_RETVAL_COMPLETE);
6843	}
6844
6845	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
6846
6847	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6848	ctsio->kern_sg_entries = 0;
6849	ctsio->kern_data_resid = 0;
6850	ctsio->kern_rel_offset = 0;
6851	if (total_len < alloc_len) {
6852		ctsio->residual = alloc_len - total_len;
6853		ctsio->kern_data_len = total_len;
6854		ctsio->kern_total_len = total_len;
6855	} else {
6856		ctsio->residual = 0;
6857		ctsio->kern_data_len = alloc_len;
6858		ctsio->kern_total_len = alloc_len;
6859	}
6860
6861	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
6862	header->page = page_index->page_code;
6863	if (page_index->subpage) {
6864		header->page |= SL_SPF;
6865		header->subpage = page_index->subpage;
6866	}
6867	scsi_ulto2b(page_index->page_len, header->datalen);
6868
6869	/*
6870	 * Call the handler, if it exists, to update the
6871	 * page to the latest values.
6872	 */
6873	if (page_index->sense_handler != NULL)
6874		page_index->sense_handler(ctsio, page_index, pc);
6875
6876	memcpy(header + 1, page_index->page_data, page_index->page_len);
6877
6878	ctl_set_success(ctsio);
6879	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6880	ctsio->be_move_done = ctl_config_move_done;
6881	ctl_datamove((union ctl_io *)ctsio);
6882	return (CTL_RETVAL_COMPLETE);
6883}
6884
6885int
6886ctl_read_capacity(struct ctl_scsiio *ctsio)
6887{
6888	struct scsi_read_capacity *cdb;
6889	struct scsi_read_capacity_data *data;
6890	struct ctl_lun *lun;
6891	uint32_t lba;
6892
6893	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
6894
6895	cdb = (struct scsi_read_capacity *)ctsio->cdb;
6896
6897	lba = scsi_4btoul(cdb->addr);
6898	if (((cdb->pmi & SRC_PMI) == 0)
6899	 && (lba != 0)) {
6900		ctl_set_invalid_field(/*ctsio*/ ctsio,
6901				      /*sks_valid*/ 1,
6902				      /*command*/ 1,
6903				      /*field*/ 2,
6904				      /*bit_valid*/ 0,
6905				      /*bit*/ 0);
6906		ctl_done((union ctl_io *)ctsio);
6907		return (CTL_RETVAL_COMPLETE);
6908	}
6909
6910	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6911
6912	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6913	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
6914	ctsio->residual = 0;
6915	ctsio->kern_data_len = sizeof(*data);
6916	ctsio->kern_total_len = sizeof(*data);
6917	ctsio->kern_data_resid = 0;
6918	ctsio->kern_rel_offset = 0;
6919	ctsio->kern_sg_entries = 0;
6920
6921	/*
6922	 * If the maximum LBA is greater than 0xfffffffe, the user must
6923	 * issue a SERVICE ACTION IN (16) command, with the read capacity
6924	 * serivce action set.
6925	 */
6926	if (lun->be_lun->maxlba > 0xfffffffe)
6927		scsi_ulto4b(0xffffffff, data->addr);
6928	else
6929		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
6930
6931	/*
6932	 * XXX KDM this may not be 512 bytes...
6933	 */
6934	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6935
6936	ctl_set_success(ctsio);
6937	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6938	ctsio->be_move_done = ctl_config_move_done;
6939	ctl_datamove((union ctl_io *)ctsio);
6940	return (CTL_RETVAL_COMPLETE);
6941}
6942
6943int
6944ctl_read_capacity_16(struct ctl_scsiio *ctsio)
6945{
6946	struct scsi_read_capacity_16 *cdb;
6947	struct scsi_read_capacity_data_long *data;
6948	struct ctl_lun *lun;
6949	uint64_t lba;
6950	uint32_t alloc_len;
6951
6952	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
6953
6954	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
6955
6956	alloc_len = scsi_4btoul(cdb->alloc_len);
6957	lba = scsi_8btou64(cdb->addr);
6958
6959	if ((cdb->reladr & SRC16_PMI)
6960	 && (lba != 0)) {
6961		ctl_set_invalid_field(/*ctsio*/ ctsio,
6962				      /*sks_valid*/ 1,
6963				      /*command*/ 1,
6964				      /*field*/ 2,
6965				      /*bit_valid*/ 0,
6966				      /*bit*/ 0);
6967		ctl_done((union ctl_io *)ctsio);
6968		return (CTL_RETVAL_COMPLETE);
6969	}
6970
6971	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6972
6973	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
6974	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
6975
6976	if (sizeof(*data) < alloc_len) {
6977		ctsio->residual = alloc_len - sizeof(*data);
6978		ctsio->kern_data_len = sizeof(*data);
6979		ctsio->kern_total_len = sizeof(*data);
6980	} else {
6981		ctsio->residual = 0;
6982		ctsio->kern_data_len = alloc_len;
6983		ctsio->kern_total_len = alloc_len;
6984	}
6985	ctsio->kern_data_resid = 0;
6986	ctsio->kern_rel_offset = 0;
6987	ctsio->kern_sg_entries = 0;
6988
6989	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
6990	/* XXX KDM this may not be 512 bytes... */
6991	scsi_ulto4b(lun->be_lun->blocksize, data->length);
6992	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
6993	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
6994	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
6995		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
6996
6997	ctl_set_success(ctsio);
6998	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6999	ctsio->be_move_done = ctl_config_move_done;
7000	ctl_datamove((union ctl_io *)ctsio);
7001	return (CTL_RETVAL_COMPLETE);
7002}
7003
7004int
7005ctl_get_lba_status(struct ctl_scsiio *ctsio)
7006{
7007	struct scsi_get_lba_status *cdb;
7008	struct scsi_get_lba_status_data *data;
7009	struct ctl_lun *lun;
7010	struct ctl_lba_len_flags *lbalen;
7011	uint64_t lba;
7012	uint32_t alloc_len, total_len;
7013	int retval;
7014
7015	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7016
7017	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7018	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7019	lba = scsi_8btou64(cdb->addr);
7020	alloc_len = scsi_4btoul(cdb->alloc_len);
7021
7022	if (lba > lun->be_lun->maxlba) {
7023		ctl_set_lba_out_of_range(ctsio);
7024		ctl_done((union ctl_io *)ctsio);
7025		return (CTL_RETVAL_COMPLETE);
7026	}
7027
7028	total_len = sizeof(*data) + sizeof(data->descr[0]);
7029	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7030	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7031
7032	if (total_len < alloc_len) {
7033		ctsio->residual = alloc_len - total_len;
7034		ctsio->kern_data_len = total_len;
7035		ctsio->kern_total_len = total_len;
7036	} else {
7037		ctsio->residual = 0;
7038		ctsio->kern_data_len = alloc_len;
7039		ctsio->kern_total_len = alloc_len;
7040	}
7041	ctsio->kern_data_resid = 0;
7042	ctsio->kern_rel_offset = 0;
7043	ctsio->kern_sg_entries = 0;
7044
7045	/* Fill dummy data in case backend can't tell anything. */
7046	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7047	scsi_u64to8b(lba, data->descr[0].addr);
7048	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7049	    data->descr[0].length);
7050	data->descr[0].status = 0; /* Mapped or unknown. */
7051
7052	ctl_set_success(ctsio);
7053	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7054	ctsio->be_move_done = ctl_config_move_done;
7055
7056	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7057	lbalen->lba = lba;
7058	lbalen->len = total_len;
7059	lbalen->flags = 0;
7060	retval = lun->backend->config_read((union ctl_io *)ctsio);
7061	return (CTL_RETVAL_COMPLETE);
7062}
7063
7064int
7065ctl_read_defect(struct ctl_scsiio *ctsio)
7066{
7067	struct scsi_read_defect_data_10 *ccb10;
7068	struct scsi_read_defect_data_12 *ccb12;
7069	struct scsi_read_defect_data_hdr_10 *data10;
7070	struct scsi_read_defect_data_hdr_12 *data12;
7071	uint32_t alloc_len, data_len;
7072	uint8_t format;
7073
7074	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7075
7076	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7077		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7078		format = ccb10->format;
7079		alloc_len = scsi_2btoul(ccb10->alloc_length);
7080		data_len = sizeof(*data10);
7081	} else {
7082		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7083		format = ccb12->format;
7084		alloc_len = scsi_4btoul(ccb12->alloc_length);
7085		data_len = sizeof(*data12);
7086	}
7087	if (alloc_len == 0) {
7088		ctl_set_success(ctsio);
7089		ctl_done((union ctl_io *)ctsio);
7090		return (CTL_RETVAL_COMPLETE);
7091	}
7092
7093	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7094	if (data_len < alloc_len) {
7095		ctsio->residual = alloc_len - data_len;
7096		ctsio->kern_data_len = data_len;
7097		ctsio->kern_total_len = data_len;
7098	} else {
7099		ctsio->residual = 0;
7100		ctsio->kern_data_len = alloc_len;
7101		ctsio->kern_total_len = alloc_len;
7102	}
7103	ctsio->kern_data_resid = 0;
7104	ctsio->kern_rel_offset = 0;
7105	ctsio->kern_sg_entries = 0;
7106
7107	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7108		data10 = (struct scsi_read_defect_data_hdr_10 *)
7109		    ctsio->kern_data_ptr;
7110		data10->format = format;
7111		scsi_ulto2b(0, data10->length);
7112	} else {
7113		data12 = (struct scsi_read_defect_data_hdr_12 *)
7114		    ctsio->kern_data_ptr;
7115		data12->format = format;
7116		scsi_ulto2b(0, data12->generation);
7117		scsi_ulto4b(0, data12->length);
7118	}
7119
7120	ctl_set_success(ctsio);
7121	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7122	ctsio->be_move_done = ctl_config_move_done;
7123	ctl_datamove((union ctl_io *)ctsio);
7124	return (CTL_RETVAL_COMPLETE);
7125}
7126
7127int
7128ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7129{
7130	struct scsi_maintenance_in *cdb;
7131	int retval;
7132	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7133	int num_target_port_groups, num_target_ports;
7134	struct ctl_lun *lun;
7135	struct ctl_softc *softc;
7136	struct ctl_port *port;
7137	struct scsi_target_group_data *rtg_ptr;
7138	struct scsi_target_group_data_extended *rtg_ext_ptr;
7139	struct scsi_target_port_group_descriptor *tpg_desc;
7140
7141	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7142
7143	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7144	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7145	softc = lun->ctl_softc;
7146
7147	retval = CTL_RETVAL_COMPLETE;
7148
7149	switch (cdb->byte2 & STG_PDF_MASK) {
7150	case STG_PDF_LENGTH:
7151		ext = 0;
7152		break;
7153	case STG_PDF_EXTENDED:
7154		ext = 1;
7155		break;
7156	default:
7157		ctl_set_invalid_field(/*ctsio*/ ctsio,
7158				      /*sks_valid*/ 1,
7159				      /*command*/ 1,
7160				      /*field*/ 2,
7161				      /*bit_valid*/ 1,
7162				      /*bit*/ 5);
7163		ctl_done((union ctl_io *)ctsio);
7164		return(retval);
7165	}
7166
7167	if (softc->is_single)
7168		num_target_port_groups = 1;
7169	else
7170		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7171	num_target_ports = 0;
7172	mtx_lock(&softc->ctl_lock);
7173	STAILQ_FOREACH(port, &softc->port_list, links) {
7174		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7175			continue;
7176		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7177			continue;
7178		num_target_ports++;
7179	}
7180	mtx_unlock(&softc->ctl_lock);
7181
7182	if (ext)
7183		total_len = sizeof(struct scsi_target_group_data_extended);
7184	else
7185		total_len = sizeof(struct scsi_target_group_data);
7186	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7187		num_target_port_groups +
7188	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7189
7190	alloc_len = scsi_4btoul(cdb->length);
7191
7192	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7193
7194	ctsio->kern_sg_entries = 0;
7195
7196	if (total_len < alloc_len) {
7197		ctsio->residual = alloc_len - total_len;
7198		ctsio->kern_data_len = total_len;
7199		ctsio->kern_total_len = total_len;
7200	} else {
7201		ctsio->residual = 0;
7202		ctsio->kern_data_len = alloc_len;
7203		ctsio->kern_total_len = alloc_len;
7204	}
7205	ctsio->kern_data_resid = 0;
7206	ctsio->kern_rel_offset = 0;
7207
7208	if (ext) {
7209		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7210		    ctsio->kern_data_ptr;
7211		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7212		rtg_ext_ptr->format_type = 0x10;
7213		rtg_ext_ptr->implicit_transition_time = 0;
7214		tpg_desc = &rtg_ext_ptr->groups[0];
7215	} else {
7216		rtg_ptr = (struct scsi_target_group_data *)
7217		    ctsio->kern_data_ptr;
7218		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7219		tpg_desc = &rtg_ptr->groups[0];
7220	}
7221
7222	mtx_lock(&softc->ctl_lock);
7223	pg = softc->port_min / softc->port_cnt;
7224	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7225		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7226	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7227		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7228	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7229		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7230	else
7231		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7232	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7233		os = gs;
7234		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7235	} else
7236		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7237	for (g = 0; g < num_target_port_groups; g++) {
7238		tpg_desc->pref_state = (g == pg) ? gs : os;
7239		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7240		    TPG_U_SUP | TPG_T_SUP;
7241		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7242		tpg_desc->status = TPG_IMPLICIT;
7243		pc = 0;
7244		STAILQ_FOREACH(port, &softc->port_list, links) {
7245			if (port->targ_port < g * softc->port_cnt ||
7246			    port->targ_port >= (g + 1) * softc->port_cnt)
7247				continue;
7248			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7249				continue;
7250			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7251				continue;
7252			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7253			    relative_target_port_identifier);
7254			pc++;
7255		}
7256		tpg_desc->target_port_count = pc;
7257		tpg_desc = (struct scsi_target_port_group_descriptor *)
7258		    &tpg_desc->descriptors[pc];
7259	}
7260	mtx_unlock(&softc->ctl_lock);
7261
7262	ctl_set_success(ctsio);
7263	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7264	ctsio->be_move_done = ctl_config_move_done;
7265	ctl_datamove((union ctl_io *)ctsio);
7266	return(retval);
7267}
7268
7269int
7270ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7271{
7272	struct ctl_lun *lun;
7273	struct scsi_report_supported_opcodes *cdb;
7274	const struct ctl_cmd_entry *entry, *sentry;
7275	struct scsi_report_supported_opcodes_all *all;
7276	struct scsi_report_supported_opcodes_descr *descr;
7277	struct scsi_report_supported_opcodes_one *one;
7278	int retval;
7279	int alloc_len, total_len;
7280	int opcode, service_action, i, j, num;
7281
7282	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7283
7284	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7285	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7286
7287	retval = CTL_RETVAL_COMPLETE;
7288
7289	opcode = cdb->requested_opcode;
7290	service_action = scsi_2btoul(cdb->requested_service_action);
7291	switch (cdb->options & RSO_OPTIONS_MASK) {
7292	case RSO_OPTIONS_ALL:
7293		num = 0;
7294		for (i = 0; i < 256; i++) {
7295			entry = &ctl_cmd_table[i];
7296			if (entry->flags & CTL_CMD_FLAG_SA5) {
7297				for (j = 0; j < 32; j++) {
7298					sentry = &((const struct ctl_cmd_entry *)
7299					    entry->execute)[j];
7300					if (ctl_cmd_applicable(
7301					    lun->be_lun->lun_type, sentry))
7302						num++;
7303				}
7304			} else {
7305				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7306				    entry))
7307					num++;
7308			}
7309		}
7310		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7311		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7312		break;
7313	case RSO_OPTIONS_OC:
7314		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7315			ctl_set_invalid_field(/*ctsio*/ ctsio,
7316					      /*sks_valid*/ 1,
7317					      /*command*/ 1,
7318					      /*field*/ 2,
7319					      /*bit_valid*/ 1,
7320					      /*bit*/ 2);
7321			ctl_done((union ctl_io *)ctsio);
7322			return (CTL_RETVAL_COMPLETE);
7323		}
7324		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7325		break;
7326	case RSO_OPTIONS_OC_SA:
7327		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7328		    service_action >= 32) {
7329			ctl_set_invalid_field(/*ctsio*/ ctsio,
7330					      /*sks_valid*/ 1,
7331					      /*command*/ 1,
7332					      /*field*/ 2,
7333					      /*bit_valid*/ 1,
7334					      /*bit*/ 2);
7335			ctl_done((union ctl_io *)ctsio);
7336			return (CTL_RETVAL_COMPLETE);
7337		}
7338		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7339		break;
7340	default:
7341		ctl_set_invalid_field(/*ctsio*/ ctsio,
7342				      /*sks_valid*/ 1,
7343				      /*command*/ 1,
7344				      /*field*/ 2,
7345				      /*bit_valid*/ 1,
7346				      /*bit*/ 2);
7347		ctl_done((union ctl_io *)ctsio);
7348		return (CTL_RETVAL_COMPLETE);
7349	}
7350
7351	alloc_len = scsi_4btoul(cdb->length);
7352
7353	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7354
7355	ctsio->kern_sg_entries = 0;
7356
7357	if (total_len < alloc_len) {
7358		ctsio->residual = alloc_len - total_len;
7359		ctsio->kern_data_len = total_len;
7360		ctsio->kern_total_len = total_len;
7361	} else {
7362		ctsio->residual = 0;
7363		ctsio->kern_data_len = alloc_len;
7364		ctsio->kern_total_len = alloc_len;
7365	}
7366	ctsio->kern_data_resid = 0;
7367	ctsio->kern_rel_offset = 0;
7368
7369	switch (cdb->options & RSO_OPTIONS_MASK) {
7370	case RSO_OPTIONS_ALL:
7371		all = (struct scsi_report_supported_opcodes_all *)
7372		    ctsio->kern_data_ptr;
7373		num = 0;
7374		for (i = 0; i < 256; i++) {
7375			entry = &ctl_cmd_table[i];
7376			if (entry->flags & CTL_CMD_FLAG_SA5) {
7377				for (j = 0; j < 32; j++) {
7378					sentry = &((const struct ctl_cmd_entry *)
7379					    entry->execute)[j];
7380					if (!ctl_cmd_applicable(
7381					    lun->be_lun->lun_type, sentry))
7382						continue;
7383					descr = &all->descr[num++];
7384					descr->opcode = i;
7385					scsi_ulto2b(j, descr->service_action);
7386					descr->flags = RSO_SERVACTV;
7387					scsi_ulto2b(sentry->length,
7388					    descr->cdb_length);
7389				}
7390			} else {
7391				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7392				    entry))
7393					continue;
7394				descr = &all->descr[num++];
7395				descr->opcode = i;
7396				scsi_ulto2b(0, descr->service_action);
7397				descr->flags = 0;
7398				scsi_ulto2b(entry->length, descr->cdb_length);
7399			}
7400		}
7401		scsi_ulto4b(
7402		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7403		    all->length);
7404		break;
7405	case RSO_OPTIONS_OC:
7406		one = (struct scsi_report_supported_opcodes_one *)
7407		    ctsio->kern_data_ptr;
7408		entry = &ctl_cmd_table[opcode];
7409		goto fill_one;
7410	case RSO_OPTIONS_OC_SA:
7411		one = (struct scsi_report_supported_opcodes_one *)
7412		    ctsio->kern_data_ptr;
7413		entry = &ctl_cmd_table[opcode];
7414		entry = &((const struct ctl_cmd_entry *)
7415		    entry->execute)[service_action];
7416fill_one:
7417		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7418			one->support = 3;
7419			scsi_ulto2b(entry->length, one->cdb_length);
7420			one->cdb_usage[0] = opcode;
7421			memcpy(&one->cdb_usage[1], entry->usage,
7422			    entry->length - 1);
7423		} else
7424			one->support = 1;
7425		break;
7426	}
7427
7428	ctl_set_success(ctsio);
7429	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7430	ctsio->be_move_done = ctl_config_move_done;
7431	ctl_datamove((union ctl_io *)ctsio);
7432	return(retval);
7433}
7434
7435int
7436ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7437{
7438	struct scsi_report_supported_tmf *cdb;
7439	struct scsi_report_supported_tmf_data *data;
7440	int retval;
7441	int alloc_len, total_len;
7442
7443	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7444
7445	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7446
7447	retval = CTL_RETVAL_COMPLETE;
7448
7449	total_len = sizeof(struct scsi_report_supported_tmf_data);
7450	alloc_len = scsi_4btoul(cdb->length);
7451
7452	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7453
7454	ctsio->kern_sg_entries = 0;
7455
7456	if (total_len < alloc_len) {
7457		ctsio->residual = alloc_len - total_len;
7458		ctsio->kern_data_len = total_len;
7459		ctsio->kern_total_len = total_len;
7460	} else {
7461		ctsio->residual = 0;
7462		ctsio->kern_data_len = alloc_len;
7463		ctsio->kern_total_len = alloc_len;
7464	}
7465	ctsio->kern_data_resid = 0;
7466	ctsio->kern_rel_offset = 0;
7467
7468	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7469	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7470	    RST_TRS;
7471	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7472
7473	ctl_set_success(ctsio);
7474	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7475	ctsio->be_move_done = ctl_config_move_done;
7476	ctl_datamove((union ctl_io *)ctsio);
7477	return (retval);
7478}
7479
7480int
7481ctl_report_timestamp(struct ctl_scsiio *ctsio)
7482{
7483	struct scsi_report_timestamp *cdb;
7484	struct scsi_report_timestamp_data *data;
7485	struct timeval tv;
7486	int64_t timestamp;
7487	int retval;
7488	int alloc_len, total_len;
7489
7490	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7491
7492	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7493
7494	retval = CTL_RETVAL_COMPLETE;
7495
7496	total_len = sizeof(struct scsi_report_timestamp_data);
7497	alloc_len = scsi_4btoul(cdb->length);
7498
7499	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7500
7501	ctsio->kern_sg_entries = 0;
7502
7503	if (total_len < alloc_len) {
7504		ctsio->residual = alloc_len - total_len;
7505		ctsio->kern_data_len = total_len;
7506		ctsio->kern_total_len = total_len;
7507	} else {
7508		ctsio->residual = 0;
7509		ctsio->kern_data_len = alloc_len;
7510		ctsio->kern_total_len = alloc_len;
7511	}
7512	ctsio->kern_data_resid = 0;
7513	ctsio->kern_rel_offset = 0;
7514
7515	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7516	scsi_ulto2b(sizeof(*data) - 2, data->length);
7517	data->origin = RTS_ORIG_OUTSIDE;
7518	getmicrotime(&tv);
7519	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7520	scsi_ulto4b(timestamp >> 16, data->timestamp);
7521	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7522
7523	ctl_set_success(ctsio);
7524	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7525	ctsio->be_move_done = ctl_config_move_done;
7526	ctl_datamove((union ctl_io *)ctsio);
7527	return (retval);
7528}
7529
7530int
7531ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7532{
7533	struct scsi_per_res_in *cdb;
7534	int alloc_len, total_len = 0;
7535	/* struct scsi_per_res_in_rsrv in_data; */
7536	struct ctl_lun *lun;
7537	struct ctl_softc *softc;
7538	uint64_t key;
7539
7540	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7541
7542	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7543
7544	alloc_len = scsi_2btoul(cdb->length);
7545
7546	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7547	softc = lun->ctl_softc;
7548
7549retry:
7550	mtx_lock(&lun->lun_lock);
7551	switch (cdb->action) {
7552	case SPRI_RK: /* read keys */
7553		total_len = sizeof(struct scsi_per_res_in_keys) +
7554			lun->pr_key_count *
7555			sizeof(struct scsi_per_res_key);
7556		break;
7557	case SPRI_RR: /* read reservation */
7558		if (lun->flags & CTL_LUN_PR_RESERVED)
7559			total_len = sizeof(struct scsi_per_res_in_rsrv);
7560		else
7561			total_len = sizeof(struct scsi_per_res_in_header);
7562		break;
7563	case SPRI_RC: /* report capabilities */
7564		total_len = sizeof(struct scsi_per_res_cap);
7565		break;
7566	case SPRI_RS: /* read full status */
7567		total_len = sizeof(struct scsi_per_res_in_header) +
7568		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7569		    lun->pr_key_count;
7570		break;
7571	default:
7572		panic("Invalid PR type %x", cdb->action);
7573	}
7574	mtx_unlock(&lun->lun_lock);
7575
7576	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7577
7578	if (total_len < alloc_len) {
7579		ctsio->residual = alloc_len - total_len;
7580		ctsio->kern_data_len = total_len;
7581		ctsio->kern_total_len = total_len;
7582	} else {
7583		ctsio->residual = 0;
7584		ctsio->kern_data_len = alloc_len;
7585		ctsio->kern_total_len = alloc_len;
7586	}
7587
7588	ctsio->kern_data_resid = 0;
7589	ctsio->kern_rel_offset = 0;
7590	ctsio->kern_sg_entries = 0;
7591
7592	mtx_lock(&lun->lun_lock);
7593	switch (cdb->action) {
7594	case SPRI_RK: { // read keys
7595        struct scsi_per_res_in_keys *res_keys;
7596		int i, key_count;
7597
7598		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7599
7600		/*
7601		 * We had to drop the lock to allocate our buffer, which
7602		 * leaves time for someone to come in with another
7603		 * persistent reservation.  (That is unlikely, though,
7604		 * since this should be the only persistent reservation
7605		 * command active right now.)
7606		 */
7607		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7608		    (lun->pr_key_count *
7609		     sizeof(struct scsi_per_res_key)))){
7610			mtx_unlock(&lun->lun_lock);
7611			free(ctsio->kern_data_ptr, M_CTL);
7612			printf("%s: reservation length changed, retrying\n",
7613			       __func__);
7614			goto retry;
7615		}
7616
7617		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7618
7619		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7620			     lun->pr_key_count, res_keys->header.length);
7621
7622		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7623			if ((key = ctl_get_prkey(lun, i)) == 0)
7624				continue;
7625
7626			/*
7627			 * We used lun->pr_key_count to calculate the
7628			 * size to allocate.  If it turns out the number of
7629			 * initiators with the registered flag set is
7630			 * larger than that (i.e. they haven't been kept in
7631			 * sync), we've got a problem.
7632			 */
7633			if (key_count >= lun->pr_key_count) {
7634#ifdef NEEDTOPORT
7635				csevent_log(CSC_CTL | CSC_SHELF_SW |
7636					    CTL_PR_ERROR,
7637					    csevent_LogType_Fault,
7638					    csevent_AlertLevel_Yellow,
7639					    csevent_FRU_ShelfController,
7640					    csevent_FRU_Firmware,
7641				        csevent_FRU_Unknown,
7642					    "registered keys %d >= key "
7643					    "count %d", key_count,
7644					    lun->pr_key_count);
7645#endif
7646				key_count++;
7647				continue;
7648			}
7649			scsi_u64to8b(key, res_keys->keys[key_count].key);
7650			key_count++;
7651		}
7652		break;
7653	}
7654	case SPRI_RR: { // read reservation
7655		struct scsi_per_res_in_rsrv *res;
7656		int tmp_len, header_only;
7657
7658		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7659
7660		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7661
7662		if (lun->flags & CTL_LUN_PR_RESERVED)
7663		{
7664			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7665			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7666				    res->header.length);
7667			header_only = 0;
7668		} else {
7669			tmp_len = sizeof(struct scsi_per_res_in_header);
7670			scsi_ulto4b(0, res->header.length);
7671			header_only = 1;
7672		}
7673
7674		/*
7675		 * We had to drop the lock to allocate our buffer, which
7676		 * leaves time for someone to come in with another
7677		 * persistent reservation.  (That is unlikely, though,
7678		 * since this should be the only persistent reservation
7679		 * command active right now.)
7680		 */
7681		if (tmp_len != total_len) {
7682			mtx_unlock(&lun->lun_lock);
7683			free(ctsio->kern_data_ptr, M_CTL);
7684			printf("%s: reservation status changed, retrying\n",
7685			       __func__);
7686			goto retry;
7687		}
7688
7689		/*
7690		 * No reservation held, so we're done.
7691		 */
7692		if (header_only != 0)
7693			break;
7694
7695		/*
7696		 * If the registration is an All Registrants type, the key
7697		 * is 0, since it doesn't really matter.
7698		 */
7699		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7700			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7701			    res->data.reservation);
7702		}
7703		res->data.scopetype = lun->res_type;
7704		break;
7705	}
7706	case SPRI_RC:     //report capabilities
7707	{
7708		struct scsi_per_res_cap *res_cap;
7709		uint16_t type_mask;
7710
7711		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7712		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7713		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7714		type_mask = SPRI_TM_WR_EX_AR |
7715			    SPRI_TM_EX_AC_RO |
7716			    SPRI_TM_WR_EX_RO |
7717			    SPRI_TM_EX_AC |
7718			    SPRI_TM_WR_EX |
7719			    SPRI_TM_EX_AC_AR;
7720		scsi_ulto2b(type_mask, res_cap->type_mask);
7721		break;
7722	}
7723	case SPRI_RS: { // read full status
7724		struct scsi_per_res_in_full *res_status;
7725		struct scsi_per_res_in_full_desc *res_desc;
7726		struct ctl_port *port;
7727		int i, len;
7728
7729		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7730
7731		/*
7732		 * We had to drop the lock to allocate our buffer, which
7733		 * leaves time for someone to come in with another
7734		 * persistent reservation.  (That is unlikely, though,
7735		 * since this should be the only persistent reservation
7736		 * command active right now.)
7737		 */
7738		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7739		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7740		     lun->pr_key_count)){
7741			mtx_unlock(&lun->lun_lock);
7742			free(ctsio->kern_data_ptr, M_CTL);
7743			printf("%s: reservation length changed, retrying\n",
7744			       __func__);
7745			goto retry;
7746		}
7747
7748		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7749
7750		res_desc = &res_status->desc[0];
7751		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7752			if ((key = ctl_get_prkey(lun, i)) == 0)
7753				continue;
7754
7755			scsi_u64to8b(key, res_desc->res_key.key);
7756			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7757			    (lun->pr_res_idx == i ||
7758			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7759				res_desc->flags = SPRI_FULL_R_HOLDER;
7760				res_desc->scopetype = lun->res_type;
7761			}
7762			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7763			    res_desc->rel_trgt_port_id);
7764			len = 0;
7765			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7766			if (port != NULL)
7767				len = ctl_create_iid(port,
7768				    i % CTL_MAX_INIT_PER_PORT,
7769				    res_desc->transport_id);
7770			scsi_ulto4b(len, res_desc->additional_length);
7771			res_desc = (struct scsi_per_res_in_full_desc *)
7772			    &res_desc->transport_id[len];
7773		}
7774		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7775		    res_status->header.length);
7776		break;
7777	}
7778	default:
7779		/*
7780		 * This is a bug, because we just checked for this above,
7781		 * and should have returned an error.
7782		 */
7783		panic("Invalid PR type %x", cdb->action);
7784		break; /* NOTREACHED */
7785	}
7786	mtx_unlock(&lun->lun_lock);
7787
7788	ctl_set_success(ctsio);
7789	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7790	ctsio->be_move_done = ctl_config_move_done;
7791	ctl_datamove((union ctl_io *)ctsio);
7792	return (CTL_RETVAL_COMPLETE);
7793}
7794
7795/*
7796 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7797 * it should return.
7798 */
7799static int
7800ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7801		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7802		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7803		struct scsi_per_res_out_parms* param)
7804{
7805	union ctl_ha_msg persis_io;
7806	int i;
7807
7808	mtx_lock(&lun->lun_lock);
7809	if (sa_res_key == 0) {
7810		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7811			/* validate scope and type */
7812			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7813			     SPR_LU_SCOPE) {
7814				mtx_unlock(&lun->lun_lock);
7815				ctl_set_invalid_field(/*ctsio*/ ctsio,
7816						      /*sks_valid*/ 1,
7817						      /*command*/ 1,
7818						      /*field*/ 2,
7819						      /*bit_valid*/ 1,
7820						      /*bit*/ 4);
7821				ctl_done((union ctl_io *)ctsio);
7822				return (1);
7823			}
7824
7825		        if (type>8 || type==2 || type==4 || type==0) {
7826				mtx_unlock(&lun->lun_lock);
7827				ctl_set_invalid_field(/*ctsio*/ ctsio,
7828       	           				      /*sks_valid*/ 1,
7829						      /*command*/ 1,
7830						      /*field*/ 2,
7831						      /*bit_valid*/ 1,
7832						      /*bit*/ 0);
7833				ctl_done((union ctl_io *)ctsio);
7834				return (1);
7835		        }
7836
7837			/*
7838			 * Unregister everybody else and build UA for
7839			 * them
7840			 */
7841			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7842				if (i == residx || ctl_get_prkey(lun, i) == 0)
7843					continue;
7844
7845				ctl_clr_prkey(lun, i);
7846				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7847			}
7848			lun->pr_key_count = 1;
7849			lun->res_type = type;
7850			if (lun->res_type != SPR_TYPE_WR_EX_AR
7851			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7852				lun->pr_res_idx = residx;
7853			lun->PRGeneration++;
7854			mtx_unlock(&lun->lun_lock);
7855
7856			/* send msg to other side */
7857			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7858			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7859			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7860			persis_io.pr.pr_info.residx = lun->pr_res_idx;
7861			persis_io.pr.pr_info.res_type = type;
7862			memcpy(persis_io.pr.pr_info.sa_res_key,
7863			       param->serv_act_res_key,
7864			       sizeof(param->serv_act_res_key));
7865			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7866			    sizeof(persis_io.pr), M_WAITOK);
7867		} else {
7868			/* not all registrants */
7869			mtx_unlock(&lun->lun_lock);
7870			free(ctsio->kern_data_ptr, M_CTL);
7871			ctl_set_invalid_field(ctsio,
7872					      /*sks_valid*/ 1,
7873					      /*command*/ 0,
7874					      /*field*/ 8,
7875					      /*bit_valid*/ 0,
7876					      /*bit*/ 0);
7877			ctl_done((union ctl_io *)ctsio);
7878			return (1);
7879		}
7880	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
7881		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
7882		int found = 0;
7883
7884		if (res_key == sa_res_key) {
7885			/* special case */
7886			/*
7887			 * The spec implies this is not good but doesn't
7888			 * say what to do. There are two choices either
7889			 * generate a res conflict or check condition
7890			 * with illegal field in parameter data. Since
7891			 * that is what is done when the sa_res_key is
7892			 * zero I'll take that approach since this has
7893			 * to do with the sa_res_key.
7894			 */
7895			mtx_unlock(&lun->lun_lock);
7896			free(ctsio->kern_data_ptr, M_CTL);
7897			ctl_set_invalid_field(ctsio,
7898					      /*sks_valid*/ 1,
7899					      /*command*/ 0,
7900					      /*field*/ 8,
7901					      /*bit_valid*/ 0,
7902					      /*bit*/ 0);
7903			ctl_done((union ctl_io *)ctsio);
7904			return (1);
7905		}
7906
7907		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7908			if (ctl_get_prkey(lun, i) != sa_res_key)
7909				continue;
7910
7911			found = 1;
7912			ctl_clr_prkey(lun, i);
7913			lun->pr_key_count--;
7914			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7915		}
7916		if (!found) {
7917			mtx_unlock(&lun->lun_lock);
7918			free(ctsio->kern_data_ptr, M_CTL);
7919			ctl_set_reservation_conflict(ctsio);
7920			ctl_done((union ctl_io *)ctsio);
7921			return (CTL_RETVAL_COMPLETE);
7922		}
7923		lun->PRGeneration++;
7924		mtx_unlock(&lun->lun_lock);
7925
7926		/* send msg to other side */
7927		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
7928		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
7929		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
7930		persis_io.pr.pr_info.residx = lun->pr_res_idx;
7931		persis_io.pr.pr_info.res_type = type;
7932		memcpy(persis_io.pr.pr_info.sa_res_key,
7933		       param->serv_act_res_key,
7934		       sizeof(param->serv_act_res_key));
7935		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
7936		    sizeof(persis_io.pr), M_WAITOK);
7937	} else {
7938		/* Reserved but not all registrants */
7939		/* sa_res_key is res holder */
7940		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
7941			/* validate scope and type */
7942			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7943			     SPR_LU_SCOPE) {
7944				mtx_unlock(&lun->lun_lock);
7945				ctl_set_invalid_field(/*ctsio*/ ctsio,
7946						      /*sks_valid*/ 1,
7947						      /*command*/ 1,
7948						      /*field*/ 2,
7949						      /*bit_valid*/ 1,
7950						      /*bit*/ 4);
7951				ctl_done((union ctl_io *)ctsio);
7952				return (1);
7953			}
7954
7955			if (type>8 || type==2 || type==4 || type==0) {
7956				mtx_unlock(&lun->lun_lock);
7957				ctl_set_invalid_field(/*ctsio*/ ctsio,
7958						      /*sks_valid*/ 1,
7959						      /*command*/ 1,
7960						      /*field*/ 2,
7961						      /*bit_valid*/ 1,
7962						      /*bit*/ 0);
7963				ctl_done((union ctl_io *)ctsio);
7964				return (1);
7965			}
7966
7967			/*
7968			 * Do the following:
7969			 * if sa_res_key != res_key remove all
7970			 * registrants w/sa_res_key and generate UA
7971			 * for these registrants(Registrations
7972			 * Preempted) if it wasn't an exclusive
7973			 * reservation generate UA(Reservations
7974			 * Preempted) for all other registered nexuses
7975			 * if the type has changed. Establish the new
7976			 * reservation and holder. If res_key and
7977			 * sa_res_key are the same do the above
7978			 * except don't unregister the res holder.
7979			 */
7980
7981			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
7982				if (i == residx || ctl_get_prkey(lun, i) == 0)
7983					continue;
7984
7985				if (sa_res_key == ctl_get_prkey(lun, i)) {
7986					ctl_clr_prkey(lun, i);
7987					lun->pr_key_count--;
7988					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
7989				} else if (type != lun->res_type
7990					&& (lun->res_type == SPR_TYPE_WR_EX_RO
7991					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
7992					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
7993				}
7994			}
7995			lun->res_type = type;
7996			if (lun->res_type != SPR_TYPE_WR_EX_AR
7997			 && lun->res_type != SPR_TYPE_EX_AC_AR)
7998				lun->pr_res_idx = residx;
7999			else
8000				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8001			lun->PRGeneration++;
8002			mtx_unlock(&lun->lun_lock);
8003
8004			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8005			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8006			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8007			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8008			persis_io.pr.pr_info.res_type = type;
8009			memcpy(persis_io.pr.pr_info.sa_res_key,
8010			       param->serv_act_res_key,
8011			       sizeof(param->serv_act_res_key));
8012			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8013			    sizeof(persis_io.pr), M_WAITOK);
8014		} else {
8015			/*
8016			 * sa_res_key is not the res holder just
8017			 * remove registrants
8018			 */
8019			int found=0;
8020
8021			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8022				if (sa_res_key != ctl_get_prkey(lun, i))
8023					continue;
8024
8025				found = 1;
8026				ctl_clr_prkey(lun, i);
8027				lun->pr_key_count--;
8028				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8029			}
8030
8031			if (!found) {
8032				mtx_unlock(&lun->lun_lock);
8033				free(ctsio->kern_data_ptr, M_CTL);
8034				ctl_set_reservation_conflict(ctsio);
8035				ctl_done((union ctl_io *)ctsio);
8036		        	return (1);
8037			}
8038			lun->PRGeneration++;
8039			mtx_unlock(&lun->lun_lock);
8040
8041			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8042			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8043			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8044			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8045			persis_io.pr.pr_info.res_type = type;
8046			memcpy(persis_io.pr.pr_info.sa_res_key,
8047			       param->serv_act_res_key,
8048			       sizeof(param->serv_act_res_key));
8049			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8050			    sizeof(persis_io.pr), M_WAITOK);
8051		}
8052	}
8053	return (0);
8054}
8055
8056static void
8057ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8058{
8059	uint64_t sa_res_key;
8060	int i;
8061
8062	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8063
8064	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8065	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8066	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8067		if (sa_res_key == 0) {
8068			/*
8069			 * Unregister everybody else and build UA for
8070			 * them
8071			 */
8072			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8073				if (i == msg->pr.pr_info.residx ||
8074				    ctl_get_prkey(lun, i) == 0)
8075					continue;
8076
8077				ctl_clr_prkey(lun, i);
8078				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8079			}
8080
8081			lun->pr_key_count = 1;
8082			lun->res_type = msg->pr.pr_info.res_type;
8083			if (lun->res_type != SPR_TYPE_WR_EX_AR
8084			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8085				lun->pr_res_idx = msg->pr.pr_info.residx;
8086		} else {
8087		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8088				if (sa_res_key == ctl_get_prkey(lun, i))
8089					continue;
8090
8091				ctl_clr_prkey(lun, i);
8092				lun->pr_key_count--;
8093				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8094			}
8095		}
8096	} else {
8097		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8098			if (i == msg->pr.pr_info.residx ||
8099			    ctl_get_prkey(lun, i) == 0)
8100				continue;
8101
8102			if (sa_res_key == ctl_get_prkey(lun, i)) {
8103				ctl_clr_prkey(lun, i);
8104				lun->pr_key_count--;
8105				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8106			} else if (msg->pr.pr_info.res_type != lun->res_type
8107				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8108				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8109				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8110			}
8111		}
8112		lun->res_type = msg->pr.pr_info.res_type;
8113		if (lun->res_type != SPR_TYPE_WR_EX_AR
8114		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8115			lun->pr_res_idx = msg->pr.pr_info.residx;
8116		else
8117			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8118	}
8119	lun->PRGeneration++;
8120
8121}
8122
8123
8124int
8125ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8126{
8127	int retval;
8128	u_int32_t param_len;
8129	struct scsi_per_res_out *cdb;
8130	struct ctl_lun *lun;
8131	struct scsi_per_res_out_parms* param;
8132	struct ctl_softc *softc;
8133	uint32_t residx;
8134	uint64_t res_key, sa_res_key, key;
8135	uint8_t type;
8136	union ctl_ha_msg persis_io;
8137	int    i;
8138
8139	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8140
8141	retval = CTL_RETVAL_COMPLETE;
8142
8143	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8144	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8145	softc = lun->ctl_softc;
8146
8147	/*
8148	 * We only support whole-LUN scope.  The scope & type are ignored for
8149	 * register, register and ignore existing key and clear.
8150	 * We sometimes ignore scope and type on preempts too!!
8151	 * Verify reservation type here as well.
8152	 */
8153	type = cdb->scope_type & SPR_TYPE_MASK;
8154	if ((cdb->action == SPRO_RESERVE)
8155	 || (cdb->action == SPRO_RELEASE)) {
8156		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8157			ctl_set_invalid_field(/*ctsio*/ ctsio,
8158					      /*sks_valid*/ 1,
8159					      /*command*/ 1,
8160					      /*field*/ 2,
8161					      /*bit_valid*/ 1,
8162					      /*bit*/ 4);
8163			ctl_done((union ctl_io *)ctsio);
8164			return (CTL_RETVAL_COMPLETE);
8165		}
8166
8167		if (type>8 || type==2 || type==4 || type==0) {
8168			ctl_set_invalid_field(/*ctsio*/ ctsio,
8169					      /*sks_valid*/ 1,
8170					      /*command*/ 1,
8171					      /*field*/ 2,
8172					      /*bit_valid*/ 1,
8173					      /*bit*/ 0);
8174			ctl_done((union ctl_io *)ctsio);
8175			return (CTL_RETVAL_COMPLETE);
8176		}
8177	}
8178
8179	param_len = scsi_4btoul(cdb->length);
8180
8181	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8182		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8183		ctsio->kern_data_len = param_len;
8184		ctsio->kern_total_len = param_len;
8185		ctsio->kern_data_resid = 0;
8186		ctsio->kern_rel_offset = 0;
8187		ctsio->kern_sg_entries = 0;
8188		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8189		ctsio->be_move_done = ctl_config_move_done;
8190		ctl_datamove((union ctl_io *)ctsio);
8191
8192		return (CTL_RETVAL_COMPLETE);
8193	}
8194
8195	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8196
8197	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8198	res_key = scsi_8btou64(param->res_key.key);
8199	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8200
8201	/*
8202	 * Validate the reservation key here except for SPRO_REG_IGNO
8203	 * This must be done for all other service actions
8204	 */
8205	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8206		mtx_lock(&lun->lun_lock);
8207		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8208			if (res_key != key) {
8209				/*
8210				 * The current key passed in doesn't match
8211				 * the one the initiator previously
8212				 * registered.
8213				 */
8214				mtx_unlock(&lun->lun_lock);
8215				free(ctsio->kern_data_ptr, M_CTL);
8216				ctl_set_reservation_conflict(ctsio);
8217				ctl_done((union ctl_io *)ctsio);
8218				return (CTL_RETVAL_COMPLETE);
8219			}
8220		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8221			/*
8222			 * We are not registered
8223			 */
8224			mtx_unlock(&lun->lun_lock);
8225			free(ctsio->kern_data_ptr, M_CTL);
8226			ctl_set_reservation_conflict(ctsio);
8227			ctl_done((union ctl_io *)ctsio);
8228			return (CTL_RETVAL_COMPLETE);
8229		} else if (res_key != 0) {
8230			/*
8231			 * We are not registered and trying to register but
8232			 * the register key isn't zero.
8233			 */
8234			mtx_unlock(&lun->lun_lock);
8235			free(ctsio->kern_data_ptr, M_CTL);
8236			ctl_set_reservation_conflict(ctsio);
8237			ctl_done((union ctl_io *)ctsio);
8238			return (CTL_RETVAL_COMPLETE);
8239		}
8240		mtx_unlock(&lun->lun_lock);
8241	}
8242
8243	switch (cdb->action & SPRO_ACTION_MASK) {
8244	case SPRO_REGISTER:
8245	case SPRO_REG_IGNO: {
8246
8247#if 0
8248		printf("Registration received\n");
8249#endif
8250
8251		/*
8252		 * We don't support any of these options, as we report in
8253		 * the read capabilities request (see
8254		 * ctl_persistent_reserve_in(), above).
8255		 */
8256		if ((param->flags & SPR_SPEC_I_PT)
8257		 || (param->flags & SPR_ALL_TG_PT)
8258		 || (param->flags & SPR_APTPL)) {
8259			int bit_ptr;
8260
8261			if (param->flags & SPR_APTPL)
8262				bit_ptr = 0;
8263			else if (param->flags & SPR_ALL_TG_PT)
8264				bit_ptr = 2;
8265			else /* SPR_SPEC_I_PT */
8266				bit_ptr = 3;
8267
8268			free(ctsio->kern_data_ptr, M_CTL);
8269			ctl_set_invalid_field(ctsio,
8270					      /*sks_valid*/ 1,
8271					      /*command*/ 0,
8272					      /*field*/ 20,
8273					      /*bit_valid*/ 1,
8274					      /*bit*/ bit_ptr);
8275			ctl_done((union ctl_io *)ctsio);
8276			return (CTL_RETVAL_COMPLETE);
8277		}
8278
8279		mtx_lock(&lun->lun_lock);
8280
8281		/*
8282		 * The initiator wants to clear the
8283		 * key/unregister.
8284		 */
8285		if (sa_res_key == 0) {
8286			if ((res_key == 0
8287			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8288			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8289			  && ctl_get_prkey(lun, residx) == 0)) {
8290				mtx_unlock(&lun->lun_lock);
8291				goto done;
8292			}
8293
8294			ctl_clr_prkey(lun, residx);
8295			lun->pr_key_count--;
8296
8297			if (residx == lun->pr_res_idx) {
8298				lun->flags &= ~CTL_LUN_PR_RESERVED;
8299				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8300
8301				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8302				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8303				 && lun->pr_key_count) {
8304					/*
8305					 * If the reservation is a registrants
8306					 * only type we need to generate a UA
8307					 * for other registered inits.  The
8308					 * sense code should be RESERVATIONS
8309					 * RELEASED
8310					 */
8311
8312					for (i = softc->init_min; i < softc->init_max; i++){
8313						if (ctl_get_prkey(lun, i) == 0)
8314							continue;
8315						ctl_est_ua(lun, i,
8316						    CTL_UA_RES_RELEASE);
8317					}
8318				}
8319				lun->res_type = 0;
8320			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8321				if (lun->pr_key_count==0) {
8322					lun->flags &= ~CTL_LUN_PR_RESERVED;
8323					lun->res_type = 0;
8324					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8325				}
8326			}
8327			lun->PRGeneration++;
8328			mtx_unlock(&lun->lun_lock);
8329
8330			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8331			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8332			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8333			persis_io.pr.pr_info.residx = residx;
8334			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8335			    sizeof(persis_io.pr), M_WAITOK);
8336		} else /* sa_res_key != 0 */ {
8337
8338			/*
8339			 * If we aren't registered currently then increment
8340			 * the key count and set the registered flag.
8341			 */
8342			ctl_alloc_prkey(lun, residx);
8343			if (ctl_get_prkey(lun, residx) == 0)
8344				lun->pr_key_count++;
8345			ctl_set_prkey(lun, residx, sa_res_key);
8346			lun->PRGeneration++;
8347			mtx_unlock(&lun->lun_lock);
8348
8349			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8350			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8351			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8352			persis_io.pr.pr_info.residx = residx;
8353			memcpy(persis_io.pr.pr_info.sa_res_key,
8354			       param->serv_act_res_key,
8355			       sizeof(param->serv_act_res_key));
8356			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8357			    sizeof(persis_io.pr), M_WAITOK);
8358		}
8359
8360		break;
8361	}
8362	case SPRO_RESERVE:
8363#if 0
8364                printf("Reserve executed type %d\n", type);
8365#endif
8366		mtx_lock(&lun->lun_lock);
8367		if (lun->flags & CTL_LUN_PR_RESERVED) {
8368			/*
8369			 * if this isn't the reservation holder and it's
8370			 * not a "all registrants" type or if the type is
8371			 * different then we have a conflict
8372			 */
8373			if ((lun->pr_res_idx != residx
8374			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8375			 || lun->res_type != type) {
8376				mtx_unlock(&lun->lun_lock);
8377				free(ctsio->kern_data_ptr, M_CTL);
8378				ctl_set_reservation_conflict(ctsio);
8379				ctl_done((union ctl_io *)ctsio);
8380				return (CTL_RETVAL_COMPLETE);
8381			}
8382			mtx_unlock(&lun->lun_lock);
8383		} else /* create a reservation */ {
8384			/*
8385			 * If it's not an "all registrants" type record
8386			 * reservation holder
8387			 */
8388			if (type != SPR_TYPE_WR_EX_AR
8389			 && type != SPR_TYPE_EX_AC_AR)
8390				lun->pr_res_idx = residx; /* Res holder */
8391			else
8392				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8393
8394			lun->flags |= CTL_LUN_PR_RESERVED;
8395			lun->res_type = type;
8396
8397			mtx_unlock(&lun->lun_lock);
8398
8399			/* send msg to other side */
8400			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8401			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8402			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8403			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8404			persis_io.pr.pr_info.res_type = type;
8405			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8406			    sizeof(persis_io.pr), M_WAITOK);
8407		}
8408		break;
8409
8410	case SPRO_RELEASE:
8411		mtx_lock(&lun->lun_lock);
8412		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8413			/* No reservation exists return good status */
8414			mtx_unlock(&lun->lun_lock);
8415			goto done;
8416		}
8417		/*
8418		 * Is this nexus a reservation holder?
8419		 */
8420		if (lun->pr_res_idx != residx
8421		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8422			/*
8423			 * not a res holder return good status but
8424			 * do nothing
8425			 */
8426			mtx_unlock(&lun->lun_lock);
8427			goto done;
8428		}
8429
8430		if (lun->res_type != type) {
8431			mtx_unlock(&lun->lun_lock);
8432			free(ctsio->kern_data_ptr, M_CTL);
8433			ctl_set_illegal_pr_release(ctsio);
8434			ctl_done((union ctl_io *)ctsio);
8435			return (CTL_RETVAL_COMPLETE);
8436		}
8437
8438		/* okay to release */
8439		lun->flags &= ~CTL_LUN_PR_RESERVED;
8440		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8441		lun->res_type = 0;
8442
8443		/*
8444		 * if this isn't an exclusive access
8445		 * res generate UA for all other
8446		 * registrants.
8447		 */
8448		if (type != SPR_TYPE_EX_AC
8449		 && type != SPR_TYPE_WR_EX) {
8450			for (i = softc->init_min; i < softc->init_max; i++) {
8451				if (i == residx || ctl_get_prkey(lun, i) == 0)
8452					continue;
8453				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8454			}
8455		}
8456		mtx_unlock(&lun->lun_lock);
8457
8458		/* Send msg to other side */
8459		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8460		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8461		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8462		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8463		     sizeof(persis_io.pr), M_WAITOK);
8464		break;
8465
8466	case SPRO_CLEAR:
8467		/* send msg to other side */
8468
8469		mtx_lock(&lun->lun_lock);
8470		lun->flags &= ~CTL_LUN_PR_RESERVED;
8471		lun->res_type = 0;
8472		lun->pr_key_count = 0;
8473		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8474
8475		ctl_clr_prkey(lun, residx);
8476		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8477			if (ctl_get_prkey(lun, i) != 0) {
8478				ctl_clr_prkey(lun, i);
8479				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8480			}
8481		lun->PRGeneration++;
8482		mtx_unlock(&lun->lun_lock);
8483
8484		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8485		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8486		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8487		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8488		     sizeof(persis_io.pr), M_WAITOK);
8489		break;
8490
8491	case SPRO_PREEMPT:
8492	case SPRO_PRE_ABO: {
8493		int nretval;
8494
8495		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8496					  residx, ctsio, cdb, param);
8497		if (nretval != 0)
8498			return (CTL_RETVAL_COMPLETE);
8499		break;
8500	}
8501	default:
8502		panic("Invalid PR type %x", cdb->action);
8503	}
8504
8505done:
8506	free(ctsio->kern_data_ptr, M_CTL);
8507	ctl_set_success(ctsio);
8508	ctl_done((union ctl_io *)ctsio);
8509
8510	return (retval);
8511}
8512
8513/*
8514 * This routine is for handling a message from the other SC pertaining to
8515 * persistent reserve out. All the error checking will have been done
8516 * so only perorming the action need be done here to keep the two
8517 * in sync.
8518 */
8519static void
8520ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8521{
8522	struct ctl_lun *lun;
8523	struct ctl_softc *softc;
8524	int i;
8525	uint32_t residx, targ_lun;
8526
8527	softc = control_softc;
8528	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8529	mtx_lock(&softc->ctl_lock);
8530	if ((targ_lun >= CTL_MAX_LUNS) ||
8531	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8532		mtx_unlock(&softc->ctl_lock);
8533		return;
8534	}
8535	mtx_lock(&lun->lun_lock);
8536	mtx_unlock(&softc->ctl_lock);
8537	if (lun->flags & CTL_LUN_DISABLED) {
8538		mtx_unlock(&lun->lun_lock);
8539		return;
8540	}
8541	residx = ctl_get_initindex(&msg->hdr.nexus);
8542	switch(msg->pr.pr_info.action) {
8543	case CTL_PR_REG_KEY:
8544		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8545		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8546			lun->pr_key_count++;
8547		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8548		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8549		lun->PRGeneration++;
8550		break;
8551
8552	case CTL_PR_UNREG_KEY:
8553		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8554		lun->pr_key_count--;
8555
8556		/* XXX Need to see if the reservation has been released */
8557		/* if so do we need to generate UA? */
8558		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8559			lun->flags &= ~CTL_LUN_PR_RESERVED;
8560			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8561
8562			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8563			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8564			 && lun->pr_key_count) {
8565				/*
8566				 * If the reservation is a registrants
8567				 * only type we need to generate a UA
8568				 * for other registered inits.  The
8569				 * sense code should be RESERVATIONS
8570				 * RELEASED
8571				 */
8572
8573				for (i = softc->init_min; i < softc->init_max; i++) {
8574					if (ctl_get_prkey(lun, i) == 0)
8575						continue;
8576
8577					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8578				}
8579			}
8580			lun->res_type = 0;
8581		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8582			if (lun->pr_key_count==0) {
8583				lun->flags &= ~CTL_LUN_PR_RESERVED;
8584				lun->res_type = 0;
8585				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8586			}
8587		}
8588		lun->PRGeneration++;
8589		break;
8590
8591	case CTL_PR_RESERVE:
8592		lun->flags |= CTL_LUN_PR_RESERVED;
8593		lun->res_type = msg->pr.pr_info.res_type;
8594		lun->pr_res_idx = msg->pr.pr_info.residx;
8595
8596		break;
8597
8598	case CTL_PR_RELEASE:
8599		/*
8600		 * if this isn't an exclusive access res generate UA for all
8601		 * other registrants.
8602		 */
8603		if (lun->res_type != SPR_TYPE_EX_AC
8604		 && lun->res_type != SPR_TYPE_WR_EX) {
8605			for (i = softc->init_min; i < softc->init_max; i++)
8606				if (i == residx || ctl_get_prkey(lun, i) == 0)
8607					continue;
8608				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8609		}
8610
8611		lun->flags &= ~CTL_LUN_PR_RESERVED;
8612		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8613		lun->res_type = 0;
8614		break;
8615
8616	case CTL_PR_PREEMPT:
8617		ctl_pro_preempt_other(lun, msg);
8618		break;
8619	case CTL_PR_CLEAR:
8620		lun->flags &= ~CTL_LUN_PR_RESERVED;
8621		lun->res_type = 0;
8622		lun->pr_key_count = 0;
8623		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8624
8625		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8626			if (ctl_get_prkey(lun, i) == 0)
8627				continue;
8628			ctl_clr_prkey(lun, i);
8629			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8630		}
8631		lun->PRGeneration++;
8632		break;
8633	}
8634
8635	mtx_unlock(&lun->lun_lock);
8636}
8637
8638int
8639ctl_read_write(struct ctl_scsiio *ctsio)
8640{
8641	struct ctl_lun *lun;
8642	struct ctl_lba_len_flags *lbalen;
8643	uint64_t lba;
8644	uint32_t num_blocks;
8645	int flags, retval;
8646	int isread;
8647
8648	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8649
8650	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8651
8652	flags = 0;
8653	retval = CTL_RETVAL_COMPLETE;
8654
8655	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8656	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8657	switch (ctsio->cdb[0]) {
8658	case READ_6:
8659	case WRITE_6: {
8660		struct scsi_rw_6 *cdb;
8661
8662		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8663
8664		lba = scsi_3btoul(cdb->addr);
8665		/* only 5 bits are valid in the most significant address byte */
8666		lba &= 0x1fffff;
8667		num_blocks = cdb->length;
8668		/*
8669		 * This is correct according to SBC-2.
8670		 */
8671		if (num_blocks == 0)
8672			num_blocks = 256;
8673		break;
8674	}
8675	case READ_10:
8676	case WRITE_10: {
8677		struct scsi_rw_10 *cdb;
8678
8679		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8680		if (cdb->byte2 & SRW10_FUA)
8681			flags |= CTL_LLF_FUA;
8682		if (cdb->byte2 & SRW10_DPO)
8683			flags |= CTL_LLF_DPO;
8684		lba = scsi_4btoul(cdb->addr);
8685		num_blocks = scsi_2btoul(cdb->length);
8686		break;
8687	}
8688	case WRITE_VERIFY_10: {
8689		struct scsi_write_verify_10 *cdb;
8690
8691		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8692		flags |= CTL_LLF_FUA;
8693		if (cdb->byte2 & SWV_DPO)
8694			flags |= CTL_LLF_DPO;
8695		lba = scsi_4btoul(cdb->addr);
8696		num_blocks = scsi_2btoul(cdb->length);
8697		break;
8698	}
8699	case READ_12:
8700	case WRITE_12: {
8701		struct scsi_rw_12 *cdb;
8702
8703		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8704		if (cdb->byte2 & SRW12_FUA)
8705			flags |= CTL_LLF_FUA;
8706		if (cdb->byte2 & SRW12_DPO)
8707			flags |= CTL_LLF_DPO;
8708		lba = scsi_4btoul(cdb->addr);
8709		num_blocks = scsi_4btoul(cdb->length);
8710		break;
8711	}
8712	case WRITE_VERIFY_12: {
8713		struct scsi_write_verify_12 *cdb;
8714
8715		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8716		flags |= CTL_LLF_FUA;
8717		if (cdb->byte2 & SWV_DPO)
8718			flags |= CTL_LLF_DPO;
8719		lba = scsi_4btoul(cdb->addr);
8720		num_blocks = scsi_4btoul(cdb->length);
8721		break;
8722	}
8723	case READ_16:
8724	case WRITE_16: {
8725		struct scsi_rw_16 *cdb;
8726
8727		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8728		if (cdb->byte2 & SRW12_FUA)
8729			flags |= CTL_LLF_FUA;
8730		if (cdb->byte2 & SRW12_DPO)
8731			flags |= CTL_LLF_DPO;
8732		lba = scsi_8btou64(cdb->addr);
8733		num_blocks = scsi_4btoul(cdb->length);
8734		break;
8735	}
8736	case WRITE_ATOMIC_16: {
8737		struct scsi_rw_16 *cdb;
8738
8739		if (lun->be_lun->atomicblock == 0) {
8740			ctl_set_invalid_opcode(ctsio);
8741			ctl_done((union ctl_io *)ctsio);
8742			return (CTL_RETVAL_COMPLETE);
8743		}
8744
8745		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8746		if (cdb->byte2 & SRW12_FUA)
8747			flags |= CTL_LLF_FUA;
8748		if (cdb->byte2 & SRW12_DPO)
8749			flags |= CTL_LLF_DPO;
8750		lba = scsi_8btou64(cdb->addr);
8751		num_blocks = scsi_4btoul(cdb->length);
8752		if (num_blocks > lun->be_lun->atomicblock) {
8753			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8754			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8755			    /*bit*/ 0);
8756			ctl_done((union ctl_io *)ctsio);
8757			return (CTL_RETVAL_COMPLETE);
8758		}
8759		break;
8760	}
8761	case WRITE_VERIFY_16: {
8762		struct scsi_write_verify_16 *cdb;
8763
8764		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8765		flags |= CTL_LLF_FUA;
8766		if (cdb->byte2 & SWV_DPO)
8767			flags |= CTL_LLF_DPO;
8768		lba = scsi_8btou64(cdb->addr);
8769		num_blocks = scsi_4btoul(cdb->length);
8770		break;
8771	}
8772	default:
8773		/*
8774		 * We got a command we don't support.  This shouldn't
8775		 * happen, commands should be filtered out above us.
8776		 */
8777		ctl_set_invalid_opcode(ctsio);
8778		ctl_done((union ctl_io *)ctsio);
8779
8780		return (CTL_RETVAL_COMPLETE);
8781		break; /* NOTREACHED */
8782	}
8783
8784	/*
8785	 * The first check is to make sure we're in bounds, the second
8786	 * check is to catch wrap-around problems.  If the lba + num blocks
8787	 * is less than the lba, then we've wrapped around and the block
8788	 * range is invalid anyway.
8789	 */
8790	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8791	 || ((lba + num_blocks) < lba)) {
8792		ctl_set_lba_out_of_range(ctsio);
8793		ctl_done((union ctl_io *)ctsio);
8794		return (CTL_RETVAL_COMPLETE);
8795	}
8796
8797	/*
8798	 * According to SBC-3, a transfer length of 0 is not an error.
8799	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8800	 * translates to 256 blocks for those commands.
8801	 */
8802	if (num_blocks == 0) {
8803		ctl_set_success(ctsio);
8804		ctl_done((union ctl_io *)ctsio);
8805		return (CTL_RETVAL_COMPLETE);
8806	}
8807
8808	/* Set FUA and/or DPO if caches are disabled. */
8809	if (isread) {
8810		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8811		    SCP_RCD) != 0)
8812			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8813	} else {
8814		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8815		    SCP_WCE) == 0)
8816			flags |= CTL_LLF_FUA;
8817	}
8818
8819	lbalen = (struct ctl_lba_len_flags *)
8820	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8821	lbalen->lba = lba;
8822	lbalen->len = num_blocks;
8823	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8824
8825	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8826	ctsio->kern_rel_offset = 0;
8827
8828	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8829
8830	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8831
8832	return (retval);
8833}
8834
8835static int
8836ctl_cnw_cont(union ctl_io *io)
8837{
8838	struct ctl_scsiio *ctsio;
8839	struct ctl_lun *lun;
8840	struct ctl_lba_len_flags *lbalen;
8841	int retval;
8842
8843	ctsio = &io->scsiio;
8844	ctsio->io_hdr.status = CTL_STATUS_NONE;
8845	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
8846	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8847	lbalen = (struct ctl_lba_len_flags *)
8848	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8849	lbalen->flags &= ~CTL_LLF_COMPARE;
8850	lbalen->flags |= CTL_LLF_WRITE;
8851
8852	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
8853	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8854	return (retval);
8855}
8856
8857int
8858ctl_cnw(struct ctl_scsiio *ctsio)
8859{
8860	struct ctl_lun *lun;
8861	struct ctl_lba_len_flags *lbalen;
8862	uint64_t lba;
8863	uint32_t num_blocks;
8864	int flags, retval;
8865
8866	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8867
8868	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
8869
8870	flags = 0;
8871	retval = CTL_RETVAL_COMPLETE;
8872
8873	switch (ctsio->cdb[0]) {
8874	case COMPARE_AND_WRITE: {
8875		struct scsi_compare_and_write *cdb;
8876
8877		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
8878		if (cdb->byte2 & SRW10_FUA)
8879			flags |= CTL_LLF_FUA;
8880		if (cdb->byte2 & SRW10_DPO)
8881			flags |= CTL_LLF_DPO;
8882		lba = scsi_8btou64(cdb->addr);
8883		num_blocks = cdb->length;
8884		break;
8885	}
8886	default:
8887		/*
8888		 * We got a command we don't support.  This shouldn't
8889		 * happen, commands should be filtered out above us.
8890		 */
8891		ctl_set_invalid_opcode(ctsio);
8892		ctl_done((union ctl_io *)ctsio);
8893
8894		return (CTL_RETVAL_COMPLETE);
8895		break; /* NOTREACHED */
8896	}
8897
8898	/*
8899	 * The first check is to make sure we're in bounds, the second
8900	 * check is to catch wrap-around problems.  If the lba + num blocks
8901	 * is less than the lba, then we've wrapped around and the block
8902	 * range is invalid anyway.
8903	 */
8904	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8905	 || ((lba + num_blocks) < lba)) {
8906		ctl_set_lba_out_of_range(ctsio);
8907		ctl_done((union ctl_io *)ctsio);
8908		return (CTL_RETVAL_COMPLETE);
8909	}
8910
8911	/*
8912	 * According to SBC-3, a transfer length of 0 is not an error.
8913	 */
8914	if (num_blocks == 0) {
8915		ctl_set_success(ctsio);
8916		ctl_done((union ctl_io *)ctsio);
8917		return (CTL_RETVAL_COMPLETE);
8918	}
8919
8920	/* Set FUA if write cache is disabled. */
8921	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8922	    SCP_WCE) == 0)
8923		flags |= CTL_LLF_FUA;
8924
8925	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
8926	ctsio->kern_rel_offset = 0;
8927
8928	/*
8929	 * Set the IO_CONT flag, so that if this I/O gets passed to
8930	 * ctl_data_submit_done(), it'll get passed back to
8931	 * ctl_ctl_cnw_cont() for further processing.
8932	 */
8933	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
8934	ctsio->io_cont = ctl_cnw_cont;
8935
8936	lbalen = (struct ctl_lba_len_flags *)
8937	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8938	lbalen->lba = lba;
8939	lbalen->len = num_blocks;
8940	lbalen->flags = CTL_LLF_COMPARE | flags;
8941
8942	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
8943	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8944	return (retval);
8945}
8946
8947int
8948ctl_verify(struct ctl_scsiio *ctsio)
8949{
8950	struct ctl_lun *lun;
8951	struct ctl_lba_len_flags *lbalen;
8952	uint64_t lba;
8953	uint32_t num_blocks;
8954	int bytchk, flags;
8955	int retval;
8956
8957	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8958
8959	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
8960
8961	bytchk = 0;
8962	flags = CTL_LLF_FUA;
8963	retval = CTL_RETVAL_COMPLETE;
8964
8965	switch (ctsio->cdb[0]) {
8966	case VERIFY_10: {
8967		struct scsi_verify_10 *cdb;
8968
8969		cdb = (struct scsi_verify_10 *)ctsio->cdb;
8970		if (cdb->byte2 & SVFY_BYTCHK)
8971			bytchk = 1;
8972		if (cdb->byte2 & SVFY_DPO)
8973			flags |= CTL_LLF_DPO;
8974		lba = scsi_4btoul(cdb->addr);
8975		num_blocks = scsi_2btoul(cdb->length);
8976		break;
8977	}
8978	case VERIFY_12: {
8979		struct scsi_verify_12 *cdb;
8980
8981		cdb = (struct scsi_verify_12 *)ctsio->cdb;
8982		if (cdb->byte2 & SVFY_BYTCHK)
8983			bytchk = 1;
8984		if (cdb->byte2 & SVFY_DPO)
8985			flags |= CTL_LLF_DPO;
8986		lba = scsi_4btoul(cdb->addr);
8987		num_blocks = scsi_4btoul(cdb->length);
8988		break;
8989	}
8990	case VERIFY_16: {
8991		struct scsi_rw_16 *cdb;
8992
8993		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8994		if (cdb->byte2 & SVFY_BYTCHK)
8995			bytchk = 1;
8996		if (cdb->byte2 & SVFY_DPO)
8997			flags |= CTL_LLF_DPO;
8998		lba = scsi_8btou64(cdb->addr);
8999		num_blocks = scsi_4btoul(cdb->length);
9000		break;
9001	}
9002	default:
9003		/*
9004		 * We got a command we don't support.  This shouldn't
9005		 * happen, commands should be filtered out above us.
9006		 */
9007		ctl_set_invalid_opcode(ctsio);
9008		ctl_done((union ctl_io *)ctsio);
9009		return (CTL_RETVAL_COMPLETE);
9010	}
9011
9012	/*
9013	 * The first check is to make sure we're in bounds, the second
9014	 * check is to catch wrap-around problems.  If the lba + num blocks
9015	 * is less than the lba, then we've wrapped around and the block
9016	 * range is invalid anyway.
9017	 */
9018	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9019	 || ((lba + num_blocks) < lba)) {
9020		ctl_set_lba_out_of_range(ctsio);
9021		ctl_done((union ctl_io *)ctsio);
9022		return (CTL_RETVAL_COMPLETE);
9023	}
9024
9025	/*
9026	 * According to SBC-3, a transfer length of 0 is not an error.
9027	 */
9028	if (num_blocks == 0) {
9029		ctl_set_success(ctsio);
9030		ctl_done((union ctl_io *)ctsio);
9031		return (CTL_RETVAL_COMPLETE);
9032	}
9033
9034	lbalen = (struct ctl_lba_len_flags *)
9035	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9036	lbalen->lba = lba;
9037	lbalen->len = num_blocks;
9038	if (bytchk) {
9039		lbalen->flags = CTL_LLF_COMPARE | flags;
9040		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9041	} else {
9042		lbalen->flags = CTL_LLF_VERIFY | flags;
9043		ctsio->kern_total_len = 0;
9044	}
9045	ctsio->kern_rel_offset = 0;
9046
9047	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9048	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9049	return (retval);
9050}
9051
9052int
9053ctl_report_luns(struct ctl_scsiio *ctsio)
9054{
9055	struct ctl_softc *softc = control_softc;
9056	struct scsi_report_luns *cdb;
9057	struct scsi_report_luns_data *lun_data;
9058	struct ctl_lun *lun, *request_lun;
9059	struct ctl_port *port;
9060	int num_luns, retval;
9061	uint32_t alloc_len, lun_datalen;
9062	int num_filled, well_known;
9063	uint32_t initidx, targ_lun_id, lun_id;
9064
9065	retval = CTL_RETVAL_COMPLETE;
9066	well_known = 0;
9067
9068	cdb = (struct scsi_report_luns *)ctsio->cdb;
9069	port = ctl_io_port(&ctsio->io_hdr);
9070
9071	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9072
9073	mtx_lock(&softc->ctl_lock);
9074	num_luns = 0;
9075	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9076		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9077			num_luns++;
9078	}
9079	mtx_unlock(&softc->ctl_lock);
9080
9081	switch (cdb->select_report) {
9082	case RPL_REPORT_DEFAULT:
9083	case RPL_REPORT_ALL:
9084		break;
9085	case RPL_REPORT_WELLKNOWN:
9086		well_known = 1;
9087		num_luns = 0;
9088		break;
9089	default:
9090		ctl_set_invalid_field(ctsio,
9091				      /*sks_valid*/ 1,
9092				      /*command*/ 1,
9093				      /*field*/ 2,
9094				      /*bit_valid*/ 0,
9095				      /*bit*/ 0);
9096		ctl_done((union ctl_io *)ctsio);
9097		return (retval);
9098		break; /* NOTREACHED */
9099	}
9100
9101	alloc_len = scsi_4btoul(cdb->length);
9102	/*
9103	 * The initiator has to allocate at least 16 bytes for this request,
9104	 * so he can at least get the header and the first LUN.  Otherwise
9105	 * we reject the request (per SPC-3 rev 14, section 6.21).
9106	 */
9107	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9108	    sizeof(struct scsi_report_luns_lundata))) {
9109		ctl_set_invalid_field(ctsio,
9110				      /*sks_valid*/ 1,
9111				      /*command*/ 1,
9112				      /*field*/ 6,
9113				      /*bit_valid*/ 0,
9114				      /*bit*/ 0);
9115		ctl_done((union ctl_io *)ctsio);
9116		return (retval);
9117	}
9118
9119	request_lun = (struct ctl_lun *)
9120		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9121
9122	lun_datalen = sizeof(*lun_data) +
9123		(num_luns * sizeof(struct scsi_report_luns_lundata));
9124
9125	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9126	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9127	ctsio->kern_sg_entries = 0;
9128
9129	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9130
9131	mtx_lock(&softc->ctl_lock);
9132	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9133		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9134		if (lun_id >= CTL_MAX_LUNS)
9135			continue;
9136		lun = softc->ctl_luns[lun_id];
9137		if (lun == NULL)
9138			continue;
9139
9140		if (targ_lun_id <= 0xff) {
9141			/*
9142			 * Peripheral addressing method, bus number 0.
9143			 */
9144			lun_data->luns[num_filled].lundata[0] =
9145				RPL_LUNDATA_ATYP_PERIPH;
9146			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9147			num_filled++;
9148		} else if (targ_lun_id <= 0x3fff) {
9149			/*
9150			 * Flat addressing method.
9151			 */
9152			lun_data->luns[num_filled].lundata[0] =
9153				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9154			lun_data->luns[num_filled].lundata[1] =
9155				(targ_lun_id & 0xff);
9156			num_filled++;
9157		} else if (targ_lun_id <= 0xffffff) {
9158			/*
9159			 * Extended flat addressing method.
9160			 */
9161			lun_data->luns[num_filled].lundata[0] =
9162			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9163			scsi_ulto3b(targ_lun_id,
9164			    &lun_data->luns[num_filled].lundata[1]);
9165			num_filled++;
9166		} else {
9167			printf("ctl_report_luns: bogus LUN number %jd, "
9168			       "skipping\n", (intmax_t)targ_lun_id);
9169		}
9170		/*
9171		 * According to SPC-3, rev 14 section 6.21:
9172		 *
9173		 * "The execution of a REPORT LUNS command to any valid and
9174		 * installed logical unit shall clear the REPORTED LUNS DATA
9175		 * HAS CHANGED unit attention condition for all logical
9176		 * units of that target with respect to the requesting
9177		 * initiator. A valid and installed logical unit is one
9178		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9179		 * INQUIRY data (see 6.4.2)."
9180		 *
9181		 * If request_lun is NULL, the LUN this report luns command
9182		 * was issued to is either disabled or doesn't exist. In that
9183		 * case, we shouldn't clear any pending lun change unit
9184		 * attention.
9185		 */
9186		if (request_lun != NULL) {
9187			mtx_lock(&lun->lun_lock);
9188			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9189			mtx_unlock(&lun->lun_lock);
9190		}
9191	}
9192	mtx_unlock(&softc->ctl_lock);
9193
9194	/*
9195	 * It's quite possible that we've returned fewer LUNs than we allocated
9196	 * space for.  Trim it.
9197	 */
9198	lun_datalen = sizeof(*lun_data) +
9199		(num_filled * sizeof(struct scsi_report_luns_lundata));
9200
9201	if (lun_datalen < alloc_len) {
9202		ctsio->residual = alloc_len - lun_datalen;
9203		ctsio->kern_data_len = lun_datalen;
9204		ctsio->kern_total_len = lun_datalen;
9205	} else {
9206		ctsio->residual = 0;
9207		ctsio->kern_data_len = alloc_len;
9208		ctsio->kern_total_len = alloc_len;
9209	}
9210	ctsio->kern_data_resid = 0;
9211	ctsio->kern_rel_offset = 0;
9212	ctsio->kern_sg_entries = 0;
9213
9214	/*
9215	 * We set this to the actual data length, regardless of how much
9216	 * space we actually have to return results.  If the user looks at
9217	 * this value, he'll know whether or not he allocated enough space
9218	 * and reissue the command if necessary.  We don't support well
9219	 * known logical units, so if the user asks for that, return none.
9220	 */
9221	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9222
9223	/*
9224	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9225	 * this request.
9226	 */
9227	ctl_set_success(ctsio);
9228	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9229	ctsio->be_move_done = ctl_config_move_done;
9230	ctl_datamove((union ctl_io *)ctsio);
9231	return (retval);
9232}
9233
9234int
9235ctl_request_sense(struct ctl_scsiio *ctsio)
9236{
9237	struct scsi_request_sense *cdb;
9238	struct scsi_sense_data *sense_ptr;
9239	struct ctl_softc *ctl_softc;
9240	struct ctl_lun *lun;
9241	uint32_t initidx;
9242	int have_error;
9243	scsi_sense_data_type sense_format;
9244	ctl_ua_type ua_type;
9245
9246	cdb = (struct scsi_request_sense *)ctsio->cdb;
9247
9248	ctl_softc = control_softc;
9249	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9250
9251	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9252
9253	/*
9254	 * Determine which sense format the user wants.
9255	 */
9256	if (cdb->byte2 & SRS_DESC)
9257		sense_format = SSD_TYPE_DESC;
9258	else
9259		sense_format = SSD_TYPE_FIXED;
9260
9261	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9262	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9263	ctsio->kern_sg_entries = 0;
9264
9265	/*
9266	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9267	 * larger than the largest allowed value for the length field in the
9268	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9269	 */
9270	ctsio->residual = 0;
9271	ctsio->kern_data_len = cdb->length;
9272	ctsio->kern_total_len = cdb->length;
9273
9274	ctsio->kern_data_resid = 0;
9275	ctsio->kern_rel_offset = 0;
9276	ctsio->kern_sg_entries = 0;
9277
9278	/*
9279	 * If we don't have a LUN, we don't have any pending sense.
9280	 */
9281	if (lun == NULL)
9282		goto no_sense;
9283
9284	have_error = 0;
9285	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9286	/*
9287	 * Check for pending sense, and then for pending unit attentions.
9288	 * Pending sense gets returned first, then pending unit attentions.
9289	 */
9290	mtx_lock(&lun->lun_lock);
9291#ifdef CTL_WITH_CA
9292	if (ctl_is_set(lun->have_ca, initidx)) {
9293		scsi_sense_data_type stored_format;
9294
9295		/*
9296		 * Check to see which sense format was used for the stored
9297		 * sense data.
9298		 */
9299		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9300
9301		/*
9302		 * If the user requested a different sense format than the
9303		 * one we stored, then we need to convert it to the other
9304		 * format.  If we're going from descriptor to fixed format
9305		 * sense data, we may lose things in translation, depending
9306		 * on what options were used.
9307		 *
9308		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9309		 * for some reason we'll just copy it out as-is.
9310		 */
9311		if ((stored_format == SSD_TYPE_FIXED)
9312		 && (sense_format == SSD_TYPE_DESC))
9313			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9314			    &lun->pending_sense[initidx],
9315			    (struct scsi_sense_data_desc *)sense_ptr);
9316		else if ((stored_format == SSD_TYPE_DESC)
9317		      && (sense_format == SSD_TYPE_FIXED))
9318			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9319			    &lun->pending_sense[initidx],
9320			    (struct scsi_sense_data_fixed *)sense_ptr);
9321		else
9322			memcpy(sense_ptr, &lun->pending_sense[initidx],
9323			       MIN(sizeof(*sense_ptr),
9324			       sizeof(lun->pending_sense[initidx])));
9325
9326		ctl_clear_mask(lun->have_ca, initidx);
9327		have_error = 1;
9328	} else
9329#endif
9330	{
9331		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9332		if (ua_type != CTL_UA_NONE)
9333			have_error = 1;
9334		if (ua_type == CTL_UA_LUN_CHANGE) {
9335			mtx_unlock(&lun->lun_lock);
9336			mtx_lock(&ctl_softc->ctl_lock);
9337			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9338			mtx_unlock(&ctl_softc->ctl_lock);
9339			mtx_lock(&lun->lun_lock);
9340		}
9341
9342	}
9343	mtx_unlock(&lun->lun_lock);
9344
9345	/*
9346	 * We already have a pending error, return it.
9347	 */
9348	if (have_error != 0) {
9349		/*
9350		 * We report the SCSI status as OK, since the status of the
9351		 * request sense command itself is OK.
9352		 * We report 0 for the sense length, because we aren't doing
9353		 * autosense in this case.  We're reporting sense as
9354		 * parameter data.
9355		 */
9356		ctl_set_success(ctsio);
9357		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9358		ctsio->be_move_done = ctl_config_move_done;
9359		ctl_datamove((union ctl_io *)ctsio);
9360		return (CTL_RETVAL_COMPLETE);
9361	}
9362
9363no_sense:
9364
9365	/*
9366	 * No sense information to report, so we report that everything is
9367	 * okay.
9368	 */
9369	ctl_set_sense_data(sense_ptr,
9370			   lun,
9371			   sense_format,
9372			   /*current_error*/ 1,
9373			   /*sense_key*/ SSD_KEY_NO_SENSE,
9374			   /*asc*/ 0x00,
9375			   /*ascq*/ 0x00,
9376			   SSD_ELEM_NONE);
9377
9378	/*
9379	 * We report 0 for the sense length, because we aren't doing
9380	 * autosense in this case.  We're reporting sense as parameter data.
9381	 */
9382	ctl_set_success(ctsio);
9383	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9384	ctsio->be_move_done = ctl_config_move_done;
9385	ctl_datamove((union ctl_io *)ctsio);
9386	return (CTL_RETVAL_COMPLETE);
9387}
9388
9389int
9390ctl_tur(struct ctl_scsiio *ctsio)
9391{
9392
9393	CTL_DEBUG_PRINT(("ctl_tur\n"));
9394
9395	ctl_set_success(ctsio);
9396	ctl_done((union ctl_io *)ctsio);
9397
9398	return (CTL_RETVAL_COMPLETE);
9399}
9400
9401/*
9402 * SCSI VPD page 0x00, the Supported VPD Pages page.
9403 */
9404static int
9405ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9406{
9407	struct scsi_vpd_supported_pages *pages;
9408	int sup_page_size;
9409	struct ctl_lun *lun;
9410	int p;
9411
9412	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9413
9414	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9415	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9416	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9417	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9418	ctsio->kern_sg_entries = 0;
9419
9420	if (sup_page_size < alloc_len) {
9421		ctsio->residual = alloc_len - sup_page_size;
9422		ctsio->kern_data_len = sup_page_size;
9423		ctsio->kern_total_len = sup_page_size;
9424	} else {
9425		ctsio->residual = 0;
9426		ctsio->kern_data_len = alloc_len;
9427		ctsio->kern_total_len = alloc_len;
9428	}
9429	ctsio->kern_data_resid = 0;
9430	ctsio->kern_rel_offset = 0;
9431	ctsio->kern_sg_entries = 0;
9432
9433	/*
9434	 * The control device is always connected.  The disk device, on the
9435	 * other hand, may not be online all the time.  Need to change this
9436	 * to figure out whether the disk device is actually online or not.
9437	 */
9438	if (lun != NULL)
9439		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9440				lun->be_lun->lun_type;
9441	else
9442		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9443
9444	p = 0;
9445	/* Supported VPD pages */
9446	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9447	/* Serial Number */
9448	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9449	/* Device Identification */
9450	pages->page_list[p++] = SVPD_DEVICE_ID;
9451	/* Extended INQUIRY Data */
9452	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9453	/* Mode Page Policy */
9454	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9455	/* SCSI Ports */
9456	pages->page_list[p++] = SVPD_SCSI_PORTS;
9457	/* Third-party Copy */
9458	pages->page_list[p++] = SVPD_SCSI_TPC;
9459	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9460		/* Block limits */
9461		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9462		/* Block Device Characteristics */
9463		pages->page_list[p++] = SVPD_BDC;
9464		/* Logical Block Provisioning */
9465		pages->page_list[p++] = SVPD_LBP;
9466	}
9467	pages->length = p;
9468
9469	ctl_set_success(ctsio);
9470	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9471	ctsio->be_move_done = ctl_config_move_done;
9472	ctl_datamove((union ctl_io *)ctsio);
9473	return (CTL_RETVAL_COMPLETE);
9474}
9475
9476/*
9477 * SCSI VPD page 0x80, the Unit Serial Number page.
9478 */
9479static int
9480ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9481{
9482	struct scsi_vpd_unit_serial_number *sn_ptr;
9483	struct ctl_lun *lun;
9484	int data_len;
9485
9486	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9487
9488	data_len = 4 + CTL_SN_LEN;
9489	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9490	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9491	if (data_len < alloc_len) {
9492		ctsio->residual = alloc_len - data_len;
9493		ctsio->kern_data_len = data_len;
9494		ctsio->kern_total_len = data_len;
9495	} else {
9496		ctsio->residual = 0;
9497		ctsio->kern_data_len = alloc_len;
9498		ctsio->kern_total_len = alloc_len;
9499	}
9500	ctsio->kern_data_resid = 0;
9501	ctsio->kern_rel_offset = 0;
9502	ctsio->kern_sg_entries = 0;
9503
9504	/*
9505	 * The control device is always connected.  The disk device, on the
9506	 * other hand, may not be online all the time.  Need to change this
9507	 * to figure out whether the disk device is actually online or not.
9508	 */
9509	if (lun != NULL)
9510		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9511				  lun->be_lun->lun_type;
9512	else
9513		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9514
9515	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9516	sn_ptr->length = CTL_SN_LEN;
9517	/*
9518	 * If we don't have a LUN, we just leave the serial number as
9519	 * all spaces.
9520	 */
9521	if (lun != NULL) {
9522		strncpy((char *)sn_ptr->serial_num,
9523			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9524	} else
9525		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9526
9527	ctl_set_success(ctsio);
9528	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9529	ctsio->be_move_done = ctl_config_move_done;
9530	ctl_datamove((union ctl_io *)ctsio);
9531	return (CTL_RETVAL_COMPLETE);
9532}
9533
9534
9535/*
9536 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9537 */
9538static int
9539ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9540{
9541	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9542	struct ctl_lun *lun;
9543	int data_len;
9544
9545	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9546
9547	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9548	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9549	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9550	ctsio->kern_sg_entries = 0;
9551
9552	if (data_len < alloc_len) {
9553		ctsio->residual = alloc_len - data_len;
9554		ctsio->kern_data_len = data_len;
9555		ctsio->kern_total_len = data_len;
9556	} else {
9557		ctsio->residual = 0;
9558		ctsio->kern_data_len = alloc_len;
9559		ctsio->kern_total_len = alloc_len;
9560	}
9561	ctsio->kern_data_resid = 0;
9562	ctsio->kern_rel_offset = 0;
9563	ctsio->kern_sg_entries = 0;
9564
9565	/*
9566	 * The control device is always connected.  The disk device, on the
9567	 * other hand, may not be online all the time.
9568	 */
9569	if (lun != NULL)
9570		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9571				     lun->be_lun->lun_type;
9572	else
9573		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9574	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9575	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9576	/*
9577	 * We support head of queue, ordered and simple tags.
9578	 */
9579	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9580	/*
9581	 * Volatile cache supported.
9582	 */
9583	eid_ptr->flags3 = SVPD_EID_V_SUP;
9584
9585	/*
9586	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9587	 * attention for a particular IT nexus on all LUNs once we report
9588	 * it to that nexus once.  This bit is required as of SPC-4.
9589	 */
9590	eid_ptr->flags4 = SVPD_EID_LUICLT;
9591
9592	/*
9593	 * XXX KDM in order to correctly answer this, we would need
9594	 * information from the SIM to determine how much sense data it
9595	 * can send.  So this would really be a path inquiry field, most
9596	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9597	 * but the hardware may or may not be able to support that much.
9598	 * 0 just means that the maximum sense data length is not reported.
9599	 */
9600	eid_ptr->max_sense_length = 0;
9601
9602	ctl_set_success(ctsio);
9603	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9604	ctsio->be_move_done = ctl_config_move_done;
9605	ctl_datamove((union ctl_io *)ctsio);
9606	return (CTL_RETVAL_COMPLETE);
9607}
9608
9609static int
9610ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9611{
9612	struct scsi_vpd_mode_page_policy *mpp_ptr;
9613	struct ctl_lun *lun;
9614	int data_len;
9615
9616	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9617
9618	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9619	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9620
9621	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9622	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9623	ctsio->kern_sg_entries = 0;
9624
9625	if (data_len < alloc_len) {
9626		ctsio->residual = alloc_len - data_len;
9627		ctsio->kern_data_len = data_len;
9628		ctsio->kern_total_len = data_len;
9629	} else {
9630		ctsio->residual = 0;
9631		ctsio->kern_data_len = alloc_len;
9632		ctsio->kern_total_len = alloc_len;
9633	}
9634	ctsio->kern_data_resid = 0;
9635	ctsio->kern_rel_offset = 0;
9636	ctsio->kern_sg_entries = 0;
9637
9638	/*
9639	 * The control device is always connected.  The disk device, on the
9640	 * other hand, may not be online all the time.
9641	 */
9642	if (lun != NULL)
9643		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9644				     lun->be_lun->lun_type;
9645	else
9646		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9647	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9648	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9649	mpp_ptr->descr[0].page_code = 0x3f;
9650	mpp_ptr->descr[0].subpage_code = 0xff;
9651	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9652
9653	ctl_set_success(ctsio);
9654	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9655	ctsio->be_move_done = ctl_config_move_done;
9656	ctl_datamove((union ctl_io *)ctsio);
9657	return (CTL_RETVAL_COMPLETE);
9658}
9659
9660/*
9661 * SCSI VPD page 0x83, the Device Identification page.
9662 */
9663static int
9664ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9665{
9666	struct scsi_vpd_device_id *devid_ptr;
9667	struct scsi_vpd_id_descriptor *desc;
9668	struct ctl_softc *softc;
9669	struct ctl_lun *lun;
9670	struct ctl_port *port;
9671	int data_len;
9672	uint8_t proto;
9673
9674	softc = control_softc;
9675
9676	port = ctl_io_port(&ctsio->io_hdr);
9677	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9678
9679	data_len = sizeof(struct scsi_vpd_device_id) +
9680	    sizeof(struct scsi_vpd_id_descriptor) +
9681		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9682	    sizeof(struct scsi_vpd_id_descriptor) +
9683		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9684	if (lun && lun->lun_devid)
9685		data_len += lun->lun_devid->len;
9686	if (port && port->port_devid)
9687		data_len += port->port_devid->len;
9688	if (port && port->target_devid)
9689		data_len += port->target_devid->len;
9690
9691	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9692	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9693	ctsio->kern_sg_entries = 0;
9694
9695	if (data_len < alloc_len) {
9696		ctsio->residual = alloc_len - data_len;
9697		ctsio->kern_data_len = data_len;
9698		ctsio->kern_total_len = data_len;
9699	} else {
9700		ctsio->residual = 0;
9701		ctsio->kern_data_len = alloc_len;
9702		ctsio->kern_total_len = alloc_len;
9703	}
9704	ctsio->kern_data_resid = 0;
9705	ctsio->kern_rel_offset = 0;
9706	ctsio->kern_sg_entries = 0;
9707
9708	/*
9709	 * The control device is always connected.  The disk device, on the
9710	 * other hand, may not be online all the time.
9711	 */
9712	if (lun != NULL)
9713		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9714				     lun->be_lun->lun_type;
9715	else
9716		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9717	devid_ptr->page_code = SVPD_DEVICE_ID;
9718	scsi_ulto2b(data_len - 4, devid_ptr->length);
9719
9720	if (port && port->port_type == CTL_PORT_FC)
9721		proto = SCSI_PROTO_FC << 4;
9722	else if (port && port->port_type == CTL_PORT_ISCSI)
9723		proto = SCSI_PROTO_ISCSI << 4;
9724	else
9725		proto = SCSI_PROTO_SPI << 4;
9726	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9727
9728	/*
9729	 * We're using a LUN association here.  i.e., this device ID is a
9730	 * per-LUN identifier.
9731	 */
9732	if (lun && lun->lun_devid) {
9733		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9734		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9735		    lun->lun_devid->len);
9736	}
9737
9738	/*
9739	 * This is for the WWPN which is a port association.
9740	 */
9741	if (port && port->port_devid) {
9742		memcpy(desc, port->port_devid->data, port->port_devid->len);
9743		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9744		    port->port_devid->len);
9745	}
9746
9747	/*
9748	 * This is for the Relative Target Port(type 4h) identifier
9749	 */
9750	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9751	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9752	    SVPD_ID_TYPE_RELTARG;
9753	desc->length = 4;
9754	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9755	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9756	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9757
9758	/*
9759	 * This is for the Target Port Group(type 5h) identifier
9760	 */
9761	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9762	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9763	    SVPD_ID_TYPE_TPORTGRP;
9764	desc->length = 4;
9765	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9766	    &desc->identifier[2]);
9767	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9768	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9769
9770	/*
9771	 * This is for the Target identifier
9772	 */
9773	if (port && port->target_devid) {
9774		memcpy(desc, port->target_devid->data, port->target_devid->len);
9775	}
9776
9777	ctl_set_success(ctsio);
9778	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9779	ctsio->be_move_done = ctl_config_move_done;
9780	ctl_datamove((union ctl_io *)ctsio);
9781	return (CTL_RETVAL_COMPLETE);
9782}
9783
9784static int
9785ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9786{
9787	struct ctl_softc *softc = control_softc;
9788	struct scsi_vpd_scsi_ports *sp;
9789	struct scsi_vpd_port_designation *pd;
9790	struct scsi_vpd_port_designation_cont *pdc;
9791	struct ctl_lun *lun;
9792	struct ctl_port *port;
9793	int data_len, num_target_ports, iid_len, id_len;
9794
9795	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9796
9797	num_target_ports = 0;
9798	iid_len = 0;
9799	id_len = 0;
9800	mtx_lock(&softc->ctl_lock);
9801	STAILQ_FOREACH(port, &softc->port_list, links) {
9802		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9803			continue;
9804		if (lun != NULL &&
9805		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9806			continue;
9807		num_target_ports++;
9808		if (port->init_devid)
9809			iid_len += port->init_devid->len;
9810		if (port->port_devid)
9811			id_len += port->port_devid->len;
9812	}
9813	mtx_unlock(&softc->ctl_lock);
9814
9815	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9816	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9817	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9818	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9819	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9820	ctsio->kern_sg_entries = 0;
9821
9822	if (data_len < alloc_len) {
9823		ctsio->residual = alloc_len - data_len;
9824		ctsio->kern_data_len = data_len;
9825		ctsio->kern_total_len = data_len;
9826	} else {
9827		ctsio->residual = 0;
9828		ctsio->kern_data_len = alloc_len;
9829		ctsio->kern_total_len = alloc_len;
9830	}
9831	ctsio->kern_data_resid = 0;
9832	ctsio->kern_rel_offset = 0;
9833	ctsio->kern_sg_entries = 0;
9834
9835	/*
9836	 * The control device is always connected.  The disk device, on the
9837	 * other hand, may not be online all the time.  Need to change this
9838	 * to figure out whether the disk device is actually online or not.
9839	 */
9840	if (lun != NULL)
9841		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
9842				  lun->be_lun->lun_type;
9843	else
9844		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9845
9846	sp->page_code = SVPD_SCSI_PORTS;
9847	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
9848	    sp->page_length);
9849	pd = &sp->design[0];
9850
9851	mtx_lock(&softc->ctl_lock);
9852	STAILQ_FOREACH(port, &softc->port_list, links) {
9853		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9854			continue;
9855		if (lun != NULL &&
9856		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9857			continue;
9858		scsi_ulto2b(port->targ_port, pd->relative_port_id);
9859		if (port->init_devid) {
9860			iid_len = port->init_devid->len;
9861			memcpy(pd->initiator_transportid,
9862			    port->init_devid->data, port->init_devid->len);
9863		} else
9864			iid_len = 0;
9865		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
9866		pdc = (struct scsi_vpd_port_designation_cont *)
9867		    (&pd->initiator_transportid[iid_len]);
9868		if (port->port_devid) {
9869			id_len = port->port_devid->len;
9870			memcpy(pdc->target_port_descriptors,
9871			    port->port_devid->data, port->port_devid->len);
9872		} else
9873			id_len = 0;
9874		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
9875		pd = (struct scsi_vpd_port_designation *)
9876		    ((uint8_t *)pdc->target_port_descriptors + id_len);
9877	}
9878	mtx_unlock(&softc->ctl_lock);
9879
9880	ctl_set_success(ctsio);
9881	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9882	ctsio->be_move_done = ctl_config_move_done;
9883	ctl_datamove((union ctl_io *)ctsio);
9884	return (CTL_RETVAL_COMPLETE);
9885}
9886
9887static int
9888ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
9889{
9890	struct scsi_vpd_block_limits *bl_ptr;
9891	struct ctl_lun *lun;
9892	int bs;
9893
9894	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9895
9896	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
9897	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
9898	ctsio->kern_sg_entries = 0;
9899
9900	if (sizeof(*bl_ptr) < alloc_len) {
9901		ctsio->residual = alloc_len - sizeof(*bl_ptr);
9902		ctsio->kern_data_len = sizeof(*bl_ptr);
9903		ctsio->kern_total_len = sizeof(*bl_ptr);
9904	} else {
9905		ctsio->residual = 0;
9906		ctsio->kern_data_len = alloc_len;
9907		ctsio->kern_total_len = alloc_len;
9908	}
9909	ctsio->kern_data_resid = 0;
9910	ctsio->kern_rel_offset = 0;
9911	ctsio->kern_sg_entries = 0;
9912
9913	/*
9914	 * The control device is always connected.  The disk device, on the
9915	 * other hand, may not be online all the time.  Need to change this
9916	 * to figure out whether the disk device is actually online or not.
9917	 */
9918	if (lun != NULL)
9919		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9920				  lun->be_lun->lun_type;
9921	else
9922		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9923
9924	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
9925	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
9926	bl_ptr->max_cmp_write_len = 0xff;
9927	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
9928	if (lun != NULL) {
9929		bs = lun->be_lun->blocksize;
9930		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
9931		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
9932			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
9933			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
9934			if (lun->be_lun->ublockexp != 0) {
9935				scsi_ulto4b((1 << lun->be_lun->ublockexp),
9936				    bl_ptr->opt_unmap_grain);
9937				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
9938				    bl_ptr->unmap_grain_align);
9939			}
9940		}
9941		scsi_ulto4b(lun->be_lun->atomicblock,
9942		    bl_ptr->max_atomic_transfer_length);
9943		scsi_ulto4b(0, bl_ptr->atomic_alignment);
9944		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
9945	}
9946	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
9947
9948	ctl_set_success(ctsio);
9949	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9950	ctsio->be_move_done = ctl_config_move_done;
9951	ctl_datamove((union ctl_io *)ctsio);
9952	return (CTL_RETVAL_COMPLETE);
9953}
9954
9955static int
9956ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
9957{
9958	struct scsi_vpd_block_device_characteristics *bdc_ptr;
9959	struct ctl_lun *lun;
9960	const char *value;
9961	u_int i;
9962
9963	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9964
9965	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
9966	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
9967	ctsio->kern_sg_entries = 0;
9968
9969	if (sizeof(*bdc_ptr) < alloc_len) {
9970		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
9971		ctsio->kern_data_len = sizeof(*bdc_ptr);
9972		ctsio->kern_total_len = sizeof(*bdc_ptr);
9973	} else {
9974		ctsio->residual = 0;
9975		ctsio->kern_data_len = alloc_len;
9976		ctsio->kern_total_len = alloc_len;
9977	}
9978	ctsio->kern_data_resid = 0;
9979	ctsio->kern_rel_offset = 0;
9980	ctsio->kern_sg_entries = 0;
9981
9982	/*
9983	 * The control device is always connected.  The disk device, on the
9984	 * other hand, may not be online all the time.  Need to change this
9985	 * to figure out whether the disk device is actually online or not.
9986	 */
9987	if (lun != NULL)
9988		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9989				  lun->be_lun->lun_type;
9990	else
9991		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9992	bdc_ptr->page_code = SVPD_BDC;
9993	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
9994	if (lun != NULL &&
9995	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
9996		i = strtol(value, NULL, 0);
9997	else
9998		i = CTL_DEFAULT_ROTATION_RATE;
9999	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10000	if (lun != NULL &&
10001	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10002		i = strtol(value, NULL, 0);
10003	else
10004		i = 0;
10005	bdc_ptr->wab_wac_ff = (i & 0x0f);
10006	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10007
10008	ctl_set_success(ctsio);
10009	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10010	ctsio->be_move_done = ctl_config_move_done;
10011	ctl_datamove((union ctl_io *)ctsio);
10012	return (CTL_RETVAL_COMPLETE);
10013}
10014
10015static int
10016ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10017{
10018	struct scsi_vpd_logical_block_prov *lbp_ptr;
10019	struct ctl_lun *lun;
10020
10021	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10022
10023	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10024	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10025	ctsio->kern_sg_entries = 0;
10026
10027	if (sizeof(*lbp_ptr) < alloc_len) {
10028		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10029		ctsio->kern_data_len = sizeof(*lbp_ptr);
10030		ctsio->kern_total_len = sizeof(*lbp_ptr);
10031	} else {
10032		ctsio->residual = 0;
10033		ctsio->kern_data_len = alloc_len;
10034		ctsio->kern_total_len = alloc_len;
10035	}
10036	ctsio->kern_data_resid = 0;
10037	ctsio->kern_rel_offset = 0;
10038	ctsio->kern_sg_entries = 0;
10039
10040	/*
10041	 * The control device is always connected.  The disk device, on the
10042	 * other hand, may not be online all the time.  Need to change this
10043	 * to figure out whether the disk device is actually online or not.
10044	 */
10045	if (lun != NULL)
10046		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10047				  lun->be_lun->lun_type;
10048	else
10049		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10050
10051	lbp_ptr->page_code = SVPD_LBP;
10052	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10053	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10054	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10055		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10056		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10057		lbp_ptr->prov_type = SVPD_LBP_THIN;
10058	}
10059
10060	ctl_set_success(ctsio);
10061	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10062	ctsio->be_move_done = ctl_config_move_done;
10063	ctl_datamove((union ctl_io *)ctsio);
10064	return (CTL_RETVAL_COMPLETE);
10065}
10066
10067/*
10068 * INQUIRY with the EVPD bit set.
10069 */
10070static int
10071ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10072{
10073	struct ctl_lun *lun;
10074	struct scsi_inquiry *cdb;
10075	int alloc_len, retval;
10076
10077	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10078	cdb = (struct scsi_inquiry *)ctsio->cdb;
10079	alloc_len = scsi_2btoul(cdb->length);
10080
10081	switch (cdb->page_code) {
10082	case SVPD_SUPPORTED_PAGES:
10083		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10084		break;
10085	case SVPD_UNIT_SERIAL_NUMBER:
10086		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10087		break;
10088	case SVPD_DEVICE_ID:
10089		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10090		break;
10091	case SVPD_EXTENDED_INQUIRY_DATA:
10092		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10093		break;
10094	case SVPD_MODE_PAGE_POLICY:
10095		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10096		break;
10097	case SVPD_SCSI_PORTS:
10098		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10099		break;
10100	case SVPD_SCSI_TPC:
10101		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10102		break;
10103	case SVPD_BLOCK_LIMITS:
10104		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10105			goto err;
10106		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10107		break;
10108	case SVPD_BDC:
10109		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10110			goto err;
10111		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10112		break;
10113	case SVPD_LBP:
10114		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10115			goto err;
10116		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10117		break;
10118	default:
10119err:
10120		ctl_set_invalid_field(ctsio,
10121				      /*sks_valid*/ 1,
10122				      /*command*/ 1,
10123				      /*field*/ 2,
10124				      /*bit_valid*/ 0,
10125				      /*bit*/ 0);
10126		ctl_done((union ctl_io *)ctsio);
10127		retval = CTL_RETVAL_COMPLETE;
10128		break;
10129	}
10130
10131	return (retval);
10132}
10133
10134/*
10135 * Standard INQUIRY data.
10136 */
10137static int
10138ctl_inquiry_std(struct ctl_scsiio *ctsio)
10139{
10140	struct scsi_inquiry_data *inq_ptr;
10141	struct scsi_inquiry *cdb;
10142	struct ctl_softc *softc;
10143	struct ctl_port *port;
10144	struct ctl_lun *lun;
10145	char *val;
10146	uint32_t alloc_len, data_len;
10147	ctl_port_type port_type;
10148
10149	softc = control_softc;
10150
10151	/*
10152	 * Figure out whether we're talking to a Fibre Channel port or not.
10153	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10154	 * SCSI front ends.
10155	 */
10156	port = ctl_io_port(&ctsio->io_hdr);
10157	if (port != NULL)
10158		port_type = port->port_type;
10159	else
10160		port_type = CTL_PORT_SCSI;
10161	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10162		port_type = CTL_PORT_SCSI;
10163
10164	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10165	cdb = (struct scsi_inquiry *)ctsio->cdb;
10166	alloc_len = scsi_2btoul(cdb->length);
10167
10168	/*
10169	 * We malloc the full inquiry data size here and fill it
10170	 * in.  If the user only asks for less, we'll give him
10171	 * that much.
10172	 */
10173	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10174	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10175	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10176	ctsio->kern_sg_entries = 0;
10177	ctsio->kern_data_resid = 0;
10178	ctsio->kern_rel_offset = 0;
10179
10180	if (data_len < alloc_len) {
10181		ctsio->residual = alloc_len - data_len;
10182		ctsio->kern_data_len = data_len;
10183		ctsio->kern_total_len = data_len;
10184	} else {
10185		ctsio->residual = 0;
10186		ctsio->kern_data_len = alloc_len;
10187		ctsio->kern_total_len = alloc_len;
10188	}
10189
10190	if (lun != NULL) {
10191		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10192		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10193			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10194			    lun->be_lun->lun_type;
10195		} else {
10196			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10197			    lun->be_lun->lun_type;
10198		}
10199	} else
10200		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10201
10202	/* RMB in byte 2 is 0 */
10203	inq_ptr->version = SCSI_REV_SPC4;
10204
10205	/*
10206	 * According to SAM-3, even if a device only supports a single
10207	 * level of LUN addressing, it should still set the HISUP bit:
10208	 *
10209	 * 4.9.1 Logical unit numbers overview
10210	 *
10211	 * All logical unit number formats described in this standard are
10212	 * hierarchical in structure even when only a single level in that
10213	 * hierarchy is used. The HISUP bit shall be set to one in the
10214	 * standard INQUIRY data (see SPC-2) when any logical unit number
10215	 * format described in this standard is used.  Non-hierarchical
10216	 * formats are outside the scope of this standard.
10217	 *
10218	 * Therefore we set the HiSup bit here.
10219	 *
10220	 * The reponse format is 2, per SPC-3.
10221	 */
10222	inq_ptr->response_format = SID_HiSup | 2;
10223
10224	inq_ptr->additional_length = data_len -
10225	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10226	CTL_DEBUG_PRINT(("additional_length = %d\n",
10227			 inq_ptr->additional_length));
10228
10229	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10230	/* 16 bit addressing */
10231	if (port_type == CTL_PORT_SCSI)
10232		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10233	/* XXX set the SID_MultiP bit here if we're actually going to
10234	   respond on multiple ports */
10235	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10236
10237	/* 16 bit data bus, synchronous transfers */
10238	if (port_type == CTL_PORT_SCSI)
10239		inq_ptr->flags = SID_WBus16 | SID_Sync;
10240	/*
10241	 * XXX KDM do we want to support tagged queueing on the control
10242	 * device at all?
10243	 */
10244	if ((lun == NULL)
10245	 || (lun->be_lun->lun_type != T_PROCESSOR))
10246		inq_ptr->flags |= SID_CmdQue;
10247	/*
10248	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10249	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10250	 * name and 4 bytes for the revision.
10251	 */
10252	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10253	    "vendor")) == NULL) {
10254		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10255	} else {
10256		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10257		strncpy(inq_ptr->vendor, val,
10258		    min(sizeof(inq_ptr->vendor), strlen(val)));
10259	}
10260	if (lun == NULL) {
10261		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10262		    sizeof(inq_ptr->product));
10263	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10264		switch (lun->be_lun->lun_type) {
10265		case T_DIRECT:
10266			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10267			    sizeof(inq_ptr->product));
10268			break;
10269		case T_PROCESSOR:
10270			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10271			    sizeof(inq_ptr->product));
10272			break;
10273		default:
10274			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10275			    sizeof(inq_ptr->product));
10276			break;
10277		}
10278	} else {
10279		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10280		strncpy(inq_ptr->product, val,
10281		    min(sizeof(inq_ptr->product), strlen(val)));
10282	}
10283
10284	/*
10285	 * XXX make this a macro somewhere so it automatically gets
10286	 * incremented when we make changes.
10287	 */
10288	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10289	    "revision")) == NULL) {
10290		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10291	} else {
10292		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10293		strncpy(inq_ptr->revision, val,
10294		    min(sizeof(inq_ptr->revision), strlen(val)));
10295	}
10296
10297	/*
10298	 * For parallel SCSI, we support double transition and single
10299	 * transition clocking.  We also support QAS (Quick Arbitration
10300	 * and Selection) and Information Unit transfers on both the
10301	 * control and array devices.
10302	 */
10303	if (port_type == CTL_PORT_SCSI)
10304		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10305				    SID_SPI_IUS;
10306
10307	/* SAM-5 (no version claimed) */
10308	scsi_ulto2b(0x00A0, inq_ptr->version1);
10309	/* SPC-4 (no version claimed) */
10310	scsi_ulto2b(0x0460, inq_ptr->version2);
10311	if (port_type == CTL_PORT_FC) {
10312		/* FCP-2 ANSI INCITS.350:2003 */
10313		scsi_ulto2b(0x0917, inq_ptr->version3);
10314	} else if (port_type == CTL_PORT_SCSI) {
10315		/* SPI-4 ANSI INCITS.362:200x */
10316		scsi_ulto2b(0x0B56, inq_ptr->version3);
10317	} else if (port_type == CTL_PORT_ISCSI) {
10318		/* iSCSI (no version claimed) */
10319		scsi_ulto2b(0x0960, inq_ptr->version3);
10320	} else if (port_type == CTL_PORT_SAS) {
10321		/* SAS (no version claimed) */
10322		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10323	}
10324
10325	if (lun == NULL) {
10326		/* SBC-4 (no version claimed) */
10327		scsi_ulto2b(0x0600, inq_ptr->version4);
10328	} else {
10329		switch (lun->be_lun->lun_type) {
10330		case T_DIRECT:
10331			/* SBC-4 (no version claimed) */
10332			scsi_ulto2b(0x0600, inq_ptr->version4);
10333			break;
10334		case T_PROCESSOR:
10335		default:
10336			break;
10337		}
10338	}
10339
10340	ctl_set_success(ctsio);
10341	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10342	ctsio->be_move_done = ctl_config_move_done;
10343	ctl_datamove((union ctl_io *)ctsio);
10344	return (CTL_RETVAL_COMPLETE);
10345}
10346
10347int
10348ctl_inquiry(struct ctl_scsiio *ctsio)
10349{
10350	struct scsi_inquiry *cdb;
10351	int retval;
10352
10353	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10354
10355	cdb = (struct scsi_inquiry *)ctsio->cdb;
10356	if (cdb->byte2 & SI_EVPD)
10357		retval = ctl_inquiry_evpd(ctsio);
10358	else if (cdb->page_code == 0)
10359		retval = ctl_inquiry_std(ctsio);
10360	else {
10361		ctl_set_invalid_field(ctsio,
10362				      /*sks_valid*/ 1,
10363				      /*command*/ 1,
10364				      /*field*/ 2,
10365				      /*bit_valid*/ 0,
10366				      /*bit*/ 0);
10367		ctl_done((union ctl_io *)ctsio);
10368		return (CTL_RETVAL_COMPLETE);
10369	}
10370
10371	return (retval);
10372}
10373
10374/*
10375 * For known CDB types, parse the LBA and length.
10376 */
10377static int
10378ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10379{
10380	if (io->io_hdr.io_type != CTL_IO_SCSI)
10381		return (1);
10382
10383	switch (io->scsiio.cdb[0]) {
10384	case COMPARE_AND_WRITE: {
10385		struct scsi_compare_and_write *cdb;
10386
10387		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10388
10389		*lba = scsi_8btou64(cdb->addr);
10390		*len = cdb->length;
10391		break;
10392	}
10393	case READ_6:
10394	case WRITE_6: {
10395		struct scsi_rw_6 *cdb;
10396
10397		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10398
10399		*lba = scsi_3btoul(cdb->addr);
10400		/* only 5 bits are valid in the most significant address byte */
10401		*lba &= 0x1fffff;
10402		*len = cdb->length;
10403		break;
10404	}
10405	case READ_10:
10406	case WRITE_10: {
10407		struct scsi_rw_10 *cdb;
10408
10409		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10410
10411		*lba = scsi_4btoul(cdb->addr);
10412		*len = scsi_2btoul(cdb->length);
10413		break;
10414	}
10415	case WRITE_VERIFY_10: {
10416		struct scsi_write_verify_10 *cdb;
10417
10418		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10419
10420		*lba = scsi_4btoul(cdb->addr);
10421		*len = scsi_2btoul(cdb->length);
10422		break;
10423	}
10424	case READ_12:
10425	case WRITE_12: {
10426		struct scsi_rw_12 *cdb;
10427
10428		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10429
10430		*lba = scsi_4btoul(cdb->addr);
10431		*len = scsi_4btoul(cdb->length);
10432		break;
10433	}
10434	case WRITE_VERIFY_12: {
10435		struct scsi_write_verify_12 *cdb;
10436
10437		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10438
10439		*lba = scsi_4btoul(cdb->addr);
10440		*len = scsi_4btoul(cdb->length);
10441		break;
10442	}
10443	case READ_16:
10444	case WRITE_16:
10445	case WRITE_ATOMIC_16: {
10446		struct scsi_rw_16 *cdb;
10447
10448		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10449
10450		*lba = scsi_8btou64(cdb->addr);
10451		*len = scsi_4btoul(cdb->length);
10452		break;
10453	}
10454	case WRITE_VERIFY_16: {
10455		struct scsi_write_verify_16 *cdb;
10456
10457		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10458
10459		*lba = scsi_8btou64(cdb->addr);
10460		*len = scsi_4btoul(cdb->length);
10461		break;
10462	}
10463	case WRITE_SAME_10: {
10464		struct scsi_write_same_10 *cdb;
10465
10466		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10467
10468		*lba = scsi_4btoul(cdb->addr);
10469		*len = scsi_2btoul(cdb->length);
10470		break;
10471	}
10472	case WRITE_SAME_16: {
10473		struct scsi_write_same_16 *cdb;
10474
10475		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10476
10477		*lba = scsi_8btou64(cdb->addr);
10478		*len = scsi_4btoul(cdb->length);
10479		break;
10480	}
10481	case VERIFY_10: {
10482		struct scsi_verify_10 *cdb;
10483
10484		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10485
10486		*lba = scsi_4btoul(cdb->addr);
10487		*len = scsi_2btoul(cdb->length);
10488		break;
10489	}
10490	case VERIFY_12: {
10491		struct scsi_verify_12 *cdb;
10492
10493		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10494
10495		*lba = scsi_4btoul(cdb->addr);
10496		*len = scsi_4btoul(cdb->length);
10497		break;
10498	}
10499	case VERIFY_16: {
10500		struct scsi_verify_16 *cdb;
10501
10502		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10503
10504		*lba = scsi_8btou64(cdb->addr);
10505		*len = scsi_4btoul(cdb->length);
10506		break;
10507	}
10508	case UNMAP: {
10509		*lba = 0;
10510		*len = UINT64_MAX;
10511		break;
10512	}
10513	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10514		struct scsi_get_lba_status *cdb;
10515
10516		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10517		*lba = scsi_8btou64(cdb->addr);
10518		*len = UINT32_MAX;
10519		break;
10520	}
10521	default:
10522		return (1);
10523		break; /* NOTREACHED */
10524	}
10525
10526	return (0);
10527}
10528
10529static ctl_action
10530ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10531    bool seq)
10532{
10533	uint64_t endlba1, endlba2;
10534
10535	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10536	endlba2 = lba2 + len2 - 1;
10537
10538	if ((endlba1 < lba2) || (endlba2 < lba1))
10539		return (CTL_ACTION_PASS);
10540	else
10541		return (CTL_ACTION_BLOCK);
10542}
10543
10544static int
10545ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10546{
10547	struct ctl_ptr_len_flags *ptrlen;
10548	struct scsi_unmap_desc *buf, *end, *range;
10549	uint64_t lba;
10550	uint32_t len;
10551
10552	/* If not UNMAP -- go other way. */
10553	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10554	    io->scsiio.cdb[0] != UNMAP)
10555		return (CTL_ACTION_ERROR);
10556
10557	/* If UNMAP without data -- block and wait for data. */
10558	ptrlen = (struct ctl_ptr_len_flags *)
10559	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10560	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10561	    ptrlen->ptr == NULL)
10562		return (CTL_ACTION_BLOCK);
10563
10564	/* UNMAP with data -- check for collision. */
10565	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10566	end = buf + ptrlen->len / sizeof(*buf);
10567	for (range = buf; range < end; range++) {
10568		lba = scsi_8btou64(range->lba);
10569		len = scsi_4btoul(range->length);
10570		if ((lba < lba2 + len2) && (lba + len > lba2))
10571			return (CTL_ACTION_BLOCK);
10572	}
10573	return (CTL_ACTION_PASS);
10574}
10575
10576static ctl_action
10577ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10578{
10579	uint64_t lba1, lba2;
10580	uint64_t len1, len2;
10581	int retval;
10582
10583	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10584		return (CTL_ACTION_ERROR);
10585
10586	retval = ctl_extent_check_unmap(io1, lba2, len2);
10587	if (retval != CTL_ACTION_ERROR)
10588		return (retval);
10589
10590	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10591		return (CTL_ACTION_ERROR);
10592
10593	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10594		seq = FALSE;
10595	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10596}
10597
10598static ctl_action
10599ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10600{
10601	uint64_t lba1, lba2;
10602	uint64_t len1, len2;
10603
10604	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10605		return (CTL_ACTION_PASS);
10606	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10607		return (CTL_ACTION_ERROR);
10608	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10609		return (CTL_ACTION_ERROR);
10610
10611	if (lba1 + len1 == lba2)
10612		return (CTL_ACTION_BLOCK);
10613	return (CTL_ACTION_PASS);
10614}
10615
10616static ctl_action
10617ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10618    union ctl_io *ooa_io)
10619{
10620	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10621	ctl_serialize_action *serialize_row;
10622
10623	/*
10624	 * The initiator attempted multiple untagged commands at the same
10625	 * time.  Can't do that.
10626	 */
10627	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10628	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10629	 && ((pending_io->io_hdr.nexus.targ_port ==
10630	      ooa_io->io_hdr.nexus.targ_port)
10631	  && (pending_io->io_hdr.nexus.initid ==
10632	      ooa_io->io_hdr.nexus.initid))
10633	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10634	      CTL_FLAG_STATUS_SENT)) == 0))
10635		return (CTL_ACTION_OVERLAP);
10636
10637	/*
10638	 * The initiator attempted to send multiple tagged commands with
10639	 * the same ID.  (It's fine if different initiators have the same
10640	 * tag ID.)
10641	 *
10642	 * Even if all of those conditions are true, we don't kill the I/O
10643	 * if the command ahead of us has been aborted.  We won't end up
10644	 * sending it to the FETD, and it's perfectly legal to resend a
10645	 * command with the same tag number as long as the previous
10646	 * instance of this tag number has been aborted somehow.
10647	 */
10648	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10649	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10650	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10651	 && ((pending_io->io_hdr.nexus.targ_port ==
10652	      ooa_io->io_hdr.nexus.targ_port)
10653	  && (pending_io->io_hdr.nexus.initid ==
10654	      ooa_io->io_hdr.nexus.initid))
10655	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10656	      CTL_FLAG_STATUS_SENT)) == 0))
10657		return (CTL_ACTION_OVERLAP_TAG);
10658
10659	/*
10660	 * If we get a head of queue tag, SAM-3 says that we should
10661	 * immediately execute it.
10662	 *
10663	 * What happens if this command would normally block for some other
10664	 * reason?  e.g. a request sense with a head of queue tag
10665	 * immediately after a write.  Normally that would block, but this
10666	 * will result in its getting executed immediately...
10667	 *
10668	 * We currently return "pass" instead of "skip", so we'll end up
10669	 * going through the rest of the queue to check for overlapped tags.
10670	 *
10671	 * XXX KDM check for other types of blockage first??
10672	 */
10673	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10674		return (CTL_ACTION_PASS);
10675
10676	/*
10677	 * Ordered tags have to block until all items ahead of them
10678	 * have completed.  If we get called with an ordered tag, we always
10679	 * block, if something else is ahead of us in the queue.
10680	 */
10681	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10682		return (CTL_ACTION_BLOCK);
10683
10684	/*
10685	 * Simple tags get blocked until all head of queue and ordered tags
10686	 * ahead of them have completed.  I'm lumping untagged commands in
10687	 * with simple tags here.  XXX KDM is that the right thing to do?
10688	 */
10689	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10690	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10691	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10692	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10693		return (CTL_ACTION_BLOCK);
10694
10695	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10696	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10697
10698	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10699
10700	switch (serialize_row[pending_entry->seridx]) {
10701	case CTL_SER_BLOCK:
10702		return (CTL_ACTION_BLOCK);
10703	case CTL_SER_EXTENT:
10704		return (ctl_extent_check(ooa_io, pending_io,
10705		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10706	case CTL_SER_EXTENTOPT:
10707		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10708		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10709			return (ctl_extent_check(ooa_io, pending_io,
10710			    (lun->be_lun &&
10711			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10712		return (CTL_ACTION_PASS);
10713	case CTL_SER_EXTENTSEQ:
10714		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10715			return (ctl_extent_check_seq(ooa_io, pending_io));
10716		return (CTL_ACTION_PASS);
10717	case CTL_SER_PASS:
10718		return (CTL_ACTION_PASS);
10719	case CTL_SER_BLOCKOPT:
10720		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10721		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10722			return (CTL_ACTION_BLOCK);
10723		return (CTL_ACTION_PASS);
10724	case CTL_SER_SKIP:
10725		return (CTL_ACTION_SKIP);
10726	default:
10727		panic("invalid serialization value %d",
10728		      serialize_row[pending_entry->seridx]);
10729	}
10730
10731	return (CTL_ACTION_ERROR);
10732}
10733
10734/*
10735 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10736 * Assumptions:
10737 * - pending_io is generally either incoming, or on the blocked queue
10738 * - starting I/O is the I/O we want to start the check with.
10739 */
10740static ctl_action
10741ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10742	      union ctl_io *starting_io)
10743{
10744	union ctl_io *ooa_io;
10745	ctl_action action;
10746
10747	mtx_assert(&lun->lun_lock, MA_OWNED);
10748
10749	/*
10750	 * Run back along the OOA queue, starting with the current
10751	 * blocked I/O and going through every I/O before it on the
10752	 * queue.  If starting_io is NULL, we'll just end up returning
10753	 * CTL_ACTION_PASS.
10754	 */
10755	for (ooa_io = starting_io; ooa_io != NULL;
10756	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10757	     ooa_links)){
10758
10759		/*
10760		 * This routine just checks to see whether
10761		 * cur_blocked is blocked by ooa_io, which is ahead
10762		 * of it in the queue.  It doesn't queue/dequeue
10763		 * cur_blocked.
10764		 */
10765		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10766		switch (action) {
10767		case CTL_ACTION_BLOCK:
10768		case CTL_ACTION_OVERLAP:
10769		case CTL_ACTION_OVERLAP_TAG:
10770		case CTL_ACTION_SKIP:
10771		case CTL_ACTION_ERROR:
10772			return (action);
10773			break; /* NOTREACHED */
10774		case CTL_ACTION_PASS:
10775			break;
10776		default:
10777			panic("invalid action %d", action);
10778			break;  /* NOTREACHED */
10779		}
10780	}
10781
10782	return (CTL_ACTION_PASS);
10783}
10784
10785/*
10786 * Assumptions:
10787 * - An I/O has just completed, and has been removed from the per-LUN OOA
10788 *   queue, so some items on the blocked queue may now be unblocked.
10789 */
10790static int
10791ctl_check_blocked(struct ctl_lun *lun)
10792{
10793	struct ctl_softc *softc = lun->ctl_softc;
10794	union ctl_io *cur_blocked, *next_blocked;
10795
10796	mtx_assert(&lun->lun_lock, MA_OWNED);
10797
10798	/*
10799	 * Run forward from the head of the blocked queue, checking each
10800	 * entry against the I/Os prior to it on the OOA queue to see if
10801	 * there is still any blockage.
10802	 *
10803	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10804	 * with our removing a variable on it while it is traversing the
10805	 * list.
10806	 */
10807	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10808	     cur_blocked != NULL; cur_blocked = next_blocked) {
10809		union ctl_io *prev_ooa;
10810		ctl_action action;
10811
10812		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10813							  blocked_links);
10814
10815		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10816						      ctl_ooaq, ooa_links);
10817
10818		/*
10819		 * If cur_blocked happens to be the first item in the OOA
10820		 * queue now, prev_ooa will be NULL, and the action
10821		 * returned will just be CTL_ACTION_PASS.
10822		 */
10823		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10824
10825		switch (action) {
10826		case CTL_ACTION_BLOCK:
10827			/* Nothing to do here, still blocked */
10828			break;
10829		case CTL_ACTION_OVERLAP:
10830		case CTL_ACTION_OVERLAP_TAG:
10831			/*
10832			 * This shouldn't happen!  In theory we've already
10833			 * checked this command for overlap...
10834			 */
10835			break;
10836		case CTL_ACTION_PASS:
10837		case CTL_ACTION_SKIP: {
10838			const struct ctl_cmd_entry *entry;
10839
10840			/*
10841			 * The skip case shouldn't happen, this transaction
10842			 * should have never made it onto the blocked queue.
10843			 */
10844			/*
10845			 * This I/O is no longer blocked, we can remove it
10846			 * from the blocked queue.  Since this is a TAILQ
10847			 * (doubly linked list), we can do O(1) removals
10848			 * from any place on the list.
10849			 */
10850			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
10851				     blocked_links);
10852			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
10853
10854			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
10855			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
10856				/*
10857				 * Need to send IO back to original side to
10858				 * run
10859				 */
10860				union ctl_ha_msg msg_info;
10861
10862				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
10863				msg_info.hdr.original_sc =
10864					cur_blocked->io_hdr.original_sc;
10865				msg_info.hdr.serializing_sc = cur_blocked;
10866				msg_info.hdr.msg_type = CTL_MSG_R2R;
10867				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
10868				    sizeof(msg_info.hdr), M_NOWAIT);
10869				break;
10870			}
10871			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
10872
10873			/*
10874			 * Check this I/O for LUN state changes that may
10875			 * have happened while this command was blocked.
10876			 * The LUN state may have been changed by a command
10877			 * ahead of us in the queue, so we need to re-check
10878			 * for any states that can be caused by SCSI
10879			 * commands.
10880			 */
10881			if (ctl_scsiio_lun_check(lun, entry,
10882						 &cur_blocked->scsiio) == 0) {
10883				cur_blocked->io_hdr.flags |=
10884				                      CTL_FLAG_IS_WAS_ON_RTR;
10885				ctl_enqueue_rtr(cur_blocked);
10886			} else
10887				ctl_done(cur_blocked);
10888			break;
10889		}
10890		default:
10891			/*
10892			 * This probably shouldn't happen -- we shouldn't
10893			 * get CTL_ACTION_ERROR, or anything else.
10894			 */
10895			break;
10896		}
10897	}
10898
10899	return (CTL_RETVAL_COMPLETE);
10900}
10901
10902/*
10903 * This routine (with one exception) checks LUN flags that can be set by
10904 * commands ahead of us in the OOA queue.  These flags have to be checked
10905 * when a command initially comes in, and when we pull a command off the
10906 * blocked queue and are preparing to execute it.  The reason we have to
10907 * check these flags for commands on the blocked queue is that the LUN
10908 * state may have been changed by a command ahead of us while we're on the
10909 * blocked queue.
10910 *
10911 * Ordering is somewhat important with these checks, so please pay
10912 * careful attention to the placement of any new checks.
10913 */
10914static int
10915ctl_scsiio_lun_check(struct ctl_lun *lun,
10916    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
10917{
10918	struct ctl_softc *softc = lun->ctl_softc;
10919	int retval;
10920	uint32_t residx;
10921
10922	retval = 0;
10923
10924	mtx_assert(&lun->lun_lock, MA_OWNED);
10925
10926	/*
10927	 * If this shelf is a secondary shelf controller, we may have to
10928	 * reject some commands disallowed by HA mode and link state.
10929	 */
10930	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
10931		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
10932		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10933			ctl_set_lun_unavail(ctsio);
10934			retval = 1;
10935			goto bailout;
10936		}
10937		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
10938		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
10939			ctl_set_lun_transit(ctsio);
10940			retval = 1;
10941			goto bailout;
10942		}
10943		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
10944		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
10945			ctl_set_lun_standby(ctsio);
10946			retval = 1;
10947			goto bailout;
10948		}
10949
10950		/* The rest of checks are only done on executing side */
10951		if (softc->ha_mode == CTL_HA_MODE_XFER)
10952			goto bailout;
10953	}
10954
10955	if (entry->pattern & CTL_LUN_PAT_WRITE) {
10956		if (lun->be_lun &&
10957		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
10958			ctl_set_hw_write_protected(ctsio);
10959			retval = 1;
10960			goto bailout;
10961		}
10962		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
10963		    .eca_and_aen & SCP_SWP) != 0) {
10964			ctl_set_sense(ctsio, /*current_error*/ 1,
10965			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
10966			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
10967			retval = 1;
10968			goto bailout;
10969		}
10970	}
10971
10972	/*
10973	 * Check for a reservation conflict.  If this command isn't allowed
10974	 * even on reserved LUNs, and if this initiator isn't the one who
10975	 * reserved us, reject the command with a reservation conflict.
10976	 */
10977	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
10978	if ((lun->flags & CTL_LUN_RESERVED)
10979	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
10980		if (lun->res_idx != residx) {
10981			ctl_set_reservation_conflict(ctsio);
10982			retval = 1;
10983			goto bailout;
10984		}
10985	}
10986
10987	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
10988	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
10989		/* No reservation or command is allowed. */;
10990	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
10991	    (lun->res_type == SPR_TYPE_WR_EX ||
10992	     lun->res_type == SPR_TYPE_WR_EX_RO ||
10993	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
10994		/* The command is allowed for Write Exclusive resv. */;
10995	} else {
10996		/*
10997		 * if we aren't registered or it's a res holder type
10998		 * reservation and this isn't the res holder then set a
10999		 * conflict.
11000		 */
11001		if (ctl_get_prkey(lun, residx) == 0
11002		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11003			ctl_set_reservation_conflict(ctsio);
11004			retval = 1;
11005			goto bailout;
11006		}
11007	}
11008
11009	if ((lun->flags & CTL_LUN_OFFLINE)
11010	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
11011		ctl_set_lun_not_ready(ctsio);
11012		retval = 1;
11013		goto bailout;
11014	}
11015
11016	if ((lun->flags & CTL_LUN_STOPPED)
11017	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11018		/* "Logical unit not ready, initializing cmd. required" */
11019		ctl_set_lun_stopped(ctsio);
11020		retval = 1;
11021		goto bailout;
11022	}
11023
11024	if ((lun->flags & CTL_LUN_INOPERABLE)
11025	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11026		/* "Medium format corrupted" */
11027		ctl_set_medium_format_corrupted(ctsio);
11028		retval = 1;
11029		goto bailout;
11030	}
11031
11032bailout:
11033	return (retval);
11034}
11035
11036static void
11037ctl_failover_io(union ctl_io *io, int have_lock)
11038{
11039	ctl_set_busy(&io->scsiio);
11040	ctl_done(io);
11041}
11042
11043static void
11044ctl_failover_lun(struct ctl_lun *lun)
11045{
11046	struct ctl_softc *softc = lun->ctl_softc;
11047	struct ctl_io_hdr *io, *next_io;
11048
11049	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
11050	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11051		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11052			/* We are master */
11053			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11054				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11055					io->flags |= CTL_FLAG_ABORT;
11056					io->flags |= CTL_FLAG_FAILOVER;
11057				} else { /* This can be only due to DATAMOVE */
11058					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11059					io->flags &= ~CTL_FLAG_DMA_INPROG;
11060					io->flags |= CTL_FLAG_IO_ACTIVE;
11061					io->port_status = 31340;
11062					ctl_enqueue_isc((union ctl_io *)io);
11063				}
11064			}
11065			/* We are slave */
11066			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11067				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11068				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11069					io->flags |= CTL_FLAG_FAILOVER;
11070				} else {
11071					ctl_set_busy(&((union ctl_io *)io)->
11072					    scsiio);
11073					ctl_done((union ctl_io *)io);
11074				}
11075			}
11076		}
11077	} else { /* SERIALIZE modes */
11078		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11079		    next_io) {
11080			/* We are master */
11081			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11082				TAILQ_REMOVE(&lun->blocked_queue, io,
11083				    blocked_links);
11084				io->flags &= ~CTL_FLAG_BLOCKED;
11085				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11086				ctl_free_io((union ctl_io *)io);
11087			}
11088		}
11089		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11090			/* We are master */
11091			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11092				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11093				ctl_free_io((union ctl_io *)io);
11094			}
11095			/* We are slave */
11096			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11097				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11098				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11099					ctl_set_busy(&((union ctl_io *)io)->
11100					    scsiio);
11101					ctl_done((union ctl_io *)io);
11102				}
11103			}
11104		}
11105		ctl_check_blocked(lun);
11106	}
11107}
11108
11109static int
11110ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11111{
11112	struct ctl_lun *lun;
11113	const struct ctl_cmd_entry *entry;
11114	uint32_t initidx, targ_lun;
11115	int retval;
11116
11117	retval = 0;
11118
11119	lun = NULL;
11120
11121	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11122	if ((targ_lun < CTL_MAX_LUNS)
11123	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11124		/*
11125		 * If the LUN is invalid, pretend that it doesn't exist.
11126		 * It will go away as soon as all pending I/O has been
11127		 * completed.
11128		 */
11129		mtx_lock(&lun->lun_lock);
11130		if (lun->flags & CTL_LUN_DISABLED) {
11131			mtx_unlock(&lun->lun_lock);
11132			lun = NULL;
11133			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11134			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11135		} else {
11136			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11137			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11138				lun->be_lun;
11139
11140			/*
11141			 * Every I/O goes into the OOA queue for a
11142			 * particular LUN, and stays there until completion.
11143			 */
11144#ifdef CTL_TIME_IO
11145			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11146				lun->idle_time += getsbinuptime() -
11147				    lun->last_busy;
11148			}
11149#endif
11150			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11151			    ooa_links);
11152		}
11153	} else {
11154		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11155		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11156	}
11157
11158	/* Get command entry and return error if it is unsuppotyed. */
11159	entry = ctl_validate_command(ctsio);
11160	if (entry == NULL) {
11161		if (lun)
11162			mtx_unlock(&lun->lun_lock);
11163		return (retval);
11164	}
11165
11166	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11167	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11168
11169	/*
11170	 * Check to see whether we can send this command to LUNs that don't
11171	 * exist.  This should pretty much only be the case for inquiry
11172	 * and request sense.  Further checks, below, really require having
11173	 * a LUN, so we can't really check the command anymore.  Just put
11174	 * it on the rtr queue.
11175	 */
11176	if (lun == NULL) {
11177		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11178			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11179			ctl_enqueue_rtr((union ctl_io *)ctsio);
11180			return (retval);
11181		}
11182
11183		ctl_set_unsupported_lun(ctsio);
11184		ctl_done((union ctl_io *)ctsio);
11185		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11186		return (retval);
11187	} else {
11188		/*
11189		 * Make sure we support this particular command on this LUN.
11190		 * e.g., we don't support writes to the control LUN.
11191		 */
11192		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11193			mtx_unlock(&lun->lun_lock);
11194			ctl_set_invalid_opcode(ctsio);
11195			ctl_done((union ctl_io *)ctsio);
11196			return (retval);
11197		}
11198	}
11199
11200	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11201
11202#ifdef CTL_WITH_CA
11203	/*
11204	 * If we've got a request sense, it'll clear the contingent
11205	 * allegiance condition.  Otherwise, if we have a CA condition for
11206	 * this initiator, clear it, because it sent down a command other
11207	 * than request sense.
11208	 */
11209	if ((ctsio->cdb[0] != REQUEST_SENSE)
11210	 && (ctl_is_set(lun->have_ca, initidx)))
11211		ctl_clear_mask(lun->have_ca, initidx);
11212#endif
11213
11214	/*
11215	 * If the command has this flag set, it handles its own unit
11216	 * attention reporting, we shouldn't do anything.  Otherwise we
11217	 * check for any pending unit attentions, and send them back to the
11218	 * initiator.  We only do this when a command initially comes in,
11219	 * not when we pull it off the blocked queue.
11220	 *
11221	 * According to SAM-3, section 5.3.2, the order that things get
11222	 * presented back to the host is basically unit attentions caused
11223	 * by some sort of reset event, busy status, reservation conflicts
11224	 * or task set full, and finally any other status.
11225	 *
11226	 * One issue here is that some of the unit attentions we report
11227	 * don't fall into the "reset" category (e.g. "reported luns data
11228	 * has changed").  So reporting it here, before the reservation
11229	 * check, may be technically wrong.  I guess the only thing to do
11230	 * would be to check for and report the reset events here, and then
11231	 * check for the other unit attention types after we check for a
11232	 * reservation conflict.
11233	 *
11234	 * XXX KDM need to fix this
11235	 */
11236	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11237		ctl_ua_type ua_type;
11238
11239		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11240		    SSD_TYPE_NONE);
11241		if (ua_type != CTL_UA_NONE) {
11242			mtx_unlock(&lun->lun_lock);
11243			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11244			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11245			ctsio->sense_len = SSD_FULL_SIZE;
11246			ctl_done((union ctl_io *)ctsio);
11247			return (retval);
11248		}
11249	}
11250
11251
11252	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11253		mtx_unlock(&lun->lun_lock);
11254		ctl_done((union ctl_io *)ctsio);
11255		return (retval);
11256	}
11257
11258	/*
11259	 * XXX CHD this is where we want to send IO to other side if
11260	 * this LUN is secondary on this SC. We will need to make a copy
11261	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11262	 * the copy we send as FROM_OTHER.
11263	 * We also need to stuff the address of the original IO so we can
11264	 * find it easily. Something similar will need be done on the other
11265	 * side so when we are done we can find the copy.
11266	 */
11267	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11268	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11269	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11270		union ctl_ha_msg msg_info;
11271		int isc_retval;
11272
11273		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11274		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11275		mtx_unlock(&lun->lun_lock);
11276
11277		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11278		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11279		msg_info.hdr.serializing_sc = NULL;
11280		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11281		msg_info.scsi.tag_num = ctsio->tag_num;
11282		msg_info.scsi.tag_type = ctsio->tag_type;
11283		msg_info.scsi.cdb_len = ctsio->cdb_len;
11284		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11285
11286		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11287		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11288		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11289			ctl_set_busy(ctsio);
11290			ctl_done((union ctl_io *)ctsio);
11291			return (retval);
11292		}
11293		return (retval);
11294	}
11295
11296	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11297			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11298			      ctl_ooaq, ooa_links))) {
11299	case CTL_ACTION_BLOCK:
11300		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11301		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11302				  blocked_links);
11303		mtx_unlock(&lun->lun_lock);
11304		return (retval);
11305	case CTL_ACTION_PASS:
11306	case CTL_ACTION_SKIP:
11307		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11308		mtx_unlock(&lun->lun_lock);
11309		ctl_enqueue_rtr((union ctl_io *)ctsio);
11310		break;
11311	case CTL_ACTION_OVERLAP:
11312		mtx_unlock(&lun->lun_lock);
11313		ctl_set_overlapped_cmd(ctsio);
11314		ctl_done((union ctl_io *)ctsio);
11315		break;
11316	case CTL_ACTION_OVERLAP_TAG:
11317		mtx_unlock(&lun->lun_lock);
11318		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11319		ctl_done((union ctl_io *)ctsio);
11320		break;
11321	case CTL_ACTION_ERROR:
11322	default:
11323		mtx_unlock(&lun->lun_lock);
11324		ctl_set_internal_failure(ctsio,
11325					 /*sks_valid*/ 0,
11326					 /*retry_count*/ 0);
11327		ctl_done((union ctl_io *)ctsio);
11328		break;
11329	}
11330	return (retval);
11331}
11332
11333const struct ctl_cmd_entry *
11334ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11335{
11336	const struct ctl_cmd_entry *entry;
11337	int service_action;
11338
11339	entry = &ctl_cmd_table[ctsio->cdb[0]];
11340	if (sa)
11341		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11342	if (entry->flags & CTL_CMD_FLAG_SA5) {
11343		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11344		entry = &((const struct ctl_cmd_entry *)
11345		    entry->execute)[service_action];
11346	}
11347	return (entry);
11348}
11349
11350const struct ctl_cmd_entry *
11351ctl_validate_command(struct ctl_scsiio *ctsio)
11352{
11353	const struct ctl_cmd_entry *entry;
11354	int i, sa;
11355	uint8_t diff;
11356
11357	entry = ctl_get_cmd_entry(ctsio, &sa);
11358	if (entry->execute == NULL) {
11359		if (sa)
11360			ctl_set_invalid_field(ctsio,
11361					      /*sks_valid*/ 1,
11362					      /*command*/ 1,
11363					      /*field*/ 1,
11364					      /*bit_valid*/ 1,
11365					      /*bit*/ 4);
11366		else
11367			ctl_set_invalid_opcode(ctsio);
11368		ctl_done((union ctl_io *)ctsio);
11369		return (NULL);
11370	}
11371	KASSERT(entry->length > 0,
11372	    ("Not defined length for command 0x%02x/0x%02x",
11373	     ctsio->cdb[0], ctsio->cdb[1]));
11374	for (i = 1; i < entry->length; i++) {
11375		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11376		if (diff == 0)
11377			continue;
11378		ctl_set_invalid_field(ctsio,
11379				      /*sks_valid*/ 1,
11380				      /*command*/ 1,
11381				      /*field*/ i,
11382				      /*bit_valid*/ 1,
11383				      /*bit*/ fls(diff) - 1);
11384		ctl_done((union ctl_io *)ctsio);
11385		return (NULL);
11386	}
11387	return (entry);
11388}
11389
11390static int
11391ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11392{
11393
11394	switch (lun_type) {
11395	case T_PROCESSOR:
11396		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11397			return (0);
11398		break;
11399	case T_DIRECT:
11400		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11401			return (0);
11402		break;
11403	default:
11404		return (0);
11405	}
11406	return (1);
11407}
11408
11409static int
11410ctl_scsiio(struct ctl_scsiio *ctsio)
11411{
11412	int retval;
11413	const struct ctl_cmd_entry *entry;
11414
11415	retval = CTL_RETVAL_COMPLETE;
11416
11417	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11418
11419	entry = ctl_get_cmd_entry(ctsio, NULL);
11420
11421	/*
11422	 * If this I/O has been aborted, just send it straight to
11423	 * ctl_done() without executing it.
11424	 */
11425	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11426		ctl_done((union ctl_io *)ctsio);
11427		goto bailout;
11428	}
11429
11430	/*
11431	 * All the checks should have been handled by ctl_scsiio_precheck().
11432	 * We should be clear now to just execute the I/O.
11433	 */
11434	retval = entry->execute(ctsio);
11435
11436bailout:
11437	return (retval);
11438}
11439
11440/*
11441 * Since we only implement one target right now, a bus reset simply resets
11442 * our single target.
11443 */
11444static int
11445ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11446{
11447	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11448}
11449
11450static int
11451ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11452		 ctl_ua_type ua_type)
11453{
11454	struct ctl_port *port;
11455	struct ctl_lun *lun;
11456	int retval;
11457
11458	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11459		union ctl_ha_msg msg_info;
11460
11461		msg_info.hdr.nexus = io->io_hdr.nexus;
11462		if (ua_type==CTL_UA_TARG_RESET)
11463			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11464		else
11465			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11466		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11467		msg_info.hdr.original_sc = NULL;
11468		msg_info.hdr.serializing_sc = NULL;
11469		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11470		    sizeof(msg_info.task), M_WAITOK);
11471	}
11472	retval = 0;
11473
11474	mtx_lock(&softc->ctl_lock);
11475	port = softc->ctl_ports[io->io_hdr.nexus.targ_port];
11476	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11477		if (port != NULL &&
11478		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11479			continue;
11480		retval += ctl_do_lun_reset(lun, io, ua_type);
11481	}
11482	mtx_unlock(&softc->ctl_lock);
11483	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11484	return (retval);
11485}
11486
11487/*
11488 * The LUN should always be set.  The I/O is optional, and is used to
11489 * distinguish between I/Os sent by this initiator, and by other
11490 * initiators.  We set unit attention for initiators other than this one.
11491 * SAM-3 is vague on this point.  It does say that a unit attention should
11492 * be established for other initiators when a LUN is reset (see section
11493 * 5.7.3), but it doesn't specifically say that the unit attention should
11494 * be established for this particular initiator when a LUN is reset.  Here
11495 * is the relevant text, from SAM-3 rev 8:
11496 *
11497 * 5.7.2 When a SCSI initiator port aborts its own tasks
11498 *
11499 * When a SCSI initiator port causes its own task(s) to be aborted, no
11500 * notification that the task(s) have been aborted shall be returned to
11501 * the SCSI initiator port other than the completion response for the
11502 * command or task management function action that caused the task(s) to
11503 * be aborted and notification(s) associated with related effects of the
11504 * action (e.g., a reset unit attention condition).
11505 *
11506 * XXX KDM for now, we're setting unit attention for all initiators.
11507 */
11508static int
11509ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11510{
11511	union ctl_io *xio;
11512#if 0
11513	uint32_t initidx;
11514#endif
11515#ifdef CTL_WITH_CA
11516	int i;
11517#endif
11518
11519	mtx_lock(&lun->lun_lock);
11520	/*
11521	 * Run through the OOA queue and abort each I/O.
11522	 */
11523	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11524	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11525		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11526	}
11527
11528	/*
11529	 * This version sets unit attention for every
11530	 */
11531#if 0
11532	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11533	ctl_est_ua_all(lun, initidx, ua_type);
11534#else
11535	ctl_est_ua_all(lun, -1, ua_type);
11536#endif
11537
11538	/*
11539	 * A reset (any kind, really) clears reservations established with
11540	 * RESERVE/RELEASE.  It does not clear reservations established
11541	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11542	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11543	 * reservations made with the RESERVE/RELEASE commands, because
11544	 * those commands are obsolete in SPC-3.
11545	 */
11546	lun->flags &= ~CTL_LUN_RESERVED;
11547
11548#ifdef CTL_WITH_CA
11549	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11550		ctl_clear_mask(lun->have_ca, i);
11551#endif
11552	mtx_unlock(&lun->lun_lock);
11553
11554	return (0);
11555}
11556
11557static int
11558ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11559{
11560	struct ctl_lun *lun;
11561	uint32_t targ_lun;
11562	int retval;
11563
11564	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11565	mtx_lock(&softc->ctl_lock);
11566	if ((targ_lun >= CTL_MAX_LUNS) ||
11567	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11568		mtx_unlock(&softc->ctl_lock);
11569		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11570		return (1);
11571	}
11572	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11573	mtx_unlock(&softc->ctl_lock);
11574	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11575
11576	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11577		union ctl_ha_msg msg_info;
11578
11579		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11580		msg_info.hdr.nexus = io->io_hdr.nexus;
11581		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11582		msg_info.hdr.original_sc = NULL;
11583		msg_info.hdr.serializing_sc = NULL;
11584		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11585		    sizeof(msg_info.task), M_WAITOK);
11586	}
11587	return (retval);
11588}
11589
11590static void
11591ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11592    int other_sc)
11593{
11594	union ctl_io *xio;
11595
11596	mtx_assert(&lun->lun_lock, MA_OWNED);
11597
11598	/*
11599	 * Run through the OOA queue and attempt to find the given I/O.
11600	 * The target port, initiator ID, tag type and tag number have to
11601	 * match the values that we got from the initiator.  If we have an
11602	 * untagged command to abort, simply abort the first untagged command
11603	 * we come to.  We only allow one untagged command at a time of course.
11604	 */
11605	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11606	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11607
11608		if ((targ_port == UINT32_MAX ||
11609		     targ_port == xio->io_hdr.nexus.targ_port) &&
11610		    (init_id == UINT32_MAX ||
11611		     init_id == xio->io_hdr.nexus.initid)) {
11612			if (targ_port != xio->io_hdr.nexus.targ_port ||
11613			    init_id != xio->io_hdr.nexus.initid)
11614				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11615			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11616			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11617				union ctl_ha_msg msg_info;
11618
11619				msg_info.hdr.nexus = xio->io_hdr.nexus;
11620				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11621				msg_info.task.tag_num = xio->scsiio.tag_num;
11622				msg_info.task.tag_type = xio->scsiio.tag_type;
11623				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11624				msg_info.hdr.original_sc = NULL;
11625				msg_info.hdr.serializing_sc = NULL;
11626				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11627				    sizeof(msg_info.task), M_NOWAIT);
11628			}
11629		}
11630	}
11631}
11632
11633static int
11634ctl_abort_task_set(union ctl_io *io)
11635{
11636	struct ctl_softc *softc = control_softc;
11637	struct ctl_lun *lun;
11638	uint32_t targ_lun;
11639
11640	/*
11641	 * Look up the LUN.
11642	 */
11643	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11644	mtx_lock(&softc->ctl_lock);
11645	if ((targ_lun >= CTL_MAX_LUNS) ||
11646	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11647		mtx_unlock(&softc->ctl_lock);
11648		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11649		return (1);
11650	}
11651
11652	mtx_lock(&lun->lun_lock);
11653	mtx_unlock(&softc->ctl_lock);
11654	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11655		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11656		    io->io_hdr.nexus.initid,
11657		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11658	} else { /* CTL_TASK_CLEAR_TASK_SET */
11659		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11660		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11661	}
11662	mtx_unlock(&lun->lun_lock);
11663	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11664	return (0);
11665}
11666
11667static int
11668ctl_i_t_nexus_reset(union ctl_io *io)
11669{
11670	struct ctl_softc *softc = control_softc;
11671	struct ctl_lun *lun;
11672	uint32_t initidx;
11673
11674	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11675		union ctl_ha_msg msg_info;
11676
11677		msg_info.hdr.nexus = io->io_hdr.nexus;
11678		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11679		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11680		msg_info.hdr.original_sc = NULL;
11681		msg_info.hdr.serializing_sc = NULL;
11682		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11683		    sizeof(msg_info.task), M_WAITOK);
11684	}
11685
11686	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11687	mtx_lock(&softc->ctl_lock);
11688	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11689		mtx_lock(&lun->lun_lock);
11690		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11691		    io->io_hdr.nexus.initid, 1);
11692#ifdef CTL_WITH_CA
11693		ctl_clear_mask(lun->have_ca, initidx);
11694#endif
11695		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11696			lun->flags &= ~CTL_LUN_RESERVED;
11697		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11698		mtx_unlock(&lun->lun_lock);
11699	}
11700	mtx_unlock(&softc->ctl_lock);
11701	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11702	return (0);
11703}
11704
11705static int
11706ctl_abort_task(union ctl_io *io)
11707{
11708	union ctl_io *xio;
11709	struct ctl_lun *lun;
11710	struct ctl_softc *softc;
11711#if 0
11712	struct sbuf sb;
11713	char printbuf[128];
11714#endif
11715	int found;
11716	uint32_t targ_lun;
11717
11718	softc = control_softc;
11719	found = 0;
11720
11721	/*
11722	 * Look up the LUN.
11723	 */
11724	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11725	mtx_lock(&softc->ctl_lock);
11726	if ((targ_lun >= CTL_MAX_LUNS) ||
11727	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11728		mtx_unlock(&softc->ctl_lock);
11729		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11730		return (1);
11731	}
11732
11733#if 0
11734	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11735	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11736#endif
11737
11738	mtx_lock(&lun->lun_lock);
11739	mtx_unlock(&softc->ctl_lock);
11740	/*
11741	 * Run through the OOA queue and attempt to find the given I/O.
11742	 * The target port, initiator ID, tag type and tag number have to
11743	 * match the values that we got from the initiator.  If we have an
11744	 * untagged command to abort, simply abort the first untagged command
11745	 * we come to.  We only allow one untagged command at a time of course.
11746	 */
11747	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11748	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11749#if 0
11750		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11751
11752		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11753			    lun->lun, xio->scsiio.tag_num,
11754			    xio->scsiio.tag_type,
11755			    (xio->io_hdr.blocked_links.tqe_prev
11756			    == NULL) ? "" : " BLOCKED",
11757			    (xio->io_hdr.flags &
11758			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11759			    (xio->io_hdr.flags &
11760			    CTL_FLAG_ABORT) ? " ABORT" : "",
11761			    (xio->io_hdr.flags &
11762			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11763		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11764		sbuf_finish(&sb);
11765		printf("%s\n", sbuf_data(&sb));
11766#endif
11767
11768		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11769		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11770		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11771			continue;
11772
11773		/*
11774		 * If the abort says that the task is untagged, the
11775		 * task in the queue must be untagged.  Otherwise,
11776		 * we just check to see whether the tag numbers
11777		 * match.  This is because the QLogic firmware
11778		 * doesn't pass back the tag type in an abort
11779		 * request.
11780		 */
11781#if 0
11782		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11783		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11784		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11785#endif
11786		/*
11787		 * XXX KDM we've got problems with FC, because it
11788		 * doesn't send down a tag type with aborts.  So we
11789		 * can only really go by the tag number...
11790		 * This may cause problems with parallel SCSI.
11791		 * Need to figure that out!!
11792		 */
11793		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11794			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11795			found = 1;
11796			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11797			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11798				union ctl_ha_msg msg_info;
11799
11800				msg_info.hdr.nexus = io->io_hdr.nexus;
11801				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11802				msg_info.task.tag_num = io->taskio.tag_num;
11803				msg_info.task.tag_type = io->taskio.tag_type;
11804				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11805				msg_info.hdr.original_sc = NULL;
11806				msg_info.hdr.serializing_sc = NULL;
11807#if 0
11808				printf("Sent Abort to other side\n");
11809#endif
11810				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11811				    sizeof(msg_info.task), M_NOWAIT);
11812			}
11813#if 0
11814			printf("ctl_abort_task: found I/O to abort\n");
11815#endif
11816		}
11817	}
11818	mtx_unlock(&lun->lun_lock);
11819
11820	if (found == 0) {
11821		/*
11822		 * This isn't really an error.  It's entirely possible for
11823		 * the abort and command completion to cross on the wire.
11824		 * This is more of an informative/diagnostic error.
11825		 */
11826#if 0
11827		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
11828		       "%u:%u:%u tag %d type %d\n",
11829		       io->io_hdr.nexus.initid,
11830		       io->io_hdr.nexus.targ_port,
11831		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
11832		       io->taskio.tag_type);
11833#endif
11834	}
11835	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11836	return (0);
11837}
11838
11839static int
11840ctl_query_task(union ctl_io *io, int task_set)
11841{
11842	union ctl_io *xio;
11843	struct ctl_lun *lun;
11844	struct ctl_softc *softc;
11845	int found = 0;
11846	uint32_t targ_lun;
11847
11848	softc = control_softc;
11849	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11850	mtx_lock(&softc->ctl_lock);
11851	if ((targ_lun >= CTL_MAX_LUNS) ||
11852	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11853		mtx_unlock(&softc->ctl_lock);
11854		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11855		return (1);
11856	}
11857	mtx_lock(&lun->lun_lock);
11858	mtx_unlock(&softc->ctl_lock);
11859	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11860	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11861
11862		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11863		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11864		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11865			continue;
11866
11867		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
11868			found = 1;
11869			break;
11870		}
11871	}
11872	mtx_unlock(&lun->lun_lock);
11873	if (found)
11874		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11875	else
11876		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11877	return (0);
11878}
11879
11880static int
11881ctl_query_async_event(union ctl_io *io)
11882{
11883	struct ctl_lun *lun;
11884	struct ctl_softc *softc;
11885	ctl_ua_type ua;
11886	uint32_t targ_lun, initidx;
11887
11888	softc = control_softc;
11889	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11890	mtx_lock(&softc->ctl_lock);
11891	if ((targ_lun >= CTL_MAX_LUNS) ||
11892	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11893		mtx_unlock(&softc->ctl_lock);
11894		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11895		return (1);
11896	}
11897	mtx_lock(&lun->lun_lock);
11898	mtx_unlock(&softc->ctl_lock);
11899	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11900	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
11901	mtx_unlock(&lun->lun_lock);
11902	if (ua != CTL_UA_NONE)
11903		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
11904	else
11905		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11906	return (0);
11907}
11908
11909static void
11910ctl_run_task(union ctl_io *io)
11911{
11912	struct ctl_softc *softc = control_softc;
11913	int retval = 1;
11914
11915	CTL_DEBUG_PRINT(("ctl_run_task\n"));
11916	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
11917	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
11918	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
11919	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
11920	switch (io->taskio.task_action) {
11921	case CTL_TASK_ABORT_TASK:
11922		retval = ctl_abort_task(io);
11923		break;
11924	case CTL_TASK_ABORT_TASK_SET:
11925	case CTL_TASK_CLEAR_TASK_SET:
11926		retval = ctl_abort_task_set(io);
11927		break;
11928	case CTL_TASK_CLEAR_ACA:
11929		break;
11930	case CTL_TASK_I_T_NEXUS_RESET:
11931		retval = ctl_i_t_nexus_reset(io);
11932		break;
11933	case CTL_TASK_LUN_RESET:
11934		retval = ctl_lun_reset(softc, io);
11935		break;
11936	case CTL_TASK_TARGET_RESET:
11937		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
11938		break;
11939	case CTL_TASK_BUS_RESET:
11940		retval = ctl_bus_reset(softc, io);
11941		break;
11942	case CTL_TASK_PORT_LOGIN:
11943		break;
11944	case CTL_TASK_PORT_LOGOUT:
11945		break;
11946	case CTL_TASK_QUERY_TASK:
11947		retval = ctl_query_task(io, 0);
11948		break;
11949	case CTL_TASK_QUERY_TASK_SET:
11950		retval = ctl_query_task(io, 1);
11951		break;
11952	case CTL_TASK_QUERY_ASYNC_EVENT:
11953		retval = ctl_query_async_event(io);
11954		break;
11955	default:
11956		printf("%s: got unknown task management event %d\n",
11957		       __func__, io->taskio.task_action);
11958		break;
11959	}
11960	if (retval == 0)
11961		io->io_hdr.status = CTL_SUCCESS;
11962	else
11963		io->io_hdr.status = CTL_ERROR;
11964	ctl_done(io);
11965}
11966
11967/*
11968 * For HA operation.  Handle commands that come in from the other
11969 * controller.
11970 */
11971static void
11972ctl_handle_isc(union ctl_io *io)
11973{
11974	int free_io;
11975	struct ctl_lun *lun;
11976	struct ctl_softc *softc;
11977	uint32_t targ_lun;
11978
11979	softc = control_softc;
11980
11981	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11982	lun = softc->ctl_luns[targ_lun];
11983
11984	switch (io->io_hdr.msg_type) {
11985	case CTL_MSG_SERIALIZE:
11986		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
11987		break;
11988	case CTL_MSG_R2R: {
11989		const struct ctl_cmd_entry *entry;
11990
11991		/*
11992		 * This is only used in SER_ONLY mode.
11993		 */
11994		free_io = 0;
11995		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
11996		mtx_lock(&lun->lun_lock);
11997		if (ctl_scsiio_lun_check(lun,
11998		    entry, (struct ctl_scsiio *)io) != 0) {
11999			mtx_unlock(&lun->lun_lock);
12000			ctl_done(io);
12001			break;
12002		}
12003		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12004		mtx_unlock(&lun->lun_lock);
12005		ctl_enqueue_rtr(io);
12006		break;
12007	}
12008	case CTL_MSG_FINISH_IO:
12009		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12010			free_io = 0;
12011			ctl_done(io);
12012		} else {
12013			free_io = 1;
12014			mtx_lock(&lun->lun_lock);
12015			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12016				     ooa_links);
12017			ctl_check_blocked(lun);
12018			mtx_unlock(&lun->lun_lock);
12019		}
12020		break;
12021	case CTL_MSG_PERS_ACTION:
12022		ctl_hndl_per_res_out_on_other_sc(
12023			(union ctl_ha_msg *)&io->presio.pr_msg);
12024		free_io = 1;
12025		break;
12026	case CTL_MSG_BAD_JUJU:
12027		free_io = 0;
12028		ctl_done(io);
12029		break;
12030	case CTL_MSG_DATAMOVE:
12031		/* Only used in XFER mode */
12032		free_io = 0;
12033		ctl_datamove_remote(io);
12034		break;
12035	case CTL_MSG_DATAMOVE_DONE:
12036		/* Only used in XFER mode */
12037		free_io = 0;
12038		io->scsiio.be_move_done(io);
12039		break;
12040	case CTL_MSG_FAILOVER:
12041		mtx_lock(&lun->lun_lock);
12042		ctl_failover_lun(lun);
12043		mtx_unlock(&lun->lun_lock);
12044		free_io = 1;
12045		break;
12046	default:
12047		free_io = 1;
12048		printf("%s: Invalid message type %d\n",
12049		       __func__, io->io_hdr.msg_type);
12050		break;
12051	}
12052	if (free_io)
12053		ctl_free_io(io);
12054
12055}
12056
12057
12058/*
12059 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12060 * there is no match.
12061 */
12062static ctl_lun_error_pattern
12063ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12064{
12065	const struct ctl_cmd_entry *entry;
12066	ctl_lun_error_pattern filtered_pattern, pattern;
12067
12068	pattern = desc->error_pattern;
12069
12070	/*
12071	 * XXX KDM we need more data passed into this function to match a
12072	 * custom pattern, and we actually need to implement custom pattern
12073	 * matching.
12074	 */
12075	if (pattern & CTL_LUN_PAT_CMD)
12076		return (CTL_LUN_PAT_CMD);
12077
12078	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12079		return (CTL_LUN_PAT_ANY);
12080
12081	entry = ctl_get_cmd_entry(ctsio, NULL);
12082
12083	filtered_pattern = entry->pattern & pattern;
12084
12085	/*
12086	 * If the user requested specific flags in the pattern (e.g.
12087	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12088	 * flags.
12089	 *
12090	 * If the user did not specify any flags, it doesn't matter whether
12091	 * or not the command supports the flags.
12092	 */
12093	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12094	     (pattern & ~CTL_LUN_PAT_MASK))
12095		return (CTL_LUN_PAT_NONE);
12096
12097	/*
12098	 * If the user asked for a range check, see if the requested LBA
12099	 * range overlaps with this command's LBA range.
12100	 */
12101	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12102		uint64_t lba1;
12103		uint64_t len1;
12104		ctl_action action;
12105		int retval;
12106
12107		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12108		if (retval != 0)
12109			return (CTL_LUN_PAT_NONE);
12110
12111		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12112					      desc->lba_range.len, FALSE);
12113		/*
12114		 * A "pass" means that the LBA ranges don't overlap, so
12115		 * this doesn't match the user's range criteria.
12116		 */
12117		if (action == CTL_ACTION_PASS)
12118			return (CTL_LUN_PAT_NONE);
12119	}
12120
12121	return (filtered_pattern);
12122}
12123
12124static void
12125ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12126{
12127	struct ctl_error_desc *desc, *desc2;
12128
12129	mtx_assert(&lun->lun_lock, MA_OWNED);
12130
12131	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12132		ctl_lun_error_pattern pattern;
12133		/*
12134		 * Check to see whether this particular command matches
12135		 * the pattern in the descriptor.
12136		 */
12137		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12138		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12139			continue;
12140
12141		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12142		case CTL_LUN_INJ_ABORTED:
12143			ctl_set_aborted(&io->scsiio);
12144			break;
12145		case CTL_LUN_INJ_MEDIUM_ERR:
12146			ctl_set_medium_error(&io->scsiio,
12147			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12148			     CTL_FLAG_DATA_OUT);
12149			break;
12150		case CTL_LUN_INJ_UA:
12151			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12152			 * OCCURRED */
12153			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12154			break;
12155		case CTL_LUN_INJ_CUSTOM:
12156			/*
12157			 * We're assuming the user knows what he is doing.
12158			 * Just copy the sense information without doing
12159			 * checks.
12160			 */
12161			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12162			      MIN(sizeof(desc->custom_sense),
12163				  sizeof(io->scsiio.sense_data)));
12164			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12165			io->scsiio.sense_len = SSD_FULL_SIZE;
12166			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12167			break;
12168		case CTL_LUN_INJ_NONE:
12169		default:
12170			/*
12171			 * If this is an error injection type we don't know
12172			 * about, clear the continuous flag (if it is set)
12173			 * so it will get deleted below.
12174			 */
12175			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12176			break;
12177		}
12178		/*
12179		 * By default, each error injection action is a one-shot
12180		 */
12181		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12182			continue;
12183
12184		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12185
12186		free(desc, M_CTL);
12187	}
12188}
12189
12190#ifdef CTL_IO_DELAY
12191static void
12192ctl_datamove_timer_wakeup(void *arg)
12193{
12194	union ctl_io *io;
12195
12196	io = (union ctl_io *)arg;
12197
12198	ctl_datamove(io);
12199}
12200#endif /* CTL_IO_DELAY */
12201
12202void
12203ctl_datamove(union ctl_io *io)
12204{
12205	struct ctl_lun *lun;
12206	void (*fe_datamove)(union ctl_io *io);
12207
12208	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12209
12210	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12211
12212	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12213#ifdef CTL_TIME_IO
12214	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12215		char str[256];
12216		char path_str[64];
12217		struct sbuf sb;
12218
12219		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12220		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12221
12222		sbuf_cat(&sb, path_str);
12223		switch (io->io_hdr.io_type) {
12224		case CTL_IO_SCSI:
12225			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12226			sbuf_printf(&sb, "\n");
12227			sbuf_cat(&sb, path_str);
12228			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12229				    io->scsiio.tag_num, io->scsiio.tag_type);
12230			break;
12231		case CTL_IO_TASK:
12232			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12233				    "Tag Type: %d\n", io->taskio.task_action,
12234				    io->taskio.tag_num, io->taskio.tag_type);
12235			break;
12236		default:
12237			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12238			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12239			break;
12240		}
12241		sbuf_cat(&sb, path_str);
12242		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12243			    (intmax_t)time_uptime - io->io_hdr.start_time);
12244		sbuf_finish(&sb);
12245		printf("%s", sbuf_data(&sb));
12246	}
12247#endif /* CTL_TIME_IO */
12248
12249#ifdef CTL_IO_DELAY
12250	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12251		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12252	} else {
12253		if ((lun != NULL)
12254		 && (lun->delay_info.datamove_delay > 0)) {
12255
12256			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12257			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12258			callout_reset(&io->io_hdr.delay_callout,
12259				      lun->delay_info.datamove_delay * hz,
12260				      ctl_datamove_timer_wakeup, io);
12261			if (lun->delay_info.datamove_type ==
12262			    CTL_DELAY_TYPE_ONESHOT)
12263				lun->delay_info.datamove_delay = 0;
12264			return;
12265		}
12266	}
12267#endif
12268
12269	/*
12270	 * This command has been aborted.  Set the port status, so we fail
12271	 * the data move.
12272	 */
12273	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12274		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12275		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12276		       io->io_hdr.nexus.targ_port,
12277		       io->io_hdr.nexus.targ_lun);
12278		io->io_hdr.port_status = 31337;
12279		/*
12280		 * Note that the backend, in this case, will get the
12281		 * callback in its context.  In other cases it may get
12282		 * called in the frontend's interrupt thread context.
12283		 */
12284		io->scsiio.be_move_done(io);
12285		return;
12286	}
12287
12288	/* Don't confuse frontend with zero length data move. */
12289	if (io->scsiio.kern_data_len == 0) {
12290		io->scsiio.be_move_done(io);
12291		return;
12292	}
12293
12294	/*
12295	 * If we're in XFER mode and this I/O is from the other shelf
12296	 * controller, we need to send the DMA to the other side to
12297	 * actually transfer the data to/from the host.  In serialize only
12298	 * mode the transfer happens below CTL and ctl_datamove() is only
12299	 * called on the machine that originally received the I/O.
12300	 */
12301	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12302	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12303		union ctl_ha_msg msg;
12304		uint32_t sg_entries_sent;
12305		int do_sg_copy;
12306		int i;
12307
12308		memset(&msg, 0, sizeof(msg));
12309		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12310		msg.hdr.original_sc = io->io_hdr.original_sc;
12311		msg.hdr.serializing_sc = io;
12312		msg.hdr.nexus = io->io_hdr.nexus;
12313		msg.hdr.status = io->io_hdr.status;
12314		msg.dt.flags = io->io_hdr.flags;
12315		/*
12316		 * We convert everything into a S/G list here.  We can't
12317		 * pass by reference, only by value between controllers.
12318		 * So we can't pass a pointer to the S/G list, only as many
12319		 * S/G entries as we can fit in here.  If it's possible for
12320		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12321		 * then we need to break this up into multiple transfers.
12322		 */
12323		if (io->scsiio.kern_sg_entries == 0) {
12324			msg.dt.kern_sg_entries = 1;
12325#if 0
12326			/*
12327			 * Convert to a physical address if this is a
12328			 * virtual address.
12329			 */
12330			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12331				msg.dt.sg_list[0].addr =
12332					io->scsiio.kern_data_ptr;
12333			} else {
12334				/*
12335				 * XXX KDM use busdma here!
12336				 */
12337				msg.dt.sg_list[0].addr = (void *)
12338					vtophys(io->scsiio.kern_data_ptr);
12339			}
12340#else
12341			KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12342			    ("HA does not support BUS_ADDR"));
12343			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
12344#endif
12345
12346			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12347			do_sg_copy = 0;
12348		} else {
12349			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12350			do_sg_copy = 1;
12351		}
12352
12353		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12354		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12355		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12356		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12357		msg.dt.sg_sequence = 0;
12358
12359		/*
12360		 * Loop until we've sent all of the S/G entries.  On the
12361		 * other end, we'll recompose these S/G entries into one
12362		 * contiguous list before passing it to the
12363		 */
12364		for (sg_entries_sent = 0; sg_entries_sent <
12365		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12366			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12367				sizeof(msg.dt.sg_list[0])),
12368				msg.dt.kern_sg_entries - sg_entries_sent);
12369
12370			if (do_sg_copy != 0) {
12371				struct ctl_sg_entry *sgl;
12372				int j;
12373
12374				sgl = (struct ctl_sg_entry *)
12375					io->scsiio.kern_data_ptr;
12376				/*
12377				 * If this is in cached memory, flush the cache
12378				 * before we send the DMA request to the other
12379				 * controller.  We want to do this in either
12380				 * the * read or the write case.  The read
12381				 * case is straightforward.  In the write
12382				 * case, we want to make sure nothing is
12383				 * in the local cache that could overwrite
12384				 * the DMAed data.
12385				 */
12386
12387				for (i = sg_entries_sent, j = 0;
12388				     i < msg.dt.cur_sg_entries; i++, j++) {
12389#if 0
12390					if ((io->io_hdr.flags &
12391					     CTL_FLAG_BUS_ADDR) == 0) {
12392						/*
12393						 * XXX KDM use busdma.
12394						 */
12395						msg.dt.sg_list[j].addr =(void *)
12396						       vtophys(sgl[i].addr);
12397					} else {
12398						msg.dt.sg_list[j].addr =
12399							sgl[i].addr;
12400					}
12401#else
12402					KASSERT((io->io_hdr.flags &
12403					    CTL_FLAG_BUS_ADDR) == 0,
12404					    ("HA does not support BUS_ADDR"));
12405					msg.dt.sg_list[j].addr = sgl[i].addr;
12406#endif
12407					msg.dt.sg_list[j].len = sgl[i].len;
12408				}
12409			}
12410
12411			sg_entries_sent += msg.dt.cur_sg_entries;
12412			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12413				msg.dt.sg_last = 1;
12414			else
12415				msg.dt.sg_last = 0;
12416
12417			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12418			    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
12419			    sizeof(struct ctl_sg_entry)*msg.dt.cur_sg_entries,
12420			    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
12421				io->io_hdr.port_status = 31341;
12422				io->scsiio.be_move_done(io);
12423				return;
12424			}
12425
12426			msg.dt.sent_sg_entries = sg_entries_sent;
12427		}
12428
12429		/*
12430		 * Officially handover the request from us to peer.
12431		 * If failover has just happened, then we must return error.
12432		 * If failover happen just after, then it is not our problem.
12433		 */
12434		if (lun)
12435			mtx_lock(&lun->lun_lock);
12436		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12437			if (lun)
12438				mtx_unlock(&lun->lun_lock);
12439			io->io_hdr.port_status = 31342;
12440			io->scsiio.be_move_done(io);
12441			return;
12442		}
12443		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12444		io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
12445		if (lun)
12446			mtx_unlock(&lun->lun_lock);
12447	} else {
12448
12449		/*
12450		 * Lookup the fe_datamove() function for this particular
12451		 * front end.
12452		 */
12453		fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12454
12455		fe_datamove(io);
12456	}
12457}
12458
12459static void
12460ctl_send_datamove_done(union ctl_io *io, int have_lock)
12461{
12462	union ctl_ha_msg msg;
12463
12464	memset(&msg, 0, sizeof(msg));
12465
12466	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12467	msg.hdr.original_sc = io;
12468	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12469	msg.hdr.nexus = io->io_hdr.nexus;
12470	msg.hdr.status = io->io_hdr.status;
12471	msg.scsi.tag_num = io->scsiio.tag_num;
12472	msg.scsi.tag_type = io->scsiio.tag_type;
12473	msg.scsi.scsi_status = io->scsiio.scsi_status;
12474	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12475	       io->scsiio.sense_len);
12476	msg.scsi.sense_len = io->scsiio.sense_len;
12477	msg.scsi.sense_residual = io->scsiio.sense_residual;
12478	msg.scsi.fetd_status = io->io_hdr.port_status;
12479	msg.scsi.residual = io->scsiio.residual;
12480	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12481
12482	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12483		ctl_failover_io(io, /*have_lock*/ have_lock);
12484		return;
12485	}
12486
12487	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12488	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12489	    msg.scsi.sense_len, M_WAITOK);
12490}
12491
12492/*
12493 * The DMA to the remote side is done, now we need to tell the other side
12494 * we're done so it can continue with its data movement.
12495 */
12496static void
12497ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12498{
12499	union ctl_io *io;
12500	int i;
12501
12502	io = rq->context;
12503
12504	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12505		printf("%s: ISC DMA write failed with error %d", __func__,
12506		       rq->ret);
12507		ctl_set_internal_failure(&io->scsiio,
12508					 /*sks_valid*/ 1,
12509					 /*retry_count*/ rq->ret);
12510	}
12511
12512	ctl_dt_req_free(rq);
12513
12514	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12515		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12516	free(io->io_hdr.remote_sglist, M_CTL);
12517	io->io_hdr.remote_sglist = NULL;
12518	io->io_hdr.local_sglist = NULL;
12519
12520	/*
12521	 * The data is in local and remote memory, so now we need to send
12522	 * status (good or back) back to the other side.
12523	 */
12524	ctl_send_datamove_done(io, /*have_lock*/ 0);
12525}
12526
12527/*
12528 * We've moved the data from the host/controller into local memory.  Now we
12529 * need to push it over to the remote controller's memory.
12530 */
12531static int
12532ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12533{
12534	int retval;
12535
12536	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12537					  ctl_datamove_remote_write_cb);
12538	return (retval);
12539}
12540
12541static void
12542ctl_datamove_remote_write(union ctl_io *io)
12543{
12544	int retval;
12545	void (*fe_datamove)(union ctl_io *io);
12546
12547	/*
12548	 * - Get the data from the host/HBA into local memory.
12549	 * - DMA memory from the local controller to the remote controller.
12550	 * - Send status back to the remote controller.
12551	 */
12552
12553	retval = ctl_datamove_remote_sgl_setup(io);
12554	if (retval != 0)
12555		return;
12556
12557	/* Switch the pointer over so the FETD knows what to do */
12558	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12559
12560	/*
12561	 * Use a custom move done callback, since we need to send completion
12562	 * back to the other controller, not to the backend on this side.
12563	 */
12564	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12565
12566	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12567	fe_datamove(io);
12568}
12569
12570static int
12571ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12572{
12573#if 0
12574	char str[256];
12575	char path_str[64];
12576	struct sbuf sb;
12577#endif
12578	int i;
12579
12580	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12581		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12582	free(io->io_hdr.remote_sglist, M_CTL);
12583	io->io_hdr.remote_sglist = NULL;
12584	io->io_hdr.local_sglist = NULL;
12585
12586#if 0
12587	scsi_path_string(io, path_str, sizeof(path_str));
12588	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12589	sbuf_cat(&sb, path_str);
12590	scsi_command_string(&io->scsiio, NULL, &sb);
12591	sbuf_printf(&sb, "\n");
12592	sbuf_cat(&sb, path_str);
12593	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12594		    io->scsiio.tag_num, io->scsiio.tag_type);
12595	sbuf_cat(&sb, path_str);
12596	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12597		    io->io_hdr.flags, io->io_hdr.status);
12598	sbuf_finish(&sb);
12599	printk("%s", sbuf_data(&sb));
12600#endif
12601
12602
12603	/*
12604	 * The read is done, now we need to send status (good or bad) back
12605	 * to the other side.
12606	 */
12607	ctl_send_datamove_done(io, /*have_lock*/ 0);
12608
12609	return (0);
12610}
12611
12612static void
12613ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12614{
12615	union ctl_io *io;
12616	void (*fe_datamove)(union ctl_io *io);
12617
12618	io = rq->context;
12619
12620	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12621		printf("%s: ISC DMA read failed with error %d\n", __func__,
12622		       rq->ret);
12623		ctl_set_internal_failure(&io->scsiio,
12624					 /*sks_valid*/ 1,
12625					 /*retry_count*/ rq->ret);
12626	}
12627
12628	ctl_dt_req_free(rq);
12629
12630	/* Switch the pointer over so the FETD knows what to do */
12631	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12632
12633	/*
12634	 * Use a custom move done callback, since we need to send completion
12635	 * back to the other controller, not to the backend on this side.
12636	 */
12637	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12638
12639	/* XXX KDM add checks like the ones in ctl_datamove? */
12640
12641	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12642	fe_datamove(io);
12643}
12644
12645static int
12646ctl_datamove_remote_sgl_setup(union ctl_io *io)
12647{
12648	struct ctl_sg_entry *local_sglist;
12649	struct ctl_softc *softc;
12650	uint32_t len_to_go;
12651	int retval;
12652	int i;
12653
12654	retval = 0;
12655	softc = control_softc;
12656	local_sglist = io->io_hdr.local_sglist;
12657	len_to_go = io->scsiio.kern_data_len;
12658
12659	/*
12660	 * The difficult thing here is that the size of the various
12661	 * S/G segments may be different than the size from the
12662	 * remote controller.  That'll make it harder when DMAing
12663	 * the data back to the other side.
12664	 */
12665	for (i = 0; len_to_go > 0; i++) {
12666		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12667		local_sglist[i].addr =
12668		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12669
12670		len_to_go -= local_sglist[i].len;
12671	}
12672	/*
12673	 * Reset the number of S/G entries accordingly.  The original
12674	 * number of S/G entries is available in rem_sg_entries.
12675	 */
12676	io->scsiio.kern_sg_entries = i;
12677
12678#if 0
12679	printf("%s: kern_sg_entries = %d\n", __func__,
12680	       io->scsiio.kern_sg_entries);
12681	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12682		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12683		       local_sglist[i].addr, local_sglist[i].len);
12684#endif
12685
12686	return (retval);
12687}
12688
12689static int
12690ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12691			 ctl_ha_dt_cb callback)
12692{
12693	struct ctl_ha_dt_req *rq;
12694	struct ctl_sg_entry *remote_sglist, *local_sglist;
12695	uint32_t local_used, remote_used, total_used;
12696	int i, j, isc_ret;
12697
12698	rq = ctl_dt_req_alloc();
12699
12700	/*
12701	 * If we failed to allocate the request, and if the DMA didn't fail
12702	 * anyway, set busy status.  This is just a resource allocation
12703	 * failure.
12704	 */
12705	if ((rq == NULL)
12706	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12707	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12708		ctl_set_busy(&io->scsiio);
12709
12710	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12711	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12712
12713		if (rq != NULL)
12714			ctl_dt_req_free(rq);
12715
12716		/*
12717		 * The data move failed.  We need to return status back
12718		 * to the other controller.  No point in trying to DMA
12719		 * data to the remote controller.
12720		 */
12721
12722		ctl_send_datamove_done(io, /*have_lock*/ 0);
12723
12724		return (1);
12725	}
12726
12727	local_sglist = io->io_hdr.local_sglist;
12728	remote_sglist = io->io_hdr.remote_sglist;
12729	local_used = 0;
12730	remote_used = 0;
12731	total_used = 0;
12732
12733	/*
12734	 * Pull/push the data over the wire from/to the other controller.
12735	 * This takes into account the possibility that the local and
12736	 * remote sglists may not be identical in terms of the size of
12737	 * the elements and the number of elements.
12738	 *
12739	 * One fundamental assumption here is that the length allocated for
12740	 * both the local and remote sglists is identical.  Otherwise, we've
12741	 * essentially got a coding error of some sort.
12742	 */
12743	isc_ret = CTL_HA_STATUS_SUCCESS;
12744	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12745		uint32_t cur_len;
12746		uint8_t *tmp_ptr;
12747
12748		rq->command = command;
12749		rq->context = io;
12750
12751		/*
12752		 * Both pointers should be aligned.  But it is possible
12753		 * that the allocation length is not.  They should both
12754		 * also have enough slack left over at the end, though,
12755		 * to round up to the next 8 byte boundary.
12756		 */
12757		cur_len = MIN(local_sglist[i].len - local_used,
12758			      remote_sglist[j].len - remote_used);
12759		rq->size = cur_len;
12760
12761		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12762		tmp_ptr += local_used;
12763
12764#if 0
12765		/* Use physical addresses when talking to ISC hardware */
12766		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12767			/* XXX KDM use busdma */
12768			rq->local = vtophys(tmp_ptr);
12769		} else
12770			rq->local = tmp_ptr;
12771#else
12772		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12773		    ("HA does not support BUS_ADDR"));
12774		rq->local = tmp_ptr;
12775#endif
12776
12777		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12778		tmp_ptr += remote_used;
12779		rq->remote = tmp_ptr;
12780
12781		rq->callback = NULL;
12782
12783		local_used += cur_len;
12784		if (local_used >= local_sglist[i].len) {
12785			i++;
12786			local_used = 0;
12787		}
12788
12789		remote_used += cur_len;
12790		if (remote_used >= remote_sglist[j].len) {
12791			j++;
12792			remote_used = 0;
12793		}
12794		total_used += cur_len;
12795
12796		if (total_used >= io->scsiio.kern_data_len)
12797			rq->callback = callback;
12798
12799#if 0
12800		printf("%s: %s: local %p remote %p size %d\n", __func__,
12801		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12802		       rq->local, rq->remote, rq->size);
12803#endif
12804
12805		isc_ret = ctl_dt_single(rq);
12806		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12807			break;
12808	}
12809	if (isc_ret != CTL_HA_STATUS_WAIT) {
12810		rq->ret = isc_ret;
12811		callback(rq);
12812	}
12813
12814	return (0);
12815}
12816
12817static void
12818ctl_datamove_remote_read(union ctl_io *io)
12819{
12820	int retval;
12821	int i;
12822
12823	/*
12824	 * This will send an error to the other controller in the case of a
12825	 * failure.
12826	 */
12827	retval = ctl_datamove_remote_sgl_setup(io);
12828	if (retval != 0)
12829		return;
12830
12831	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12832					  ctl_datamove_remote_read_cb);
12833	if (retval != 0) {
12834		/*
12835		 * Make sure we free memory if there was an error..  The
12836		 * ctl_datamove_remote_xfer() function will send the
12837		 * datamove done message, or call the callback with an
12838		 * error if there is a problem.
12839		 */
12840		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12841			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12842		free(io->io_hdr.remote_sglist, M_CTL);
12843		io->io_hdr.remote_sglist = NULL;
12844		io->io_hdr.local_sglist = NULL;
12845	}
12846}
12847
12848/*
12849 * Process a datamove request from the other controller.  This is used for
12850 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12851 * first.  Once that is complete, the data gets DMAed into the remote
12852 * controller's memory.  For reads, we DMA from the remote controller's
12853 * memory into our memory first, and then move it out to the FETD.
12854 */
12855static void
12856ctl_datamove_remote(union ctl_io *io)
12857{
12858
12859	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12860
12861	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12862		ctl_failover_io(io, /*have_lock*/ 0);
12863		return;
12864	}
12865
12866	/*
12867	 * Note that we look for an aborted I/O here, but don't do some of
12868	 * the other checks that ctl_datamove() normally does.
12869	 * We don't need to run the datamove delay code, since that should
12870	 * have been done if need be on the other controller.
12871	 */
12872	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12873		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12874		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12875		       io->io_hdr.nexus.targ_port,
12876		       io->io_hdr.nexus.targ_lun);
12877		io->io_hdr.port_status = 31338;
12878		ctl_send_datamove_done(io, /*have_lock*/ 0);
12879		return;
12880	}
12881
12882	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12883		ctl_datamove_remote_write(io);
12884	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12885		ctl_datamove_remote_read(io);
12886	else {
12887		io->io_hdr.port_status = 31339;
12888		ctl_send_datamove_done(io, /*have_lock*/ 0);
12889	}
12890}
12891
12892static int
12893ctl_process_done(union ctl_io *io)
12894{
12895	struct ctl_lun *lun;
12896	struct ctl_softc *softc = control_softc;
12897	void (*fe_done)(union ctl_io *io);
12898	union ctl_ha_msg msg;
12899	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12900
12901	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12902
12903	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0)
12904		fe_done = softc->ctl_ports[targ_port]->fe_done;
12905	else
12906		fe_done = NULL;
12907
12908#ifdef CTL_TIME_IO
12909	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12910		char str[256];
12911		char path_str[64];
12912		struct sbuf sb;
12913
12914		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12915		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12916
12917		sbuf_cat(&sb, path_str);
12918		switch (io->io_hdr.io_type) {
12919		case CTL_IO_SCSI:
12920			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12921			sbuf_printf(&sb, "\n");
12922			sbuf_cat(&sb, path_str);
12923			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12924				    io->scsiio.tag_num, io->scsiio.tag_type);
12925			break;
12926		case CTL_IO_TASK:
12927			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12928				    "Tag Type: %d\n", io->taskio.task_action,
12929				    io->taskio.tag_num, io->taskio.tag_type);
12930			break;
12931		default:
12932			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12933			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12934			break;
12935		}
12936		sbuf_cat(&sb, path_str);
12937		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12938			    (intmax_t)time_uptime - io->io_hdr.start_time);
12939		sbuf_finish(&sb);
12940		printf("%s", sbuf_data(&sb));
12941	}
12942#endif /* CTL_TIME_IO */
12943
12944	switch (io->io_hdr.io_type) {
12945	case CTL_IO_SCSI:
12946		break;
12947	case CTL_IO_TASK:
12948		if (ctl_debug & CTL_DEBUG_INFO)
12949			ctl_io_error_print(io, NULL);
12950		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
12951			ctl_free_io(io);
12952		else
12953			fe_done(io);
12954		return (CTL_RETVAL_COMPLETE);
12955	default:
12956		panic("ctl_process_done: invalid io type %d\n",
12957		      io->io_hdr.io_type);
12958		break; /* NOTREACHED */
12959	}
12960
12961	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12962	if (lun == NULL) {
12963		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12964				 io->io_hdr.nexus.targ_mapped_lun));
12965		goto bailout;
12966	}
12967
12968	mtx_lock(&lun->lun_lock);
12969
12970	/*
12971	 * Check to see if we have any errors to inject here.  We only
12972	 * inject errors for commands that don't already have errors set.
12973	 */
12974	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12975	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12976	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12977		ctl_inject_error(lun, io);
12978
12979	/*
12980	 * XXX KDM how do we treat commands that aren't completed
12981	 * successfully?
12982	 *
12983	 * XXX KDM should we also track I/O latency?
12984	 */
12985	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12986	    io->io_hdr.io_type == CTL_IO_SCSI) {
12987#ifdef CTL_TIME_IO
12988		struct bintime cur_bt;
12989#endif
12990		int type;
12991
12992		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12993		    CTL_FLAG_DATA_IN)
12994			type = CTL_STATS_READ;
12995		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
12996		    CTL_FLAG_DATA_OUT)
12997			type = CTL_STATS_WRITE;
12998		else
12999			type = CTL_STATS_NO_IO;
13000
13001		lun->stats.ports[targ_port].bytes[type] +=
13002		    io->scsiio.kern_total_len;
13003		lun->stats.ports[targ_port].operations[type]++;
13004#ifdef CTL_TIME_IO
13005		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13006		   &io->io_hdr.dma_bt);
13007		lun->stats.ports[targ_port].num_dmas[type] +=
13008		    io->io_hdr.num_dmas;
13009		getbintime(&cur_bt);
13010		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13011		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13012#endif
13013	}
13014
13015	/*
13016	 * Remove this from the OOA queue.
13017	 */
13018	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13019#ifdef CTL_TIME_IO
13020	if (TAILQ_EMPTY(&lun->ooa_queue))
13021		lun->last_busy = getsbinuptime();
13022#endif
13023
13024	/*
13025	 * Run through the blocked queue on this LUN and see if anything
13026	 * has become unblocked, now that this transaction is done.
13027	 */
13028	ctl_check_blocked(lun);
13029
13030	/*
13031	 * If the LUN has been invalidated, free it if there is nothing
13032	 * left on its OOA queue.
13033	 */
13034	if ((lun->flags & CTL_LUN_INVALID)
13035	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13036		mtx_unlock(&lun->lun_lock);
13037		mtx_lock(&softc->ctl_lock);
13038		ctl_free_lun(lun);
13039		mtx_unlock(&softc->ctl_lock);
13040	} else
13041		mtx_unlock(&lun->lun_lock);
13042
13043bailout:
13044
13045	/*
13046	 * If this command has been aborted, make sure we set the status
13047	 * properly.  The FETD is responsible for freeing the I/O and doing
13048	 * whatever it needs to do to clean up its state.
13049	 */
13050	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13051		ctl_set_task_aborted(&io->scsiio);
13052
13053	/*
13054	 * If enabled, print command error status.
13055	 */
13056	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13057	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13058		ctl_io_error_print(io, NULL);
13059
13060	/*
13061	 * Tell the FETD or the other shelf controller we're done with this
13062	 * command.  Note that only SCSI commands get to this point.  Task
13063	 * management commands are completed above.
13064	 */
13065	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13066	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13067		memset(&msg, 0, sizeof(msg));
13068		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13069		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13070		msg.hdr.nexus = io->io_hdr.nexus;
13071		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13072		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13073		    M_WAITOK);
13074	}
13075	if ((softc->ha_mode == CTL_HA_MODE_XFER)
13076	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13077		memset(&msg, 0, sizeof(msg));
13078		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13079		msg.hdr.original_sc = io->io_hdr.original_sc;
13080		msg.hdr.nexus = io->io_hdr.nexus;
13081		msg.hdr.status = io->io_hdr.status;
13082		msg.scsi.scsi_status = io->scsiio.scsi_status;
13083		msg.scsi.tag_num = io->scsiio.tag_num;
13084		msg.scsi.tag_type = io->scsiio.tag_type;
13085		msg.scsi.sense_len = io->scsiio.sense_len;
13086		msg.scsi.sense_residual = io->scsiio.sense_residual;
13087		msg.scsi.residual = io->scsiio.residual;
13088		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13089		       io->scsiio.sense_len);
13090
13091		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13092		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
13093		    msg.scsi.sense_len, M_WAITOK);
13094		ctl_free_io(io);
13095	} else
13096		fe_done(io);
13097
13098	return (CTL_RETVAL_COMPLETE);
13099}
13100
13101#ifdef CTL_WITH_CA
13102/*
13103 * Front end should call this if it doesn't do autosense.  When the request
13104 * sense comes back in from the initiator, we'll dequeue this and send it.
13105 */
13106int
13107ctl_queue_sense(union ctl_io *io)
13108{
13109	struct ctl_lun *lun;
13110	struct ctl_port *port;
13111	struct ctl_softc *softc;
13112	uint32_t initidx, targ_lun;
13113
13114	softc = control_softc;
13115
13116	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13117
13118	/*
13119	 * LUN lookup will likely move to the ctl_work_thread() once we
13120	 * have our new queueing infrastructure (that doesn't put things on
13121	 * a per-LUN queue initially).  That is so that we can handle
13122	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13123	 * can't deal with that right now.
13124	 */
13125	mtx_lock(&softc->ctl_lock);
13126
13127	/*
13128	 * If we don't have a LUN for this, just toss the sense
13129	 * information.
13130	 */
13131	port = ctl_io_port(&ctsio->io_hdr);
13132	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13133	if ((targ_lun < CTL_MAX_LUNS)
13134	 && (softc->ctl_luns[targ_lun] != NULL))
13135		lun = softc->ctl_luns[targ_lun];
13136	else
13137		goto bailout;
13138
13139	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13140
13141	mtx_lock(&lun->lun_lock);
13142	/*
13143	 * Already have CA set for this LUN...toss the sense information.
13144	 */
13145	if (ctl_is_set(lun->have_ca, initidx)) {
13146		mtx_unlock(&lun->lun_lock);
13147		goto bailout;
13148	}
13149
13150	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13151	       MIN(sizeof(lun->pending_sense[initidx]),
13152	       sizeof(io->scsiio.sense_data)));
13153	ctl_set_mask(lun->have_ca, initidx);
13154	mtx_unlock(&lun->lun_lock);
13155
13156bailout:
13157	mtx_unlock(&softc->ctl_lock);
13158
13159	ctl_free_io(io);
13160
13161	return (CTL_RETVAL_COMPLETE);
13162}
13163#endif
13164
13165/*
13166 * Primary command inlet from frontend ports.  All SCSI and task I/O
13167 * requests must go through this function.
13168 */
13169int
13170ctl_queue(union ctl_io *io)
13171{
13172	struct ctl_port *port;
13173
13174	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13175
13176#ifdef CTL_TIME_IO
13177	io->io_hdr.start_time = time_uptime;
13178	getbintime(&io->io_hdr.start_bt);
13179#endif /* CTL_TIME_IO */
13180
13181	/* Map FE-specific LUN ID into global one. */
13182	port = ctl_io_port(&io->io_hdr);
13183	io->io_hdr.nexus.targ_mapped_lun =
13184	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13185
13186	switch (io->io_hdr.io_type) {
13187	case CTL_IO_SCSI:
13188	case CTL_IO_TASK:
13189		if (ctl_debug & CTL_DEBUG_CDB)
13190			ctl_io_print(io);
13191		ctl_enqueue_incoming(io);
13192		break;
13193	default:
13194		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13195		return (EINVAL);
13196	}
13197
13198	return (CTL_RETVAL_COMPLETE);
13199}
13200
13201#ifdef CTL_IO_DELAY
13202static void
13203ctl_done_timer_wakeup(void *arg)
13204{
13205	union ctl_io *io;
13206
13207	io = (union ctl_io *)arg;
13208	ctl_done(io);
13209}
13210#endif /* CTL_IO_DELAY */
13211
13212void
13213ctl_serseq_done(union ctl_io *io)
13214{
13215	struct ctl_lun *lun;
13216
13217	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13218	if (lun->be_lun == NULL ||
13219	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13220		return;
13221	mtx_lock(&lun->lun_lock);
13222	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13223	ctl_check_blocked(lun);
13224	mtx_unlock(&lun->lun_lock);
13225}
13226
13227void
13228ctl_done(union ctl_io *io)
13229{
13230
13231	/*
13232	 * Enable this to catch duplicate completion issues.
13233	 */
13234#if 0
13235	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13236		printf("%s: type %d msg %d cdb %x iptl: "
13237		       "%u:%u:%u tag 0x%04x "
13238		       "flag %#x status %x\n",
13239			__func__,
13240			io->io_hdr.io_type,
13241			io->io_hdr.msg_type,
13242			io->scsiio.cdb[0],
13243			io->io_hdr.nexus.initid,
13244			io->io_hdr.nexus.targ_port,
13245			io->io_hdr.nexus.targ_lun,
13246			(io->io_hdr.io_type ==
13247			CTL_IO_TASK) ?
13248			io->taskio.tag_num :
13249			io->scsiio.tag_num,
13250		        io->io_hdr.flags,
13251			io->io_hdr.status);
13252	} else
13253		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13254#endif
13255
13256	/*
13257	 * This is an internal copy of an I/O, and should not go through
13258	 * the normal done processing logic.
13259	 */
13260	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13261		return;
13262
13263#ifdef CTL_IO_DELAY
13264	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13265		struct ctl_lun *lun;
13266
13267		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13268
13269		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13270	} else {
13271		struct ctl_lun *lun;
13272
13273		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13274
13275		if ((lun != NULL)
13276		 && (lun->delay_info.done_delay > 0)) {
13277
13278			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13279			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13280			callout_reset(&io->io_hdr.delay_callout,
13281				      lun->delay_info.done_delay * hz,
13282				      ctl_done_timer_wakeup, io);
13283			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13284				lun->delay_info.done_delay = 0;
13285			return;
13286		}
13287	}
13288#endif /* CTL_IO_DELAY */
13289
13290	ctl_enqueue_done(io);
13291}
13292
13293static void
13294ctl_work_thread(void *arg)
13295{
13296	struct ctl_thread *thr = (struct ctl_thread *)arg;
13297	struct ctl_softc *softc = thr->ctl_softc;
13298	union ctl_io *io;
13299	int retval;
13300
13301	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13302
13303	for (;;) {
13304		retval = 0;
13305
13306		/*
13307		 * We handle the queues in this order:
13308		 * - ISC
13309		 * - done queue (to free up resources, unblock other commands)
13310		 * - RtR queue
13311		 * - incoming queue
13312		 *
13313		 * If those queues are empty, we break out of the loop and
13314		 * go to sleep.
13315		 */
13316		mtx_lock(&thr->queue_lock);
13317		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13318		if (io != NULL) {
13319			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13320			mtx_unlock(&thr->queue_lock);
13321			ctl_handle_isc(io);
13322			continue;
13323		}
13324		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13325		if (io != NULL) {
13326			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13327			/* clear any blocked commands, call fe_done */
13328			mtx_unlock(&thr->queue_lock);
13329			retval = ctl_process_done(io);
13330			continue;
13331		}
13332		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13333		if (io != NULL) {
13334			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13335			mtx_unlock(&thr->queue_lock);
13336			if (io->io_hdr.io_type == CTL_IO_TASK)
13337				ctl_run_task(io);
13338			else
13339				ctl_scsiio_precheck(softc, &io->scsiio);
13340			continue;
13341		}
13342		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13343		if (io != NULL) {
13344			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13345			mtx_unlock(&thr->queue_lock);
13346			retval = ctl_scsiio(&io->scsiio);
13347			if (retval != CTL_RETVAL_COMPLETE)
13348				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13349			continue;
13350		}
13351
13352		/* Sleep until we have something to do. */
13353		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13354	}
13355}
13356
13357static void
13358ctl_lun_thread(void *arg)
13359{
13360	struct ctl_softc *softc = (struct ctl_softc *)arg;
13361	struct ctl_be_lun *be_lun;
13362	int retval;
13363
13364	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13365
13366	for (;;) {
13367		retval = 0;
13368		mtx_lock(&softc->ctl_lock);
13369		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13370		if (be_lun != NULL) {
13371			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13372			mtx_unlock(&softc->ctl_lock);
13373			ctl_create_lun(be_lun);
13374			continue;
13375		}
13376
13377		/* Sleep until we have something to do. */
13378		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13379		    PDROP | PRIBIO, "-", 0);
13380	}
13381}
13382
13383static void
13384ctl_thresh_thread(void *arg)
13385{
13386	struct ctl_softc *softc = (struct ctl_softc *)arg;
13387	struct ctl_lun *lun;
13388	struct ctl_be_lun *be_lun;
13389	struct scsi_da_rw_recovery_page *rwpage;
13390	struct ctl_logical_block_provisioning_page *page;
13391	const char *attr;
13392	union ctl_ha_msg msg;
13393	uint64_t thres, val;
13394	int i, e, set;
13395
13396	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13397
13398	for (;;) {
13399		mtx_lock(&softc->ctl_lock);
13400		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13401			be_lun = lun->be_lun;
13402			if ((lun->flags & CTL_LUN_DISABLED) ||
13403			    (lun->flags & CTL_LUN_OFFLINE) ||
13404			    lun->backend->lun_attr == NULL)
13405				continue;
13406			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13407			    softc->ha_mode == CTL_HA_MODE_XFER)
13408				continue;
13409			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13410			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13411				continue;
13412			e = 0;
13413			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13414			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13415				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13416					continue;
13417				thres = scsi_4btoul(page->descr[i].count);
13418				thres <<= CTL_LBP_EXPONENT;
13419				switch (page->descr[i].resource) {
13420				case 0x01:
13421					attr = "blocksavail";
13422					break;
13423				case 0x02:
13424					attr = "blocksused";
13425					break;
13426				case 0xf1:
13427					attr = "poolblocksavail";
13428					break;
13429				case 0xf2:
13430					attr = "poolblocksused";
13431					break;
13432				default:
13433					continue;
13434				}
13435				mtx_unlock(&softc->ctl_lock); // XXX
13436				val = lun->backend->lun_attr(
13437				    lun->be_lun->be_lun, attr);
13438				mtx_lock(&softc->ctl_lock);
13439				if (val == UINT64_MAX)
13440					continue;
13441				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13442				    == SLBPPD_ARMING_INC)
13443					e = (val >= thres);
13444				else
13445					e = (val <= thres);
13446				if (e)
13447					break;
13448			}
13449			mtx_lock(&lun->lun_lock);
13450			if (e) {
13451				scsi_u64to8b((uint8_t *)&page->descr[i] -
13452				    (uint8_t *)page, lun->ua_tpt_info);
13453				if (lun->lasttpt == 0 ||
13454				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13455					lun->lasttpt = time_uptime;
13456					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13457					set = 1;
13458				} else
13459					set = 0;
13460			} else {
13461				lun->lasttpt = 0;
13462				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13463				set = -1;
13464			}
13465			mtx_unlock(&lun->lun_lock);
13466			if (set != 0 &&
13467			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13468				/* Send msg to other side. */
13469				bzero(&msg.ua, sizeof(msg.ua));
13470				msg.hdr.msg_type = CTL_MSG_UA;
13471				msg.hdr.nexus.initid = -1;
13472				msg.hdr.nexus.targ_port = -1;
13473				msg.hdr.nexus.targ_lun = lun->lun;
13474				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13475				msg.ua.ua_all = 1;
13476				msg.ua.ua_set = (set > 0);
13477				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13478				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13479				mtx_unlock(&softc->ctl_lock); // XXX
13480				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13481				    sizeof(msg.ua), M_WAITOK);
13482				mtx_lock(&softc->ctl_lock);
13483			}
13484		}
13485		mtx_unlock(&softc->ctl_lock);
13486		pause("-", CTL_LBP_PERIOD * hz);
13487	}
13488}
13489
13490static void
13491ctl_enqueue_incoming(union ctl_io *io)
13492{
13493	struct ctl_softc *softc = control_softc;
13494	struct ctl_thread *thr;
13495	u_int idx;
13496
13497	idx = (io->io_hdr.nexus.targ_port * 127 +
13498	       io->io_hdr.nexus.initid) % worker_threads;
13499	thr = &softc->threads[idx];
13500	mtx_lock(&thr->queue_lock);
13501	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13502	mtx_unlock(&thr->queue_lock);
13503	wakeup(thr);
13504}
13505
13506static void
13507ctl_enqueue_rtr(union ctl_io *io)
13508{
13509	struct ctl_softc *softc = control_softc;
13510	struct ctl_thread *thr;
13511
13512	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13513	mtx_lock(&thr->queue_lock);
13514	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13515	mtx_unlock(&thr->queue_lock);
13516	wakeup(thr);
13517}
13518
13519static void
13520ctl_enqueue_done(union ctl_io *io)
13521{
13522	struct ctl_softc *softc = control_softc;
13523	struct ctl_thread *thr;
13524
13525	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13526	mtx_lock(&thr->queue_lock);
13527	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13528	mtx_unlock(&thr->queue_lock);
13529	wakeup(thr);
13530}
13531
13532static void
13533ctl_enqueue_isc(union ctl_io *io)
13534{
13535	struct ctl_softc *softc = control_softc;
13536	struct ctl_thread *thr;
13537
13538	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13539	mtx_lock(&thr->queue_lock);
13540	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13541	mtx_unlock(&thr->queue_lock);
13542	wakeup(thr);
13543}
13544
13545/*
13546 *  vim: ts=8
13547 */
13548