ctl.c revision 288211 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 288211 2015-09-25 07:27:23Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_DEXCPT,
288	/*mrie*/0,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 0}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/0,
297	/*mrie*/0,
298	/*interval_timer*/{0, 0, 0, 0},
299	/*report_count*/{0, 0, 0, 0}
300};
301
302#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
303
304const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
305	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
306	/*subpage_code*/0x02,
307	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
308	/*flags*/0,
309	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310	/*descr*/{}},
311	{{/*flags*/0,
312	  /*resource*/0x01,
313	  /*reserved*/{0, 0},
314	  /*count*/{0, 0, 0, 0}},
315	 {/*flags*/0,
316	  /*resource*/0x02,
317	  /*reserved*/{0, 0},
318	  /*count*/{0, 0, 0, 0}},
319	 {/*flags*/0,
320	  /*resource*/0xf1,
321	  /*reserved*/{0, 0},
322	  /*count*/{0, 0, 0, 0}},
323	 {/*flags*/0,
324	  /*resource*/0xf2,
325	  /*reserved*/{0, 0},
326	  /*count*/{0, 0, 0, 0}}
327	}
328};
329
330const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
331	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
332	/*subpage_code*/0x02,
333	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
334	/*flags*/0,
335	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
336	/*descr*/{}},
337	{{/*flags*/0,
338	  /*resource*/0,
339	  /*reserved*/{0, 0},
340	  /*count*/{0, 0, 0, 0}},
341	 {/*flags*/0,
342	  /*resource*/0,
343	  /*reserved*/{0, 0},
344	  /*count*/{0, 0, 0, 0}},
345	 {/*flags*/0,
346	  /*resource*/0,
347	  /*reserved*/{0, 0},
348	  /*count*/{0, 0, 0, 0}},
349	 {/*flags*/0,
350	  /*resource*/0,
351	  /*reserved*/{0, 0},
352	  /*count*/{0, 0, 0, 0}}
353	}
354};
355
356SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
357static int worker_threads = -1;
358SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
359    &worker_threads, 1, "Number of worker threads");
360static int ctl_debug = CTL_DEBUG_NONE;
361SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
362    &ctl_debug, 0, "Enabled debug flags");
363
364/*
365 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
366 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
367 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
368 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
369 */
370#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
371
372static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
373				  int param);
374static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
375static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
376static int ctl_init(void);
377void ctl_shutdown(void);
378static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
379static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
380static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
381static int ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
382			      struct ctl_ooa *ooa_hdr,
383			      struct ctl_ooa_entry *kern_entries);
384static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
385		     struct thread *td);
386static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
387			 struct ctl_be_lun *be_lun);
388static int ctl_free_lun(struct ctl_lun *lun);
389static void ctl_create_lun(struct ctl_be_lun *be_lun);
390static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
391
392static int ctl_do_mode_select(union ctl_io *io);
393static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
394			   uint64_t res_key, uint64_t sa_res_key,
395			   uint8_t type, uint32_t residx,
396			   struct ctl_scsiio *ctsio,
397			   struct scsi_per_res_out *cdb,
398			   struct scsi_per_res_out_parms* param);
399static void ctl_pro_preempt_other(struct ctl_lun *lun,
400				  union ctl_ha_msg *msg);
401static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
402static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
403static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
404static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
407static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
408					 int alloc_len);
409static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
410					 int alloc_len);
411static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
412static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
413static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
414static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
415static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
416static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
417    bool seq);
418static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
419static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
420    union ctl_io *pending_io, union ctl_io *ooa_io);
421static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
422				union ctl_io *starting_io);
423static int ctl_check_blocked(struct ctl_lun *lun);
424static int ctl_scsiio_lun_check(struct ctl_lun *lun,
425				const struct ctl_cmd_entry *entry,
426				struct ctl_scsiio *ctsio);
427static void ctl_failover_lun(struct ctl_lun *lun);
428static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
429			       struct ctl_scsiio *ctsio);
430static int ctl_scsiio(struct ctl_scsiio *ctsio);
431
432static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
433static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
434			    ctl_ua_type ua_type);
435static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
436			 ctl_ua_type ua_type);
437static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
438static int ctl_abort_task(union ctl_io *io);
439static int ctl_abort_task_set(union ctl_io *io);
440static int ctl_query_task(union ctl_io *io, int task_set);
441static int ctl_i_t_nexus_reset(union ctl_io *io);
442static int ctl_query_async_event(union ctl_io *io);
443static void ctl_run_task(union ctl_io *io);
444#ifdef CTL_IO_DELAY
445static void ctl_datamove_timer_wakeup(void *arg);
446static void ctl_done_timer_wakeup(void *arg);
447#endif /* CTL_IO_DELAY */
448
449static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
450static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
451static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
452static void ctl_datamove_remote_write(union ctl_io *io);
453static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
454static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
455static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
456static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
457				    ctl_ha_dt_cb callback);
458static void ctl_datamove_remote_read(union ctl_io *io);
459static void ctl_datamove_remote(union ctl_io *io);
460static int ctl_process_done(union ctl_io *io);
461static void ctl_lun_thread(void *arg);
462static void ctl_thresh_thread(void *arg);
463static void ctl_work_thread(void *arg);
464static void ctl_enqueue_incoming(union ctl_io *io);
465static void ctl_enqueue_rtr(union ctl_io *io);
466static void ctl_enqueue_done(union ctl_io *io);
467static void ctl_enqueue_isc(union ctl_io *io);
468static const struct ctl_cmd_entry *
469    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
470static const struct ctl_cmd_entry *
471    ctl_validate_command(struct ctl_scsiio *ctsio);
472static int ctl_cmd_applicable(uint8_t lun_type,
473    const struct ctl_cmd_entry *entry);
474
475static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
476static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
477static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
478static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
479
480/*
481 * Load the serialization table.  This isn't very pretty, but is probably
482 * the easiest way to do it.
483 */
484#include "ctl_ser_table.c"
485
486/*
487 * We only need to define open, close and ioctl routines for this driver.
488 */
489static struct cdevsw ctl_cdevsw = {
490	.d_version =	D_VERSION,
491	.d_flags =	0,
492	.d_open =	ctl_open,
493	.d_close =	ctl_close,
494	.d_ioctl =	ctl_ioctl,
495	.d_name =	"ctl",
496};
497
498
499MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
500
501static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
502
503static moduledata_t ctl_moduledata = {
504	"ctl",
505	ctl_module_event_handler,
506	NULL
507};
508
509DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
510MODULE_VERSION(ctl, 1);
511
512static struct ctl_frontend ha_frontend =
513{
514	.name = "ha",
515};
516
517static void
518ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
519			    union ctl_ha_msg *msg_info)
520{
521	struct ctl_scsiio *ctsio;
522
523	if (msg_info->hdr.original_sc == NULL) {
524		printf("%s: original_sc == NULL!\n", __func__);
525		/* XXX KDM now what? */
526		return;
527	}
528
529	ctsio = &msg_info->hdr.original_sc->scsiio;
530	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
531	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
532	ctsio->io_hdr.status = msg_info->hdr.status;
533	ctsio->scsi_status = msg_info->scsi.scsi_status;
534	ctsio->sense_len = msg_info->scsi.sense_len;
535	ctsio->sense_residual = msg_info->scsi.sense_residual;
536	ctsio->residual = msg_info->scsi.residual;
537	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
538	       msg_info->scsi.sense_len);
539	ctl_enqueue_isc((union ctl_io *)ctsio);
540}
541
542static void
543ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
544				union ctl_ha_msg *msg_info)
545{
546	struct ctl_scsiio *ctsio;
547
548	if (msg_info->hdr.serializing_sc == NULL) {
549		printf("%s: serializing_sc == NULL!\n", __func__);
550		/* XXX KDM now what? */
551		return;
552	}
553
554	ctsio = &msg_info->hdr.serializing_sc->scsiio;
555	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
556	ctl_enqueue_isc((union ctl_io *)ctsio);
557}
558
559void
560ctl_isc_announce_lun(struct ctl_lun *lun)
561{
562	struct ctl_softc *softc = lun->ctl_softc;
563	union ctl_ha_msg *msg;
564	struct ctl_ha_msg_lun_pr_key pr_key;
565	int i, k;
566
567	if (softc->ha_link != CTL_HA_LINK_ONLINE)
568		return;
569	mtx_lock(&lun->lun_lock);
570	i = sizeof(msg->lun);
571	if (lun->lun_devid)
572		i += lun->lun_devid->len;
573	i += sizeof(pr_key) * lun->pr_key_count;
574alloc:
575	mtx_unlock(&lun->lun_lock);
576	msg = malloc(i, M_CTL, M_WAITOK);
577	mtx_lock(&lun->lun_lock);
578	k = sizeof(msg->lun);
579	if (lun->lun_devid)
580		k += lun->lun_devid->len;
581	k += sizeof(pr_key) * lun->pr_key_count;
582	if (i < k) {
583		free(msg, M_CTL);
584		i = k;
585		goto alloc;
586	}
587	bzero(&msg->lun, sizeof(msg->lun));
588	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
589	msg->hdr.nexus.targ_lun = lun->lun;
590	msg->hdr.nexus.targ_mapped_lun = lun->lun;
591	msg->lun.flags = lun->flags;
592	msg->lun.pr_generation = lun->PRGeneration;
593	msg->lun.pr_res_idx = lun->pr_res_idx;
594	msg->lun.pr_res_type = lun->res_type;
595	msg->lun.pr_key_count = lun->pr_key_count;
596	i = 0;
597	if (lun->lun_devid) {
598		msg->lun.lun_devid_len = lun->lun_devid->len;
599		memcpy(&msg->lun.data[i], lun->lun_devid->data,
600		    msg->lun.lun_devid_len);
601		i += msg->lun.lun_devid_len;
602	}
603	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
604		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
605			continue;
606		pr_key.pr_iid = k;
607		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
608		i += sizeof(pr_key);
609	}
610	mtx_unlock(&lun->lun_lock);
611	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
612	    M_WAITOK);
613	free(msg, M_CTL);
614
615	if (lun->flags & CTL_LUN_PRIMARY_SC) {
616		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
617			ctl_isc_announce_mode(lun, -1,
618			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
619			    lun->mode_pages.index[i].subpage);
620		}
621	}
622}
623
624void
625ctl_isc_announce_port(struct ctl_port *port)
626{
627	struct ctl_softc *softc = port->ctl_softc;
628	union ctl_ha_msg *msg;
629	int i;
630
631	if (port->targ_port < softc->port_min ||
632	    port->targ_port >= softc->port_max ||
633	    softc->ha_link != CTL_HA_LINK_ONLINE)
634		return;
635	i = sizeof(msg->port) + strlen(port->port_name) + 1;
636	if (port->lun_map)
637		i += sizeof(uint32_t) * CTL_MAX_LUNS;
638	if (port->port_devid)
639		i += port->port_devid->len;
640	if (port->target_devid)
641		i += port->target_devid->len;
642	if (port->init_devid)
643		i += port->init_devid->len;
644	msg = malloc(i, M_CTL, M_WAITOK);
645	bzero(&msg->port, sizeof(msg->port));
646	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
647	msg->hdr.nexus.targ_port = port->targ_port;
648	msg->port.port_type = port->port_type;
649	msg->port.physical_port = port->physical_port;
650	msg->port.virtual_port = port->virtual_port;
651	msg->port.status = port->status;
652	i = 0;
653	msg->port.name_len = sprintf(&msg->port.data[i],
654	    "%d:%s", softc->ha_id, port->port_name) + 1;
655	i += msg->port.name_len;
656	if (port->lun_map) {
657		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
658		memcpy(&msg->port.data[i], port->lun_map,
659		    msg->port.lun_map_len);
660		i += msg->port.lun_map_len;
661	}
662	if (port->port_devid) {
663		msg->port.port_devid_len = port->port_devid->len;
664		memcpy(&msg->port.data[i], port->port_devid->data,
665		    msg->port.port_devid_len);
666		i += msg->port.port_devid_len;
667	}
668	if (port->target_devid) {
669		msg->port.target_devid_len = port->target_devid->len;
670		memcpy(&msg->port.data[i], port->target_devid->data,
671		    msg->port.target_devid_len);
672		i += msg->port.target_devid_len;
673	}
674	if (port->init_devid) {
675		msg->port.init_devid_len = port->init_devid->len;
676		memcpy(&msg->port.data[i], port->init_devid->data,
677		    msg->port.init_devid_len);
678		i += msg->port.init_devid_len;
679	}
680	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
681	    M_WAITOK);
682	free(msg, M_CTL);
683}
684
685void
686ctl_isc_announce_iid(struct ctl_port *port, int iid)
687{
688	struct ctl_softc *softc = port->ctl_softc;
689	union ctl_ha_msg *msg;
690	int i, l;
691
692	if (port->targ_port < softc->port_min ||
693	    port->targ_port >= softc->port_max ||
694	    softc->ha_link != CTL_HA_LINK_ONLINE)
695		return;
696	mtx_lock(&softc->ctl_lock);
697	i = sizeof(msg->iid);
698	l = 0;
699	if (port->wwpn_iid[iid].name)
700		l = strlen(port->wwpn_iid[iid].name) + 1;
701	i += l;
702	msg = malloc(i, M_CTL, M_NOWAIT);
703	if (msg == NULL) {
704		mtx_unlock(&softc->ctl_lock);
705		return;
706	}
707	bzero(&msg->iid, sizeof(msg->iid));
708	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
709	msg->hdr.nexus.targ_port = port->targ_port;
710	msg->hdr.nexus.initid = iid;
711	msg->iid.in_use = port->wwpn_iid[iid].in_use;
712	msg->iid.name_len = l;
713	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
714	if (port->wwpn_iid[iid].name)
715		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
716	mtx_unlock(&softc->ctl_lock);
717	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
718	free(msg, M_CTL);
719}
720
721void
722ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
723    uint8_t page, uint8_t subpage)
724{
725	struct ctl_softc *softc = lun->ctl_softc;
726	union ctl_ha_msg msg;
727	int i;
728
729	if (softc->ha_link != CTL_HA_LINK_ONLINE)
730		return;
731	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
732		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
733		    page && lun->mode_pages.index[i].subpage == subpage)
734			break;
735	}
736	if (i == CTL_NUM_MODE_PAGES)
737		return;
738	bzero(&msg.mode, sizeof(msg.mode));
739	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
740	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
741	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
742	msg.hdr.nexus.targ_lun = lun->lun;
743	msg.hdr.nexus.targ_mapped_lun = lun->lun;
744	msg.mode.page_code = page;
745	msg.mode.subpage = subpage;
746	msg.mode.page_len = lun->mode_pages.index[i].page_len;
747	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
748	    msg.mode.page_len);
749	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
750	    M_WAITOK);
751}
752
753static void
754ctl_isc_ha_link_up(struct ctl_softc *softc)
755{
756	struct ctl_port *port;
757	struct ctl_lun *lun;
758	union ctl_ha_msg msg;
759	int i;
760
761	/* Announce this node parameters to peer for validation. */
762	msg.login.msg_type = CTL_MSG_LOGIN;
763	msg.login.version = CTL_HA_VERSION;
764	msg.login.ha_mode = softc->ha_mode;
765	msg.login.ha_id = softc->ha_id;
766	msg.login.max_luns = CTL_MAX_LUNS;
767	msg.login.max_ports = CTL_MAX_PORTS;
768	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
769	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
770	    M_WAITOK);
771
772	STAILQ_FOREACH(port, &softc->port_list, links) {
773		ctl_isc_announce_port(port);
774		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
775			if (port->wwpn_iid[i].in_use)
776				ctl_isc_announce_iid(port, i);
777		}
778	}
779	STAILQ_FOREACH(lun, &softc->lun_list, links)
780		ctl_isc_announce_lun(lun);
781}
782
783static void
784ctl_isc_ha_link_down(struct ctl_softc *softc)
785{
786	struct ctl_port *port;
787	struct ctl_lun *lun;
788	union ctl_io *io;
789	int i;
790
791	mtx_lock(&softc->ctl_lock);
792	STAILQ_FOREACH(lun, &softc->lun_list, links) {
793		mtx_lock(&lun->lun_lock);
794		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
795			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
796			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
797		}
798		mtx_unlock(&lun->lun_lock);
799
800		mtx_unlock(&softc->ctl_lock);
801		io = ctl_alloc_io(softc->othersc_pool);
802		mtx_lock(&softc->ctl_lock);
803		ctl_zero_io(io);
804		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
805		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
806		ctl_enqueue_isc(io);
807	}
808
809	STAILQ_FOREACH(port, &softc->port_list, links) {
810		if (port->targ_port >= softc->port_min &&
811		    port->targ_port < softc->port_max)
812			continue;
813		port->status &= ~CTL_PORT_STATUS_ONLINE;
814		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
815			port->wwpn_iid[i].in_use = 0;
816			free(port->wwpn_iid[i].name, M_CTL);
817			port->wwpn_iid[i].name = NULL;
818		}
819	}
820	mtx_unlock(&softc->ctl_lock);
821}
822
823static void
824ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
825{
826	struct ctl_lun *lun;
827	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
828
829	mtx_lock(&softc->ctl_lock);
830	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
831	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
832		mtx_lock(&lun->lun_lock);
833		mtx_unlock(&softc->ctl_lock);
834		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
835		    msg->ua.ua_set)
836			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
837		if (msg->ua.ua_all) {
838			if (msg->ua.ua_set)
839				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
840			else
841				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
842		} else {
843			if (msg->ua.ua_set)
844				ctl_est_ua(lun, iid, msg->ua.ua_type);
845			else
846				ctl_clr_ua(lun, iid, msg->ua.ua_type);
847		}
848		mtx_unlock(&lun->lun_lock);
849	} else
850		mtx_unlock(&softc->ctl_lock);
851}
852
853static void
854ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
855{
856	struct ctl_lun *lun;
857	struct ctl_ha_msg_lun_pr_key pr_key;
858	int i, k;
859	ctl_lun_flags oflags;
860	uint32_t targ_lun;
861
862	targ_lun = msg->hdr.nexus.targ_mapped_lun;
863	mtx_lock(&softc->ctl_lock);
864	if ((targ_lun >= CTL_MAX_LUNS) ||
865	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
866		mtx_unlock(&softc->ctl_lock);
867		return;
868	}
869	mtx_lock(&lun->lun_lock);
870	mtx_unlock(&softc->ctl_lock);
871	if (lun->flags & CTL_LUN_DISABLED) {
872		mtx_unlock(&lun->lun_lock);
873		return;
874	}
875	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
876	if (msg->lun.lun_devid_len != i || (i > 0 &&
877	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
878		mtx_unlock(&lun->lun_lock);
879		printf("%s: Received conflicting HA LUN %d\n",
880		    __func__, msg->hdr.nexus.targ_lun);
881		return;
882	} else {
883		/* Record whether peer is primary. */
884		oflags = lun->flags;
885		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
886		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
887			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
888		else
889			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
890		if (oflags != lun->flags)
891			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
892
893		/* If peer is primary and we are not -- use data */
894		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
895		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
896			lun->PRGeneration = msg->lun.pr_generation;
897			lun->pr_res_idx = msg->lun.pr_res_idx;
898			lun->res_type = msg->lun.pr_res_type;
899			lun->pr_key_count = msg->lun.pr_key_count;
900			for (k = 0; k < CTL_MAX_INITIATORS; k++)
901				ctl_clr_prkey(lun, k);
902			for (k = 0; k < msg->lun.pr_key_count; k++) {
903				memcpy(&pr_key, &msg->lun.data[i],
904				    sizeof(pr_key));
905				ctl_alloc_prkey(lun, pr_key.pr_iid);
906				ctl_set_prkey(lun, pr_key.pr_iid,
907				    pr_key.pr_key);
908				i += sizeof(pr_key);
909			}
910		}
911
912		mtx_unlock(&lun->lun_lock);
913		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
914		    __func__, msg->hdr.nexus.targ_lun,
915		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
916		    "primary" : "secondary"));
917
918		/* If we are primary but peer doesn't know -- notify */
919		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
920		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
921			ctl_isc_announce_lun(lun);
922	}
923}
924
925static void
926ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
927{
928	struct ctl_port *port;
929	struct ctl_lun *lun;
930	int i, new;
931
932	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
933	if (port == NULL) {
934		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
935		    msg->hdr.nexus.targ_port));
936		new = 1;
937		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
938		port->frontend = &ha_frontend;
939		port->targ_port = msg->hdr.nexus.targ_port;
940	} else if (port->frontend == &ha_frontend) {
941		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
942		    msg->hdr.nexus.targ_port));
943		new = 0;
944	} else {
945		printf("%s: Received conflicting HA port %d\n",
946		    __func__, msg->hdr.nexus.targ_port);
947		return;
948	}
949	port->port_type = msg->port.port_type;
950	port->physical_port = msg->port.physical_port;
951	port->virtual_port = msg->port.virtual_port;
952	port->status = msg->port.status;
953	i = 0;
954	free(port->port_name, M_CTL);
955	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
956	    M_CTL);
957	i += msg->port.name_len;
958	if (msg->port.lun_map_len != 0) {
959		if (port->lun_map == NULL)
960			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
961			    M_CTL, M_WAITOK);
962		memcpy(port->lun_map, &msg->port.data[i],
963		    sizeof(uint32_t) * CTL_MAX_LUNS);
964		i += msg->port.lun_map_len;
965	} else {
966		free(port->lun_map, M_CTL);
967		port->lun_map = NULL;
968	}
969	if (msg->port.port_devid_len != 0) {
970		if (port->port_devid == NULL ||
971		    port->port_devid->len != msg->port.port_devid_len) {
972			free(port->port_devid, M_CTL);
973			port->port_devid = malloc(sizeof(struct ctl_devid) +
974			    msg->port.port_devid_len, M_CTL, M_WAITOK);
975		}
976		memcpy(port->port_devid->data, &msg->port.data[i],
977		    msg->port.port_devid_len);
978		port->port_devid->len = msg->port.port_devid_len;
979		i += msg->port.port_devid_len;
980	} else {
981		free(port->port_devid, M_CTL);
982		port->port_devid = NULL;
983	}
984	if (msg->port.target_devid_len != 0) {
985		if (port->target_devid == NULL ||
986		    port->target_devid->len != msg->port.target_devid_len) {
987			free(port->target_devid, M_CTL);
988			port->target_devid = malloc(sizeof(struct ctl_devid) +
989			    msg->port.target_devid_len, M_CTL, M_WAITOK);
990		}
991		memcpy(port->target_devid->data, &msg->port.data[i],
992		    msg->port.target_devid_len);
993		port->target_devid->len = msg->port.target_devid_len;
994		i += msg->port.target_devid_len;
995	} else {
996		free(port->target_devid, M_CTL);
997		port->target_devid = NULL;
998	}
999	if (msg->port.init_devid_len != 0) {
1000		if (port->init_devid == NULL ||
1001		    port->init_devid->len != msg->port.init_devid_len) {
1002			free(port->init_devid, M_CTL);
1003			port->init_devid = malloc(sizeof(struct ctl_devid) +
1004			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1005		}
1006		memcpy(port->init_devid->data, &msg->port.data[i],
1007		    msg->port.init_devid_len);
1008		port->init_devid->len = msg->port.init_devid_len;
1009		i += msg->port.init_devid_len;
1010	} else {
1011		free(port->init_devid, M_CTL);
1012		port->init_devid = NULL;
1013	}
1014	if (new) {
1015		if (ctl_port_register(port) != 0) {
1016			printf("%s: ctl_port_register() failed with error\n",
1017			    __func__);
1018		}
1019	}
1020	mtx_lock(&softc->ctl_lock);
1021	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1022		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1023			continue;
1024		mtx_lock(&lun->lun_lock);
1025		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1026		mtx_unlock(&lun->lun_lock);
1027	}
1028	mtx_unlock(&softc->ctl_lock);
1029}
1030
1031static void
1032ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1033{
1034	struct ctl_port *port;
1035	int iid;
1036
1037	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1038	if (port == NULL) {
1039		printf("%s: Received IID for unknown port %d\n",
1040		    __func__, msg->hdr.nexus.targ_port);
1041		return;
1042	}
1043	iid = msg->hdr.nexus.initid;
1044	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1045	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1046	free(port->wwpn_iid[iid].name, M_CTL);
1047	if (msg->iid.name_len) {
1048		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1049		    msg->iid.name_len, M_CTL);
1050	} else
1051		port->wwpn_iid[iid].name = NULL;
1052}
1053
1054static void
1055ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1056{
1057
1058	if (msg->login.version != CTL_HA_VERSION) {
1059		printf("CTL HA peers have different versions %d != %d\n",
1060		    msg->login.version, CTL_HA_VERSION);
1061		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1062		return;
1063	}
1064	if (msg->login.ha_mode != softc->ha_mode) {
1065		printf("CTL HA peers have different ha_mode %d != %d\n",
1066		    msg->login.ha_mode, softc->ha_mode);
1067		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1068		return;
1069	}
1070	if (msg->login.ha_id == softc->ha_id) {
1071		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1072		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1073		return;
1074	}
1075	if (msg->login.max_luns != CTL_MAX_LUNS ||
1076	    msg->login.max_ports != CTL_MAX_PORTS ||
1077	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1078		printf("CTL HA peers have different limits\n");
1079		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1080		return;
1081	}
1082}
1083
1084static void
1085ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1086{
1087	struct ctl_lun *lun;
1088	int i;
1089	uint32_t initidx, targ_lun;
1090
1091	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1092	mtx_lock(&softc->ctl_lock);
1093	if ((targ_lun >= CTL_MAX_LUNS) ||
1094	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1095		mtx_unlock(&softc->ctl_lock);
1096		return;
1097	}
1098	mtx_lock(&lun->lun_lock);
1099	mtx_unlock(&softc->ctl_lock);
1100	if (lun->flags & CTL_LUN_DISABLED) {
1101		mtx_unlock(&lun->lun_lock);
1102		return;
1103	}
1104	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1105		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1106		    msg->mode.page_code &&
1107		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1108			break;
1109	}
1110	if (i == CTL_NUM_MODE_PAGES) {
1111		mtx_unlock(&lun->lun_lock);
1112		return;
1113	}
1114	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1115	    lun->mode_pages.index[i].page_len);
1116	initidx = ctl_get_initindex(&msg->hdr.nexus);
1117	if (initidx != -1)
1118		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1119	mtx_unlock(&lun->lun_lock);
1120}
1121
1122/*
1123 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1124 * subsystem come in here.
1125 */
1126static void
1127ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1128{
1129	struct ctl_softc *softc = control_softc;
1130	union ctl_io *io;
1131	struct ctl_prio *presio;
1132	ctl_ha_status isc_status;
1133
1134	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1135	if (event == CTL_HA_EVT_MSG_RECV) {
1136		union ctl_ha_msg *msg, msgbuf;
1137
1138		if (param > sizeof(msgbuf))
1139			msg = malloc(param, M_CTL, M_WAITOK);
1140		else
1141			msg = &msgbuf;
1142		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1143		    M_WAITOK);
1144		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1145			printf("%s: Error receiving message: %d\n",
1146			    __func__, isc_status);
1147			if (msg != &msgbuf)
1148				free(msg, M_CTL);
1149			return;
1150		}
1151
1152		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1153		switch (msg->hdr.msg_type) {
1154		case CTL_MSG_SERIALIZE:
1155			io = ctl_alloc_io(softc->othersc_pool);
1156			ctl_zero_io(io);
1157			// populate ctsio from msg
1158			io->io_hdr.io_type = CTL_IO_SCSI;
1159			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1160			io->io_hdr.original_sc = msg->hdr.original_sc;
1161			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1162					    CTL_FLAG_IO_ACTIVE;
1163			/*
1164			 * If we're in serialization-only mode, we don't
1165			 * want to go through full done processing.  Thus
1166			 * the COPY flag.
1167			 *
1168			 * XXX KDM add another flag that is more specific.
1169			 */
1170			if (softc->ha_mode != CTL_HA_MODE_XFER)
1171				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1172			io->io_hdr.nexus = msg->hdr.nexus;
1173#if 0
1174			printf("port %u, iid %u, lun %u\n",
1175			       io->io_hdr.nexus.targ_port,
1176			       io->io_hdr.nexus.initid,
1177			       io->io_hdr.nexus.targ_lun);
1178#endif
1179			io->scsiio.tag_num = msg->scsi.tag_num;
1180			io->scsiio.tag_type = msg->scsi.tag_type;
1181#ifdef CTL_TIME_IO
1182			io->io_hdr.start_time = time_uptime;
1183			getbintime(&io->io_hdr.start_bt);
1184#endif /* CTL_TIME_IO */
1185			io->scsiio.cdb_len = msg->scsi.cdb_len;
1186			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1187			       CTL_MAX_CDBLEN);
1188			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1189				const struct ctl_cmd_entry *entry;
1190
1191				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1192				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1193				io->io_hdr.flags |=
1194					entry->flags & CTL_FLAG_DATA_MASK;
1195			}
1196			ctl_enqueue_isc(io);
1197			break;
1198
1199		/* Performed on the Originating SC, XFER mode only */
1200		case CTL_MSG_DATAMOVE: {
1201			struct ctl_sg_entry *sgl;
1202			int i, j;
1203
1204			io = msg->hdr.original_sc;
1205			if (io == NULL) {
1206				printf("%s: original_sc == NULL!\n", __func__);
1207				/* XXX KDM do something here */
1208				break;
1209			}
1210			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1211			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1212			/*
1213			 * Keep track of this, we need to send it back over
1214			 * when the datamove is complete.
1215			 */
1216			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1217			if (msg->hdr.status == CTL_SUCCESS)
1218				io->io_hdr.status = msg->hdr.status;
1219
1220			if (msg->dt.sg_sequence == 0) {
1221				i = msg->dt.kern_sg_entries +
1222				    msg->dt.kern_data_len /
1223				    CTL_HA_DATAMOVE_SEGMENT + 1;
1224				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1225				    M_WAITOK | M_ZERO);
1226				io->io_hdr.remote_sglist = sgl;
1227				io->io_hdr.local_sglist =
1228				    &sgl[msg->dt.kern_sg_entries];
1229
1230				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1231
1232				io->scsiio.kern_sg_entries =
1233					msg->dt.kern_sg_entries;
1234				io->scsiio.rem_sg_entries =
1235					msg->dt.kern_sg_entries;
1236				io->scsiio.kern_data_len =
1237					msg->dt.kern_data_len;
1238				io->scsiio.kern_total_len =
1239					msg->dt.kern_total_len;
1240				io->scsiio.kern_data_resid =
1241					msg->dt.kern_data_resid;
1242				io->scsiio.kern_rel_offset =
1243					msg->dt.kern_rel_offset;
1244				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1245				io->io_hdr.flags |= msg->dt.flags &
1246				    CTL_FLAG_BUS_ADDR;
1247			} else
1248				sgl = (struct ctl_sg_entry *)
1249					io->scsiio.kern_data_ptr;
1250
1251			for (i = msg->dt.sent_sg_entries, j = 0;
1252			     i < (msg->dt.sent_sg_entries +
1253			     msg->dt.cur_sg_entries); i++, j++) {
1254				sgl[i].addr = msg->dt.sg_list[j].addr;
1255				sgl[i].len = msg->dt.sg_list[j].len;
1256
1257#if 0
1258				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1259				    __func__, sgl[i].addr, sgl[i].len, j, i);
1260#endif
1261			}
1262
1263			/*
1264			 * If this is the last piece of the I/O, we've got
1265			 * the full S/G list.  Queue processing in the thread.
1266			 * Otherwise wait for the next piece.
1267			 */
1268			if (msg->dt.sg_last != 0)
1269				ctl_enqueue_isc(io);
1270			break;
1271		}
1272		/* Performed on the Serializing (primary) SC, XFER mode only */
1273		case CTL_MSG_DATAMOVE_DONE: {
1274			if (msg->hdr.serializing_sc == NULL) {
1275				printf("%s: serializing_sc == NULL!\n",
1276				       __func__);
1277				/* XXX KDM now what? */
1278				break;
1279			}
1280			/*
1281			 * We grab the sense information here in case
1282			 * there was a failure, so we can return status
1283			 * back to the initiator.
1284			 */
1285			io = msg->hdr.serializing_sc;
1286			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1287			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1288			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1289			io->io_hdr.port_status = msg->scsi.fetd_status;
1290			io->scsiio.residual = msg->scsi.residual;
1291			if (msg->hdr.status != CTL_STATUS_NONE) {
1292				io->io_hdr.status = msg->hdr.status;
1293				io->scsiio.scsi_status = msg->scsi.scsi_status;
1294				io->scsiio.sense_len = msg->scsi.sense_len;
1295				io->scsiio.sense_residual =msg->scsi.sense_residual;
1296				memcpy(&io->scsiio.sense_data,
1297				    &msg->scsi.sense_data,
1298				    msg->scsi.sense_len);
1299				if (msg->hdr.status == CTL_SUCCESS)
1300					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1301			}
1302			ctl_enqueue_isc(io);
1303			break;
1304		}
1305
1306		/* Preformed on Originating SC, SER_ONLY mode */
1307		case CTL_MSG_R2R:
1308			io = msg->hdr.original_sc;
1309			if (io == NULL) {
1310				printf("%s: original_sc == NULL!\n",
1311				    __func__);
1312				break;
1313			}
1314			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1315			io->io_hdr.msg_type = CTL_MSG_R2R;
1316			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1317			ctl_enqueue_isc(io);
1318			break;
1319
1320		/*
1321		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1322		 * mode.
1323		 * Performed on the Originating (i.e. secondary) SC in XFER
1324		 * mode
1325		 */
1326		case CTL_MSG_FINISH_IO:
1327			if (softc->ha_mode == CTL_HA_MODE_XFER)
1328				ctl_isc_handler_finish_xfer(softc, msg);
1329			else
1330				ctl_isc_handler_finish_ser_only(softc, msg);
1331			break;
1332
1333		/* Preformed on Originating SC */
1334		case CTL_MSG_BAD_JUJU:
1335			io = msg->hdr.original_sc;
1336			if (io == NULL) {
1337				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1338				       __func__);
1339				break;
1340			}
1341			ctl_copy_sense_data(msg, io);
1342			/*
1343			 * IO should have already been cleaned up on other
1344			 * SC so clear this flag so we won't send a message
1345			 * back to finish the IO there.
1346			 */
1347			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1348			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1349
1350			/* io = msg->hdr.serializing_sc; */
1351			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1352			ctl_enqueue_isc(io);
1353			break;
1354
1355		/* Handle resets sent from the other side */
1356		case CTL_MSG_MANAGE_TASKS: {
1357			struct ctl_taskio *taskio;
1358			taskio = (struct ctl_taskio *)ctl_alloc_io(
1359			    softc->othersc_pool);
1360			ctl_zero_io((union ctl_io *)taskio);
1361			taskio->io_hdr.io_type = CTL_IO_TASK;
1362			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1363			taskio->io_hdr.nexus = msg->hdr.nexus;
1364			taskio->task_action = msg->task.task_action;
1365			taskio->tag_num = msg->task.tag_num;
1366			taskio->tag_type = msg->task.tag_type;
1367#ifdef CTL_TIME_IO
1368			taskio->io_hdr.start_time = time_uptime;
1369			getbintime(&taskio->io_hdr.start_bt);
1370#endif /* CTL_TIME_IO */
1371			ctl_run_task((union ctl_io *)taskio);
1372			break;
1373		}
1374		/* Persistent Reserve action which needs attention */
1375		case CTL_MSG_PERS_ACTION:
1376			presio = (struct ctl_prio *)ctl_alloc_io(
1377			    softc->othersc_pool);
1378			ctl_zero_io((union ctl_io *)presio);
1379			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1380			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1381			presio->io_hdr.nexus = msg->hdr.nexus;
1382			presio->pr_msg = msg->pr;
1383			ctl_enqueue_isc((union ctl_io *)presio);
1384			break;
1385		case CTL_MSG_UA:
1386			ctl_isc_ua(softc, msg, param);
1387			break;
1388		case CTL_MSG_PORT_SYNC:
1389			ctl_isc_port_sync(softc, msg, param);
1390			break;
1391		case CTL_MSG_LUN_SYNC:
1392			ctl_isc_lun_sync(softc, msg, param);
1393			break;
1394		case CTL_MSG_IID_SYNC:
1395			ctl_isc_iid_sync(softc, msg, param);
1396			break;
1397		case CTL_MSG_LOGIN:
1398			ctl_isc_login(softc, msg, param);
1399			break;
1400		case CTL_MSG_MODE_SYNC:
1401			ctl_isc_mode_sync(softc, msg, param);
1402			break;
1403		default:
1404			printf("Received HA message of unknown type %d\n",
1405			    msg->hdr.msg_type);
1406			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1407			break;
1408		}
1409		if (msg != &msgbuf)
1410			free(msg, M_CTL);
1411	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1412		printf("CTL: HA link status changed from %d to %d\n",
1413		    softc->ha_link, param);
1414		if (param == softc->ha_link)
1415			return;
1416		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1417			softc->ha_link = param;
1418			ctl_isc_ha_link_down(softc);
1419		} else {
1420			softc->ha_link = param;
1421			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1422				ctl_isc_ha_link_up(softc);
1423		}
1424		return;
1425	} else {
1426		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1427		return;
1428	}
1429}
1430
1431static void
1432ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1433{
1434
1435	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1436	    src->scsi.sense_len);
1437	dest->scsiio.scsi_status = src->scsi.scsi_status;
1438	dest->scsiio.sense_len = src->scsi.sense_len;
1439	dest->io_hdr.status = src->hdr.status;
1440}
1441
1442static void
1443ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1444{
1445
1446	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1447	    src->scsiio.sense_len);
1448	dest->scsi.scsi_status = src->scsiio.scsi_status;
1449	dest->scsi.sense_len = src->scsiio.sense_len;
1450	dest->hdr.status = src->io_hdr.status;
1451}
1452
1453void
1454ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1455{
1456	struct ctl_softc *softc = lun->ctl_softc;
1457	ctl_ua_type *pu;
1458
1459	if (initidx < softc->init_min || initidx >= softc->init_max)
1460		return;
1461	mtx_assert(&lun->lun_lock, MA_OWNED);
1462	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1463	if (pu == NULL)
1464		return;
1465	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1466}
1467
1468void
1469ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1470{
1471	int i;
1472
1473	mtx_assert(&lun->lun_lock, MA_OWNED);
1474	if (lun->pending_ua[port] == NULL)
1475		return;
1476	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1477		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1478			continue;
1479		lun->pending_ua[port][i] |= ua;
1480	}
1481}
1482
1483void
1484ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1485{
1486	struct ctl_softc *softc = lun->ctl_softc;
1487	int i;
1488
1489	mtx_assert(&lun->lun_lock, MA_OWNED);
1490	for (i = softc->port_min; i < softc->port_max; i++)
1491		ctl_est_ua_port(lun, i, except, ua);
1492}
1493
1494void
1495ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1496{
1497	struct ctl_softc *softc = lun->ctl_softc;
1498	ctl_ua_type *pu;
1499
1500	if (initidx < softc->init_min || initidx >= softc->init_max)
1501		return;
1502	mtx_assert(&lun->lun_lock, MA_OWNED);
1503	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1504	if (pu == NULL)
1505		return;
1506	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1507}
1508
1509void
1510ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1511{
1512	struct ctl_softc *softc = lun->ctl_softc;
1513	int i, j;
1514
1515	mtx_assert(&lun->lun_lock, MA_OWNED);
1516	for (i = softc->port_min; i < softc->port_max; i++) {
1517		if (lun->pending_ua[i] == NULL)
1518			continue;
1519		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1520			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1521				continue;
1522			lun->pending_ua[i][j] &= ~ua;
1523		}
1524	}
1525}
1526
1527void
1528ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1529    ctl_ua_type ua_type)
1530{
1531	struct ctl_lun *lun;
1532
1533	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1534	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1535		mtx_lock(&lun->lun_lock);
1536		ctl_clr_ua(lun, initidx, ua_type);
1537		mtx_unlock(&lun->lun_lock);
1538	}
1539}
1540
1541static int
1542ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1543{
1544	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1545	struct ctl_lun *lun;
1546	struct ctl_lun_req ireq;
1547	int error, value;
1548
1549	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1550	error = sysctl_handle_int(oidp, &value, 0, req);
1551	if ((error != 0) || (req->newptr == NULL))
1552		return (error);
1553
1554	mtx_lock(&softc->ctl_lock);
1555	if (value == 0)
1556		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1557	else
1558		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1559	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1560		mtx_unlock(&softc->ctl_lock);
1561		bzero(&ireq, sizeof(ireq));
1562		ireq.reqtype = CTL_LUNREQ_MODIFY;
1563		ireq.reqdata.modify.lun_id = lun->lun;
1564		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1565		    curthread);
1566		if (ireq.status != CTL_LUN_OK) {
1567			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1568			    __func__, ireq.status, ireq.error_str);
1569		}
1570		mtx_lock(&softc->ctl_lock);
1571	}
1572	mtx_unlock(&softc->ctl_lock);
1573	return (0);
1574}
1575
1576static int
1577ctl_init(void)
1578{
1579	struct ctl_softc *softc;
1580	void *other_pool;
1581	int i, error, retval;
1582
1583	retval = 0;
1584	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1585			       M_WAITOK | M_ZERO);
1586
1587	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1588			      "cam/ctl");
1589	softc->dev->si_drv1 = softc;
1590
1591	sysctl_ctx_init(&softc->sysctl_ctx);
1592	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1593		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1594		CTLFLAG_RD, 0, "CAM Target Layer");
1595
1596	if (softc->sysctl_tree == NULL) {
1597		printf("%s: unable to allocate sysctl tree\n", __func__);
1598		destroy_dev(softc->dev);
1599		free(control_softc, M_DEVBUF);
1600		control_softc = NULL;
1601		return (ENOMEM);
1602	}
1603
1604	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1605	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1606	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1607	softc->open_count = 0;
1608
1609	/*
1610	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1611	 * the drive.
1612	 */
1613	softc->flags = CTL_FLAG_REAL_SYNC;
1614
1615	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1616	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1617	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1618
1619	/*
1620	 * In Copan's HA scheme, the "master" and "slave" roles are
1621	 * figured out through the slot the controller is in.  Although it
1622	 * is an active/active system, someone has to be in charge.
1623	 */
1624	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1625	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1626	    "HA head ID (0 - no HA)");
1627	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1628		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1629		softc->is_single = 1;
1630		softc->port_cnt = CTL_MAX_PORTS;
1631		softc->port_min = 0;
1632	} else {
1633		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1634		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1635	}
1636	softc->port_max = softc->port_min + softc->port_cnt;
1637	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1638	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1639
1640	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1641	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1642	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1643
1644	STAILQ_INIT(&softc->lun_list);
1645	STAILQ_INIT(&softc->pending_lun_queue);
1646	STAILQ_INIT(&softc->fe_list);
1647	STAILQ_INIT(&softc->port_list);
1648	STAILQ_INIT(&softc->be_list);
1649	ctl_tpc_init(softc);
1650
1651	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1652	                    &other_pool) != 0)
1653	{
1654		printf("ctl: can't allocate %d entry other SC pool, "
1655		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1656		return (ENOMEM);
1657	}
1658	softc->othersc_pool = other_pool;
1659
1660	if (worker_threads <= 0)
1661		worker_threads = max(1, mp_ncpus / 4);
1662	if (worker_threads > CTL_MAX_THREADS)
1663		worker_threads = CTL_MAX_THREADS;
1664
1665	for (i = 0; i < worker_threads; i++) {
1666		struct ctl_thread *thr = &softc->threads[i];
1667
1668		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1669		thr->ctl_softc = softc;
1670		STAILQ_INIT(&thr->incoming_queue);
1671		STAILQ_INIT(&thr->rtr_queue);
1672		STAILQ_INIT(&thr->done_queue);
1673		STAILQ_INIT(&thr->isc_queue);
1674
1675		error = kproc_kthread_add(ctl_work_thread, thr,
1676		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1677		if (error != 0) {
1678			printf("error creating CTL work thread!\n");
1679			ctl_pool_free(other_pool);
1680			return (error);
1681		}
1682	}
1683	error = kproc_kthread_add(ctl_lun_thread, softc,
1684	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1685	if (error != 0) {
1686		printf("error creating CTL lun thread!\n");
1687		ctl_pool_free(other_pool);
1688		return (error);
1689	}
1690	error = kproc_kthread_add(ctl_thresh_thread, softc,
1691	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1692	if (error != 0) {
1693		printf("error creating CTL threshold thread!\n");
1694		ctl_pool_free(other_pool);
1695		return (error);
1696	}
1697
1698	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1699	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1700	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1701
1702	if (softc->is_single == 0) {
1703		ctl_frontend_register(&ha_frontend);
1704		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1705			printf("ctl_init: ctl_ha_msg_init failed.\n");
1706			softc->is_single = 1;
1707		} else
1708		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1709		    != CTL_HA_STATUS_SUCCESS) {
1710			printf("ctl_init: ctl_ha_msg_register failed.\n");
1711			softc->is_single = 1;
1712		}
1713	}
1714	return (0);
1715}
1716
1717void
1718ctl_shutdown(void)
1719{
1720	struct ctl_softc *softc = control_softc;
1721	struct ctl_lun *lun, *next_lun;
1722
1723	if (softc->is_single == 0) {
1724		ctl_ha_msg_shutdown(softc);
1725		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1726		    != CTL_HA_STATUS_SUCCESS)
1727			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1728		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1729			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1730		ctl_frontend_deregister(&ha_frontend);
1731	}
1732
1733	mtx_lock(&softc->ctl_lock);
1734
1735	/*
1736	 * Free up each LUN.
1737	 */
1738	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1739		next_lun = STAILQ_NEXT(lun, links);
1740		ctl_free_lun(lun);
1741	}
1742
1743	mtx_unlock(&softc->ctl_lock);
1744
1745#if 0
1746	ctl_shutdown_thread(softc->work_thread);
1747	mtx_destroy(&softc->queue_lock);
1748#endif
1749
1750	ctl_tpc_shutdown(softc);
1751	uma_zdestroy(softc->io_zone);
1752	mtx_destroy(&softc->ctl_lock);
1753
1754	destroy_dev(softc->dev);
1755
1756	sysctl_ctx_free(&softc->sysctl_ctx);
1757
1758	free(control_softc, M_DEVBUF);
1759	control_softc = NULL;
1760}
1761
1762static int
1763ctl_module_event_handler(module_t mod, int what, void *arg)
1764{
1765
1766	switch (what) {
1767	case MOD_LOAD:
1768		return (ctl_init());
1769	case MOD_UNLOAD:
1770		return (EBUSY);
1771	default:
1772		return (EOPNOTSUPP);
1773	}
1774}
1775
1776/*
1777 * XXX KDM should we do some access checks here?  Bump a reference count to
1778 * prevent a CTL module from being unloaded while someone has it open?
1779 */
1780static int
1781ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1782{
1783	return (0);
1784}
1785
1786static int
1787ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1788{
1789	return (0);
1790}
1791
1792/*
1793 * Remove an initiator by port number and initiator ID.
1794 * Returns 0 for success, -1 for failure.
1795 */
1796int
1797ctl_remove_initiator(struct ctl_port *port, int iid)
1798{
1799	struct ctl_softc *softc = port->ctl_softc;
1800
1801	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1802
1803	if (iid > CTL_MAX_INIT_PER_PORT) {
1804		printf("%s: initiator ID %u > maximun %u!\n",
1805		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1806		return (-1);
1807	}
1808
1809	mtx_lock(&softc->ctl_lock);
1810	port->wwpn_iid[iid].in_use--;
1811	port->wwpn_iid[iid].last_use = time_uptime;
1812	mtx_unlock(&softc->ctl_lock);
1813	ctl_isc_announce_iid(port, iid);
1814
1815	return (0);
1816}
1817
1818/*
1819 * Add an initiator to the initiator map.
1820 * Returns iid for success, < 0 for failure.
1821 */
1822int
1823ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1824{
1825	struct ctl_softc *softc = port->ctl_softc;
1826	time_t best_time;
1827	int i, best;
1828
1829	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1830
1831	if (iid >= CTL_MAX_INIT_PER_PORT) {
1832		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1833		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1834		free(name, M_CTL);
1835		return (-1);
1836	}
1837
1838	mtx_lock(&softc->ctl_lock);
1839
1840	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1841		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1842			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1843				iid = i;
1844				break;
1845			}
1846			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1847			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1848				iid = i;
1849				break;
1850			}
1851		}
1852	}
1853
1854	if (iid < 0) {
1855		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1856			if (port->wwpn_iid[i].in_use == 0 &&
1857			    port->wwpn_iid[i].wwpn == 0 &&
1858			    port->wwpn_iid[i].name == NULL) {
1859				iid = i;
1860				break;
1861			}
1862		}
1863	}
1864
1865	if (iid < 0) {
1866		best = -1;
1867		best_time = INT32_MAX;
1868		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1869			if (port->wwpn_iid[i].in_use == 0) {
1870				if (port->wwpn_iid[i].last_use < best_time) {
1871					best = i;
1872					best_time = port->wwpn_iid[i].last_use;
1873				}
1874			}
1875		}
1876		iid = best;
1877	}
1878
1879	if (iid < 0) {
1880		mtx_unlock(&softc->ctl_lock);
1881		free(name, M_CTL);
1882		return (-2);
1883	}
1884
1885	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
1886		/*
1887		 * This is not an error yet.
1888		 */
1889		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
1890#if 0
1891			printf("%s: port %d iid %u WWPN %#jx arrived"
1892			    " again\n", __func__, port->targ_port,
1893			    iid, (uintmax_t)wwpn);
1894#endif
1895			goto take;
1896		}
1897		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
1898		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
1899#if 0
1900			printf("%s: port %d iid %u name '%s' arrived"
1901			    " again\n", __func__, port->targ_port,
1902			    iid, name);
1903#endif
1904			goto take;
1905		}
1906
1907		/*
1908		 * This is an error, but what do we do about it?  The
1909		 * driver is telling us we have a new WWPN for this
1910		 * initiator ID, so we pretty much need to use it.
1911		 */
1912		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
1913		    " but WWPN %#jx '%s' is still at that address\n",
1914		    __func__, port->targ_port, iid, wwpn, name,
1915		    (uintmax_t)port->wwpn_iid[iid].wwpn,
1916		    port->wwpn_iid[iid].name);
1917
1918		/*
1919		 * XXX KDM clear have_ca and ua_pending on each LUN for
1920		 * this initiator.
1921		 */
1922	}
1923take:
1924	free(port->wwpn_iid[iid].name, M_CTL);
1925	port->wwpn_iid[iid].name = name;
1926	port->wwpn_iid[iid].wwpn = wwpn;
1927	port->wwpn_iid[iid].in_use++;
1928	mtx_unlock(&softc->ctl_lock);
1929	ctl_isc_announce_iid(port, iid);
1930
1931	return (iid);
1932}
1933
1934static int
1935ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
1936{
1937	int len;
1938
1939	switch (port->port_type) {
1940	case CTL_PORT_FC:
1941	{
1942		struct scsi_transportid_fcp *id =
1943		    (struct scsi_transportid_fcp *)buf;
1944		if (port->wwpn_iid[iid].wwpn == 0)
1945			return (0);
1946		memset(id, 0, sizeof(*id));
1947		id->format_protocol = SCSI_PROTO_FC;
1948		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
1949		return (sizeof(*id));
1950	}
1951	case CTL_PORT_ISCSI:
1952	{
1953		struct scsi_transportid_iscsi_port *id =
1954		    (struct scsi_transportid_iscsi_port *)buf;
1955		if (port->wwpn_iid[iid].name == NULL)
1956			return (0);
1957		memset(id, 0, 256);
1958		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
1959		    SCSI_PROTO_ISCSI;
1960		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
1961		len = roundup2(min(len, 252), 4);
1962		scsi_ulto2b(len, id->additional_length);
1963		return (sizeof(*id) + len);
1964	}
1965	case CTL_PORT_SAS:
1966	{
1967		struct scsi_transportid_sas *id =
1968		    (struct scsi_transportid_sas *)buf;
1969		if (port->wwpn_iid[iid].wwpn == 0)
1970			return (0);
1971		memset(id, 0, sizeof(*id));
1972		id->format_protocol = SCSI_PROTO_SAS;
1973		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
1974		return (sizeof(*id));
1975	}
1976	default:
1977	{
1978		struct scsi_transportid_spi *id =
1979		    (struct scsi_transportid_spi *)buf;
1980		memset(id, 0, sizeof(*id));
1981		id->format_protocol = SCSI_PROTO_SPI;
1982		scsi_ulto2b(iid, id->scsi_addr);
1983		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
1984		return (sizeof(*id));
1985	}
1986	}
1987}
1988
1989/*
1990 * Serialize a command that went down the "wrong" side, and so was sent to
1991 * this controller for execution.  The logic is a little different than the
1992 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
1993 * sent back to the other side, but in the success case, we execute the
1994 * command on this side (XFER mode) or tell the other side to execute it
1995 * (SER_ONLY mode).
1996 */
1997static int
1998ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
1999{
2000	struct ctl_softc *softc = control_softc;
2001	union ctl_ha_msg msg_info;
2002	struct ctl_lun *lun;
2003	const struct ctl_cmd_entry *entry;
2004	int retval = 0;
2005	uint32_t targ_lun;
2006
2007	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2008	mtx_lock(&softc->ctl_lock);
2009	if ((targ_lun < CTL_MAX_LUNS) &&
2010	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2011		mtx_lock(&lun->lun_lock);
2012		mtx_unlock(&softc->ctl_lock);
2013		/*
2014		 * If the LUN is invalid, pretend that it doesn't exist.
2015		 * It will go away as soon as all pending I/O has been
2016		 * completed.
2017		 */
2018		if (lun->flags & CTL_LUN_DISABLED) {
2019			mtx_unlock(&lun->lun_lock);
2020			lun = NULL;
2021		}
2022	} else {
2023		mtx_unlock(&softc->ctl_lock);
2024		lun = NULL;
2025	}
2026	if (lun == NULL) {
2027		/*
2028		 * The other node would not send this request to us unless
2029		 * received announce that we are primary node for this LUN.
2030		 * If this LUN does not exist now, it is probably result of
2031		 * a race, so respond to initiator in the most opaque way.
2032		 */
2033		ctl_set_busy(ctsio);
2034		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2035		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2036		msg_info.hdr.serializing_sc = NULL;
2037		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2038		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2039		    sizeof(msg_info.scsi), M_WAITOK);
2040		return(1);
2041	}
2042
2043	entry = ctl_get_cmd_entry(ctsio, NULL);
2044	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2045		mtx_unlock(&lun->lun_lock);
2046		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2047		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2048		msg_info.hdr.serializing_sc = NULL;
2049		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2050		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2051		    sizeof(msg_info.scsi), M_WAITOK);
2052		return(1);
2053	}
2054
2055	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2056	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2057
2058	/*
2059	 * Every I/O goes into the OOA queue for a
2060	 * particular LUN, and stays there until completion.
2061	 */
2062#ifdef CTL_TIME_IO
2063	if (TAILQ_EMPTY(&lun->ooa_queue))
2064		lun->idle_time += getsbinuptime() - lun->last_busy;
2065#endif
2066	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2067
2068	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2069		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2070		 ooa_links))) {
2071	case CTL_ACTION_BLOCK:
2072		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2073		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2074				  blocked_links);
2075		mtx_unlock(&lun->lun_lock);
2076		break;
2077	case CTL_ACTION_PASS:
2078	case CTL_ACTION_SKIP:
2079		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2080			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2081			ctl_enqueue_rtr((union ctl_io *)ctsio);
2082			mtx_unlock(&lun->lun_lock);
2083		} else {
2084			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2085			mtx_unlock(&lun->lun_lock);
2086
2087			/* send msg back to other side */
2088			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2089			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2090			msg_info.hdr.msg_type = CTL_MSG_R2R;
2091			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2092			    sizeof(msg_info.hdr), M_WAITOK);
2093		}
2094		break;
2095	case CTL_ACTION_OVERLAP:
2096		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2097		mtx_unlock(&lun->lun_lock);
2098		retval = 1;
2099
2100		ctl_set_overlapped_cmd(ctsio);
2101		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2102		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2103		msg_info.hdr.serializing_sc = NULL;
2104		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2105		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2106		    sizeof(msg_info.scsi), M_WAITOK);
2107		break;
2108	case CTL_ACTION_OVERLAP_TAG:
2109		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2110		mtx_unlock(&lun->lun_lock);
2111		retval = 1;
2112		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2113		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2114		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2115		msg_info.hdr.serializing_sc = NULL;
2116		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2117		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2118		    sizeof(msg_info.scsi), M_WAITOK);
2119		break;
2120	case CTL_ACTION_ERROR:
2121	default:
2122		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2123		mtx_unlock(&lun->lun_lock);
2124		retval = 1;
2125
2126		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2127					 /*retry_count*/ 0);
2128		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2129		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2130		msg_info.hdr.serializing_sc = NULL;
2131		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2132		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2133		    sizeof(msg_info.scsi), M_WAITOK);
2134		break;
2135	}
2136	return (retval);
2137}
2138
2139/*
2140 * Returns 0 for success, errno for failure.
2141 */
2142static int
2143ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2144		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2145{
2146	union ctl_io *io;
2147	int retval;
2148
2149	retval = 0;
2150
2151	mtx_lock(&lun->lun_lock);
2152	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2153	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2154	     ooa_links)) {
2155		struct ctl_ooa_entry *entry;
2156
2157		/*
2158		 * If we've got more than we can fit, just count the
2159		 * remaining entries.
2160		 */
2161		if (*cur_fill_num >= ooa_hdr->alloc_num)
2162			continue;
2163
2164		entry = &kern_entries[*cur_fill_num];
2165
2166		entry->tag_num = io->scsiio.tag_num;
2167		entry->lun_num = lun->lun;
2168#ifdef CTL_TIME_IO
2169		entry->start_bt = io->io_hdr.start_bt;
2170#endif
2171		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2172		entry->cdb_len = io->scsiio.cdb_len;
2173		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2174			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2175
2176		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2177			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2178
2179		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2180			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2181
2182		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2183			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2184
2185		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2186			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2187	}
2188	mtx_unlock(&lun->lun_lock);
2189
2190	return (retval);
2191}
2192
2193static void *
2194ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2195		 size_t error_str_len)
2196{
2197	void *kptr;
2198
2199	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2200
2201	if (copyin(user_addr, kptr, len) != 0) {
2202		snprintf(error_str, error_str_len, "Error copying %d bytes "
2203			 "from user address %p to kernel address %p", len,
2204			 user_addr, kptr);
2205		free(kptr, M_CTL);
2206		return (NULL);
2207	}
2208
2209	return (kptr);
2210}
2211
2212static void
2213ctl_free_args(int num_args, struct ctl_be_arg *args)
2214{
2215	int i;
2216
2217	if (args == NULL)
2218		return;
2219
2220	for (i = 0; i < num_args; i++) {
2221		free(args[i].kname, M_CTL);
2222		free(args[i].kvalue, M_CTL);
2223	}
2224
2225	free(args, M_CTL);
2226}
2227
2228static struct ctl_be_arg *
2229ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2230		char *error_str, size_t error_str_len)
2231{
2232	struct ctl_be_arg *args;
2233	int i;
2234
2235	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2236				error_str, error_str_len);
2237
2238	if (args == NULL)
2239		goto bailout;
2240
2241	for (i = 0; i < num_args; i++) {
2242		args[i].kname = NULL;
2243		args[i].kvalue = NULL;
2244	}
2245
2246	for (i = 0; i < num_args; i++) {
2247		uint8_t *tmpptr;
2248
2249		args[i].kname = ctl_copyin_alloc(args[i].name,
2250			args[i].namelen, error_str, error_str_len);
2251		if (args[i].kname == NULL)
2252			goto bailout;
2253
2254		if (args[i].kname[args[i].namelen - 1] != '\0') {
2255			snprintf(error_str, error_str_len, "Argument %d "
2256				 "name is not NUL-terminated", i);
2257			goto bailout;
2258		}
2259
2260		if (args[i].flags & CTL_BEARG_RD) {
2261			tmpptr = ctl_copyin_alloc(args[i].value,
2262				args[i].vallen, error_str, error_str_len);
2263			if (tmpptr == NULL)
2264				goto bailout;
2265			if ((args[i].flags & CTL_BEARG_ASCII)
2266			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2267				snprintf(error_str, error_str_len, "Argument "
2268				    "%d value is not NUL-terminated", i);
2269				goto bailout;
2270			}
2271			args[i].kvalue = tmpptr;
2272		} else {
2273			args[i].kvalue = malloc(args[i].vallen,
2274			    M_CTL, M_WAITOK | M_ZERO);
2275		}
2276	}
2277
2278	return (args);
2279bailout:
2280
2281	ctl_free_args(num_args, args);
2282
2283	return (NULL);
2284}
2285
2286static void
2287ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2288{
2289	int i;
2290
2291	for (i = 0; i < num_args; i++) {
2292		if (args[i].flags & CTL_BEARG_WR)
2293			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2294	}
2295}
2296
2297/*
2298 * Escape characters that are illegal or not recommended in XML.
2299 */
2300int
2301ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2302{
2303	char *end = str + size;
2304	int retval;
2305
2306	retval = 0;
2307
2308	for (; *str && str < end; str++) {
2309		switch (*str) {
2310		case '&':
2311			retval = sbuf_printf(sb, "&amp;");
2312			break;
2313		case '>':
2314			retval = sbuf_printf(sb, "&gt;");
2315			break;
2316		case '<':
2317			retval = sbuf_printf(sb, "&lt;");
2318			break;
2319		default:
2320			retval = sbuf_putc(sb, *str);
2321			break;
2322		}
2323
2324		if (retval != 0)
2325			break;
2326
2327	}
2328
2329	return (retval);
2330}
2331
2332static void
2333ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2334{
2335	struct scsi_vpd_id_descriptor *desc;
2336	int i;
2337
2338	if (id == NULL || id->len < 4)
2339		return;
2340	desc = (struct scsi_vpd_id_descriptor *)id->data;
2341	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2342	case SVPD_ID_TYPE_T10:
2343		sbuf_printf(sb, "t10.");
2344		break;
2345	case SVPD_ID_TYPE_EUI64:
2346		sbuf_printf(sb, "eui.");
2347		break;
2348	case SVPD_ID_TYPE_NAA:
2349		sbuf_printf(sb, "naa.");
2350		break;
2351	case SVPD_ID_TYPE_SCSI_NAME:
2352		break;
2353	}
2354	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2355	case SVPD_ID_CODESET_BINARY:
2356		for (i = 0; i < desc->length; i++)
2357			sbuf_printf(sb, "%02x", desc->identifier[i]);
2358		break;
2359	case SVPD_ID_CODESET_ASCII:
2360		sbuf_printf(sb, "%.*s", (int)desc->length,
2361		    (char *)desc->identifier);
2362		break;
2363	case SVPD_ID_CODESET_UTF8:
2364		sbuf_printf(sb, "%s", (char *)desc->identifier);
2365		break;
2366	}
2367}
2368
2369static int
2370ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2371	  struct thread *td)
2372{
2373	struct ctl_softc *softc = dev->si_drv1;
2374	struct ctl_lun *lun;
2375	int retval;
2376
2377	retval = 0;
2378
2379	switch (cmd) {
2380	case CTL_IO:
2381		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2382		break;
2383	case CTL_ENABLE_PORT:
2384	case CTL_DISABLE_PORT:
2385	case CTL_SET_PORT_WWNS: {
2386		struct ctl_port *port;
2387		struct ctl_port_entry *entry;
2388
2389		entry = (struct ctl_port_entry *)addr;
2390
2391		mtx_lock(&softc->ctl_lock);
2392		STAILQ_FOREACH(port, &softc->port_list, links) {
2393			int action, done;
2394
2395			if (port->targ_port < softc->port_min ||
2396			    port->targ_port >= softc->port_max)
2397				continue;
2398
2399			action = 0;
2400			done = 0;
2401			if ((entry->port_type == CTL_PORT_NONE)
2402			 && (entry->targ_port == port->targ_port)) {
2403				/*
2404				 * If the user only wants to enable or
2405				 * disable or set WWNs on a specific port,
2406				 * do the operation and we're done.
2407				 */
2408				action = 1;
2409				done = 1;
2410			} else if (entry->port_type & port->port_type) {
2411				/*
2412				 * Compare the user's type mask with the
2413				 * particular frontend type to see if we
2414				 * have a match.
2415				 */
2416				action = 1;
2417				done = 0;
2418
2419				/*
2420				 * Make sure the user isn't trying to set
2421				 * WWNs on multiple ports at the same time.
2422				 */
2423				if (cmd == CTL_SET_PORT_WWNS) {
2424					printf("%s: Can't set WWNs on "
2425					       "multiple ports\n", __func__);
2426					retval = EINVAL;
2427					break;
2428				}
2429			}
2430			if (action == 0)
2431				continue;
2432
2433			/*
2434			 * XXX KDM we have to drop the lock here, because
2435			 * the online/offline operations can potentially
2436			 * block.  We need to reference count the frontends
2437			 * so they can't go away,
2438			 */
2439			if (cmd == CTL_ENABLE_PORT) {
2440				mtx_unlock(&softc->ctl_lock);
2441				ctl_port_online(port);
2442				mtx_lock(&softc->ctl_lock);
2443			} else if (cmd == CTL_DISABLE_PORT) {
2444				mtx_unlock(&softc->ctl_lock);
2445				ctl_port_offline(port);
2446				mtx_lock(&softc->ctl_lock);
2447			} else if (cmd == CTL_SET_PORT_WWNS) {
2448				ctl_port_set_wwns(port,
2449				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2450				    1 : 0, entry->wwnn,
2451				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2452				    1 : 0, entry->wwpn);
2453			}
2454			if (done != 0)
2455				break;
2456		}
2457		mtx_unlock(&softc->ctl_lock);
2458		break;
2459	}
2460	case CTL_GET_PORT_LIST: {
2461		struct ctl_port *port;
2462		struct ctl_port_list *list;
2463		int i;
2464
2465		list = (struct ctl_port_list *)addr;
2466
2467		if (list->alloc_len != (list->alloc_num *
2468		    sizeof(struct ctl_port_entry))) {
2469			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2470			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2471			       "%zu\n", __func__, list->alloc_len,
2472			       list->alloc_num, sizeof(struct ctl_port_entry));
2473			retval = EINVAL;
2474			break;
2475		}
2476		list->fill_len = 0;
2477		list->fill_num = 0;
2478		list->dropped_num = 0;
2479		i = 0;
2480		mtx_lock(&softc->ctl_lock);
2481		STAILQ_FOREACH(port, &softc->port_list, links) {
2482			struct ctl_port_entry entry, *list_entry;
2483
2484			if (list->fill_num >= list->alloc_num) {
2485				list->dropped_num++;
2486				continue;
2487			}
2488
2489			entry.port_type = port->port_type;
2490			strlcpy(entry.port_name, port->port_name,
2491				sizeof(entry.port_name));
2492			entry.targ_port = port->targ_port;
2493			entry.physical_port = port->physical_port;
2494			entry.virtual_port = port->virtual_port;
2495			entry.wwnn = port->wwnn;
2496			entry.wwpn = port->wwpn;
2497			if (port->status & CTL_PORT_STATUS_ONLINE)
2498				entry.online = 1;
2499			else
2500				entry.online = 0;
2501
2502			list_entry = &list->entries[i];
2503
2504			retval = copyout(&entry, list_entry, sizeof(entry));
2505			if (retval != 0) {
2506				printf("%s: CTL_GET_PORT_LIST: copyout "
2507				       "returned %d\n", __func__, retval);
2508				break;
2509			}
2510			i++;
2511			list->fill_num++;
2512			list->fill_len += sizeof(entry);
2513		}
2514		mtx_unlock(&softc->ctl_lock);
2515
2516		/*
2517		 * If this is non-zero, we had a copyout fault, so there's
2518		 * probably no point in attempting to set the status inside
2519		 * the structure.
2520		 */
2521		if (retval != 0)
2522			break;
2523
2524		if (list->dropped_num > 0)
2525			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2526		else
2527			list->status = CTL_PORT_LIST_OK;
2528		break;
2529	}
2530	case CTL_DUMP_OOA: {
2531		union ctl_io *io;
2532		char printbuf[128];
2533		struct sbuf sb;
2534
2535		mtx_lock(&softc->ctl_lock);
2536		printf("Dumping OOA queues:\n");
2537		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2538			mtx_lock(&lun->lun_lock);
2539			for (io = (union ctl_io *)TAILQ_FIRST(
2540			     &lun->ooa_queue); io != NULL;
2541			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2542			     ooa_links)) {
2543				sbuf_new(&sb, printbuf, sizeof(printbuf),
2544					 SBUF_FIXEDLEN);
2545				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2546					    (intmax_t)lun->lun,
2547					    io->scsiio.tag_num,
2548					    (io->io_hdr.flags &
2549					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2550					    (io->io_hdr.flags &
2551					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2552					    (io->io_hdr.flags &
2553					    CTL_FLAG_ABORT) ? " ABORT" : "",
2554			                    (io->io_hdr.flags &
2555		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2556				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2557				sbuf_finish(&sb);
2558				printf("%s\n", sbuf_data(&sb));
2559			}
2560			mtx_unlock(&lun->lun_lock);
2561		}
2562		printf("OOA queues dump done\n");
2563		mtx_unlock(&softc->ctl_lock);
2564		break;
2565	}
2566	case CTL_GET_OOA: {
2567		struct ctl_ooa *ooa_hdr;
2568		struct ctl_ooa_entry *entries;
2569		uint32_t cur_fill_num;
2570
2571		ooa_hdr = (struct ctl_ooa *)addr;
2572
2573		if ((ooa_hdr->alloc_len == 0)
2574		 || (ooa_hdr->alloc_num == 0)) {
2575			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2576			       "must be non-zero\n", __func__,
2577			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2578			retval = EINVAL;
2579			break;
2580		}
2581
2582		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2583		    sizeof(struct ctl_ooa_entry))) {
2584			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2585			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2586			       __func__, ooa_hdr->alloc_len,
2587			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2588			retval = EINVAL;
2589			break;
2590		}
2591
2592		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2593		if (entries == NULL) {
2594			printf("%s: could not allocate %d bytes for OOA "
2595			       "dump\n", __func__, ooa_hdr->alloc_len);
2596			retval = ENOMEM;
2597			break;
2598		}
2599
2600		mtx_lock(&softc->ctl_lock);
2601		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2602		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2603		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2604			mtx_unlock(&softc->ctl_lock);
2605			free(entries, M_CTL);
2606			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2607			       __func__, (uintmax_t)ooa_hdr->lun_num);
2608			retval = EINVAL;
2609			break;
2610		}
2611
2612		cur_fill_num = 0;
2613
2614		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2615			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2616				retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2617					ooa_hdr, entries);
2618				if (retval != 0)
2619					break;
2620			}
2621			if (retval != 0) {
2622				mtx_unlock(&softc->ctl_lock);
2623				free(entries, M_CTL);
2624				break;
2625			}
2626		} else {
2627			lun = softc->ctl_luns[ooa_hdr->lun_num];
2628
2629			retval = ctl_ioctl_fill_ooa(lun, &cur_fill_num,ooa_hdr,
2630						    entries);
2631		}
2632		mtx_unlock(&softc->ctl_lock);
2633
2634		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2635		ooa_hdr->fill_len = ooa_hdr->fill_num *
2636			sizeof(struct ctl_ooa_entry);
2637		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2638		if (retval != 0) {
2639			printf("%s: error copying out %d bytes for OOA dump\n",
2640			       __func__, ooa_hdr->fill_len);
2641		}
2642
2643		getbintime(&ooa_hdr->cur_bt);
2644
2645		if (cur_fill_num > ooa_hdr->alloc_num) {
2646			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2647			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2648		} else {
2649			ooa_hdr->dropped_num = 0;
2650			ooa_hdr->status = CTL_OOA_OK;
2651		}
2652
2653		free(entries, M_CTL);
2654		break;
2655	}
2656	case CTL_CHECK_OOA: {
2657		union ctl_io *io;
2658		struct ctl_ooa_info *ooa_info;
2659
2660
2661		ooa_info = (struct ctl_ooa_info *)addr;
2662
2663		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2664			ooa_info->status = CTL_OOA_INVALID_LUN;
2665			break;
2666		}
2667		mtx_lock(&softc->ctl_lock);
2668		lun = softc->ctl_luns[ooa_info->lun_id];
2669		if (lun == NULL) {
2670			mtx_unlock(&softc->ctl_lock);
2671			ooa_info->status = CTL_OOA_INVALID_LUN;
2672			break;
2673		}
2674		mtx_lock(&lun->lun_lock);
2675		mtx_unlock(&softc->ctl_lock);
2676		ooa_info->num_entries = 0;
2677		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2678		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2679		     &io->io_hdr, ooa_links)) {
2680			ooa_info->num_entries++;
2681		}
2682		mtx_unlock(&lun->lun_lock);
2683
2684		ooa_info->status = CTL_OOA_SUCCESS;
2685
2686		break;
2687	}
2688	case CTL_DELAY_IO: {
2689		struct ctl_io_delay_info *delay_info;
2690
2691		delay_info = (struct ctl_io_delay_info *)addr;
2692
2693#ifdef CTL_IO_DELAY
2694		mtx_lock(&softc->ctl_lock);
2695
2696		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2697		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2698			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2699		} else {
2700			lun = softc->ctl_luns[delay_info->lun_id];
2701			mtx_lock(&lun->lun_lock);
2702
2703			delay_info->status = CTL_DELAY_STATUS_OK;
2704
2705			switch (delay_info->delay_type) {
2706			case CTL_DELAY_TYPE_CONT:
2707				break;
2708			case CTL_DELAY_TYPE_ONESHOT:
2709				break;
2710			default:
2711				delay_info->status =
2712					CTL_DELAY_STATUS_INVALID_TYPE;
2713				break;
2714			}
2715
2716			switch (delay_info->delay_loc) {
2717			case CTL_DELAY_LOC_DATAMOVE:
2718				lun->delay_info.datamove_type =
2719					delay_info->delay_type;
2720				lun->delay_info.datamove_delay =
2721					delay_info->delay_secs;
2722				break;
2723			case CTL_DELAY_LOC_DONE:
2724				lun->delay_info.done_type =
2725					delay_info->delay_type;
2726				lun->delay_info.done_delay =
2727					delay_info->delay_secs;
2728				break;
2729			default:
2730				delay_info->status =
2731					CTL_DELAY_STATUS_INVALID_LOC;
2732				break;
2733			}
2734			mtx_unlock(&lun->lun_lock);
2735		}
2736
2737		mtx_unlock(&softc->ctl_lock);
2738#else
2739		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2740#endif /* CTL_IO_DELAY */
2741		break;
2742	}
2743	case CTL_REALSYNC_SET: {
2744		int *syncstate;
2745
2746		syncstate = (int *)addr;
2747
2748		mtx_lock(&softc->ctl_lock);
2749		switch (*syncstate) {
2750		case 0:
2751			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2752			break;
2753		case 1:
2754			softc->flags |= CTL_FLAG_REAL_SYNC;
2755			break;
2756		default:
2757			retval = EINVAL;
2758			break;
2759		}
2760		mtx_unlock(&softc->ctl_lock);
2761		break;
2762	}
2763	case CTL_REALSYNC_GET: {
2764		int *syncstate;
2765
2766		syncstate = (int*)addr;
2767
2768		mtx_lock(&softc->ctl_lock);
2769		if (softc->flags & CTL_FLAG_REAL_SYNC)
2770			*syncstate = 1;
2771		else
2772			*syncstate = 0;
2773		mtx_unlock(&softc->ctl_lock);
2774
2775		break;
2776	}
2777	case CTL_SETSYNC:
2778	case CTL_GETSYNC: {
2779		struct ctl_sync_info *sync_info;
2780
2781		sync_info = (struct ctl_sync_info *)addr;
2782
2783		mtx_lock(&softc->ctl_lock);
2784		lun = softc->ctl_luns[sync_info->lun_id];
2785		if (lun == NULL) {
2786			mtx_unlock(&softc->ctl_lock);
2787			sync_info->status = CTL_GS_SYNC_NO_LUN;
2788			break;
2789		}
2790		/*
2791		 * Get or set the sync interval.  We're not bounds checking
2792		 * in the set case, hopefully the user won't do something
2793		 * silly.
2794		 */
2795		mtx_lock(&lun->lun_lock);
2796		mtx_unlock(&softc->ctl_lock);
2797		if (cmd == CTL_GETSYNC)
2798			sync_info->sync_interval = lun->sync_interval;
2799		else
2800			lun->sync_interval = sync_info->sync_interval;
2801		mtx_unlock(&lun->lun_lock);
2802
2803		sync_info->status = CTL_GS_SYNC_OK;
2804
2805		break;
2806	}
2807	case CTL_GETSTATS: {
2808		struct ctl_stats *stats;
2809		int i;
2810
2811		stats = (struct ctl_stats *)addr;
2812
2813		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2814		     stats->alloc_len) {
2815			stats->status = CTL_SS_NEED_MORE_SPACE;
2816			stats->num_luns = softc->num_luns;
2817			break;
2818		}
2819		/*
2820		 * XXX KDM no locking here.  If the LUN list changes,
2821		 * things can blow up.
2822		 */
2823		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2824		     i++, lun = STAILQ_NEXT(lun, links)) {
2825			retval = copyout(&lun->stats, &stats->lun_stats[i],
2826					 sizeof(lun->stats));
2827			if (retval != 0)
2828				break;
2829		}
2830		stats->num_luns = softc->num_luns;
2831		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2832				 softc->num_luns;
2833		stats->status = CTL_SS_OK;
2834#ifdef CTL_TIME_IO
2835		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2836#else
2837		stats->flags = CTL_STATS_FLAG_NONE;
2838#endif
2839		getnanouptime(&stats->timestamp);
2840		break;
2841	}
2842	case CTL_ERROR_INJECT: {
2843		struct ctl_error_desc *err_desc, *new_err_desc;
2844
2845		err_desc = (struct ctl_error_desc *)addr;
2846
2847		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2848				      M_WAITOK | M_ZERO);
2849		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2850
2851		mtx_lock(&softc->ctl_lock);
2852		lun = softc->ctl_luns[err_desc->lun_id];
2853		if (lun == NULL) {
2854			mtx_unlock(&softc->ctl_lock);
2855			free(new_err_desc, M_CTL);
2856			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2857			       __func__, (uintmax_t)err_desc->lun_id);
2858			retval = EINVAL;
2859			break;
2860		}
2861		mtx_lock(&lun->lun_lock);
2862		mtx_unlock(&softc->ctl_lock);
2863
2864		/*
2865		 * We could do some checking here to verify the validity
2866		 * of the request, but given the complexity of error
2867		 * injection requests, the checking logic would be fairly
2868		 * complex.
2869		 *
2870		 * For now, if the request is invalid, it just won't get
2871		 * executed and might get deleted.
2872		 */
2873		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2874
2875		/*
2876		 * XXX KDM check to make sure the serial number is unique,
2877		 * in case we somehow manage to wrap.  That shouldn't
2878		 * happen for a very long time, but it's the right thing to
2879		 * do.
2880		 */
2881		new_err_desc->serial = lun->error_serial;
2882		err_desc->serial = lun->error_serial;
2883		lun->error_serial++;
2884
2885		mtx_unlock(&lun->lun_lock);
2886		break;
2887	}
2888	case CTL_ERROR_INJECT_DELETE: {
2889		struct ctl_error_desc *delete_desc, *desc, *desc2;
2890		int delete_done;
2891
2892		delete_desc = (struct ctl_error_desc *)addr;
2893		delete_done = 0;
2894
2895		mtx_lock(&softc->ctl_lock);
2896		lun = softc->ctl_luns[delete_desc->lun_id];
2897		if (lun == NULL) {
2898			mtx_unlock(&softc->ctl_lock);
2899			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
2900			       __func__, (uintmax_t)delete_desc->lun_id);
2901			retval = EINVAL;
2902			break;
2903		}
2904		mtx_lock(&lun->lun_lock);
2905		mtx_unlock(&softc->ctl_lock);
2906		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
2907			if (desc->serial != delete_desc->serial)
2908				continue;
2909
2910			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
2911				      links);
2912			free(desc, M_CTL);
2913			delete_done = 1;
2914		}
2915		mtx_unlock(&lun->lun_lock);
2916		if (delete_done == 0) {
2917			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
2918			       "error serial %ju on LUN %u\n", __func__,
2919			       delete_desc->serial, delete_desc->lun_id);
2920			retval = EINVAL;
2921			break;
2922		}
2923		break;
2924	}
2925	case CTL_DUMP_STRUCTS: {
2926		int i, j, k;
2927		struct ctl_port *port;
2928		struct ctl_frontend *fe;
2929
2930		mtx_lock(&softc->ctl_lock);
2931		printf("CTL Persistent Reservation information start:\n");
2932		for (i = 0; i < CTL_MAX_LUNS; i++) {
2933			lun = softc->ctl_luns[i];
2934
2935			if ((lun == NULL)
2936			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
2937				continue;
2938
2939			for (j = 0; j < CTL_MAX_PORTS; j++) {
2940				if (lun->pr_keys[j] == NULL)
2941					continue;
2942				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
2943					if (lun->pr_keys[j][k] == 0)
2944						continue;
2945					printf("  LUN %d port %d iid %d key "
2946					       "%#jx\n", i, j, k,
2947					       (uintmax_t)lun->pr_keys[j][k]);
2948				}
2949			}
2950		}
2951		printf("CTL Persistent Reservation information end\n");
2952		printf("CTL Ports:\n");
2953		STAILQ_FOREACH(port, &softc->port_list, links) {
2954			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
2955			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
2956			       port->frontend->name, port->port_type,
2957			       port->physical_port, port->virtual_port,
2958			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
2959			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
2960				if (port->wwpn_iid[j].in_use == 0 &&
2961				    port->wwpn_iid[j].wwpn == 0 &&
2962				    port->wwpn_iid[j].name == NULL)
2963					continue;
2964
2965				printf("    iid %u use %d WWPN %#jx '%s'\n",
2966				    j, port->wwpn_iid[j].in_use,
2967				    (uintmax_t)port->wwpn_iid[j].wwpn,
2968				    port->wwpn_iid[j].name);
2969			}
2970		}
2971		printf("CTL Port information end\n");
2972		mtx_unlock(&softc->ctl_lock);
2973		/*
2974		 * XXX KDM calling this without a lock.  We'd likely want
2975		 * to drop the lock before calling the frontend's dump
2976		 * routine anyway.
2977		 */
2978		printf("CTL Frontends:\n");
2979		STAILQ_FOREACH(fe, &softc->fe_list, links) {
2980			printf("  Frontend '%s'\n", fe->name);
2981			if (fe->fe_dump != NULL)
2982				fe->fe_dump();
2983		}
2984		printf("CTL Frontend information end\n");
2985		break;
2986	}
2987	case CTL_LUN_REQ: {
2988		struct ctl_lun_req *lun_req;
2989		struct ctl_backend_driver *backend;
2990
2991		lun_req = (struct ctl_lun_req *)addr;
2992
2993		backend = ctl_backend_find(lun_req->backend);
2994		if (backend == NULL) {
2995			lun_req->status = CTL_LUN_ERROR;
2996			snprintf(lun_req->error_str,
2997				 sizeof(lun_req->error_str),
2998				 "Backend \"%s\" not found.",
2999				 lun_req->backend);
3000			break;
3001		}
3002		if (lun_req->num_be_args > 0) {
3003			lun_req->kern_be_args = ctl_copyin_args(
3004				lun_req->num_be_args,
3005				lun_req->be_args,
3006				lun_req->error_str,
3007				sizeof(lun_req->error_str));
3008			if (lun_req->kern_be_args == NULL) {
3009				lun_req->status = CTL_LUN_ERROR;
3010				break;
3011			}
3012		}
3013
3014		retval = backend->ioctl(dev, cmd, addr, flag, td);
3015
3016		if (lun_req->num_be_args > 0) {
3017			ctl_copyout_args(lun_req->num_be_args,
3018				      lun_req->kern_be_args);
3019			ctl_free_args(lun_req->num_be_args,
3020				      lun_req->kern_be_args);
3021		}
3022		break;
3023	}
3024	case CTL_LUN_LIST: {
3025		struct sbuf *sb;
3026		struct ctl_lun_list *list;
3027		struct ctl_option *opt;
3028
3029		list = (struct ctl_lun_list *)addr;
3030
3031		/*
3032		 * Allocate a fixed length sbuf here, based on the length
3033		 * of the user's buffer.  We could allocate an auto-extending
3034		 * buffer, and then tell the user how much larger our
3035		 * amount of data is than his buffer, but that presents
3036		 * some problems:
3037		 *
3038		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3039		 *     we can't hold a lock while calling them with an
3040		 *     auto-extending buffer.
3041 		 *
3042		 * 2.  There is not currently a LUN reference counting
3043		 *     mechanism, outside of outstanding transactions on
3044		 *     the LUN's OOA queue.  So a LUN could go away on us
3045		 *     while we're getting the LUN number, backend-specific
3046		 *     information, etc.  Thus, given the way things
3047		 *     currently work, we need to hold the CTL lock while
3048		 *     grabbing LUN information.
3049		 *
3050		 * So, from the user's standpoint, the best thing to do is
3051		 * allocate what he thinks is a reasonable buffer length,
3052		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3053		 * double the buffer length and try again.  (And repeat
3054		 * that until he succeeds.)
3055		 */
3056		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3057		if (sb == NULL) {
3058			list->status = CTL_LUN_LIST_ERROR;
3059			snprintf(list->error_str, sizeof(list->error_str),
3060				 "Unable to allocate %d bytes for LUN list",
3061				 list->alloc_len);
3062			break;
3063		}
3064
3065		sbuf_printf(sb, "<ctllunlist>\n");
3066
3067		mtx_lock(&softc->ctl_lock);
3068		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3069			mtx_lock(&lun->lun_lock);
3070			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3071					     (uintmax_t)lun->lun);
3072
3073			/*
3074			 * Bail out as soon as we see that we've overfilled
3075			 * the buffer.
3076			 */
3077			if (retval != 0)
3078				break;
3079
3080			retval = sbuf_printf(sb, "\t<backend_type>%s"
3081					     "</backend_type>\n",
3082					     (lun->backend == NULL) ?  "none" :
3083					     lun->backend->name);
3084
3085			if (retval != 0)
3086				break;
3087
3088			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3089					     lun->be_lun->lun_type);
3090
3091			if (retval != 0)
3092				break;
3093
3094			if (lun->backend == NULL) {
3095				retval = sbuf_printf(sb, "</lun>\n");
3096				if (retval != 0)
3097					break;
3098				continue;
3099			}
3100
3101			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3102					     (lun->be_lun->maxlba > 0) ?
3103					     lun->be_lun->maxlba + 1 : 0);
3104
3105			if (retval != 0)
3106				break;
3107
3108			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3109					     lun->be_lun->blocksize);
3110
3111			if (retval != 0)
3112				break;
3113
3114			retval = sbuf_printf(sb, "\t<serial_number>");
3115
3116			if (retval != 0)
3117				break;
3118
3119			retval = ctl_sbuf_printf_esc(sb,
3120			    lun->be_lun->serial_num,
3121			    sizeof(lun->be_lun->serial_num));
3122
3123			if (retval != 0)
3124				break;
3125
3126			retval = sbuf_printf(sb, "</serial_number>\n");
3127
3128			if (retval != 0)
3129				break;
3130
3131			retval = sbuf_printf(sb, "\t<device_id>");
3132
3133			if (retval != 0)
3134				break;
3135
3136			retval = ctl_sbuf_printf_esc(sb,
3137			    lun->be_lun->device_id,
3138			    sizeof(lun->be_lun->device_id));
3139
3140			if (retval != 0)
3141				break;
3142
3143			retval = sbuf_printf(sb, "</device_id>\n");
3144
3145			if (retval != 0)
3146				break;
3147
3148			if (lun->backend->lun_info != NULL) {
3149				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3150				if (retval != 0)
3151					break;
3152			}
3153			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3154				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3155				    opt->name, opt->value, opt->name);
3156				if (retval != 0)
3157					break;
3158			}
3159
3160			retval = sbuf_printf(sb, "</lun>\n");
3161
3162			if (retval != 0)
3163				break;
3164			mtx_unlock(&lun->lun_lock);
3165		}
3166		if (lun != NULL)
3167			mtx_unlock(&lun->lun_lock);
3168		mtx_unlock(&softc->ctl_lock);
3169
3170		if ((retval != 0)
3171		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3172			retval = 0;
3173			sbuf_delete(sb);
3174			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3175			snprintf(list->error_str, sizeof(list->error_str),
3176				 "Out of space, %d bytes is too small",
3177				 list->alloc_len);
3178			break;
3179		}
3180
3181		sbuf_finish(sb);
3182
3183		retval = copyout(sbuf_data(sb), list->lun_xml,
3184				 sbuf_len(sb) + 1);
3185
3186		list->fill_len = sbuf_len(sb) + 1;
3187		list->status = CTL_LUN_LIST_OK;
3188		sbuf_delete(sb);
3189		break;
3190	}
3191	case CTL_ISCSI: {
3192		struct ctl_iscsi *ci;
3193		struct ctl_frontend *fe;
3194
3195		ci = (struct ctl_iscsi *)addr;
3196
3197		fe = ctl_frontend_find("iscsi");
3198		if (fe == NULL) {
3199			ci->status = CTL_ISCSI_ERROR;
3200			snprintf(ci->error_str, sizeof(ci->error_str),
3201			    "Frontend \"iscsi\" not found.");
3202			break;
3203		}
3204
3205		retval = fe->ioctl(dev, cmd, addr, flag, td);
3206		break;
3207	}
3208	case CTL_PORT_REQ: {
3209		struct ctl_req *req;
3210		struct ctl_frontend *fe;
3211
3212		req = (struct ctl_req *)addr;
3213
3214		fe = ctl_frontend_find(req->driver);
3215		if (fe == NULL) {
3216			req->status = CTL_LUN_ERROR;
3217			snprintf(req->error_str, sizeof(req->error_str),
3218			    "Frontend \"%s\" not found.", req->driver);
3219			break;
3220		}
3221		if (req->num_args > 0) {
3222			req->kern_args = ctl_copyin_args(req->num_args,
3223			    req->args, req->error_str, sizeof(req->error_str));
3224			if (req->kern_args == NULL) {
3225				req->status = CTL_LUN_ERROR;
3226				break;
3227			}
3228		}
3229
3230		if (fe->ioctl)
3231			retval = fe->ioctl(dev, cmd, addr, flag, td);
3232		else
3233			retval = ENODEV;
3234
3235		if (req->num_args > 0) {
3236			ctl_copyout_args(req->num_args, req->kern_args);
3237			ctl_free_args(req->num_args, req->kern_args);
3238		}
3239		break;
3240	}
3241	case CTL_PORT_LIST: {
3242		struct sbuf *sb;
3243		struct ctl_port *port;
3244		struct ctl_lun_list *list;
3245		struct ctl_option *opt;
3246		int j;
3247		uint32_t plun;
3248
3249		list = (struct ctl_lun_list *)addr;
3250
3251		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3252		if (sb == NULL) {
3253			list->status = CTL_LUN_LIST_ERROR;
3254			snprintf(list->error_str, sizeof(list->error_str),
3255				 "Unable to allocate %d bytes for LUN list",
3256				 list->alloc_len);
3257			break;
3258		}
3259
3260		sbuf_printf(sb, "<ctlportlist>\n");
3261
3262		mtx_lock(&softc->ctl_lock);
3263		STAILQ_FOREACH(port, &softc->port_list, links) {
3264			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3265					     (uintmax_t)port->targ_port);
3266
3267			/*
3268			 * Bail out as soon as we see that we've overfilled
3269			 * the buffer.
3270			 */
3271			if (retval != 0)
3272				break;
3273
3274			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3275			    "</frontend_type>\n", port->frontend->name);
3276			if (retval != 0)
3277				break;
3278
3279			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3280					     port->port_type);
3281			if (retval != 0)
3282				break;
3283
3284			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3285			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3286			if (retval != 0)
3287				break;
3288
3289			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3290			    port->port_name);
3291			if (retval != 0)
3292				break;
3293
3294			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3295			    port->physical_port);
3296			if (retval != 0)
3297				break;
3298
3299			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3300			    port->virtual_port);
3301			if (retval != 0)
3302				break;
3303
3304			if (port->target_devid != NULL) {
3305				sbuf_printf(sb, "\t<target>");
3306				ctl_id_sbuf(port->target_devid, sb);
3307				sbuf_printf(sb, "</target>\n");
3308			}
3309
3310			if (port->port_devid != NULL) {
3311				sbuf_printf(sb, "\t<port>");
3312				ctl_id_sbuf(port->port_devid, sb);
3313				sbuf_printf(sb, "</port>\n");
3314			}
3315
3316			if (port->port_info != NULL) {
3317				retval = port->port_info(port->onoff_arg, sb);
3318				if (retval != 0)
3319					break;
3320			}
3321			STAILQ_FOREACH(opt, &port->options, links) {
3322				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3323				    opt->name, opt->value, opt->name);
3324				if (retval != 0)
3325					break;
3326			}
3327
3328			if (port->lun_map != NULL) {
3329				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3330				for (j = 0; j < CTL_MAX_LUNS; j++) {
3331					plun = ctl_lun_map_from_port(port, j);
3332					if (plun >= CTL_MAX_LUNS)
3333						continue;
3334					sbuf_printf(sb,
3335					    "\t<lun id=\"%u\">%u</lun>\n",
3336					    j, plun);
3337				}
3338			}
3339
3340			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3341				if (port->wwpn_iid[j].in_use == 0 ||
3342				    (port->wwpn_iid[j].wwpn == 0 &&
3343				     port->wwpn_iid[j].name == NULL))
3344					continue;
3345
3346				if (port->wwpn_iid[j].name != NULL)
3347					retval = sbuf_printf(sb,
3348					    "\t<initiator id=\"%u\">%s</initiator>\n",
3349					    j, port->wwpn_iid[j].name);
3350				else
3351					retval = sbuf_printf(sb,
3352					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3353					    j, port->wwpn_iid[j].wwpn);
3354				if (retval != 0)
3355					break;
3356			}
3357			if (retval != 0)
3358				break;
3359
3360			retval = sbuf_printf(sb, "</targ_port>\n");
3361			if (retval != 0)
3362				break;
3363		}
3364		mtx_unlock(&softc->ctl_lock);
3365
3366		if ((retval != 0)
3367		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3368			retval = 0;
3369			sbuf_delete(sb);
3370			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3371			snprintf(list->error_str, sizeof(list->error_str),
3372				 "Out of space, %d bytes is too small",
3373				 list->alloc_len);
3374			break;
3375		}
3376
3377		sbuf_finish(sb);
3378
3379		retval = copyout(sbuf_data(sb), list->lun_xml,
3380				 sbuf_len(sb) + 1);
3381
3382		list->fill_len = sbuf_len(sb) + 1;
3383		list->status = CTL_LUN_LIST_OK;
3384		sbuf_delete(sb);
3385		break;
3386	}
3387	case CTL_LUN_MAP: {
3388		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3389		struct ctl_port *port;
3390
3391		mtx_lock(&softc->ctl_lock);
3392		if (lm->port < softc->port_min ||
3393		    lm->port >= softc->port_max ||
3394		    (port = softc->ctl_ports[lm->port]) == NULL) {
3395			mtx_unlock(&softc->ctl_lock);
3396			return (ENXIO);
3397		}
3398		if (port->status & CTL_PORT_STATUS_ONLINE) {
3399			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3400				if (ctl_lun_map_to_port(port, lun->lun) >=
3401				    CTL_MAX_LUNS)
3402					continue;
3403				mtx_lock(&lun->lun_lock);
3404				ctl_est_ua_port(lun, lm->port, -1,
3405				    CTL_UA_LUN_CHANGE);
3406				mtx_unlock(&lun->lun_lock);
3407			}
3408		}
3409		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3410		if (lm->plun < CTL_MAX_LUNS) {
3411			if (lm->lun == UINT32_MAX)
3412				retval = ctl_lun_map_unset(port, lm->plun);
3413			else if (lm->lun < CTL_MAX_LUNS &&
3414			    softc->ctl_luns[lm->lun] != NULL)
3415				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3416			else
3417				return (ENXIO);
3418		} else if (lm->plun == UINT32_MAX) {
3419			if (lm->lun == UINT32_MAX)
3420				retval = ctl_lun_map_deinit(port);
3421			else
3422				retval = ctl_lun_map_init(port);
3423		} else
3424			return (ENXIO);
3425		if (port->status & CTL_PORT_STATUS_ONLINE)
3426			ctl_isc_announce_port(port);
3427		break;
3428	}
3429	default: {
3430		/* XXX KDM should we fix this? */
3431#if 0
3432		struct ctl_backend_driver *backend;
3433		unsigned int type;
3434		int found;
3435
3436		found = 0;
3437
3438		/*
3439		 * We encode the backend type as the ioctl type for backend
3440		 * ioctls.  So parse it out here, and then search for a
3441		 * backend of this type.
3442		 */
3443		type = _IOC_TYPE(cmd);
3444
3445		STAILQ_FOREACH(backend, &softc->be_list, links) {
3446			if (backend->type == type) {
3447				found = 1;
3448				break;
3449			}
3450		}
3451		if (found == 0) {
3452			printf("ctl: unknown ioctl command %#lx or backend "
3453			       "%d\n", cmd, type);
3454			retval = EINVAL;
3455			break;
3456		}
3457		retval = backend->ioctl(dev, cmd, addr, flag, td);
3458#endif
3459		retval = ENOTTY;
3460		break;
3461	}
3462	}
3463	return (retval);
3464}
3465
3466uint32_t
3467ctl_get_initindex(struct ctl_nexus *nexus)
3468{
3469	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3470}
3471
3472int
3473ctl_lun_map_init(struct ctl_port *port)
3474{
3475	struct ctl_softc *softc = port->ctl_softc;
3476	struct ctl_lun *lun;
3477	uint32_t i;
3478
3479	if (port->lun_map == NULL)
3480		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3481		    M_CTL, M_NOWAIT);
3482	if (port->lun_map == NULL)
3483		return (ENOMEM);
3484	for (i = 0; i < CTL_MAX_LUNS; i++)
3485		port->lun_map[i] = UINT32_MAX;
3486	if (port->status & CTL_PORT_STATUS_ONLINE) {
3487		if (port->lun_disable != NULL) {
3488			STAILQ_FOREACH(lun, &softc->lun_list, links)
3489				port->lun_disable(port->targ_lun_arg, lun->lun);
3490		}
3491		ctl_isc_announce_port(port);
3492	}
3493	return (0);
3494}
3495
3496int
3497ctl_lun_map_deinit(struct ctl_port *port)
3498{
3499	struct ctl_softc *softc = port->ctl_softc;
3500	struct ctl_lun *lun;
3501
3502	if (port->lun_map == NULL)
3503		return (0);
3504	free(port->lun_map, M_CTL);
3505	port->lun_map = NULL;
3506	if (port->status & CTL_PORT_STATUS_ONLINE) {
3507		if (port->lun_enable != NULL) {
3508			STAILQ_FOREACH(lun, &softc->lun_list, links)
3509				port->lun_enable(port->targ_lun_arg, lun->lun);
3510		}
3511		ctl_isc_announce_port(port);
3512	}
3513	return (0);
3514}
3515
3516int
3517ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3518{
3519	int status;
3520	uint32_t old;
3521
3522	if (port->lun_map == NULL) {
3523		status = ctl_lun_map_init(port);
3524		if (status != 0)
3525			return (status);
3526	}
3527	old = port->lun_map[plun];
3528	port->lun_map[plun] = glun;
3529	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3530		if (port->lun_enable != NULL)
3531			port->lun_enable(port->targ_lun_arg, plun);
3532		ctl_isc_announce_port(port);
3533	}
3534	return (0);
3535}
3536
3537int
3538ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3539{
3540	uint32_t old;
3541
3542	if (port->lun_map == NULL)
3543		return (0);
3544	old = port->lun_map[plun];
3545	port->lun_map[plun] = UINT32_MAX;
3546	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3547		if (port->lun_disable != NULL)
3548			port->lun_disable(port->targ_lun_arg, plun);
3549		ctl_isc_announce_port(port);
3550	}
3551	return (0);
3552}
3553
3554uint32_t
3555ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3556{
3557
3558	if (port == NULL)
3559		return (UINT32_MAX);
3560	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3561		return (lun_id);
3562	return (port->lun_map[lun_id]);
3563}
3564
3565uint32_t
3566ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3567{
3568	uint32_t i;
3569
3570	if (port == NULL)
3571		return (UINT32_MAX);
3572	if (port->lun_map == NULL)
3573		return (lun_id);
3574	for (i = 0; i < CTL_MAX_LUNS; i++) {
3575		if (port->lun_map[i] == lun_id)
3576			return (i);
3577	}
3578	return (UINT32_MAX);
3579}
3580
3581static struct ctl_port *
3582ctl_io_port(struct ctl_io_hdr *io_hdr)
3583{
3584
3585	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3586}
3587
3588int
3589ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3590{
3591	int i;
3592
3593	for (i = first; i < last; i++) {
3594		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3595			return (i);
3596	}
3597	return (-1);
3598}
3599
3600int
3601ctl_set_mask(uint32_t *mask, uint32_t bit)
3602{
3603	uint32_t chunk, piece;
3604
3605	chunk = bit >> 5;
3606	piece = bit % (sizeof(uint32_t) * 8);
3607
3608	if ((mask[chunk] & (1 << piece)) != 0)
3609		return (-1);
3610	else
3611		mask[chunk] |= (1 << piece);
3612
3613	return (0);
3614}
3615
3616int
3617ctl_clear_mask(uint32_t *mask, uint32_t bit)
3618{
3619	uint32_t chunk, piece;
3620
3621	chunk = bit >> 5;
3622	piece = bit % (sizeof(uint32_t) * 8);
3623
3624	if ((mask[chunk] & (1 << piece)) == 0)
3625		return (-1);
3626	else
3627		mask[chunk] &= ~(1 << piece);
3628
3629	return (0);
3630}
3631
3632int
3633ctl_is_set(uint32_t *mask, uint32_t bit)
3634{
3635	uint32_t chunk, piece;
3636
3637	chunk = bit >> 5;
3638	piece = bit % (sizeof(uint32_t) * 8);
3639
3640	if ((mask[chunk] & (1 << piece)) == 0)
3641		return (0);
3642	else
3643		return (1);
3644}
3645
3646static uint64_t
3647ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3648{
3649	uint64_t *t;
3650
3651	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3652	if (t == NULL)
3653		return (0);
3654	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3655}
3656
3657static void
3658ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3659{
3660	uint64_t *t;
3661
3662	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3663	if (t == NULL)
3664		return;
3665	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3666}
3667
3668static void
3669ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3670{
3671	uint64_t *p;
3672	u_int i;
3673
3674	i = residx/CTL_MAX_INIT_PER_PORT;
3675	if (lun->pr_keys[i] != NULL)
3676		return;
3677	mtx_unlock(&lun->lun_lock);
3678	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3679	    M_WAITOK | M_ZERO);
3680	mtx_lock(&lun->lun_lock);
3681	if (lun->pr_keys[i] == NULL)
3682		lun->pr_keys[i] = p;
3683	else
3684		free(p, M_CTL);
3685}
3686
3687static void
3688ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3689{
3690	uint64_t *t;
3691
3692	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3693	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3694	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3695}
3696
3697/*
3698 * ctl_softc, pool_name, total_ctl_io are passed in.
3699 * npool is passed out.
3700 */
3701int
3702ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3703		uint32_t total_ctl_io, void **npool)
3704{
3705#ifdef IO_POOLS
3706	struct ctl_io_pool *pool;
3707
3708	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3709					    M_NOWAIT | M_ZERO);
3710	if (pool == NULL)
3711		return (ENOMEM);
3712
3713	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3714	pool->ctl_softc = ctl_softc;
3715	pool->zone = uma_zsecond_create(pool->name, NULL,
3716	    NULL, NULL, NULL, ctl_softc->io_zone);
3717	/* uma_prealloc(pool->zone, total_ctl_io); */
3718
3719	*npool = pool;
3720#else
3721	*npool = ctl_softc->io_zone;
3722#endif
3723	return (0);
3724}
3725
3726void
3727ctl_pool_free(struct ctl_io_pool *pool)
3728{
3729
3730	if (pool == NULL)
3731		return;
3732
3733#ifdef IO_POOLS
3734	uma_zdestroy(pool->zone);
3735	free(pool, M_CTL);
3736#endif
3737}
3738
3739union ctl_io *
3740ctl_alloc_io(void *pool_ref)
3741{
3742	union ctl_io *io;
3743#ifdef IO_POOLS
3744	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3745
3746	io = uma_zalloc(pool->zone, M_WAITOK);
3747#else
3748	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3749#endif
3750	if (io != NULL)
3751		io->io_hdr.pool = pool_ref;
3752	return (io);
3753}
3754
3755union ctl_io *
3756ctl_alloc_io_nowait(void *pool_ref)
3757{
3758	union ctl_io *io;
3759#ifdef IO_POOLS
3760	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3761
3762	io = uma_zalloc(pool->zone, M_NOWAIT);
3763#else
3764	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3765#endif
3766	if (io != NULL)
3767		io->io_hdr.pool = pool_ref;
3768	return (io);
3769}
3770
3771void
3772ctl_free_io(union ctl_io *io)
3773{
3774#ifdef IO_POOLS
3775	struct ctl_io_pool *pool;
3776#endif
3777
3778	if (io == NULL)
3779		return;
3780
3781#ifdef IO_POOLS
3782	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3783	uma_zfree(pool->zone, io);
3784#else
3785	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3786#endif
3787}
3788
3789void
3790ctl_zero_io(union ctl_io *io)
3791{
3792	void *pool_ref;
3793
3794	if (io == NULL)
3795		return;
3796
3797	/*
3798	 * May need to preserve linked list pointers at some point too.
3799	 */
3800	pool_ref = io->io_hdr.pool;
3801	memset(io, 0, sizeof(*io));
3802	io->io_hdr.pool = pool_ref;
3803}
3804
3805/*
3806 * This routine is currently used for internal copies of ctl_ios that need
3807 * to persist for some reason after we've already returned status to the
3808 * FETD.  (Thus the flag set.)
3809 *
3810 * XXX XXX
3811 * Note that this makes a blind copy of all fields in the ctl_io, except
3812 * for the pool reference.  This includes any memory that has been
3813 * allocated!  That memory will no longer be valid after done has been
3814 * called, so this would be VERY DANGEROUS for command that actually does
3815 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3816 * start and stop commands, which don't transfer any data, so this is not a
3817 * problem.  If it is used for anything else, the caller would also need to
3818 * allocate data buffer space and this routine would need to be modified to
3819 * copy the data buffer(s) as well.
3820 */
3821void
3822ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3823{
3824	void *pool_ref;
3825
3826	if ((src == NULL)
3827	 || (dest == NULL))
3828		return;
3829
3830	/*
3831	 * May need to preserve linked list pointers at some point too.
3832	 */
3833	pool_ref = dest->io_hdr.pool;
3834
3835	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3836
3837	dest->io_hdr.pool = pool_ref;
3838	/*
3839	 * We need to know that this is an internal copy, and doesn't need
3840	 * to get passed back to the FETD that allocated it.
3841	 */
3842	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3843}
3844
3845int
3846ctl_expand_number(const char *buf, uint64_t *num)
3847{
3848	char *endptr;
3849	uint64_t number;
3850	unsigned shift;
3851
3852	number = strtoq(buf, &endptr, 0);
3853
3854	switch (tolower((unsigned char)*endptr)) {
3855	case 'e':
3856		shift = 60;
3857		break;
3858	case 'p':
3859		shift = 50;
3860		break;
3861	case 't':
3862		shift = 40;
3863		break;
3864	case 'g':
3865		shift = 30;
3866		break;
3867	case 'm':
3868		shift = 20;
3869		break;
3870	case 'k':
3871		shift = 10;
3872		break;
3873	case 'b':
3874	case '\0': /* No unit. */
3875		*num = number;
3876		return (0);
3877	default:
3878		/* Unrecognized unit. */
3879		return (-1);
3880	}
3881
3882	if ((number << shift) >> shift != number) {
3883		/* Overflow */
3884		return (-1);
3885	}
3886	*num = number << shift;
3887	return (0);
3888}
3889
3890
3891/*
3892 * This routine could be used in the future to load default and/or saved
3893 * mode page parameters for a particuar lun.
3894 */
3895static int
3896ctl_init_page_index(struct ctl_lun *lun)
3897{
3898	int i;
3899	struct ctl_page_index *page_index;
3900	const char *value;
3901	uint64_t ival;
3902
3903	memcpy(&lun->mode_pages.index, page_index_template,
3904	       sizeof(page_index_template));
3905
3906	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
3907
3908		page_index = &lun->mode_pages.index[i];
3909		/*
3910		 * If this is a disk-only mode page, there's no point in
3911		 * setting it up.  For some pages, we have to have some
3912		 * basic information about the disk in order to calculate the
3913		 * mode page data.
3914		 */
3915		if ((lun->be_lun->lun_type != T_DIRECT)
3916		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
3917			continue;
3918
3919		switch (page_index->page_code & SMPH_PC_MASK) {
3920		case SMS_RW_ERROR_RECOVERY_PAGE: {
3921			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3922				panic("subpage is incorrect!");
3923			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
3924			       &rw_er_page_default,
3925			       sizeof(rw_er_page_default));
3926			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
3927			       &rw_er_page_changeable,
3928			       sizeof(rw_er_page_changeable));
3929			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
3930			       &rw_er_page_default,
3931			       sizeof(rw_er_page_default));
3932			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
3933			       &rw_er_page_default,
3934			       sizeof(rw_er_page_default));
3935			page_index->page_data =
3936				(uint8_t *)lun->mode_pages.rw_er_page;
3937			break;
3938		}
3939		case SMS_FORMAT_DEVICE_PAGE: {
3940			struct scsi_format_page *format_page;
3941
3942			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3943				panic("subpage is incorrect!");
3944
3945			/*
3946			 * Sectors per track are set above.  Bytes per
3947			 * sector need to be set here on a per-LUN basis.
3948			 */
3949			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
3950			       &format_page_default,
3951			       sizeof(format_page_default));
3952			memcpy(&lun->mode_pages.format_page[
3953			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
3954			       sizeof(format_page_changeable));
3955			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
3956			       &format_page_default,
3957			       sizeof(format_page_default));
3958			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
3959			       &format_page_default,
3960			       sizeof(format_page_default));
3961
3962			format_page = &lun->mode_pages.format_page[
3963				CTL_PAGE_CURRENT];
3964			scsi_ulto2b(lun->be_lun->blocksize,
3965				    format_page->bytes_per_sector);
3966
3967			format_page = &lun->mode_pages.format_page[
3968				CTL_PAGE_DEFAULT];
3969			scsi_ulto2b(lun->be_lun->blocksize,
3970				    format_page->bytes_per_sector);
3971
3972			format_page = &lun->mode_pages.format_page[
3973				CTL_PAGE_SAVED];
3974			scsi_ulto2b(lun->be_lun->blocksize,
3975				    format_page->bytes_per_sector);
3976
3977			page_index->page_data =
3978				(uint8_t *)lun->mode_pages.format_page;
3979			break;
3980		}
3981		case SMS_RIGID_DISK_PAGE: {
3982			struct scsi_rigid_disk_page *rigid_disk_page;
3983			uint32_t sectors_per_cylinder;
3984			uint64_t cylinders;
3985#ifndef	__XSCALE__
3986			int shift;
3987#endif /* !__XSCALE__ */
3988
3989			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
3990				panic("invalid subpage value %d",
3991				      page_index->subpage);
3992
3993			/*
3994			 * Rotation rate and sectors per track are set
3995			 * above.  We calculate the cylinders here based on
3996			 * capacity.  Due to the number of heads and
3997			 * sectors per track we're using, smaller arrays
3998			 * may turn out to have 0 cylinders.  Linux and
3999			 * FreeBSD don't pay attention to these mode pages
4000			 * to figure out capacity, but Solaris does.  It
4001			 * seems to deal with 0 cylinders just fine, and
4002			 * works out a fake geometry based on the capacity.
4003			 */
4004			memcpy(&lun->mode_pages.rigid_disk_page[
4005			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4006			       sizeof(rigid_disk_page_default));
4007			memcpy(&lun->mode_pages.rigid_disk_page[
4008			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4009			       sizeof(rigid_disk_page_changeable));
4010
4011			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4012				CTL_DEFAULT_HEADS;
4013
4014			/*
4015			 * The divide method here will be more accurate,
4016			 * probably, but results in floating point being
4017			 * used in the kernel on i386 (__udivdi3()).  On the
4018			 * XScale, though, __udivdi3() is implemented in
4019			 * software.
4020			 *
4021			 * The shift method for cylinder calculation is
4022			 * accurate if sectors_per_cylinder is a power of
4023			 * 2.  Otherwise it might be slightly off -- you
4024			 * might have a bit of a truncation problem.
4025			 */
4026#ifdef	__XSCALE__
4027			cylinders = (lun->be_lun->maxlba + 1) /
4028				sectors_per_cylinder;
4029#else
4030			for (shift = 31; shift > 0; shift--) {
4031				if (sectors_per_cylinder & (1 << shift))
4032					break;
4033			}
4034			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4035#endif
4036
4037			/*
4038			 * We've basically got 3 bytes, or 24 bits for the
4039			 * cylinder size in the mode page.  If we're over,
4040			 * just round down to 2^24.
4041			 */
4042			if (cylinders > 0xffffff)
4043				cylinders = 0xffffff;
4044
4045			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4046				CTL_PAGE_DEFAULT];
4047			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4048
4049			if ((value = ctl_get_opt(&lun->be_lun->options,
4050			    "rpm")) != NULL) {
4051				scsi_ulto2b(strtol(value, NULL, 0),
4052				     rigid_disk_page->rotation_rate);
4053			}
4054
4055			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4056			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4057			       sizeof(rigid_disk_page_default));
4058			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4059			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4060			       sizeof(rigid_disk_page_default));
4061
4062			page_index->page_data =
4063				(uint8_t *)lun->mode_pages.rigid_disk_page;
4064			break;
4065		}
4066		case SMS_CACHING_PAGE: {
4067			struct scsi_caching_page *caching_page;
4068
4069			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4070				panic("invalid subpage value %d",
4071				      page_index->subpage);
4072			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4073			       &caching_page_default,
4074			       sizeof(caching_page_default));
4075			memcpy(&lun->mode_pages.caching_page[
4076			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4077			       sizeof(caching_page_changeable));
4078			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4079			       &caching_page_default,
4080			       sizeof(caching_page_default));
4081			caching_page = &lun->mode_pages.caching_page[
4082			    CTL_PAGE_SAVED];
4083			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4084			if (value != NULL && strcmp(value, "off") == 0)
4085				caching_page->flags1 &= ~SCP_WCE;
4086			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4087			if (value != NULL && strcmp(value, "off") == 0)
4088				caching_page->flags1 |= SCP_RCD;
4089			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4090			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4091			       sizeof(caching_page_default));
4092			page_index->page_data =
4093				(uint8_t *)lun->mode_pages.caching_page;
4094			break;
4095		}
4096		case SMS_CONTROL_MODE_PAGE: {
4097			switch (page_index->subpage) {
4098			case SMS_SUBPAGE_PAGE_0: {
4099				struct scsi_control_page *control_page;
4100
4101				memcpy(&lun->mode_pages.control_page[
4102				    CTL_PAGE_DEFAULT],
4103				       &control_page_default,
4104				       sizeof(control_page_default));
4105				memcpy(&lun->mode_pages.control_page[
4106				    CTL_PAGE_CHANGEABLE],
4107				       &control_page_changeable,
4108				       sizeof(control_page_changeable));
4109				memcpy(&lun->mode_pages.control_page[
4110				    CTL_PAGE_SAVED],
4111				       &control_page_default,
4112				       sizeof(control_page_default));
4113				control_page = &lun->mode_pages.control_page[
4114				    CTL_PAGE_SAVED];
4115				value = ctl_get_opt(&lun->be_lun->options,
4116				    "reordering");
4117				if (value != NULL &&
4118				    strcmp(value, "unrestricted") == 0) {
4119					control_page->queue_flags &=
4120					    ~SCP_QUEUE_ALG_MASK;
4121					control_page->queue_flags |=
4122					    SCP_QUEUE_ALG_UNRESTRICTED;
4123				}
4124				memcpy(&lun->mode_pages.control_page[
4125				    CTL_PAGE_CURRENT],
4126				       &lun->mode_pages.control_page[
4127				    CTL_PAGE_SAVED],
4128				       sizeof(control_page_default));
4129				page_index->page_data =
4130				    (uint8_t *)lun->mode_pages.control_page;
4131				break;
4132			}
4133			case 0x01:
4134				memcpy(&lun->mode_pages.control_ext_page[
4135				    CTL_PAGE_DEFAULT],
4136				       &control_ext_page_default,
4137				       sizeof(control_ext_page_default));
4138				memcpy(&lun->mode_pages.control_ext_page[
4139				    CTL_PAGE_CHANGEABLE],
4140				       &control_ext_page_changeable,
4141				       sizeof(control_ext_page_changeable));
4142				memcpy(&lun->mode_pages.control_ext_page[
4143				    CTL_PAGE_SAVED],
4144				       &control_ext_page_default,
4145				       sizeof(control_ext_page_default));
4146				memcpy(&lun->mode_pages.control_ext_page[
4147				    CTL_PAGE_CURRENT],
4148				       &lun->mode_pages.control_ext_page[
4149				    CTL_PAGE_SAVED],
4150				       sizeof(control_ext_page_default));
4151				page_index->page_data =
4152				    (uint8_t *)lun->mode_pages.control_ext_page;
4153				break;
4154			}
4155			break;
4156		}
4157		case SMS_INFO_EXCEPTIONS_PAGE: {
4158			switch (page_index->subpage) {
4159			case SMS_SUBPAGE_PAGE_0:
4160				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4161				       &ie_page_default,
4162				       sizeof(ie_page_default));
4163				memcpy(&lun->mode_pages.ie_page[
4164				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4165				       sizeof(ie_page_changeable));
4166				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4167				       &ie_page_default,
4168				       sizeof(ie_page_default));
4169				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4170				       &ie_page_default,
4171				       sizeof(ie_page_default));
4172				page_index->page_data =
4173					(uint8_t *)lun->mode_pages.ie_page;
4174				break;
4175			case 0x02: {
4176				struct ctl_logical_block_provisioning_page *page;
4177
4178				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4179				       &lbp_page_default,
4180				       sizeof(lbp_page_default));
4181				memcpy(&lun->mode_pages.lbp_page[
4182				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4183				       sizeof(lbp_page_changeable));
4184				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4185				       &lbp_page_default,
4186				       sizeof(lbp_page_default));
4187				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4188				value = ctl_get_opt(&lun->be_lun->options,
4189				    "avail-threshold");
4190				if (value != NULL &&
4191				    ctl_expand_number(value, &ival) == 0) {
4192					page->descr[0].flags |= SLBPPD_ENABLED |
4193					    SLBPPD_ARMING_DEC;
4194					if (lun->be_lun->blocksize)
4195						ival /= lun->be_lun->blocksize;
4196					else
4197						ival /= 512;
4198					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4199					    page->descr[0].count);
4200				}
4201				value = ctl_get_opt(&lun->be_lun->options,
4202				    "used-threshold");
4203				if (value != NULL &&
4204				    ctl_expand_number(value, &ival) == 0) {
4205					page->descr[1].flags |= SLBPPD_ENABLED |
4206					    SLBPPD_ARMING_INC;
4207					if (lun->be_lun->blocksize)
4208						ival /= lun->be_lun->blocksize;
4209					else
4210						ival /= 512;
4211					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4212					    page->descr[1].count);
4213				}
4214				value = ctl_get_opt(&lun->be_lun->options,
4215				    "pool-avail-threshold");
4216				if (value != NULL &&
4217				    ctl_expand_number(value, &ival) == 0) {
4218					page->descr[2].flags |= SLBPPD_ENABLED |
4219					    SLBPPD_ARMING_DEC;
4220					if (lun->be_lun->blocksize)
4221						ival /= lun->be_lun->blocksize;
4222					else
4223						ival /= 512;
4224					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4225					    page->descr[2].count);
4226				}
4227				value = ctl_get_opt(&lun->be_lun->options,
4228				    "pool-used-threshold");
4229				if (value != NULL &&
4230				    ctl_expand_number(value, &ival) == 0) {
4231					page->descr[3].flags |= SLBPPD_ENABLED |
4232					    SLBPPD_ARMING_INC;
4233					if (lun->be_lun->blocksize)
4234						ival /= lun->be_lun->blocksize;
4235					else
4236						ival /= 512;
4237					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4238					    page->descr[3].count);
4239				}
4240				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4241				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4242				       sizeof(lbp_page_default));
4243				page_index->page_data =
4244					(uint8_t *)lun->mode_pages.lbp_page;
4245			}}
4246			break;
4247		}
4248		case SMS_VENDOR_SPECIFIC_PAGE:{
4249			switch (page_index->subpage) {
4250			case DBGCNF_SUBPAGE_CODE: {
4251				struct copan_debugconf_subpage *current_page,
4252							       *saved_page;
4253
4254				memcpy(&lun->mode_pages.debugconf_subpage[
4255				       CTL_PAGE_CURRENT],
4256				       &debugconf_page_default,
4257				       sizeof(debugconf_page_default));
4258				memcpy(&lun->mode_pages.debugconf_subpage[
4259				       CTL_PAGE_CHANGEABLE],
4260				       &debugconf_page_changeable,
4261				       sizeof(debugconf_page_changeable));
4262				memcpy(&lun->mode_pages.debugconf_subpage[
4263				       CTL_PAGE_DEFAULT],
4264				       &debugconf_page_default,
4265				       sizeof(debugconf_page_default));
4266				memcpy(&lun->mode_pages.debugconf_subpage[
4267				       CTL_PAGE_SAVED],
4268				       &debugconf_page_default,
4269				       sizeof(debugconf_page_default));
4270				page_index->page_data =
4271					(uint8_t *)lun->mode_pages.debugconf_subpage;
4272
4273				current_page = (struct copan_debugconf_subpage *)
4274					(page_index->page_data +
4275					 (page_index->page_len *
4276					  CTL_PAGE_CURRENT));
4277				saved_page = (struct copan_debugconf_subpage *)
4278					(page_index->page_data +
4279					 (page_index->page_len *
4280					  CTL_PAGE_SAVED));
4281				break;
4282			}
4283			default:
4284				panic("invalid subpage value %d",
4285				      page_index->subpage);
4286				break;
4287			}
4288   			break;
4289		}
4290		default:
4291			panic("invalid page value %d",
4292			      page_index->page_code & SMPH_PC_MASK);
4293			break;
4294    	}
4295	}
4296
4297	return (CTL_RETVAL_COMPLETE);
4298}
4299
4300static int
4301ctl_init_log_page_index(struct ctl_lun *lun)
4302{
4303	struct ctl_page_index *page_index;
4304	int i, j, k, prev;
4305
4306	memcpy(&lun->log_pages.index, log_page_index_template,
4307	       sizeof(log_page_index_template));
4308
4309	prev = -1;
4310	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4311
4312		page_index = &lun->log_pages.index[i];
4313		/*
4314		 * If this is a disk-only mode page, there's no point in
4315		 * setting it up.  For some pages, we have to have some
4316		 * basic information about the disk in order to calculate the
4317		 * mode page data.
4318		 */
4319		if ((lun->be_lun->lun_type != T_DIRECT)
4320		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4321			continue;
4322
4323		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4324		     lun->backend->lun_attr == NULL)
4325			continue;
4326
4327		if (page_index->page_code != prev) {
4328			lun->log_pages.pages_page[j] = page_index->page_code;
4329			prev = page_index->page_code;
4330			j++;
4331		}
4332		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4333		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4334		k++;
4335	}
4336	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4337	lun->log_pages.index[0].page_len = j;
4338	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4339	lun->log_pages.index[1].page_len = k * 2;
4340	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4341	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4342	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4343	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4344
4345	return (CTL_RETVAL_COMPLETE);
4346}
4347
4348static int
4349hex2bin(const char *str, uint8_t *buf, int buf_size)
4350{
4351	int i;
4352	u_char c;
4353
4354	memset(buf, 0, buf_size);
4355	while (isspace(str[0]))
4356		str++;
4357	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4358		str += 2;
4359	buf_size *= 2;
4360	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4361		c = str[i];
4362		if (isdigit(c))
4363			c -= '0';
4364		else if (isalpha(c))
4365			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4366		else
4367			break;
4368		if (c >= 16)
4369			break;
4370		if ((i & 1) == 0)
4371			buf[i / 2] |= (c << 4);
4372		else
4373			buf[i / 2] |= c;
4374	}
4375	return ((i + 1) / 2);
4376}
4377
4378/*
4379 * LUN allocation.
4380 *
4381 * Requirements:
4382 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4383 *   wants us to allocate the LUN and he can block.
4384 * - ctl_softc is always set
4385 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4386 *
4387 * Returns 0 for success, non-zero (errno) for failure.
4388 */
4389static int
4390ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4391	      struct ctl_be_lun *const be_lun)
4392{
4393	struct ctl_lun *nlun, *lun;
4394	struct scsi_vpd_id_descriptor *desc;
4395	struct scsi_vpd_id_t10 *t10id;
4396	const char *eui, *naa, *scsiname, *vendor;
4397	int lun_number, i, lun_malloced;
4398	int devidlen, idlen1, idlen2 = 0, len;
4399
4400	if (be_lun == NULL)
4401		return (EINVAL);
4402
4403	/*
4404	 * We currently only support Direct Access or Processor LUN types.
4405	 */
4406	switch (be_lun->lun_type) {
4407	case T_DIRECT:
4408		break;
4409	case T_PROCESSOR:
4410		break;
4411	case T_SEQUENTIAL:
4412	case T_CHANGER:
4413	default:
4414		be_lun->lun_config_status(be_lun->be_lun,
4415					  CTL_LUN_CONFIG_FAILURE);
4416		break;
4417	}
4418	if (ctl_lun == NULL) {
4419		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4420		lun_malloced = 1;
4421	} else {
4422		lun_malloced = 0;
4423		lun = ctl_lun;
4424	}
4425
4426	memset(lun, 0, sizeof(*lun));
4427	if (lun_malloced)
4428		lun->flags = CTL_LUN_MALLOCED;
4429
4430	/* Generate LUN ID. */
4431	devidlen = max(CTL_DEVID_MIN_LEN,
4432	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4433	idlen1 = sizeof(*t10id) + devidlen;
4434	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4435	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4436	if (scsiname != NULL) {
4437		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4438		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4439	}
4440	eui = ctl_get_opt(&be_lun->options, "eui");
4441	if (eui != NULL) {
4442		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4443	}
4444	naa = ctl_get_opt(&be_lun->options, "naa");
4445	if (naa != NULL) {
4446		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4447	}
4448	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4449	    M_CTL, M_WAITOK | M_ZERO);
4450	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4451	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4452	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4453	desc->length = idlen1;
4454	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4455	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4456	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4457		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4458	} else {
4459		strncpy(t10id->vendor, vendor,
4460		    min(sizeof(t10id->vendor), strlen(vendor)));
4461	}
4462	strncpy((char *)t10id->vendor_spec_id,
4463	    (char *)be_lun->device_id, devidlen);
4464	if (scsiname != NULL) {
4465		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4466		    desc->length);
4467		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4468		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4469		    SVPD_ID_TYPE_SCSI_NAME;
4470		desc->length = idlen2;
4471		strlcpy(desc->identifier, scsiname, idlen2);
4472	}
4473	if (eui != NULL) {
4474		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4475		    desc->length);
4476		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4477		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4478		    SVPD_ID_TYPE_EUI64;
4479		desc->length = hex2bin(eui, desc->identifier, 16);
4480		desc->length = desc->length > 12 ? 16 :
4481		    (desc->length > 8 ? 12 : 8);
4482		len -= 16 - desc->length;
4483	}
4484	if (naa != NULL) {
4485		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4486		    desc->length);
4487		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4488		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4489		    SVPD_ID_TYPE_NAA;
4490		desc->length = hex2bin(naa, desc->identifier, 16);
4491		desc->length = desc->length > 8 ? 16 : 8;
4492		len -= 16 - desc->length;
4493	}
4494	lun->lun_devid->len = len;
4495
4496	mtx_lock(&ctl_softc->ctl_lock);
4497	/*
4498	 * See if the caller requested a particular LUN number.  If so, see
4499	 * if it is available.  Otherwise, allocate the first available LUN.
4500	 */
4501	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4502		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4503		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4504			mtx_unlock(&ctl_softc->ctl_lock);
4505			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4506				printf("ctl: requested LUN ID %d is higher "
4507				       "than CTL_MAX_LUNS - 1 (%d)\n",
4508				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4509			} else {
4510				/*
4511				 * XXX KDM return an error, or just assign
4512				 * another LUN ID in this case??
4513				 */
4514				printf("ctl: requested LUN ID %d is already "
4515				       "in use\n", be_lun->req_lun_id);
4516			}
4517			if (lun->flags & CTL_LUN_MALLOCED)
4518				free(lun, M_CTL);
4519			be_lun->lun_config_status(be_lun->be_lun,
4520						  CTL_LUN_CONFIG_FAILURE);
4521			return (ENOSPC);
4522		}
4523		lun_number = be_lun->req_lun_id;
4524	} else {
4525		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4526		if (lun_number == -1) {
4527			mtx_unlock(&ctl_softc->ctl_lock);
4528			printf("ctl: can't allocate LUN, out of LUNs\n");
4529			if (lun->flags & CTL_LUN_MALLOCED)
4530				free(lun, M_CTL);
4531			be_lun->lun_config_status(be_lun->be_lun,
4532						  CTL_LUN_CONFIG_FAILURE);
4533			return (ENOSPC);
4534		}
4535	}
4536	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4537
4538	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4539	lun->lun = lun_number;
4540	lun->be_lun = be_lun;
4541	/*
4542	 * The processor LUN is always enabled.  Disk LUNs come on line
4543	 * disabled, and must be enabled by the backend.
4544	 */
4545	lun->flags |= CTL_LUN_DISABLED;
4546	lun->backend = be_lun->be;
4547	be_lun->ctl_lun = lun;
4548	be_lun->lun_id = lun_number;
4549	atomic_add_int(&be_lun->be->num_luns, 1);
4550	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4551		lun->flags |= CTL_LUN_OFFLINE;
4552
4553	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4554		lun->flags |= CTL_LUN_STOPPED;
4555
4556	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4557		lun->flags |= CTL_LUN_INOPERABLE;
4558
4559	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4560		lun->flags |= CTL_LUN_PRIMARY_SC;
4561
4562	lun->ctl_softc = ctl_softc;
4563#ifdef CTL_TIME_IO
4564	lun->last_busy = getsbinuptime();
4565#endif
4566	TAILQ_INIT(&lun->ooa_queue);
4567	TAILQ_INIT(&lun->blocked_queue);
4568	STAILQ_INIT(&lun->error_list);
4569	ctl_tpc_lun_init(lun);
4570
4571	/*
4572	 * Initialize the mode and log page index.
4573	 */
4574	ctl_init_page_index(lun);
4575	ctl_init_log_page_index(lun);
4576
4577	/*
4578	 * Now, before we insert this lun on the lun list, set the lun
4579	 * inventory changed UA for all other luns.
4580	 */
4581	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4582		mtx_lock(&nlun->lun_lock);
4583		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4584		mtx_unlock(&nlun->lun_lock);
4585	}
4586
4587	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4588
4589	ctl_softc->ctl_luns[lun_number] = lun;
4590
4591	ctl_softc->num_luns++;
4592
4593	/* Setup statistics gathering */
4594	lun->stats.device_type = be_lun->lun_type;
4595	lun->stats.lun_number = lun_number;
4596	if (lun->stats.device_type == T_DIRECT)
4597		lun->stats.blocksize = be_lun->blocksize;
4598	else
4599		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4600	for (i = 0;i < CTL_MAX_PORTS;i++)
4601		lun->stats.ports[i].targ_port = i;
4602
4603	mtx_unlock(&ctl_softc->ctl_lock);
4604
4605	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4606	return (0);
4607}
4608
4609/*
4610 * Delete a LUN.
4611 * Assumptions:
4612 * - LUN has already been marked invalid and any pending I/O has been taken
4613 *   care of.
4614 */
4615static int
4616ctl_free_lun(struct ctl_lun *lun)
4617{
4618	struct ctl_softc *softc;
4619	struct ctl_lun *nlun;
4620	int i;
4621
4622	softc = lun->ctl_softc;
4623
4624	mtx_assert(&softc->ctl_lock, MA_OWNED);
4625
4626	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4627
4628	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4629
4630	softc->ctl_luns[lun->lun] = NULL;
4631
4632	if (!TAILQ_EMPTY(&lun->ooa_queue))
4633		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4634
4635	softc->num_luns--;
4636
4637	/*
4638	 * Tell the backend to free resources, if this LUN has a backend.
4639	 */
4640	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4641	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4642
4643	ctl_tpc_lun_shutdown(lun);
4644	mtx_destroy(&lun->lun_lock);
4645	free(lun->lun_devid, M_CTL);
4646	for (i = 0; i < CTL_MAX_PORTS; i++)
4647		free(lun->pending_ua[i], M_CTL);
4648	for (i = 0; i < CTL_MAX_PORTS; i++)
4649		free(lun->pr_keys[i], M_CTL);
4650	free(lun->write_buffer, M_CTL);
4651	if (lun->flags & CTL_LUN_MALLOCED)
4652		free(lun, M_CTL);
4653
4654	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4655		mtx_lock(&nlun->lun_lock);
4656		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4657		mtx_unlock(&nlun->lun_lock);
4658	}
4659
4660	return (0);
4661}
4662
4663static void
4664ctl_create_lun(struct ctl_be_lun *be_lun)
4665{
4666
4667	/*
4668	 * ctl_alloc_lun() should handle all potential failure cases.
4669	 */
4670	ctl_alloc_lun(control_softc, NULL, be_lun);
4671}
4672
4673int
4674ctl_add_lun(struct ctl_be_lun *be_lun)
4675{
4676	struct ctl_softc *softc = control_softc;
4677
4678	mtx_lock(&softc->ctl_lock);
4679	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4680	mtx_unlock(&softc->ctl_lock);
4681	wakeup(&softc->pending_lun_queue);
4682
4683	return (0);
4684}
4685
4686int
4687ctl_enable_lun(struct ctl_be_lun *be_lun)
4688{
4689	struct ctl_softc *softc;
4690	struct ctl_port *port, *nport;
4691	struct ctl_lun *lun;
4692	int retval;
4693
4694	lun = (struct ctl_lun *)be_lun->ctl_lun;
4695	softc = lun->ctl_softc;
4696
4697	mtx_lock(&softc->ctl_lock);
4698	mtx_lock(&lun->lun_lock);
4699	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4700		/*
4701		 * eh?  Why did we get called if the LUN is already
4702		 * enabled?
4703		 */
4704		mtx_unlock(&lun->lun_lock);
4705		mtx_unlock(&softc->ctl_lock);
4706		return (0);
4707	}
4708	lun->flags &= ~CTL_LUN_DISABLED;
4709	mtx_unlock(&lun->lun_lock);
4710
4711	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4712		nport = STAILQ_NEXT(port, links);
4713		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4714		    port->lun_map != NULL || port->lun_enable == NULL)
4715			continue;
4716
4717		/*
4718		 * Drop the lock while we call the FETD's enable routine.
4719		 * This can lead to a callback into CTL (at least in the
4720		 * case of the internal initiator frontend.
4721		 */
4722		mtx_unlock(&softc->ctl_lock);
4723		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4724		mtx_lock(&softc->ctl_lock);
4725		if (retval != 0) {
4726			printf("%s: FETD %s port %d returned error "
4727			       "%d for lun_enable on lun %jd\n",
4728			       __func__, port->port_name, port->targ_port,
4729			       retval, (intmax_t)lun->lun);
4730		}
4731	}
4732
4733	mtx_unlock(&softc->ctl_lock);
4734	ctl_isc_announce_lun(lun);
4735
4736	return (0);
4737}
4738
4739int
4740ctl_disable_lun(struct ctl_be_lun *be_lun)
4741{
4742	struct ctl_softc *softc;
4743	struct ctl_port *port;
4744	struct ctl_lun *lun;
4745	int retval;
4746
4747	lun = (struct ctl_lun *)be_lun->ctl_lun;
4748	softc = lun->ctl_softc;
4749
4750	mtx_lock(&softc->ctl_lock);
4751	mtx_lock(&lun->lun_lock);
4752	if (lun->flags & CTL_LUN_DISABLED) {
4753		mtx_unlock(&lun->lun_lock);
4754		mtx_unlock(&softc->ctl_lock);
4755		return (0);
4756	}
4757	lun->flags |= CTL_LUN_DISABLED;
4758	mtx_unlock(&lun->lun_lock);
4759
4760	STAILQ_FOREACH(port, &softc->port_list, links) {
4761		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4762		    port->lun_map != NULL || port->lun_disable == NULL)
4763			continue;
4764
4765		/*
4766		 * Drop the lock before we call the frontend's disable
4767		 * routine, to avoid lock order reversals.
4768		 *
4769		 * XXX KDM what happens if the frontend list changes while
4770		 * we're traversing it?  It's unlikely, but should be handled.
4771		 */
4772		mtx_unlock(&softc->ctl_lock);
4773		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4774		mtx_lock(&softc->ctl_lock);
4775		if (retval != 0) {
4776			printf("%s: FETD %s port %d returned error "
4777			       "%d for lun_disable on lun %jd\n",
4778			       __func__, port->port_name, port->targ_port,
4779			       retval, (intmax_t)lun->lun);
4780		}
4781	}
4782
4783	mtx_unlock(&softc->ctl_lock);
4784	ctl_isc_announce_lun(lun);
4785
4786	return (0);
4787}
4788
4789int
4790ctl_start_lun(struct ctl_be_lun *be_lun)
4791{
4792	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4793
4794	mtx_lock(&lun->lun_lock);
4795	lun->flags &= ~CTL_LUN_STOPPED;
4796	mtx_unlock(&lun->lun_lock);
4797	return (0);
4798}
4799
4800int
4801ctl_stop_lun(struct ctl_be_lun *be_lun)
4802{
4803	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4804
4805	mtx_lock(&lun->lun_lock);
4806	lun->flags |= CTL_LUN_STOPPED;
4807	mtx_unlock(&lun->lun_lock);
4808	return (0);
4809}
4810
4811int
4812ctl_lun_offline(struct ctl_be_lun *be_lun)
4813{
4814	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4815
4816	mtx_lock(&lun->lun_lock);
4817	lun->flags |= CTL_LUN_OFFLINE;
4818	mtx_unlock(&lun->lun_lock);
4819	return (0);
4820}
4821
4822int
4823ctl_lun_online(struct ctl_be_lun *be_lun)
4824{
4825	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4826
4827	mtx_lock(&lun->lun_lock);
4828	lun->flags &= ~CTL_LUN_OFFLINE;
4829	mtx_unlock(&lun->lun_lock);
4830	return (0);
4831}
4832
4833int
4834ctl_lun_primary(struct ctl_be_lun *be_lun)
4835{
4836	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4837
4838	mtx_lock(&lun->lun_lock);
4839	lun->flags |= CTL_LUN_PRIMARY_SC;
4840	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4841	mtx_unlock(&lun->lun_lock);
4842	ctl_isc_announce_lun(lun);
4843	return (0);
4844}
4845
4846int
4847ctl_lun_secondary(struct ctl_be_lun *be_lun)
4848{
4849	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4850
4851	mtx_lock(&lun->lun_lock);
4852	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4853	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4854	mtx_unlock(&lun->lun_lock);
4855	ctl_isc_announce_lun(lun);
4856	return (0);
4857}
4858
4859int
4860ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4861{
4862	struct ctl_softc *softc;
4863	struct ctl_lun *lun;
4864
4865	lun = (struct ctl_lun *)be_lun->ctl_lun;
4866	softc = lun->ctl_softc;
4867
4868	mtx_lock(&lun->lun_lock);
4869
4870	/*
4871	 * The LUN needs to be disabled before it can be marked invalid.
4872	 */
4873	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4874		mtx_unlock(&lun->lun_lock);
4875		return (-1);
4876	}
4877	/*
4878	 * Mark the LUN invalid.
4879	 */
4880	lun->flags |= CTL_LUN_INVALID;
4881
4882	/*
4883	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4884	 * If we have something in the OOA queue, we'll free it when the
4885	 * last I/O completes.
4886	 */
4887	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4888		mtx_unlock(&lun->lun_lock);
4889		mtx_lock(&softc->ctl_lock);
4890		ctl_free_lun(lun);
4891		mtx_unlock(&softc->ctl_lock);
4892	} else
4893		mtx_unlock(&lun->lun_lock);
4894
4895	return (0);
4896}
4897
4898int
4899ctl_lun_inoperable(struct ctl_be_lun *be_lun)
4900{
4901	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4902
4903	mtx_lock(&lun->lun_lock);
4904	lun->flags |= CTL_LUN_INOPERABLE;
4905	mtx_unlock(&lun->lun_lock);
4906	return (0);
4907}
4908
4909int
4910ctl_lun_operable(struct ctl_be_lun *be_lun)
4911{
4912	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4913
4914	mtx_lock(&lun->lun_lock);
4915	lun->flags &= ~CTL_LUN_INOPERABLE;
4916	mtx_unlock(&lun->lun_lock);
4917	return (0);
4918}
4919
4920void
4921ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
4922{
4923	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4924	union ctl_ha_msg msg;
4925
4926	mtx_lock(&lun->lun_lock);
4927	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
4928	mtx_unlock(&lun->lun_lock);
4929	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
4930		/* Send msg to other side. */
4931		bzero(&msg.ua, sizeof(msg.ua));
4932		msg.hdr.msg_type = CTL_MSG_UA;
4933		msg.hdr.nexus.initid = -1;
4934		msg.hdr.nexus.targ_port = -1;
4935		msg.hdr.nexus.targ_lun = lun->lun;
4936		msg.hdr.nexus.targ_mapped_lun = lun->lun;
4937		msg.ua.ua_all = 1;
4938		msg.ua.ua_set = 1;
4939		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
4940		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
4941		    M_WAITOK);
4942	}
4943}
4944
4945/*
4946 * Backend "memory move is complete" callback for requests that never
4947 * make it down to say RAIDCore's configuration code.
4948 */
4949int
4950ctl_config_move_done(union ctl_io *io)
4951{
4952	int retval;
4953
4954	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
4955	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
4956	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
4957
4958	if ((io->io_hdr.port_status != 0) &&
4959	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
4960	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
4961		/*
4962		 * For hardware error sense keys, the sense key
4963		 * specific value is defined to be a retry count,
4964		 * but we use it to pass back an internal FETD
4965		 * error code.  XXX KDM  Hopefully the FETD is only
4966		 * using 16 bits for an error code, since that's
4967		 * all the space we have in the sks field.
4968		 */
4969		ctl_set_internal_failure(&io->scsiio,
4970					 /*sks_valid*/ 1,
4971					 /*retry_count*/
4972					 io->io_hdr.port_status);
4973	}
4974
4975	if (ctl_debug & CTL_DEBUG_CDB_DATA)
4976		ctl_data_print(io);
4977	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
4978	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
4979	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
4980	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
4981		/*
4982		 * XXX KDM just assuming a single pointer here, and not a
4983		 * S/G list.  If we start using S/G lists for config data,
4984		 * we'll need to know how to clean them up here as well.
4985		 */
4986		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
4987			free(io->scsiio.kern_data_ptr, M_CTL);
4988		ctl_done(io);
4989		retval = CTL_RETVAL_COMPLETE;
4990	} else {
4991		/*
4992		 * XXX KDM now we need to continue data movement.  Some
4993		 * options:
4994		 * - call ctl_scsiio() again?  We don't do this for data
4995		 *   writes, because for those at least we know ahead of
4996		 *   time where the write will go and how long it is.  For
4997		 *   config writes, though, that information is largely
4998		 *   contained within the write itself, thus we need to
4999		 *   parse out the data again.
5000		 *
5001		 * - Call some other function once the data is in?
5002		 */
5003
5004		/*
5005		 * XXX KDM call ctl_scsiio() again for now, and check flag
5006		 * bits to see whether we're allocated or not.
5007		 */
5008		retval = ctl_scsiio(&io->scsiio);
5009	}
5010	return (retval);
5011}
5012
5013/*
5014 * This gets called by a backend driver when it is done with a
5015 * data_submit method.
5016 */
5017void
5018ctl_data_submit_done(union ctl_io *io)
5019{
5020	/*
5021	 * If the IO_CONT flag is set, we need to call the supplied
5022	 * function to continue processing the I/O, instead of completing
5023	 * the I/O just yet.
5024	 *
5025	 * If there is an error, though, we don't want to keep processing.
5026	 * Instead, just send status back to the initiator.
5027	 */
5028	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5029	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5030	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5031	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5032		io->scsiio.io_cont(io);
5033		return;
5034	}
5035	ctl_done(io);
5036}
5037
5038/*
5039 * This gets called by a backend driver when it is done with a
5040 * configuration write.
5041 */
5042void
5043ctl_config_write_done(union ctl_io *io)
5044{
5045	uint8_t *buf;
5046
5047	/*
5048	 * If the IO_CONT flag is set, we need to call the supplied
5049	 * function to continue processing the I/O, instead of completing
5050	 * the I/O just yet.
5051	 *
5052	 * If there is an error, though, we don't want to keep processing.
5053	 * Instead, just send status back to the initiator.
5054	 */
5055	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5056	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5057	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5058	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5059		io->scsiio.io_cont(io);
5060		return;
5061	}
5062	/*
5063	 * Since a configuration write can be done for commands that actually
5064	 * have data allocated, like write buffer, and commands that have
5065	 * no data, like start/stop unit, we need to check here.
5066	 */
5067	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5068		buf = io->scsiio.kern_data_ptr;
5069	else
5070		buf = NULL;
5071	ctl_done(io);
5072	if (buf)
5073		free(buf, M_CTL);
5074}
5075
5076void
5077ctl_config_read_done(union ctl_io *io)
5078{
5079	uint8_t *buf;
5080
5081	/*
5082	 * If there is some error -- we are done, skip data transfer.
5083	 */
5084	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5085	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5086	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5087		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5088			buf = io->scsiio.kern_data_ptr;
5089		else
5090			buf = NULL;
5091		ctl_done(io);
5092		if (buf)
5093			free(buf, M_CTL);
5094		return;
5095	}
5096
5097	/*
5098	 * If the IO_CONT flag is set, we need to call the supplied
5099	 * function to continue processing the I/O, instead of completing
5100	 * the I/O just yet.
5101	 */
5102	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5103		io->scsiio.io_cont(io);
5104		return;
5105	}
5106
5107	ctl_datamove(io);
5108}
5109
5110/*
5111 * SCSI release command.
5112 */
5113int
5114ctl_scsi_release(struct ctl_scsiio *ctsio)
5115{
5116	int length, longid, thirdparty_id, resv_id;
5117	struct ctl_lun *lun;
5118	uint32_t residx;
5119
5120	length = 0;
5121	resv_id = 0;
5122
5123	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5124
5125	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5126	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5127
5128	switch (ctsio->cdb[0]) {
5129	case RELEASE_10: {
5130		struct scsi_release_10 *cdb;
5131
5132		cdb = (struct scsi_release_10 *)ctsio->cdb;
5133
5134		if (cdb->byte2 & SR10_LONGID)
5135			longid = 1;
5136		else
5137			thirdparty_id = cdb->thirdparty_id;
5138
5139		resv_id = cdb->resv_id;
5140		length = scsi_2btoul(cdb->length);
5141		break;
5142	}
5143	}
5144
5145
5146	/*
5147	 * XXX KDM right now, we only support LUN reservation.  We don't
5148	 * support 3rd party reservations, or extent reservations, which
5149	 * might actually need the parameter list.  If we've gotten this
5150	 * far, we've got a LUN reservation.  Anything else got kicked out
5151	 * above.  So, according to SPC, ignore the length.
5152	 */
5153	length = 0;
5154
5155	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5156	 && (length > 0)) {
5157		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5158		ctsio->kern_data_len = length;
5159		ctsio->kern_total_len = length;
5160		ctsio->kern_data_resid = 0;
5161		ctsio->kern_rel_offset = 0;
5162		ctsio->kern_sg_entries = 0;
5163		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5164		ctsio->be_move_done = ctl_config_move_done;
5165		ctl_datamove((union ctl_io *)ctsio);
5166
5167		return (CTL_RETVAL_COMPLETE);
5168	}
5169
5170	if (length > 0)
5171		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5172
5173	mtx_lock(&lun->lun_lock);
5174
5175	/*
5176	 * According to SPC, it is not an error for an intiator to attempt
5177	 * to release a reservation on a LUN that isn't reserved, or that
5178	 * is reserved by another initiator.  The reservation can only be
5179	 * released, though, by the initiator who made it or by one of
5180	 * several reset type events.
5181	 */
5182	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5183			lun->flags &= ~CTL_LUN_RESERVED;
5184
5185	mtx_unlock(&lun->lun_lock);
5186
5187	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5188		free(ctsio->kern_data_ptr, M_CTL);
5189		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5190	}
5191
5192	ctl_set_success(ctsio);
5193	ctl_done((union ctl_io *)ctsio);
5194	return (CTL_RETVAL_COMPLETE);
5195}
5196
5197int
5198ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5199{
5200	int extent, thirdparty, longid;
5201	int resv_id, length;
5202	uint64_t thirdparty_id;
5203	struct ctl_lun *lun;
5204	uint32_t residx;
5205
5206	extent = 0;
5207	thirdparty = 0;
5208	longid = 0;
5209	resv_id = 0;
5210	length = 0;
5211	thirdparty_id = 0;
5212
5213	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5214
5215	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5216	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5217
5218	switch (ctsio->cdb[0]) {
5219	case RESERVE_10: {
5220		struct scsi_reserve_10 *cdb;
5221
5222		cdb = (struct scsi_reserve_10 *)ctsio->cdb;
5223
5224		if (cdb->byte2 & SR10_LONGID)
5225			longid = 1;
5226		else
5227			thirdparty_id = cdb->thirdparty_id;
5228
5229		resv_id = cdb->resv_id;
5230		length = scsi_2btoul(cdb->length);
5231		break;
5232	}
5233	}
5234
5235	/*
5236	 * XXX KDM right now, we only support LUN reservation.  We don't
5237	 * support 3rd party reservations, or extent reservations, which
5238	 * might actually need the parameter list.  If we've gotten this
5239	 * far, we've got a LUN reservation.  Anything else got kicked out
5240	 * above.  So, according to SPC, ignore the length.
5241	 */
5242	length = 0;
5243
5244	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5245	 && (length > 0)) {
5246		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5247		ctsio->kern_data_len = length;
5248		ctsio->kern_total_len = length;
5249		ctsio->kern_data_resid = 0;
5250		ctsio->kern_rel_offset = 0;
5251		ctsio->kern_sg_entries = 0;
5252		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5253		ctsio->be_move_done = ctl_config_move_done;
5254		ctl_datamove((union ctl_io *)ctsio);
5255
5256		return (CTL_RETVAL_COMPLETE);
5257	}
5258
5259	if (length > 0)
5260		thirdparty_id = scsi_8btou64(ctsio->kern_data_ptr);
5261
5262	mtx_lock(&lun->lun_lock);
5263	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5264		ctl_set_reservation_conflict(ctsio);
5265		goto bailout;
5266	}
5267
5268	lun->flags |= CTL_LUN_RESERVED;
5269	lun->res_idx = residx;
5270
5271	ctl_set_success(ctsio);
5272
5273bailout:
5274	mtx_unlock(&lun->lun_lock);
5275
5276	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5277		free(ctsio->kern_data_ptr, M_CTL);
5278		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5279	}
5280
5281	ctl_done((union ctl_io *)ctsio);
5282	return (CTL_RETVAL_COMPLETE);
5283}
5284
5285int
5286ctl_start_stop(struct ctl_scsiio *ctsio)
5287{
5288	struct scsi_start_stop_unit *cdb;
5289	struct ctl_lun *lun;
5290	int retval;
5291
5292	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5293
5294	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5295	retval = 0;
5296
5297	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5298
5299	/*
5300	 * XXX KDM
5301	 * We don't support the immediate bit on a stop unit.  In order to
5302	 * do that, we would need to code up a way to know that a stop is
5303	 * pending, and hold off any new commands until it completes, one
5304	 * way or another.  Then we could accept or reject those commands
5305	 * depending on its status.  We would almost need to do the reverse
5306	 * of what we do below for an immediate start -- return the copy of
5307	 * the ctl_io to the FETD with status to send to the host (and to
5308	 * free the copy!) and then free the original I/O once the stop
5309	 * actually completes.  That way, the OOA queue mechanism can work
5310	 * to block commands that shouldn't proceed.  Another alternative
5311	 * would be to put the copy in the queue in place of the original,
5312	 * and return the original back to the caller.  That could be
5313	 * slightly safer..
5314	 */
5315	if ((cdb->byte2 & SSS_IMMED)
5316	 && ((cdb->how & SSS_START) == 0)) {
5317		ctl_set_invalid_field(ctsio,
5318				      /*sks_valid*/ 1,
5319				      /*command*/ 1,
5320				      /*field*/ 1,
5321				      /*bit_valid*/ 1,
5322				      /*bit*/ 0);
5323		ctl_done((union ctl_io *)ctsio);
5324		return (CTL_RETVAL_COMPLETE);
5325	}
5326
5327	if ((lun->flags & CTL_LUN_PR_RESERVED)
5328	 && ((cdb->how & SSS_START)==0)) {
5329		uint32_t residx;
5330
5331		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5332		if (ctl_get_prkey(lun, residx) == 0
5333		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5334
5335			ctl_set_reservation_conflict(ctsio);
5336			ctl_done((union ctl_io *)ctsio);
5337			return (CTL_RETVAL_COMPLETE);
5338		}
5339	}
5340
5341	/*
5342	 * If there is no backend on this device, we can't start or stop
5343	 * it.  In theory we shouldn't get any start/stop commands in the
5344	 * first place at this level if the LUN doesn't have a backend.
5345	 * That should get stopped by the command decode code.
5346	 */
5347	if (lun->backend == NULL) {
5348		ctl_set_invalid_opcode(ctsio);
5349		ctl_done((union ctl_io *)ctsio);
5350		return (CTL_RETVAL_COMPLETE);
5351	}
5352
5353	/*
5354	 * XXX KDM Copan-specific offline behavior.
5355	 * Figure out a reasonable way to port this?
5356	 */
5357#ifdef NEEDTOPORT
5358	mtx_lock(&lun->lun_lock);
5359
5360	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5361	 && (lun->flags & CTL_LUN_OFFLINE)) {
5362		/*
5363		 * If the LUN is offline, and the on/offline bit isn't set,
5364		 * reject the start or stop.  Otherwise, let it through.
5365		 */
5366		mtx_unlock(&lun->lun_lock);
5367		ctl_set_lun_not_ready(ctsio);
5368		ctl_done((union ctl_io *)ctsio);
5369	} else {
5370		mtx_unlock(&lun->lun_lock);
5371#endif /* NEEDTOPORT */
5372		/*
5373		 * This could be a start or a stop when we're online,
5374		 * or a stop/offline or start/online.  A start or stop when
5375		 * we're offline is covered in the case above.
5376		 */
5377		/*
5378		 * In the non-immediate case, we send the request to
5379		 * the backend and return status to the user when
5380		 * it is done.
5381		 *
5382		 * In the immediate case, we allocate a new ctl_io
5383		 * to hold a copy of the request, and send that to
5384		 * the backend.  We then set good status on the
5385		 * user's request and return it immediately.
5386		 */
5387		if (cdb->byte2 & SSS_IMMED) {
5388			union ctl_io *new_io;
5389
5390			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5391			ctl_copy_io((union ctl_io *)ctsio, new_io);
5392			retval = lun->backend->config_write(new_io);
5393			ctl_set_success(ctsio);
5394			ctl_done((union ctl_io *)ctsio);
5395		} else {
5396			retval = lun->backend->config_write(
5397				(union ctl_io *)ctsio);
5398		}
5399#ifdef NEEDTOPORT
5400	}
5401#endif
5402	return (retval);
5403}
5404
5405/*
5406 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5407 * we don't really do anything with the LBA and length fields if the user
5408 * passes them in.  Instead we'll just flush out the cache for the entire
5409 * LUN.
5410 */
5411int
5412ctl_sync_cache(struct ctl_scsiio *ctsio)
5413{
5414	struct ctl_lun *lun;
5415	struct ctl_softc *softc;
5416	struct ctl_lba_len_flags *lbalen;
5417	uint64_t starting_lba;
5418	uint32_t block_count;
5419	int retval;
5420	uint8_t byte2;
5421
5422	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5423
5424	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5425	softc = lun->ctl_softc;
5426	retval = 0;
5427
5428	switch (ctsio->cdb[0]) {
5429	case SYNCHRONIZE_CACHE: {
5430		struct scsi_sync_cache *cdb;
5431		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5432
5433		starting_lba = scsi_4btoul(cdb->begin_lba);
5434		block_count = scsi_2btoul(cdb->lb_count);
5435		byte2 = cdb->byte2;
5436		break;
5437	}
5438	case SYNCHRONIZE_CACHE_16: {
5439		struct scsi_sync_cache_16 *cdb;
5440		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5441
5442		starting_lba = scsi_8btou64(cdb->begin_lba);
5443		block_count = scsi_4btoul(cdb->lb_count);
5444		byte2 = cdb->byte2;
5445		break;
5446	}
5447	default:
5448		ctl_set_invalid_opcode(ctsio);
5449		ctl_done((union ctl_io *)ctsio);
5450		goto bailout;
5451		break; /* NOTREACHED */
5452	}
5453
5454	/*
5455	 * We check the LBA and length, but don't do anything with them.
5456	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5457	 * get flushed.  This check will just help satisfy anyone who wants
5458	 * to see an error for an out of range LBA.
5459	 */
5460	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5461		ctl_set_lba_out_of_range(ctsio);
5462		ctl_done((union ctl_io *)ctsio);
5463		goto bailout;
5464	}
5465
5466	/*
5467	 * If this LUN has no backend, we can't flush the cache anyway.
5468	 */
5469	if (lun->backend == NULL) {
5470		ctl_set_invalid_opcode(ctsio);
5471		ctl_done((union ctl_io *)ctsio);
5472		goto bailout;
5473	}
5474
5475	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5476	lbalen->lba = starting_lba;
5477	lbalen->len = block_count;
5478	lbalen->flags = byte2;
5479
5480	/*
5481	 * Check to see whether we're configured to send the SYNCHRONIZE
5482	 * CACHE command directly to the back end.
5483	 */
5484	mtx_lock(&lun->lun_lock);
5485	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5486	 && (++(lun->sync_count) >= lun->sync_interval)) {
5487		lun->sync_count = 0;
5488		mtx_unlock(&lun->lun_lock);
5489		retval = lun->backend->config_write((union ctl_io *)ctsio);
5490	} else {
5491		mtx_unlock(&lun->lun_lock);
5492		ctl_set_success(ctsio);
5493		ctl_done((union ctl_io *)ctsio);
5494	}
5495
5496bailout:
5497
5498	return (retval);
5499}
5500
5501int
5502ctl_format(struct ctl_scsiio *ctsio)
5503{
5504	struct scsi_format *cdb;
5505	struct ctl_lun *lun;
5506	int length, defect_list_len;
5507
5508	CTL_DEBUG_PRINT(("ctl_format\n"));
5509
5510	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5511
5512	cdb = (struct scsi_format *)ctsio->cdb;
5513
5514	length = 0;
5515	if (cdb->byte2 & SF_FMTDATA) {
5516		if (cdb->byte2 & SF_LONGLIST)
5517			length = sizeof(struct scsi_format_header_long);
5518		else
5519			length = sizeof(struct scsi_format_header_short);
5520	}
5521
5522	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5523	 && (length > 0)) {
5524		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5525		ctsio->kern_data_len = length;
5526		ctsio->kern_total_len = length;
5527		ctsio->kern_data_resid = 0;
5528		ctsio->kern_rel_offset = 0;
5529		ctsio->kern_sg_entries = 0;
5530		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5531		ctsio->be_move_done = ctl_config_move_done;
5532		ctl_datamove((union ctl_io *)ctsio);
5533
5534		return (CTL_RETVAL_COMPLETE);
5535	}
5536
5537	defect_list_len = 0;
5538
5539	if (cdb->byte2 & SF_FMTDATA) {
5540		if (cdb->byte2 & SF_LONGLIST) {
5541			struct scsi_format_header_long *header;
5542
5543			header = (struct scsi_format_header_long *)
5544				ctsio->kern_data_ptr;
5545
5546			defect_list_len = scsi_4btoul(header->defect_list_len);
5547			if (defect_list_len != 0) {
5548				ctl_set_invalid_field(ctsio,
5549						      /*sks_valid*/ 1,
5550						      /*command*/ 0,
5551						      /*field*/ 2,
5552						      /*bit_valid*/ 0,
5553						      /*bit*/ 0);
5554				goto bailout;
5555			}
5556		} else {
5557			struct scsi_format_header_short *header;
5558
5559			header = (struct scsi_format_header_short *)
5560				ctsio->kern_data_ptr;
5561
5562			defect_list_len = scsi_2btoul(header->defect_list_len);
5563			if (defect_list_len != 0) {
5564				ctl_set_invalid_field(ctsio,
5565						      /*sks_valid*/ 1,
5566						      /*command*/ 0,
5567						      /*field*/ 2,
5568						      /*bit_valid*/ 0,
5569						      /*bit*/ 0);
5570				goto bailout;
5571			}
5572		}
5573	}
5574
5575	/*
5576	 * The format command will clear out the "Medium format corrupted"
5577	 * status if set by the configuration code.  That status is really
5578	 * just a way to notify the host that we have lost the media, and
5579	 * get them to issue a command that will basically make them think
5580	 * they're blowing away the media.
5581	 */
5582	mtx_lock(&lun->lun_lock);
5583	lun->flags &= ~CTL_LUN_INOPERABLE;
5584	mtx_unlock(&lun->lun_lock);
5585
5586	ctl_set_success(ctsio);
5587bailout:
5588
5589	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5590		free(ctsio->kern_data_ptr, M_CTL);
5591		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5592	}
5593
5594	ctl_done((union ctl_io *)ctsio);
5595	return (CTL_RETVAL_COMPLETE);
5596}
5597
5598int
5599ctl_read_buffer(struct ctl_scsiio *ctsio)
5600{
5601	struct ctl_lun *lun;
5602	uint64_t buffer_offset;
5603	uint32_t len;
5604	uint8_t byte2;
5605	static uint8_t descr[4];
5606	static uint8_t echo_descr[4] = { 0 };
5607
5608	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5609	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5610	switch (ctsio->cdb[0]) {
5611	case READ_BUFFER: {
5612		struct scsi_read_buffer *cdb;
5613
5614		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5615		buffer_offset = scsi_3btoul(cdb->offset);
5616		len = scsi_3btoul(cdb->length);
5617		byte2 = cdb->byte2;
5618		break;
5619	}
5620	case READ_BUFFER_16: {
5621		struct scsi_read_buffer_16 *cdb;
5622
5623		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5624		buffer_offset = scsi_8btou64(cdb->offset);
5625		len = scsi_4btoul(cdb->length);
5626		byte2 = cdb->byte2;
5627		break;
5628	}
5629	default: /* This shouldn't happen. */
5630		ctl_set_invalid_opcode(ctsio);
5631		ctl_done((union ctl_io *)ctsio);
5632		return (CTL_RETVAL_COMPLETE);
5633	}
5634
5635	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5636	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5637	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5638		ctl_set_invalid_field(ctsio,
5639				      /*sks_valid*/ 1,
5640				      /*command*/ 1,
5641				      /*field*/ 1,
5642				      /*bit_valid*/ 1,
5643				      /*bit*/ 4);
5644		ctl_done((union ctl_io *)ctsio);
5645		return (CTL_RETVAL_COMPLETE);
5646	}
5647
5648	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5649	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5650		ctl_set_invalid_field(ctsio,
5651				      /*sks_valid*/ 1,
5652				      /*command*/ 1,
5653				      /*field*/ 6,
5654				      /*bit_valid*/ 0,
5655				      /*bit*/ 0);
5656		ctl_done((union ctl_io *)ctsio);
5657		return (CTL_RETVAL_COMPLETE);
5658	}
5659
5660	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5661		descr[0] = 0;
5662		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5663		ctsio->kern_data_ptr = descr;
5664		len = min(len, sizeof(descr));
5665	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5666		ctsio->kern_data_ptr = echo_descr;
5667		len = min(len, sizeof(echo_descr));
5668	} else {
5669		if (lun->write_buffer == NULL) {
5670			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5671			    M_CTL, M_WAITOK);
5672		}
5673		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5674	}
5675	ctsio->kern_data_len = len;
5676	ctsio->kern_total_len = len;
5677	ctsio->kern_data_resid = 0;
5678	ctsio->kern_rel_offset = 0;
5679	ctsio->kern_sg_entries = 0;
5680	ctl_set_success(ctsio);
5681	ctsio->be_move_done = ctl_config_move_done;
5682	ctl_datamove((union ctl_io *)ctsio);
5683	return (CTL_RETVAL_COMPLETE);
5684}
5685
5686int
5687ctl_write_buffer(struct ctl_scsiio *ctsio)
5688{
5689	struct scsi_write_buffer *cdb;
5690	struct ctl_lun *lun;
5691	int buffer_offset, len;
5692
5693	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5694
5695	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5696	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5697
5698	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5699		ctl_set_invalid_field(ctsio,
5700				      /*sks_valid*/ 1,
5701				      /*command*/ 1,
5702				      /*field*/ 1,
5703				      /*bit_valid*/ 1,
5704				      /*bit*/ 4);
5705		ctl_done((union ctl_io *)ctsio);
5706		return (CTL_RETVAL_COMPLETE);
5707	}
5708
5709	len = scsi_3btoul(cdb->length);
5710	buffer_offset = scsi_3btoul(cdb->offset);
5711
5712	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5713		ctl_set_invalid_field(ctsio,
5714				      /*sks_valid*/ 1,
5715				      /*command*/ 1,
5716				      /*field*/ 6,
5717				      /*bit_valid*/ 0,
5718				      /*bit*/ 0);
5719		ctl_done((union ctl_io *)ctsio);
5720		return (CTL_RETVAL_COMPLETE);
5721	}
5722
5723	/*
5724	 * If we've got a kernel request that hasn't been malloced yet,
5725	 * malloc it and tell the caller the data buffer is here.
5726	 */
5727	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5728		if (lun->write_buffer == NULL) {
5729			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5730			    M_CTL, M_WAITOK);
5731		}
5732		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5733		ctsio->kern_data_len = len;
5734		ctsio->kern_total_len = len;
5735		ctsio->kern_data_resid = 0;
5736		ctsio->kern_rel_offset = 0;
5737		ctsio->kern_sg_entries = 0;
5738		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5739		ctsio->be_move_done = ctl_config_move_done;
5740		ctl_datamove((union ctl_io *)ctsio);
5741
5742		return (CTL_RETVAL_COMPLETE);
5743	}
5744
5745	ctl_set_success(ctsio);
5746	ctl_done((union ctl_io *)ctsio);
5747	return (CTL_RETVAL_COMPLETE);
5748}
5749
5750int
5751ctl_write_same(struct ctl_scsiio *ctsio)
5752{
5753	struct ctl_lun *lun;
5754	struct ctl_lba_len_flags *lbalen;
5755	uint64_t lba;
5756	uint32_t num_blocks;
5757	int len, retval;
5758	uint8_t byte2;
5759
5760	retval = CTL_RETVAL_COMPLETE;
5761
5762	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5763
5764	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5765
5766	switch (ctsio->cdb[0]) {
5767	case WRITE_SAME_10: {
5768		struct scsi_write_same_10 *cdb;
5769
5770		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5771
5772		lba = scsi_4btoul(cdb->addr);
5773		num_blocks = scsi_2btoul(cdb->length);
5774		byte2 = cdb->byte2;
5775		break;
5776	}
5777	case WRITE_SAME_16: {
5778		struct scsi_write_same_16 *cdb;
5779
5780		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5781
5782		lba = scsi_8btou64(cdb->addr);
5783		num_blocks = scsi_4btoul(cdb->length);
5784		byte2 = cdb->byte2;
5785		break;
5786	}
5787	default:
5788		/*
5789		 * We got a command we don't support.  This shouldn't
5790		 * happen, commands should be filtered out above us.
5791		 */
5792		ctl_set_invalid_opcode(ctsio);
5793		ctl_done((union ctl_io *)ctsio);
5794
5795		return (CTL_RETVAL_COMPLETE);
5796		break; /* NOTREACHED */
5797	}
5798
5799	/* ANCHOR flag can be used only together with UNMAP */
5800	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5801		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5802		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5803		ctl_done((union ctl_io *)ctsio);
5804		return (CTL_RETVAL_COMPLETE);
5805	}
5806
5807	/*
5808	 * The first check is to make sure we're in bounds, the second
5809	 * check is to catch wrap-around problems.  If the lba + num blocks
5810	 * is less than the lba, then we've wrapped around and the block
5811	 * range is invalid anyway.
5812	 */
5813	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5814	 || ((lba + num_blocks) < lba)) {
5815		ctl_set_lba_out_of_range(ctsio);
5816		ctl_done((union ctl_io *)ctsio);
5817		return (CTL_RETVAL_COMPLETE);
5818	}
5819
5820	/* Zero number of blocks means "to the last logical block" */
5821	if (num_blocks == 0) {
5822		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5823			ctl_set_invalid_field(ctsio,
5824					      /*sks_valid*/ 0,
5825					      /*command*/ 1,
5826					      /*field*/ 0,
5827					      /*bit_valid*/ 0,
5828					      /*bit*/ 0);
5829			ctl_done((union ctl_io *)ctsio);
5830			return (CTL_RETVAL_COMPLETE);
5831		}
5832		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5833	}
5834
5835	len = lun->be_lun->blocksize;
5836
5837	/*
5838	 * If we've got a kernel request that hasn't been malloced yet,
5839	 * malloc it and tell the caller the data buffer is here.
5840	 */
5841	if ((byte2 & SWS_NDOB) == 0 &&
5842	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5843		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5844		ctsio->kern_data_len = len;
5845		ctsio->kern_total_len = len;
5846		ctsio->kern_data_resid = 0;
5847		ctsio->kern_rel_offset = 0;
5848		ctsio->kern_sg_entries = 0;
5849		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5850		ctsio->be_move_done = ctl_config_move_done;
5851		ctl_datamove((union ctl_io *)ctsio);
5852
5853		return (CTL_RETVAL_COMPLETE);
5854	}
5855
5856	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5857	lbalen->lba = lba;
5858	lbalen->len = num_blocks;
5859	lbalen->flags = byte2;
5860	retval = lun->backend->config_write((union ctl_io *)ctsio);
5861
5862	return (retval);
5863}
5864
5865int
5866ctl_unmap(struct ctl_scsiio *ctsio)
5867{
5868	struct ctl_lun *lun;
5869	struct scsi_unmap *cdb;
5870	struct ctl_ptr_len_flags *ptrlen;
5871	struct scsi_unmap_header *hdr;
5872	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5873	uint64_t lba;
5874	uint32_t num_blocks;
5875	int len, retval;
5876	uint8_t byte2;
5877
5878	retval = CTL_RETVAL_COMPLETE;
5879
5880	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5881
5882	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5883	cdb = (struct scsi_unmap *)ctsio->cdb;
5884
5885	len = scsi_2btoul(cdb->length);
5886	byte2 = cdb->byte2;
5887
5888	/*
5889	 * If we've got a kernel request that hasn't been malloced yet,
5890	 * malloc it and tell the caller the data buffer is here.
5891	 */
5892	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5893		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5894		ctsio->kern_data_len = len;
5895		ctsio->kern_total_len = len;
5896		ctsio->kern_data_resid = 0;
5897		ctsio->kern_rel_offset = 0;
5898		ctsio->kern_sg_entries = 0;
5899		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5900		ctsio->be_move_done = ctl_config_move_done;
5901		ctl_datamove((union ctl_io *)ctsio);
5902
5903		return (CTL_RETVAL_COMPLETE);
5904	}
5905
5906	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5907	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5908	if (len < sizeof (*hdr) ||
5909	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5910	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5911	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5912		ctl_set_invalid_field(ctsio,
5913				      /*sks_valid*/ 0,
5914				      /*command*/ 0,
5915				      /*field*/ 0,
5916				      /*bit_valid*/ 0,
5917				      /*bit*/ 0);
5918		goto done;
5919	}
5920	len = scsi_2btoul(hdr->desc_length);
5921	buf = (struct scsi_unmap_desc *)(hdr + 1);
5922	end = buf + len / sizeof(*buf);
5923
5924	endnz = buf;
5925	for (range = buf; range < end; range++) {
5926		lba = scsi_8btou64(range->lba);
5927		num_blocks = scsi_4btoul(range->length);
5928		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5929		 || ((lba + num_blocks) < lba)) {
5930			ctl_set_lba_out_of_range(ctsio);
5931			ctl_done((union ctl_io *)ctsio);
5932			return (CTL_RETVAL_COMPLETE);
5933		}
5934		if (num_blocks != 0)
5935			endnz = range + 1;
5936	}
5937
5938	/*
5939	 * Block backend can not handle zero last range.
5940	 * Filter it out and return if there is nothing left.
5941	 */
5942	len = (uint8_t *)endnz - (uint8_t *)buf;
5943	if (len == 0) {
5944		ctl_set_success(ctsio);
5945		goto done;
5946	}
5947
5948	mtx_lock(&lun->lun_lock);
5949	ptrlen = (struct ctl_ptr_len_flags *)
5950	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5951	ptrlen->ptr = (void *)buf;
5952	ptrlen->len = len;
5953	ptrlen->flags = byte2;
5954	ctl_check_blocked(lun);
5955	mtx_unlock(&lun->lun_lock);
5956
5957	retval = lun->backend->config_write((union ctl_io *)ctsio);
5958	return (retval);
5959
5960done:
5961	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5962		free(ctsio->kern_data_ptr, M_CTL);
5963		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5964	}
5965	ctl_done((union ctl_io *)ctsio);
5966	return (CTL_RETVAL_COMPLETE);
5967}
5968
5969/*
5970 * Note that this function currently doesn't actually do anything inside
5971 * CTL to enforce things if the DQue bit is turned on.
5972 *
5973 * Also note that this function can't be used in the default case, because
5974 * the DQue bit isn't set in the changeable mask for the control mode page
5975 * anyway.  This is just here as an example for how to implement a page
5976 * handler, and a placeholder in case we want to allow the user to turn
5977 * tagged queueing on and off.
5978 *
5979 * The D_SENSE bit handling is functional, however, and will turn
5980 * descriptor sense on and off for a given LUN.
5981 */
5982int
5983ctl_control_page_handler(struct ctl_scsiio *ctsio,
5984			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5985{
5986	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5987	struct ctl_lun *lun;
5988	int set_ua;
5989	uint32_t initidx;
5990
5991	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5992	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5993	set_ua = 0;
5994
5995	user_cp = (struct scsi_control_page *)page_ptr;
5996	current_cp = (struct scsi_control_page *)
5997		(page_index->page_data + (page_index->page_len *
5998		CTL_PAGE_CURRENT));
5999	saved_cp = (struct scsi_control_page *)
6000		(page_index->page_data + (page_index->page_len *
6001		CTL_PAGE_SAVED));
6002
6003	mtx_lock(&lun->lun_lock);
6004	if (((current_cp->rlec & SCP_DSENSE) == 0)
6005	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6006		/*
6007		 * Descriptor sense is currently turned off and the user
6008		 * wants to turn it on.
6009		 */
6010		current_cp->rlec |= SCP_DSENSE;
6011		saved_cp->rlec |= SCP_DSENSE;
6012		lun->flags |= CTL_LUN_SENSE_DESC;
6013		set_ua = 1;
6014	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6015		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6016		/*
6017		 * Descriptor sense is currently turned on, and the user
6018		 * wants to turn it off.
6019		 */
6020		current_cp->rlec &= ~SCP_DSENSE;
6021		saved_cp->rlec &= ~SCP_DSENSE;
6022		lun->flags &= ~CTL_LUN_SENSE_DESC;
6023		set_ua = 1;
6024	}
6025	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6026	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6027		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6028		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6029		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6030		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6031		set_ua = 1;
6032	}
6033	if ((current_cp->eca_and_aen & SCP_SWP) !=
6034	    (user_cp->eca_and_aen & SCP_SWP)) {
6035		current_cp->eca_and_aen &= ~SCP_SWP;
6036		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6037		saved_cp->eca_and_aen &= ~SCP_SWP;
6038		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6039		set_ua = 1;
6040	}
6041	if (set_ua != 0)
6042		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6043	mtx_unlock(&lun->lun_lock);
6044	if (set_ua) {
6045		ctl_isc_announce_mode(lun,
6046		    ctl_get_initindex(&ctsio->io_hdr.nexus),
6047		    page_index->page_code, page_index->subpage);
6048	}
6049	return (0);
6050}
6051
6052int
6053ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6054		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6055{
6056	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6057	struct ctl_lun *lun;
6058	int set_ua;
6059	uint32_t initidx;
6060
6061	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6062	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6063	set_ua = 0;
6064
6065	user_cp = (struct scsi_caching_page *)page_ptr;
6066	current_cp = (struct scsi_caching_page *)
6067		(page_index->page_data + (page_index->page_len *
6068		CTL_PAGE_CURRENT));
6069	saved_cp = (struct scsi_caching_page *)
6070		(page_index->page_data + (page_index->page_len *
6071		CTL_PAGE_SAVED));
6072
6073	mtx_lock(&lun->lun_lock);
6074	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6075	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6076		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6077		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6078		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6079		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6080		set_ua = 1;
6081	}
6082	if (set_ua != 0)
6083		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6084	mtx_unlock(&lun->lun_lock);
6085	if (set_ua) {
6086		ctl_isc_announce_mode(lun,
6087		    ctl_get_initindex(&ctsio->io_hdr.nexus),
6088		    page_index->page_code, page_index->subpage);
6089	}
6090	return (0);
6091}
6092
6093int
6094ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6095				struct ctl_page_index *page_index,
6096				uint8_t *page_ptr)
6097{
6098	uint8_t *c;
6099	int i;
6100
6101	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6102	ctl_time_io_secs =
6103		(c[0] << 8) |
6104		(c[1] << 0) |
6105		0;
6106	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6107	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6108	printf("page data:");
6109	for (i=0; i<8; i++)
6110		printf(" %.2x",page_ptr[i]);
6111	printf("\n");
6112	return (0);
6113}
6114
6115int
6116ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6117			       struct ctl_page_index *page_index,
6118			       int pc)
6119{
6120	struct copan_debugconf_subpage *page;
6121
6122	page = (struct copan_debugconf_subpage *)page_index->page_data +
6123		(page_index->page_len * pc);
6124
6125	switch (pc) {
6126	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6127	case SMS_PAGE_CTRL_DEFAULT >> 6:
6128	case SMS_PAGE_CTRL_SAVED >> 6:
6129		/*
6130		 * We don't update the changable or default bits for this page.
6131		 */
6132		break;
6133	case SMS_PAGE_CTRL_CURRENT >> 6:
6134		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6135		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6136		break;
6137	default:
6138#ifdef NEEDTOPORT
6139		EPRINT(0, "Invalid PC %d!!", pc);
6140#endif /* NEEDTOPORT */
6141		break;
6142	}
6143	return (0);
6144}
6145
6146
6147static int
6148ctl_do_mode_select(union ctl_io *io)
6149{
6150	struct scsi_mode_page_header *page_header;
6151	struct ctl_page_index *page_index;
6152	struct ctl_scsiio *ctsio;
6153	int control_dev, page_len;
6154	int page_len_offset, page_len_size;
6155	union ctl_modepage_info *modepage_info;
6156	struct ctl_lun *lun;
6157	int *len_left, *len_used;
6158	int retval, i;
6159
6160	ctsio = &io->scsiio;
6161	page_index = NULL;
6162	page_len = 0;
6163	retval = CTL_RETVAL_COMPLETE;
6164
6165	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6166
6167	if (lun->be_lun->lun_type != T_DIRECT)
6168		control_dev = 1;
6169	else
6170		control_dev = 0;
6171
6172	modepage_info = (union ctl_modepage_info *)
6173		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6174	len_left = &modepage_info->header.len_left;
6175	len_used = &modepage_info->header.len_used;
6176
6177do_next_page:
6178
6179	page_header = (struct scsi_mode_page_header *)
6180		(ctsio->kern_data_ptr + *len_used);
6181
6182	if (*len_left == 0) {
6183		free(ctsio->kern_data_ptr, M_CTL);
6184		ctl_set_success(ctsio);
6185		ctl_done((union ctl_io *)ctsio);
6186		return (CTL_RETVAL_COMPLETE);
6187	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6188
6189		free(ctsio->kern_data_ptr, M_CTL);
6190		ctl_set_param_len_error(ctsio);
6191		ctl_done((union ctl_io *)ctsio);
6192		return (CTL_RETVAL_COMPLETE);
6193
6194	} else if ((page_header->page_code & SMPH_SPF)
6195		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6196
6197		free(ctsio->kern_data_ptr, M_CTL);
6198		ctl_set_param_len_error(ctsio);
6199		ctl_done((union ctl_io *)ctsio);
6200		return (CTL_RETVAL_COMPLETE);
6201	}
6202
6203
6204	/*
6205	 * XXX KDM should we do something with the block descriptor?
6206	 */
6207	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6208
6209		if ((control_dev != 0)
6210		 && (lun->mode_pages.index[i].page_flags &
6211		     CTL_PAGE_FLAG_DISK_ONLY))
6212			continue;
6213
6214		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6215		    (page_header->page_code & SMPH_PC_MASK))
6216			continue;
6217
6218		/*
6219		 * If neither page has a subpage code, then we've got a
6220		 * match.
6221		 */
6222		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6223		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6224			page_index = &lun->mode_pages.index[i];
6225			page_len = page_header->page_length;
6226			break;
6227		}
6228
6229		/*
6230		 * If both pages have subpages, then the subpage numbers
6231		 * have to match.
6232		 */
6233		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6234		  && (page_header->page_code & SMPH_SPF)) {
6235			struct scsi_mode_page_header_sp *sph;
6236
6237			sph = (struct scsi_mode_page_header_sp *)page_header;
6238
6239			if (lun->mode_pages.index[i].subpage ==
6240			    sph->subpage) {
6241				page_index = &lun->mode_pages.index[i];
6242				page_len = scsi_2btoul(sph->page_length);
6243				break;
6244			}
6245		}
6246	}
6247
6248	/*
6249	 * If we couldn't find the page, or if we don't have a mode select
6250	 * handler for it, send back an error to the user.
6251	 */
6252	if ((page_index == NULL)
6253	 || (page_index->select_handler == NULL)) {
6254		ctl_set_invalid_field(ctsio,
6255				      /*sks_valid*/ 1,
6256				      /*command*/ 0,
6257				      /*field*/ *len_used,
6258				      /*bit_valid*/ 0,
6259				      /*bit*/ 0);
6260		free(ctsio->kern_data_ptr, M_CTL);
6261		ctl_done((union ctl_io *)ctsio);
6262		return (CTL_RETVAL_COMPLETE);
6263	}
6264
6265	if (page_index->page_code & SMPH_SPF) {
6266		page_len_offset = 2;
6267		page_len_size = 2;
6268	} else {
6269		page_len_size = 1;
6270		page_len_offset = 1;
6271	}
6272
6273	/*
6274	 * If the length the initiator gives us isn't the one we specify in
6275	 * the mode page header, or if they didn't specify enough data in
6276	 * the CDB to avoid truncating this page, kick out the request.
6277	 */
6278	if ((page_len != (page_index->page_len - page_len_offset -
6279			  page_len_size))
6280	 || (*len_left < page_index->page_len)) {
6281
6282
6283		ctl_set_invalid_field(ctsio,
6284				      /*sks_valid*/ 1,
6285				      /*command*/ 0,
6286				      /*field*/ *len_used + page_len_offset,
6287				      /*bit_valid*/ 0,
6288				      /*bit*/ 0);
6289		free(ctsio->kern_data_ptr, M_CTL);
6290		ctl_done((union ctl_io *)ctsio);
6291		return (CTL_RETVAL_COMPLETE);
6292	}
6293
6294	/*
6295	 * Run through the mode page, checking to make sure that the bits
6296	 * the user changed are actually legal for him to change.
6297	 */
6298	for (i = 0; i < page_index->page_len; i++) {
6299		uint8_t *user_byte, *change_mask, *current_byte;
6300		int bad_bit;
6301		int j;
6302
6303		user_byte = (uint8_t *)page_header + i;
6304		change_mask = page_index->page_data +
6305			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6306		current_byte = page_index->page_data +
6307			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6308
6309		/*
6310		 * Check to see whether the user set any bits in this byte
6311		 * that he is not allowed to set.
6312		 */
6313		if ((*user_byte & ~(*change_mask)) ==
6314		    (*current_byte & ~(*change_mask)))
6315			continue;
6316
6317		/*
6318		 * Go through bit by bit to determine which one is illegal.
6319		 */
6320		bad_bit = 0;
6321		for (j = 7; j >= 0; j--) {
6322			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6323			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6324				bad_bit = i;
6325				break;
6326			}
6327		}
6328		ctl_set_invalid_field(ctsio,
6329				      /*sks_valid*/ 1,
6330				      /*command*/ 0,
6331				      /*field*/ *len_used + i,
6332				      /*bit_valid*/ 1,
6333				      /*bit*/ bad_bit);
6334		free(ctsio->kern_data_ptr, M_CTL);
6335		ctl_done((union ctl_io *)ctsio);
6336		return (CTL_RETVAL_COMPLETE);
6337	}
6338
6339	/*
6340	 * Decrement these before we call the page handler, since we may
6341	 * end up getting called back one way or another before the handler
6342	 * returns to this context.
6343	 */
6344	*len_left -= page_index->page_len;
6345	*len_used += page_index->page_len;
6346
6347	retval = page_index->select_handler(ctsio, page_index,
6348					    (uint8_t *)page_header);
6349
6350	/*
6351	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6352	 * wait until this queued command completes to finish processing
6353	 * the mode page.  If it returns anything other than
6354	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6355	 * already set the sense information, freed the data pointer, and
6356	 * completed the io for us.
6357	 */
6358	if (retval != CTL_RETVAL_COMPLETE)
6359		goto bailout_no_done;
6360
6361	/*
6362	 * If the initiator sent us more than one page, parse the next one.
6363	 */
6364	if (*len_left > 0)
6365		goto do_next_page;
6366
6367	ctl_set_success(ctsio);
6368	free(ctsio->kern_data_ptr, M_CTL);
6369	ctl_done((union ctl_io *)ctsio);
6370
6371bailout_no_done:
6372
6373	return (CTL_RETVAL_COMPLETE);
6374
6375}
6376
6377int
6378ctl_mode_select(struct ctl_scsiio *ctsio)
6379{
6380	int param_len, pf, sp;
6381	int header_size, bd_len;
6382	int len_left, len_used;
6383	struct ctl_page_index *page_index;
6384	struct ctl_lun *lun;
6385	int control_dev, page_len;
6386	union ctl_modepage_info *modepage_info;
6387	int retval;
6388
6389	pf = 0;
6390	sp = 0;
6391	page_len = 0;
6392	len_used = 0;
6393	len_left = 0;
6394	retval = 0;
6395	bd_len = 0;
6396	page_index = NULL;
6397
6398	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6399
6400	if (lun->be_lun->lun_type != T_DIRECT)
6401		control_dev = 1;
6402	else
6403		control_dev = 0;
6404
6405	switch (ctsio->cdb[0]) {
6406	case MODE_SELECT_6: {
6407		struct scsi_mode_select_6 *cdb;
6408
6409		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6410
6411		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6412		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6413
6414		param_len = cdb->length;
6415		header_size = sizeof(struct scsi_mode_header_6);
6416		break;
6417	}
6418	case MODE_SELECT_10: {
6419		struct scsi_mode_select_10 *cdb;
6420
6421		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6422
6423		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6424		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6425
6426		param_len = scsi_2btoul(cdb->length);
6427		header_size = sizeof(struct scsi_mode_header_10);
6428		break;
6429	}
6430	default:
6431		ctl_set_invalid_opcode(ctsio);
6432		ctl_done((union ctl_io *)ctsio);
6433		return (CTL_RETVAL_COMPLETE);
6434		break; /* NOTREACHED */
6435	}
6436
6437	/*
6438	 * From SPC-3:
6439	 * "A parameter list length of zero indicates that the Data-Out Buffer
6440	 * shall be empty. This condition shall not be considered as an error."
6441	 */
6442	if (param_len == 0) {
6443		ctl_set_success(ctsio);
6444		ctl_done((union ctl_io *)ctsio);
6445		return (CTL_RETVAL_COMPLETE);
6446	}
6447
6448	/*
6449	 * Since we'll hit this the first time through, prior to
6450	 * allocation, we don't need to free a data buffer here.
6451	 */
6452	if (param_len < header_size) {
6453		ctl_set_param_len_error(ctsio);
6454		ctl_done((union ctl_io *)ctsio);
6455		return (CTL_RETVAL_COMPLETE);
6456	}
6457
6458	/*
6459	 * Allocate the data buffer and grab the user's data.  In theory,
6460	 * we shouldn't have to sanity check the parameter list length here
6461	 * because the maximum size is 64K.  We should be able to malloc
6462	 * that much without too many problems.
6463	 */
6464	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6465		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6466		ctsio->kern_data_len = param_len;
6467		ctsio->kern_total_len = param_len;
6468		ctsio->kern_data_resid = 0;
6469		ctsio->kern_rel_offset = 0;
6470		ctsio->kern_sg_entries = 0;
6471		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6472		ctsio->be_move_done = ctl_config_move_done;
6473		ctl_datamove((union ctl_io *)ctsio);
6474
6475		return (CTL_RETVAL_COMPLETE);
6476	}
6477
6478	switch (ctsio->cdb[0]) {
6479	case MODE_SELECT_6: {
6480		struct scsi_mode_header_6 *mh6;
6481
6482		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6483		bd_len = mh6->blk_desc_len;
6484		break;
6485	}
6486	case MODE_SELECT_10: {
6487		struct scsi_mode_header_10 *mh10;
6488
6489		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6490		bd_len = scsi_2btoul(mh10->blk_desc_len);
6491		break;
6492	}
6493	default:
6494		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6495		break;
6496	}
6497
6498	if (param_len < (header_size + bd_len)) {
6499		free(ctsio->kern_data_ptr, M_CTL);
6500		ctl_set_param_len_error(ctsio);
6501		ctl_done((union ctl_io *)ctsio);
6502		return (CTL_RETVAL_COMPLETE);
6503	}
6504
6505	/*
6506	 * Set the IO_CONT flag, so that if this I/O gets passed to
6507	 * ctl_config_write_done(), it'll get passed back to
6508	 * ctl_do_mode_select() for further processing, or completion if
6509	 * we're all done.
6510	 */
6511	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6512	ctsio->io_cont = ctl_do_mode_select;
6513
6514	modepage_info = (union ctl_modepage_info *)
6515		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6516
6517	memset(modepage_info, 0, sizeof(*modepage_info));
6518
6519	len_left = param_len - header_size - bd_len;
6520	len_used = header_size + bd_len;
6521
6522	modepage_info->header.len_left = len_left;
6523	modepage_info->header.len_used = len_used;
6524
6525	return (ctl_do_mode_select((union ctl_io *)ctsio));
6526}
6527
6528int
6529ctl_mode_sense(struct ctl_scsiio *ctsio)
6530{
6531	struct ctl_lun *lun;
6532	int pc, page_code, dbd, llba, subpage;
6533	int alloc_len, page_len, header_len, total_len;
6534	struct scsi_mode_block_descr *block_desc;
6535	struct ctl_page_index *page_index;
6536	int control_dev;
6537
6538	dbd = 0;
6539	llba = 0;
6540	block_desc = NULL;
6541	page_index = NULL;
6542
6543	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6544
6545	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6546
6547	if (lun->be_lun->lun_type != T_DIRECT)
6548		control_dev = 1;
6549	else
6550		control_dev = 0;
6551
6552	switch (ctsio->cdb[0]) {
6553	case MODE_SENSE_6: {
6554		struct scsi_mode_sense_6 *cdb;
6555
6556		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6557
6558		header_len = sizeof(struct scsi_mode_hdr_6);
6559		if (cdb->byte2 & SMS_DBD)
6560			dbd = 1;
6561		else
6562			header_len += sizeof(struct scsi_mode_block_descr);
6563
6564		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6565		page_code = cdb->page & SMS_PAGE_CODE;
6566		subpage = cdb->subpage;
6567		alloc_len = cdb->length;
6568		break;
6569	}
6570	case MODE_SENSE_10: {
6571		struct scsi_mode_sense_10 *cdb;
6572
6573		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6574
6575		header_len = sizeof(struct scsi_mode_hdr_10);
6576
6577		if (cdb->byte2 & SMS_DBD)
6578			dbd = 1;
6579		else
6580			header_len += sizeof(struct scsi_mode_block_descr);
6581		if (cdb->byte2 & SMS10_LLBAA)
6582			llba = 1;
6583		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6584		page_code = cdb->page & SMS_PAGE_CODE;
6585		subpage = cdb->subpage;
6586		alloc_len = scsi_2btoul(cdb->length);
6587		break;
6588	}
6589	default:
6590		ctl_set_invalid_opcode(ctsio);
6591		ctl_done((union ctl_io *)ctsio);
6592		return (CTL_RETVAL_COMPLETE);
6593		break; /* NOTREACHED */
6594	}
6595
6596	/*
6597	 * We have to make a first pass through to calculate the size of
6598	 * the pages that match the user's query.  Then we allocate enough
6599	 * memory to hold it, and actually copy the data into the buffer.
6600	 */
6601	switch (page_code) {
6602	case SMS_ALL_PAGES_PAGE: {
6603		int i;
6604
6605		page_len = 0;
6606
6607		/*
6608		 * At the moment, values other than 0 and 0xff here are
6609		 * reserved according to SPC-3.
6610		 */
6611		if ((subpage != SMS_SUBPAGE_PAGE_0)
6612		 && (subpage != SMS_SUBPAGE_ALL)) {
6613			ctl_set_invalid_field(ctsio,
6614					      /*sks_valid*/ 1,
6615					      /*command*/ 1,
6616					      /*field*/ 3,
6617					      /*bit_valid*/ 0,
6618					      /*bit*/ 0);
6619			ctl_done((union ctl_io *)ctsio);
6620			return (CTL_RETVAL_COMPLETE);
6621		}
6622
6623		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6624			if ((control_dev != 0)
6625			 && (lun->mode_pages.index[i].page_flags &
6626			     CTL_PAGE_FLAG_DISK_ONLY))
6627				continue;
6628
6629			/*
6630			 * We don't use this subpage if the user didn't
6631			 * request all subpages.
6632			 */
6633			if ((lun->mode_pages.index[i].subpage != 0)
6634			 && (subpage == SMS_SUBPAGE_PAGE_0))
6635				continue;
6636
6637#if 0
6638			printf("found page %#x len %d\n",
6639			       lun->mode_pages.index[i].page_code &
6640			       SMPH_PC_MASK,
6641			       lun->mode_pages.index[i].page_len);
6642#endif
6643			page_len += lun->mode_pages.index[i].page_len;
6644		}
6645		break;
6646	}
6647	default: {
6648		int i;
6649
6650		page_len = 0;
6651
6652		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6653			/* Look for the right page code */
6654			if ((lun->mode_pages.index[i].page_code &
6655			     SMPH_PC_MASK) != page_code)
6656				continue;
6657
6658			/* Look for the right subpage or the subpage wildcard*/
6659			if ((lun->mode_pages.index[i].subpage != subpage)
6660			 && (subpage != SMS_SUBPAGE_ALL))
6661				continue;
6662
6663			/* Make sure the page is supported for this dev type */
6664			if ((control_dev != 0)
6665			 && (lun->mode_pages.index[i].page_flags &
6666			     CTL_PAGE_FLAG_DISK_ONLY))
6667				continue;
6668
6669#if 0
6670			printf("found page %#x len %d\n",
6671			       lun->mode_pages.index[i].page_code &
6672			       SMPH_PC_MASK,
6673			       lun->mode_pages.index[i].page_len);
6674#endif
6675
6676			page_len += lun->mode_pages.index[i].page_len;
6677		}
6678
6679		if (page_len == 0) {
6680			ctl_set_invalid_field(ctsio,
6681					      /*sks_valid*/ 1,
6682					      /*command*/ 1,
6683					      /*field*/ 2,
6684					      /*bit_valid*/ 1,
6685					      /*bit*/ 5);
6686			ctl_done((union ctl_io *)ctsio);
6687			return (CTL_RETVAL_COMPLETE);
6688		}
6689		break;
6690	}
6691	}
6692
6693	total_len = header_len + page_len;
6694#if 0
6695	printf("header_len = %d, page_len = %d, total_len = %d\n",
6696	       header_len, page_len, total_len);
6697#endif
6698
6699	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6700	ctsio->kern_sg_entries = 0;
6701	ctsio->kern_data_resid = 0;
6702	ctsio->kern_rel_offset = 0;
6703	if (total_len < alloc_len) {
6704		ctsio->residual = alloc_len - total_len;
6705		ctsio->kern_data_len = total_len;
6706		ctsio->kern_total_len = total_len;
6707	} else {
6708		ctsio->residual = 0;
6709		ctsio->kern_data_len = alloc_len;
6710		ctsio->kern_total_len = alloc_len;
6711	}
6712
6713	switch (ctsio->cdb[0]) {
6714	case MODE_SENSE_6: {
6715		struct scsi_mode_hdr_6 *header;
6716
6717		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6718
6719		header->datalen = MIN(total_len - 1, 254);
6720		if (control_dev == 0) {
6721			header->dev_specific = 0x10; /* DPOFUA */
6722			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6723			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6724			    .eca_and_aen & SCP_SWP) != 0)
6725				    header->dev_specific |= 0x80; /* WP */
6726		}
6727		if (dbd)
6728			header->block_descr_len = 0;
6729		else
6730			header->block_descr_len =
6731				sizeof(struct scsi_mode_block_descr);
6732		block_desc = (struct scsi_mode_block_descr *)&header[1];
6733		break;
6734	}
6735	case MODE_SENSE_10: {
6736		struct scsi_mode_hdr_10 *header;
6737		int datalen;
6738
6739		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6740
6741		datalen = MIN(total_len - 2, 65533);
6742		scsi_ulto2b(datalen, header->datalen);
6743		if (control_dev == 0) {
6744			header->dev_specific = 0x10; /* DPOFUA */
6745			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6746			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6747			    .eca_and_aen & SCP_SWP) != 0)
6748				    header->dev_specific |= 0x80; /* WP */
6749		}
6750		if (dbd)
6751			scsi_ulto2b(0, header->block_descr_len);
6752		else
6753			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6754				    header->block_descr_len);
6755		block_desc = (struct scsi_mode_block_descr *)&header[1];
6756		break;
6757	}
6758	default:
6759		panic("invalid CDB type %#x", ctsio->cdb[0]);
6760		break; /* NOTREACHED */
6761	}
6762
6763	/*
6764	 * If we've got a disk, use its blocksize in the block
6765	 * descriptor.  Otherwise, just set it to 0.
6766	 */
6767	if (dbd == 0) {
6768		if (control_dev == 0)
6769			scsi_ulto3b(lun->be_lun->blocksize,
6770				    block_desc->block_len);
6771		else
6772			scsi_ulto3b(0, block_desc->block_len);
6773	}
6774
6775	switch (page_code) {
6776	case SMS_ALL_PAGES_PAGE: {
6777		int i, data_used;
6778
6779		data_used = header_len;
6780		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6781			struct ctl_page_index *page_index;
6782
6783			page_index = &lun->mode_pages.index[i];
6784
6785			if ((control_dev != 0)
6786			 && (page_index->page_flags &
6787			    CTL_PAGE_FLAG_DISK_ONLY))
6788				continue;
6789
6790			/*
6791			 * We don't use this subpage if the user didn't
6792			 * request all subpages.  We already checked (above)
6793			 * to make sure the user only specified a subpage
6794			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6795			 */
6796			if ((page_index->subpage != 0)
6797			 && (subpage == SMS_SUBPAGE_PAGE_0))
6798				continue;
6799
6800			/*
6801			 * Call the handler, if it exists, to update the
6802			 * page to the latest values.
6803			 */
6804			if (page_index->sense_handler != NULL)
6805				page_index->sense_handler(ctsio, page_index,pc);
6806
6807			memcpy(ctsio->kern_data_ptr + data_used,
6808			       page_index->page_data +
6809			       (page_index->page_len * pc),
6810			       page_index->page_len);
6811			data_used += page_index->page_len;
6812		}
6813		break;
6814	}
6815	default: {
6816		int i, data_used;
6817
6818		data_used = header_len;
6819
6820		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6821			struct ctl_page_index *page_index;
6822
6823			page_index = &lun->mode_pages.index[i];
6824
6825			/* Look for the right page code */
6826			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6827				continue;
6828
6829			/* Look for the right subpage or the subpage wildcard*/
6830			if ((page_index->subpage != subpage)
6831			 && (subpage != SMS_SUBPAGE_ALL))
6832				continue;
6833
6834			/* Make sure the page is supported for this dev type */
6835			if ((control_dev != 0)
6836			 && (page_index->page_flags &
6837			     CTL_PAGE_FLAG_DISK_ONLY))
6838				continue;
6839
6840			/*
6841			 * Call the handler, if it exists, to update the
6842			 * page to the latest values.
6843			 */
6844			if (page_index->sense_handler != NULL)
6845				page_index->sense_handler(ctsio, page_index,pc);
6846
6847			memcpy(ctsio->kern_data_ptr + data_used,
6848			       page_index->page_data +
6849			       (page_index->page_len * pc),
6850			       page_index->page_len);
6851			data_used += page_index->page_len;
6852		}
6853		break;
6854	}
6855	}
6856
6857	ctl_set_success(ctsio);
6858	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6859	ctsio->be_move_done = ctl_config_move_done;
6860	ctl_datamove((union ctl_io *)ctsio);
6861	return (CTL_RETVAL_COMPLETE);
6862}
6863
6864int
6865ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6866			       struct ctl_page_index *page_index,
6867			       int pc)
6868{
6869	struct ctl_lun *lun;
6870	struct scsi_log_param_header *phdr;
6871	uint8_t *data;
6872	uint64_t val;
6873
6874	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6875	data = page_index->page_data;
6876
6877	if (lun->backend->lun_attr != NULL &&
6878	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6879	     != UINT64_MAX) {
6880		phdr = (struct scsi_log_param_header *)data;
6881		scsi_ulto2b(0x0001, phdr->param_code);
6882		phdr->param_control = SLP_LBIN | SLP_LP;
6883		phdr->param_len = 8;
6884		data = (uint8_t *)(phdr + 1);
6885		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6886		data[4] = 0x02; /* per-pool */
6887		data += phdr->param_len;
6888	}
6889
6890	if (lun->backend->lun_attr != NULL &&
6891	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6892	     != UINT64_MAX) {
6893		phdr = (struct scsi_log_param_header *)data;
6894		scsi_ulto2b(0x0002, phdr->param_code);
6895		phdr->param_control = SLP_LBIN | SLP_LP;
6896		phdr->param_len = 8;
6897		data = (uint8_t *)(phdr + 1);
6898		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6899		data[4] = 0x01; /* per-LUN */
6900		data += phdr->param_len;
6901	}
6902
6903	if (lun->backend->lun_attr != NULL &&
6904	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6905	     != UINT64_MAX) {
6906		phdr = (struct scsi_log_param_header *)data;
6907		scsi_ulto2b(0x00f1, phdr->param_code);
6908		phdr->param_control = SLP_LBIN | SLP_LP;
6909		phdr->param_len = 8;
6910		data = (uint8_t *)(phdr + 1);
6911		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6912		data[4] = 0x02; /* per-pool */
6913		data += phdr->param_len;
6914	}
6915
6916	if (lun->backend->lun_attr != NULL &&
6917	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6918	     != UINT64_MAX) {
6919		phdr = (struct scsi_log_param_header *)data;
6920		scsi_ulto2b(0x00f2, phdr->param_code);
6921		phdr->param_control = SLP_LBIN | SLP_LP;
6922		phdr->param_len = 8;
6923		data = (uint8_t *)(phdr + 1);
6924		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6925		data[4] = 0x02; /* per-pool */
6926		data += phdr->param_len;
6927	}
6928
6929	page_index->page_len = data - page_index->page_data;
6930	return (0);
6931}
6932
6933int
6934ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6935			       struct ctl_page_index *page_index,
6936			       int pc)
6937{
6938	struct ctl_lun *lun;
6939	struct stat_page *data;
6940	uint64_t rn, wn, rb, wb;
6941	struct bintime rt, wt;
6942	int i;
6943
6944	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6945	data = (struct stat_page *)page_index->page_data;
6946
6947	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6948	data->sap.hdr.param_control = SLP_LBIN;
6949	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6950	    sizeof(struct scsi_log_param_header);
6951	rn = wn = rb = wb = 0;
6952	bintime_clear(&rt);
6953	bintime_clear(&wt);
6954	for (i = 0; i < CTL_MAX_PORTS; i++) {
6955		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6956		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6957		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6958		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6959		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6960		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6961	}
6962	scsi_u64to8b(rn, data->sap.read_num);
6963	scsi_u64to8b(wn, data->sap.write_num);
6964	if (lun->stats.blocksize > 0) {
6965		scsi_u64to8b(wb / lun->stats.blocksize,
6966		    data->sap.recvieved_lba);
6967		scsi_u64to8b(rb / lun->stats.blocksize,
6968		    data->sap.transmitted_lba);
6969	}
6970	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6971	    data->sap.read_int);
6972	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6973	    data->sap.write_int);
6974	scsi_u64to8b(0, data->sap.weighted_num);
6975	scsi_u64to8b(0, data->sap.weighted_int);
6976	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6977	data->it.hdr.param_control = SLP_LBIN;
6978	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6979	    sizeof(struct scsi_log_param_header);
6980#ifdef CTL_TIME_IO
6981	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6982#endif
6983	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6984	data->it.hdr.param_control = SLP_LBIN;
6985	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6986	    sizeof(struct scsi_log_param_header);
6987	scsi_ulto4b(3, data->ti.exponent);
6988	scsi_ulto4b(1, data->ti.integer);
6989
6990	page_index->page_len = sizeof(*data);
6991	return (0);
6992}
6993
6994int
6995ctl_log_sense(struct ctl_scsiio *ctsio)
6996{
6997	struct ctl_lun *lun;
6998	int i, pc, page_code, subpage;
6999	int alloc_len, total_len;
7000	struct ctl_page_index *page_index;
7001	struct scsi_log_sense *cdb;
7002	struct scsi_log_header *header;
7003
7004	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
7005
7006	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7007	cdb = (struct scsi_log_sense *)ctsio->cdb;
7008	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
7009	page_code = cdb->page & SLS_PAGE_CODE;
7010	subpage = cdb->subpage;
7011	alloc_len = scsi_2btoul(cdb->length);
7012
7013	page_index = NULL;
7014	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
7015		page_index = &lun->log_pages.index[i];
7016
7017		/* Look for the right page code */
7018		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
7019			continue;
7020
7021		/* Look for the right subpage or the subpage wildcard*/
7022		if (page_index->subpage != subpage)
7023			continue;
7024
7025		break;
7026	}
7027	if (i >= CTL_NUM_LOG_PAGES) {
7028		ctl_set_invalid_field(ctsio,
7029				      /*sks_valid*/ 1,
7030				      /*command*/ 1,
7031				      /*field*/ 2,
7032				      /*bit_valid*/ 0,
7033				      /*bit*/ 0);
7034		ctl_done((union ctl_io *)ctsio);
7035		return (CTL_RETVAL_COMPLETE);
7036	}
7037
7038	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7039
7040	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7041	ctsio->kern_sg_entries = 0;
7042	ctsio->kern_data_resid = 0;
7043	ctsio->kern_rel_offset = 0;
7044	if (total_len < alloc_len) {
7045		ctsio->residual = alloc_len - total_len;
7046		ctsio->kern_data_len = total_len;
7047		ctsio->kern_total_len = total_len;
7048	} else {
7049		ctsio->residual = 0;
7050		ctsio->kern_data_len = alloc_len;
7051		ctsio->kern_total_len = alloc_len;
7052	}
7053
7054	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7055	header->page = page_index->page_code;
7056	if (page_index->subpage) {
7057		header->page |= SL_SPF;
7058		header->subpage = page_index->subpage;
7059	}
7060	scsi_ulto2b(page_index->page_len, header->datalen);
7061
7062	/*
7063	 * Call the handler, if it exists, to update the
7064	 * page to the latest values.
7065	 */
7066	if (page_index->sense_handler != NULL)
7067		page_index->sense_handler(ctsio, page_index, pc);
7068
7069	memcpy(header + 1, page_index->page_data, page_index->page_len);
7070
7071	ctl_set_success(ctsio);
7072	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7073	ctsio->be_move_done = ctl_config_move_done;
7074	ctl_datamove((union ctl_io *)ctsio);
7075	return (CTL_RETVAL_COMPLETE);
7076}
7077
7078int
7079ctl_read_capacity(struct ctl_scsiio *ctsio)
7080{
7081	struct scsi_read_capacity *cdb;
7082	struct scsi_read_capacity_data *data;
7083	struct ctl_lun *lun;
7084	uint32_t lba;
7085
7086	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7087
7088	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7089
7090	lba = scsi_4btoul(cdb->addr);
7091	if (((cdb->pmi & SRC_PMI) == 0)
7092	 && (lba != 0)) {
7093		ctl_set_invalid_field(/*ctsio*/ ctsio,
7094				      /*sks_valid*/ 1,
7095				      /*command*/ 1,
7096				      /*field*/ 2,
7097				      /*bit_valid*/ 0,
7098				      /*bit*/ 0);
7099		ctl_done((union ctl_io *)ctsio);
7100		return (CTL_RETVAL_COMPLETE);
7101	}
7102
7103	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7104
7105	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7106	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7107	ctsio->residual = 0;
7108	ctsio->kern_data_len = sizeof(*data);
7109	ctsio->kern_total_len = sizeof(*data);
7110	ctsio->kern_data_resid = 0;
7111	ctsio->kern_rel_offset = 0;
7112	ctsio->kern_sg_entries = 0;
7113
7114	/*
7115	 * If the maximum LBA is greater than 0xfffffffe, the user must
7116	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7117	 * serivce action set.
7118	 */
7119	if (lun->be_lun->maxlba > 0xfffffffe)
7120		scsi_ulto4b(0xffffffff, data->addr);
7121	else
7122		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7123
7124	/*
7125	 * XXX KDM this may not be 512 bytes...
7126	 */
7127	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7128
7129	ctl_set_success(ctsio);
7130	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7131	ctsio->be_move_done = ctl_config_move_done;
7132	ctl_datamove((union ctl_io *)ctsio);
7133	return (CTL_RETVAL_COMPLETE);
7134}
7135
7136int
7137ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7138{
7139	struct scsi_read_capacity_16 *cdb;
7140	struct scsi_read_capacity_data_long *data;
7141	struct ctl_lun *lun;
7142	uint64_t lba;
7143	uint32_t alloc_len;
7144
7145	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7146
7147	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7148
7149	alloc_len = scsi_4btoul(cdb->alloc_len);
7150	lba = scsi_8btou64(cdb->addr);
7151
7152	if ((cdb->reladr & SRC16_PMI)
7153	 && (lba != 0)) {
7154		ctl_set_invalid_field(/*ctsio*/ ctsio,
7155				      /*sks_valid*/ 1,
7156				      /*command*/ 1,
7157				      /*field*/ 2,
7158				      /*bit_valid*/ 0,
7159				      /*bit*/ 0);
7160		ctl_done((union ctl_io *)ctsio);
7161		return (CTL_RETVAL_COMPLETE);
7162	}
7163
7164	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7165
7166	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7167	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7168
7169	if (sizeof(*data) < alloc_len) {
7170		ctsio->residual = alloc_len - sizeof(*data);
7171		ctsio->kern_data_len = sizeof(*data);
7172		ctsio->kern_total_len = sizeof(*data);
7173	} else {
7174		ctsio->residual = 0;
7175		ctsio->kern_data_len = alloc_len;
7176		ctsio->kern_total_len = alloc_len;
7177	}
7178	ctsio->kern_data_resid = 0;
7179	ctsio->kern_rel_offset = 0;
7180	ctsio->kern_sg_entries = 0;
7181
7182	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7183	/* XXX KDM this may not be 512 bytes... */
7184	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7185	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7186	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7187	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7188		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7189
7190	ctl_set_success(ctsio);
7191	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7192	ctsio->be_move_done = ctl_config_move_done;
7193	ctl_datamove((union ctl_io *)ctsio);
7194	return (CTL_RETVAL_COMPLETE);
7195}
7196
7197int
7198ctl_get_lba_status(struct ctl_scsiio *ctsio)
7199{
7200	struct scsi_get_lba_status *cdb;
7201	struct scsi_get_lba_status_data *data;
7202	struct ctl_lun *lun;
7203	struct ctl_lba_len_flags *lbalen;
7204	uint64_t lba;
7205	uint32_t alloc_len, total_len;
7206	int retval;
7207
7208	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7209
7210	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7211	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7212	lba = scsi_8btou64(cdb->addr);
7213	alloc_len = scsi_4btoul(cdb->alloc_len);
7214
7215	if (lba > lun->be_lun->maxlba) {
7216		ctl_set_lba_out_of_range(ctsio);
7217		ctl_done((union ctl_io *)ctsio);
7218		return (CTL_RETVAL_COMPLETE);
7219	}
7220
7221	total_len = sizeof(*data) + sizeof(data->descr[0]);
7222	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7223	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7224
7225	if (total_len < alloc_len) {
7226		ctsio->residual = alloc_len - total_len;
7227		ctsio->kern_data_len = total_len;
7228		ctsio->kern_total_len = total_len;
7229	} else {
7230		ctsio->residual = 0;
7231		ctsio->kern_data_len = alloc_len;
7232		ctsio->kern_total_len = alloc_len;
7233	}
7234	ctsio->kern_data_resid = 0;
7235	ctsio->kern_rel_offset = 0;
7236	ctsio->kern_sg_entries = 0;
7237
7238	/* Fill dummy data in case backend can't tell anything. */
7239	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7240	scsi_u64to8b(lba, data->descr[0].addr);
7241	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7242	    data->descr[0].length);
7243	data->descr[0].status = 0; /* Mapped or unknown. */
7244
7245	ctl_set_success(ctsio);
7246	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7247	ctsio->be_move_done = ctl_config_move_done;
7248
7249	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7250	lbalen->lba = lba;
7251	lbalen->len = total_len;
7252	lbalen->flags = 0;
7253	retval = lun->backend->config_read((union ctl_io *)ctsio);
7254	return (CTL_RETVAL_COMPLETE);
7255}
7256
7257int
7258ctl_read_defect(struct ctl_scsiio *ctsio)
7259{
7260	struct scsi_read_defect_data_10 *ccb10;
7261	struct scsi_read_defect_data_12 *ccb12;
7262	struct scsi_read_defect_data_hdr_10 *data10;
7263	struct scsi_read_defect_data_hdr_12 *data12;
7264	uint32_t alloc_len, data_len;
7265	uint8_t format;
7266
7267	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7268
7269	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7270		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7271		format = ccb10->format;
7272		alloc_len = scsi_2btoul(ccb10->alloc_length);
7273		data_len = sizeof(*data10);
7274	} else {
7275		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7276		format = ccb12->format;
7277		alloc_len = scsi_4btoul(ccb12->alloc_length);
7278		data_len = sizeof(*data12);
7279	}
7280	if (alloc_len == 0) {
7281		ctl_set_success(ctsio);
7282		ctl_done((union ctl_io *)ctsio);
7283		return (CTL_RETVAL_COMPLETE);
7284	}
7285
7286	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7287	if (data_len < alloc_len) {
7288		ctsio->residual = alloc_len - data_len;
7289		ctsio->kern_data_len = data_len;
7290		ctsio->kern_total_len = data_len;
7291	} else {
7292		ctsio->residual = 0;
7293		ctsio->kern_data_len = alloc_len;
7294		ctsio->kern_total_len = alloc_len;
7295	}
7296	ctsio->kern_data_resid = 0;
7297	ctsio->kern_rel_offset = 0;
7298	ctsio->kern_sg_entries = 0;
7299
7300	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7301		data10 = (struct scsi_read_defect_data_hdr_10 *)
7302		    ctsio->kern_data_ptr;
7303		data10->format = format;
7304		scsi_ulto2b(0, data10->length);
7305	} else {
7306		data12 = (struct scsi_read_defect_data_hdr_12 *)
7307		    ctsio->kern_data_ptr;
7308		data12->format = format;
7309		scsi_ulto2b(0, data12->generation);
7310		scsi_ulto4b(0, data12->length);
7311	}
7312
7313	ctl_set_success(ctsio);
7314	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7315	ctsio->be_move_done = ctl_config_move_done;
7316	ctl_datamove((union ctl_io *)ctsio);
7317	return (CTL_RETVAL_COMPLETE);
7318}
7319
7320int
7321ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7322{
7323	struct scsi_maintenance_in *cdb;
7324	int retval;
7325	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7326	int num_target_port_groups, num_target_ports;
7327	struct ctl_lun *lun;
7328	struct ctl_softc *softc;
7329	struct ctl_port *port;
7330	struct scsi_target_group_data *rtg_ptr;
7331	struct scsi_target_group_data_extended *rtg_ext_ptr;
7332	struct scsi_target_port_group_descriptor *tpg_desc;
7333
7334	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7335
7336	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7337	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7338	softc = lun->ctl_softc;
7339
7340	retval = CTL_RETVAL_COMPLETE;
7341
7342	switch (cdb->byte2 & STG_PDF_MASK) {
7343	case STG_PDF_LENGTH:
7344		ext = 0;
7345		break;
7346	case STG_PDF_EXTENDED:
7347		ext = 1;
7348		break;
7349	default:
7350		ctl_set_invalid_field(/*ctsio*/ ctsio,
7351				      /*sks_valid*/ 1,
7352				      /*command*/ 1,
7353				      /*field*/ 2,
7354				      /*bit_valid*/ 1,
7355				      /*bit*/ 5);
7356		ctl_done((union ctl_io *)ctsio);
7357		return(retval);
7358	}
7359
7360	if (softc->is_single)
7361		num_target_port_groups = 1;
7362	else
7363		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7364	num_target_ports = 0;
7365	mtx_lock(&softc->ctl_lock);
7366	STAILQ_FOREACH(port, &softc->port_list, links) {
7367		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7368			continue;
7369		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7370			continue;
7371		num_target_ports++;
7372	}
7373	mtx_unlock(&softc->ctl_lock);
7374
7375	if (ext)
7376		total_len = sizeof(struct scsi_target_group_data_extended);
7377	else
7378		total_len = sizeof(struct scsi_target_group_data);
7379	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7380		num_target_port_groups +
7381	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7382
7383	alloc_len = scsi_4btoul(cdb->length);
7384
7385	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7386
7387	ctsio->kern_sg_entries = 0;
7388
7389	if (total_len < alloc_len) {
7390		ctsio->residual = alloc_len - total_len;
7391		ctsio->kern_data_len = total_len;
7392		ctsio->kern_total_len = total_len;
7393	} else {
7394		ctsio->residual = 0;
7395		ctsio->kern_data_len = alloc_len;
7396		ctsio->kern_total_len = alloc_len;
7397	}
7398	ctsio->kern_data_resid = 0;
7399	ctsio->kern_rel_offset = 0;
7400
7401	if (ext) {
7402		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7403		    ctsio->kern_data_ptr;
7404		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7405		rtg_ext_ptr->format_type = 0x10;
7406		rtg_ext_ptr->implicit_transition_time = 0;
7407		tpg_desc = &rtg_ext_ptr->groups[0];
7408	} else {
7409		rtg_ptr = (struct scsi_target_group_data *)
7410		    ctsio->kern_data_ptr;
7411		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7412		tpg_desc = &rtg_ptr->groups[0];
7413	}
7414
7415	mtx_lock(&softc->ctl_lock);
7416	pg = softc->port_min / softc->port_cnt;
7417	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7418		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7419	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7420		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7421	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7422		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7423	else
7424		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7425	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7426		os = gs;
7427		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7428	} else
7429		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7430	for (g = 0; g < num_target_port_groups; g++) {
7431		tpg_desc->pref_state = (g == pg) ? gs : os;
7432		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7433		    TPG_U_SUP | TPG_T_SUP;
7434		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7435		tpg_desc->status = TPG_IMPLICIT;
7436		pc = 0;
7437		STAILQ_FOREACH(port, &softc->port_list, links) {
7438			if (port->targ_port < g * softc->port_cnt ||
7439			    port->targ_port >= (g + 1) * softc->port_cnt)
7440				continue;
7441			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7442				continue;
7443			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7444				continue;
7445			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7446			    relative_target_port_identifier);
7447			pc++;
7448		}
7449		tpg_desc->target_port_count = pc;
7450		tpg_desc = (struct scsi_target_port_group_descriptor *)
7451		    &tpg_desc->descriptors[pc];
7452	}
7453	mtx_unlock(&softc->ctl_lock);
7454
7455	ctl_set_success(ctsio);
7456	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7457	ctsio->be_move_done = ctl_config_move_done;
7458	ctl_datamove((union ctl_io *)ctsio);
7459	return(retval);
7460}
7461
7462int
7463ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7464{
7465	struct ctl_lun *lun;
7466	struct scsi_report_supported_opcodes *cdb;
7467	const struct ctl_cmd_entry *entry, *sentry;
7468	struct scsi_report_supported_opcodes_all *all;
7469	struct scsi_report_supported_opcodes_descr *descr;
7470	struct scsi_report_supported_opcodes_one *one;
7471	int retval;
7472	int alloc_len, total_len;
7473	int opcode, service_action, i, j, num;
7474
7475	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7476
7477	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7478	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7479
7480	retval = CTL_RETVAL_COMPLETE;
7481
7482	opcode = cdb->requested_opcode;
7483	service_action = scsi_2btoul(cdb->requested_service_action);
7484	switch (cdb->options & RSO_OPTIONS_MASK) {
7485	case RSO_OPTIONS_ALL:
7486		num = 0;
7487		for (i = 0; i < 256; i++) {
7488			entry = &ctl_cmd_table[i];
7489			if (entry->flags & CTL_CMD_FLAG_SA5) {
7490				for (j = 0; j < 32; j++) {
7491					sentry = &((const struct ctl_cmd_entry *)
7492					    entry->execute)[j];
7493					if (ctl_cmd_applicable(
7494					    lun->be_lun->lun_type, sentry))
7495						num++;
7496				}
7497			} else {
7498				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7499				    entry))
7500					num++;
7501			}
7502		}
7503		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7504		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7505		break;
7506	case RSO_OPTIONS_OC:
7507		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7508			ctl_set_invalid_field(/*ctsio*/ ctsio,
7509					      /*sks_valid*/ 1,
7510					      /*command*/ 1,
7511					      /*field*/ 2,
7512					      /*bit_valid*/ 1,
7513					      /*bit*/ 2);
7514			ctl_done((union ctl_io *)ctsio);
7515			return (CTL_RETVAL_COMPLETE);
7516		}
7517		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7518		break;
7519	case RSO_OPTIONS_OC_SA:
7520		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7521		    service_action >= 32) {
7522			ctl_set_invalid_field(/*ctsio*/ ctsio,
7523					      /*sks_valid*/ 1,
7524					      /*command*/ 1,
7525					      /*field*/ 2,
7526					      /*bit_valid*/ 1,
7527					      /*bit*/ 2);
7528			ctl_done((union ctl_io *)ctsio);
7529			return (CTL_RETVAL_COMPLETE);
7530		}
7531		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7532		break;
7533	default:
7534		ctl_set_invalid_field(/*ctsio*/ ctsio,
7535				      /*sks_valid*/ 1,
7536				      /*command*/ 1,
7537				      /*field*/ 2,
7538				      /*bit_valid*/ 1,
7539				      /*bit*/ 2);
7540		ctl_done((union ctl_io *)ctsio);
7541		return (CTL_RETVAL_COMPLETE);
7542	}
7543
7544	alloc_len = scsi_4btoul(cdb->length);
7545
7546	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7547
7548	ctsio->kern_sg_entries = 0;
7549
7550	if (total_len < alloc_len) {
7551		ctsio->residual = alloc_len - total_len;
7552		ctsio->kern_data_len = total_len;
7553		ctsio->kern_total_len = total_len;
7554	} else {
7555		ctsio->residual = 0;
7556		ctsio->kern_data_len = alloc_len;
7557		ctsio->kern_total_len = alloc_len;
7558	}
7559	ctsio->kern_data_resid = 0;
7560	ctsio->kern_rel_offset = 0;
7561
7562	switch (cdb->options & RSO_OPTIONS_MASK) {
7563	case RSO_OPTIONS_ALL:
7564		all = (struct scsi_report_supported_opcodes_all *)
7565		    ctsio->kern_data_ptr;
7566		num = 0;
7567		for (i = 0; i < 256; i++) {
7568			entry = &ctl_cmd_table[i];
7569			if (entry->flags & CTL_CMD_FLAG_SA5) {
7570				for (j = 0; j < 32; j++) {
7571					sentry = &((const struct ctl_cmd_entry *)
7572					    entry->execute)[j];
7573					if (!ctl_cmd_applicable(
7574					    lun->be_lun->lun_type, sentry))
7575						continue;
7576					descr = &all->descr[num++];
7577					descr->opcode = i;
7578					scsi_ulto2b(j, descr->service_action);
7579					descr->flags = RSO_SERVACTV;
7580					scsi_ulto2b(sentry->length,
7581					    descr->cdb_length);
7582				}
7583			} else {
7584				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7585				    entry))
7586					continue;
7587				descr = &all->descr[num++];
7588				descr->opcode = i;
7589				scsi_ulto2b(0, descr->service_action);
7590				descr->flags = 0;
7591				scsi_ulto2b(entry->length, descr->cdb_length);
7592			}
7593		}
7594		scsi_ulto4b(
7595		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7596		    all->length);
7597		break;
7598	case RSO_OPTIONS_OC:
7599		one = (struct scsi_report_supported_opcodes_one *)
7600		    ctsio->kern_data_ptr;
7601		entry = &ctl_cmd_table[opcode];
7602		goto fill_one;
7603	case RSO_OPTIONS_OC_SA:
7604		one = (struct scsi_report_supported_opcodes_one *)
7605		    ctsio->kern_data_ptr;
7606		entry = &ctl_cmd_table[opcode];
7607		entry = &((const struct ctl_cmd_entry *)
7608		    entry->execute)[service_action];
7609fill_one:
7610		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7611			one->support = 3;
7612			scsi_ulto2b(entry->length, one->cdb_length);
7613			one->cdb_usage[0] = opcode;
7614			memcpy(&one->cdb_usage[1], entry->usage,
7615			    entry->length - 1);
7616		} else
7617			one->support = 1;
7618		break;
7619	}
7620
7621	ctl_set_success(ctsio);
7622	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7623	ctsio->be_move_done = ctl_config_move_done;
7624	ctl_datamove((union ctl_io *)ctsio);
7625	return(retval);
7626}
7627
7628int
7629ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7630{
7631	struct scsi_report_supported_tmf *cdb;
7632	struct scsi_report_supported_tmf_data *data;
7633	int retval;
7634	int alloc_len, total_len;
7635
7636	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7637
7638	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7639
7640	retval = CTL_RETVAL_COMPLETE;
7641
7642	total_len = sizeof(struct scsi_report_supported_tmf_data);
7643	alloc_len = scsi_4btoul(cdb->length);
7644
7645	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7646
7647	ctsio->kern_sg_entries = 0;
7648
7649	if (total_len < alloc_len) {
7650		ctsio->residual = alloc_len - total_len;
7651		ctsio->kern_data_len = total_len;
7652		ctsio->kern_total_len = total_len;
7653	} else {
7654		ctsio->residual = 0;
7655		ctsio->kern_data_len = alloc_len;
7656		ctsio->kern_total_len = alloc_len;
7657	}
7658	ctsio->kern_data_resid = 0;
7659	ctsio->kern_rel_offset = 0;
7660
7661	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7662	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7663	    RST_TRS;
7664	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7665
7666	ctl_set_success(ctsio);
7667	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7668	ctsio->be_move_done = ctl_config_move_done;
7669	ctl_datamove((union ctl_io *)ctsio);
7670	return (retval);
7671}
7672
7673int
7674ctl_report_timestamp(struct ctl_scsiio *ctsio)
7675{
7676	struct scsi_report_timestamp *cdb;
7677	struct scsi_report_timestamp_data *data;
7678	struct timeval tv;
7679	int64_t timestamp;
7680	int retval;
7681	int alloc_len, total_len;
7682
7683	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7684
7685	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7686
7687	retval = CTL_RETVAL_COMPLETE;
7688
7689	total_len = sizeof(struct scsi_report_timestamp_data);
7690	alloc_len = scsi_4btoul(cdb->length);
7691
7692	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7693
7694	ctsio->kern_sg_entries = 0;
7695
7696	if (total_len < alloc_len) {
7697		ctsio->residual = alloc_len - total_len;
7698		ctsio->kern_data_len = total_len;
7699		ctsio->kern_total_len = total_len;
7700	} else {
7701		ctsio->residual = 0;
7702		ctsio->kern_data_len = alloc_len;
7703		ctsio->kern_total_len = alloc_len;
7704	}
7705	ctsio->kern_data_resid = 0;
7706	ctsio->kern_rel_offset = 0;
7707
7708	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7709	scsi_ulto2b(sizeof(*data) - 2, data->length);
7710	data->origin = RTS_ORIG_OUTSIDE;
7711	getmicrotime(&tv);
7712	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7713	scsi_ulto4b(timestamp >> 16, data->timestamp);
7714	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7715
7716	ctl_set_success(ctsio);
7717	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7718	ctsio->be_move_done = ctl_config_move_done;
7719	ctl_datamove((union ctl_io *)ctsio);
7720	return (retval);
7721}
7722
7723int
7724ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7725{
7726	struct scsi_per_res_in *cdb;
7727	int alloc_len, total_len = 0;
7728	/* struct scsi_per_res_in_rsrv in_data; */
7729	struct ctl_lun *lun;
7730	struct ctl_softc *softc;
7731	uint64_t key;
7732
7733	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7734
7735	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7736
7737	alloc_len = scsi_2btoul(cdb->length);
7738
7739	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7740	softc = lun->ctl_softc;
7741
7742retry:
7743	mtx_lock(&lun->lun_lock);
7744	switch (cdb->action) {
7745	case SPRI_RK: /* read keys */
7746		total_len = sizeof(struct scsi_per_res_in_keys) +
7747			lun->pr_key_count *
7748			sizeof(struct scsi_per_res_key);
7749		break;
7750	case SPRI_RR: /* read reservation */
7751		if (lun->flags & CTL_LUN_PR_RESERVED)
7752			total_len = sizeof(struct scsi_per_res_in_rsrv);
7753		else
7754			total_len = sizeof(struct scsi_per_res_in_header);
7755		break;
7756	case SPRI_RC: /* report capabilities */
7757		total_len = sizeof(struct scsi_per_res_cap);
7758		break;
7759	case SPRI_RS: /* read full status */
7760		total_len = sizeof(struct scsi_per_res_in_header) +
7761		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7762		    lun->pr_key_count;
7763		break;
7764	default:
7765		panic("Invalid PR type %x", cdb->action);
7766	}
7767	mtx_unlock(&lun->lun_lock);
7768
7769	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7770
7771	if (total_len < alloc_len) {
7772		ctsio->residual = alloc_len - total_len;
7773		ctsio->kern_data_len = total_len;
7774		ctsio->kern_total_len = total_len;
7775	} else {
7776		ctsio->residual = 0;
7777		ctsio->kern_data_len = alloc_len;
7778		ctsio->kern_total_len = alloc_len;
7779	}
7780
7781	ctsio->kern_data_resid = 0;
7782	ctsio->kern_rel_offset = 0;
7783	ctsio->kern_sg_entries = 0;
7784
7785	mtx_lock(&lun->lun_lock);
7786	switch (cdb->action) {
7787	case SPRI_RK: { // read keys
7788        struct scsi_per_res_in_keys *res_keys;
7789		int i, key_count;
7790
7791		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7792
7793		/*
7794		 * We had to drop the lock to allocate our buffer, which
7795		 * leaves time for someone to come in with another
7796		 * persistent reservation.  (That is unlikely, though,
7797		 * since this should be the only persistent reservation
7798		 * command active right now.)
7799		 */
7800		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7801		    (lun->pr_key_count *
7802		     sizeof(struct scsi_per_res_key)))){
7803			mtx_unlock(&lun->lun_lock);
7804			free(ctsio->kern_data_ptr, M_CTL);
7805			printf("%s: reservation length changed, retrying\n",
7806			       __func__);
7807			goto retry;
7808		}
7809
7810		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7811
7812		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7813			     lun->pr_key_count, res_keys->header.length);
7814
7815		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7816			if ((key = ctl_get_prkey(lun, i)) == 0)
7817				continue;
7818
7819			/*
7820			 * We used lun->pr_key_count to calculate the
7821			 * size to allocate.  If it turns out the number of
7822			 * initiators with the registered flag set is
7823			 * larger than that (i.e. they haven't been kept in
7824			 * sync), we've got a problem.
7825			 */
7826			if (key_count >= lun->pr_key_count) {
7827#ifdef NEEDTOPORT
7828				csevent_log(CSC_CTL | CSC_SHELF_SW |
7829					    CTL_PR_ERROR,
7830					    csevent_LogType_Fault,
7831					    csevent_AlertLevel_Yellow,
7832					    csevent_FRU_ShelfController,
7833					    csevent_FRU_Firmware,
7834				        csevent_FRU_Unknown,
7835					    "registered keys %d >= key "
7836					    "count %d", key_count,
7837					    lun->pr_key_count);
7838#endif
7839				key_count++;
7840				continue;
7841			}
7842			scsi_u64to8b(key, res_keys->keys[key_count].key);
7843			key_count++;
7844		}
7845		break;
7846	}
7847	case SPRI_RR: { // read reservation
7848		struct scsi_per_res_in_rsrv *res;
7849		int tmp_len, header_only;
7850
7851		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7852
7853		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7854
7855		if (lun->flags & CTL_LUN_PR_RESERVED)
7856		{
7857			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7858			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7859				    res->header.length);
7860			header_only = 0;
7861		} else {
7862			tmp_len = sizeof(struct scsi_per_res_in_header);
7863			scsi_ulto4b(0, res->header.length);
7864			header_only = 1;
7865		}
7866
7867		/*
7868		 * We had to drop the lock to allocate our buffer, which
7869		 * leaves time for someone to come in with another
7870		 * persistent reservation.  (That is unlikely, though,
7871		 * since this should be the only persistent reservation
7872		 * command active right now.)
7873		 */
7874		if (tmp_len != total_len) {
7875			mtx_unlock(&lun->lun_lock);
7876			free(ctsio->kern_data_ptr, M_CTL);
7877			printf("%s: reservation status changed, retrying\n",
7878			       __func__);
7879			goto retry;
7880		}
7881
7882		/*
7883		 * No reservation held, so we're done.
7884		 */
7885		if (header_only != 0)
7886			break;
7887
7888		/*
7889		 * If the registration is an All Registrants type, the key
7890		 * is 0, since it doesn't really matter.
7891		 */
7892		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7893			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7894			    res->data.reservation);
7895		}
7896		res->data.scopetype = lun->res_type;
7897		break;
7898	}
7899	case SPRI_RC:     //report capabilities
7900	{
7901		struct scsi_per_res_cap *res_cap;
7902		uint16_t type_mask;
7903
7904		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7905		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7906		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7907		type_mask = SPRI_TM_WR_EX_AR |
7908			    SPRI_TM_EX_AC_RO |
7909			    SPRI_TM_WR_EX_RO |
7910			    SPRI_TM_EX_AC |
7911			    SPRI_TM_WR_EX |
7912			    SPRI_TM_EX_AC_AR;
7913		scsi_ulto2b(type_mask, res_cap->type_mask);
7914		break;
7915	}
7916	case SPRI_RS: { // read full status
7917		struct scsi_per_res_in_full *res_status;
7918		struct scsi_per_res_in_full_desc *res_desc;
7919		struct ctl_port *port;
7920		int i, len;
7921
7922		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7923
7924		/*
7925		 * We had to drop the lock to allocate our buffer, which
7926		 * leaves time for someone to come in with another
7927		 * persistent reservation.  (That is unlikely, though,
7928		 * since this should be the only persistent reservation
7929		 * command active right now.)
7930		 */
7931		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7932		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7933		     lun->pr_key_count)){
7934			mtx_unlock(&lun->lun_lock);
7935			free(ctsio->kern_data_ptr, M_CTL);
7936			printf("%s: reservation length changed, retrying\n",
7937			       __func__);
7938			goto retry;
7939		}
7940
7941		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7942
7943		res_desc = &res_status->desc[0];
7944		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7945			if ((key = ctl_get_prkey(lun, i)) == 0)
7946				continue;
7947
7948			scsi_u64to8b(key, res_desc->res_key.key);
7949			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7950			    (lun->pr_res_idx == i ||
7951			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7952				res_desc->flags = SPRI_FULL_R_HOLDER;
7953				res_desc->scopetype = lun->res_type;
7954			}
7955			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7956			    res_desc->rel_trgt_port_id);
7957			len = 0;
7958			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7959			if (port != NULL)
7960				len = ctl_create_iid(port,
7961				    i % CTL_MAX_INIT_PER_PORT,
7962				    res_desc->transport_id);
7963			scsi_ulto4b(len, res_desc->additional_length);
7964			res_desc = (struct scsi_per_res_in_full_desc *)
7965			    &res_desc->transport_id[len];
7966		}
7967		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7968		    res_status->header.length);
7969		break;
7970	}
7971	default:
7972		/*
7973		 * This is a bug, because we just checked for this above,
7974		 * and should have returned an error.
7975		 */
7976		panic("Invalid PR type %x", cdb->action);
7977		break; /* NOTREACHED */
7978	}
7979	mtx_unlock(&lun->lun_lock);
7980
7981	ctl_set_success(ctsio);
7982	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7983	ctsio->be_move_done = ctl_config_move_done;
7984	ctl_datamove((union ctl_io *)ctsio);
7985	return (CTL_RETVAL_COMPLETE);
7986}
7987
7988/*
7989 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7990 * it should return.
7991 */
7992static int
7993ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7994		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7995		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7996		struct scsi_per_res_out_parms* param)
7997{
7998	union ctl_ha_msg persis_io;
7999	int i;
8000
8001	mtx_lock(&lun->lun_lock);
8002	if (sa_res_key == 0) {
8003		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8004			/* validate scope and type */
8005			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8006			     SPR_LU_SCOPE) {
8007				mtx_unlock(&lun->lun_lock);
8008				ctl_set_invalid_field(/*ctsio*/ ctsio,
8009						      /*sks_valid*/ 1,
8010						      /*command*/ 1,
8011						      /*field*/ 2,
8012						      /*bit_valid*/ 1,
8013						      /*bit*/ 4);
8014				ctl_done((union ctl_io *)ctsio);
8015				return (1);
8016			}
8017
8018		        if (type>8 || type==2 || type==4 || type==0) {
8019				mtx_unlock(&lun->lun_lock);
8020				ctl_set_invalid_field(/*ctsio*/ ctsio,
8021       	           				      /*sks_valid*/ 1,
8022						      /*command*/ 1,
8023						      /*field*/ 2,
8024						      /*bit_valid*/ 1,
8025						      /*bit*/ 0);
8026				ctl_done((union ctl_io *)ctsio);
8027				return (1);
8028		        }
8029
8030			/*
8031			 * Unregister everybody else and build UA for
8032			 * them
8033			 */
8034			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8035				if (i == residx || ctl_get_prkey(lun, i) == 0)
8036					continue;
8037
8038				ctl_clr_prkey(lun, i);
8039				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8040			}
8041			lun->pr_key_count = 1;
8042			lun->res_type = type;
8043			if (lun->res_type != SPR_TYPE_WR_EX_AR
8044			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8045				lun->pr_res_idx = residx;
8046			lun->PRGeneration++;
8047			mtx_unlock(&lun->lun_lock);
8048
8049			/* send msg to other side */
8050			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8051			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8052			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8053			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8054			persis_io.pr.pr_info.res_type = type;
8055			memcpy(persis_io.pr.pr_info.sa_res_key,
8056			       param->serv_act_res_key,
8057			       sizeof(param->serv_act_res_key));
8058			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8059			    sizeof(persis_io.pr), M_WAITOK);
8060		} else {
8061			/* not all registrants */
8062			mtx_unlock(&lun->lun_lock);
8063			free(ctsio->kern_data_ptr, M_CTL);
8064			ctl_set_invalid_field(ctsio,
8065					      /*sks_valid*/ 1,
8066					      /*command*/ 0,
8067					      /*field*/ 8,
8068					      /*bit_valid*/ 0,
8069					      /*bit*/ 0);
8070			ctl_done((union ctl_io *)ctsio);
8071			return (1);
8072		}
8073	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8074		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8075		int found = 0;
8076
8077		if (res_key == sa_res_key) {
8078			/* special case */
8079			/*
8080			 * The spec implies this is not good but doesn't
8081			 * say what to do. There are two choices either
8082			 * generate a res conflict or check condition
8083			 * with illegal field in parameter data. Since
8084			 * that is what is done when the sa_res_key is
8085			 * zero I'll take that approach since this has
8086			 * to do with the sa_res_key.
8087			 */
8088			mtx_unlock(&lun->lun_lock);
8089			free(ctsio->kern_data_ptr, M_CTL);
8090			ctl_set_invalid_field(ctsio,
8091					      /*sks_valid*/ 1,
8092					      /*command*/ 0,
8093					      /*field*/ 8,
8094					      /*bit_valid*/ 0,
8095					      /*bit*/ 0);
8096			ctl_done((union ctl_io *)ctsio);
8097			return (1);
8098		}
8099
8100		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8101			if (ctl_get_prkey(lun, i) != sa_res_key)
8102				continue;
8103
8104			found = 1;
8105			ctl_clr_prkey(lun, i);
8106			lun->pr_key_count--;
8107			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8108		}
8109		if (!found) {
8110			mtx_unlock(&lun->lun_lock);
8111			free(ctsio->kern_data_ptr, M_CTL);
8112			ctl_set_reservation_conflict(ctsio);
8113			ctl_done((union ctl_io *)ctsio);
8114			return (CTL_RETVAL_COMPLETE);
8115		}
8116		lun->PRGeneration++;
8117		mtx_unlock(&lun->lun_lock);
8118
8119		/* send msg to other side */
8120		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8121		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8122		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8123		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8124		persis_io.pr.pr_info.res_type = type;
8125		memcpy(persis_io.pr.pr_info.sa_res_key,
8126		       param->serv_act_res_key,
8127		       sizeof(param->serv_act_res_key));
8128		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8129		    sizeof(persis_io.pr), M_WAITOK);
8130	} else {
8131		/* Reserved but not all registrants */
8132		/* sa_res_key is res holder */
8133		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
8134			/* validate scope and type */
8135			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8136			     SPR_LU_SCOPE) {
8137				mtx_unlock(&lun->lun_lock);
8138				ctl_set_invalid_field(/*ctsio*/ ctsio,
8139						      /*sks_valid*/ 1,
8140						      /*command*/ 1,
8141						      /*field*/ 2,
8142						      /*bit_valid*/ 1,
8143						      /*bit*/ 4);
8144				ctl_done((union ctl_io *)ctsio);
8145				return (1);
8146			}
8147
8148			if (type>8 || type==2 || type==4 || type==0) {
8149				mtx_unlock(&lun->lun_lock);
8150				ctl_set_invalid_field(/*ctsio*/ ctsio,
8151						      /*sks_valid*/ 1,
8152						      /*command*/ 1,
8153						      /*field*/ 2,
8154						      /*bit_valid*/ 1,
8155						      /*bit*/ 0);
8156				ctl_done((union ctl_io *)ctsio);
8157				return (1);
8158			}
8159
8160			/*
8161			 * Do the following:
8162			 * if sa_res_key != res_key remove all
8163			 * registrants w/sa_res_key and generate UA
8164			 * for these registrants(Registrations
8165			 * Preempted) if it wasn't an exclusive
8166			 * reservation generate UA(Reservations
8167			 * Preempted) for all other registered nexuses
8168			 * if the type has changed. Establish the new
8169			 * reservation and holder. If res_key and
8170			 * sa_res_key are the same do the above
8171			 * except don't unregister the res holder.
8172			 */
8173
8174			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8175				if (i == residx || ctl_get_prkey(lun, i) == 0)
8176					continue;
8177
8178				if (sa_res_key == ctl_get_prkey(lun, i)) {
8179					ctl_clr_prkey(lun, i);
8180					lun->pr_key_count--;
8181					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8182				} else if (type != lun->res_type
8183					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8184					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8185					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8186				}
8187			}
8188			lun->res_type = type;
8189			if (lun->res_type != SPR_TYPE_WR_EX_AR
8190			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8191				lun->pr_res_idx = residx;
8192			else
8193				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8194			lun->PRGeneration++;
8195			mtx_unlock(&lun->lun_lock);
8196
8197			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8198			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8199			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8200			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8201			persis_io.pr.pr_info.res_type = type;
8202			memcpy(persis_io.pr.pr_info.sa_res_key,
8203			       param->serv_act_res_key,
8204			       sizeof(param->serv_act_res_key));
8205			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8206			    sizeof(persis_io.pr), M_WAITOK);
8207		} else {
8208			/*
8209			 * sa_res_key is not the res holder just
8210			 * remove registrants
8211			 */
8212			int found=0;
8213
8214			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8215				if (sa_res_key != ctl_get_prkey(lun, i))
8216					continue;
8217
8218				found = 1;
8219				ctl_clr_prkey(lun, i);
8220				lun->pr_key_count--;
8221				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8222			}
8223
8224			if (!found) {
8225				mtx_unlock(&lun->lun_lock);
8226				free(ctsio->kern_data_ptr, M_CTL);
8227				ctl_set_reservation_conflict(ctsio);
8228				ctl_done((union ctl_io *)ctsio);
8229		        	return (1);
8230			}
8231			lun->PRGeneration++;
8232			mtx_unlock(&lun->lun_lock);
8233
8234			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8235			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8236			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8237			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8238			persis_io.pr.pr_info.res_type = type;
8239			memcpy(persis_io.pr.pr_info.sa_res_key,
8240			       param->serv_act_res_key,
8241			       sizeof(param->serv_act_res_key));
8242			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8243			    sizeof(persis_io.pr), M_WAITOK);
8244		}
8245	}
8246	return (0);
8247}
8248
8249static void
8250ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8251{
8252	uint64_t sa_res_key;
8253	int i;
8254
8255	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8256
8257	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8258	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8259	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8260		if (sa_res_key == 0) {
8261			/*
8262			 * Unregister everybody else and build UA for
8263			 * them
8264			 */
8265			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8266				if (i == msg->pr.pr_info.residx ||
8267				    ctl_get_prkey(lun, i) == 0)
8268					continue;
8269
8270				ctl_clr_prkey(lun, i);
8271				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8272			}
8273
8274			lun->pr_key_count = 1;
8275			lun->res_type = msg->pr.pr_info.res_type;
8276			if (lun->res_type != SPR_TYPE_WR_EX_AR
8277			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8278				lun->pr_res_idx = msg->pr.pr_info.residx;
8279		} else {
8280		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8281				if (sa_res_key == ctl_get_prkey(lun, i))
8282					continue;
8283
8284				ctl_clr_prkey(lun, i);
8285				lun->pr_key_count--;
8286				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8287			}
8288		}
8289	} else {
8290		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8291			if (i == msg->pr.pr_info.residx ||
8292			    ctl_get_prkey(lun, i) == 0)
8293				continue;
8294
8295			if (sa_res_key == ctl_get_prkey(lun, i)) {
8296				ctl_clr_prkey(lun, i);
8297				lun->pr_key_count--;
8298				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8299			} else if (msg->pr.pr_info.res_type != lun->res_type
8300				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8301				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8302				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8303			}
8304		}
8305		lun->res_type = msg->pr.pr_info.res_type;
8306		if (lun->res_type != SPR_TYPE_WR_EX_AR
8307		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8308			lun->pr_res_idx = msg->pr.pr_info.residx;
8309		else
8310			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8311	}
8312	lun->PRGeneration++;
8313
8314}
8315
8316
8317int
8318ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8319{
8320	int retval;
8321	u_int32_t param_len;
8322	struct scsi_per_res_out *cdb;
8323	struct ctl_lun *lun;
8324	struct scsi_per_res_out_parms* param;
8325	struct ctl_softc *softc;
8326	uint32_t residx;
8327	uint64_t res_key, sa_res_key, key;
8328	uint8_t type;
8329	union ctl_ha_msg persis_io;
8330	int    i;
8331
8332	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8333
8334	retval = CTL_RETVAL_COMPLETE;
8335
8336	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8337	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8338	softc = lun->ctl_softc;
8339
8340	/*
8341	 * We only support whole-LUN scope.  The scope & type are ignored for
8342	 * register, register and ignore existing key and clear.
8343	 * We sometimes ignore scope and type on preempts too!!
8344	 * Verify reservation type here as well.
8345	 */
8346	type = cdb->scope_type & SPR_TYPE_MASK;
8347	if ((cdb->action == SPRO_RESERVE)
8348	 || (cdb->action == SPRO_RELEASE)) {
8349		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8350			ctl_set_invalid_field(/*ctsio*/ ctsio,
8351					      /*sks_valid*/ 1,
8352					      /*command*/ 1,
8353					      /*field*/ 2,
8354					      /*bit_valid*/ 1,
8355					      /*bit*/ 4);
8356			ctl_done((union ctl_io *)ctsio);
8357			return (CTL_RETVAL_COMPLETE);
8358		}
8359
8360		if (type>8 || type==2 || type==4 || type==0) {
8361			ctl_set_invalid_field(/*ctsio*/ ctsio,
8362					      /*sks_valid*/ 1,
8363					      /*command*/ 1,
8364					      /*field*/ 2,
8365					      /*bit_valid*/ 1,
8366					      /*bit*/ 0);
8367			ctl_done((union ctl_io *)ctsio);
8368			return (CTL_RETVAL_COMPLETE);
8369		}
8370	}
8371
8372	param_len = scsi_4btoul(cdb->length);
8373
8374	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8375		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8376		ctsio->kern_data_len = param_len;
8377		ctsio->kern_total_len = param_len;
8378		ctsio->kern_data_resid = 0;
8379		ctsio->kern_rel_offset = 0;
8380		ctsio->kern_sg_entries = 0;
8381		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8382		ctsio->be_move_done = ctl_config_move_done;
8383		ctl_datamove((union ctl_io *)ctsio);
8384
8385		return (CTL_RETVAL_COMPLETE);
8386	}
8387
8388	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8389
8390	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8391	res_key = scsi_8btou64(param->res_key.key);
8392	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8393
8394	/*
8395	 * Validate the reservation key here except for SPRO_REG_IGNO
8396	 * This must be done for all other service actions
8397	 */
8398	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8399		mtx_lock(&lun->lun_lock);
8400		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8401			if (res_key != key) {
8402				/*
8403				 * The current key passed in doesn't match
8404				 * the one the initiator previously
8405				 * registered.
8406				 */
8407				mtx_unlock(&lun->lun_lock);
8408				free(ctsio->kern_data_ptr, M_CTL);
8409				ctl_set_reservation_conflict(ctsio);
8410				ctl_done((union ctl_io *)ctsio);
8411				return (CTL_RETVAL_COMPLETE);
8412			}
8413		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8414			/*
8415			 * We are not registered
8416			 */
8417			mtx_unlock(&lun->lun_lock);
8418			free(ctsio->kern_data_ptr, M_CTL);
8419			ctl_set_reservation_conflict(ctsio);
8420			ctl_done((union ctl_io *)ctsio);
8421			return (CTL_RETVAL_COMPLETE);
8422		} else if (res_key != 0) {
8423			/*
8424			 * We are not registered and trying to register but
8425			 * the register key isn't zero.
8426			 */
8427			mtx_unlock(&lun->lun_lock);
8428			free(ctsio->kern_data_ptr, M_CTL);
8429			ctl_set_reservation_conflict(ctsio);
8430			ctl_done((union ctl_io *)ctsio);
8431			return (CTL_RETVAL_COMPLETE);
8432		}
8433		mtx_unlock(&lun->lun_lock);
8434	}
8435
8436	switch (cdb->action & SPRO_ACTION_MASK) {
8437	case SPRO_REGISTER:
8438	case SPRO_REG_IGNO: {
8439
8440#if 0
8441		printf("Registration received\n");
8442#endif
8443
8444		/*
8445		 * We don't support any of these options, as we report in
8446		 * the read capabilities request (see
8447		 * ctl_persistent_reserve_in(), above).
8448		 */
8449		if ((param->flags & SPR_SPEC_I_PT)
8450		 || (param->flags & SPR_ALL_TG_PT)
8451		 || (param->flags & SPR_APTPL)) {
8452			int bit_ptr;
8453
8454			if (param->flags & SPR_APTPL)
8455				bit_ptr = 0;
8456			else if (param->flags & SPR_ALL_TG_PT)
8457				bit_ptr = 2;
8458			else /* SPR_SPEC_I_PT */
8459				bit_ptr = 3;
8460
8461			free(ctsio->kern_data_ptr, M_CTL);
8462			ctl_set_invalid_field(ctsio,
8463					      /*sks_valid*/ 1,
8464					      /*command*/ 0,
8465					      /*field*/ 20,
8466					      /*bit_valid*/ 1,
8467					      /*bit*/ bit_ptr);
8468			ctl_done((union ctl_io *)ctsio);
8469			return (CTL_RETVAL_COMPLETE);
8470		}
8471
8472		mtx_lock(&lun->lun_lock);
8473
8474		/*
8475		 * The initiator wants to clear the
8476		 * key/unregister.
8477		 */
8478		if (sa_res_key == 0) {
8479			if ((res_key == 0
8480			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8481			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8482			  && ctl_get_prkey(lun, residx) == 0)) {
8483				mtx_unlock(&lun->lun_lock);
8484				goto done;
8485			}
8486
8487			ctl_clr_prkey(lun, residx);
8488			lun->pr_key_count--;
8489
8490			if (residx == lun->pr_res_idx) {
8491				lun->flags &= ~CTL_LUN_PR_RESERVED;
8492				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8493
8494				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8495				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8496				 && lun->pr_key_count) {
8497					/*
8498					 * If the reservation is a registrants
8499					 * only type we need to generate a UA
8500					 * for other registered inits.  The
8501					 * sense code should be RESERVATIONS
8502					 * RELEASED
8503					 */
8504
8505					for (i = softc->init_min; i < softc->init_max; i++){
8506						if (ctl_get_prkey(lun, i) == 0)
8507							continue;
8508						ctl_est_ua(lun, i,
8509						    CTL_UA_RES_RELEASE);
8510					}
8511				}
8512				lun->res_type = 0;
8513			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8514				if (lun->pr_key_count==0) {
8515					lun->flags &= ~CTL_LUN_PR_RESERVED;
8516					lun->res_type = 0;
8517					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8518				}
8519			}
8520			lun->PRGeneration++;
8521			mtx_unlock(&lun->lun_lock);
8522
8523			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8524			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8525			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8526			persis_io.pr.pr_info.residx = residx;
8527			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8528			    sizeof(persis_io.pr), M_WAITOK);
8529		} else /* sa_res_key != 0 */ {
8530
8531			/*
8532			 * If we aren't registered currently then increment
8533			 * the key count and set the registered flag.
8534			 */
8535			ctl_alloc_prkey(lun, residx);
8536			if (ctl_get_prkey(lun, residx) == 0)
8537				lun->pr_key_count++;
8538			ctl_set_prkey(lun, residx, sa_res_key);
8539			lun->PRGeneration++;
8540			mtx_unlock(&lun->lun_lock);
8541
8542			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8543			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8544			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8545			persis_io.pr.pr_info.residx = residx;
8546			memcpy(persis_io.pr.pr_info.sa_res_key,
8547			       param->serv_act_res_key,
8548			       sizeof(param->serv_act_res_key));
8549			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8550			    sizeof(persis_io.pr), M_WAITOK);
8551		}
8552
8553		break;
8554	}
8555	case SPRO_RESERVE:
8556#if 0
8557                printf("Reserve executed type %d\n", type);
8558#endif
8559		mtx_lock(&lun->lun_lock);
8560		if (lun->flags & CTL_LUN_PR_RESERVED) {
8561			/*
8562			 * if this isn't the reservation holder and it's
8563			 * not a "all registrants" type or if the type is
8564			 * different then we have a conflict
8565			 */
8566			if ((lun->pr_res_idx != residx
8567			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8568			 || lun->res_type != type) {
8569				mtx_unlock(&lun->lun_lock);
8570				free(ctsio->kern_data_ptr, M_CTL);
8571				ctl_set_reservation_conflict(ctsio);
8572				ctl_done((union ctl_io *)ctsio);
8573				return (CTL_RETVAL_COMPLETE);
8574			}
8575			mtx_unlock(&lun->lun_lock);
8576		} else /* create a reservation */ {
8577			/*
8578			 * If it's not an "all registrants" type record
8579			 * reservation holder
8580			 */
8581			if (type != SPR_TYPE_WR_EX_AR
8582			 && type != SPR_TYPE_EX_AC_AR)
8583				lun->pr_res_idx = residx; /* Res holder */
8584			else
8585				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8586
8587			lun->flags |= CTL_LUN_PR_RESERVED;
8588			lun->res_type = type;
8589
8590			mtx_unlock(&lun->lun_lock);
8591
8592			/* send msg to other side */
8593			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8594			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8595			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8596			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8597			persis_io.pr.pr_info.res_type = type;
8598			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8599			    sizeof(persis_io.pr), M_WAITOK);
8600		}
8601		break;
8602
8603	case SPRO_RELEASE:
8604		mtx_lock(&lun->lun_lock);
8605		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8606			/* No reservation exists return good status */
8607			mtx_unlock(&lun->lun_lock);
8608			goto done;
8609		}
8610		/*
8611		 * Is this nexus a reservation holder?
8612		 */
8613		if (lun->pr_res_idx != residx
8614		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8615			/*
8616			 * not a res holder return good status but
8617			 * do nothing
8618			 */
8619			mtx_unlock(&lun->lun_lock);
8620			goto done;
8621		}
8622
8623		if (lun->res_type != type) {
8624			mtx_unlock(&lun->lun_lock);
8625			free(ctsio->kern_data_ptr, M_CTL);
8626			ctl_set_illegal_pr_release(ctsio);
8627			ctl_done((union ctl_io *)ctsio);
8628			return (CTL_RETVAL_COMPLETE);
8629		}
8630
8631		/* okay to release */
8632		lun->flags &= ~CTL_LUN_PR_RESERVED;
8633		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8634		lun->res_type = 0;
8635
8636		/*
8637		 * if this isn't an exclusive access
8638		 * res generate UA for all other
8639		 * registrants.
8640		 */
8641		if (type != SPR_TYPE_EX_AC
8642		 && type != SPR_TYPE_WR_EX) {
8643			for (i = softc->init_min; i < softc->init_max; i++) {
8644				if (i == residx || ctl_get_prkey(lun, i) == 0)
8645					continue;
8646				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8647			}
8648		}
8649		mtx_unlock(&lun->lun_lock);
8650
8651		/* Send msg to other side */
8652		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8653		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8654		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8655		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8656		     sizeof(persis_io.pr), M_WAITOK);
8657		break;
8658
8659	case SPRO_CLEAR:
8660		/* send msg to other side */
8661
8662		mtx_lock(&lun->lun_lock);
8663		lun->flags &= ~CTL_LUN_PR_RESERVED;
8664		lun->res_type = 0;
8665		lun->pr_key_count = 0;
8666		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8667
8668		ctl_clr_prkey(lun, residx);
8669		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8670			if (ctl_get_prkey(lun, i) != 0) {
8671				ctl_clr_prkey(lun, i);
8672				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8673			}
8674		lun->PRGeneration++;
8675		mtx_unlock(&lun->lun_lock);
8676
8677		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8678		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8679		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8680		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8681		     sizeof(persis_io.pr), M_WAITOK);
8682		break;
8683
8684	case SPRO_PREEMPT:
8685	case SPRO_PRE_ABO: {
8686		int nretval;
8687
8688		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8689					  residx, ctsio, cdb, param);
8690		if (nretval != 0)
8691			return (CTL_RETVAL_COMPLETE);
8692		break;
8693	}
8694	default:
8695		panic("Invalid PR type %x", cdb->action);
8696	}
8697
8698done:
8699	free(ctsio->kern_data_ptr, M_CTL);
8700	ctl_set_success(ctsio);
8701	ctl_done((union ctl_io *)ctsio);
8702
8703	return (retval);
8704}
8705
8706/*
8707 * This routine is for handling a message from the other SC pertaining to
8708 * persistent reserve out. All the error checking will have been done
8709 * so only perorming the action need be done here to keep the two
8710 * in sync.
8711 */
8712static void
8713ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8714{
8715	struct ctl_softc *softc = control_softc;
8716	struct ctl_lun *lun;
8717	int i;
8718	uint32_t residx, targ_lun;
8719
8720	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8721	mtx_lock(&softc->ctl_lock);
8722	if ((targ_lun >= CTL_MAX_LUNS) ||
8723	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8724		mtx_unlock(&softc->ctl_lock);
8725		return;
8726	}
8727	mtx_lock(&lun->lun_lock);
8728	mtx_unlock(&softc->ctl_lock);
8729	if (lun->flags & CTL_LUN_DISABLED) {
8730		mtx_unlock(&lun->lun_lock);
8731		return;
8732	}
8733	residx = ctl_get_initindex(&msg->hdr.nexus);
8734	switch(msg->pr.pr_info.action) {
8735	case CTL_PR_REG_KEY:
8736		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8737		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8738			lun->pr_key_count++;
8739		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8740		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8741		lun->PRGeneration++;
8742		break;
8743
8744	case CTL_PR_UNREG_KEY:
8745		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8746		lun->pr_key_count--;
8747
8748		/* XXX Need to see if the reservation has been released */
8749		/* if so do we need to generate UA? */
8750		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8751			lun->flags &= ~CTL_LUN_PR_RESERVED;
8752			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8753
8754			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8755			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8756			 && lun->pr_key_count) {
8757				/*
8758				 * If the reservation is a registrants
8759				 * only type we need to generate a UA
8760				 * for other registered inits.  The
8761				 * sense code should be RESERVATIONS
8762				 * RELEASED
8763				 */
8764
8765				for (i = softc->init_min; i < softc->init_max; i++) {
8766					if (ctl_get_prkey(lun, i) == 0)
8767						continue;
8768
8769					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8770				}
8771			}
8772			lun->res_type = 0;
8773		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8774			if (lun->pr_key_count==0) {
8775				lun->flags &= ~CTL_LUN_PR_RESERVED;
8776				lun->res_type = 0;
8777				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8778			}
8779		}
8780		lun->PRGeneration++;
8781		break;
8782
8783	case CTL_PR_RESERVE:
8784		lun->flags |= CTL_LUN_PR_RESERVED;
8785		lun->res_type = msg->pr.pr_info.res_type;
8786		lun->pr_res_idx = msg->pr.pr_info.residx;
8787
8788		break;
8789
8790	case CTL_PR_RELEASE:
8791		/*
8792		 * if this isn't an exclusive access res generate UA for all
8793		 * other registrants.
8794		 */
8795		if (lun->res_type != SPR_TYPE_EX_AC
8796		 && lun->res_type != SPR_TYPE_WR_EX) {
8797			for (i = softc->init_min; i < softc->init_max; i++)
8798				if (i == residx || ctl_get_prkey(lun, i) == 0)
8799					continue;
8800				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8801		}
8802
8803		lun->flags &= ~CTL_LUN_PR_RESERVED;
8804		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8805		lun->res_type = 0;
8806		break;
8807
8808	case CTL_PR_PREEMPT:
8809		ctl_pro_preempt_other(lun, msg);
8810		break;
8811	case CTL_PR_CLEAR:
8812		lun->flags &= ~CTL_LUN_PR_RESERVED;
8813		lun->res_type = 0;
8814		lun->pr_key_count = 0;
8815		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8816
8817		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8818			if (ctl_get_prkey(lun, i) == 0)
8819				continue;
8820			ctl_clr_prkey(lun, i);
8821			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8822		}
8823		lun->PRGeneration++;
8824		break;
8825	}
8826
8827	mtx_unlock(&lun->lun_lock);
8828}
8829
8830int
8831ctl_read_write(struct ctl_scsiio *ctsio)
8832{
8833	struct ctl_lun *lun;
8834	struct ctl_lba_len_flags *lbalen;
8835	uint64_t lba;
8836	uint32_t num_blocks;
8837	int flags, retval;
8838	int isread;
8839
8840	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8841
8842	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8843
8844	flags = 0;
8845	retval = CTL_RETVAL_COMPLETE;
8846
8847	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8848	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8849	switch (ctsio->cdb[0]) {
8850	case READ_6:
8851	case WRITE_6: {
8852		struct scsi_rw_6 *cdb;
8853
8854		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8855
8856		lba = scsi_3btoul(cdb->addr);
8857		/* only 5 bits are valid in the most significant address byte */
8858		lba &= 0x1fffff;
8859		num_blocks = cdb->length;
8860		/*
8861		 * This is correct according to SBC-2.
8862		 */
8863		if (num_blocks == 0)
8864			num_blocks = 256;
8865		break;
8866	}
8867	case READ_10:
8868	case WRITE_10: {
8869		struct scsi_rw_10 *cdb;
8870
8871		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8872		if (cdb->byte2 & SRW10_FUA)
8873			flags |= CTL_LLF_FUA;
8874		if (cdb->byte2 & SRW10_DPO)
8875			flags |= CTL_LLF_DPO;
8876		lba = scsi_4btoul(cdb->addr);
8877		num_blocks = scsi_2btoul(cdb->length);
8878		break;
8879	}
8880	case WRITE_VERIFY_10: {
8881		struct scsi_write_verify_10 *cdb;
8882
8883		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8884		flags |= CTL_LLF_FUA;
8885		if (cdb->byte2 & SWV_DPO)
8886			flags |= CTL_LLF_DPO;
8887		lba = scsi_4btoul(cdb->addr);
8888		num_blocks = scsi_2btoul(cdb->length);
8889		break;
8890	}
8891	case READ_12:
8892	case WRITE_12: {
8893		struct scsi_rw_12 *cdb;
8894
8895		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8896		if (cdb->byte2 & SRW12_FUA)
8897			flags |= CTL_LLF_FUA;
8898		if (cdb->byte2 & SRW12_DPO)
8899			flags |= CTL_LLF_DPO;
8900		lba = scsi_4btoul(cdb->addr);
8901		num_blocks = scsi_4btoul(cdb->length);
8902		break;
8903	}
8904	case WRITE_VERIFY_12: {
8905		struct scsi_write_verify_12 *cdb;
8906
8907		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8908		flags |= CTL_LLF_FUA;
8909		if (cdb->byte2 & SWV_DPO)
8910			flags |= CTL_LLF_DPO;
8911		lba = scsi_4btoul(cdb->addr);
8912		num_blocks = scsi_4btoul(cdb->length);
8913		break;
8914	}
8915	case READ_16:
8916	case WRITE_16: {
8917		struct scsi_rw_16 *cdb;
8918
8919		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8920		if (cdb->byte2 & SRW12_FUA)
8921			flags |= CTL_LLF_FUA;
8922		if (cdb->byte2 & SRW12_DPO)
8923			flags |= CTL_LLF_DPO;
8924		lba = scsi_8btou64(cdb->addr);
8925		num_blocks = scsi_4btoul(cdb->length);
8926		break;
8927	}
8928	case WRITE_ATOMIC_16: {
8929		struct scsi_write_atomic_16 *cdb;
8930
8931		if (lun->be_lun->atomicblock == 0) {
8932			ctl_set_invalid_opcode(ctsio);
8933			ctl_done((union ctl_io *)ctsio);
8934			return (CTL_RETVAL_COMPLETE);
8935		}
8936
8937		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8938		if (cdb->byte2 & SRW12_FUA)
8939			flags |= CTL_LLF_FUA;
8940		if (cdb->byte2 & SRW12_DPO)
8941			flags |= CTL_LLF_DPO;
8942		lba = scsi_8btou64(cdb->addr);
8943		num_blocks = scsi_2btoul(cdb->length);
8944		if (num_blocks > lun->be_lun->atomicblock) {
8945			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8946			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8947			    /*bit*/ 0);
8948			ctl_done((union ctl_io *)ctsio);
8949			return (CTL_RETVAL_COMPLETE);
8950		}
8951		break;
8952	}
8953	case WRITE_VERIFY_16: {
8954		struct scsi_write_verify_16 *cdb;
8955
8956		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8957		flags |= CTL_LLF_FUA;
8958		if (cdb->byte2 & SWV_DPO)
8959			flags |= CTL_LLF_DPO;
8960		lba = scsi_8btou64(cdb->addr);
8961		num_blocks = scsi_4btoul(cdb->length);
8962		break;
8963	}
8964	default:
8965		/*
8966		 * We got a command we don't support.  This shouldn't
8967		 * happen, commands should be filtered out above us.
8968		 */
8969		ctl_set_invalid_opcode(ctsio);
8970		ctl_done((union ctl_io *)ctsio);
8971
8972		return (CTL_RETVAL_COMPLETE);
8973		break; /* NOTREACHED */
8974	}
8975
8976	/*
8977	 * The first check is to make sure we're in bounds, the second
8978	 * check is to catch wrap-around problems.  If the lba + num blocks
8979	 * is less than the lba, then we've wrapped around and the block
8980	 * range is invalid anyway.
8981	 */
8982	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8983	 || ((lba + num_blocks) < lba)) {
8984		ctl_set_lba_out_of_range(ctsio);
8985		ctl_done((union ctl_io *)ctsio);
8986		return (CTL_RETVAL_COMPLETE);
8987	}
8988
8989	/*
8990	 * According to SBC-3, a transfer length of 0 is not an error.
8991	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8992	 * translates to 256 blocks for those commands.
8993	 */
8994	if (num_blocks == 0) {
8995		ctl_set_success(ctsio);
8996		ctl_done((union ctl_io *)ctsio);
8997		return (CTL_RETVAL_COMPLETE);
8998	}
8999
9000	/* Set FUA and/or DPO if caches are disabled. */
9001	if (isread) {
9002		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9003		    SCP_RCD) != 0)
9004			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
9005	} else {
9006		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9007		    SCP_WCE) == 0)
9008			flags |= CTL_LLF_FUA;
9009	}
9010
9011	lbalen = (struct ctl_lba_len_flags *)
9012	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9013	lbalen->lba = lba;
9014	lbalen->len = num_blocks;
9015	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
9016
9017	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9018	ctsio->kern_rel_offset = 0;
9019
9020	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
9021
9022	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9023
9024	return (retval);
9025}
9026
9027static int
9028ctl_cnw_cont(union ctl_io *io)
9029{
9030	struct ctl_scsiio *ctsio;
9031	struct ctl_lun *lun;
9032	struct ctl_lba_len_flags *lbalen;
9033	int retval;
9034
9035	ctsio = &io->scsiio;
9036	ctsio->io_hdr.status = CTL_STATUS_NONE;
9037	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9038	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9039	lbalen = (struct ctl_lba_len_flags *)
9040	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9041	lbalen->flags &= ~CTL_LLF_COMPARE;
9042	lbalen->flags |= CTL_LLF_WRITE;
9043
9044	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9045	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9046	return (retval);
9047}
9048
9049int
9050ctl_cnw(struct ctl_scsiio *ctsio)
9051{
9052	struct ctl_lun *lun;
9053	struct ctl_lba_len_flags *lbalen;
9054	uint64_t lba;
9055	uint32_t num_blocks;
9056	int flags, retval;
9057
9058	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9059
9060	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9061
9062	flags = 0;
9063	retval = CTL_RETVAL_COMPLETE;
9064
9065	switch (ctsio->cdb[0]) {
9066	case COMPARE_AND_WRITE: {
9067		struct scsi_compare_and_write *cdb;
9068
9069		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9070		if (cdb->byte2 & SRW10_FUA)
9071			flags |= CTL_LLF_FUA;
9072		if (cdb->byte2 & SRW10_DPO)
9073			flags |= CTL_LLF_DPO;
9074		lba = scsi_8btou64(cdb->addr);
9075		num_blocks = cdb->length;
9076		break;
9077	}
9078	default:
9079		/*
9080		 * We got a command we don't support.  This shouldn't
9081		 * happen, commands should be filtered out above us.
9082		 */
9083		ctl_set_invalid_opcode(ctsio);
9084		ctl_done((union ctl_io *)ctsio);
9085
9086		return (CTL_RETVAL_COMPLETE);
9087		break; /* NOTREACHED */
9088	}
9089
9090	/*
9091	 * The first check is to make sure we're in bounds, the second
9092	 * check is to catch wrap-around problems.  If the lba + num blocks
9093	 * is less than the lba, then we've wrapped around and the block
9094	 * range is invalid anyway.
9095	 */
9096	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9097	 || ((lba + num_blocks) < lba)) {
9098		ctl_set_lba_out_of_range(ctsio);
9099		ctl_done((union ctl_io *)ctsio);
9100		return (CTL_RETVAL_COMPLETE);
9101	}
9102
9103	/*
9104	 * According to SBC-3, a transfer length of 0 is not an error.
9105	 */
9106	if (num_blocks == 0) {
9107		ctl_set_success(ctsio);
9108		ctl_done((union ctl_io *)ctsio);
9109		return (CTL_RETVAL_COMPLETE);
9110	}
9111
9112	/* Set FUA if write cache is disabled. */
9113	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9114	    SCP_WCE) == 0)
9115		flags |= CTL_LLF_FUA;
9116
9117	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9118	ctsio->kern_rel_offset = 0;
9119
9120	/*
9121	 * Set the IO_CONT flag, so that if this I/O gets passed to
9122	 * ctl_data_submit_done(), it'll get passed back to
9123	 * ctl_ctl_cnw_cont() for further processing.
9124	 */
9125	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9126	ctsio->io_cont = ctl_cnw_cont;
9127
9128	lbalen = (struct ctl_lba_len_flags *)
9129	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9130	lbalen->lba = lba;
9131	lbalen->len = num_blocks;
9132	lbalen->flags = CTL_LLF_COMPARE | flags;
9133
9134	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9135	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9136	return (retval);
9137}
9138
9139int
9140ctl_verify(struct ctl_scsiio *ctsio)
9141{
9142	struct ctl_lun *lun;
9143	struct ctl_lba_len_flags *lbalen;
9144	uint64_t lba;
9145	uint32_t num_blocks;
9146	int bytchk, flags;
9147	int retval;
9148
9149	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9150
9151	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9152
9153	bytchk = 0;
9154	flags = CTL_LLF_FUA;
9155	retval = CTL_RETVAL_COMPLETE;
9156
9157	switch (ctsio->cdb[0]) {
9158	case VERIFY_10: {
9159		struct scsi_verify_10 *cdb;
9160
9161		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9162		if (cdb->byte2 & SVFY_BYTCHK)
9163			bytchk = 1;
9164		if (cdb->byte2 & SVFY_DPO)
9165			flags |= CTL_LLF_DPO;
9166		lba = scsi_4btoul(cdb->addr);
9167		num_blocks = scsi_2btoul(cdb->length);
9168		break;
9169	}
9170	case VERIFY_12: {
9171		struct scsi_verify_12 *cdb;
9172
9173		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9174		if (cdb->byte2 & SVFY_BYTCHK)
9175			bytchk = 1;
9176		if (cdb->byte2 & SVFY_DPO)
9177			flags |= CTL_LLF_DPO;
9178		lba = scsi_4btoul(cdb->addr);
9179		num_blocks = scsi_4btoul(cdb->length);
9180		break;
9181	}
9182	case VERIFY_16: {
9183		struct scsi_rw_16 *cdb;
9184
9185		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9186		if (cdb->byte2 & SVFY_BYTCHK)
9187			bytchk = 1;
9188		if (cdb->byte2 & SVFY_DPO)
9189			flags |= CTL_LLF_DPO;
9190		lba = scsi_8btou64(cdb->addr);
9191		num_blocks = scsi_4btoul(cdb->length);
9192		break;
9193	}
9194	default:
9195		/*
9196		 * We got a command we don't support.  This shouldn't
9197		 * happen, commands should be filtered out above us.
9198		 */
9199		ctl_set_invalid_opcode(ctsio);
9200		ctl_done((union ctl_io *)ctsio);
9201		return (CTL_RETVAL_COMPLETE);
9202	}
9203
9204	/*
9205	 * The first check is to make sure we're in bounds, the second
9206	 * check is to catch wrap-around problems.  If the lba + num blocks
9207	 * is less than the lba, then we've wrapped around and the block
9208	 * range is invalid anyway.
9209	 */
9210	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9211	 || ((lba + num_blocks) < lba)) {
9212		ctl_set_lba_out_of_range(ctsio);
9213		ctl_done((union ctl_io *)ctsio);
9214		return (CTL_RETVAL_COMPLETE);
9215	}
9216
9217	/*
9218	 * According to SBC-3, a transfer length of 0 is not an error.
9219	 */
9220	if (num_blocks == 0) {
9221		ctl_set_success(ctsio);
9222		ctl_done((union ctl_io *)ctsio);
9223		return (CTL_RETVAL_COMPLETE);
9224	}
9225
9226	lbalen = (struct ctl_lba_len_flags *)
9227	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9228	lbalen->lba = lba;
9229	lbalen->len = num_blocks;
9230	if (bytchk) {
9231		lbalen->flags = CTL_LLF_COMPARE | flags;
9232		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9233	} else {
9234		lbalen->flags = CTL_LLF_VERIFY | flags;
9235		ctsio->kern_total_len = 0;
9236	}
9237	ctsio->kern_rel_offset = 0;
9238
9239	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9240	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9241	return (retval);
9242}
9243
9244int
9245ctl_report_luns(struct ctl_scsiio *ctsio)
9246{
9247	struct ctl_softc *softc;
9248	struct scsi_report_luns *cdb;
9249	struct scsi_report_luns_data *lun_data;
9250	struct ctl_lun *lun, *request_lun;
9251	struct ctl_port *port;
9252	int num_luns, retval;
9253	uint32_t alloc_len, lun_datalen;
9254	int num_filled;
9255	uint32_t initidx, targ_lun_id, lun_id;
9256
9257	retval = CTL_RETVAL_COMPLETE;
9258	cdb = (struct scsi_report_luns *)ctsio->cdb;
9259	port = ctl_io_port(&ctsio->io_hdr);
9260	softc = port->ctl_softc;
9261
9262	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9263
9264	mtx_lock(&softc->ctl_lock);
9265	num_luns = 0;
9266	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9267		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9268			num_luns++;
9269	}
9270	mtx_unlock(&softc->ctl_lock);
9271
9272	switch (cdb->select_report) {
9273	case RPL_REPORT_DEFAULT:
9274	case RPL_REPORT_ALL:
9275	case RPL_REPORT_NONSUBSID:
9276		break;
9277	case RPL_REPORT_WELLKNOWN:
9278	case RPL_REPORT_ADMIN:
9279	case RPL_REPORT_CONGLOM:
9280		num_luns = 0;
9281		break;
9282	default:
9283		ctl_set_invalid_field(ctsio,
9284				      /*sks_valid*/ 1,
9285				      /*command*/ 1,
9286				      /*field*/ 2,
9287				      /*bit_valid*/ 0,
9288				      /*bit*/ 0);
9289		ctl_done((union ctl_io *)ctsio);
9290		return (retval);
9291		break; /* NOTREACHED */
9292	}
9293
9294	alloc_len = scsi_4btoul(cdb->length);
9295	/*
9296	 * The initiator has to allocate at least 16 bytes for this request,
9297	 * so he can at least get the header and the first LUN.  Otherwise
9298	 * we reject the request (per SPC-3 rev 14, section 6.21).
9299	 */
9300	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9301	    sizeof(struct scsi_report_luns_lundata))) {
9302		ctl_set_invalid_field(ctsio,
9303				      /*sks_valid*/ 1,
9304				      /*command*/ 1,
9305				      /*field*/ 6,
9306				      /*bit_valid*/ 0,
9307				      /*bit*/ 0);
9308		ctl_done((union ctl_io *)ctsio);
9309		return (retval);
9310	}
9311
9312	request_lun = (struct ctl_lun *)
9313		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9314
9315	lun_datalen = sizeof(*lun_data) +
9316		(num_luns * sizeof(struct scsi_report_luns_lundata));
9317
9318	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9319	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9320	ctsio->kern_sg_entries = 0;
9321
9322	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9323
9324	mtx_lock(&softc->ctl_lock);
9325	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9326		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9327		if (lun_id >= CTL_MAX_LUNS)
9328			continue;
9329		lun = softc->ctl_luns[lun_id];
9330		if (lun == NULL)
9331			continue;
9332
9333		if (targ_lun_id <= 0xff) {
9334			/*
9335			 * Peripheral addressing method, bus number 0.
9336			 */
9337			lun_data->luns[num_filled].lundata[0] =
9338				RPL_LUNDATA_ATYP_PERIPH;
9339			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9340			num_filled++;
9341		} else if (targ_lun_id <= 0x3fff) {
9342			/*
9343			 * Flat addressing method.
9344			 */
9345			lun_data->luns[num_filled].lundata[0] =
9346				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9347			lun_data->luns[num_filled].lundata[1] =
9348				(targ_lun_id & 0xff);
9349			num_filled++;
9350		} else if (targ_lun_id <= 0xffffff) {
9351			/*
9352			 * Extended flat addressing method.
9353			 */
9354			lun_data->luns[num_filled].lundata[0] =
9355			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9356			scsi_ulto3b(targ_lun_id,
9357			    &lun_data->luns[num_filled].lundata[1]);
9358			num_filled++;
9359		} else {
9360			printf("ctl_report_luns: bogus LUN number %jd, "
9361			       "skipping\n", (intmax_t)targ_lun_id);
9362		}
9363		/*
9364		 * According to SPC-3, rev 14 section 6.21:
9365		 *
9366		 * "The execution of a REPORT LUNS command to any valid and
9367		 * installed logical unit shall clear the REPORTED LUNS DATA
9368		 * HAS CHANGED unit attention condition for all logical
9369		 * units of that target with respect to the requesting
9370		 * initiator. A valid and installed logical unit is one
9371		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9372		 * INQUIRY data (see 6.4.2)."
9373		 *
9374		 * If request_lun is NULL, the LUN this report luns command
9375		 * was issued to is either disabled or doesn't exist. In that
9376		 * case, we shouldn't clear any pending lun change unit
9377		 * attention.
9378		 */
9379		if (request_lun != NULL) {
9380			mtx_lock(&lun->lun_lock);
9381			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9382			mtx_unlock(&lun->lun_lock);
9383		}
9384	}
9385	mtx_unlock(&softc->ctl_lock);
9386
9387	/*
9388	 * It's quite possible that we've returned fewer LUNs than we allocated
9389	 * space for.  Trim it.
9390	 */
9391	lun_datalen = sizeof(*lun_data) +
9392		(num_filled * sizeof(struct scsi_report_luns_lundata));
9393
9394	if (lun_datalen < alloc_len) {
9395		ctsio->residual = alloc_len - lun_datalen;
9396		ctsio->kern_data_len = lun_datalen;
9397		ctsio->kern_total_len = lun_datalen;
9398	} else {
9399		ctsio->residual = 0;
9400		ctsio->kern_data_len = alloc_len;
9401		ctsio->kern_total_len = alloc_len;
9402	}
9403	ctsio->kern_data_resid = 0;
9404	ctsio->kern_rel_offset = 0;
9405	ctsio->kern_sg_entries = 0;
9406
9407	/*
9408	 * We set this to the actual data length, regardless of how much
9409	 * space we actually have to return results.  If the user looks at
9410	 * this value, he'll know whether or not he allocated enough space
9411	 * and reissue the command if necessary.  We don't support well
9412	 * known logical units, so if the user asks for that, return none.
9413	 */
9414	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9415
9416	/*
9417	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9418	 * this request.
9419	 */
9420	ctl_set_success(ctsio);
9421	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9422	ctsio->be_move_done = ctl_config_move_done;
9423	ctl_datamove((union ctl_io *)ctsio);
9424	return (retval);
9425}
9426
9427int
9428ctl_request_sense(struct ctl_scsiio *ctsio)
9429{
9430	struct scsi_request_sense *cdb;
9431	struct scsi_sense_data *sense_ptr;
9432	struct ctl_softc *ctl_softc;
9433	struct ctl_lun *lun;
9434	uint32_t initidx;
9435	int have_error;
9436	scsi_sense_data_type sense_format;
9437	ctl_ua_type ua_type;
9438
9439	cdb = (struct scsi_request_sense *)ctsio->cdb;
9440
9441	ctl_softc = control_softc;
9442	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9443
9444	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9445
9446	/*
9447	 * Determine which sense format the user wants.
9448	 */
9449	if (cdb->byte2 & SRS_DESC)
9450		sense_format = SSD_TYPE_DESC;
9451	else
9452		sense_format = SSD_TYPE_FIXED;
9453
9454	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9455	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9456	ctsio->kern_sg_entries = 0;
9457
9458	/*
9459	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9460	 * larger than the largest allowed value for the length field in the
9461	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9462	 */
9463	ctsio->residual = 0;
9464	ctsio->kern_data_len = cdb->length;
9465	ctsio->kern_total_len = cdb->length;
9466
9467	ctsio->kern_data_resid = 0;
9468	ctsio->kern_rel_offset = 0;
9469	ctsio->kern_sg_entries = 0;
9470
9471	/*
9472	 * If we don't have a LUN, we don't have any pending sense.
9473	 */
9474	if (lun == NULL)
9475		goto no_sense;
9476
9477	have_error = 0;
9478	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9479	/*
9480	 * Check for pending sense, and then for pending unit attentions.
9481	 * Pending sense gets returned first, then pending unit attentions.
9482	 */
9483	mtx_lock(&lun->lun_lock);
9484#ifdef CTL_WITH_CA
9485	if (ctl_is_set(lun->have_ca, initidx)) {
9486		scsi_sense_data_type stored_format;
9487
9488		/*
9489		 * Check to see which sense format was used for the stored
9490		 * sense data.
9491		 */
9492		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9493
9494		/*
9495		 * If the user requested a different sense format than the
9496		 * one we stored, then we need to convert it to the other
9497		 * format.  If we're going from descriptor to fixed format
9498		 * sense data, we may lose things in translation, depending
9499		 * on what options were used.
9500		 *
9501		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9502		 * for some reason we'll just copy it out as-is.
9503		 */
9504		if ((stored_format == SSD_TYPE_FIXED)
9505		 && (sense_format == SSD_TYPE_DESC))
9506			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9507			    &lun->pending_sense[initidx],
9508			    (struct scsi_sense_data_desc *)sense_ptr);
9509		else if ((stored_format == SSD_TYPE_DESC)
9510		      && (sense_format == SSD_TYPE_FIXED))
9511			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9512			    &lun->pending_sense[initidx],
9513			    (struct scsi_sense_data_fixed *)sense_ptr);
9514		else
9515			memcpy(sense_ptr, &lun->pending_sense[initidx],
9516			       MIN(sizeof(*sense_ptr),
9517			       sizeof(lun->pending_sense[initidx])));
9518
9519		ctl_clear_mask(lun->have_ca, initidx);
9520		have_error = 1;
9521	} else
9522#endif
9523	{
9524		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9525		if (ua_type != CTL_UA_NONE)
9526			have_error = 1;
9527		if (ua_type == CTL_UA_LUN_CHANGE) {
9528			mtx_unlock(&lun->lun_lock);
9529			mtx_lock(&ctl_softc->ctl_lock);
9530			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9531			mtx_unlock(&ctl_softc->ctl_lock);
9532			mtx_lock(&lun->lun_lock);
9533		}
9534
9535	}
9536	mtx_unlock(&lun->lun_lock);
9537
9538	/*
9539	 * We already have a pending error, return it.
9540	 */
9541	if (have_error != 0) {
9542		/*
9543		 * We report the SCSI status as OK, since the status of the
9544		 * request sense command itself is OK.
9545		 * We report 0 for the sense length, because we aren't doing
9546		 * autosense in this case.  We're reporting sense as
9547		 * parameter data.
9548		 */
9549		ctl_set_success(ctsio);
9550		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9551		ctsio->be_move_done = ctl_config_move_done;
9552		ctl_datamove((union ctl_io *)ctsio);
9553		return (CTL_RETVAL_COMPLETE);
9554	}
9555
9556no_sense:
9557
9558	/*
9559	 * No sense information to report, so we report that everything is
9560	 * okay.
9561	 */
9562	ctl_set_sense_data(sense_ptr,
9563			   lun,
9564			   sense_format,
9565			   /*current_error*/ 1,
9566			   /*sense_key*/ SSD_KEY_NO_SENSE,
9567			   /*asc*/ 0x00,
9568			   /*ascq*/ 0x00,
9569			   SSD_ELEM_NONE);
9570
9571	/*
9572	 * We report 0 for the sense length, because we aren't doing
9573	 * autosense in this case.  We're reporting sense as parameter data.
9574	 */
9575	ctl_set_success(ctsio);
9576	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9577	ctsio->be_move_done = ctl_config_move_done;
9578	ctl_datamove((union ctl_io *)ctsio);
9579	return (CTL_RETVAL_COMPLETE);
9580}
9581
9582int
9583ctl_tur(struct ctl_scsiio *ctsio)
9584{
9585
9586	CTL_DEBUG_PRINT(("ctl_tur\n"));
9587
9588	ctl_set_success(ctsio);
9589	ctl_done((union ctl_io *)ctsio);
9590
9591	return (CTL_RETVAL_COMPLETE);
9592}
9593
9594/*
9595 * SCSI VPD page 0x00, the Supported VPD Pages page.
9596 */
9597static int
9598ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9599{
9600	struct scsi_vpd_supported_pages *pages;
9601	int sup_page_size;
9602	struct ctl_lun *lun;
9603	int p;
9604
9605	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9606
9607	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9608	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9609	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9610	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9611	ctsio->kern_sg_entries = 0;
9612
9613	if (sup_page_size < alloc_len) {
9614		ctsio->residual = alloc_len - sup_page_size;
9615		ctsio->kern_data_len = sup_page_size;
9616		ctsio->kern_total_len = sup_page_size;
9617	} else {
9618		ctsio->residual = 0;
9619		ctsio->kern_data_len = alloc_len;
9620		ctsio->kern_total_len = alloc_len;
9621	}
9622	ctsio->kern_data_resid = 0;
9623	ctsio->kern_rel_offset = 0;
9624	ctsio->kern_sg_entries = 0;
9625
9626	/*
9627	 * The control device is always connected.  The disk device, on the
9628	 * other hand, may not be online all the time.  Need to change this
9629	 * to figure out whether the disk device is actually online or not.
9630	 */
9631	if (lun != NULL)
9632		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9633				lun->be_lun->lun_type;
9634	else
9635		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9636
9637	p = 0;
9638	/* Supported VPD pages */
9639	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9640	/* Serial Number */
9641	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9642	/* Device Identification */
9643	pages->page_list[p++] = SVPD_DEVICE_ID;
9644	/* Extended INQUIRY Data */
9645	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9646	/* Mode Page Policy */
9647	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9648	/* SCSI Ports */
9649	pages->page_list[p++] = SVPD_SCSI_PORTS;
9650	/* Third-party Copy */
9651	pages->page_list[p++] = SVPD_SCSI_TPC;
9652	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9653		/* Block limits */
9654		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9655		/* Block Device Characteristics */
9656		pages->page_list[p++] = SVPD_BDC;
9657		/* Logical Block Provisioning */
9658		pages->page_list[p++] = SVPD_LBP;
9659	}
9660	pages->length = p;
9661
9662	ctl_set_success(ctsio);
9663	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9664	ctsio->be_move_done = ctl_config_move_done;
9665	ctl_datamove((union ctl_io *)ctsio);
9666	return (CTL_RETVAL_COMPLETE);
9667}
9668
9669/*
9670 * SCSI VPD page 0x80, the Unit Serial Number page.
9671 */
9672static int
9673ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9674{
9675	struct scsi_vpd_unit_serial_number *sn_ptr;
9676	struct ctl_lun *lun;
9677	int data_len;
9678
9679	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9680
9681	data_len = 4 + CTL_SN_LEN;
9682	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9683	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9684	if (data_len < alloc_len) {
9685		ctsio->residual = alloc_len - data_len;
9686		ctsio->kern_data_len = data_len;
9687		ctsio->kern_total_len = data_len;
9688	} else {
9689		ctsio->residual = 0;
9690		ctsio->kern_data_len = alloc_len;
9691		ctsio->kern_total_len = alloc_len;
9692	}
9693	ctsio->kern_data_resid = 0;
9694	ctsio->kern_rel_offset = 0;
9695	ctsio->kern_sg_entries = 0;
9696
9697	/*
9698	 * The control device is always connected.  The disk device, on the
9699	 * other hand, may not be online all the time.  Need to change this
9700	 * to figure out whether the disk device is actually online or not.
9701	 */
9702	if (lun != NULL)
9703		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9704				  lun->be_lun->lun_type;
9705	else
9706		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9707
9708	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9709	sn_ptr->length = CTL_SN_LEN;
9710	/*
9711	 * If we don't have a LUN, we just leave the serial number as
9712	 * all spaces.
9713	 */
9714	if (lun != NULL) {
9715		strncpy((char *)sn_ptr->serial_num,
9716			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9717	} else
9718		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9719
9720	ctl_set_success(ctsio);
9721	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9722	ctsio->be_move_done = ctl_config_move_done;
9723	ctl_datamove((union ctl_io *)ctsio);
9724	return (CTL_RETVAL_COMPLETE);
9725}
9726
9727
9728/*
9729 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9730 */
9731static int
9732ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9733{
9734	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9735	struct ctl_lun *lun;
9736	int data_len;
9737
9738	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9739
9740	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9741	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9742	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9743	ctsio->kern_sg_entries = 0;
9744
9745	if (data_len < alloc_len) {
9746		ctsio->residual = alloc_len - data_len;
9747		ctsio->kern_data_len = data_len;
9748		ctsio->kern_total_len = data_len;
9749	} else {
9750		ctsio->residual = 0;
9751		ctsio->kern_data_len = alloc_len;
9752		ctsio->kern_total_len = alloc_len;
9753	}
9754	ctsio->kern_data_resid = 0;
9755	ctsio->kern_rel_offset = 0;
9756	ctsio->kern_sg_entries = 0;
9757
9758	/*
9759	 * The control device is always connected.  The disk device, on the
9760	 * other hand, may not be online all the time.
9761	 */
9762	if (lun != NULL)
9763		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9764				     lun->be_lun->lun_type;
9765	else
9766		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9767	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9768	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9769	/*
9770	 * We support head of queue, ordered and simple tags.
9771	 */
9772	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9773	/*
9774	 * Volatile cache supported.
9775	 */
9776	eid_ptr->flags3 = SVPD_EID_V_SUP;
9777
9778	/*
9779	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9780	 * attention for a particular IT nexus on all LUNs once we report
9781	 * it to that nexus once.  This bit is required as of SPC-4.
9782	 */
9783	eid_ptr->flags4 = SVPD_EID_LUICLT;
9784
9785	/*
9786	 * XXX KDM in order to correctly answer this, we would need
9787	 * information from the SIM to determine how much sense data it
9788	 * can send.  So this would really be a path inquiry field, most
9789	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9790	 * but the hardware may or may not be able to support that much.
9791	 * 0 just means that the maximum sense data length is not reported.
9792	 */
9793	eid_ptr->max_sense_length = 0;
9794
9795	ctl_set_success(ctsio);
9796	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9797	ctsio->be_move_done = ctl_config_move_done;
9798	ctl_datamove((union ctl_io *)ctsio);
9799	return (CTL_RETVAL_COMPLETE);
9800}
9801
9802static int
9803ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9804{
9805	struct scsi_vpd_mode_page_policy *mpp_ptr;
9806	struct ctl_lun *lun;
9807	int data_len;
9808
9809	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9810
9811	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9812	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9813
9814	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9815	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9816	ctsio->kern_sg_entries = 0;
9817
9818	if (data_len < alloc_len) {
9819		ctsio->residual = alloc_len - data_len;
9820		ctsio->kern_data_len = data_len;
9821		ctsio->kern_total_len = data_len;
9822	} else {
9823		ctsio->residual = 0;
9824		ctsio->kern_data_len = alloc_len;
9825		ctsio->kern_total_len = alloc_len;
9826	}
9827	ctsio->kern_data_resid = 0;
9828	ctsio->kern_rel_offset = 0;
9829	ctsio->kern_sg_entries = 0;
9830
9831	/*
9832	 * The control device is always connected.  The disk device, on the
9833	 * other hand, may not be online all the time.
9834	 */
9835	if (lun != NULL)
9836		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9837				     lun->be_lun->lun_type;
9838	else
9839		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9840	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9841	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9842	mpp_ptr->descr[0].page_code = 0x3f;
9843	mpp_ptr->descr[0].subpage_code = 0xff;
9844	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9845
9846	ctl_set_success(ctsio);
9847	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9848	ctsio->be_move_done = ctl_config_move_done;
9849	ctl_datamove((union ctl_io *)ctsio);
9850	return (CTL_RETVAL_COMPLETE);
9851}
9852
9853/*
9854 * SCSI VPD page 0x83, the Device Identification page.
9855 */
9856static int
9857ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9858{
9859	struct scsi_vpd_device_id *devid_ptr;
9860	struct scsi_vpd_id_descriptor *desc;
9861	struct ctl_softc *softc;
9862	struct ctl_lun *lun;
9863	struct ctl_port *port;
9864	int data_len;
9865	uint8_t proto;
9866
9867	softc = control_softc;
9868
9869	port = ctl_io_port(&ctsio->io_hdr);
9870	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9871
9872	data_len = sizeof(struct scsi_vpd_device_id) +
9873	    sizeof(struct scsi_vpd_id_descriptor) +
9874		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9875	    sizeof(struct scsi_vpd_id_descriptor) +
9876		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9877	if (lun && lun->lun_devid)
9878		data_len += lun->lun_devid->len;
9879	if (port && port->port_devid)
9880		data_len += port->port_devid->len;
9881	if (port && port->target_devid)
9882		data_len += port->target_devid->len;
9883
9884	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9885	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9886	ctsio->kern_sg_entries = 0;
9887
9888	if (data_len < alloc_len) {
9889		ctsio->residual = alloc_len - data_len;
9890		ctsio->kern_data_len = data_len;
9891		ctsio->kern_total_len = data_len;
9892	} else {
9893		ctsio->residual = 0;
9894		ctsio->kern_data_len = alloc_len;
9895		ctsio->kern_total_len = alloc_len;
9896	}
9897	ctsio->kern_data_resid = 0;
9898	ctsio->kern_rel_offset = 0;
9899	ctsio->kern_sg_entries = 0;
9900
9901	/*
9902	 * The control device is always connected.  The disk device, on the
9903	 * other hand, may not be online all the time.
9904	 */
9905	if (lun != NULL)
9906		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9907				     lun->be_lun->lun_type;
9908	else
9909		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9910	devid_ptr->page_code = SVPD_DEVICE_ID;
9911	scsi_ulto2b(data_len - 4, devid_ptr->length);
9912
9913	if (port && port->port_type == CTL_PORT_FC)
9914		proto = SCSI_PROTO_FC << 4;
9915	else if (port && port->port_type == CTL_PORT_ISCSI)
9916		proto = SCSI_PROTO_ISCSI << 4;
9917	else
9918		proto = SCSI_PROTO_SPI << 4;
9919	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9920
9921	/*
9922	 * We're using a LUN association here.  i.e., this device ID is a
9923	 * per-LUN identifier.
9924	 */
9925	if (lun && lun->lun_devid) {
9926		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9927		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9928		    lun->lun_devid->len);
9929	}
9930
9931	/*
9932	 * This is for the WWPN which is a port association.
9933	 */
9934	if (port && port->port_devid) {
9935		memcpy(desc, port->port_devid->data, port->port_devid->len);
9936		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9937		    port->port_devid->len);
9938	}
9939
9940	/*
9941	 * This is for the Relative Target Port(type 4h) identifier
9942	 */
9943	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9944	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9945	    SVPD_ID_TYPE_RELTARG;
9946	desc->length = 4;
9947	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9948	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9949	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9950
9951	/*
9952	 * This is for the Target Port Group(type 5h) identifier
9953	 */
9954	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9955	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9956	    SVPD_ID_TYPE_TPORTGRP;
9957	desc->length = 4;
9958	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9959	    &desc->identifier[2]);
9960	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9961	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9962
9963	/*
9964	 * This is for the Target identifier
9965	 */
9966	if (port && port->target_devid) {
9967		memcpy(desc, port->target_devid->data, port->target_devid->len);
9968	}
9969
9970	ctl_set_success(ctsio);
9971	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9972	ctsio->be_move_done = ctl_config_move_done;
9973	ctl_datamove((union ctl_io *)ctsio);
9974	return (CTL_RETVAL_COMPLETE);
9975}
9976
9977static int
9978ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9979{
9980	struct ctl_softc *softc = control_softc;
9981	struct scsi_vpd_scsi_ports *sp;
9982	struct scsi_vpd_port_designation *pd;
9983	struct scsi_vpd_port_designation_cont *pdc;
9984	struct ctl_lun *lun;
9985	struct ctl_port *port;
9986	int data_len, num_target_ports, iid_len, id_len;
9987
9988	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9989
9990	num_target_ports = 0;
9991	iid_len = 0;
9992	id_len = 0;
9993	mtx_lock(&softc->ctl_lock);
9994	STAILQ_FOREACH(port, &softc->port_list, links) {
9995		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9996			continue;
9997		if (lun != NULL &&
9998		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9999			continue;
10000		num_target_ports++;
10001		if (port->init_devid)
10002			iid_len += port->init_devid->len;
10003		if (port->port_devid)
10004			id_len += port->port_devid->len;
10005	}
10006	mtx_unlock(&softc->ctl_lock);
10007
10008	data_len = sizeof(struct scsi_vpd_scsi_ports) +
10009	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
10010	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
10011	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10012	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
10013	ctsio->kern_sg_entries = 0;
10014
10015	if (data_len < alloc_len) {
10016		ctsio->residual = alloc_len - data_len;
10017		ctsio->kern_data_len = data_len;
10018		ctsio->kern_total_len = data_len;
10019	} else {
10020		ctsio->residual = 0;
10021		ctsio->kern_data_len = alloc_len;
10022		ctsio->kern_total_len = alloc_len;
10023	}
10024	ctsio->kern_data_resid = 0;
10025	ctsio->kern_rel_offset = 0;
10026	ctsio->kern_sg_entries = 0;
10027
10028	/*
10029	 * The control device is always connected.  The disk device, on the
10030	 * other hand, may not be online all the time.  Need to change this
10031	 * to figure out whether the disk device is actually online or not.
10032	 */
10033	if (lun != NULL)
10034		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10035				  lun->be_lun->lun_type;
10036	else
10037		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10038
10039	sp->page_code = SVPD_SCSI_PORTS;
10040	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10041	    sp->page_length);
10042	pd = &sp->design[0];
10043
10044	mtx_lock(&softc->ctl_lock);
10045	STAILQ_FOREACH(port, &softc->port_list, links) {
10046		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10047			continue;
10048		if (lun != NULL &&
10049		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
10050			continue;
10051		scsi_ulto2b(port->targ_port, pd->relative_port_id);
10052		if (port->init_devid) {
10053			iid_len = port->init_devid->len;
10054			memcpy(pd->initiator_transportid,
10055			    port->init_devid->data, port->init_devid->len);
10056		} else
10057			iid_len = 0;
10058		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10059		pdc = (struct scsi_vpd_port_designation_cont *)
10060		    (&pd->initiator_transportid[iid_len]);
10061		if (port->port_devid) {
10062			id_len = port->port_devid->len;
10063			memcpy(pdc->target_port_descriptors,
10064			    port->port_devid->data, port->port_devid->len);
10065		} else
10066			id_len = 0;
10067		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10068		pd = (struct scsi_vpd_port_designation *)
10069		    ((uint8_t *)pdc->target_port_descriptors + id_len);
10070	}
10071	mtx_unlock(&softc->ctl_lock);
10072
10073	ctl_set_success(ctsio);
10074	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10075	ctsio->be_move_done = ctl_config_move_done;
10076	ctl_datamove((union ctl_io *)ctsio);
10077	return (CTL_RETVAL_COMPLETE);
10078}
10079
10080static int
10081ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10082{
10083	struct scsi_vpd_block_limits *bl_ptr;
10084	struct ctl_lun *lun;
10085	int bs;
10086
10087	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10088
10089	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10090	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10091	ctsio->kern_sg_entries = 0;
10092
10093	if (sizeof(*bl_ptr) < alloc_len) {
10094		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10095		ctsio->kern_data_len = sizeof(*bl_ptr);
10096		ctsio->kern_total_len = sizeof(*bl_ptr);
10097	} else {
10098		ctsio->residual = 0;
10099		ctsio->kern_data_len = alloc_len;
10100		ctsio->kern_total_len = alloc_len;
10101	}
10102	ctsio->kern_data_resid = 0;
10103	ctsio->kern_rel_offset = 0;
10104	ctsio->kern_sg_entries = 0;
10105
10106	/*
10107	 * The control device is always connected.  The disk device, on the
10108	 * other hand, may not be online all the time.  Need to change this
10109	 * to figure out whether the disk device is actually online or not.
10110	 */
10111	if (lun != NULL)
10112		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10113				  lun->be_lun->lun_type;
10114	else
10115		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10116
10117	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10118	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10119	bl_ptr->max_cmp_write_len = 0xff;
10120	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10121	if (lun != NULL) {
10122		bs = lun->be_lun->blocksize;
10123		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
10124		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10125			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10126			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10127			if (lun->be_lun->ublockexp != 0) {
10128				scsi_ulto4b((1 << lun->be_lun->ublockexp),
10129				    bl_ptr->opt_unmap_grain);
10130				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
10131				    bl_ptr->unmap_grain_align);
10132			}
10133		}
10134		scsi_ulto4b(lun->be_lun->atomicblock,
10135		    bl_ptr->max_atomic_transfer_length);
10136		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10137		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10138		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
10139		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
10140	}
10141	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10142
10143	ctl_set_success(ctsio);
10144	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10145	ctsio->be_move_done = ctl_config_move_done;
10146	ctl_datamove((union ctl_io *)ctsio);
10147	return (CTL_RETVAL_COMPLETE);
10148}
10149
10150static int
10151ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10152{
10153	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10154	struct ctl_lun *lun;
10155	const char *value;
10156	u_int i;
10157
10158	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10159
10160	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10161	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10162	ctsio->kern_sg_entries = 0;
10163
10164	if (sizeof(*bdc_ptr) < alloc_len) {
10165		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10166		ctsio->kern_data_len = sizeof(*bdc_ptr);
10167		ctsio->kern_total_len = sizeof(*bdc_ptr);
10168	} else {
10169		ctsio->residual = 0;
10170		ctsio->kern_data_len = alloc_len;
10171		ctsio->kern_total_len = alloc_len;
10172	}
10173	ctsio->kern_data_resid = 0;
10174	ctsio->kern_rel_offset = 0;
10175	ctsio->kern_sg_entries = 0;
10176
10177	/*
10178	 * The control device is always connected.  The disk device, on the
10179	 * other hand, may not be online all the time.  Need to change this
10180	 * to figure out whether the disk device is actually online or not.
10181	 */
10182	if (lun != NULL)
10183		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10184				  lun->be_lun->lun_type;
10185	else
10186		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10187	bdc_ptr->page_code = SVPD_BDC;
10188	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10189	if (lun != NULL &&
10190	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10191		i = strtol(value, NULL, 0);
10192	else
10193		i = CTL_DEFAULT_ROTATION_RATE;
10194	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10195	if (lun != NULL &&
10196	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10197		i = strtol(value, NULL, 0);
10198	else
10199		i = 0;
10200	bdc_ptr->wab_wac_ff = (i & 0x0f);
10201	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10202
10203	ctl_set_success(ctsio);
10204	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10205	ctsio->be_move_done = ctl_config_move_done;
10206	ctl_datamove((union ctl_io *)ctsio);
10207	return (CTL_RETVAL_COMPLETE);
10208}
10209
10210static int
10211ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10212{
10213	struct scsi_vpd_logical_block_prov *lbp_ptr;
10214	struct ctl_lun *lun;
10215
10216	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10217
10218	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10219	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10220	ctsio->kern_sg_entries = 0;
10221
10222	if (sizeof(*lbp_ptr) < alloc_len) {
10223		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10224		ctsio->kern_data_len = sizeof(*lbp_ptr);
10225		ctsio->kern_total_len = sizeof(*lbp_ptr);
10226	} else {
10227		ctsio->residual = 0;
10228		ctsio->kern_data_len = alloc_len;
10229		ctsio->kern_total_len = alloc_len;
10230	}
10231	ctsio->kern_data_resid = 0;
10232	ctsio->kern_rel_offset = 0;
10233	ctsio->kern_sg_entries = 0;
10234
10235	/*
10236	 * The control device is always connected.  The disk device, on the
10237	 * other hand, may not be online all the time.  Need to change this
10238	 * to figure out whether the disk device is actually online or not.
10239	 */
10240	if (lun != NULL)
10241		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10242				  lun->be_lun->lun_type;
10243	else
10244		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10245
10246	lbp_ptr->page_code = SVPD_LBP;
10247	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10248	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10249	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10250		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10251		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10252		lbp_ptr->prov_type = SVPD_LBP_THIN;
10253	}
10254
10255	ctl_set_success(ctsio);
10256	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10257	ctsio->be_move_done = ctl_config_move_done;
10258	ctl_datamove((union ctl_io *)ctsio);
10259	return (CTL_RETVAL_COMPLETE);
10260}
10261
10262/*
10263 * INQUIRY with the EVPD bit set.
10264 */
10265static int
10266ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10267{
10268	struct ctl_lun *lun;
10269	struct scsi_inquiry *cdb;
10270	int alloc_len, retval;
10271
10272	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10273	cdb = (struct scsi_inquiry *)ctsio->cdb;
10274	alloc_len = scsi_2btoul(cdb->length);
10275
10276	switch (cdb->page_code) {
10277	case SVPD_SUPPORTED_PAGES:
10278		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10279		break;
10280	case SVPD_UNIT_SERIAL_NUMBER:
10281		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10282		break;
10283	case SVPD_DEVICE_ID:
10284		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10285		break;
10286	case SVPD_EXTENDED_INQUIRY_DATA:
10287		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10288		break;
10289	case SVPD_MODE_PAGE_POLICY:
10290		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10291		break;
10292	case SVPD_SCSI_PORTS:
10293		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10294		break;
10295	case SVPD_SCSI_TPC:
10296		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10297		break;
10298	case SVPD_BLOCK_LIMITS:
10299		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10300			goto err;
10301		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10302		break;
10303	case SVPD_BDC:
10304		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10305			goto err;
10306		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10307		break;
10308	case SVPD_LBP:
10309		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10310			goto err;
10311		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10312		break;
10313	default:
10314err:
10315		ctl_set_invalid_field(ctsio,
10316				      /*sks_valid*/ 1,
10317				      /*command*/ 1,
10318				      /*field*/ 2,
10319				      /*bit_valid*/ 0,
10320				      /*bit*/ 0);
10321		ctl_done((union ctl_io *)ctsio);
10322		retval = CTL_RETVAL_COMPLETE;
10323		break;
10324	}
10325
10326	return (retval);
10327}
10328
10329/*
10330 * Standard INQUIRY data.
10331 */
10332static int
10333ctl_inquiry_std(struct ctl_scsiio *ctsio)
10334{
10335	struct scsi_inquiry_data *inq_ptr;
10336	struct scsi_inquiry *cdb;
10337	struct ctl_softc *softc = control_softc;
10338	struct ctl_port *port;
10339	struct ctl_lun *lun;
10340	char *val;
10341	uint32_t alloc_len, data_len;
10342	ctl_port_type port_type;
10343
10344	/*
10345	 * Figure out whether we're talking to a Fibre Channel port or not.
10346	 * We treat the ioctl front end, and any SCSI adapters, as packetized
10347	 * SCSI front ends.
10348	 */
10349	port = ctl_io_port(&ctsio->io_hdr);
10350	if (port != NULL)
10351		port_type = port->port_type;
10352	else
10353		port_type = CTL_PORT_SCSI;
10354	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10355		port_type = CTL_PORT_SCSI;
10356
10357	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10358	cdb = (struct scsi_inquiry *)ctsio->cdb;
10359	alloc_len = scsi_2btoul(cdb->length);
10360
10361	/*
10362	 * We malloc the full inquiry data size here and fill it
10363	 * in.  If the user only asks for less, we'll give him
10364	 * that much.
10365	 */
10366	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10367	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10368	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10369	ctsio->kern_sg_entries = 0;
10370	ctsio->kern_data_resid = 0;
10371	ctsio->kern_rel_offset = 0;
10372
10373	if (data_len < alloc_len) {
10374		ctsio->residual = alloc_len - data_len;
10375		ctsio->kern_data_len = data_len;
10376		ctsio->kern_total_len = data_len;
10377	} else {
10378		ctsio->residual = 0;
10379		ctsio->kern_data_len = alloc_len;
10380		ctsio->kern_total_len = alloc_len;
10381	}
10382
10383	if (lun != NULL) {
10384		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10385		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10386			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10387			    lun->be_lun->lun_type;
10388		} else {
10389			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10390			    lun->be_lun->lun_type;
10391		}
10392	} else
10393		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10394
10395	/* RMB in byte 2 is 0 */
10396	inq_ptr->version = SCSI_REV_SPC4;
10397
10398	/*
10399	 * According to SAM-3, even if a device only supports a single
10400	 * level of LUN addressing, it should still set the HISUP bit:
10401	 *
10402	 * 4.9.1 Logical unit numbers overview
10403	 *
10404	 * All logical unit number formats described in this standard are
10405	 * hierarchical in structure even when only a single level in that
10406	 * hierarchy is used. The HISUP bit shall be set to one in the
10407	 * standard INQUIRY data (see SPC-2) when any logical unit number
10408	 * format described in this standard is used.  Non-hierarchical
10409	 * formats are outside the scope of this standard.
10410	 *
10411	 * Therefore we set the HiSup bit here.
10412	 *
10413	 * The reponse format is 2, per SPC-3.
10414	 */
10415	inq_ptr->response_format = SID_HiSup | 2;
10416
10417	inq_ptr->additional_length = data_len -
10418	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10419	CTL_DEBUG_PRINT(("additional_length = %d\n",
10420			 inq_ptr->additional_length));
10421
10422	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10423	/* 16 bit addressing */
10424	if (port_type == CTL_PORT_SCSI)
10425		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10426	/* XXX set the SID_MultiP bit here if we're actually going to
10427	   respond on multiple ports */
10428	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10429
10430	/* 16 bit data bus, synchronous transfers */
10431	if (port_type == CTL_PORT_SCSI)
10432		inq_ptr->flags = SID_WBus16 | SID_Sync;
10433	/*
10434	 * XXX KDM do we want to support tagged queueing on the control
10435	 * device at all?
10436	 */
10437	if ((lun == NULL)
10438	 || (lun->be_lun->lun_type != T_PROCESSOR))
10439		inq_ptr->flags |= SID_CmdQue;
10440	/*
10441	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10442	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10443	 * name and 4 bytes for the revision.
10444	 */
10445	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10446	    "vendor")) == NULL) {
10447		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10448	} else {
10449		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10450		strncpy(inq_ptr->vendor, val,
10451		    min(sizeof(inq_ptr->vendor), strlen(val)));
10452	}
10453	if (lun == NULL) {
10454		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10455		    sizeof(inq_ptr->product));
10456	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10457		switch (lun->be_lun->lun_type) {
10458		case T_DIRECT:
10459			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10460			    sizeof(inq_ptr->product));
10461			break;
10462		case T_PROCESSOR:
10463			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10464			    sizeof(inq_ptr->product));
10465			break;
10466		default:
10467			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10468			    sizeof(inq_ptr->product));
10469			break;
10470		}
10471	} else {
10472		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10473		strncpy(inq_ptr->product, val,
10474		    min(sizeof(inq_ptr->product), strlen(val)));
10475	}
10476
10477	/*
10478	 * XXX make this a macro somewhere so it automatically gets
10479	 * incremented when we make changes.
10480	 */
10481	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10482	    "revision")) == NULL) {
10483		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10484	} else {
10485		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10486		strncpy(inq_ptr->revision, val,
10487		    min(sizeof(inq_ptr->revision), strlen(val)));
10488	}
10489
10490	/*
10491	 * For parallel SCSI, we support double transition and single
10492	 * transition clocking.  We also support QAS (Quick Arbitration
10493	 * and Selection) and Information Unit transfers on both the
10494	 * control and array devices.
10495	 */
10496	if (port_type == CTL_PORT_SCSI)
10497		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10498				    SID_SPI_IUS;
10499
10500	/* SAM-5 (no version claimed) */
10501	scsi_ulto2b(0x00A0, inq_ptr->version1);
10502	/* SPC-4 (no version claimed) */
10503	scsi_ulto2b(0x0460, inq_ptr->version2);
10504	if (port_type == CTL_PORT_FC) {
10505		/* FCP-2 ANSI INCITS.350:2003 */
10506		scsi_ulto2b(0x0917, inq_ptr->version3);
10507	} else if (port_type == CTL_PORT_SCSI) {
10508		/* SPI-4 ANSI INCITS.362:200x */
10509		scsi_ulto2b(0x0B56, inq_ptr->version3);
10510	} else if (port_type == CTL_PORT_ISCSI) {
10511		/* iSCSI (no version claimed) */
10512		scsi_ulto2b(0x0960, inq_ptr->version3);
10513	} else if (port_type == CTL_PORT_SAS) {
10514		/* SAS (no version claimed) */
10515		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10516	}
10517
10518	if (lun == NULL) {
10519		/* SBC-4 (no version claimed) */
10520		scsi_ulto2b(0x0600, inq_ptr->version4);
10521	} else {
10522		switch (lun->be_lun->lun_type) {
10523		case T_DIRECT:
10524			/* SBC-4 (no version claimed) */
10525			scsi_ulto2b(0x0600, inq_ptr->version4);
10526			break;
10527		case T_PROCESSOR:
10528		default:
10529			break;
10530		}
10531	}
10532
10533	ctl_set_success(ctsio);
10534	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10535	ctsio->be_move_done = ctl_config_move_done;
10536	ctl_datamove((union ctl_io *)ctsio);
10537	return (CTL_RETVAL_COMPLETE);
10538}
10539
10540int
10541ctl_inquiry(struct ctl_scsiio *ctsio)
10542{
10543	struct scsi_inquiry *cdb;
10544	int retval;
10545
10546	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10547
10548	cdb = (struct scsi_inquiry *)ctsio->cdb;
10549	if (cdb->byte2 & SI_EVPD)
10550		retval = ctl_inquiry_evpd(ctsio);
10551	else if (cdb->page_code == 0)
10552		retval = ctl_inquiry_std(ctsio);
10553	else {
10554		ctl_set_invalid_field(ctsio,
10555				      /*sks_valid*/ 1,
10556				      /*command*/ 1,
10557				      /*field*/ 2,
10558				      /*bit_valid*/ 0,
10559				      /*bit*/ 0);
10560		ctl_done((union ctl_io *)ctsio);
10561		return (CTL_RETVAL_COMPLETE);
10562	}
10563
10564	return (retval);
10565}
10566
10567/*
10568 * For known CDB types, parse the LBA and length.
10569 */
10570static int
10571ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10572{
10573	if (io->io_hdr.io_type != CTL_IO_SCSI)
10574		return (1);
10575
10576	switch (io->scsiio.cdb[0]) {
10577	case COMPARE_AND_WRITE: {
10578		struct scsi_compare_and_write *cdb;
10579
10580		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10581
10582		*lba = scsi_8btou64(cdb->addr);
10583		*len = cdb->length;
10584		break;
10585	}
10586	case READ_6:
10587	case WRITE_6: {
10588		struct scsi_rw_6 *cdb;
10589
10590		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10591
10592		*lba = scsi_3btoul(cdb->addr);
10593		/* only 5 bits are valid in the most significant address byte */
10594		*lba &= 0x1fffff;
10595		*len = cdb->length;
10596		break;
10597	}
10598	case READ_10:
10599	case WRITE_10: {
10600		struct scsi_rw_10 *cdb;
10601
10602		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10603
10604		*lba = scsi_4btoul(cdb->addr);
10605		*len = scsi_2btoul(cdb->length);
10606		break;
10607	}
10608	case WRITE_VERIFY_10: {
10609		struct scsi_write_verify_10 *cdb;
10610
10611		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10612
10613		*lba = scsi_4btoul(cdb->addr);
10614		*len = scsi_2btoul(cdb->length);
10615		break;
10616	}
10617	case READ_12:
10618	case WRITE_12: {
10619		struct scsi_rw_12 *cdb;
10620
10621		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10622
10623		*lba = scsi_4btoul(cdb->addr);
10624		*len = scsi_4btoul(cdb->length);
10625		break;
10626	}
10627	case WRITE_VERIFY_12: {
10628		struct scsi_write_verify_12 *cdb;
10629
10630		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10631
10632		*lba = scsi_4btoul(cdb->addr);
10633		*len = scsi_4btoul(cdb->length);
10634		break;
10635	}
10636	case READ_16:
10637	case WRITE_16: {
10638		struct scsi_rw_16 *cdb;
10639
10640		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10641
10642		*lba = scsi_8btou64(cdb->addr);
10643		*len = scsi_4btoul(cdb->length);
10644		break;
10645	}
10646	case WRITE_ATOMIC_16: {
10647		struct scsi_write_atomic_16 *cdb;
10648
10649		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10650
10651		*lba = scsi_8btou64(cdb->addr);
10652		*len = scsi_2btoul(cdb->length);
10653		break;
10654	}
10655	case WRITE_VERIFY_16: {
10656		struct scsi_write_verify_16 *cdb;
10657
10658		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10659
10660		*lba = scsi_8btou64(cdb->addr);
10661		*len = scsi_4btoul(cdb->length);
10662		break;
10663	}
10664	case WRITE_SAME_10: {
10665		struct scsi_write_same_10 *cdb;
10666
10667		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10668
10669		*lba = scsi_4btoul(cdb->addr);
10670		*len = scsi_2btoul(cdb->length);
10671		break;
10672	}
10673	case WRITE_SAME_16: {
10674		struct scsi_write_same_16 *cdb;
10675
10676		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10677
10678		*lba = scsi_8btou64(cdb->addr);
10679		*len = scsi_4btoul(cdb->length);
10680		break;
10681	}
10682	case VERIFY_10: {
10683		struct scsi_verify_10 *cdb;
10684
10685		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10686
10687		*lba = scsi_4btoul(cdb->addr);
10688		*len = scsi_2btoul(cdb->length);
10689		break;
10690	}
10691	case VERIFY_12: {
10692		struct scsi_verify_12 *cdb;
10693
10694		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10695
10696		*lba = scsi_4btoul(cdb->addr);
10697		*len = scsi_4btoul(cdb->length);
10698		break;
10699	}
10700	case VERIFY_16: {
10701		struct scsi_verify_16 *cdb;
10702
10703		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10704
10705		*lba = scsi_8btou64(cdb->addr);
10706		*len = scsi_4btoul(cdb->length);
10707		break;
10708	}
10709	case UNMAP: {
10710		*lba = 0;
10711		*len = UINT64_MAX;
10712		break;
10713	}
10714	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10715		struct scsi_get_lba_status *cdb;
10716
10717		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10718		*lba = scsi_8btou64(cdb->addr);
10719		*len = UINT32_MAX;
10720		break;
10721	}
10722	default:
10723		return (1);
10724		break; /* NOTREACHED */
10725	}
10726
10727	return (0);
10728}
10729
10730static ctl_action
10731ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10732    bool seq)
10733{
10734	uint64_t endlba1, endlba2;
10735
10736	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10737	endlba2 = lba2 + len2 - 1;
10738
10739	if ((endlba1 < lba2) || (endlba2 < lba1))
10740		return (CTL_ACTION_PASS);
10741	else
10742		return (CTL_ACTION_BLOCK);
10743}
10744
10745static int
10746ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10747{
10748	struct ctl_ptr_len_flags *ptrlen;
10749	struct scsi_unmap_desc *buf, *end, *range;
10750	uint64_t lba;
10751	uint32_t len;
10752
10753	/* If not UNMAP -- go other way. */
10754	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10755	    io->scsiio.cdb[0] != UNMAP)
10756		return (CTL_ACTION_ERROR);
10757
10758	/* If UNMAP without data -- block and wait for data. */
10759	ptrlen = (struct ctl_ptr_len_flags *)
10760	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10761	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10762	    ptrlen->ptr == NULL)
10763		return (CTL_ACTION_BLOCK);
10764
10765	/* UNMAP with data -- check for collision. */
10766	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10767	end = buf + ptrlen->len / sizeof(*buf);
10768	for (range = buf; range < end; range++) {
10769		lba = scsi_8btou64(range->lba);
10770		len = scsi_4btoul(range->length);
10771		if ((lba < lba2 + len2) && (lba + len > lba2))
10772			return (CTL_ACTION_BLOCK);
10773	}
10774	return (CTL_ACTION_PASS);
10775}
10776
10777static ctl_action
10778ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10779{
10780	uint64_t lba1, lba2;
10781	uint64_t len1, len2;
10782	int retval;
10783
10784	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10785		return (CTL_ACTION_ERROR);
10786
10787	retval = ctl_extent_check_unmap(io1, lba2, len2);
10788	if (retval != CTL_ACTION_ERROR)
10789		return (retval);
10790
10791	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10792		return (CTL_ACTION_ERROR);
10793
10794	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10795		seq = FALSE;
10796	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10797}
10798
10799static ctl_action
10800ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10801{
10802	uint64_t lba1, lba2;
10803	uint64_t len1, len2;
10804
10805	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10806		return (CTL_ACTION_PASS);
10807	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10808		return (CTL_ACTION_ERROR);
10809	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10810		return (CTL_ACTION_ERROR);
10811
10812	if (lba1 + len1 == lba2)
10813		return (CTL_ACTION_BLOCK);
10814	return (CTL_ACTION_PASS);
10815}
10816
10817static ctl_action
10818ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10819    union ctl_io *ooa_io)
10820{
10821	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10822	ctl_serialize_action *serialize_row;
10823
10824	/*
10825	 * The initiator attempted multiple untagged commands at the same
10826	 * time.  Can't do that.
10827	 */
10828	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10829	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10830	 && ((pending_io->io_hdr.nexus.targ_port ==
10831	      ooa_io->io_hdr.nexus.targ_port)
10832	  && (pending_io->io_hdr.nexus.initid ==
10833	      ooa_io->io_hdr.nexus.initid))
10834	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10835	      CTL_FLAG_STATUS_SENT)) == 0))
10836		return (CTL_ACTION_OVERLAP);
10837
10838	/*
10839	 * The initiator attempted to send multiple tagged commands with
10840	 * the same ID.  (It's fine if different initiators have the same
10841	 * tag ID.)
10842	 *
10843	 * Even if all of those conditions are true, we don't kill the I/O
10844	 * if the command ahead of us has been aborted.  We won't end up
10845	 * sending it to the FETD, and it's perfectly legal to resend a
10846	 * command with the same tag number as long as the previous
10847	 * instance of this tag number has been aborted somehow.
10848	 */
10849	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10850	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10851	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10852	 && ((pending_io->io_hdr.nexus.targ_port ==
10853	      ooa_io->io_hdr.nexus.targ_port)
10854	  && (pending_io->io_hdr.nexus.initid ==
10855	      ooa_io->io_hdr.nexus.initid))
10856	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10857	      CTL_FLAG_STATUS_SENT)) == 0))
10858		return (CTL_ACTION_OVERLAP_TAG);
10859
10860	/*
10861	 * If we get a head of queue tag, SAM-3 says that we should
10862	 * immediately execute it.
10863	 *
10864	 * What happens if this command would normally block for some other
10865	 * reason?  e.g. a request sense with a head of queue tag
10866	 * immediately after a write.  Normally that would block, but this
10867	 * will result in its getting executed immediately...
10868	 *
10869	 * We currently return "pass" instead of "skip", so we'll end up
10870	 * going through the rest of the queue to check for overlapped tags.
10871	 *
10872	 * XXX KDM check for other types of blockage first??
10873	 */
10874	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10875		return (CTL_ACTION_PASS);
10876
10877	/*
10878	 * Ordered tags have to block until all items ahead of them
10879	 * have completed.  If we get called with an ordered tag, we always
10880	 * block, if something else is ahead of us in the queue.
10881	 */
10882	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10883		return (CTL_ACTION_BLOCK);
10884
10885	/*
10886	 * Simple tags get blocked until all head of queue and ordered tags
10887	 * ahead of them have completed.  I'm lumping untagged commands in
10888	 * with simple tags here.  XXX KDM is that the right thing to do?
10889	 */
10890	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10891	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10892	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10893	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10894		return (CTL_ACTION_BLOCK);
10895
10896	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10897	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10898
10899	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10900
10901	switch (serialize_row[pending_entry->seridx]) {
10902	case CTL_SER_BLOCK:
10903		return (CTL_ACTION_BLOCK);
10904	case CTL_SER_EXTENT:
10905		return (ctl_extent_check(ooa_io, pending_io,
10906		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10907	case CTL_SER_EXTENTOPT:
10908		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10909		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10910			return (ctl_extent_check(ooa_io, pending_io,
10911			    (lun->be_lun &&
10912			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10913		return (CTL_ACTION_PASS);
10914	case CTL_SER_EXTENTSEQ:
10915		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10916			return (ctl_extent_check_seq(ooa_io, pending_io));
10917		return (CTL_ACTION_PASS);
10918	case CTL_SER_PASS:
10919		return (CTL_ACTION_PASS);
10920	case CTL_SER_BLOCKOPT:
10921		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10922		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10923			return (CTL_ACTION_BLOCK);
10924		return (CTL_ACTION_PASS);
10925	case CTL_SER_SKIP:
10926		return (CTL_ACTION_SKIP);
10927	default:
10928		panic("invalid serialization value %d",
10929		      serialize_row[pending_entry->seridx]);
10930	}
10931
10932	return (CTL_ACTION_ERROR);
10933}
10934
10935/*
10936 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10937 * Assumptions:
10938 * - pending_io is generally either incoming, or on the blocked queue
10939 * - starting I/O is the I/O we want to start the check with.
10940 */
10941static ctl_action
10942ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10943	      union ctl_io *starting_io)
10944{
10945	union ctl_io *ooa_io;
10946	ctl_action action;
10947
10948	mtx_assert(&lun->lun_lock, MA_OWNED);
10949
10950	/*
10951	 * Run back along the OOA queue, starting with the current
10952	 * blocked I/O and going through every I/O before it on the
10953	 * queue.  If starting_io is NULL, we'll just end up returning
10954	 * CTL_ACTION_PASS.
10955	 */
10956	for (ooa_io = starting_io; ooa_io != NULL;
10957	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10958	     ooa_links)){
10959
10960		/*
10961		 * This routine just checks to see whether
10962		 * cur_blocked is blocked by ooa_io, which is ahead
10963		 * of it in the queue.  It doesn't queue/dequeue
10964		 * cur_blocked.
10965		 */
10966		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10967		switch (action) {
10968		case CTL_ACTION_BLOCK:
10969		case CTL_ACTION_OVERLAP:
10970		case CTL_ACTION_OVERLAP_TAG:
10971		case CTL_ACTION_SKIP:
10972		case CTL_ACTION_ERROR:
10973			return (action);
10974			break; /* NOTREACHED */
10975		case CTL_ACTION_PASS:
10976			break;
10977		default:
10978			panic("invalid action %d", action);
10979			break;  /* NOTREACHED */
10980		}
10981	}
10982
10983	return (CTL_ACTION_PASS);
10984}
10985
10986/*
10987 * Assumptions:
10988 * - An I/O has just completed, and has been removed from the per-LUN OOA
10989 *   queue, so some items on the blocked queue may now be unblocked.
10990 */
10991static int
10992ctl_check_blocked(struct ctl_lun *lun)
10993{
10994	struct ctl_softc *softc = lun->ctl_softc;
10995	union ctl_io *cur_blocked, *next_blocked;
10996
10997	mtx_assert(&lun->lun_lock, MA_OWNED);
10998
10999	/*
11000	 * Run forward from the head of the blocked queue, checking each
11001	 * entry against the I/Os prior to it on the OOA queue to see if
11002	 * there is still any blockage.
11003	 *
11004	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
11005	 * with our removing a variable on it while it is traversing the
11006	 * list.
11007	 */
11008	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
11009	     cur_blocked != NULL; cur_blocked = next_blocked) {
11010		union ctl_io *prev_ooa;
11011		ctl_action action;
11012
11013		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
11014							  blocked_links);
11015
11016		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
11017						      ctl_ooaq, ooa_links);
11018
11019		/*
11020		 * If cur_blocked happens to be the first item in the OOA
11021		 * queue now, prev_ooa will be NULL, and the action
11022		 * returned will just be CTL_ACTION_PASS.
11023		 */
11024		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
11025
11026		switch (action) {
11027		case CTL_ACTION_BLOCK:
11028			/* Nothing to do here, still blocked */
11029			break;
11030		case CTL_ACTION_OVERLAP:
11031		case CTL_ACTION_OVERLAP_TAG:
11032			/*
11033			 * This shouldn't happen!  In theory we've already
11034			 * checked this command for overlap...
11035			 */
11036			break;
11037		case CTL_ACTION_PASS:
11038		case CTL_ACTION_SKIP: {
11039			const struct ctl_cmd_entry *entry;
11040
11041			/*
11042			 * The skip case shouldn't happen, this transaction
11043			 * should have never made it onto the blocked queue.
11044			 */
11045			/*
11046			 * This I/O is no longer blocked, we can remove it
11047			 * from the blocked queue.  Since this is a TAILQ
11048			 * (doubly linked list), we can do O(1) removals
11049			 * from any place on the list.
11050			 */
11051			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11052				     blocked_links);
11053			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11054
11055			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11056			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11057				/*
11058				 * Need to send IO back to original side to
11059				 * run
11060				 */
11061				union ctl_ha_msg msg_info;
11062
11063				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11064				msg_info.hdr.original_sc =
11065					cur_blocked->io_hdr.original_sc;
11066				msg_info.hdr.serializing_sc = cur_blocked;
11067				msg_info.hdr.msg_type = CTL_MSG_R2R;
11068				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11069				    sizeof(msg_info.hdr), M_NOWAIT);
11070				break;
11071			}
11072			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11073
11074			/*
11075			 * Check this I/O for LUN state changes that may
11076			 * have happened while this command was blocked.
11077			 * The LUN state may have been changed by a command
11078			 * ahead of us in the queue, so we need to re-check
11079			 * for any states that can be caused by SCSI
11080			 * commands.
11081			 */
11082			if (ctl_scsiio_lun_check(lun, entry,
11083						 &cur_blocked->scsiio) == 0) {
11084				cur_blocked->io_hdr.flags |=
11085				                      CTL_FLAG_IS_WAS_ON_RTR;
11086				ctl_enqueue_rtr(cur_blocked);
11087			} else
11088				ctl_done(cur_blocked);
11089			break;
11090		}
11091		default:
11092			/*
11093			 * This probably shouldn't happen -- we shouldn't
11094			 * get CTL_ACTION_ERROR, or anything else.
11095			 */
11096			break;
11097		}
11098	}
11099
11100	return (CTL_RETVAL_COMPLETE);
11101}
11102
11103/*
11104 * This routine (with one exception) checks LUN flags that can be set by
11105 * commands ahead of us in the OOA queue.  These flags have to be checked
11106 * when a command initially comes in, and when we pull a command off the
11107 * blocked queue and are preparing to execute it.  The reason we have to
11108 * check these flags for commands on the blocked queue is that the LUN
11109 * state may have been changed by a command ahead of us while we're on the
11110 * blocked queue.
11111 *
11112 * Ordering is somewhat important with these checks, so please pay
11113 * careful attention to the placement of any new checks.
11114 */
11115static int
11116ctl_scsiio_lun_check(struct ctl_lun *lun,
11117    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11118{
11119	struct ctl_softc *softc = lun->ctl_softc;
11120	int retval;
11121	uint32_t residx;
11122
11123	retval = 0;
11124
11125	mtx_assert(&lun->lun_lock, MA_OWNED);
11126
11127	/*
11128	 * If this shelf is a secondary shelf controller, we may have to
11129	 * reject some commands disallowed by HA mode and link state.
11130	 */
11131	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11132		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11133		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11134			ctl_set_lun_unavail(ctsio);
11135			retval = 1;
11136			goto bailout;
11137		}
11138		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11139		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11140			ctl_set_lun_transit(ctsio);
11141			retval = 1;
11142			goto bailout;
11143		}
11144		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11145		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11146			ctl_set_lun_standby(ctsio);
11147			retval = 1;
11148			goto bailout;
11149		}
11150
11151		/* The rest of checks are only done on executing side */
11152		if (softc->ha_mode == CTL_HA_MODE_XFER)
11153			goto bailout;
11154	}
11155
11156	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11157		if (lun->be_lun &&
11158		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11159			ctl_set_hw_write_protected(ctsio);
11160			retval = 1;
11161			goto bailout;
11162		}
11163		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11164		    .eca_and_aen & SCP_SWP) != 0) {
11165			ctl_set_sense(ctsio, /*current_error*/ 1,
11166			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11167			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11168			retval = 1;
11169			goto bailout;
11170		}
11171	}
11172
11173	/*
11174	 * Check for a reservation conflict.  If this command isn't allowed
11175	 * even on reserved LUNs, and if this initiator isn't the one who
11176	 * reserved us, reject the command with a reservation conflict.
11177	 */
11178	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11179	if ((lun->flags & CTL_LUN_RESERVED)
11180	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11181		if (lun->res_idx != residx) {
11182			ctl_set_reservation_conflict(ctsio);
11183			retval = 1;
11184			goto bailout;
11185		}
11186	}
11187
11188	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11189	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11190		/* No reservation or command is allowed. */;
11191	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11192	    (lun->res_type == SPR_TYPE_WR_EX ||
11193	     lun->res_type == SPR_TYPE_WR_EX_RO ||
11194	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
11195		/* The command is allowed for Write Exclusive resv. */;
11196	} else {
11197		/*
11198		 * if we aren't registered or it's a res holder type
11199		 * reservation and this isn't the res holder then set a
11200		 * conflict.
11201		 */
11202		if (ctl_get_prkey(lun, residx) == 0
11203		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11204			ctl_set_reservation_conflict(ctsio);
11205			retval = 1;
11206			goto bailout;
11207		}
11208	}
11209
11210	if ((lun->flags & CTL_LUN_OFFLINE)
11211	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
11212		ctl_set_lun_not_ready(ctsio);
11213		retval = 1;
11214		goto bailout;
11215	}
11216
11217	if ((lun->flags & CTL_LUN_STOPPED)
11218	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11219		/* "Logical unit not ready, initializing cmd. required" */
11220		ctl_set_lun_stopped(ctsio);
11221		retval = 1;
11222		goto bailout;
11223	}
11224
11225	if ((lun->flags & CTL_LUN_INOPERABLE)
11226	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11227		/* "Medium format corrupted" */
11228		ctl_set_medium_format_corrupted(ctsio);
11229		retval = 1;
11230		goto bailout;
11231	}
11232
11233bailout:
11234	return (retval);
11235}
11236
11237static void
11238ctl_failover_io(union ctl_io *io, int have_lock)
11239{
11240	ctl_set_busy(&io->scsiio);
11241	ctl_done(io);
11242}
11243
11244static void
11245ctl_failover_lun(struct ctl_lun *lun)
11246{
11247	struct ctl_softc *softc = lun->ctl_softc;
11248	struct ctl_io_hdr *io, *next_io;
11249
11250	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", lun->lun));
11251	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11252		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11253			/* We are master */
11254			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11255				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11256					io->flags |= CTL_FLAG_ABORT;
11257					io->flags |= CTL_FLAG_FAILOVER;
11258				} else { /* This can be only due to DATAMOVE */
11259					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11260					io->flags &= ~CTL_FLAG_DMA_INPROG;
11261					io->flags |= CTL_FLAG_IO_ACTIVE;
11262					io->port_status = 31340;
11263					ctl_enqueue_isc((union ctl_io *)io);
11264				}
11265			}
11266			/* We are slave */
11267			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11268				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11269				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11270					io->flags |= CTL_FLAG_FAILOVER;
11271				} else {
11272					ctl_set_busy(&((union ctl_io *)io)->
11273					    scsiio);
11274					ctl_done((union ctl_io *)io);
11275				}
11276			}
11277		}
11278	} else { /* SERIALIZE modes */
11279		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11280		    next_io) {
11281			/* We are master */
11282			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11283				TAILQ_REMOVE(&lun->blocked_queue, io,
11284				    blocked_links);
11285				io->flags &= ~CTL_FLAG_BLOCKED;
11286				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11287				ctl_free_io((union ctl_io *)io);
11288			}
11289		}
11290		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11291			/* We are master */
11292			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11293				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11294				ctl_free_io((union ctl_io *)io);
11295			}
11296			/* We are slave */
11297			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11298				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11299				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11300					ctl_set_busy(&((union ctl_io *)io)->
11301					    scsiio);
11302					ctl_done((union ctl_io *)io);
11303				}
11304			}
11305		}
11306		ctl_check_blocked(lun);
11307	}
11308}
11309
11310static int
11311ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11312{
11313	struct ctl_lun *lun;
11314	const struct ctl_cmd_entry *entry;
11315	uint32_t initidx, targ_lun;
11316	int retval;
11317
11318	retval = 0;
11319
11320	lun = NULL;
11321
11322	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11323	if ((targ_lun < CTL_MAX_LUNS)
11324	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11325		/*
11326		 * If the LUN is invalid, pretend that it doesn't exist.
11327		 * It will go away as soon as all pending I/O has been
11328		 * completed.
11329		 */
11330		mtx_lock(&lun->lun_lock);
11331		if (lun->flags & CTL_LUN_DISABLED) {
11332			mtx_unlock(&lun->lun_lock);
11333			lun = NULL;
11334			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11335			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11336		} else {
11337			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11338			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11339				lun->be_lun;
11340
11341			/*
11342			 * Every I/O goes into the OOA queue for a
11343			 * particular LUN, and stays there until completion.
11344			 */
11345#ifdef CTL_TIME_IO
11346			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11347				lun->idle_time += getsbinuptime() -
11348				    lun->last_busy;
11349			}
11350#endif
11351			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11352			    ooa_links);
11353		}
11354	} else {
11355		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11356		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11357	}
11358
11359	/* Get command entry and return error if it is unsuppotyed. */
11360	entry = ctl_validate_command(ctsio);
11361	if (entry == NULL) {
11362		if (lun)
11363			mtx_unlock(&lun->lun_lock);
11364		return (retval);
11365	}
11366
11367	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11368	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11369
11370	/*
11371	 * Check to see whether we can send this command to LUNs that don't
11372	 * exist.  This should pretty much only be the case for inquiry
11373	 * and request sense.  Further checks, below, really require having
11374	 * a LUN, so we can't really check the command anymore.  Just put
11375	 * it on the rtr queue.
11376	 */
11377	if (lun == NULL) {
11378		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11379			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11380			ctl_enqueue_rtr((union ctl_io *)ctsio);
11381			return (retval);
11382		}
11383
11384		ctl_set_unsupported_lun(ctsio);
11385		ctl_done((union ctl_io *)ctsio);
11386		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11387		return (retval);
11388	} else {
11389		/*
11390		 * Make sure we support this particular command on this LUN.
11391		 * e.g., we don't support writes to the control LUN.
11392		 */
11393		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11394			mtx_unlock(&lun->lun_lock);
11395			ctl_set_invalid_opcode(ctsio);
11396			ctl_done((union ctl_io *)ctsio);
11397			return (retval);
11398		}
11399	}
11400
11401	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11402
11403#ifdef CTL_WITH_CA
11404	/*
11405	 * If we've got a request sense, it'll clear the contingent
11406	 * allegiance condition.  Otherwise, if we have a CA condition for
11407	 * this initiator, clear it, because it sent down a command other
11408	 * than request sense.
11409	 */
11410	if ((ctsio->cdb[0] != REQUEST_SENSE)
11411	 && (ctl_is_set(lun->have_ca, initidx)))
11412		ctl_clear_mask(lun->have_ca, initidx);
11413#endif
11414
11415	/*
11416	 * If the command has this flag set, it handles its own unit
11417	 * attention reporting, we shouldn't do anything.  Otherwise we
11418	 * check for any pending unit attentions, and send them back to the
11419	 * initiator.  We only do this when a command initially comes in,
11420	 * not when we pull it off the blocked queue.
11421	 *
11422	 * According to SAM-3, section 5.3.2, the order that things get
11423	 * presented back to the host is basically unit attentions caused
11424	 * by some sort of reset event, busy status, reservation conflicts
11425	 * or task set full, and finally any other status.
11426	 *
11427	 * One issue here is that some of the unit attentions we report
11428	 * don't fall into the "reset" category (e.g. "reported luns data
11429	 * has changed").  So reporting it here, before the reservation
11430	 * check, may be technically wrong.  I guess the only thing to do
11431	 * would be to check for and report the reset events here, and then
11432	 * check for the other unit attention types after we check for a
11433	 * reservation conflict.
11434	 *
11435	 * XXX KDM need to fix this
11436	 */
11437	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11438		ctl_ua_type ua_type;
11439
11440		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11441		    SSD_TYPE_NONE);
11442		if (ua_type != CTL_UA_NONE) {
11443			mtx_unlock(&lun->lun_lock);
11444			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11445			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11446			ctsio->sense_len = SSD_FULL_SIZE;
11447			ctl_done((union ctl_io *)ctsio);
11448			return (retval);
11449		}
11450	}
11451
11452
11453	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11454		mtx_unlock(&lun->lun_lock);
11455		ctl_done((union ctl_io *)ctsio);
11456		return (retval);
11457	}
11458
11459	/*
11460	 * XXX CHD this is where we want to send IO to other side if
11461	 * this LUN is secondary on this SC. We will need to make a copy
11462	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11463	 * the copy we send as FROM_OTHER.
11464	 * We also need to stuff the address of the original IO so we can
11465	 * find it easily. Something similar will need be done on the other
11466	 * side so when we are done we can find the copy.
11467	 */
11468	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11469	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11470	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11471		union ctl_ha_msg msg_info;
11472		int isc_retval;
11473
11474		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11475		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11476		mtx_unlock(&lun->lun_lock);
11477
11478		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11479		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11480		msg_info.hdr.serializing_sc = NULL;
11481		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11482		msg_info.scsi.tag_num = ctsio->tag_num;
11483		msg_info.scsi.tag_type = ctsio->tag_type;
11484		msg_info.scsi.cdb_len = ctsio->cdb_len;
11485		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11486
11487		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11488		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11489		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11490			ctl_set_busy(ctsio);
11491			ctl_done((union ctl_io *)ctsio);
11492			return (retval);
11493		}
11494		return (retval);
11495	}
11496
11497	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11498			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11499			      ctl_ooaq, ooa_links))) {
11500	case CTL_ACTION_BLOCK:
11501		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11502		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11503				  blocked_links);
11504		mtx_unlock(&lun->lun_lock);
11505		return (retval);
11506	case CTL_ACTION_PASS:
11507	case CTL_ACTION_SKIP:
11508		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11509		mtx_unlock(&lun->lun_lock);
11510		ctl_enqueue_rtr((union ctl_io *)ctsio);
11511		break;
11512	case CTL_ACTION_OVERLAP:
11513		mtx_unlock(&lun->lun_lock);
11514		ctl_set_overlapped_cmd(ctsio);
11515		ctl_done((union ctl_io *)ctsio);
11516		break;
11517	case CTL_ACTION_OVERLAP_TAG:
11518		mtx_unlock(&lun->lun_lock);
11519		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11520		ctl_done((union ctl_io *)ctsio);
11521		break;
11522	case CTL_ACTION_ERROR:
11523	default:
11524		mtx_unlock(&lun->lun_lock);
11525		ctl_set_internal_failure(ctsio,
11526					 /*sks_valid*/ 0,
11527					 /*retry_count*/ 0);
11528		ctl_done((union ctl_io *)ctsio);
11529		break;
11530	}
11531	return (retval);
11532}
11533
11534const struct ctl_cmd_entry *
11535ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11536{
11537	const struct ctl_cmd_entry *entry;
11538	int service_action;
11539
11540	entry = &ctl_cmd_table[ctsio->cdb[0]];
11541	if (sa)
11542		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11543	if (entry->flags & CTL_CMD_FLAG_SA5) {
11544		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11545		entry = &((const struct ctl_cmd_entry *)
11546		    entry->execute)[service_action];
11547	}
11548	return (entry);
11549}
11550
11551const struct ctl_cmd_entry *
11552ctl_validate_command(struct ctl_scsiio *ctsio)
11553{
11554	const struct ctl_cmd_entry *entry;
11555	int i, sa;
11556	uint8_t diff;
11557
11558	entry = ctl_get_cmd_entry(ctsio, &sa);
11559	if (entry->execute == NULL) {
11560		if (sa)
11561			ctl_set_invalid_field(ctsio,
11562					      /*sks_valid*/ 1,
11563					      /*command*/ 1,
11564					      /*field*/ 1,
11565					      /*bit_valid*/ 1,
11566					      /*bit*/ 4);
11567		else
11568			ctl_set_invalid_opcode(ctsio);
11569		ctl_done((union ctl_io *)ctsio);
11570		return (NULL);
11571	}
11572	KASSERT(entry->length > 0,
11573	    ("Not defined length for command 0x%02x/0x%02x",
11574	     ctsio->cdb[0], ctsio->cdb[1]));
11575	for (i = 1; i < entry->length; i++) {
11576		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11577		if (diff == 0)
11578			continue;
11579		ctl_set_invalid_field(ctsio,
11580				      /*sks_valid*/ 1,
11581				      /*command*/ 1,
11582				      /*field*/ i,
11583				      /*bit_valid*/ 1,
11584				      /*bit*/ fls(diff) - 1);
11585		ctl_done((union ctl_io *)ctsio);
11586		return (NULL);
11587	}
11588	return (entry);
11589}
11590
11591static int
11592ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11593{
11594
11595	switch (lun_type) {
11596	case T_PROCESSOR:
11597		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11598			return (0);
11599		break;
11600	case T_DIRECT:
11601		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11602			return (0);
11603		break;
11604	default:
11605		return (0);
11606	}
11607	return (1);
11608}
11609
11610static int
11611ctl_scsiio(struct ctl_scsiio *ctsio)
11612{
11613	int retval;
11614	const struct ctl_cmd_entry *entry;
11615
11616	retval = CTL_RETVAL_COMPLETE;
11617
11618	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11619
11620	entry = ctl_get_cmd_entry(ctsio, NULL);
11621
11622	/*
11623	 * If this I/O has been aborted, just send it straight to
11624	 * ctl_done() without executing it.
11625	 */
11626	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11627		ctl_done((union ctl_io *)ctsio);
11628		goto bailout;
11629	}
11630
11631	/*
11632	 * All the checks should have been handled by ctl_scsiio_precheck().
11633	 * We should be clear now to just execute the I/O.
11634	 */
11635	retval = entry->execute(ctsio);
11636
11637bailout:
11638	return (retval);
11639}
11640
11641/*
11642 * Since we only implement one target right now, a bus reset simply resets
11643 * our single target.
11644 */
11645static int
11646ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11647{
11648	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11649}
11650
11651static int
11652ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11653		 ctl_ua_type ua_type)
11654{
11655	struct ctl_port *port;
11656	struct ctl_lun *lun;
11657	int retval;
11658
11659	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11660		union ctl_ha_msg msg_info;
11661
11662		msg_info.hdr.nexus = io->io_hdr.nexus;
11663		if (ua_type==CTL_UA_TARG_RESET)
11664			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11665		else
11666			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11667		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11668		msg_info.hdr.original_sc = NULL;
11669		msg_info.hdr.serializing_sc = NULL;
11670		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11671		    sizeof(msg_info.task), M_WAITOK);
11672	}
11673	retval = 0;
11674
11675	mtx_lock(&softc->ctl_lock);
11676	port = softc->ctl_ports[io->io_hdr.nexus.targ_port];
11677	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11678		if (port != NULL &&
11679		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11680			continue;
11681		retval += ctl_do_lun_reset(lun, io, ua_type);
11682	}
11683	mtx_unlock(&softc->ctl_lock);
11684	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11685	return (retval);
11686}
11687
11688/*
11689 * The LUN should always be set.  The I/O is optional, and is used to
11690 * distinguish between I/Os sent by this initiator, and by other
11691 * initiators.  We set unit attention for initiators other than this one.
11692 * SAM-3 is vague on this point.  It does say that a unit attention should
11693 * be established for other initiators when a LUN is reset (see section
11694 * 5.7.3), but it doesn't specifically say that the unit attention should
11695 * be established for this particular initiator when a LUN is reset.  Here
11696 * is the relevant text, from SAM-3 rev 8:
11697 *
11698 * 5.7.2 When a SCSI initiator port aborts its own tasks
11699 *
11700 * When a SCSI initiator port causes its own task(s) to be aborted, no
11701 * notification that the task(s) have been aborted shall be returned to
11702 * the SCSI initiator port other than the completion response for the
11703 * command or task management function action that caused the task(s) to
11704 * be aborted and notification(s) associated with related effects of the
11705 * action (e.g., a reset unit attention condition).
11706 *
11707 * XXX KDM for now, we're setting unit attention for all initiators.
11708 */
11709static int
11710ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11711{
11712	union ctl_io *xio;
11713#if 0
11714	uint32_t initidx;
11715#endif
11716#ifdef CTL_WITH_CA
11717	int i;
11718#endif
11719
11720	mtx_lock(&lun->lun_lock);
11721	/*
11722	 * Run through the OOA queue and abort each I/O.
11723	 */
11724	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11725	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11726		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11727	}
11728
11729	/*
11730	 * This version sets unit attention for every
11731	 */
11732#if 0
11733	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11734	ctl_est_ua_all(lun, initidx, ua_type);
11735#else
11736	ctl_est_ua_all(lun, -1, ua_type);
11737#endif
11738
11739	/*
11740	 * A reset (any kind, really) clears reservations established with
11741	 * RESERVE/RELEASE.  It does not clear reservations established
11742	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11743	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11744	 * reservations made with the RESERVE/RELEASE commands, because
11745	 * those commands are obsolete in SPC-3.
11746	 */
11747	lun->flags &= ~CTL_LUN_RESERVED;
11748
11749#ifdef CTL_WITH_CA
11750	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11751		ctl_clear_mask(lun->have_ca, i);
11752#endif
11753	mtx_unlock(&lun->lun_lock);
11754
11755	return (0);
11756}
11757
11758static int
11759ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11760{
11761	struct ctl_lun *lun;
11762	uint32_t targ_lun;
11763	int retval;
11764
11765	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11766	mtx_lock(&softc->ctl_lock);
11767	if ((targ_lun >= CTL_MAX_LUNS) ||
11768	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11769		mtx_unlock(&softc->ctl_lock);
11770		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11771		return (1);
11772	}
11773	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11774	mtx_unlock(&softc->ctl_lock);
11775	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11776
11777	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11778		union ctl_ha_msg msg_info;
11779
11780		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11781		msg_info.hdr.nexus = io->io_hdr.nexus;
11782		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11783		msg_info.hdr.original_sc = NULL;
11784		msg_info.hdr.serializing_sc = NULL;
11785		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11786		    sizeof(msg_info.task), M_WAITOK);
11787	}
11788	return (retval);
11789}
11790
11791static void
11792ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11793    int other_sc)
11794{
11795	union ctl_io *xio;
11796
11797	mtx_assert(&lun->lun_lock, MA_OWNED);
11798
11799	/*
11800	 * Run through the OOA queue and attempt to find the given I/O.
11801	 * The target port, initiator ID, tag type and tag number have to
11802	 * match the values that we got from the initiator.  If we have an
11803	 * untagged command to abort, simply abort the first untagged command
11804	 * we come to.  We only allow one untagged command at a time of course.
11805	 */
11806	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11807	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11808
11809		if ((targ_port == UINT32_MAX ||
11810		     targ_port == xio->io_hdr.nexus.targ_port) &&
11811		    (init_id == UINT32_MAX ||
11812		     init_id == xio->io_hdr.nexus.initid)) {
11813			if (targ_port != xio->io_hdr.nexus.targ_port ||
11814			    init_id != xio->io_hdr.nexus.initid)
11815				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11816			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11817			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11818				union ctl_ha_msg msg_info;
11819
11820				msg_info.hdr.nexus = xio->io_hdr.nexus;
11821				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11822				msg_info.task.tag_num = xio->scsiio.tag_num;
11823				msg_info.task.tag_type = xio->scsiio.tag_type;
11824				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11825				msg_info.hdr.original_sc = NULL;
11826				msg_info.hdr.serializing_sc = NULL;
11827				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11828				    sizeof(msg_info.task), M_NOWAIT);
11829			}
11830		}
11831	}
11832}
11833
11834static int
11835ctl_abort_task_set(union ctl_io *io)
11836{
11837	struct ctl_softc *softc = control_softc;
11838	struct ctl_lun *lun;
11839	uint32_t targ_lun;
11840
11841	/*
11842	 * Look up the LUN.
11843	 */
11844	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11845	mtx_lock(&softc->ctl_lock);
11846	if ((targ_lun >= CTL_MAX_LUNS) ||
11847	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11848		mtx_unlock(&softc->ctl_lock);
11849		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11850		return (1);
11851	}
11852
11853	mtx_lock(&lun->lun_lock);
11854	mtx_unlock(&softc->ctl_lock);
11855	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11856		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11857		    io->io_hdr.nexus.initid,
11858		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11859	} else { /* CTL_TASK_CLEAR_TASK_SET */
11860		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11861		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11862	}
11863	mtx_unlock(&lun->lun_lock);
11864	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11865	return (0);
11866}
11867
11868static int
11869ctl_i_t_nexus_reset(union ctl_io *io)
11870{
11871	struct ctl_softc *softc = control_softc;
11872	struct ctl_lun *lun;
11873	uint32_t initidx;
11874
11875	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11876		union ctl_ha_msg msg_info;
11877
11878		msg_info.hdr.nexus = io->io_hdr.nexus;
11879		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11880		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11881		msg_info.hdr.original_sc = NULL;
11882		msg_info.hdr.serializing_sc = NULL;
11883		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11884		    sizeof(msg_info.task), M_WAITOK);
11885	}
11886
11887	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11888	mtx_lock(&softc->ctl_lock);
11889	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11890		mtx_lock(&lun->lun_lock);
11891		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11892		    io->io_hdr.nexus.initid, 1);
11893#ifdef CTL_WITH_CA
11894		ctl_clear_mask(lun->have_ca, initidx);
11895#endif
11896		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11897			lun->flags &= ~CTL_LUN_RESERVED;
11898		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11899		mtx_unlock(&lun->lun_lock);
11900	}
11901	mtx_unlock(&softc->ctl_lock);
11902	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11903	return (0);
11904}
11905
11906static int
11907ctl_abort_task(union ctl_io *io)
11908{
11909	union ctl_io *xio;
11910	struct ctl_lun *lun;
11911	struct ctl_softc *softc;
11912#if 0
11913	struct sbuf sb;
11914	char printbuf[128];
11915#endif
11916	int found;
11917	uint32_t targ_lun;
11918
11919	softc = control_softc;
11920	found = 0;
11921
11922	/*
11923	 * Look up the LUN.
11924	 */
11925	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11926	mtx_lock(&softc->ctl_lock);
11927	if ((targ_lun >= CTL_MAX_LUNS) ||
11928	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11929		mtx_unlock(&softc->ctl_lock);
11930		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11931		return (1);
11932	}
11933
11934#if 0
11935	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11936	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11937#endif
11938
11939	mtx_lock(&lun->lun_lock);
11940	mtx_unlock(&softc->ctl_lock);
11941	/*
11942	 * Run through the OOA queue and attempt to find the given I/O.
11943	 * The target port, initiator ID, tag type and tag number have to
11944	 * match the values that we got from the initiator.  If we have an
11945	 * untagged command to abort, simply abort the first untagged command
11946	 * we come to.  We only allow one untagged command at a time of course.
11947	 */
11948	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11949	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11950#if 0
11951		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11952
11953		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11954			    lun->lun, xio->scsiio.tag_num,
11955			    xio->scsiio.tag_type,
11956			    (xio->io_hdr.blocked_links.tqe_prev
11957			    == NULL) ? "" : " BLOCKED",
11958			    (xio->io_hdr.flags &
11959			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11960			    (xio->io_hdr.flags &
11961			    CTL_FLAG_ABORT) ? " ABORT" : "",
11962			    (xio->io_hdr.flags &
11963			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11964		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11965		sbuf_finish(&sb);
11966		printf("%s\n", sbuf_data(&sb));
11967#endif
11968
11969		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11970		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11971		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11972			continue;
11973
11974		/*
11975		 * If the abort says that the task is untagged, the
11976		 * task in the queue must be untagged.  Otherwise,
11977		 * we just check to see whether the tag numbers
11978		 * match.  This is because the QLogic firmware
11979		 * doesn't pass back the tag type in an abort
11980		 * request.
11981		 */
11982#if 0
11983		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11984		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11985		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11986#endif
11987		/*
11988		 * XXX KDM we've got problems with FC, because it
11989		 * doesn't send down a tag type with aborts.  So we
11990		 * can only really go by the tag number...
11991		 * This may cause problems with parallel SCSI.
11992		 * Need to figure that out!!
11993		 */
11994		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11995			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11996			found = 1;
11997			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11998			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11999				union ctl_ha_msg msg_info;
12000
12001				msg_info.hdr.nexus = io->io_hdr.nexus;
12002				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
12003				msg_info.task.tag_num = io->taskio.tag_num;
12004				msg_info.task.tag_type = io->taskio.tag_type;
12005				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
12006				msg_info.hdr.original_sc = NULL;
12007				msg_info.hdr.serializing_sc = NULL;
12008#if 0
12009				printf("Sent Abort to other side\n");
12010#endif
12011				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
12012				    sizeof(msg_info.task), M_NOWAIT);
12013			}
12014#if 0
12015			printf("ctl_abort_task: found I/O to abort\n");
12016#endif
12017		}
12018	}
12019	mtx_unlock(&lun->lun_lock);
12020
12021	if (found == 0) {
12022		/*
12023		 * This isn't really an error.  It's entirely possible for
12024		 * the abort and command completion to cross on the wire.
12025		 * This is more of an informative/diagnostic error.
12026		 */
12027#if 0
12028		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12029		       "%u:%u:%u tag %d type %d\n",
12030		       io->io_hdr.nexus.initid,
12031		       io->io_hdr.nexus.targ_port,
12032		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12033		       io->taskio.tag_type);
12034#endif
12035	}
12036	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12037	return (0);
12038}
12039
12040static int
12041ctl_query_task(union ctl_io *io, int task_set)
12042{
12043	union ctl_io *xio;
12044	struct ctl_lun *lun;
12045	struct ctl_softc *softc;
12046	int found = 0;
12047	uint32_t targ_lun;
12048
12049	softc = control_softc;
12050	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12051	mtx_lock(&softc->ctl_lock);
12052	if ((targ_lun >= CTL_MAX_LUNS) ||
12053	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12054		mtx_unlock(&softc->ctl_lock);
12055		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12056		return (1);
12057	}
12058	mtx_lock(&lun->lun_lock);
12059	mtx_unlock(&softc->ctl_lock);
12060	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12061	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12062
12063		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12064		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12065		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12066			continue;
12067
12068		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12069			found = 1;
12070			break;
12071		}
12072	}
12073	mtx_unlock(&lun->lun_lock);
12074	if (found)
12075		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12076	else
12077		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12078	return (0);
12079}
12080
12081static int
12082ctl_query_async_event(union ctl_io *io)
12083{
12084	struct ctl_lun *lun;
12085	struct ctl_softc *softc;
12086	ctl_ua_type ua;
12087	uint32_t targ_lun, initidx;
12088
12089	softc = control_softc;
12090	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12091	mtx_lock(&softc->ctl_lock);
12092	if ((targ_lun >= CTL_MAX_LUNS) ||
12093	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12094		mtx_unlock(&softc->ctl_lock);
12095		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12096		return (1);
12097	}
12098	mtx_lock(&lun->lun_lock);
12099	mtx_unlock(&softc->ctl_lock);
12100	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12101	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12102	mtx_unlock(&lun->lun_lock);
12103	if (ua != CTL_UA_NONE)
12104		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12105	else
12106		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12107	return (0);
12108}
12109
12110static void
12111ctl_run_task(union ctl_io *io)
12112{
12113	struct ctl_softc *softc = control_softc;
12114	int retval = 1;
12115
12116	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12117	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12118	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12119	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12120	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12121	switch (io->taskio.task_action) {
12122	case CTL_TASK_ABORT_TASK:
12123		retval = ctl_abort_task(io);
12124		break;
12125	case CTL_TASK_ABORT_TASK_SET:
12126	case CTL_TASK_CLEAR_TASK_SET:
12127		retval = ctl_abort_task_set(io);
12128		break;
12129	case CTL_TASK_CLEAR_ACA:
12130		break;
12131	case CTL_TASK_I_T_NEXUS_RESET:
12132		retval = ctl_i_t_nexus_reset(io);
12133		break;
12134	case CTL_TASK_LUN_RESET:
12135		retval = ctl_lun_reset(softc, io);
12136		break;
12137	case CTL_TASK_TARGET_RESET:
12138		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12139		break;
12140	case CTL_TASK_BUS_RESET:
12141		retval = ctl_bus_reset(softc, io);
12142		break;
12143	case CTL_TASK_PORT_LOGIN:
12144		break;
12145	case CTL_TASK_PORT_LOGOUT:
12146		break;
12147	case CTL_TASK_QUERY_TASK:
12148		retval = ctl_query_task(io, 0);
12149		break;
12150	case CTL_TASK_QUERY_TASK_SET:
12151		retval = ctl_query_task(io, 1);
12152		break;
12153	case CTL_TASK_QUERY_ASYNC_EVENT:
12154		retval = ctl_query_async_event(io);
12155		break;
12156	default:
12157		printf("%s: got unknown task management event %d\n",
12158		       __func__, io->taskio.task_action);
12159		break;
12160	}
12161	if (retval == 0)
12162		io->io_hdr.status = CTL_SUCCESS;
12163	else
12164		io->io_hdr.status = CTL_ERROR;
12165	ctl_done(io);
12166}
12167
12168/*
12169 * For HA operation.  Handle commands that come in from the other
12170 * controller.
12171 */
12172static void
12173ctl_handle_isc(union ctl_io *io)
12174{
12175	int free_io;
12176	struct ctl_lun *lun;
12177	struct ctl_softc *softc = control_softc;
12178	uint32_t targ_lun;
12179
12180	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12181	lun = softc->ctl_luns[targ_lun];
12182
12183	switch (io->io_hdr.msg_type) {
12184	case CTL_MSG_SERIALIZE:
12185		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12186		break;
12187	case CTL_MSG_R2R: {
12188		const struct ctl_cmd_entry *entry;
12189
12190		/*
12191		 * This is only used in SER_ONLY mode.
12192		 */
12193		free_io = 0;
12194		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12195		mtx_lock(&lun->lun_lock);
12196		if (ctl_scsiio_lun_check(lun,
12197		    entry, (struct ctl_scsiio *)io) != 0) {
12198			mtx_unlock(&lun->lun_lock);
12199			ctl_done(io);
12200			break;
12201		}
12202		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12203		mtx_unlock(&lun->lun_lock);
12204		ctl_enqueue_rtr(io);
12205		break;
12206	}
12207	case CTL_MSG_FINISH_IO:
12208		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12209			free_io = 0;
12210			ctl_done(io);
12211		} else {
12212			free_io = 1;
12213			mtx_lock(&lun->lun_lock);
12214			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12215				     ooa_links);
12216			ctl_check_blocked(lun);
12217			mtx_unlock(&lun->lun_lock);
12218		}
12219		break;
12220	case CTL_MSG_PERS_ACTION:
12221		ctl_hndl_per_res_out_on_other_sc(
12222			(union ctl_ha_msg *)&io->presio.pr_msg);
12223		free_io = 1;
12224		break;
12225	case CTL_MSG_BAD_JUJU:
12226		free_io = 0;
12227		ctl_done(io);
12228		break;
12229	case CTL_MSG_DATAMOVE:
12230		/* Only used in XFER mode */
12231		free_io = 0;
12232		ctl_datamove_remote(io);
12233		break;
12234	case CTL_MSG_DATAMOVE_DONE:
12235		/* Only used in XFER mode */
12236		free_io = 0;
12237		io->scsiio.be_move_done(io);
12238		break;
12239	case CTL_MSG_FAILOVER:
12240		mtx_lock(&lun->lun_lock);
12241		ctl_failover_lun(lun);
12242		mtx_unlock(&lun->lun_lock);
12243		free_io = 1;
12244		break;
12245	default:
12246		free_io = 1;
12247		printf("%s: Invalid message type %d\n",
12248		       __func__, io->io_hdr.msg_type);
12249		break;
12250	}
12251	if (free_io)
12252		ctl_free_io(io);
12253
12254}
12255
12256
12257/*
12258 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12259 * there is no match.
12260 */
12261static ctl_lun_error_pattern
12262ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12263{
12264	const struct ctl_cmd_entry *entry;
12265	ctl_lun_error_pattern filtered_pattern, pattern;
12266
12267	pattern = desc->error_pattern;
12268
12269	/*
12270	 * XXX KDM we need more data passed into this function to match a
12271	 * custom pattern, and we actually need to implement custom pattern
12272	 * matching.
12273	 */
12274	if (pattern & CTL_LUN_PAT_CMD)
12275		return (CTL_LUN_PAT_CMD);
12276
12277	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12278		return (CTL_LUN_PAT_ANY);
12279
12280	entry = ctl_get_cmd_entry(ctsio, NULL);
12281
12282	filtered_pattern = entry->pattern & pattern;
12283
12284	/*
12285	 * If the user requested specific flags in the pattern (e.g.
12286	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12287	 * flags.
12288	 *
12289	 * If the user did not specify any flags, it doesn't matter whether
12290	 * or not the command supports the flags.
12291	 */
12292	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12293	     (pattern & ~CTL_LUN_PAT_MASK))
12294		return (CTL_LUN_PAT_NONE);
12295
12296	/*
12297	 * If the user asked for a range check, see if the requested LBA
12298	 * range overlaps with this command's LBA range.
12299	 */
12300	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12301		uint64_t lba1;
12302		uint64_t len1;
12303		ctl_action action;
12304		int retval;
12305
12306		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12307		if (retval != 0)
12308			return (CTL_LUN_PAT_NONE);
12309
12310		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12311					      desc->lba_range.len, FALSE);
12312		/*
12313		 * A "pass" means that the LBA ranges don't overlap, so
12314		 * this doesn't match the user's range criteria.
12315		 */
12316		if (action == CTL_ACTION_PASS)
12317			return (CTL_LUN_PAT_NONE);
12318	}
12319
12320	return (filtered_pattern);
12321}
12322
12323static void
12324ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12325{
12326	struct ctl_error_desc *desc, *desc2;
12327
12328	mtx_assert(&lun->lun_lock, MA_OWNED);
12329
12330	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12331		ctl_lun_error_pattern pattern;
12332		/*
12333		 * Check to see whether this particular command matches
12334		 * the pattern in the descriptor.
12335		 */
12336		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12337		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12338			continue;
12339
12340		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12341		case CTL_LUN_INJ_ABORTED:
12342			ctl_set_aborted(&io->scsiio);
12343			break;
12344		case CTL_LUN_INJ_MEDIUM_ERR:
12345			ctl_set_medium_error(&io->scsiio,
12346			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12347			     CTL_FLAG_DATA_OUT);
12348			break;
12349		case CTL_LUN_INJ_UA:
12350			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12351			 * OCCURRED */
12352			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12353			break;
12354		case CTL_LUN_INJ_CUSTOM:
12355			/*
12356			 * We're assuming the user knows what he is doing.
12357			 * Just copy the sense information without doing
12358			 * checks.
12359			 */
12360			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12361			      MIN(sizeof(desc->custom_sense),
12362				  sizeof(io->scsiio.sense_data)));
12363			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12364			io->scsiio.sense_len = SSD_FULL_SIZE;
12365			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12366			break;
12367		case CTL_LUN_INJ_NONE:
12368		default:
12369			/*
12370			 * If this is an error injection type we don't know
12371			 * about, clear the continuous flag (if it is set)
12372			 * so it will get deleted below.
12373			 */
12374			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12375			break;
12376		}
12377		/*
12378		 * By default, each error injection action is a one-shot
12379		 */
12380		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12381			continue;
12382
12383		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12384
12385		free(desc, M_CTL);
12386	}
12387}
12388
12389#ifdef CTL_IO_DELAY
12390static void
12391ctl_datamove_timer_wakeup(void *arg)
12392{
12393	union ctl_io *io;
12394
12395	io = (union ctl_io *)arg;
12396
12397	ctl_datamove(io);
12398}
12399#endif /* CTL_IO_DELAY */
12400
12401void
12402ctl_datamove(union ctl_io *io)
12403{
12404	struct ctl_lun *lun;
12405	void (*fe_datamove)(union ctl_io *io);
12406
12407	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12408
12409	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12410
12411	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12412#ifdef CTL_TIME_IO
12413	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12414		char str[256];
12415		char path_str[64];
12416		struct sbuf sb;
12417
12418		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12419		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12420
12421		sbuf_cat(&sb, path_str);
12422		switch (io->io_hdr.io_type) {
12423		case CTL_IO_SCSI:
12424			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12425			sbuf_printf(&sb, "\n");
12426			sbuf_cat(&sb, path_str);
12427			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12428				    io->scsiio.tag_num, io->scsiio.tag_type);
12429			break;
12430		case CTL_IO_TASK:
12431			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12432				    "Tag Type: %d\n", io->taskio.task_action,
12433				    io->taskio.tag_num, io->taskio.tag_type);
12434			break;
12435		default:
12436			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12437			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12438			break;
12439		}
12440		sbuf_cat(&sb, path_str);
12441		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12442			    (intmax_t)time_uptime - io->io_hdr.start_time);
12443		sbuf_finish(&sb);
12444		printf("%s", sbuf_data(&sb));
12445	}
12446#endif /* CTL_TIME_IO */
12447
12448#ifdef CTL_IO_DELAY
12449	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12450		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12451	} else {
12452		if ((lun != NULL)
12453		 && (lun->delay_info.datamove_delay > 0)) {
12454
12455			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12456			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12457			callout_reset(&io->io_hdr.delay_callout,
12458				      lun->delay_info.datamove_delay * hz,
12459				      ctl_datamove_timer_wakeup, io);
12460			if (lun->delay_info.datamove_type ==
12461			    CTL_DELAY_TYPE_ONESHOT)
12462				lun->delay_info.datamove_delay = 0;
12463			return;
12464		}
12465	}
12466#endif
12467
12468	/*
12469	 * This command has been aborted.  Set the port status, so we fail
12470	 * the data move.
12471	 */
12472	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12473		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12474		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12475		       io->io_hdr.nexus.targ_port,
12476		       io->io_hdr.nexus.targ_lun);
12477		io->io_hdr.port_status = 31337;
12478		/*
12479		 * Note that the backend, in this case, will get the
12480		 * callback in its context.  In other cases it may get
12481		 * called in the frontend's interrupt thread context.
12482		 */
12483		io->scsiio.be_move_done(io);
12484		return;
12485	}
12486
12487	/* Don't confuse frontend with zero length data move. */
12488	if (io->scsiio.kern_data_len == 0) {
12489		io->scsiio.be_move_done(io);
12490		return;
12491	}
12492
12493	/*
12494	 * If we're in XFER mode and this I/O is from the other shelf
12495	 * controller, we need to send the DMA to the other side to
12496	 * actually transfer the data to/from the host.  In serialize only
12497	 * mode the transfer happens below CTL and ctl_datamove() is only
12498	 * called on the machine that originally received the I/O.
12499	 */
12500	if ((control_softc->ha_mode == CTL_HA_MODE_XFER)
12501	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
12502		union ctl_ha_msg msg;
12503		uint32_t sg_entries_sent;
12504		int do_sg_copy;
12505		int i;
12506
12507		memset(&msg, 0, sizeof(msg));
12508		msg.hdr.msg_type = CTL_MSG_DATAMOVE;
12509		msg.hdr.original_sc = io->io_hdr.original_sc;
12510		msg.hdr.serializing_sc = io;
12511		msg.hdr.nexus = io->io_hdr.nexus;
12512		msg.hdr.status = io->io_hdr.status;
12513		msg.dt.flags = io->io_hdr.flags;
12514		/*
12515		 * We convert everything into a S/G list here.  We can't
12516		 * pass by reference, only by value between controllers.
12517		 * So we can't pass a pointer to the S/G list, only as many
12518		 * S/G entries as we can fit in here.  If it's possible for
12519		 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
12520		 * then we need to break this up into multiple transfers.
12521		 */
12522		if (io->scsiio.kern_sg_entries == 0) {
12523			msg.dt.kern_sg_entries = 1;
12524#if 0
12525			/*
12526			 * Convert to a physical address if this is a
12527			 * virtual address.
12528			 */
12529			if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
12530				msg.dt.sg_list[0].addr =
12531					io->scsiio.kern_data_ptr;
12532			} else {
12533				/*
12534				 * XXX KDM use busdma here!
12535				 */
12536				msg.dt.sg_list[0].addr = (void *)
12537					vtophys(io->scsiio.kern_data_ptr);
12538			}
12539#else
12540			KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12541			    ("HA does not support BUS_ADDR"));
12542			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
12543#endif
12544
12545			msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
12546			do_sg_copy = 0;
12547		} else {
12548			msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
12549			do_sg_copy = 1;
12550		}
12551
12552		msg.dt.kern_data_len = io->scsiio.kern_data_len;
12553		msg.dt.kern_total_len = io->scsiio.kern_total_len;
12554		msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
12555		msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
12556		msg.dt.sg_sequence = 0;
12557
12558		/*
12559		 * Loop until we've sent all of the S/G entries.  On the
12560		 * other end, we'll recompose these S/G entries into one
12561		 * contiguous list before passing it to the
12562		 */
12563		for (sg_entries_sent = 0; sg_entries_sent <
12564		     msg.dt.kern_sg_entries; msg.dt.sg_sequence++) {
12565			msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list)/
12566				sizeof(msg.dt.sg_list[0])),
12567				msg.dt.kern_sg_entries - sg_entries_sent);
12568
12569			if (do_sg_copy != 0) {
12570				struct ctl_sg_entry *sgl;
12571				int j;
12572
12573				sgl = (struct ctl_sg_entry *)
12574					io->scsiio.kern_data_ptr;
12575				/*
12576				 * If this is in cached memory, flush the cache
12577				 * before we send the DMA request to the other
12578				 * controller.  We want to do this in either
12579				 * the * read or the write case.  The read
12580				 * case is straightforward.  In the write
12581				 * case, we want to make sure nothing is
12582				 * in the local cache that could overwrite
12583				 * the DMAed data.
12584				 */
12585
12586				for (i = sg_entries_sent, j = 0;
12587				     i < msg.dt.cur_sg_entries; i++, j++) {
12588#if 0
12589					if ((io->io_hdr.flags &
12590					     CTL_FLAG_BUS_ADDR) == 0) {
12591						/*
12592						 * XXX KDM use busdma.
12593						 */
12594						msg.dt.sg_list[j].addr =(void *)
12595						       vtophys(sgl[i].addr);
12596					} else {
12597						msg.dt.sg_list[j].addr =
12598							sgl[i].addr;
12599					}
12600#else
12601					KASSERT((io->io_hdr.flags &
12602					    CTL_FLAG_BUS_ADDR) == 0,
12603					    ("HA does not support BUS_ADDR"));
12604					msg.dt.sg_list[j].addr = sgl[i].addr;
12605#endif
12606					msg.dt.sg_list[j].len = sgl[i].len;
12607				}
12608			}
12609
12610			sg_entries_sent += msg.dt.cur_sg_entries;
12611			if (sg_entries_sent >= msg.dt.kern_sg_entries)
12612				msg.dt.sg_last = 1;
12613			else
12614				msg.dt.sg_last = 0;
12615
12616			if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12617			    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
12618			    sizeof(struct ctl_sg_entry)*msg.dt.cur_sg_entries,
12619			    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
12620				io->io_hdr.port_status = 31341;
12621				io->scsiio.be_move_done(io);
12622				return;
12623			}
12624
12625			msg.dt.sent_sg_entries = sg_entries_sent;
12626		}
12627
12628		/*
12629		 * Officially handover the request from us to peer.
12630		 * If failover has just happened, then we must return error.
12631		 * If failover happen just after, then it is not our problem.
12632		 */
12633		if (lun)
12634			mtx_lock(&lun->lun_lock);
12635		if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12636			if (lun)
12637				mtx_unlock(&lun->lun_lock);
12638			io->io_hdr.port_status = 31342;
12639			io->scsiio.be_move_done(io);
12640			return;
12641		}
12642		io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12643		io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
12644		if (lun)
12645			mtx_unlock(&lun->lun_lock);
12646	} else {
12647
12648		/*
12649		 * Lookup the fe_datamove() function for this particular
12650		 * front end.
12651		 */
12652		fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12653
12654		fe_datamove(io);
12655	}
12656}
12657
12658static void
12659ctl_send_datamove_done(union ctl_io *io, int have_lock)
12660{
12661	union ctl_ha_msg msg;
12662
12663	memset(&msg, 0, sizeof(msg));
12664
12665	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12666	msg.hdr.original_sc = io;
12667	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12668	msg.hdr.nexus = io->io_hdr.nexus;
12669	msg.hdr.status = io->io_hdr.status;
12670	msg.scsi.tag_num = io->scsiio.tag_num;
12671	msg.scsi.tag_type = io->scsiio.tag_type;
12672	msg.scsi.scsi_status = io->scsiio.scsi_status;
12673	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12674	       io->scsiio.sense_len);
12675	msg.scsi.sense_len = io->scsiio.sense_len;
12676	msg.scsi.sense_residual = io->scsiio.sense_residual;
12677	msg.scsi.fetd_status = io->io_hdr.port_status;
12678	msg.scsi.residual = io->scsiio.residual;
12679	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12680
12681	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12682		ctl_failover_io(io, /*have_lock*/ have_lock);
12683		return;
12684	}
12685
12686	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12687	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12688	    msg.scsi.sense_len, M_WAITOK);
12689}
12690
12691/*
12692 * The DMA to the remote side is done, now we need to tell the other side
12693 * we're done so it can continue with its data movement.
12694 */
12695static void
12696ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12697{
12698	union ctl_io *io;
12699	int i;
12700
12701	io = rq->context;
12702
12703	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12704		printf("%s: ISC DMA write failed with error %d", __func__,
12705		       rq->ret);
12706		ctl_set_internal_failure(&io->scsiio,
12707					 /*sks_valid*/ 1,
12708					 /*retry_count*/ rq->ret);
12709	}
12710
12711	ctl_dt_req_free(rq);
12712
12713	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12714		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12715	free(io->io_hdr.remote_sglist, M_CTL);
12716	io->io_hdr.remote_sglist = NULL;
12717	io->io_hdr.local_sglist = NULL;
12718
12719	/*
12720	 * The data is in local and remote memory, so now we need to send
12721	 * status (good or back) back to the other side.
12722	 */
12723	ctl_send_datamove_done(io, /*have_lock*/ 0);
12724}
12725
12726/*
12727 * We've moved the data from the host/controller into local memory.  Now we
12728 * need to push it over to the remote controller's memory.
12729 */
12730static int
12731ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12732{
12733	int retval;
12734
12735	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12736					  ctl_datamove_remote_write_cb);
12737	return (retval);
12738}
12739
12740static void
12741ctl_datamove_remote_write(union ctl_io *io)
12742{
12743	int retval;
12744	void (*fe_datamove)(union ctl_io *io);
12745
12746	/*
12747	 * - Get the data from the host/HBA into local memory.
12748	 * - DMA memory from the local controller to the remote controller.
12749	 * - Send status back to the remote controller.
12750	 */
12751
12752	retval = ctl_datamove_remote_sgl_setup(io);
12753	if (retval != 0)
12754		return;
12755
12756	/* Switch the pointer over so the FETD knows what to do */
12757	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12758
12759	/*
12760	 * Use a custom move done callback, since we need to send completion
12761	 * back to the other controller, not to the backend on this side.
12762	 */
12763	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12764
12765	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12766	fe_datamove(io);
12767}
12768
12769static int
12770ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12771{
12772#if 0
12773	char str[256];
12774	char path_str[64];
12775	struct sbuf sb;
12776#endif
12777	int i;
12778
12779	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12780		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12781	free(io->io_hdr.remote_sglist, M_CTL);
12782	io->io_hdr.remote_sglist = NULL;
12783	io->io_hdr.local_sglist = NULL;
12784
12785#if 0
12786	scsi_path_string(io, path_str, sizeof(path_str));
12787	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12788	sbuf_cat(&sb, path_str);
12789	scsi_command_string(&io->scsiio, NULL, &sb);
12790	sbuf_printf(&sb, "\n");
12791	sbuf_cat(&sb, path_str);
12792	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12793		    io->scsiio.tag_num, io->scsiio.tag_type);
12794	sbuf_cat(&sb, path_str);
12795	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12796		    io->io_hdr.flags, io->io_hdr.status);
12797	sbuf_finish(&sb);
12798	printk("%s", sbuf_data(&sb));
12799#endif
12800
12801
12802	/*
12803	 * The read is done, now we need to send status (good or bad) back
12804	 * to the other side.
12805	 */
12806	ctl_send_datamove_done(io, /*have_lock*/ 0);
12807
12808	return (0);
12809}
12810
12811static void
12812ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12813{
12814	union ctl_io *io;
12815	void (*fe_datamove)(union ctl_io *io);
12816
12817	io = rq->context;
12818
12819	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12820		printf("%s: ISC DMA read failed with error %d\n", __func__,
12821		       rq->ret);
12822		ctl_set_internal_failure(&io->scsiio,
12823					 /*sks_valid*/ 1,
12824					 /*retry_count*/ rq->ret);
12825	}
12826
12827	ctl_dt_req_free(rq);
12828
12829	/* Switch the pointer over so the FETD knows what to do */
12830	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12831
12832	/*
12833	 * Use a custom move done callback, since we need to send completion
12834	 * back to the other controller, not to the backend on this side.
12835	 */
12836	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12837
12838	/* XXX KDM add checks like the ones in ctl_datamove? */
12839
12840	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12841	fe_datamove(io);
12842}
12843
12844static int
12845ctl_datamove_remote_sgl_setup(union ctl_io *io)
12846{
12847	struct ctl_sg_entry *local_sglist;
12848	uint32_t len_to_go;
12849	int retval;
12850	int i;
12851
12852	retval = 0;
12853	local_sglist = io->io_hdr.local_sglist;
12854	len_to_go = io->scsiio.kern_data_len;
12855
12856	/*
12857	 * The difficult thing here is that the size of the various
12858	 * S/G segments may be different than the size from the
12859	 * remote controller.  That'll make it harder when DMAing
12860	 * the data back to the other side.
12861	 */
12862	for (i = 0; len_to_go > 0; i++) {
12863		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12864		local_sglist[i].addr =
12865		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12866
12867		len_to_go -= local_sglist[i].len;
12868	}
12869	/*
12870	 * Reset the number of S/G entries accordingly.  The original
12871	 * number of S/G entries is available in rem_sg_entries.
12872	 */
12873	io->scsiio.kern_sg_entries = i;
12874
12875#if 0
12876	printf("%s: kern_sg_entries = %d\n", __func__,
12877	       io->scsiio.kern_sg_entries);
12878	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12879		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12880		       local_sglist[i].addr, local_sglist[i].len);
12881#endif
12882
12883	return (retval);
12884}
12885
12886static int
12887ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12888			 ctl_ha_dt_cb callback)
12889{
12890	struct ctl_ha_dt_req *rq;
12891	struct ctl_sg_entry *remote_sglist, *local_sglist;
12892	uint32_t local_used, remote_used, total_used;
12893	int i, j, isc_ret;
12894
12895	rq = ctl_dt_req_alloc();
12896
12897	/*
12898	 * If we failed to allocate the request, and if the DMA didn't fail
12899	 * anyway, set busy status.  This is just a resource allocation
12900	 * failure.
12901	 */
12902	if ((rq == NULL)
12903	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12904	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12905		ctl_set_busy(&io->scsiio);
12906
12907	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12908	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12909
12910		if (rq != NULL)
12911			ctl_dt_req_free(rq);
12912
12913		/*
12914		 * The data move failed.  We need to return status back
12915		 * to the other controller.  No point in trying to DMA
12916		 * data to the remote controller.
12917		 */
12918
12919		ctl_send_datamove_done(io, /*have_lock*/ 0);
12920
12921		return (1);
12922	}
12923
12924	local_sglist = io->io_hdr.local_sglist;
12925	remote_sglist = io->io_hdr.remote_sglist;
12926	local_used = 0;
12927	remote_used = 0;
12928	total_used = 0;
12929
12930	/*
12931	 * Pull/push the data over the wire from/to the other controller.
12932	 * This takes into account the possibility that the local and
12933	 * remote sglists may not be identical in terms of the size of
12934	 * the elements and the number of elements.
12935	 *
12936	 * One fundamental assumption here is that the length allocated for
12937	 * both the local and remote sglists is identical.  Otherwise, we've
12938	 * essentially got a coding error of some sort.
12939	 */
12940	isc_ret = CTL_HA_STATUS_SUCCESS;
12941	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12942		uint32_t cur_len;
12943		uint8_t *tmp_ptr;
12944
12945		rq->command = command;
12946		rq->context = io;
12947
12948		/*
12949		 * Both pointers should be aligned.  But it is possible
12950		 * that the allocation length is not.  They should both
12951		 * also have enough slack left over at the end, though,
12952		 * to round up to the next 8 byte boundary.
12953		 */
12954		cur_len = MIN(local_sglist[i].len - local_used,
12955			      remote_sglist[j].len - remote_used);
12956		rq->size = cur_len;
12957
12958		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12959		tmp_ptr += local_used;
12960
12961#if 0
12962		/* Use physical addresses when talking to ISC hardware */
12963		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12964			/* XXX KDM use busdma */
12965			rq->local = vtophys(tmp_ptr);
12966		} else
12967			rq->local = tmp_ptr;
12968#else
12969		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12970		    ("HA does not support BUS_ADDR"));
12971		rq->local = tmp_ptr;
12972#endif
12973
12974		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12975		tmp_ptr += remote_used;
12976		rq->remote = tmp_ptr;
12977
12978		rq->callback = NULL;
12979
12980		local_used += cur_len;
12981		if (local_used >= local_sglist[i].len) {
12982			i++;
12983			local_used = 0;
12984		}
12985
12986		remote_used += cur_len;
12987		if (remote_used >= remote_sglist[j].len) {
12988			j++;
12989			remote_used = 0;
12990		}
12991		total_used += cur_len;
12992
12993		if (total_used >= io->scsiio.kern_data_len)
12994			rq->callback = callback;
12995
12996#if 0
12997		printf("%s: %s: local %p remote %p size %d\n", __func__,
12998		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12999		       rq->local, rq->remote, rq->size);
13000#endif
13001
13002		isc_ret = ctl_dt_single(rq);
13003		if (isc_ret > CTL_HA_STATUS_SUCCESS)
13004			break;
13005	}
13006	if (isc_ret != CTL_HA_STATUS_WAIT) {
13007		rq->ret = isc_ret;
13008		callback(rq);
13009	}
13010
13011	return (0);
13012}
13013
13014static void
13015ctl_datamove_remote_read(union ctl_io *io)
13016{
13017	int retval;
13018	int i;
13019
13020	/*
13021	 * This will send an error to the other controller in the case of a
13022	 * failure.
13023	 */
13024	retval = ctl_datamove_remote_sgl_setup(io);
13025	if (retval != 0)
13026		return;
13027
13028	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
13029					  ctl_datamove_remote_read_cb);
13030	if (retval != 0) {
13031		/*
13032		 * Make sure we free memory if there was an error..  The
13033		 * ctl_datamove_remote_xfer() function will send the
13034		 * datamove done message, or call the callback with an
13035		 * error if there is a problem.
13036		 */
13037		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
13038			free(io->io_hdr.local_sglist[i].addr, M_CTL);
13039		free(io->io_hdr.remote_sglist, M_CTL);
13040		io->io_hdr.remote_sglist = NULL;
13041		io->io_hdr.local_sglist = NULL;
13042	}
13043}
13044
13045/*
13046 * Process a datamove request from the other controller.  This is used for
13047 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
13048 * first.  Once that is complete, the data gets DMAed into the remote
13049 * controller's memory.  For reads, we DMA from the remote controller's
13050 * memory into our memory first, and then move it out to the FETD.
13051 */
13052static void
13053ctl_datamove_remote(union ctl_io *io)
13054{
13055
13056	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
13057
13058	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
13059		ctl_failover_io(io, /*have_lock*/ 0);
13060		return;
13061	}
13062
13063	/*
13064	 * Note that we look for an aborted I/O here, but don't do some of
13065	 * the other checks that ctl_datamove() normally does.
13066	 * We don't need to run the datamove delay code, since that should
13067	 * have been done if need be on the other controller.
13068	 */
13069	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
13070		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
13071		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
13072		       io->io_hdr.nexus.targ_port,
13073		       io->io_hdr.nexus.targ_lun);
13074		io->io_hdr.port_status = 31338;
13075		ctl_send_datamove_done(io, /*have_lock*/ 0);
13076		return;
13077	}
13078
13079	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
13080		ctl_datamove_remote_write(io);
13081	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
13082		ctl_datamove_remote_read(io);
13083	else {
13084		io->io_hdr.port_status = 31339;
13085		ctl_send_datamove_done(io, /*have_lock*/ 0);
13086	}
13087}
13088
13089static int
13090ctl_process_done(union ctl_io *io)
13091{
13092	struct ctl_lun *lun;
13093	struct ctl_softc *softc = control_softc;
13094	void (*fe_done)(union ctl_io *io);
13095	union ctl_ha_msg msg;
13096	uint32_t targ_port = io->io_hdr.nexus.targ_port;
13097
13098	CTL_DEBUG_PRINT(("ctl_process_done\n"));
13099
13100	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0)
13101		fe_done = softc->ctl_ports[targ_port]->fe_done;
13102	else
13103		fe_done = NULL;
13104
13105#ifdef CTL_TIME_IO
13106	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
13107		char str[256];
13108		char path_str[64];
13109		struct sbuf sb;
13110
13111		ctl_scsi_path_string(io, path_str, sizeof(path_str));
13112		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
13113
13114		sbuf_cat(&sb, path_str);
13115		switch (io->io_hdr.io_type) {
13116		case CTL_IO_SCSI:
13117			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
13118			sbuf_printf(&sb, "\n");
13119			sbuf_cat(&sb, path_str);
13120			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
13121				    io->scsiio.tag_num, io->scsiio.tag_type);
13122			break;
13123		case CTL_IO_TASK:
13124			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
13125				    "Tag Type: %d\n", io->taskio.task_action,
13126				    io->taskio.tag_num, io->taskio.tag_type);
13127			break;
13128		default:
13129			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13130			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
13131			break;
13132		}
13133		sbuf_cat(&sb, path_str);
13134		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
13135			    (intmax_t)time_uptime - io->io_hdr.start_time);
13136		sbuf_finish(&sb);
13137		printf("%s", sbuf_data(&sb));
13138	}
13139#endif /* CTL_TIME_IO */
13140
13141	switch (io->io_hdr.io_type) {
13142	case CTL_IO_SCSI:
13143		break;
13144	case CTL_IO_TASK:
13145		if (ctl_debug & CTL_DEBUG_INFO)
13146			ctl_io_error_print(io, NULL);
13147		if (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)
13148			ctl_free_io(io);
13149		else
13150			fe_done(io);
13151		return (CTL_RETVAL_COMPLETE);
13152	default:
13153		panic("ctl_process_done: invalid io type %d\n",
13154		      io->io_hdr.io_type);
13155		break; /* NOTREACHED */
13156	}
13157
13158	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13159	if (lun == NULL) {
13160		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
13161				 io->io_hdr.nexus.targ_mapped_lun));
13162		goto bailout;
13163	}
13164
13165	mtx_lock(&lun->lun_lock);
13166
13167	/*
13168	 * Check to see if we have any errors to inject here.  We only
13169	 * inject errors for commands that don't already have errors set.
13170	 */
13171	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
13172	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
13173	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
13174		ctl_inject_error(lun, io);
13175
13176	/*
13177	 * XXX KDM how do we treat commands that aren't completed
13178	 * successfully?
13179	 *
13180	 * XXX KDM should we also track I/O latency?
13181	 */
13182	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
13183	    io->io_hdr.io_type == CTL_IO_SCSI) {
13184#ifdef CTL_TIME_IO
13185		struct bintime cur_bt;
13186#endif
13187		int type;
13188
13189		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13190		    CTL_FLAG_DATA_IN)
13191			type = CTL_STATS_READ;
13192		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13193		    CTL_FLAG_DATA_OUT)
13194			type = CTL_STATS_WRITE;
13195		else
13196			type = CTL_STATS_NO_IO;
13197
13198		lun->stats.ports[targ_port].bytes[type] +=
13199		    io->scsiio.kern_total_len;
13200		lun->stats.ports[targ_port].operations[type]++;
13201#ifdef CTL_TIME_IO
13202		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13203		   &io->io_hdr.dma_bt);
13204		lun->stats.ports[targ_port].num_dmas[type] +=
13205		    io->io_hdr.num_dmas;
13206		getbintime(&cur_bt);
13207		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13208		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13209#endif
13210	}
13211
13212	/*
13213	 * Remove this from the OOA queue.
13214	 */
13215	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13216#ifdef CTL_TIME_IO
13217	if (TAILQ_EMPTY(&lun->ooa_queue))
13218		lun->last_busy = getsbinuptime();
13219#endif
13220
13221	/*
13222	 * Run through the blocked queue on this LUN and see if anything
13223	 * has become unblocked, now that this transaction is done.
13224	 */
13225	ctl_check_blocked(lun);
13226
13227	/*
13228	 * If the LUN has been invalidated, free it if there is nothing
13229	 * left on its OOA queue.
13230	 */
13231	if ((lun->flags & CTL_LUN_INVALID)
13232	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13233		mtx_unlock(&lun->lun_lock);
13234		mtx_lock(&softc->ctl_lock);
13235		ctl_free_lun(lun);
13236		mtx_unlock(&softc->ctl_lock);
13237	} else
13238		mtx_unlock(&lun->lun_lock);
13239
13240bailout:
13241
13242	/*
13243	 * If this command has been aborted, make sure we set the status
13244	 * properly.  The FETD is responsible for freeing the I/O and doing
13245	 * whatever it needs to do to clean up its state.
13246	 */
13247	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13248		ctl_set_task_aborted(&io->scsiio);
13249
13250	/*
13251	 * If enabled, print command error status.
13252	 */
13253	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13254	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13255		ctl_io_error_print(io, NULL);
13256
13257	/*
13258	 * Tell the FETD or the other shelf controller we're done with this
13259	 * command.  Note that only SCSI commands get to this point.  Task
13260	 * management commands are completed above.
13261	 */
13262	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13263	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13264		memset(&msg, 0, sizeof(msg));
13265		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13266		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13267		msg.hdr.nexus = io->io_hdr.nexus;
13268		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13269		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13270		    M_WAITOK);
13271	}
13272	if ((softc->ha_mode == CTL_HA_MODE_XFER)
13273	 && (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
13274		memset(&msg, 0, sizeof(msg));
13275		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13276		msg.hdr.original_sc = io->io_hdr.original_sc;
13277		msg.hdr.nexus = io->io_hdr.nexus;
13278		msg.hdr.status = io->io_hdr.status;
13279		msg.scsi.scsi_status = io->scsiio.scsi_status;
13280		msg.scsi.tag_num = io->scsiio.tag_num;
13281		msg.scsi.tag_type = io->scsiio.tag_type;
13282		msg.scsi.sense_len = io->scsiio.sense_len;
13283		msg.scsi.sense_residual = io->scsiio.sense_residual;
13284		msg.scsi.residual = io->scsiio.residual;
13285		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
13286		       io->scsiio.sense_len);
13287
13288		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13289		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
13290		    msg.scsi.sense_len, M_WAITOK);
13291		ctl_free_io(io);
13292	} else
13293		fe_done(io);
13294
13295	return (CTL_RETVAL_COMPLETE);
13296}
13297
13298#ifdef CTL_WITH_CA
13299/*
13300 * Front end should call this if it doesn't do autosense.  When the request
13301 * sense comes back in from the initiator, we'll dequeue this and send it.
13302 */
13303int
13304ctl_queue_sense(union ctl_io *io)
13305{
13306	struct ctl_lun *lun;
13307	struct ctl_port *port;
13308	struct ctl_softc *softc;
13309	uint32_t initidx, targ_lun;
13310
13311	softc = control_softc;
13312
13313	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13314
13315	/*
13316	 * LUN lookup will likely move to the ctl_work_thread() once we
13317	 * have our new queueing infrastructure (that doesn't put things on
13318	 * a per-LUN queue initially).  That is so that we can handle
13319	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13320	 * can't deal with that right now.
13321	 */
13322	mtx_lock(&softc->ctl_lock);
13323
13324	/*
13325	 * If we don't have a LUN for this, just toss the sense
13326	 * information.
13327	 */
13328	port = ctl_io_port(&ctsio->io_hdr);
13329	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13330	if ((targ_lun < CTL_MAX_LUNS)
13331	 && (softc->ctl_luns[targ_lun] != NULL))
13332		lun = softc->ctl_luns[targ_lun];
13333	else
13334		goto bailout;
13335
13336	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13337
13338	mtx_lock(&lun->lun_lock);
13339	/*
13340	 * Already have CA set for this LUN...toss the sense information.
13341	 */
13342	if (ctl_is_set(lun->have_ca, initidx)) {
13343		mtx_unlock(&lun->lun_lock);
13344		goto bailout;
13345	}
13346
13347	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13348	       MIN(sizeof(lun->pending_sense[initidx]),
13349	       sizeof(io->scsiio.sense_data)));
13350	ctl_set_mask(lun->have_ca, initidx);
13351	mtx_unlock(&lun->lun_lock);
13352
13353bailout:
13354	mtx_unlock(&softc->ctl_lock);
13355
13356	ctl_free_io(io);
13357
13358	return (CTL_RETVAL_COMPLETE);
13359}
13360#endif
13361
13362/*
13363 * Primary command inlet from frontend ports.  All SCSI and task I/O
13364 * requests must go through this function.
13365 */
13366int
13367ctl_queue(union ctl_io *io)
13368{
13369	struct ctl_port *port;
13370
13371	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13372
13373#ifdef CTL_TIME_IO
13374	io->io_hdr.start_time = time_uptime;
13375	getbintime(&io->io_hdr.start_bt);
13376#endif /* CTL_TIME_IO */
13377
13378	/* Map FE-specific LUN ID into global one. */
13379	port = ctl_io_port(&io->io_hdr);
13380	io->io_hdr.nexus.targ_mapped_lun =
13381	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13382
13383	switch (io->io_hdr.io_type) {
13384	case CTL_IO_SCSI:
13385	case CTL_IO_TASK:
13386		if (ctl_debug & CTL_DEBUG_CDB)
13387			ctl_io_print(io);
13388		ctl_enqueue_incoming(io);
13389		break;
13390	default:
13391		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13392		return (EINVAL);
13393	}
13394
13395	return (CTL_RETVAL_COMPLETE);
13396}
13397
13398#ifdef CTL_IO_DELAY
13399static void
13400ctl_done_timer_wakeup(void *arg)
13401{
13402	union ctl_io *io;
13403
13404	io = (union ctl_io *)arg;
13405	ctl_done(io);
13406}
13407#endif /* CTL_IO_DELAY */
13408
13409void
13410ctl_serseq_done(union ctl_io *io)
13411{
13412	struct ctl_lun *lun;
13413
13414	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13415	if (lun->be_lun == NULL ||
13416	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13417		return;
13418	mtx_lock(&lun->lun_lock);
13419	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13420	ctl_check_blocked(lun);
13421	mtx_unlock(&lun->lun_lock);
13422}
13423
13424void
13425ctl_done(union ctl_io *io)
13426{
13427
13428	/*
13429	 * Enable this to catch duplicate completion issues.
13430	 */
13431#if 0
13432	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13433		printf("%s: type %d msg %d cdb %x iptl: "
13434		       "%u:%u:%u tag 0x%04x "
13435		       "flag %#x status %x\n",
13436			__func__,
13437			io->io_hdr.io_type,
13438			io->io_hdr.msg_type,
13439			io->scsiio.cdb[0],
13440			io->io_hdr.nexus.initid,
13441			io->io_hdr.nexus.targ_port,
13442			io->io_hdr.nexus.targ_lun,
13443			(io->io_hdr.io_type ==
13444			CTL_IO_TASK) ?
13445			io->taskio.tag_num :
13446			io->scsiio.tag_num,
13447		        io->io_hdr.flags,
13448			io->io_hdr.status);
13449	} else
13450		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13451#endif
13452
13453	/*
13454	 * This is an internal copy of an I/O, and should not go through
13455	 * the normal done processing logic.
13456	 */
13457	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13458		return;
13459
13460#ifdef CTL_IO_DELAY
13461	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13462		struct ctl_lun *lun;
13463
13464		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13465
13466		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13467	} else {
13468		struct ctl_lun *lun;
13469
13470		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13471
13472		if ((lun != NULL)
13473		 && (lun->delay_info.done_delay > 0)) {
13474
13475			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13476			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13477			callout_reset(&io->io_hdr.delay_callout,
13478				      lun->delay_info.done_delay * hz,
13479				      ctl_done_timer_wakeup, io);
13480			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13481				lun->delay_info.done_delay = 0;
13482			return;
13483		}
13484	}
13485#endif /* CTL_IO_DELAY */
13486
13487	ctl_enqueue_done(io);
13488}
13489
13490static void
13491ctl_work_thread(void *arg)
13492{
13493	struct ctl_thread *thr = (struct ctl_thread *)arg;
13494	struct ctl_softc *softc = thr->ctl_softc;
13495	union ctl_io *io;
13496	int retval;
13497
13498	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13499
13500	for (;;) {
13501		retval = 0;
13502
13503		/*
13504		 * We handle the queues in this order:
13505		 * - ISC
13506		 * - done queue (to free up resources, unblock other commands)
13507		 * - RtR queue
13508		 * - incoming queue
13509		 *
13510		 * If those queues are empty, we break out of the loop and
13511		 * go to sleep.
13512		 */
13513		mtx_lock(&thr->queue_lock);
13514		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13515		if (io != NULL) {
13516			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13517			mtx_unlock(&thr->queue_lock);
13518			ctl_handle_isc(io);
13519			continue;
13520		}
13521		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13522		if (io != NULL) {
13523			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13524			/* clear any blocked commands, call fe_done */
13525			mtx_unlock(&thr->queue_lock);
13526			retval = ctl_process_done(io);
13527			continue;
13528		}
13529		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13530		if (io != NULL) {
13531			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13532			mtx_unlock(&thr->queue_lock);
13533			if (io->io_hdr.io_type == CTL_IO_TASK)
13534				ctl_run_task(io);
13535			else
13536				ctl_scsiio_precheck(softc, &io->scsiio);
13537			continue;
13538		}
13539		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13540		if (io != NULL) {
13541			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13542			mtx_unlock(&thr->queue_lock);
13543			retval = ctl_scsiio(&io->scsiio);
13544			if (retval != CTL_RETVAL_COMPLETE)
13545				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13546			continue;
13547		}
13548
13549		/* Sleep until we have something to do. */
13550		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13551	}
13552}
13553
13554static void
13555ctl_lun_thread(void *arg)
13556{
13557	struct ctl_softc *softc = (struct ctl_softc *)arg;
13558	struct ctl_be_lun *be_lun;
13559	int retval;
13560
13561	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13562
13563	for (;;) {
13564		retval = 0;
13565		mtx_lock(&softc->ctl_lock);
13566		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13567		if (be_lun != NULL) {
13568			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13569			mtx_unlock(&softc->ctl_lock);
13570			ctl_create_lun(be_lun);
13571			continue;
13572		}
13573
13574		/* Sleep until we have something to do. */
13575		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13576		    PDROP | PRIBIO, "-", 0);
13577	}
13578}
13579
13580static void
13581ctl_thresh_thread(void *arg)
13582{
13583	struct ctl_softc *softc = (struct ctl_softc *)arg;
13584	struct ctl_lun *lun;
13585	struct ctl_be_lun *be_lun;
13586	struct scsi_da_rw_recovery_page *rwpage;
13587	struct ctl_logical_block_provisioning_page *page;
13588	const char *attr;
13589	union ctl_ha_msg msg;
13590	uint64_t thres, val;
13591	int i, e, set;
13592
13593	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13594
13595	for (;;) {
13596		mtx_lock(&softc->ctl_lock);
13597		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13598			be_lun = lun->be_lun;
13599			if ((lun->flags & CTL_LUN_DISABLED) ||
13600			    (lun->flags & CTL_LUN_OFFLINE) ||
13601			    lun->backend->lun_attr == NULL)
13602				continue;
13603			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13604			    softc->ha_mode == CTL_HA_MODE_XFER)
13605				continue;
13606			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13607			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13608				continue;
13609			e = 0;
13610			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13611			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13612				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13613					continue;
13614				thres = scsi_4btoul(page->descr[i].count);
13615				thres <<= CTL_LBP_EXPONENT;
13616				switch (page->descr[i].resource) {
13617				case 0x01:
13618					attr = "blocksavail";
13619					break;
13620				case 0x02:
13621					attr = "blocksused";
13622					break;
13623				case 0xf1:
13624					attr = "poolblocksavail";
13625					break;
13626				case 0xf2:
13627					attr = "poolblocksused";
13628					break;
13629				default:
13630					continue;
13631				}
13632				mtx_unlock(&softc->ctl_lock); // XXX
13633				val = lun->backend->lun_attr(
13634				    lun->be_lun->be_lun, attr);
13635				mtx_lock(&softc->ctl_lock);
13636				if (val == UINT64_MAX)
13637					continue;
13638				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13639				    == SLBPPD_ARMING_INC)
13640					e = (val >= thres);
13641				else
13642					e = (val <= thres);
13643				if (e)
13644					break;
13645			}
13646			mtx_lock(&lun->lun_lock);
13647			if (e) {
13648				scsi_u64to8b((uint8_t *)&page->descr[i] -
13649				    (uint8_t *)page, lun->ua_tpt_info);
13650				if (lun->lasttpt == 0 ||
13651				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13652					lun->lasttpt = time_uptime;
13653					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13654					set = 1;
13655				} else
13656					set = 0;
13657			} else {
13658				lun->lasttpt = 0;
13659				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13660				set = -1;
13661			}
13662			mtx_unlock(&lun->lun_lock);
13663			if (set != 0 &&
13664			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13665				/* Send msg to other side. */
13666				bzero(&msg.ua, sizeof(msg.ua));
13667				msg.hdr.msg_type = CTL_MSG_UA;
13668				msg.hdr.nexus.initid = -1;
13669				msg.hdr.nexus.targ_port = -1;
13670				msg.hdr.nexus.targ_lun = lun->lun;
13671				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13672				msg.ua.ua_all = 1;
13673				msg.ua.ua_set = (set > 0);
13674				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13675				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13676				mtx_unlock(&softc->ctl_lock); // XXX
13677				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13678				    sizeof(msg.ua), M_WAITOK);
13679				mtx_lock(&softc->ctl_lock);
13680			}
13681		}
13682		mtx_unlock(&softc->ctl_lock);
13683		pause("-", CTL_LBP_PERIOD * hz);
13684	}
13685}
13686
13687static void
13688ctl_enqueue_incoming(union ctl_io *io)
13689{
13690	struct ctl_softc *softc = control_softc;
13691	struct ctl_thread *thr;
13692	u_int idx;
13693
13694	idx = (io->io_hdr.nexus.targ_port * 127 +
13695	       io->io_hdr.nexus.initid) % worker_threads;
13696	thr = &softc->threads[idx];
13697	mtx_lock(&thr->queue_lock);
13698	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13699	mtx_unlock(&thr->queue_lock);
13700	wakeup(thr);
13701}
13702
13703static void
13704ctl_enqueue_rtr(union ctl_io *io)
13705{
13706	struct ctl_softc *softc = control_softc;
13707	struct ctl_thread *thr;
13708
13709	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13710	mtx_lock(&thr->queue_lock);
13711	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13712	mtx_unlock(&thr->queue_lock);
13713	wakeup(thr);
13714}
13715
13716static void
13717ctl_enqueue_done(union ctl_io *io)
13718{
13719	struct ctl_softc *softc = control_softc;
13720	struct ctl_thread *thr;
13721
13722	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13723	mtx_lock(&thr->queue_lock);
13724	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13725	mtx_unlock(&thr->queue_lock);
13726	wakeup(thr);
13727}
13728
13729static void
13730ctl_enqueue_isc(union ctl_io *io)
13731{
13732	struct ctl_softc *softc = control_softc;
13733	struct ctl_thread *thr;
13734
13735	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13736	mtx_lock(&thr->queue_lock);
13737	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13738	mtx_unlock(&thr->queue_lock);
13739	wakeup(thr);
13740}
13741
13742/*
13743 *  vim: ts=8
13744 */
13745