ctl.c revision 288239 
1/*-
2 * Copyright (c) 2003-2009 Silicon Graphics International Corp.
3 * Copyright (c) 2012 The FreeBSD Foundation
4 * Copyright (c) 2015 Alexander Motin <mav@FreeBSD.org>
5 * All rights reserved.
6 *
7 * Portions of this software were developed by Edward Tomasz Napierala
8 * under sponsorship from the FreeBSD Foundation.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 *    notice, this list of conditions, and the following disclaimer,
15 *    without modification.
16 * 2. Redistributions in binary form must reproduce at minimum a disclaimer
17 *    substantially similar to the "NO WARRANTY" disclaimer below
18 *    ("Disclaimer") and any redistribution must be conditioned upon
19 *    including a substantially similar Disclaimer requirement for further
20 *    binary redistribution.
21 *
22 * NO WARRANTY
23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
31 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
32 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
33 * POSSIBILITY OF SUCH DAMAGES.
34 *
35 * $Id$
36 */
37/*
38 * CAM Target Layer, a SCSI device emulation subsystem.
39 *
40 * Author: Ken Merry <ken@FreeBSD.org>
41 */
42
43#define _CTL_C
44
45#include <sys/cdefs.h>
46__FBSDID("$FreeBSD: head/sys/cam/ctl/ctl.c 288239 2015-09-25 22:45:23Z mav $");
47
48#include <sys/param.h>
49#include <sys/systm.h>
50#include <sys/ctype.h>
51#include <sys/kernel.h>
52#include <sys/types.h>
53#include <sys/kthread.h>
54#include <sys/bio.h>
55#include <sys/fcntl.h>
56#include <sys/lock.h>
57#include <sys/module.h>
58#include <sys/mutex.h>
59#include <sys/condvar.h>
60#include <sys/malloc.h>
61#include <sys/conf.h>
62#include <sys/ioccom.h>
63#include <sys/queue.h>
64#include <sys/sbuf.h>
65#include <sys/smp.h>
66#include <sys/endian.h>
67#include <sys/sysctl.h>
68#include <vm/uma.h>
69
70#include <cam/cam.h>
71#include <cam/scsi/scsi_all.h>
72#include <cam/scsi/scsi_da.h>
73#include <cam/ctl/ctl_io.h>
74#include <cam/ctl/ctl.h>
75#include <cam/ctl/ctl_frontend.h>
76#include <cam/ctl/ctl_util.h>
77#include <cam/ctl/ctl_backend.h>
78#include <cam/ctl/ctl_ioctl.h>
79#include <cam/ctl/ctl_ha.h>
80#include <cam/ctl/ctl_private.h>
81#include <cam/ctl/ctl_debug.h>
82#include <cam/ctl/ctl_scsi_all.h>
83#include <cam/ctl/ctl_error.h>
84
85struct ctl_softc *control_softc = NULL;
86
87/*
88 * Template mode pages.
89 */
90
91/*
92 * Note that these are default values only.  The actual values will be
93 * filled in when the user does a mode sense.
94 */
95const static struct copan_debugconf_subpage debugconf_page_default = {
96	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
97	DBGCNF_SUBPAGE_CODE,		/* subpage */
98	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
99	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
100	DBGCNF_VERSION,			/* page_version */
101	{CTL_TIME_IO_DEFAULT_SECS>>8,
102	 CTL_TIME_IO_DEFAULT_SECS>>0},	/* ctl_time_io_secs */
103};
104
105const static struct copan_debugconf_subpage debugconf_page_changeable = {
106	DBGCNF_PAGE_CODE | SMPH_SPF,	/* page_code */
107	DBGCNF_SUBPAGE_CODE,		/* subpage */
108	{(sizeof(struct copan_debugconf_subpage) - 4) >> 8,
109	 (sizeof(struct copan_debugconf_subpage) - 4) >> 0}, /* page_length */
110	0,				/* page_version */
111	{0xff,0xff},			/* ctl_time_io_secs */
112};
113
114const static struct scsi_da_rw_recovery_page rw_er_page_default = {
115	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
116	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
117	/*byte3*/SMS_RWER_AWRE|SMS_RWER_ARRE,
118	/*read_retry_count*/0,
119	/*correction_span*/0,
120	/*head_offset_count*/0,
121	/*data_strobe_offset_cnt*/0,
122	/*byte8*/SMS_RWER_LBPERE,
123	/*write_retry_count*/0,
124	/*reserved2*/0,
125	/*recovery_time_limit*/{0, 0},
126};
127
128const static struct scsi_da_rw_recovery_page rw_er_page_changeable = {
129	/*page_code*/SMS_RW_ERROR_RECOVERY_PAGE,
130	/*page_length*/sizeof(struct scsi_da_rw_recovery_page) - 2,
131	/*byte3*/0,
132	/*read_retry_count*/0,
133	/*correction_span*/0,
134	/*head_offset_count*/0,
135	/*data_strobe_offset_cnt*/0,
136	/*byte8*/0,
137	/*write_retry_count*/0,
138	/*reserved2*/0,
139	/*recovery_time_limit*/{0, 0},
140};
141
142const static struct scsi_format_page format_page_default = {
143	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
144	/*page_length*/sizeof(struct scsi_format_page) - 2,
145	/*tracks_per_zone*/ {0, 0},
146	/*alt_sectors_per_zone*/ {0, 0},
147	/*alt_tracks_per_zone*/ {0, 0},
148	/*alt_tracks_per_lun*/ {0, 0},
149	/*sectors_per_track*/ {(CTL_DEFAULT_SECTORS_PER_TRACK >> 8) & 0xff,
150			        CTL_DEFAULT_SECTORS_PER_TRACK & 0xff},
151	/*bytes_per_sector*/ {0, 0},
152	/*interleave*/ {0, 0},
153	/*track_skew*/ {0, 0},
154	/*cylinder_skew*/ {0, 0},
155	/*flags*/ SFP_HSEC,
156	/*reserved*/ {0, 0, 0}
157};
158
159const static struct scsi_format_page format_page_changeable = {
160	/*page_code*/SMS_FORMAT_DEVICE_PAGE,
161	/*page_length*/sizeof(struct scsi_format_page) - 2,
162	/*tracks_per_zone*/ {0, 0},
163	/*alt_sectors_per_zone*/ {0, 0},
164	/*alt_tracks_per_zone*/ {0, 0},
165	/*alt_tracks_per_lun*/ {0, 0},
166	/*sectors_per_track*/ {0, 0},
167	/*bytes_per_sector*/ {0, 0},
168	/*interleave*/ {0, 0},
169	/*track_skew*/ {0, 0},
170	/*cylinder_skew*/ {0, 0},
171	/*flags*/ 0,
172	/*reserved*/ {0, 0, 0}
173};
174
175const static struct scsi_rigid_disk_page rigid_disk_page_default = {
176	/*page_code*/SMS_RIGID_DISK_PAGE,
177	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
178	/*cylinders*/ {0, 0, 0},
179	/*heads*/ CTL_DEFAULT_HEADS,
180	/*start_write_precomp*/ {0, 0, 0},
181	/*start_reduced_current*/ {0, 0, 0},
182	/*step_rate*/ {0, 0},
183	/*landing_zone_cylinder*/ {0, 0, 0},
184	/*rpl*/ SRDP_RPL_DISABLED,
185	/*rotational_offset*/ 0,
186	/*reserved1*/ 0,
187	/*rotation_rate*/ {(CTL_DEFAULT_ROTATION_RATE >> 8) & 0xff,
188			   CTL_DEFAULT_ROTATION_RATE & 0xff},
189	/*reserved2*/ {0, 0}
190};
191
192const static struct scsi_rigid_disk_page rigid_disk_page_changeable = {
193	/*page_code*/SMS_RIGID_DISK_PAGE,
194	/*page_length*/sizeof(struct scsi_rigid_disk_page) - 2,
195	/*cylinders*/ {0, 0, 0},
196	/*heads*/ 0,
197	/*start_write_precomp*/ {0, 0, 0},
198	/*start_reduced_current*/ {0, 0, 0},
199	/*step_rate*/ {0, 0},
200	/*landing_zone_cylinder*/ {0, 0, 0},
201	/*rpl*/ 0,
202	/*rotational_offset*/ 0,
203	/*reserved1*/ 0,
204	/*rotation_rate*/ {0, 0},
205	/*reserved2*/ {0, 0}
206};
207
208const static struct scsi_caching_page caching_page_default = {
209	/*page_code*/SMS_CACHING_PAGE,
210	/*page_length*/sizeof(struct scsi_caching_page) - 2,
211	/*flags1*/ SCP_DISC | SCP_WCE,
212	/*ret_priority*/ 0,
213	/*disable_pf_transfer_len*/ {0xff, 0xff},
214	/*min_prefetch*/ {0, 0},
215	/*max_prefetch*/ {0xff, 0xff},
216	/*max_pf_ceiling*/ {0xff, 0xff},
217	/*flags2*/ 0,
218	/*cache_segments*/ 0,
219	/*cache_seg_size*/ {0, 0},
220	/*reserved*/ 0,
221	/*non_cache_seg_size*/ {0, 0, 0}
222};
223
224const static struct scsi_caching_page caching_page_changeable = {
225	/*page_code*/SMS_CACHING_PAGE,
226	/*page_length*/sizeof(struct scsi_caching_page) - 2,
227	/*flags1*/ SCP_WCE | SCP_RCD,
228	/*ret_priority*/ 0,
229	/*disable_pf_transfer_len*/ {0, 0},
230	/*min_prefetch*/ {0, 0},
231	/*max_prefetch*/ {0, 0},
232	/*max_pf_ceiling*/ {0, 0},
233	/*flags2*/ 0,
234	/*cache_segments*/ 0,
235	/*cache_seg_size*/ {0, 0},
236	/*reserved*/ 0,
237	/*non_cache_seg_size*/ {0, 0, 0}
238};
239
240const static struct scsi_control_page control_page_default = {
241	/*page_code*/SMS_CONTROL_MODE_PAGE,
242	/*page_length*/sizeof(struct scsi_control_page) - 2,
243	/*rlec*/0,
244	/*queue_flags*/SCP_QUEUE_ALG_RESTRICTED,
245	/*eca_and_aen*/0,
246	/*flags4*/SCP_TAS,
247	/*aen_holdoff_period*/{0, 0},
248	/*busy_timeout_period*/{0, 0},
249	/*extended_selftest_completion_time*/{0, 0}
250};
251
252const static struct scsi_control_page control_page_changeable = {
253	/*page_code*/SMS_CONTROL_MODE_PAGE,
254	/*page_length*/sizeof(struct scsi_control_page) - 2,
255	/*rlec*/SCP_DSENSE,
256	/*queue_flags*/SCP_QUEUE_ALG_MASK,
257	/*eca_and_aen*/SCP_SWP,
258	/*flags4*/0,
259	/*aen_holdoff_period*/{0, 0},
260	/*busy_timeout_period*/{0, 0},
261	/*extended_selftest_completion_time*/{0, 0}
262};
263
264#define CTL_CEM_LEN	(sizeof(struct scsi_control_ext_page) - 4)
265
266const static struct scsi_control_ext_page control_ext_page_default = {
267	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
268	/*subpage_code*/0x01,
269	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
270	/*flags*/0,
271	/*prio*/0,
272	/*max_sense*/0
273};
274
275const static struct scsi_control_ext_page control_ext_page_changeable = {
276	/*page_code*/SMS_CONTROL_MODE_PAGE | SMPH_SPF,
277	/*subpage_code*/0x01,
278	/*page_length*/{CTL_CEM_LEN >> 8, CTL_CEM_LEN},
279	/*flags*/0,
280	/*prio*/0,
281	/*max_sense*/0
282};
283
284const static struct scsi_info_exceptions_page ie_page_default = {
285	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
286	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
287	/*info_flags*/SIEP_FLAGS_DEXCPT,
288	/*mrie*/0,
289	/*interval_timer*/{0, 0, 0, 0},
290	/*report_count*/{0, 0, 0, 0}
291};
292
293const static struct scsi_info_exceptions_page ie_page_changeable = {
294	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE,
295	/*page_length*/sizeof(struct scsi_info_exceptions_page) - 2,
296	/*info_flags*/0,
297	/*mrie*/0,
298	/*interval_timer*/{0, 0, 0, 0},
299	/*report_count*/{0, 0, 0, 0}
300};
301
302#define CTL_LBPM_LEN	(sizeof(struct ctl_logical_block_provisioning_page) - 4)
303
304const static struct ctl_logical_block_provisioning_page lbp_page_default = {{
305	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
306	/*subpage_code*/0x02,
307	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
308	/*flags*/0,
309	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
310	/*descr*/{}},
311	{{/*flags*/0,
312	  /*resource*/0x01,
313	  /*reserved*/{0, 0},
314	  /*count*/{0, 0, 0, 0}},
315	 {/*flags*/0,
316	  /*resource*/0x02,
317	  /*reserved*/{0, 0},
318	  /*count*/{0, 0, 0, 0}},
319	 {/*flags*/0,
320	  /*resource*/0xf1,
321	  /*reserved*/{0, 0},
322	  /*count*/{0, 0, 0, 0}},
323	 {/*flags*/0,
324	  /*resource*/0xf2,
325	  /*reserved*/{0, 0},
326	  /*count*/{0, 0, 0, 0}}
327	}
328};
329
330const static struct ctl_logical_block_provisioning_page lbp_page_changeable = {{
331	/*page_code*/SMS_INFO_EXCEPTIONS_PAGE | SMPH_SPF,
332	/*subpage_code*/0x02,
333	/*page_length*/{CTL_LBPM_LEN >> 8, CTL_LBPM_LEN},
334	/*flags*/0,
335	/*reserved*/{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0},
336	/*descr*/{}},
337	{{/*flags*/0,
338	  /*resource*/0,
339	  /*reserved*/{0, 0},
340	  /*count*/{0, 0, 0, 0}},
341	 {/*flags*/0,
342	  /*resource*/0,
343	  /*reserved*/{0, 0},
344	  /*count*/{0, 0, 0, 0}},
345	 {/*flags*/0,
346	  /*resource*/0,
347	  /*reserved*/{0, 0},
348	  /*count*/{0, 0, 0, 0}},
349	 {/*flags*/0,
350	  /*resource*/0,
351	  /*reserved*/{0, 0},
352	  /*count*/{0, 0, 0, 0}}
353	}
354};
355
356SYSCTL_NODE(_kern_cam, OID_AUTO, ctl, CTLFLAG_RD, 0, "CAM Target Layer");
357static int worker_threads = -1;
358SYSCTL_INT(_kern_cam_ctl, OID_AUTO, worker_threads, CTLFLAG_RDTUN,
359    &worker_threads, 1, "Number of worker threads");
360static int ctl_debug = CTL_DEBUG_NONE;
361SYSCTL_INT(_kern_cam_ctl, OID_AUTO, debug, CTLFLAG_RWTUN,
362    &ctl_debug, 0, "Enabled debug flags");
363
364/*
365 * Supported pages (0x00), Serial number (0x80), Device ID (0x83),
366 * Extended INQUIRY Data (0x86), Mode Page Policy (0x87),
367 * SCSI Ports (0x88), Third-party Copy (0x8F), Block limits (0xB0),
368 * Block Device Characteristics (0xB1) and Logical Block Provisioning (0xB2)
369 */
370#define SCSI_EVPD_NUM_SUPPORTED_PAGES	10
371
372static void ctl_isc_event_handler(ctl_ha_channel chanel, ctl_ha_event event,
373				  int param);
374static void ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest);
375static void ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest);
376static int ctl_init(void);
377void ctl_shutdown(void);
378static int ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td);
379static int ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td);
380static int ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio);
381static void ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
382			      struct ctl_ooa *ooa_hdr,
383			      struct ctl_ooa_entry *kern_entries);
384static int ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
385		     struct thread *td);
386static int ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *lun,
387			 struct ctl_be_lun *be_lun);
388static int ctl_free_lun(struct ctl_lun *lun);
389static void ctl_create_lun(struct ctl_be_lun *be_lun);
390static struct ctl_port * ctl_io_port(struct ctl_io_hdr *io_hdr);
391
392static int ctl_do_mode_select(union ctl_io *io);
393static int ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun,
394			   uint64_t res_key, uint64_t sa_res_key,
395			   uint8_t type, uint32_t residx,
396			   struct ctl_scsiio *ctsio,
397			   struct scsi_per_res_out *cdb,
398			   struct scsi_per_res_out_parms* param);
399static void ctl_pro_preempt_other(struct ctl_lun *lun,
400				  union ctl_ha_msg *msg);
401static void ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg);
402static int ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len);
403static int ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len);
404static int ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len);
405static int ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len);
406static int ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len);
407static int ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio,
408					 int alloc_len);
409static int ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio,
410					 int alloc_len);
411static int ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len);
412static int ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len);
413static int ctl_inquiry_evpd(struct ctl_scsiio *ctsio);
414static int ctl_inquiry_std(struct ctl_scsiio *ctsio);
415static int ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len);
416static ctl_action ctl_extent_check(union ctl_io *io1, union ctl_io *io2,
417    bool seq);
418static ctl_action ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2);
419static ctl_action ctl_check_for_blockage(struct ctl_lun *lun,
420    union ctl_io *pending_io, union ctl_io *ooa_io);
421static ctl_action ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
422				union ctl_io *starting_io);
423static int ctl_check_blocked(struct ctl_lun *lun);
424static int ctl_scsiio_lun_check(struct ctl_lun *lun,
425				const struct ctl_cmd_entry *entry,
426				struct ctl_scsiio *ctsio);
427static void ctl_failover_lun(union ctl_io *io);
428static int ctl_scsiio_precheck(struct ctl_softc *ctl_softc,
429			       struct ctl_scsiio *ctsio);
430static int ctl_scsiio(struct ctl_scsiio *ctsio);
431
432static int ctl_bus_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
433static int ctl_target_reset(struct ctl_softc *ctl_softc, union ctl_io *io,
434			    ctl_ua_type ua_type);
435static int ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io,
436			 ctl_ua_type ua_type);
437static int ctl_lun_reset(struct ctl_softc *ctl_softc, union ctl_io *io);
438static int ctl_abort_task(union ctl_io *io);
439static int ctl_abort_task_set(union ctl_io *io);
440static int ctl_query_task(union ctl_io *io, int task_set);
441static int ctl_i_t_nexus_reset(union ctl_io *io);
442static int ctl_query_async_event(union ctl_io *io);
443static void ctl_run_task(union ctl_io *io);
444#ifdef CTL_IO_DELAY
445static void ctl_datamove_timer_wakeup(void *arg);
446static void ctl_done_timer_wakeup(void *arg);
447#endif /* CTL_IO_DELAY */
448
449static void ctl_send_datamove_done(union ctl_io *io, int have_lock);
450static void ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq);
451static int ctl_datamove_remote_dm_write_cb(union ctl_io *io);
452static void ctl_datamove_remote_write(union ctl_io *io);
453static int ctl_datamove_remote_dm_read_cb(union ctl_io *io);
454static void ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq);
455static int ctl_datamove_remote_sgl_setup(union ctl_io *io);
456static int ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
457				    ctl_ha_dt_cb callback);
458static void ctl_datamove_remote_read(union ctl_io *io);
459static void ctl_datamove_remote(union ctl_io *io);
460static void ctl_process_done(union ctl_io *io);
461static void ctl_lun_thread(void *arg);
462static void ctl_thresh_thread(void *arg);
463static void ctl_work_thread(void *arg);
464static void ctl_enqueue_incoming(union ctl_io *io);
465static void ctl_enqueue_rtr(union ctl_io *io);
466static void ctl_enqueue_done(union ctl_io *io);
467static void ctl_enqueue_isc(union ctl_io *io);
468static const struct ctl_cmd_entry *
469    ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa);
470static const struct ctl_cmd_entry *
471    ctl_validate_command(struct ctl_scsiio *ctsio);
472static int ctl_cmd_applicable(uint8_t lun_type,
473    const struct ctl_cmd_entry *entry);
474
475static uint64_t ctl_get_prkey(struct ctl_lun *lun, uint32_t residx);
476static void ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx);
477static void ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx);
478static void ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key);
479
480/*
481 * Load the serialization table.  This isn't very pretty, but is probably
482 * the easiest way to do it.
483 */
484#include "ctl_ser_table.c"
485
486/*
487 * We only need to define open, close and ioctl routines for this driver.
488 */
489static struct cdevsw ctl_cdevsw = {
490	.d_version =	D_VERSION,
491	.d_flags =	0,
492	.d_open =	ctl_open,
493	.d_close =	ctl_close,
494	.d_ioctl =	ctl_ioctl,
495	.d_name =	"ctl",
496};
497
498
499MALLOC_DEFINE(M_CTL, "ctlmem", "Memory used for CTL");
500
501static int ctl_module_event_handler(module_t, int /*modeventtype_t*/, void *);
502
503static moduledata_t ctl_moduledata = {
504	"ctl",
505	ctl_module_event_handler,
506	NULL
507};
508
509DECLARE_MODULE(ctl, ctl_moduledata, SI_SUB_CONFIGURE, SI_ORDER_THIRD);
510MODULE_VERSION(ctl, 1);
511
512static struct ctl_frontend ha_frontend =
513{
514	.name = "ha",
515};
516
517static void
518ctl_ha_datamove(union ctl_io *io)
519{
520	struct ctl_lun *lun;
521	struct ctl_sg_entry *sgl;
522	union ctl_ha_msg msg;
523	uint32_t sg_entries_sent;
524	int do_sg_copy, i, j;
525
526	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
527	memset(&msg.dt, 0, sizeof(msg.dt));
528	msg.hdr.msg_type = CTL_MSG_DATAMOVE;
529	msg.hdr.original_sc = io->io_hdr.original_sc;
530	msg.hdr.serializing_sc = io;
531	msg.hdr.nexus = io->io_hdr.nexus;
532	msg.hdr.status = io->io_hdr.status;
533	msg.dt.flags = io->io_hdr.flags;
534
535	/*
536	 * We convert everything into a S/G list here.  We can't
537	 * pass by reference, only by value between controllers.
538	 * So we can't pass a pointer to the S/G list, only as many
539	 * S/G entries as we can fit in here.  If it's possible for
540	 * us to get more than CTL_HA_MAX_SG_ENTRIES S/G entries,
541	 * then we need to break this up into multiple transfers.
542	 */
543	if (io->scsiio.kern_sg_entries == 0) {
544		msg.dt.kern_sg_entries = 1;
545#if 0
546		if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
547			msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
548		} else {
549			/* XXX KDM use busdma here! */
550			msg.dt.sg_list[0].addr =
551			    (void *)vtophys(io->scsiio.kern_data_ptr);
552		}
553#else
554		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
555		    ("HA does not support BUS_ADDR"));
556		msg.dt.sg_list[0].addr = io->scsiio.kern_data_ptr;
557#endif
558		msg.dt.sg_list[0].len = io->scsiio.kern_data_len;
559		do_sg_copy = 0;
560	} else {
561		msg.dt.kern_sg_entries = io->scsiio.kern_sg_entries;
562		do_sg_copy = 1;
563	}
564
565	msg.dt.kern_data_len = io->scsiio.kern_data_len;
566	msg.dt.kern_total_len = io->scsiio.kern_total_len;
567	msg.dt.kern_data_resid = io->scsiio.kern_data_resid;
568	msg.dt.kern_rel_offset = io->scsiio.kern_rel_offset;
569	msg.dt.sg_sequence = 0;
570
571	/*
572	 * Loop until we've sent all of the S/G entries.  On the
573	 * other end, we'll recompose these S/G entries into one
574	 * contiguous list before processing.
575	 */
576	for (sg_entries_sent = 0; sg_entries_sent < msg.dt.kern_sg_entries;
577	    msg.dt.sg_sequence++) {
578		msg.dt.cur_sg_entries = MIN((sizeof(msg.dt.sg_list) /
579		    sizeof(msg.dt.sg_list[0])),
580		    msg.dt.kern_sg_entries - sg_entries_sent);
581		if (do_sg_copy != 0) {
582			sgl = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
583			for (i = sg_entries_sent, j = 0;
584			     i < msg.dt.cur_sg_entries; i++, j++) {
585#if 0
586				if (io->io_hdr.flags & CTL_FLAG_BUS_ADDR) {
587					msg.dt.sg_list[j].addr = sgl[i].addr;
588				} else {
589					/* XXX KDM use busdma here! */
590					msg.dt.sg_list[j].addr =
591					    (void *)vtophys(sgl[i].addr);
592				}
593#else
594				KASSERT((io->io_hdr.flags &
595				    CTL_FLAG_BUS_ADDR) == 0,
596				    ("HA does not support BUS_ADDR"));
597				msg.dt.sg_list[j].addr = sgl[i].addr;
598#endif
599				msg.dt.sg_list[j].len = sgl[i].len;
600			}
601		}
602
603		sg_entries_sent += msg.dt.cur_sg_entries;
604		msg.dt.sg_last = (sg_entries_sent >= msg.dt.kern_sg_entries);
605		if (ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
606		    sizeof(msg.dt) - sizeof(msg.dt.sg_list) +
607		    sizeof(struct ctl_sg_entry) * msg.dt.cur_sg_entries,
608		    M_WAITOK) > CTL_HA_STATUS_SUCCESS) {
609			io->io_hdr.port_status = 31341;
610			io->scsiio.be_move_done(io);
611			return;
612		}
613		msg.dt.sent_sg_entries = sg_entries_sent;
614	}
615
616	/*
617	 * Officially handover the request from us to peer.
618	 * If failover has just happened, then we must return error.
619	 * If failover happen just after, then it is not our problem.
620	 */
621	if (lun)
622		mtx_lock(&lun->lun_lock);
623	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
624		if (lun)
625			mtx_unlock(&lun->lun_lock);
626		io->io_hdr.port_status = 31342;
627		io->scsiio.be_move_done(io);
628		return;
629	}
630	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
631	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
632	if (lun)
633		mtx_unlock(&lun->lun_lock);
634}
635
636static void
637ctl_ha_done(union ctl_io *io)
638{
639	union ctl_ha_msg msg;
640
641	if (io->io_hdr.io_type == CTL_IO_SCSI) {
642		memset(&msg, 0, sizeof(msg));
643		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
644		msg.hdr.original_sc = io->io_hdr.original_sc;
645		msg.hdr.nexus = io->io_hdr.nexus;
646		msg.hdr.status = io->io_hdr.status;
647		msg.scsi.scsi_status = io->scsiio.scsi_status;
648		msg.scsi.tag_num = io->scsiio.tag_num;
649		msg.scsi.tag_type = io->scsiio.tag_type;
650		msg.scsi.sense_len = io->scsiio.sense_len;
651		msg.scsi.sense_residual = io->scsiio.sense_residual;
652		msg.scsi.residual = io->scsiio.residual;
653		memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
654		    io->scsiio.sense_len);
655		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
656		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
657		    msg.scsi.sense_len, M_WAITOK);
658	}
659	ctl_free_io(io);
660}
661
662static void
663ctl_isc_handler_finish_xfer(struct ctl_softc *ctl_softc,
664			    union ctl_ha_msg *msg_info)
665{
666	struct ctl_scsiio *ctsio;
667
668	if (msg_info->hdr.original_sc == NULL) {
669		printf("%s: original_sc == NULL!\n", __func__);
670		/* XXX KDM now what? */
671		return;
672	}
673
674	ctsio = &msg_info->hdr.original_sc->scsiio;
675	ctsio->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
676	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
677	ctsio->io_hdr.status = msg_info->hdr.status;
678	ctsio->scsi_status = msg_info->scsi.scsi_status;
679	ctsio->sense_len = msg_info->scsi.sense_len;
680	ctsio->sense_residual = msg_info->scsi.sense_residual;
681	ctsio->residual = msg_info->scsi.residual;
682	memcpy(&ctsio->sense_data, &msg_info->scsi.sense_data,
683	       msg_info->scsi.sense_len);
684	ctl_enqueue_isc((union ctl_io *)ctsio);
685}
686
687static void
688ctl_isc_handler_finish_ser_only(struct ctl_softc *ctl_softc,
689				union ctl_ha_msg *msg_info)
690{
691	struct ctl_scsiio *ctsio;
692
693	if (msg_info->hdr.serializing_sc == NULL) {
694		printf("%s: serializing_sc == NULL!\n", __func__);
695		/* XXX KDM now what? */
696		return;
697	}
698
699	ctsio = &msg_info->hdr.serializing_sc->scsiio;
700	ctsio->io_hdr.msg_type = CTL_MSG_FINISH_IO;
701	ctl_enqueue_isc((union ctl_io *)ctsio);
702}
703
704void
705ctl_isc_announce_lun(struct ctl_lun *lun)
706{
707	struct ctl_softc *softc = lun->ctl_softc;
708	union ctl_ha_msg *msg;
709	struct ctl_ha_msg_lun_pr_key pr_key;
710	int i, k;
711
712	if (softc->ha_link != CTL_HA_LINK_ONLINE)
713		return;
714	mtx_lock(&lun->lun_lock);
715	i = sizeof(msg->lun);
716	if (lun->lun_devid)
717		i += lun->lun_devid->len;
718	i += sizeof(pr_key) * lun->pr_key_count;
719alloc:
720	mtx_unlock(&lun->lun_lock);
721	msg = malloc(i, M_CTL, M_WAITOK);
722	mtx_lock(&lun->lun_lock);
723	k = sizeof(msg->lun);
724	if (lun->lun_devid)
725		k += lun->lun_devid->len;
726	k += sizeof(pr_key) * lun->pr_key_count;
727	if (i < k) {
728		free(msg, M_CTL);
729		i = k;
730		goto alloc;
731	}
732	bzero(&msg->lun, sizeof(msg->lun));
733	msg->hdr.msg_type = CTL_MSG_LUN_SYNC;
734	msg->hdr.nexus.targ_lun = lun->lun;
735	msg->hdr.nexus.targ_mapped_lun = lun->lun;
736	msg->lun.flags = lun->flags;
737	msg->lun.pr_generation = lun->PRGeneration;
738	msg->lun.pr_res_idx = lun->pr_res_idx;
739	msg->lun.pr_res_type = lun->res_type;
740	msg->lun.pr_key_count = lun->pr_key_count;
741	i = 0;
742	if (lun->lun_devid) {
743		msg->lun.lun_devid_len = lun->lun_devid->len;
744		memcpy(&msg->lun.data[i], lun->lun_devid->data,
745		    msg->lun.lun_devid_len);
746		i += msg->lun.lun_devid_len;
747	}
748	for (k = 0; k < CTL_MAX_INITIATORS; k++) {
749		if ((pr_key.pr_key = ctl_get_prkey(lun, k)) == 0)
750			continue;
751		pr_key.pr_iid = k;
752		memcpy(&msg->lun.data[i], &pr_key, sizeof(pr_key));
753		i += sizeof(pr_key);
754	}
755	mtx_unlock(&lun->lun_lock);
756	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
757	    M_WAITOK);
758	free(msg, M_CTL);
759
760	if (lun->flags & CTL_LUN_PRIMARY_SC) {
761		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
762			ctl_isc_announce_mode(lun, -1,
763			    lun->mode_pages.index[i].page_code & SMPH_PC_MASK,
764			    lun->mode_pages.index[i].subpage);
765		}
766	}
767}
768
769void
770ctl_isc_announce_port(struct ctl_port *port)
771{
772	struct ctl_softc *softc = port->ctl_softc;
773	union ctl_ha_msg *msg;
774	int i;
775
776	if (port->targ_port < softc->port_min ||
777	    port->targ_port >= softc->port_max ||
778	    softc->ha_link != CTL_HA_LINK_ONLINE)
779		return;
780	i = sizeof(msg->port) + strlen(port->port_name) + 1;
781	if (port->lun_map)
782		i += sizeof(uint32_t) * CTL_MAX_LUNS;
783	if (port->port_devid)
784		i += port->port_devid->len;
785	if (port->target_devid)
786		i += port->target_devid->len;
787	if (port->init_devid)
788		i += port->init_devid->len;
789	msg = malloc(i, M_CTL, M_WAITOK);
790	bzero(&msg->port, sizeof(msg->port));
791	msg->hdr.msg_type = CTL_MSG_PORT_SYNC;
792	msg->hdr.nexus.targ_port = port->targ_port;
793	msg->port.port_type = port->port_type;
794	msg->port.physical_port = port->physical_port;
795	msg->port.virtual_port = port->virtual_port;
796	msg->port.status = port->status;
797	i = 0;
798	msg->port.name_len = sprintf(&msg->port.data[i],
799	    "%d:%s", softc->ha_id, port->port_name) + 1;
800	i += msg->port.name_len;
801	if (port->lun_map) {
802		msg->port.lun_map_len = sizeof(uint32_t) * CTL_MAX_LUNS;
803		memcpy(&msg->port.data[i], port->lun_map,
804		    msg->port.lun_map_len);
805		i += msg->port.lun_map_len;
806	}
807	if (port->port_devid) {
808		msg->port.port_devid_len = port->port_devid->len;
809		memcpy(&msg->port.data[i], port->port_devid->data,
810		    msg->port.port_devid_len);
811		i += msg->port.port_devid_len;
812	}
813	if (port->target_devid) {
814		msg->port.target_devid_len = port->target_devid->len;
815		memcpy(&msg->port.data[i], port->target_devid->data,
816		    msg->port.target_devid_len);
817		i += msg->port.target_devid_len;
818	}
819	if (port->init_devid) {
820		msg->port.init_devid_len = port->init_devid->len;
821		memcpy(&msg->port.data[i], port->init_devid->data,
822		    msg->port.init_devid_len);
823		i += msg->port.init_devid_len;
824	}
825	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->port, sizeof(msg->port) + i,
826	    M_WAITOK);
827	free(msg, M_CTL);
828}
829
830void
831ctl_isc_announce_iid(struct ctl_port *port, int iid)
832{
833	struct ctl_softc *softc = port->ctl_softc;
834	union ctl_ha_msg *msg;
835	int i, l;
836
837	if (port->targ_port < softc->port_min ||
838	    port->targ_port >= softc->port_max ||
839	    softc->ha_link != CTL_HA_LINK_ONLINE)
840		return;
841	mtx_lock(&softc->ctl_lock);
842	i = sizeof(msg->iid);
843	l = 0;
844	if (port->wwpn_iid[iid].name)
845		l = strlen(port->wwpn_iid[iid].name) + 1;
846	i += l;
847	msg = malloc(i, M_CTL, M_NOWAIT);
848	if (msg == NULL) {
849		mtx_unlock(&softc->ctl_lock);
850		return;
851	}
852	bzero(&msg->iid, sizeof(msg->iid));
853	msg->hdr.msg_type = CTL_MSG_IID_SYNC;
854	msg->hdr.nexus.targ_port = port->targ_port;
855	msg->hdr.nexus.initid = iid;
856	msg->iid.in_use = port->wwpn_iid[iid].in_use;
857	msg->iid.name_len = l;
858	msg->iid.wwpn = port->wwpn_iid[iid].wwpn;
859	if (port->wwpn_iid[iid].name)
860		strlcpy(msg->iid.data, port->wwpn_iid[iid].name, l);
861	mtx_unlock(&softc->ctl_lock);
862	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg->iid, i, M_NOWAIT);
863	free(msg, M_CTL);
864}
865
866void
867ctl_isc_announce_mode(struct ctl_lun *lun, uint32_t initidx,
868    uint8_t page, uint8_t subpage)
869{
870	struct ctl_softc *softc = lun->ctl_softc;
871	union ctl_ha_msg msg;
872	int i;
873
874	if (softc->ha_link != CTL_HA_LINK_ONLINE)
875		return;
876	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
877		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
878		    page && lun->mode_pages.index[i].subpage == subpage)
879			break;
880	}
881	if (i == CTL_NUM_MODE_PAGES)
882		return;
883	bzero(&msg.mode, sizeof(msg.mode));
884	msg.hdr.msg_type = CTL_MSG_MODE_SYNC;
885	msg.hdr.nexus.targ_port = initidx / CTL_MAX_INIT_PER_PORT;
886	msg.hdr.nexus.initid = initidx % CTL_MAX_INIT_PER_PORT;
887	msg.hdr.nexus.targ_lun = lun->lun;
888	msg.hdr.nexus.targ_mapped_lun = lun->lun;
889	msg.mode.page_code = page;
890	msg.mode.subpage = subpage;
891	msg.mode.page_len = lun->mode_pages.index[i].page_len;
892	memcpy(msg.mode.data, lun->mode_pages.index[i].page_data,
893	    msg.mode.page_len);
894	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.mode, sizeof(msg.mode),
895	    M_WAITOK);
896}
897
898static void
899ctl_isc_ha_link_up(struct ctl_softc *softc)
900{
901	struct ctl_port *port;
902	struct ctl_lun *lun;
903	union ctl_ha_msg msg;
904	int i;
905
906	/* Announce this node parameters to peer for validation. */
907	msg.login.msg_type = CTL_MSG_LOGIN;
908	msg.login.version = CTL_HA_VERSION;
909	msg.login.ha_mode = softc->ha_mode;
910	msg.login.ha_id = softc->ha_id;
911	msg.login.max_luns = CTL_MAX_LUNS;
912	msg.login.max_ports = CTL_MAX_PORTS;
913	msg.login.max_init_per_port = CTL_MAX_INIT_PER_PORT;
914	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg.login, sizeof(msg.login),
915	    M_WAITOK);
916
917	STAILQ_FOREACH(port, &softc->port_list, links) {
918		ctl_isc_announce_port(port);
919		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
920			if (port->wwpn_iid[i].in_use)
921				ctl_isc_announce_iid(port, i);
922		}
923	}
924	STAILQ_FOREACH(lun, &softc->lun_list, links)
925		ctl_isc_announce_lun(lun);
926}
927
928static void
929ctl_isc_ha_link_down(struct ctl_softc *softc)
930{
931	struct ctl_port *port;
932	struct ctl_lun *lun;
933	union ctl_io *io;
934	int i;
935
936	mtx_lock(&softc->ctl_lock);
937	STAILQ_FOREACH(lun, &softc->lun_list, links) {
938		mtx_lock(&lun->lun_lock);
939		if (lun->flags & CTL_LUN_PEER_SC_PRIMARY) {
940			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
941			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
942		}
943		mtx_unlock(&lun->lun_lock);
944
945		mtx_unlock(&softc->ctl_lock);
946		io = ctl_alloc_io(softc->othersc_pool);
947		mtx_lock(&softc->ctl_lock);
948		ctl_zero_io(io);
949		io->io_hdr.msg_type = CTL_MSG_FAILOVER;
950		io->io_hdr.nexus.targ_mapped_lun = lun->lun;
951		ctl_enqueue_isc(io);
952	}
953
954	STAILQ_FOREACH(port, &softc->port_list, links) {
955		if (port->targ_port >= softc->port_min &&
956		    port->targ_port < softc->port_max)
957			continue;
958		port->status &= ~CTL_PORT_STATUS_ONLINE;
959		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
960			port->wwpn_iid[i].in_use = 0;
961			free(port->wwpn_iid[i].name, M_CTL);
962			port->wwpn_iid[i].name = NULL;
963		}
964	}
965	mtx_unlock(&softc->ctl_lock);
966}
967
968static void
969ctl_isc_ua(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
970{
971	struct ctl_lun *lun;
972	uint32_t iid = ctl_get_initindex(&msg->hdr.nexus);
973
974	mtx_lock(&softc->ctl_lock);
975	if (msg->hdr.nexus.targ_lun < CTL_MAX_LUNS &&
976	    (lun = softc->ctl_luns[msg->hdr.nexus.targ_mapped_lun]) != NULL) {
977		mtx_lock(&lun->lun_lock);
978		mtx_unlock(&softc->ctl_lock);
979		if (msg->ua.ua_type == CTL_UA_THIN_PROV_THRES &&
980		    msg->ua.ua_set)
981			memcpy(lun->ua_tpt_info, msg->ua.ua_info, 8);
982		if (msg->ua.ua_all) {
983			if (msg->ua.ua_set)
984				ctl_est_ua_all(lun, iid, msg->ua.ua_type);
985			else
986				ctl_clr_ua_all(lun, iid, msg->ua.ua_type);
987		} else {
988			if (msg->ua.ua_set)
989				ctl_est_ua(lun, iid, msg->ua.ua_type);
990			else
991				ctl_clr_ua(lun, iid, msg->ua.ua_type);
992		}
993		mtx_unlock(&lun->lun_lock);
994	} else
995		mtx_unlock(&softc->ctl_lock);
996}
997
998static void
999ctl_isc_lun_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1000{
1001	struct ctl_lun *lun;
1002	struct ctl_ha_msg_lun_pr_key pr_key;
1003	int i, k;
1004	ctl_lun_flags oflags;
1005	uint32_t targ_lun;
1006
1007	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1008	mtx_lock(&softc->ctl_lock);
1009	if ((targ_lun >= CTL_MAX_LUNS) ||
1010	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1011		mtx_unlock(&softc->ctl_lock);
1012		return;
1013	}
1014	mtx_lock(&lun->lun_lock);
1015	mtx_unlock(&softc->ctl_lock);
1016	if (lun->flags & CTL_LUN_DISABLED) {
1017		mtx_unlock(&lun->lun_lock);
1018		return;
1019	}
1020	i = (lun->lun_devid != NULL) ? lun->lun_devid->len : 0;
1021	if (msg->lun.lun_devid_len != i || (i > 0 &&
1022	    memcmp(&msg->lun.data[0], lun->lun_devid->data, i) != 0)) {
1023		mtx_unlock(&lun->lun_lock);
1024		printf("%s: Received conflicting HA LUN %d\n",
1025		    __func__, msg->hdr.nexus.targ_lun);
1026		return;
1027	} else {
1028		/* Record whether peer is primary. */
1029		oflags = lun->flags;
1030		if ((msg->lun.flags & CTL_LUN_PRIMARY_SC) &&
1031		    (msg->lun.flags & CTL_LUN_DISABLED) == 0)
1032			lun->flags |= CTL_LUN_PEER_SC_PRIMARY;
1033		else
1034			lun->flags &= ~CTL_LUN_PEER_SC_PRIMARY;
1035		if (oflags != lun->flags)
1036			ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
1037
1038		/* If peer is primary and we are not -- use data */
1039		if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
1040		    (lun->flags & CTL_LUN_PEER_SC_PRIMARY)) {
1041			lun->PRGeneration = msg->lun.pr_generation;
1042			lun->pr_res_idx = msg->lun.pr_res_idx;
1043			lun->res_type = msg->lun.pr_res_type;
1044			lun->pr_key_count = msg->lun.pr_key_count;
1045			for (k = 0; k < CTL_MAX_INITIATORS; k++)
1046				ctl_clr_prkey(lun, k);
1047			for (k = 0; k < msg->lun.pr_key_count; k++) {
1048				memcpy(&pr_key, &msg->lun.data[i],
1049				    sizeof(pr_key));
1050				ctl_alloc_prkey(lun, pr_key.pr_iid);
1051				ctl_set_prkey(lun, pr_key.pr_iid,
1052				    pr_key.pr_key);
1053				i += sizeof(pr_key);
1054			}
1055		}
1056
1057		mtx_unlock(&lun->lun_lock);
1058		CTL_DEBUG_PRINT(("%s: Known LUN %d, peer is %s\n",
1059		    __func__, msg->hdr.nexus.targ_lun,
1060		    (msg->lun.flags & CTL_LUN_PRIMARY_SC) ?
1061		    "primary" : "secondary"));
1062
1063		/* If we are primary but peer doesn't know -- notify */
1064		if ((lun->flags & CTL_LUN_PRIMARY_SC) &&
1065		    (msg->lun.flags & CTL_LUN_PEER_SC_PRIMARY) == 0)
1066			ctl_isc_announce_lun(lun);
1067	}
1068}
1069
1070static void
1071ctl_isc_port_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1072{
1073	struct ctl_port *port;
1074	struct ctl_lun *lun;
1075	int i, new;
1076
1077	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1078	if (port == NULL) {
1079		CTL_DEBUG_PRINT(("%s: New port %d\n", __func__,
1080		    msg->hdr.nexus.targ_port));
1081		new = 1;
1082		port = malloc(sizeof(*port), M_CTL, M_WAITOK | M_ZERO);
1083		port->frontend = &ha_frontend;
1084		port->targ_port = msg->hdr.nexus.targ_port;
1085		port->fe_datamove = ctl_ha_datamove;
1086		port->fe_done = ctl_ha_done;
1087	} else if (port->frontend == &ha_frontend) {
1088		CTL_DEBUG_PRINT(("%s: Updated port %d\n", __func__,
1089		    msg->hdr.nexus.targ_port));
1090		new = 0;
1091	} else {
1092		printf("%s: Received conflicting HA port %d\n",
1093		    __func__, msg->hdr.nexus.targ_port);
1094		return;
1095	}
1096	port->port_type = msg->port.port_type;
1097	port->physical_port = msg->port.physical_port;
1098	port->virtual_port = msg->port.virtual_port;
1099	port->status = msg->port.status;
1100	i = 0;
1101	free(port->port_name, M_CTL);
1102	port->port_name = strndup(&msg->port.data[i], msg->port.name_len,
1103	    M_CTL);
1104	i += msg->port.name_len;
1105	if (msg->port.lun_map_len != 0) {
1106		if (port->lun_map == NULL)
1107			port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
1108			    M_CTL, M_WAITOK);
1109		memcpy(port->lun_map, &msg->port.data[i],
1110		    sizeof(uint32_t) * CTL_MAX_LUNS);
1111		i += msg->port.lun_map_len;
1112	} else {
1113		free(port->lun_map, M_CTL);
1114		port->lun_map = NULL;
1115	}
1116	if (msg->port.port_devid_len != 0) {
1117		if (port->port_devid == NULL ||
1118		    port->port_devid->len != msg->port.port_devid_len) {
1119			free(port->port_devid, M_CTL);
1120			port->port_devid = malloc(sizeof(struct ctl_devid) +
1121			    msg->port.port_devid_len, M_CTL, M_WAITOK);
1122		}
1123		memcpy(port->port_devid->data, &msg->port.data[i],
1124		    msg->port.port_devid_len);
1125		port->port_devid->len = msg->port.port_devid_len;
1126		i += msg->port.port_devid_len;
1127	} else {
1128		free(port->port_devid, M_CTL);
1129		port->port_devid = NULL;
1130	}
1131	if (msg->port.target_devid_len != 0) {
1132		if (port->target_devid == NULL ||
1133		    port->target_devid->len != msg->port.target_devid_len) {
1134			free(port->target_devid, M_CTL);
1135			port->target_devid = malloc(sizeof(struct ctl_devid) +
1136			    msg->port.target_devid_len, M_CTL, M_WAITOK);
1137		}
1138		memcpy(port->target_devid->data, &msg->port.data[i],
1139		    msg->port.target_devid_len);
1140		port->target_devid->len = msg->port.target_devid_len;
1141		i += msg->port.target_devid_len;
1142	} else {
1143		free(port->target_devid, M_CTL);
1144		port->target_devid = NULL;
1145	}
1146	if (msg->port.init_devid_len != 0) {
1147		if (port->init_devid == NULL ||
1148		    port->init_devid->len != msg->port.init_devid_len) {
1149			free(port->init_devid, M_CTL);
1150			port->init_devid = malloc(sizeof(struct ctl_devid) +
1151			    msg->port.init_devid_len, M_CTL, M_WAITOK);
1152		}
1153		memcpy(port->init_devid->data, &msg->port.data[i],
1154		    msg->port.init_devid_len);
1155		port->init_devid->len = msg->port.init_devid_len;
1156		i += msg->port.init_devid_len;
1157	} else {
1158		free(port->init_devid, M_CTL);
1159		port->init_devid = NULL;
1160	}
1161	if (new) {
1162		if (ctl_port_register(port) != 0) {
1163			printf("%s: ctl_port_register() failed with error\n",
1164			    __func__);
1165		}
1166	}
1167	mtx_lock(&softc->ctl_lock);
1168	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1169		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
1170			continue;
1171		mtx_lock(&lun->lun_lock);
1172		ctl_est_ua_all(lun, -1, CTL_UA_INQ_CHANGE);
1173		mtx_unlock(&lun->lun_lock);
1174	}
1175	mtx_unlock(&softc->ctl_lock);
1176}
1177
1178static void
1179ctl_isc_iid_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1180{
1181	struct ctl_port *port;
1182	int iid;
1183
1184	port = softc->ctl_ports[msg->hdr.nexus.targ_port];
1185	if (port == NULL) {
1186		printf("%s: Received IID for unknown port %d\n",
1187		    __func__, msg->hdr.nexus.targ_port);
1188		return;
1189	}
1190	iid = msg->hdr.nexus.initid;
1191	port->wwpn_iid[iid].in_use = msg->iid.in_use;
1192	port->wwpn_iid[iid].wwpn = msg->iid.wwpn;
1193	free(port->wwpn_iid[iid].name, M_CTL);
1194	if (msg->iid.name_len) {
1195		port->wwpn_iid[iid].name = strndup(&msg->iid.data[0],
1196		    msg->iid.name_len, M_CTL);
1197	} else
1198		port->wwpn_iid[iid].name = NULL;
1199}
1200
1201static void
1202ctl_isc_login(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1203{
1204
1205	if (msg->login.version != CTL_HA_VERSION) {
1206		printf("CTL HA peers have different versions %d != %d\n",
1207		    msg->login.version, CTL_HA_VERSION);
1208		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1209		return;
1210	}
1211	if (msg->login.ha_mode != softc->ha_mode) {
1212		printf("CTL HA peers have different ha_mode %d != %d\n",
1213		    msg->login.ha_mode, softc->ha_mode);
1214		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1215		return;
1216	}
1217	if (msg->login.ha_id == softc->ha_id) {
1218		printf("CTL HA peers have same ha_id %d\n", msg->login.ha_id);
1219		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1220		return;
1221	}
1222	if (msg->login.max_luns != CTL_MAX_LUNS ||
1223	    msg->login.max_ports != CTL_MAX_PORTS ||
1224	    msg->login.max_init_per_port != CTL_MAX_INIT_PER_PORT) {
1225		printf("CTL HA peers have different limits\n");
1226		ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1227		return;
1228	}
1229}
1230
1231static void
1232ctl_isc_mode_sync(struct ctl_softc *softc, union ctl_ha_msg *msg, int len)
1233{
1234	struct ctl_lun *lun;
1235	int i;
1236	uint32_t initidx, targ_lun;
1237
1238	targ_lun = msg->hdr.nexus.targ_mapped_lun;
1239	mtx_lock(&softc->ctl_lock);
1240	if ((targ_lun >= CTL_MAX_LUNS) ||
1241	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
1242		mtx_unlock(&softc->ctl_lock);
1243		return;
1244	}
1245	mtx_lock(&lun->lun_lock);
1246	mtx_unlock(&softc->ctl_lock);
1247	if (lun->flags & CTL_LUN_DISABLED) {
1248		mtx_unlock(&lun->lun_lock);
1249		return;
1250	}
1251	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
1252		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) ==
1253		    msg->mode.page_code &&
1254		    lun->mode_pages.index[i].subpage == msg->mode.subpage)
1255			break;
1256	}
1257	if (i == CTL_NUM_MODE_PAGES) {
1258		mtx_unlock(&lun->lun_lock);
1259		return;
1260	}
1261	memcpy(lun->mode_pages.index[i].page_data, msg->mode.data,
1262	    lun->mode_pages.index[i].page_len);
1263	initidx = ctl_get_initindex(&msg->hdr.nexus);
1264	if (initidx != -1)
1265		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
1266	mtx_unlock(&lun->lun_lock);
1267}
1268
1269/*
1270 * ISC (Inter Shelf Communication) event handler.  Events from the HA
1271 * subsystem come in here.
1272 */
1273static void
1274ctl_isc_event_handler(ctl_ha_channel channel, ctl_ha_event event, int param)
1275{
1276	struct ctl_softc *softc = control_softc;
1277	union ctl_io *io;
1278	struct ctl_prio *presio;
1279	ctl_ha_status isc_status;
1280
1281	CTL_DEBUG_PRINT(("CTL: Isc Msg event %d\n", event));
1282	if (event == CTL_HA_EVT_MSG_RECV) {
1283		union ctl_ha_msg *msg, msgbuf;
1284
1285		if (param > sizeof(msgbuf))
1286			msg = malloc(param, M_CTL, M_WAITOK);
1287		else
1288			msg = &msgbuf;
1289		isc_status = ctl_ha_msg_recv(CTL_HA_CHAN_CTL, msg, param,
1290		    M_WAITOK);
1291		if (isc_status != CTL_HA_STATUS_SUCCESS) {
1292			printf("%s: Error receiving message: %d\n",
1293			    __func__, isc_status);
1294			if (msg != &msgbuf)
1295				free(msg, M_CTL);
1296			return;
1297		}
1298
1299		CTL_DEBUG_PRINT(("CTL: msg_type %d\n", msg->msg_type));
1300		switch (msg->hdr.msg_type) {
1301		case CTL_MSG_SERIALIZE:
1302			io = ctl_alloc_io(softc->othersc_pool);
1303			ctl_zero_io(io);
1304			// populate ctsio from msg
1305			io->io_hdr.io_type = CTL_IO_SCSI;
1306			io->io_hdr.msg_type = CTL_MSG_SERIALIZE;
1307			io->io_hdr.original_sc = msg->hdr.original_sc;
1308			io->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC |
1309					    CTL_FLAG_IO_ACTIVE;
1310			/*
1311			 * If we're in serialization-only mode, we don't
1312			 * want to go through full done processing.  Thus
1313			 * the COPY flag.
1314			 *
1315			 * XXX KDM add another flag that is more specific.
1316			 */
1317			if (softc->ha_mode != CTL_HA_MODE_XFER)
1318				io->io_hdr.flags |= CTL_FLAG_INT_COPY;
1319			io->io_hdr.nexus = msg->hdr.nexus;
1320#if 0
1321			printf("port %u, iid %u, lun %u\n",
1322			       io->io_hdr.nexus.targ_port,
1323			       io->io_hdr.nexus.initid,
1324			       io->io_hdr.nexus.targ_lun);
1325#endif
1326			io->scsiio.tag_num = msg->scsi.tag_num;
1327			io->scsiio.tag_type = msg->scsi.tag_type;
1328#ifdef CTL_TIME_IO
1329			io->io_hdr.start_time = time_uptime;
1330			getbinuptime(&io->io_hdr.start_bt);
1331#endif /* CTL_TIME_IO */
1332			io->scsiio.cdb_len = msg->scsi.cdb_len;
1333			memcpy(io->scsiio.cdb, msg->scsi.cdb,
1334			       CTL_MAX_CDBLEN);
1335			if (softc->ha_mode == CTL_HA_MODE_XFER) {
1336				const struct ctl_cmd_entry *entry;
1337
1338				entry = ctl_get_cmd_entry(&io->scsiio, NULL);
1339				io->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
1340				io->io_hdr.flags |=
1341					entry->flags & CTL_FLAG_DATA_MASK;
1342			}
1343			ctl_enqueue_isc(io);
1344			break;
1345
1346		/* Performed on the Originating SC, XFER mode only */
1347		case CTL_MSG_DATAMOVE: {
1348			struct ctl_sg_entry *sgl;
1349			int i, j;
1350
1351			io = msg->hdr.original_sc;
1352			if (io == NULL) {
1353				printf("%s: original_sc == NULL!\n", __func__);
1354				/* XXX KDM do something here */
1355				break;
1356			}
1357			io->io_hdr.msg_type = CTL_MSG_DATAMOVE;
1358			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1359			/*
1360			 * Keep track of this, we need to send it back over
1361			 * when the datamove is complete.
1362			 */
1363			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1364			if (msg->hdr.status == CTL_SUCCESS)
1365				io->io_hdr.status = msg->hdr.status;
1366
1367			if (msg->dt.sg_sequence == 0) {
1368#ifdef CTL_TIME_IO
1369				getbinuptime(&io->io_hdr.dma_start_bt);
1370#endif
1371				i = msg->dt.kern_sg_entries +
1372				    msg->dt.kern_data_len /
1373				    CTL_HA_DATAMOVE_SEGMENT + 1;
1374				sgl = malloc(sizeof(*sgl) * i, M_CTL,
1375				    M_WAITOK | M_ZERO);
1376				io->io_hdr.remote_sglist = sgl;
1377				io->io_hdr.local_sglist =
1378				    &sgl[msg->dt.kern_sg_entries];
1379
1380				io->scsiio.kern_data_ptr = (uint8_t *)sgl;
1381
1382				io->scsiio.kern_sg_entries =
1383					msg->dt.kern_sg_entries;
1384				io->scsiio.rem_sg_entries =
1385					msg->dt.kern_sg_entries;
1386				io->scsiio.kern_data_len =
1387					msg->dt.kern_data_len;
1388				io->scsiio.kern_total_len =
1389					msg->dt.kern_total_len;
1390				io->scsiio.kern_data_resid =
1391					msg->dt.kern_data_resid;
1392				io->scsiio.kern_rel_offset =
1393					msg->dt.kern_rel_offset;
1394				io->io_hdr.flags &= ~CTL_FLAG_BUS_ADDR;
1395				io->io_hdr.flags |= msg->dt.flags &
1396				    CTL_FLAG_BUS_ADDR;
1397			} else
1398				sgl = (struct ctl_sg_entry *)
1399					io->scsiio.kern_data_ptr;
1400
1401			for (i = msg->dt.sent_sg_entries, j = 0;
1402			     i < (msg->dt.sent_sg_entries +
1403			     msg->dt.cur_sg_entries); i++, j++) {
1404				sgl[i].addr = msg->dt.sg_list[j].addr;
1405				sgl[i].len = msg->dt.sg_list[j].len;
1406
1407#if 0
1408				printf("%s: DATAMOVE: %p,%lu j=%d, i=%d\n",
1409				    __func__, sgl[i].addr, sgl[i].len, j, i);
1410#endif
1411			}
1412
1413			/*
1414			 * If this is the last piece of the I/O, we've got
1415			 * the full S/G list.  Queue processing in the thread.
1416			 * Otherwise wait for the next piece.
1417			 */
1418			if (msg->dt.sg_last != 0)
1419				ctl_enqueue_isc(io);
1420			break;
1421		}
1422		/* Performed on the Serializing (primary) SC, XFER mode only */
1423		case CTL_MSG_DATAMOVE_DONE: {
1424			if (msg->hdr.serializing_sc == NULL) {
1425				printf("%s: serializing_sc == NULL!\n",
1426				       __func__);
1427				/* XXX KDM now what? */
1428				break;
1429			}
1430			/*
1431			 * We grab the sense information here in case
1432			 * there was a failure, so we can return status
1433			 * back to the initiator.
1434			 */
1435			io = msg->hdr.serializing_sc;
1436			io->io_hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
1437			io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1438			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1439			io->io_hdr.port_status = msg->scsi.fetd_status;
1440			io->scsiio.residual = msg->scsi.residual;
1441			if (msg->hdr.status != CTL_STATUS_NONE) {
1442				io->io_hdr.status = msg->hdr.status;
1443				io->scsiio.scsi_status = msg->scsi.scsi_status;
1444				io->scsiio.sense_len = msg->scsi.sense_len;
1445				io->scsiio.sense_residual =msg->scsi.sense_residual;
1446				memcpy(&io->scsiio.sense_data,
1447				    &msg->scsi.sense_data,
1448				    msg->scsi.sense_len);
1449				if (msg->hdr.status == CTL_SUCCESS)
1450					io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
1451			}
1452			ctl_enqueue_isc(io);
1453			break;
1454		}
1455
1456		/* Preformed on Originating SC, SER_ONLY mode */
1457		case CTL_MSG_R2R:
1458			io = msg->hdr.original_sc;
1459			if (io == NULL) {
1460				printf("%s: original_sc == NULL!\n",
1461				    __func__);
1462				break;
1463			}
1464			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1465			io->io_hdr.msg_type = CTL_MSG_R2R;
1466			io->io_hdr.serializing_sc = msg->hdr.serializing_sc;
1467			ctl_enqueue_isc(io);
1468			break;
1469
1470		/*
1471		 * Performed on Serializing(i.e. primary SC) SC in SER_ONLY
1472		 * mode.
1473		 * Performed on the Originating (i.e. secondary) SC in XFER
1474		 * mode
1475		 */
1476		case CTL_MSG_FINISH_IO:
1477			if (softc->ha_mode == CTL_HA_MODE_XFER)
1478				ctl_isc_handler_finish_xfer(softc, msg);
1479			else
1480				ctl_isc_handler_finish_ser_only(softc, msg);
1481			break;
1482
1483		/* Preformed on Originating SC */
1484		case CTL_MSG_BAD_JUJU:
1485			io = msg->hdr.original_sc;
1486			if (io == NULL) {
1487				printf("%s: Bad JUJU!, original_sc is NULL!\n",
1488				       __func__);
1489				break;
1490			}
1491			ctl_copy_sense_data(msg, io);
1492			/*
1493			 * IO should have already been cleaned up on other
1494			 * SC so clear this flag so we won't send a message
1495			 * back to finish the IO there.
1496			 */
1497			io->io_hdr.flags &= ~CTL_FLAG_SENT_2OTHER_SC;
1498			io->io_hdr.flags |= CTL_FLAG_IO_ACTIVE;
1499
1500			/* io = msg->hdr.serializing_sc; */
1501			io->io_hdr.msg_type = CTL_MSG_BAD_JUJU;
1502			ctl_enqueue_isc(io);
1503			break;
1504
1505		/* Handle resets sent from the other side */
1506		case CTL_MSG_MANAGE_TASKS: {
1507			struct ctl_taskio *taskio;
1508			taskio = (struct ctl_taskio *)ctl_alloc_io(
1509			    softc->othersc_pool);
1510			ctl_zero_io((union ctl_io *)taskio);
1511			taskio->io_hdr.io_type = CTL_IO_TASK;
1512			taskio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1513			taskio->io_hdr.nexus = msg->hdr.nexus;
1514			taskio->task_action = msg->task.task_action;
1515			taskio->tag_num = msg->task.tag_num;
1516			taskio->tag_type = msg->task.tag_type;
1517#ifdef CTL_TIME_IO
1518			taskio->io_hdr.start_time = time_uptime;
1519			getbinuptime(&taskio->io_hdr.start_bt);
1520#endif /* CTL_TIME_IO */
1521			ctl_run_task((union ctl_io *)taskio);
1522			break;
1523		}
1524		/* Persistent Reserve action which needs attention */
1525		case CTL_MSG_PERS_ACTION:
1526			presio = (struct ctl_prio *)ctl_alloc_io(
1527			    softc->othersc_pool);
1528			ctl_zero_io((union ctl_io *)presio);
1529			presio->io_hdr.msg_type = CTL_MSG_PERS_ACTION;
1530			presio->io_hdr.flags |= CTL_FLAG_FROM_OTHER_SC;
1531			presio->io_hdr.nexus = msg->hdr.nexus;
1532			presio->pr_msg = msg->pr;
1533			ctl_enqueue_isc((union ctl_io *)presio);
1534			break;
1535		case CTL_MSG_UA:
1536			ctl_isc_ua(softc, msg, param);
1537			break;
1538		case CTL_MSG_PORT_SYNC:
1539			ctl_isc_port_sync(softc, msg, param);
1540			break;
1541		case CTL_MSG_LUN_SYNC:
1542			ctl_isc_lun_sync(softc, msg, param);
1543			break;
1544		case CTL_MSG_IID_SYNC:
1545			ctl_isc_iid_sync(softc, msg, param);
1546			break;
1547		case CTL_MSG_LOGIN:
1548			ctl_isc_login(softc, msg, param);
1549			break;
1550		case CTL_MSG_MODE_SYNC:
1551			ctl_isc_mode_sync(softc, msg, param);
1552			break;
1553		default:
1554			printf("Received HA message of unknown type %d\n",
1555			    msg->hdr.msg_type);
1556			ctl_ha_msg_abort(CTL_HA_CHAN_CTL);
1557			break;
1558		}
1559		if (msg != &msgbuf)
1560			free(msg, M_CTL);
1561	} else if (event == CTL_HA_EVT_LINK_CHANGE) {
1562		printf("CTL: HA link status changed from %d to %d\n",
1563		    softc->ha_link, param);
1564		if (param == softc->ha_link)
1565			return;
1566		if (softc->ha_link == CTL_HA_LINK_ONLINE) {
1567			softc->ha_link = param;
1568			ctl_isc_ha_link_down(softc);
1569		} else {
1570			softc->ha_link = param;
1571			if (softc->ha_link == CTL_HA_LINK_ONLINE)
1572				ctl_isc_ha_link_up(softc);
1573		}
1574		return;
1575	} else {
1576		printf("ctl_isc_event_handler: Unknown event %d\n", event);
1577		return;
1578	}
1579}
1580
1581static void
1582ctl_copy_sense_data(union ctl_ha_msg *src, union ctl_io *dest)
1583{
1584
1585	memcpy(&dest->scsiio.sense_data, &src->scsi.sense_data,
1586	    src->scsi.sense_len);
1587	dest->scsiio.scsi_status = src->scsi.scsi_status;
1588	dest->scsiio.sense_len = src->scsi.sense_len;
1589	dest->io_hdr.status = src->hdr.status;
1590}
1591
1592static void
1593ctl_copy_sense_data_back(union ctl_io *src, union ctl_ha_msg *dest)
1594{
1595
1596	memcpy(&dest->scsi.sense_data, &src->scsiio.sense_data,
1597	    src->scsiio.sense_len);
1598	dest->scsi.scsi_status = src->scsiio.scsi_status;
1599	dest->scsi.sense_len = src->scsiio.sense_len;
1600	dest->hdr.status = src->io_hdr.status;
1601}
1602
1603void
1604ctl_est_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1605{
1606	struct ctl_softc *softc = lun->ctl_softc;
1607	ctl_ua_type *pu;
1608
1609	if (initidx < softc->init_min || initidx >= softc->init_max)
1610		return;
1611	mtx_assert(&lun->lun_lock, MA_OWNED);
1612	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1613	if (pu == NULL)
1614		return;
1615	pu[initidx % CTL_MAX_INIT_PER_PORT] |= ua;
1616}
1617
1618void
1619ctl_est_ua_port(struct ctl_lun *lun, int port, uint32_t except, ctl_ua_type ua)
1620{
1621	int i;
1622
1623	mtx_assert(&lun->lun_lock, MA_OWNED);
1624	if (lun->pending_ua[port] == NULL)
1625		return;
1626	for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1627		if (port * CTL_MAX_INIT_PER_PORT + i == except)
1628			continue;
1629		lun->pending_ua[port][i] |= ua;
1630	}
1631}
1632
1633void
1634ctl_est_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1635{
1636	struct ctl_softc *softc = lun->ctl_softc;
1637	int i;
1638
1639	mtx_assert(&lun->lun_lock, MA_OWNED);
1640	for (i = softc->port_min; i < softc->port_max; i++)
1641		ctl_est_ua_port(lun, i, except, ua);
1642}
1643
1644void
1645ctl_clr_ua(struct ctl_lun *lun, uint32_t initidx, ctl_ua_type ua)
1646{
1647	struct ctl_softc *softc = lun->ctl_softc;
1648	ctl_ua_type *pu;
1649
1650	if (initidx < softc->init_min || initidx >= softc->init_max)
1651		return;
1652	mtx_assert(&lun->lun_lock, MA_OWNED);
1653	pu = lun->pending_ua[initidx / CTL_MAX_INIT_PER_PORT];
1654	if (pu == NULL)
1655		return;
1656	pu[initidx % CTL_MAX_INIT_PER_PORT] &= ~ua;
1657}
1658
1659void
1660ctl_clr_ua_all(struct ctl_lun *lun, uint32_t except, ctl_ua_type ua)
1661{
1662	struct ctl_softc *softc = lun->ctl_softc;
1663	int i, j;
1664
1665	mtx_assert(&lun->lun_lock, MA_OWNED);
1666	for (i = softc->port_min; i < softc->port_max; i++) {
1667		if (lun->pending_ua[i] == NULL)
1668			continue;
1669		for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
1670			if (i * CTL_MAX_INIT_PER_PORT + j == except)
1671				continue;
1672			lun->pending_ua[i][j] &= ~ua;
1673		}
1674	}
1675}
1676
1677void
1678ctl_clr_ua_allluns(struct ctl_softc *ctl_softc, uint32_t initidx,
1679    ctl_ua_type ua_type)
1680{
1681	struct ctl_lun *lun;
1682
1683	mtx_assert(&ctl_softc->ctl_lock, MA_OWNED);
1684	STAILQ_FOREACH(lun, &ctl_softc->lun_list, links) {
1685		mtx_lock(&lun->lun_lock);
1686		ctl_clr_ua(lun, initidx, ua_type);
1687		mtx_unlock(&lun->lun_lock);
1688	}
1689}
1690
1691static int
1692ctl_ha_role_sysctl(SYSCTL_HANDLER_ARGS)
1693{
1694	struct ctl_softc *softc = (struct ctl_softc *)arg1;
1695	struct ctl_lun *lun;
1696	struct ctl_lun_req ireq;
1697	int error, value;
1698
1699	value = (softc->flags & CTL_FLAG_ACTIVE_SHELF) ? 0 : 1;
1700	error = sysctl_handle_int(oidp, &value, 0, req);
1701	if ((error != 0) || (req->newptr == NULL))
1702		return (error);
1703
1704	mtx_lock(&softc->ctl_lock);
1705	if (value == 0)
1706		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1707	else
1708		softc->flags &= ~CTL_FLAG_ACTIVE_SHELF;
1709	STAILQ_FOREACH(lun, &softc->lun_list, links) {
1710		mtx_unlock(&softc->ctl_lock);
1711		bzero(&ireq, sizeof(ireq));
1712		ireq.reqtype = CTL_LUNREQ_MODIFY;
1713		ireq.reqdata.modify.lun_id = lun->lun;
1714		lun->backend->ioctl(NULL, CTL_LUN_REQ, (caddr_t)&ireq, 0,
1715		    curthread);
1716		if (ireq.status != CTL_LUN_OK) {
1717			printf("%s: CTL_LUNREQ_MODIFY returned %d '%s'\n",
1718			    __func__, ireq.status, ireq.error_str);
1719		}
1720		mtx_lock(&softc->ctl_lock);
1721	}
1722	mtx_unlock(&softc->ctl_lock);
1723	return (0);
1724}
1725
1726static int
1727ctl_init(void)
1728{
1729	struct ctl_softc *softc;
1730	void *other_pool;
1731	int i, error;
1732
1733	softc = control_softc = malloc(sizeof(*control_softc), M_DEVBUF,
1734			       M_WAITOK | M_ZERO);
1735
1736	softc->dev = make_dev(&ctl_cdevsw, 0, UID_ROOT, GID_OPERATOR, 0600,
1737			      "cam/ctl");
1738	softc->dev->si_drv1 = softc;
1739
1740	sysctl_ctx_init(&softc->sysctl_ctx);
1741	softc->sysctl_tree = SYSCTL_ADD_NODE(&softc->sysctl_ctx,
1742		SYSCTL_STATIC_CHILDREN(_kern_cam), OID_AUTO, "ctl",
1743		CTLFLAG_RD, 0, "CAM Target Layer");
1744
1745	if (softc->sysctl_tree == NULL) {
1746		printf("%s: unable to allocate sysctl tree\n", __func__);
1747		destroy_dev(softc->dev);
1748		free(control_softc, M_DEVBUF);
1749		control_softc = NULL;
1750		return (ENOMEM);
1751	}
1752
1753	mtx_init(&softc->ctl_lock, "CTL mutex", NULL, MTX_DEF);
1754	softc->io_zone = uma_zcreate("CTL IO", sizeof(union ctl_io),
1755	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, 0);
1756	softc->open_count = 0;
1757
1758	/*
1759	 * Default to actually sending a SYNCHRONIZE CACHE command down to
1760	 * the drive.
1761	 */
1762	softc->flags = CTL_FLAG_REAL_SYNC;
1763
1764	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1765	    OID_AUTO, "ha_mode", CTLFLAG_RDTUN, (int *)&softc->ha_mode, 0,
1766	    "HA mode (0 - act/stby, 1 - serialize only, 2 - xfer)");
1767
1768	/*
1769	 * In Copan's HA scheme, the "master" and "slave" roles are
1770	 * figured out through the slot the controller is in.  Although it
1771	 * is an active/active system, someone has to be in charge.
1772	 */
1773	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1774	    OID_AUTO, "ha_id", CTLFLAG_RDTUN, &softc->ha_id, 0,
1775	    "HA head ID (0 - no HA)");
1776	if (softc->ha_id == 0 || softc->ha_id > NUM_TARGET_PORT_GROUPS) {
1777		softc->flags |= CTL_FLAG_ACTIVE_SHELF;
1778		softc->is_single = 1;
1779		softc->port_cnt = CTL_MAX_PORTS;
1780		softc->port_min = 0;
1781	} else {
1782		softc->port_cnt = CTL_MAX_PORTS / NUM_TARGET_PORT_GROUPS;
1783		softc->port_min = (softc->ha_id - 1) * softc->port_cnt;
1784	}
1785	softc->port_max = softc->port_min + softc->port_cnt;
1786	softc->init_min = softc->port_min * CTL_MAX_INIT_PER_PORT;
1787	softc->init_max = softc->port_max * CTL_MAX_INIT_PER_PORT;
1788
1789	SYSCTL_ADD_INT(&softc->sysctl_ctx, SYSCTL_CHILDREN(softc->sysctl_tree),
1790	    OID_AUTO, "ha_link", CTLFLAG_RD, (int *)&softc->ha_link, 0,
1791	    "HA link state (0 - offline, 1 - unknown, 2 - online)");
1792
1793	STAILQ_INIT(&softc->lun_list);
1794	STAILQ_INIT(&softc->pending_lun_queue);
1795	STAILQ_INIT(&softc->fe_list);
1796	STAILQ_INIT(&softc->port_list);
1797	STAILQ_INIT(&softc->be_list);
1798	ctl_tpc_init(softc);
1799
1800	if (ctl_pool_create(softc, "othersc", CTL_POOL_ENTRIES_OTHER_SC,
1801	                    &other_pool) != 0)
1802	{
1803		printf("ctl: can't allocate %d entry other SC pool, "
1804		       "exiting\n", CTL_POOL_ENTRIES_OTHER_SC);
1805		return (ENOMEM);
1806	}
1807	softc->othersc_pool = other_pool;
1808
1809	if (worker_threads <= 0)
1810		worker_threads = max(1, mp_ncpus / 4);
1811	if (worker_threads > CTL_MAX_THREADS)
1812		worker_threads = CTL_MAX_THREADS;
1813
1814	for (i = 0; i < worker_threads; i++) {
1815		struct ctl_thread *thr = &softc->threads[i];
1816
1817		mtx_init(&thr->queue_lock, "CTL queue mutex", NULL, MTX_DEF);
1818		thr->ctl_softc = softc;
1819		STAILQ_INIT(&thr->incoming_queue);
1820		STAILQ_INIT(&thr->rtr_queue);
1821		STAILQ_INIT(&thr->done_queue);
1822		STAILQ_INIT(&thr->isc_queue);
1823
1824		error = kproc_kthread_add(ctl_work_thread, thr,
1825		    &softc->ctl_proc, &thr->thread, 0, 0, "ctl", "work%d", i);
1826		if (error != 0) {
1827			printf("error creating CTL work thread!\n");
1828			ctl_pool_free(other_pool);
1829			return (error);
1830		}
1831	}
1832	error = kproc_kthread_add(ctl_lun_thread, softc,
1833	    &softc->ctl_proc, NULL, 0, 0, "ctl", "lun");
1834	if (error != 0) {
1835		printf("error creating CTL lun thread!\n");
1836		ctl_pool_free(other_pool);
1837		return (error);
1838	}
1839	error = kproc_kthread_add(ctl_thresh_thread, softc,
1840	    &softc->ctl_proc, NULL, 0, 0, "ctl", "thresh");
1841	if (error != 0) {
1842		printf("error creating CTL threshold thread!\n");
1843		ctl_pool_free(other_pool);
1844		return (error);
1845	}
1846
1847	SYSCTL_ADD_PROC(&softc->sysctl_ctx,SYSCTL_CHILDREN(softc->sysctl_tree),
1848	    OID_AUTO, "ha_role", CTLTYPE_INT | CTLFLAG_RWTUN,
1849	    softc, 0, ctl_ha_role_sysctl, "I", "HA role for this head");
1850
1851	if (softc->is_single == 0) {
1852		ctl_frontend_register(&ha_frontend);
1853		if (ctl_ha_msg_init(softc) != CTL_HA_STATUS_SUCCESS) {
1854			printf("ctl_init: ctl_ha_msg_init failed.\n");
1855			softc->is_single = 1;
1856		} else
1857		if (ctl_ha_msg_register(CTL_HA_CHAN_CTL, ctl_isc_event_handler)
1858		    != CTL_HA_STATUS_SUCCESS) {
1859			printf("ctl_init: ctl_ha_msg_register failed.\n");
1860			softc->is_single = 1;
1861		}
1862	}
1863	return (0);
1864}
1865
1866void
1867ctl_shutdown(void)
1868{
1869	struct ctl_softc *softc = control_softc;
1870	struct ctl_lun *lun, *next_lun;
1871
1872	if (softc->is_single == 0) {
1873		ctl_ha_msg_shutdown(softc);
1874		if (ctl_ha_msg_deregister(CTL_HA_CHAN_CTL)
1875		    != CTL_HA_STATUS_SUCCESS)
1876			printf("%s: ctl_ha_msg_deregister failed.\n", __func__);
1877		if (ctl_ha_msg_destroy(softc) != CTL_HA_STATUS_SUCCESS)
1878			printf("%s: ctl_ha_msg_destroy failed.\n", __func__);
1879		ctl_frontend_deregister(&ha_frontend);
1880	}
1881
1882	mtx_lock(&softc->ctl_lock);
1883
1884	/*
1885	 * Free up each LUN.
1886	 */
1887	for (lun = STAILQ_FIRST(&softc->lun_list); lun != NULL; lun = next_lun){
1888		next_lun = STAILQ_NEXT(lun, links);
1889		ctl_free_lun(lun);
1890	}
1891
1892	mtx_unlock(&softc->ctl_lock);
1893
1894#if 0
1895	ctl_shutdown_thread(softc->work_thread);
1896	mtx_destroy(&softc->queue_lock);
1897#endif
1898
1899	ctl_tpc_shutdown(softc);
1900	uma_zdestroy(softc->io_zone);
1901	mtx_destroy(&softc->ctl_lock);
1902
1903	destroy_dev(softc->dev);
1904
1905	sysctl_ctx_free(&softc->sysctl_ctx);
1906
1907	free(control_softc, M_DEVBUF);
1908	control_softc = NULL;
1909}
1910
1911static int
1912ctl_module_event_handler(module_t mod, int what, void *arg)
1913{
1914
1915	switch (what) {
1916	case MOD_LOAD:
1917		return (ctl_init());
1918	case MOD_UNLOAD:
1919		return (EBUSY);
1920	default:
1921		return (EOPNOTSUPP);
1922	}
1923}
1924
1925/*
1926 * XXX KDM should we do some access checks here?  Bump a reference count to
1927 * prevent a CTL module from being unloaded while someone has it open?
1928 */
1929static int
1930ctl_open(struct cdev *dev, int flags, int fmt, struct thread *td)
1931{
1932	return (0);
1933}
1934
1935static int
1936ctl_close(struct cdev *dev, int flags, int fmt, struct thread *td)
1937{
1938	return (0);
1939}
1940
1941/*
1942 * Remove an initiator by port number and initiator ID.
1943 * Returns 0 for success, -1 for failure.
1944 */
1945int
1946ctl_remove_initiator(struct ctl_port *port, int iid)
1947{
1948	struct ctl_softc *softc = port->ctl_softc;
1949
1950	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1951
1952	if (iid > CTL_MAX_INIT_PER_PORT) {
1953		printf("%s: initiator ID %u > maximun %u!\n",
1954		       __func__, iid, CTL_MAX_INIT_PER_PORT);
1955		return (-1);
1956	}
1957
1958	mtx_lock(&softc->ctl_lock);
1959	port->wwpn_iid[iid].in_use--;
1960	port->wwpn_iid[iid].last_use = time_uptime;
1961	mtx_unlock(&softc->ctl_lock);
1962	ctl_isc_announce_iid(port, iid);
1963
1964	return (0);
1965}
1966
1967/*
1968 * Add an initiator to the initiator map.
1969 * Returns iid for success, < 0 for failure.
1970 */
1971int
1972ctl_add_initiator(struct ctl_port *port, int iid, uint64_t wwpn, char *name)
1973{
1974	struct ctl_softc *softc = port->ctl_softc;
1975	time_t best_time;
1976	int i, best;
1977
1978	mtx_assert(&softc->ctl_lock, MA_NOTOWNED);
1979
1980	if (iid >= CTL_MAX_INIT_PER_PORT) {
1981		printf("%s: WWPN %#jx initiator ID %u > maximum %u!\n",
1982		       __func__, wwpn, iid, CTL_MAX_INIT_PER_PORT);
1983		free(name, M_CTL);
1984		return (-1);
1985	}
1986
1987	mtx_lock(&softc->ctl_lock);
1988
1989	if (iid < 0 && (wwpn != 0 || name != NULL)) {
1990		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
1991			if (wwpn != 0 && wwpn == port->wwpn_iid[i].wwpn) {
1992				iid = i;
1993				break;
1994			}
1995			if (name != NULL && port->wwpn_iid[i].name != NULL &&
1996			    strcmp(name, port->wwpn_iid[i].name) == 0) {
1997				iid = i;
1998				break;
1999			}
2000		}
2001	}
2002
2003	if (iid < 0) {
2004		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2005			if (port->wwpn_iid[i].in_use == 0 &&
2006			    port->wwpn_iid[i].wwpn == 0 &&
2007			    port->wwpn_iid[i].name == NULL) {
2008				iid = i;
2009				break;
2010			}
2011		}
2012	}
2013
2014	if (iid < 0) {
2015		best = -1;
2016		best_time = INT32_MAX;
2017		for (i = 0; i < CTL_MAX_INIT_PER_PORT; i++) {
2018			if (port->wwpn_iid[i].in_use == 0) {
2019				if (port->wwpn_iid[i].last_use < best_time) {
2020					best = i;
2021					best_time = port->wwpn_iid[i].last_use;
2022				}
2023			}
2024		}
2025		iid = best;
2026	}
2027
2028	if (iid < 0) {
2029		mtx_unlock(&softc->ctl_lock);
2030		free(name, M_CTL);
2031		return (-2);
2032	}
2033
2034	if (port->wwpn_iid[iid].in_use > 0 && (wwpn != 0 || name != NULL)) {
2035		/*
2036		 * This is not an error yet.
2037		 */
2038		if (wwpn != 0 && wwpn == port->wwpn_iid[iid].wwpn) {
2039#if 0
2040			printf("%s: port %d iid %u WWPN %#jx arrived"
2041			    " again\n", __func__, port->targ_port,
2042			    iid, (uintmax_t)wwpn);
2043#endif
2044			goto take;
2045		}
2046		if (name != NULL && port->wwpn_iid[iid].name != NULL &&
2047		    strcmp(name, port->wwpn_iid[iid].name) == 0) {
2048#if 0
2049			printf("%s: port %d iid %u name '%s' arrived"
2050			    " again\n", __func__, port->targ_port,
2051			    iid, name);
2052#endif
2053			goto take;
2054		}
2055
2056		/*
2057		 * This is an error, but what do we do about it?  The
2058		 * driver is telling us we have a new WWPN for this
2059		 * initiator ID, so we pretty much need to use it.
2060		 */
2061		printf("%s: port %d iid %u WWPN %#jx '%s' arrived,"
2062		    " but WWPN %#jx '%s' is still at that address\n",
2063		    __func__, port->targ_port, iid, wwpn, name,
2064		    (uintmax_t)port->wwpn_iid[iid].wwpn,
2065		    port->wwpn_iid[iid].name);
2066
2067		/*
2068		 * XXX KDM clear have_ca and ua_pending on each LUN for
2069		 * this initiator.
2070		 */
2071	}
2072take:
2073	free(port->wwpn_iid[iid].name, M_CTL);
2074	port->wwpn_iid[iid].name = name;
2075	port->wwpn_iid[iid].wwpn = wwpn;
2076	port->wwpn_iid[iid].in_use++;
2077	mtx_unlock(&softc->ctl_lock);
2078	ctl_isc_announce_iid(port, iid);
2079
2080	return (iid);
2081}
2082
2083static int
2084ctl_create_iid(struct ctl_port *port, int iid, uint8_t *buf)
2085{
2086	int len;
2087
2088	switch (port->port_type) {
2089	case CTL_PORT_FC:
2090	{
2091		struct scsi_transportid_fcp *id =
2092		    (struct scsi_transportid_fcp *)buf;
2093		if (port->wwpn_iid[iid].wwpn == 0)
2094			return (0);
2095		memset(id, 0, sizeof(*id));
2096		id->format_protocol = SCSI_PROTO_FC;
2097		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->n_port_name);
2098		return (sizeof(*id));
2099	}
2100	case CTL_PORT_ISCSI:
2101	{
2102		struct scsi_transportid_iscsi_port *id =
2103		    (struct scsi_transportid_iscsi_port *)buf;
2104		if (port->wwpn_iid[iid].name == NULL)
2105			return (0);
2106		memset(id, 0, 256);
2107		id->format_protocol = SCSI_TRN_ISCSI_FORMAT_PORT |
2108		    SCSI_PROTO_ISCSI;
2109		len = strlcpy(id->iscsi_name, port->wwpn_iid[iid].name, 252) + 1;
2110		len = roundup2(min(len, 252), 4);
2111		scsi_ulto2b(len, id->additional_length);
2112		return (sizeof(*id) + len);
2113	}
2114	case CTL_PORT_SAS:
2115	{
2116		struct scsi_transportid_sas *id =
2117		    (struct scsi_transportid_sas *)buf;
2118		if (port->wwpn_iid[iid].wwpn == 0)
2119			return (0);
2120		memset(id, 0, sizeof(*id));
2121		id->format_protocol = SCSI_PROTO_SAS;
2122		scsi_u64to8b(port->wwpn_iid[iid].wwpn, id->sas_address);
2123		return (sizeof(*id));
2124	}
2125	default:
2126	{
2127		struct scsi_transportid_spi *id =
2128		    (struct scsi_transportid_spi *)buf;
2129		memset(id, 0, sizeof(*id));
2130		id->format_protocol = SCSI_PROTO_SPI;
2131		scsi_ulto2b(iid, id->scsi_addr);
2132		scsi_ulto2b(port->targ_port, id->rel_trgt_port_id);
2133		return (sizeof(*id));
2134	}
2135	}
2136}
2137
2138/*
2139 * Serialize a command that went down the "wrong" side, and so was sent to
2140 * this controller for execution.  The logic is a little different than the
2141 * standard case in ctl_scsiio_precheck().  Errors in this case need to get
2142 * sent back to the other side, but in the success case, we execute the
2143 * command on this side (XFER mode) or tell the other side to execute it
2144 * (SER_ONLY mode).
2145 */
2146static int
2147ctl_serialize_other_sc_cmd(struct ctl_scsiio *ctsio)
2148{
2149	struct ctl_softc *softc = control_softc;
2150	union ctl_ha_msg msg_info;
2151	struct ctl_port *port;
2152	struct ctl_lun *lun;
2153	const struct ctl_cmd_entry *entry;
2154	int retval = 0;
2155	uint32_t targ_lun;
2156
2157	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
2158	mtx_lock(&softc->ctl_lock);
2159
2160	/* Make sure that we know about this port. */
2161	port = ctl_io_port(&ctsio->io_hdr);
2162	if (port == NULL || (port->status & CTL_PORT_STATUS_ONLINE) == 0) {
2163		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2164					 /*retry_count*/ 1);
2165		goto badjuju;
2166	}
2167
2168	/* Make sure that we know about this LUN. */
2169	if ((targ_lun < CTL_MAX_LUNS) &&
2170	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
2171		mtx_lock(&lun->lun_lock);
2172		mtx_unlock(&softc->ctl_lock);
2173		/*
2174		 * If the LUN is invalid, pretend that it doesn't exist.
2175		 * It will go away as soon as all pending I/O has been
2176		 * completed.
2177		 */
2178		if (lun->flags & CTL_LUN_DISABLED) {
2179			mtx_unlock(&lun->lun_lock);
2180			lun = NULL;
2181		}
2182	} else {
2183		mtx_unlock(&softc->ctl_lock);
2184		lun = NULL;
2185	}
2186	if (lun == NULL) {
2187		/*
2188		 * The other node would not send this request to us unless
2189		 * received announce that we are primary node for this LUN.
2190		 * If this LUN does not exist now, it is probably result of
2191		 * a race, so respond to initiator in the most opaque way.
2192		 */
2193		ctl_set_busy(ctsio);
2194		goto badjuju;
2195	}
2196
2197	entry = ctl_get_cmd_entry(ctsio, NULL);
2198	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
2199		mtx_unlock(&lun->lun_lock);
2200		goto badjuju;
2201	}
2202
2203	ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
2204	ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = lun->be_lun;
2205
2206	/*
2207	 * Every I/O goes into the OOA queue for a
2208	 * particular LUN, and stays there until completion.
2209	 */
2210#ifdef CTL_TIME_IO
2211	if (TAILQ_EMPTY(&lun->ooa_queue))
2212		lun->idle_time += getsbinuptime() - lun->last_busy;
2213#endif
2214	TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2215
2216	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
2217		(union ctl_io *)TAILQ_PREV(&ctsio->io_hdr, ctl_ooaq,
2218		 ooa_links))) {
2219	case CTL_ACTION_BLOCK:
2220		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
2221		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
2222				  blocked_links);
2223		mtx_unlock(&lun->lun_lock);
2224		break;
2225	case CTL_ACTION_PASS:
2226	case CTL_ACTION_SKIP:
2227		if (softc->ha_mode == CTL_HA_MODE_XFER) {
2228			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
2229			ctl_enqueue_rtr((union ctl_io *)ctsio);
2230			mtx_unlock(&lun->lun_lock);
2231		} else {
2232			ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
2233			mtx_unlock(&lun->lun_lock);
2234
2235			/* send msg back to other side */
2236			msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2237			msg_info.hdr.serializing_sc = (union ctl_io *)ctsio;
2238			msg_info.hdr.msg_type = CTL_MSG_R2R;
2239			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2240			    sizeof(msg_info.hdr), M_WAITOK);
2241		}
2242		break;
2243	case CTL_ACTION_OVERLAP:
2244		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2245		mtx_unlock(&lun->lun_lock);
2246		ctl_set_overlapped_cmd(ctsio);
2247		goto badjuju;
2248	case CTL_ACTION_OVERLAP_TAG:
2249		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2250		mtx_unlock(&lun->lun_lock);
2251		ctl_set_overlapped_tag(ctsio, ctsio->tag_num);
2252		goto badjuju;
2253	case CTL_ACTION_ERROR:
2254	default:
2255		TAILQ_REMOVE(&lun->ooa_queue, &ctsio->io_hdr, ooa_links);
2256		mtx_unlock(&lun->lun_lock);
2257
2258		ctl_set_internal_failure(ctsio, /*sks_valid*/ 0,
2259					 /*retry_count*/ 0);
2260badjuju:
2261		ctl_copy_sense_data_back((union ctl_io *)ctsio, &msg_info);
2262		msg_info.hdr.original_sc = ctsio->io_hdr.original_sc;
2263		msg_info.hdr.serializing_sc = NULL;
2264		msg_info.hdr.msg_type = CTL_MSG_BAD_JUJU;
2265		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
2266		    sizeof(msg_info.scsi), M_WAITOK);
2267		retval = 1;
2268		break;
2269	}
2270	return (retval);
2271}
2272
2273/*
2274 * Returns 0 for success, errno for failure.
2275 */
2276static void
2277ctl_ioctl_fill_ooa(struct ctl_lun *lun, uint32_t *cur_fill_num,
2278		   struct ctl_ooa *ooa_hdr, struct ctl_ooa_entry *kern_entries)
2279{
2280	union ctl_io *io;
2281
2282	mtx_lock(&lun->lun_lock);
2283	for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); (io != NULL);
2284	     (*cur_fill_num)++, io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2285	     ooa_links)) {
2286		struct ctl_ooa_entry *entry;
2287
2288		/*
2289		 * If we've got more than we can fit, just count the
2290		 * remaining entries.
2291		 */
2292		if (*cur_fill_num >= ooa_hdr->alloc_num)
2293			continue;
2294
2295		entry = &kern_entries[*cur_fill_num];
2296
2297		entry->tag_num = io->scsiio.tag_num;
2298		entry->lun_num = lun->lun;
2299#ifdef CTL_TIME_IO
2300		entry->start_bt = io->io_hdr.start_bt;
2301#endif
2302		bcopy(io->scsiio.cdb, entry->cdb, io->scsiio.cdb_len);
2303		entry->cdb_len = io->scsiio.cdb_len;
2304		if (io->io_hdr.flags & CTL_FLAG_BLOCKED)
2305			entry->cmd_flags |= CTL_OOACMD_FLAG_BLOCKED;
2306
2307		if (io->io_hdr.flags & CTL_FLAG_DMA_INPROG)
2308			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA;
2309
2310		if (io->io_hdr.flags & CTL_FLAG_ABORT)
2311			entry->cmd_flags |= CTL_OOACMD_FLAG_ABORT;
2312
2313		if (io->io_hdr.flags & CTL_FLAG_IS_WAS_ON_RTR)
2314			entry->cmd_flags |= CTL_OOACMD_FLAG_RTR;
2315
2316		if (io->io_hdr.flags & CTL_FLAG_DMA_QUEUED)
2317			entry->cmd_flags |= CTL_OOACMD_FLAG_DMA_QUEUED;
2318	}
2319	mtx_unlock(&lun->lun_lock);
2320}
2321
2322static void *
2323ctl_copyin_alloc(void *user_addr, int len, char *error_str,
2324		 size_t error_str_len)
2325{
2326	void *kptr;
2327
2328	kptr = malloc(len, M_CTL, M_WAITOK | M_ZERO);
2329
2330	if (copyin(user_addr, kptr, len) != 0) {
2331		snprintf(error_str, error_str_len, "Error copying %d bytes "
2332			 "from user address %p to kernel address %p", len,
2333			 user_addr, kptr);
2334		free(kptr, M_CTL);
2335		return (NULL);
2336	}
2337
2338	return (kptr);
2339}
2340
2341static void
2342ctl_free_args(int num_args, struct ctl_be_arg *args)
2343{
2344	int i;
2345
2346	if (args == NULL)
2347		return;
2348
2349	for (i = 0; i < num_args; i++) {
2350		free(args[i].kname, M_CTL);
2351		free(args[i].kvalue, M_CTL);
2352	}
2353
2354	free(args, M_CTL);
2355}
2356
2357static struct ctl_be_arg *
2358ctl_copyin_args(int num_args, struct ctl_be_arg *uargs,
2359		char *error_str, size_t error_str_len)
2360{
2361	struct ctl_be_arg *args;
2362	int i;
2363
2364	args = ctl_copyin_alloc(uargs, num_args * sizeof(*args),
2365				error_str, error_str_len);
2366
2367	if (args == NULL)
2368		goto bailout;
2369
2370	for (i = 0; i < num_args; i++) {
2371		args[i].kname = NULL;
2372		args[i].kvalue = NULL;
2373	}
2374
2375	for (i = 0; i < num_args; i++) {
2376		uint8_t *tmpptr;
2377
2378		args[i].kname = ctl_copyin_alloc(args[i].name,
2379			args[i].namelen, error_str, error_str_len);
2380		if (args[i].kname == NULL)
2381			goto bailout;
2382
2383		if (args[i].kname[args[i].namelen - 1] != '\0') {
2384			snprintf(error_str, error_str_len, "Argument %d "
2385				 "name is not NUL-terminated", i);
2386			goto bailout;
2387		}
2388
2389		if (args[i].flags & CTL_BEARG_RD) {
2390			tmpptr = ctl_copyin_alloc(args[i].value,
2391				args[i].vallen, error_str, error_str_len);
2392			if (tmpptr == NULL)
2393				goto bailout;
2394			if ((args[i].flags & CTL_BEARG_ASCII)
2395			 && (tmpptr[args[i].vallen - 1] != '\0')) {
2396				snprintf(error_str, error_str_len, "Argument "
2397				    "%d value is not NUL-terminated", i);
2398				goto bailout;
2399			}
2400			args[i].kvalue = tmpptr;
2401		} else {
2402			args[i].kvalue = malloc(args[i].vallen,
2403			    M_CTL, M_WAITOK | M_ZERO);
2404		}
2405	}
2406
2407	return (args);
2408bailout:
2409
2410	ctl_free_args(num_args, args);
2411
2412	return (NULL);
2413}
2414
2415static void
2416ctl_copyout_args(int num_args, struct ctl_be_arg *args)
2417{
2418	int i;
2419
2420	for (i = 0; i < num_args; i++) {
2421		if (args[i].flags & CTL_BEARG_WR)
2422			copyout(args[i].kvalue, args[i].value, args[i].vallen);
2423	}
2424}
2425
2426/*
2427 * Escape characters that are illegal or not recommended in XML.
2428 */
2429int
2430ctl_sbuf_printf_esc(struct sbuf *sb, char *str, int size)
2431{
2432	char *end = str + size;
2433	int retval;
2434
2435	retval = 0;
2436
2437	for (; *str && str < end; str++) {
2438		switch (*str) {
2439		case '&':
2440			retval = sbuf_printf(sb, "&amp;");
2441			break;
2442		case '>':
2443			retval = sbuf_printf(sb, "&gt;");
2444			break;
2445		case '<':
2446			retval = sbuf_printf(sb, "&lt;");
2447			break;
2448		default:
2449			retval = sbuf_putc(sb, *str);
2450			break;
2451		}
2452
2453		if (retval != 0)
2454			break;
2455
2456	}
2457
2458	return (retval);
2459}
2460
2461static void
2462ctl_id_sbuf(struct ctl_devid *id, struct sbuf *sb)
2463{
2464	struct scsi_vpd_id_descriptor *desc;
2465	int i;
2466
2467	if (id == NULL || id->len < 4)
2468		return;
2469	desc = (struct scsi_vpd_id_descriptor *)id->data;
2470	switch (desc->id_type & SVPD_ID_TYPE_MASK) {
2471	case SVPD_ID_TYPE_T10:
2472		sbuf_printf(sb, "t10.");
2473		break;
2474	case SVPD_ID_TYPE_EUI64:
2475		sbuf_printf(sb, "eui.");
2476		break;
2477	case SVPD_ID_TYPE_NAA:
2478		sbuf_printf(sb, "naa.");
2479		break;
2480	case SVPD_ID_TYPE_SCSI_NAME:
2481		break;
2482	}
2483	switch (desc->proto_codeset & SVPD_ID_CODESET_MASK) {
2484	case SVPD_ID_CODESET_BINARY:
2485		for (i = 0; i < desc->length; i++)
2486			sbuf_printf(sb, "%02x", desc->identifier[i]);
2487		break;
2488	case SVPD_ID_CODESET_ASCII:
2489		sbuf_printf(sb, "%.*s", (int)desc->length,
2490		    (char *)desc->identifier);
2491		break;
2492	case SVPD_ID_CODESET_UTF8:
2493		sbuf_printf(sb, "%s", (char *)desc->identifier);
2494		break;
2495	}
2496}
2497
2498static int
2499ctl_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag,
2500	  struct thread *td)
2501{
2502	struct ctl_softc *softc = dev->si_drv1;
2503	struct ctl_lun *lun;
2504	int retval;
2505
2506	retval = 0;
2507
2508	switch (cmd) {
2509	case CTL_IO:
2510		retval = ctl_ioctl_io(dev, cmd, addr, flag, td);
2511		break;
2512	case CTL_ENABLE_PORT:
2513	case CTL_DISABLE_PORT:
2514	case CTL_SET_PORT_WWNS: {
2515		struct ctl_port *port;
2516		struct ctl_port_entry *entry;
2517
2518		entry = (struct ctl_port_entry *)addr;
2519
2520		mtx_lock(&softc->ctl_lock);
2521		STAILQ_FOREACH(port, &softc->port_list, links) {
2522			int action, done;
2523
2524			if (port->targ_port < softc->port_min ||
2525			    port->targ_port >= softc->port_max)
2526				continue;
2527
2528			action = 0;
2529			done = 0;
2530			if ((entry->port_type == CTL_PORT_NONE)
2531			 && (entry->targ_port == port->targ_port)) {
2532				/*
2533				 * If the user only wants to enable or
2534				 * disable or set WWNs on a specific port,
2535				 * do the operation and we're done.
2536				 */
2537				action = 1;
2538				done = 1;
2539			} else if (entry->port_type & port->port_type) {
2540				/*
2541				 * Compare the user's type mask with the
2542				 * particular frontend type to see if we
2543				 * have a match.
2544				 */
2545				action = 1;
2546				done = 0;
2547
2548				/*
2549				 * Make sure the user isn't trying to set
2550				 * WWNs on multiple ports at the same time.
2551				 */
2552				if (cmd == CTL_SET_PORT_WWNS) {
2553					printf("%s: Can't set WWNs on "
2554					       "multiple ports\n", __func__);
2555					retval = EINVAL;
2556					break;
2557				}
2558			}
2559			if (action == 0)
2560				continue;
2561
2562			/*
2563			 * XXX KDM we have to drop the lock here, because
2564			 * the online/offline operations can potentially
2565			 * block.  We need to reference count the frontends
2566			 * so they can't go away,
2567			 */
2568			if (cmd == CTL_ENABLE_PORT) {
2569				mtx_unlock(&softc->ctl_lock);
2570				ctl_port_online(port);
2571				mtx_lock(&softc->ctl_lock);
2572			} else if (cmd == CTL_DISABLE_PORT) {
2573				mtx_unlock(&softc->ctl_lock);
2574				ctl_port_offline(port);
2575				mtx_lock(&softc->ctl_lock);
2576			} else if (cmd == CTL_SET_PORT_WWNS) {
2577				ctl_port_set_wwns(port,
2578				    (entry->flags & CTL_PORT_WWNN_VALID) ?
2579				    1 : 0, entry->wwnn,
2580				    (entry->flags & CTL_PORT_WWPN_VALID) ?
2581				    1 : 0, entry->wwpn);
2582			}
2583			if (done != 0)
2584				break;
2585		}
2586		mtx_unlock(&softc->ctl_lock);
2587		break;
2588	}
2589	case CTL_GET_PORT_LIST: {
2590		struct ctl_port *port;
2591		struct ctl_port_list *list;
2592		int i;
2593
2594		list = (struct ctl_port_list *)addr;
2595
2596		if (list->alloc_len != (list->alloc_num *
2597		    sizeof(struct ctl_port_entry))) {
2598			printf("%s: CTL_GET_PORT_LIST: alloc_len %u != "
2599			       "alloc_num %u * sizeof(struct ctl_port_entry) "
2600			       "%zu\n", __func__, list->alloc_len,
2601			       list->alloc_num, sizeof(struct ctl_port_entry));
2602			retval = EINVAL;
2603			break;
2604		}
2605		list->fill_len = 0;
2606		list->fill_num = 0;
2607		list->dropped_num = 0;
2608		i = 0;
2609		mtx_lock(&softc->ctl_lock);
2610		STAILQ_FOREACH(port, &softc->port_list, links) {
2611			struct ctl_port_entry entry, *list_entry;
2612
2613			if (list->fill_num >= list->alloc_num) {
2614				list->dropped_num++;
2615				continue;
2616			}
2617
2618			entry.port_type = port->port_type;
2619			strlcpy(entry.port_name, port->port_name,
2620				sizeof(entry.port_name));
2621			entry.targ_port = port->targ_port;
2622			entry.physical_port = port->physical_port;
2623			entry.virtual_port = port->virtual_port;
2624			entry.wwnn = port->wwnn;
2625			entry.wwpn = port->wwpn;
2626			if (port->status & CTL_PORT_STATUS_ONLINE)
2627				entry.online = 1;
2628			else
2629				entry.online = 0;
2630
2631			list_entry = &list->entries[i];
2632
2633			retval = copyout(&entry, list_entry, sizeof(entry));
2634			if (retval != 0) {
2635				printf("%s: CTL_GET_PORT_LIST: copyout "
2636				       "returned %d\n", __func__, retval);
2637				break;
2638			}
2639			i++;
2640			list->fill_num++;
2641			list->fill_len += sizeof(entry);
2642		}
2643		mtx_unlock(&softc->ctl_lock);
2644
2645		/*
2646		 * If this is non-zero, we had a copyout fault, so there's
2647		 * probably no point in attempting to set the status inside
2648		 * the structure.
2649		 */
2650		if (retval != 0)
2651			break;
2652
2653		if (list->dropped_num > 0)
2654			list->status = CTL_PORT_LIST_NEED_MORE_SPACE;
2655		else
2656			list->status = CTL_PORT_LIST_OK;
2657		break;
2658	}
2659	case CTL_DUMP_OOA: {
2660		union ctl_io *io;
2661		char printbuf[128];
2662		struct sbuf sb;
2663
2664		mtx_lock(&softc->ctl_lock);
2665		printf("Dumping OOA queues:\n");
2666		STAILQ_FOREACH(lun, &softc->lun_list, links) {
2667			mtx_lock(&lun->lun_lock);
2668			for (io = (union ctl_io *)TAILQ_FIRST(
2669			     &lun->ooa_queue); io != NULL;
2670			     io = (union ctl_io *)TAILQ_NEXT(&io->io_hdr,
2671			     ooa_links)) {
2672				sbuf_new(&sb, printbuf, sizeof(printbuf),
2673					 SBUF_FIXEDLEN);
2674				sbuf_printf(&sb, "LUN %jd tag 0x%04x%s%s%s%s: ",
2675					    (intmax_t)lun->lun,
2676					    io->scsiio.tag_num,
2677					    (io->io_hdr.flags &
2678					    CTL_FLAG_BLOCKED) ? "" : " BLOCKED",
2679					    (io->io_hdr.flags &
2680					    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
2681					    (io->io_hdr.flags &
2682					    CTL_FLAG_ABORT) ? " ABORT" : "",
2683			                    (io->io_hdr.flags &
2684		                        CTL_FLAG_IS_WAS_ON_RTR) ? " RTR" : "");
2685				ctl_scsi_command_string(&io->scsiio, NULL, &sb);
2686				sbuf_finish(&sb);
2687				printf("%s\n", sbuf_data(&sb));
2688			}
2689			mtx_unlock(&lun->lun_lock);
2690		}
2691		printf("OOA queues dump done\n");
2692		mtx_unlock(&softc->ctl_lock);
2693		break;
2694	}
2695	case CTL_GET_OOA: {
2696		struct ctl_ooa *ooa_hdr;
2697		struct ctl_ooa_entry *entries;
2698		uint32_t cur_fill_num;
2699
2700		ooa_hdr = (struct ctl_ooa *)addr;
2701
2702		if ((ooa_hdr->alloc_len == 0)
2703		 || (ooa_hdr->alloc_num == 0)) {
2704			printf("%s: CTL_GET_OOA: alloc len %u and alloc num %u "
2705			       "must be non-zero\n", __func__,
2706			       ooa_hdr->alloc_len, ooa_hdr->alloc_num);
2707			retval = EINVAL;
2708			break;
2709		}
2710
2711		if (ooa_hdr->alloc_len != (ooa_hdr->alloc_num *
2712		    sizeof(struct ctl_ooa_entry))) {
2713			printf("%s: CTL_GET_OOA: alloc len %u must be alloc "
2714			       "num %d * sizeof(struct ctl_ooa_entry) %zd\n",
2715			       __func__, ooa_hdr->alloc_len,
2716			       ooa_hdr->alloc_num,sizeof(struct ctl_ooa_entry));
2717			retval = EINVAL;
2718			break;
2719		}
2720
2721		entries = malloc(ooa_hdr->alloc_len, M_CTL, M_WAITOK | M_ZERO);
2722		if (entries == NULL) {
2723			printf("%s: could not allocate %d bytes for OOA "
2724			       "dump\n", __func__, ooa_hdr->alloc_len);
2725			retval = ENOMEM;
2726			break;
2727		}
2728
2729		mtx_lock(&softc->ctl_lock);
2730		if (((ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) == 0)
2731		 && ((ooa_hdr->lun_num >= CTL_MAX_LUNS)
2732		  || (softc->ctl_luns[ooa_hdr->lun_num] == NULL))) {
2733			mtx_unlock(&softc->ctl_lock);
2734			free(entries, M_CTL);
2735			printf("%s: CTL_GET_OOA: invalid LUN %ju\n",
2736			       __func__, (uintmax_t)ooa_hdr->lun_num);
2737			retval = EINVAL;
2738			break;
2739		}
2740
2741		cur_fill_num = 0;
2742
2743		if (ooa_hdr->flags & CTL_OOA_FLAG_ALL_LUNS) {
2744			STAILQ_FOREACH(lun, &softc->lun_list, links) {
2745				ctl_ioctl_fill_ooa(lun, &cur_fill_num,
2746				    ooa_hdr, entries);
2747			}
2748		} else {
2749			lun = softc->ctl_luns[ooa_hdr->lun_num];
2750			ctl_ioctl_fill_ooa(lun, &cur_fill_num, ooa_hdr,
2751			    entries);
2752		}
2753		mtx_unlock(&softc->ctl_lock);
2754
2755		ooa_hdr->fill_num = min(cur_fill_num, ooa_hdr->alloc_num);
2756		ooa_hdr->fill_len = ooa_hdr->fill_num *
2757			sizeof(struct ctl_ooa_entry);
2758		retval = copyout(entries, ooa_hdr->entries, ooa_hdr->fill_len);
2759		if (retval != 0) {
2760			printf("%s: error copying out %d bytes for OOA dump\n",
2761			       __func__, ooa_hdr->fill_len);
2762		}
2763
2764		getbinuptime(&ooa_hdr->cur_bt);
2765
2766		if (cur_fill_num > ooa_hdr->alloc_num) {
2767			ooa_hdr->dropped_num = cur_fill_num -ooa_hdr->alloc_num;
2768			ooa_hdr->status = CTL_OOA_NEED_MORE_SPACE;
2769		} else {
2770			ooa_hdr->dropped_num = 0;
2771			ooa_hdr->status = CTL_OOA_OK;
2772		}
2773
2774		free(entries, M_CTL);
2775		break;
2776	}
2777	case CTL_CHECK_OOA: {
2778		union ctl_io *io;
2779		struct ctl_ooa_info *ooa_info;
2780
2781
2782		ooa_info = (struct ctl_ooa_info *)addr;
2783
2784		if (ooa_info->lun_id >= CTL_MAX_LUNS) {
2785			ooa_info->status = CTL_OOA_INVALID_LUN;
2786			break;
2787		}
2788		mtx_lock(&softc->ctl_lock);
2789		lun = softc->ctl_luns[ooa_info->lun_id];
2790		if (lun == NULL) {
2791			mtx_unlock(&softc->ctl_lock);
2792			ooa_info->status = CTL_OOA_INVALID_LUN;
2793			break;
2794		}
2795		mtx_lock(&lun->lun_lock);
2796		mtx_unlock(&softc->ctl_lock);
2797		ooa_info->num_entries = 0;
2798		for (io = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue);
2799		     io != NULL; io = (union ctl_io *)TAILQ_NEXT(
2800		     &io->io_hdr, ooa_links)) {
2801			ooa_info->num_entries++;
2802		}
2803		mtx_unlock(&lun->lun_lock);
2804
2805		ooa_info->status = CTL_OOA_SUCCESS;
2806
2807		break;
2808	}
2809	case CTL_DELAY_IO: {
2810		struct ctl_io_delay_info *delay_info;
2811
2812		delay_info = (struct ctl_io_delay_info *)addr;
2813
2814#ifdef CTL_IO_DELAY
2815		mtx_lock(&softc->ctl_lock);
2816
2817		if ((delay_info->lun_id >= CTL_MAX_LUNS)
2818		 || (softc->ctl_luns[delay_info->lun_id] == NULL)) {
2819			delay_info->status = CTL_DELAY_STATUS_INVALID_LUN;
2820		} else {
2821			lun = softc->ctl_luns[delay_info->lun_id];
2822			mtx_lock(&lun->lun_lock);
2823
2824			delay_info->status = CTL_DELAY_STATUS_OK;
2825
2826			switch (delay_info->delay_type) {
2827			case CTL_DELAY_TYPE_CONT:
2828				break;
2829			case CTL_DELAY_TYPE_ONESHOT:
2830				break;
2831			default:
2832				delay_info->status =
2833					CTL_DELAY_STATUS_INVALID_TYPE;
2834				break;
2835			}
2836
2837			switch (delay_info->delay_loc) {
2838			case CTL_DELAY_LOC_DATAMOVE:
2839				lun->delay_info.datamove_type =
2840					delay_info->delay_type;
2841				lun->delay_info.datamove_delay =
2842					delay_info->delay_secs;
2843				break;
2844			case CTL_DELAY_LOC_DONE:
2845				lun->delay_info.done_type =
2846					delay_info->delay_type;
2847				lun->delay_info.done_delay =
2848					delay_info->delay_secs;
2849				break;
2850			default:
2851				delay_info->status =
2852					CTL_DELAY_STATUS_INVALID_LOC;
2853				break;
2854			}
2855			mtx_unlock(&lun->lun_lock);
2856		}
2857
2858		mtx_unlock(&softc->ctl_lock);
2859#else
2860		delay_info->status = CTL_DELAY_STATUS_NOT_IMPLEMENTED;
2861#endif /* CTL_IO_DELAY */
2862		break;
2863	}
2864	case CTL_REALSYNC_SET: {
2865		int *syncstate;
2866
2867		syncstate = (int *)addr;
2868
2869		mtx_lock(&softc->ctl_lock);
2870		switch (*syncstate) {
2871		case 0:
2872			softc->flags &= ~CTL_FLAG_REAL_SYNC;
2873			break;
2874		case 1:
2875			softc->flags |= CTL_FLAG_REAL_SYNC;
2876			break;
2877		default:
2878			retval = EINVAL;
2879			break;
2880		}
2881		mtx_unlock(&softc->ctl_lock);
2882		break;
2883	}
2884	case CTL_REALSYNC_GET: {
2885		int *syncstate;
2886
2887		syncstate = (int*)addr;
2888
2889		mtx_lock(&softc->ctl_lock);
2890		if (softc->flags & CTL_FLAG_REAL_SYNC)
2891			*syncstate = 1;
2892		else
2893			*syncstate = 0;
2894		mtx_unlock(&softc->ctl_lock);
2895
2896		break;
2897	}
2898	case CTL_SETSYNC:
2899	case CTL_GETSYNC: {
2900		struct ctl_sync_info *sync_info;
2901
2902		sync_info = (struct ctl_sync_info *)addr;
2903
2904		mtx_lock(&softc->ctl_lock);
2905		lun = softc->ctl_luns[sync_info->lun_id];
2906		if (lun == NULL) {
2907			mtx_unlock(&softc->ctl_lock);
2908			sync_info->status = CTL_GS_SYNC_NO_LUN;
2909			break;
2910		}
2911		/*
2912		 * Get or set the sync interval.  We're not bounds checking
2913		 * in the set case, hopefully the user won't do something
2914		 * silly.
2915		 */
2916		mtx_lock(&lun->lun_lock);
2917		mtx_unlock(&softc->ctl_lock);
2918		if (cmd == CTL_GETSYNC)
2919			sync_info->sync_interval = lun->sync_interval;
2920		else
2921			lun->sync_interval = sync_info->sync_interval;
2922		mtx_unlock(&lun->lun_lock);
2923
2924		sync_info->status = CTL_GS_SYNC_OK;
2925
2926		break;
2927	}
2928	case CTL_GETSTATS: {
2929		struct ctl_stats *stats;
2930		int i;
2931
2932		stats = (struct ctl_stats *)addr;
2933
2934		if ((sizeof(struct ctl_lun_io_stats) * softc->num_luns) >
2935		     stats->alloc_len) {
2936			stats->status = CTL_SS_NEED_MORE_SPACE;
2937			stats->num_luns = softc->num_luns;
2938			break;
2939		}
2940		/*
2941		 * XXX KDM no locking here.  If the LUN list changes,
2942		 * things can blow up.
2943		 */
2944		for (i = 0, lun = STAILQ_FIRST(&softc->lun_list); lun != NULL;
2945		     i++, lun = STAILQ_NEXT(lun, links)) {
2946			retval = copyout(&lun->stats, &stats->lun_stats[i],
2947					 sizeof(lun->stats));
2948			if (retval != 0)
2949				break;
2950		}
2951		stats->num_luns = softc->num_luns;
2952		stats->fill_len = sizeof(struct ctl_lun_io_stats) *
2953				 softc->num_luns;
2954		stats->status = CTL_SS_OK;
2955#ifdef CTL_TIME_IO
2956		stats->flags = CTL_STATS_FLAG_TIME_VALID;
2957#else
2958		stats->flags = CTL_STATS_FLAG_NONE;
2959#endif
2960		getnanouptime(&stats->timestamp);
2961		break;
2962	}
2963	case CTL_ERROR_INJECT: {
2964		struct ctl_error_desc *err_desc, *new_err_desc;
2965
2966		err_desc = (struct ctl_error_desc *)addr;
2967
2968		new_err_desc = malloc(sizeof(*new_err_desc), M_CTL,
2969				      M_WAITOK | M_ZERO);
2970		bcopy(err_desc, new_err_desc, sizeof(*new_err_desc));
2971
2972		mtx_lock(&softc->ctl_lock);
2973		lun = softc->ctl_luns[err_desc->lun_id];
2974		if (lun == NULL) {
2975			mtx_unlock(&softc->ctl_lock);
2976			free(new_err_desc, M_CTL);
2977			printf("%s: CTL_ERROR_INJECT: invalid LUN %ju\n",
2978			       __func__, (uintmax_t)err_desc->lun_id);
2979			retval = EINVAL;
2980			break;
2981		}
2982		mtx_lock(&lun->lun_lock);
2983		mtx_unlock(&softc->ctl_lock);
2984
2985		/*
2986		 * We could do some checking here to verify the validity
2987		 * of the request, but given the complexity of error
2988		 * injection requests, the checking logic would be fairly
2989		 * complex.
2990		 *
2991		 * For now, if the request is invalid, it just won't get
2992		 * executed and might get deleted.
2993		 */
2994		STAILQ_INSERT_TAIL(&lun->error_list, new_err_desc, links);
2995
2996		/*
2997		 * XXX KDM check to make sure the serial number is unique,
2998		 * in case we somehow manage to wrap.  That shouldn't
2999		 * happen for a very long time, but it's the right thing to
3000		 * do.
3001		 */
3002		new_err_desc->serial = lun->error_serial;
3003		err_desc->serial = lun->error_serial;
3004		lun->error_serial++;
3005
3006		mtx_unlock(&lun->lun_lock);
3007		break;
3008	}
3009	case CTL_ERROR_INJECT_DELETE: {
3010		struct ctl_error_desc *delete_desc, *desc, *desc2;
3011		int delete_done;
3012
3013		delete_desc = (struct ctl_error_desc *)addr;
3014		delete_done = 0;
3015
3016		mtx_lock(&softc->ctl_lock);
3017		lun = softc->ctl_luns[delete_desc->lun_id];
3018		if (lun == NULL) {
3019			mtx_unlock(&softc->ctl_lock);
3020			printf("%s: CTL_ERROR_INJECT_DELETE: invalid LUN %ju\n",
3021			       __func__, (uintmax_t)delete_desc->lun_id);
3022			retval = EINVAL;
3023			break;
3024		}
3025		mtx_lock(&lun->lun_lock);
3026		mtx_unlock(&softc->ctl_lock);
3027		STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
3028			if (desc->serial != delete_desc->serial)
3029				continue;
3030
3031			STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc,
3032				      links);
3033			free(desc, M_CTL);
3034			delete_done = 1;
3035		}
3036		mtx_unlock(&lun->lun_lock);
3037		if (delete_done == 0) {
3038			printf("%s: CTL_ERROR_INJECT_DELETE: can't find "
3039			       "error serial %ju on LUN %u\n", __func__,
3040			       delete_desc->serial, delete_desc->lun_id);
3041			retval = EINVAL;
3042			break;
3043		}
3044		break;
3045	}
3046	case CTL_DUMP_STRUCTS: {
3047		int i, j, k;
3048		struct ctl_port *port;
3049		struct ctl_frontend *fe;
3050
3051		mtx_lock(&softc->ctl_lock);
3052		printf("CTL Persistent Reservation information start:\n");
3053		for (i = 0; i < CTL_MAX_LUNS; i++) {
3054			lun = softc->ctl_luns[i];
3055
3056			if ((lun == NULL)
3057			 || ((lun->flags & CTL_LUN_DISABLED) != 0))
3058				continue;
3059
3060			for (j = 0; j < CTL_MAX_PORTS; j++) {
3061				if (lun->pr_keys[j] == NULL)
3062					continue;
3063				for (k = 0; k < CTL_MAX_INIT_PER_PORT; k++){
3064					if (lun->pr_keys[j][k] == 0)
3065						continue;
3066					printf("  LUN %d port %d iid %d key "
3067					       "%#jx\n", i, j, k,
3068					       (uintmax_t)lun->pr_keys[j][k]);
3069				}
3070			}
3071		}
3072		printf("CTL Persistent Reservation information end\n");
3073		printf("CTL Ports:\n");
3074		STAILQ_FOREACH(port, &softc->port_list, links) {
3075			printf("  Port %d '%s' Frontend '%s' Type %u pp %d vp %d WWNN "
3076			       "%#jx WWPN %#jx\n", port->targ_port, port->port_name,
3077			       port->frontend->name, port->port_type,
3078			       port->physical_port, port->virtual_port,
3079			       (uintmax_t)port->wwnn, (uintmax_t)port->wwpn);
3080			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3081				if (port->wwpn_iid[j].in_use == 0 &&
3082				    port->wwpn_iid[j].wwpn == 0 &&
3083				    port->wwpn_iid[j].name == NULL)
3084					continue;
3085
3086				printf("    iid %u use %d WWPN %#jx '%s'\n",
3087				    j, port->wwpn_iid[j].in_use,
3088				    (uintmax_t)port->wwpn_iid[j].wwpn,
3089				    port->wwpn_iid[j].name);
3090			}
3091		}
3092		printf("CTL Port information end\n");
3093		mtx_unlock(&softc->ctl_lock);
3094		/*
3095		 * XXX KDM calling this without a lock.  We'd likely want
3096		 * to drop the lock before calling the frontend's dump
3097		 * routine anyway.
3098		 */
3099		printf("CTL Frontends:\n");
3100		STAILQ_FOREACH(fe, &softc->fe_list, links) {
3101			printf("  Frontend '%s'\n", fe->name);
3102			if (fe->fe_dump != NULL)
3103				fe->fe_dump();
3104		}
3105		printf("CTL Frontend information end\n");
3106		break;
3107	}
3108	case CTL_LUN_REQ: {
3109		struct ctl_lun_req *lun_req;
3110		struct ctl_backend_driver *backend;
3111
3112		lun_req = (struct ctl_lun_req *)addr;
3113
3114		backend = ctl_backend_find(lun_req->backend);
3115		if (backend == NULL) {
3116			lun_req->status = CTL_LUN_ERROR;
3117			snprintf(lun_req->error_str,
3118				 sizeof(lun_req->error_str),
3119				 "Backend \"%s\" not found.",
3120				 lun_req->backend);
3121			break;
3122		}
3123		if (lun_req->num_be_args > 0) {
3124			lun_req->kern_be_args = ctl_copyin_args(
3125				lun_req->num_be_args,
3126				lun_req->be_args,
3127				lun_req->error_str,
3128				sizeof(lun_req->error_str));
3129			if (lun_req->kern_be_args == NULL) {
3130				lun_req->status = CTL_LUN_ERROR;
3131				break;
3132			}
3133		}
3134
3135		retval = backend->ioctl(dev, cmd, addr, flag, td);
3136
3137		if (lun_req->num_be_args > 0) {
3138			ctl_copyout_args(lun_req->num_be_args,
3139				      lun_req->kern_be_args);
3140			ctl_free_args(lun_req->num_be_args,
3141				      lun_req->kern_be_args);
3142		}
3143		break;
3144	}
3145	case CTL_LUN_LIST: {
3146		struct sbuf *sb;
3147		struct ctl_lun_list *list;
3148		struct ctl_option *opt;
3149
3150		list = (struct ctl_lun_list *)addr;
3151
3152		/*
3153		 * Allocate a fixed length sbuf here, based on the length
3154		 * of the user's buffer.  We could allocate an auto-extending
3155		 * buffer, and then tell the user how much larger our
3156		 * amount of data is than his buffer, but that presents
3157		 * some problems:
3158		 *
3159		 * 1.  The sbuf(9) routines use a blocking malloc, and so
3160		 *     we can't hold a lock while calling them with an
3161		 *     auto-extending buffer.
3162 		 *
3163		 * 2.  There is not currently a LUN reference counting
3164		 *     mechanism, outside of outstanding transactions on
3165		 *     the LUN's OOA queue.  So a LUN could go away on us
3166		 *     while we're getting the LUN number, backend-specific
3167		 *     information, etc.  Thus, given the way things
3168		 *     currently work, we need to hold the CTL lock while
3169		 *     grabbing LUN information.
3170		 *
3171		 * So, from the user's standpoint, the best thing to do is
3172		 * allocate what he thinks is a reasonable buffer length,
3173		 * and then if he gets a CTL_LUN_LIST_NEED_MORE_SPACE error,
3174		 * double the buffer length and try again.  (And repeat
3175		 * that until he succeeds.)
3176		 */
3177		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3178		if (sb == NULL) {
3179			list->status = CTL_LUN_LIST_ERROR;
3180			snprintf(list->error_str, sizeof(list->error_str),
3181				 "Unable to allocate %d bytes for LUN list",
3182				 list->alloc_len);
3183			break;
3184		}
3185
3186		sbuf_printf(sb, "<ctllunlist>\n");
3187
3188		mtx_lock(&softc->ctl_lock);
3189		STAILQ_FOREACH(lun, &softc->lun_list, links) {
3190			mtx_lock(&lun->lun_lock);
3191			retval = sbuf_printf(sb, "<lun id=\"%ju\">\n",
3192					     (uintmax_t)lun->lun);
3193
3194			/*
3195			 * Bail out as soon as we see that we've overfilled
3196			 * the buffer.
3197			 */
3198			if (retval != 0)
3199				break;
3200
3201			retval = sbuf_printf(sb, "\t<backend_type>%s"
3202					     "</backend_type>\n",
3203					     (lun->backend == NULL) ?  "none" :
3204					     lun->backend->name);
3205
3206			if (retval != 0)
3207				break;
3208
3209			retval = sbuf_printf(sb, "\t<lun_type>%d</lun_type>\n",
3210					     lun->be_lun->lun_type);
3211
3212			if (retval != 0)
3213				break;
3214
3215			if (lun->backend == NULL) {
3216				retval = sbuf_printf(sb, "</lun>\n");
3217				if (retval != 0)
3218					break;
3219				continue;
3220			}
3221
3222			retval = sbuf_printf(sb, "\t<size>%ju</size>\n",
3223					     (lun->be_lun->maxlba > 0) ?
3224					     lun->be_lun->maxlba + 1 : 0);
3225
3226			if (retval != 0)
3227				break;
3228
3229			retval = sbuf_printf(sb, "\t<blocksize>%u</blocksize>\n",
3230					     lun->be_lun->blocksize);
3231
3232			if (retval != 0)
3233				break;
3234
3235			retval = sbuf_printf(sb, "\t<serial_number>");
3236
3237			if (retval != 0)
3238				break;
3239
3240			retval = ctl_sbuf_printf_esc(sb,
3241			    lun->be_lun->serial_num,
3242			    sizeof(lun->be_lun->serial_num));
3243
3244			if (retval != 0)
3245				break;
3246
3247			retval = sbuf_printf(sb, "</serial_number>\n");
3248
3249			if (retval != 0)
3250				break;
3251
3252			retval = sbuf_printf(sb, "\t<device_id>");
3253
3254			if (retval != 0)
3255				break;
3256
3257			retval = ctl_sbuf_printf_esc(sb,
3258			    lun->be_lun->device_id,
3259			    sizeof(lun->be_lun->device_id));
3260
3261			if (retval != 0)
3262				break;
3263
3264			retval = sbuf_printf(sb, "</device_id>\n");
3265
3266			if (retval != 0)
3267				break;
3268
3269			if (lun->backend->lun_info != NULL) {
3270				retval = lun->backend->lun_info(lun->be_lun->be_lun, sb);
3271				if (retval != 0)
3272					break;
3273			}
3274			STAILQ_FOREACH(opt, &lun->be_lun->options, links) {
3275				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3276				    opt->name, opt->value, opt->name);
3277				if (retval != 0)
3278					break;
3279			}
3280
3281			retval = sbuf_printf(sb, "</lun>\n");
3282
3283			if (retval != 0)
3284				break;
3285			mtx_unlock(&lun->lun_lock);
3286		}
3287		if (lun != NULL)
3288			mtx_unlock(&lun->lun_lock);
3289		mtx_unlock(&softc->ctl_lock);
3290
3291		if ((retval != 0)
3292		 || ((retval = sbuf_printf(sb, "</ctllunlist>\n")) != 0)) {
3293			retval = 0;
3294			sbuf_delete(sb);
3295			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3296			snprintf(list->error_str, sizeof(list->error_str),
3297				 "Out of space, %d bytes is too small",
3298				 list->alloc_len);
3299			break;
3300		}
3301
3302		sbuf_finish(sb);
3303
3304		retval = copyout(sbuf_data(sb), list->lun_xml,
3305				 sbuf_len(sb) + 1);
3306
3307		list->fill_len = sbuf_len(sb) + 1;
3308		list->status = CTL_LUN_LIST_OK;
3309		sbuf_delete(sb);
3310		break;
3311	}
3312	case CTL_ISCSI: {
3313		struct ctl_iscsi *ci;
3314		struct ctl_frontend *fe;
3315
3316		ci = (struct ctl_iscsi *)addr;
3317
3318		fe = ctl_frontend_find("iscsi");
3319		if (fe == NULL) {
3320			ci->status = CTL_ISCSI_ERROR;
3321			snprintf(ci->error_str, sizeof(ci->error_str),
3322			    "Frontend \"iscsi\" not found.");
3323			break;
3324		}
3325
3326		retval = fe->ioctl(dev, cmd, addr, flag, td);
3327		break;
3328	}
3329	case CTL_PORT_REQ: {
3330		struct ctl_req *req;
3331		struct ctl_frontend *fe;
3332
3333		req = (struct ctl_req *)addr;
3334
3335		fe = ctl_frontend_find(req->driver);
3336		if (fe == NULL) {
3337			req->status = CTL_LUN_ERROR;
3338			snprintf(req->error_str, sizeof(req->error_str),
3339			    "Frontend \"%s\" not found.", req->driver);
3340			break;
3341		}
3342		if (req->num_args > 0) {
3343			req->kern_args = ctl_copyin_args(req->num_args,
3344			    req->args, req->error_str, sizeof(req->error_str));
3345			if (req->kern_args == NULL) {
3346				req->status = CTL_LUN_ERROR;
3347				break;
3348			}
3349		}
3350
3351		if (fe->ioctl)
3352			retval = fe->ioctl(dev, cmd, addr, flag, td);
3353		else
3354			retval = ENODEV;
3355
3356		if (req->num_args > 0) {
3357			ctl_copyout_args(req->num_args, req->kern_args);
3358			ctl_free_args(req->num_args, req->kern_args);
3359		}
3360		break;
3361	}
3362	case CTL_PORT_LIST: {
3363		struct sbuf *sb;
3364		struct ctl_port *port;
3365		struct ctl_lun_list *list;
3366		struct ctl_option *opt;
3367		int j;
3368		uint32_t plun;
3369
3370		list = (struct ctl_lun_list *)addr;
3371
3372		sb = sbuf_new(NULL, NULL, list->alloc_len, SBUF_FIXEDLEN);
3373		if (sb == NULL) {
3374			list->status = CTL_LUN_LIST_ERROR;
3375			snprintf(list->error_str, sizeof(list->error_str),
3376				 "Unable to allocate %d bytes for LUN list",
3377				 list->alloc_len);
3378			break;
3379		}
3380
3381		sbuf_printf(sb, "<ctlportlist>\n");
3382
3383		mtx_lock(&softc->ctl_lock);
3384		STAILQ_FOREACH(port, &softc->port_list, links) {
3385			retval = sbuf_printf(sb, "<targ_port id=\"%ju\">\n",
3386					     (uintmax_t)port->targ_port);
3387
3388			/*
3389			 * Bail out as soon as we see that we've overfilled
3390			 * the buffer.
3391			 */
3392			if (retval != 0)
3393				break;
3394
3395			retval = sbuf_printf(sb, "\t<frontend_type>%s"
3396			    "</frontend_type>\n", port->frontend->name);
3397			if (retval != 0)
3398				break;
3399
3400			retval = sbuf_printf(sb, "\t<port_type>%d</port_type>\n",
3401					     port->port_type);
3402			if (retval != 0)
3403				break;
3404
3405			retval = sbuf_printf(sb, "\t<online>%s</online>\n",
3406			    (port->status & CTL_PORT_STATUS_ONLINE) ? "YES" : "NO");
3407			if (retval != 0)
3408				break;
3409
3410			retval = sbuf_printf(sb, "\t<port_name>%s</port_name>\n",
3411			    port->port_name);
3412			if (retval != 0)
3413				break;
3414
3415			retval = sbuf_printf(sb, "\t<physical_port>%d</physical_port>\n",
3416			    port->physical_port);
3417			if (retval != 0)
3418				break;
3419
3420			retval = sbuf_printf(sb, "\t<virtual_port>%d</virtual_port>\n",
3421			    port->virtual_port);
3422			if (retval != 0)
3423				break;
3424
3425			if (port->target_devid != NULL) {
3426				sbuf_printf(sb, "\t<target>");
3427				ctl_id_sbuf(port->target_devid, sb);
3428				sbuf_printf(sb, "</target>\n");
3429			}
3430
3431			if (port->port_devid != NULL) {
3432				sbuf_printf(sb, "\t<port>");
3433				ctl_id_sbuf(port->port_devid, sb);
3434				sbuf_printf(sb, "</port>\n");
3435			}
3436
3437			if (port->port_info != NULL) {
3438				retval = port->port_info(port->onoff_arg, sb);
3439				if (retval != 0)
3440					break;
3441			}
3442			STAILQ_FOREACH(opt, &port->options, links) {
3443				retval = sbuf_printf(sb, "\t<%s>%s</%s>\n",
3444				    opt->name, opt->value, opt->name);
3445				if (retval != 0)
3446					break;
3447			}
3448
3449			if (port->lun_map != NULL) {
3450				sbuf_printf(sb, "\t<lun_map>on</lun_map>\n");
3451				for (j = 0; j < CTL_MAX_LUNS; j++) {
3452					plun = ctl_lun_map_from_port(port, j);
3453					if (plun >= CTL_MAX_LUNS)
3454						continue;
3455					sbuf_printf(sb,
3456					    "\t<lun id=\"%u\">%u</lun>\n",
3457					    j, plun);
3458				}
3459			}
3460
3461			for (j = 0; j < CTL_MAX_INIT_PER_PORT; j++) {
3462				if (port->wwpn_iid[j].in_use == 0 ||
3463				    (port->wwpn_iid[j].wwpn == 0 &&
3464				     port->wwpn_iid[j].name == NULL))
3465					continue;
3466
3467				if (port->wwpn_iid[j].name != NULL)
3468					retval = sbuf_printf(sb,
3469					    "\t<initiator id=\"%u\">%s</initiator>\n",
3470					    j, port->wwpn_iid[j].name);
3471				else
3472					retval = sbuf_printf(sb,
3473					    "\t<initiator id=\"%u\">naa.%08jx</initiator>\n",
3474					    j, port->wwpn_iid[j].wwpn);
3475				if (retval != 0)
3476					break;
3477			}
3478			if (retval != 0)
3479				break;
3480
3481			retval = sbuf_printf(sb, "</targ_port>\n");
3482			if (retval != 0)
3483				break;
3484		}
3485		mtx_unlock(&softc->ctl_lock);
3486
3487		if ((retval != 0)
3488		 || ((retval = sbuf_printf(sb, "</ctlportlist>\n")) != 0)) {
3489			retval = 0;
3490			sbuf_delete(sb);
3491			list->status = CTL_LUN_LIST_NEED_MORE_SPACE;
3492			snprintf(list->error_str, sizeof(list->error_str),
3493				 "Out of space, %d bytes is too small",
3494				 list->alloc_len);
3495			break;
3496		}
3497
3498		sbuf_finish(sb);
3499
3500		retval = copyout(sbuf_data(sb), list->lun_xml,
3501				 sbuf_len(sb) + 1);
3502
3503		list->fill_len = sbuf_len(sb) + 1;
3504		list->status = CTL_LUN_LIST_OK;
3505		sbuf_delete(sb);
3506		break;
3507	}
3508	case CTL_LUN_MAP: {
3509		struct ctl_lun_map *lm  = (struct ctl_lun_map *)addr;
3510		struct ctl_port *port;
3511
3512		mtx_lock(&softc->ctl_lock);
3513		if (lm->port < softc->port_min ||
3514		    lm->port >= softc->port_max ||
3515		    (port = softc->ctl_ports[lm->port]) == NULL) {
3516			mtx_unlock(&softc->ctl_lock);
3517			return (ENXIO);
3518		}
3519		if (port->status & CTL_PORT_STATUS_ONLINE) {
3520			STAILQ_FOREACH(lun, &softc->lun_list, links) {
3521				if (ctl_lun_map_to_port(port, lun->lun) >=
3522				    CTL_MAX_LUNS)
3523					continue;
3524				mtx_lock(&lun->lun_lock);
3525				ctl_est_ua_port(lun, lm->port, -1,
3526				    CTL_UA_LUN_CHANGE);
3527				mtx_unlock(&lun->lun_lock);
3528			}
3529		}
3530		mtx_unlock(&softc->ctl_lock); // XXX: port_enable sleeps
3531		if (lm->plun < CTL_MAX_LUNS) {
3532			if (lm->lun == UINT32_MAX)
3533				retval = ctl_lun_map_unset(port, lm->plun);
3534			else if (lm->lun < CTL_MAX_LUNS &&
3535			    softc->ctl_luns[lm->lun] != NULL)
3536				retval = ctl_lun_map_set(port, lm->plun, lm->lun);
3537			else
3538				return (ENXIO);
3539		} else if (lm->plun == UINT32_MAX) {
3540			if (lm->lun == UINT32_MAX)
3541				retval = ctl_lun_map_deinit(port);
3542			else
3543				retval = ctl_lun_map_init(port);
3544		} else
3545			return (ENXIO);
3546		if (port->status & CTL_PORT_STATUS_ONLINE)
3547			ctl_isc_announce_port(port);
3548		break;
3549	}
3550	default: {
3551		/* XXX KDM should we fix this? */
3552#if 0
3553		struct ctl_backend_driver *backend;
3554		unsigned int type;
3555		int found;
3556
3557		found = 0;
3558
3559		/*
3560		 * We encode the backend type as the ioctl type for backend
3561		 * ioctls.  So parse it out here, and then search for a
3562		 * backend of this type.
3563		 */
3564		type = _IOC_TYPE(cmd);
3565
3566		STAILQ_FOREACH(backend, &softc->be_list, links) {
3567			if (backend->type == type) {
3568				found = 1;
3569				break;
3570			}
3571		}
3572		if (found == 0) {
3573			printf("ctl: unknown ioctl command %#lx or backend "
3574			       "%d\n", cmd, type);
3575			retval = EINVAL;
3576			break;
3577		}
3578		retval = backend->ioctl(dev, cmd, addr, flag, td);
3579#endif
3580		retval = ENOTTY;
3581		break;
3582	}
3583	}
3584	return (retval);
3585}
3586
3587uint32_t
3588ctl_get_initindex(struct ctl_nexus *nexus)
3589{
3590	return (nexus->initid + (nexus->targ_port * CTL_MAX_INIT_PER_PORT));
3591}
3592
3593int
3594ctl_lun_map_init(struct ctl_port *port)
3595{
3596	struct ctl_softc *softc = port->ctl_softc;
3597	struct ctl_lun *lun;
3598	uint32_t i;
3599
3600	if (port->lun_map == NULL)
3601		port->lun_map = malloc(sizeof(uint32_t) * CTL_MAX_LUNS,
3602		    M_CTL, M_NOWAIT);
3603	if (port->lun_map == NULL)
3604		return (ENOMEM);
3605	for (i = 0; i < CTL_MAX_LUNS; i++)
3606		port->lun_map[i] = UINT32_MAX;
3607	if (port->status & CTL_PORT_STATUS_ONLINE) {
3608		if (port->lun_disable != NULL) {
3609			STAILQ_FOREACH(lun, &softc->lun_list, links)
3610				port->lun_disable(port->targ_lun_arg, lun->lun);
3611		}
3612		ctl_isc_announce_port(port);
3613	}
3614	return (0);
3615}
3616
3617int
3618ctl_lun_map_deinit(struct ctl_port *port)
3619{
3620	struct ctl_softc *softc = port->ctl_softc;
3621	struct ctl_lun *lun;
3622
3623	if (port->lun_map == NULL)
3624		return (0);
3625	free(port->lun_map, M_CTL);
3626	port->lun_map = NULL;
3627	if (port->status & CTL_PORT_STATUS_ONLINE) {
3628		if (port->lun_enable != NULL) {
3629			STAILQ_FOREACH(lun, &softc->lun_list, links)
3630				port->lun_enable(port->targ_lun_arg, lun->lun);
3631		}
3632		ctl_isc_announce_port(port);
3633	}
3634	return (0);
3635}
3636
3637int
3638ctl_lun_map_set(struct ctl_port *port, uint32_t plun, uint32_t glun)
3639{
3640	int status;
3641	uint32_t old;
3642
3643	if (port->lun_map == NULL) {
3644		status = ctl_lun_map_init(port);
3645		if (status != 0)
3646			return (status);
3647	}
3648	old = port->lun_map[plun];
3649	port->lun_map[plun] = glun;
3650	if ((port->status & CTL_PORT_STATUS_ONLINE) && old >= CTL_MAX_LUNS) {
3651		if (port->lun_enable != NULL)
3652			port->lun_enable(port->targ_lun_arg, plun);
3653		ctl_isc_announce_port(port);
3654	}
3655	return (0);
3656}
3657
3658int
3659ctl_lun_map_unset(struct ctl_port *port, uint32_t plun)
3660{
3661	uint32_t old;
3662
3663	if (port->lun_map == NULL)
3664		return (0);
3665	old = port->lun_map[plun];
3666	port->lun_map[plun] = UINT32_MAX;
3667	if ((port->status & CTL_PORT_STATUS_ONLINE) && old < CTL_MAX_LUNS) {
3668		if (port->lun_disable != NULL)
3669			port->lun_disable(port->targ_lun_arg, plun);
3670		ctl_isc_announce_port(port);
3671	}
3672	return (0);
3673}
3674
3675uint32_t
3676ctl_lun_map_from_port(struct ctl_port *port, uint32_t lun_id)
3677{
3678
3679	if (port == NULL)
3680		return (UINT32_MAX);
3681	if (port->lun_map == NULL || lun_id >= CTL_MAX_LUNS)
3682		return (lun_id);
3683	return (port->lun_map[lun_id]);
3684}
3685
3686uint32_t
3687ctl_lun_map_to_port(struct ctl_port *port, uint32_t lun_id)
3688{
3689	uint32_t i;
3690
3691	if (port == NULL)
3692		return (UINT32_MAX);
3693	if (port->lun_map == NULL)
3694		return (lun_id);
3695	for (i = 0; i < CTL_MAX_LUNS; i++) {
3696		if (port->lun_map[i] == lun_id)
3697			return (i);
3698	}
3699	return (UINT32_MAX);
3700}
3701
3702static struct ctl_port *
3703ctl_io_port(struct ctl_io_hdr *io_hdr)
3704{
3705
3706	return (control_softc->ctl_ports[io_hdr->nexus.targ_port]);
3707}
3708
3709int
3710ctl_ffz(uint32_t *mask, uint32_t first, uint32_t last)
3711{
3712	int i;
3713
3714	for (i = first; i < last; i++) {
3715		if ((mask[i / 32] & (1 << (i % 32))) == 0)
3716			return (i);
3717	}
3718	return (-1);
3719}
3720
3721int
3722ctl_set_mask(uint32_t *mask, uint32_t bit)
3723{
3724	uint32_t chunk, piece;
3725
3726	chunk = bit >> 5;
3727	piece = bit % (sizeof(uint32_t) * 8);
3728
3729	if ((mask[chunk] & (1 << piece)) != 0)
3730		return (-1);
3731	else
3732		mask[chunk] |= (1 << piece);
3733
3734	return (0);
3735}
3736
3737int
3738ctl_clear_mask(uint32_t *mask, uint32_t bit)
3739{
3740	uint32_t chunk, piece;
3741
3742	chunk = bit >> 5;
3743	piece = bit % (sizeof(uint32_t) * 8);
3744
3745	if ((mask[chunk] & (1 << piece)) == 0)
3746		return (-1);
3747	else
3748		mask[chunk] &= ~(1 << piece);
3749
3750	return (0);
3751}
3752
3753int
3754ctl_is_set(uint32_t *mask, uint32_t bit)
3755{
3756	uint32_t chunk, piece;
3757
3758	chunk = bit >> 5;
3759	piece = bit % (sizeof(uint32_t) * 8);
3760
3761	if ((mask[chunk] & (1 << piece)) == 0)
3762		return (0);
3763	else
3764		return (1);
3765}
3766
3767static uint64_t
3768ctl_get_prkey(struct ctl_lun *lun, uint32_t residx)
3769{
3770	uint64_t *t;
3771
3772	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3773	if (t == NULL)
3774		return (0);
3775	return (t[residx % CTL_MAX_INIT_PER_PORT]);
3776}
3777
3778static void
3779ctl_clr_prkey(struct ctl_lun *lun, uint32_t residx)
3780{
3781	uint64_t *t;
3782
3783	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3784	if (t == NULL)
3785		return;
3786	t[residx % CTL_MAX_INIT_PER_PORT] = 0;
3787}
3788
3789static void
3790ctl_alloc_prkey(struct ctl_lun *lun, uint32_t residx)
3791{
3792	uint64_t *p;
3793	u_int i;
3794
3795	i = residx/CTL_MAX_INIT_PER_PORT;
3796	if (lun->pr_keys[i] != NULL)
3797		return;
3798	mtx_unlock(&lun->lun_lock);
3799	p = malloc(sizeof(uint64_t) * CTL_MAX_INIT_PER_PORT, M_CTL,
3800	    M_WAITOK | M_ZERO);
3801	mtx_lock(&lun->lun_lock);
3802	if (lun->pr_keys[i] == NULL)
3803		lun->pr_keys[i] = p;
3804	else
3805		free(p, M_CTL);
3806}
3807
3808static void
3809ctl_set_prkey(struct ctl_lun *lun, uint32_t residx, uint64_t key)
3810{
3811	uint64_t *t;
3812
3813	t = lun->pr_keys[residx/CTL_MAX_INIT_PER_PORT];
3814	KASSERT(t != NULL, ("prkey %d is not allocated", residx));
3815	t[residx % CTL_MAX_INIT_PER_PORT] = key;
3816}
3817
3818/*
3819 * ctl_softc, pool_name, total_ctl_io are passed in.
3820 * npool is passed out.
3821 */
3822int
3823ctl_pool_create(struct ctl_softc *ctl_softc, const char *pool_name,
3824		uint32_t total_ctl_io, void **npool)
3825{
3826#ifdef IO_POOLS
3827	struct ctl_io_pool *pool;
3828
3829	pool = (struct ctl_io_pool *)malloc(sizeof(*pool), M_CTL,
3830					    M_NOWAIT | M_ZERO);
3831	if (pool == NULL)
3832		return (ENOMEM);
3833
3834	snprintf(pool->name, sizeof(pool->name), "CTL IO %s", pool_name);
3835	pool->ctl_softc = ctl_softc;
3836	pool->zone = uma_zsecond_create(pool->name, NULL,
3837	    NULL, NULL, NULL, ctl_softc->io_zone);
3838	/* uma_prealloc(pool->zone, total_ctl_io); */
3839
3840	*npool = pool;
3841#else
3842	*npool = ctl_softc->io_zone;
3843#endif
3844	return (0);
3845}
3846
3847void
3848ctl_pool_free(struct ctl_io_pool *pool)
3849{
3850
3851	if (pool == NULL)
3852		return;
3853
3854#ifdef IO_POOLS
3855	uma_zdestroy(pool->zone);
3856	free(pool, M_CTL);
3857#endif
3858}
3859
3860union ctl_io *
3861ctl_alloc_io(void *pool_ref)
3862{
3863	union ctl_io *io;
3864#ifdef IO_POOLS
3865	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3866
3867	io = uma_zalloc(pool->zone, M_WAITOK);
3868#else
3869	io = uma_zalloc((uma_zone_t)pool_ref, M_WAITOK);
3870#endif
3871	if (io != NULL)
3872		io->io_hdr.pool = pool_ref;
3873	return (io);
3874}
3875
3876union ctl_io *
3877ctl_alloc_io_nowait(void *pool_ref)
3878{
3879	union ctl_io *io;
3880#ifdef IO_POOLS
3881	struct ctl_io_pool *pool = (struct ctl_io_pool *)pool_ref;
3882
3883	io = uma_zalloc(pool->zone, M_NOWAIT);
3884#else
3885	io = uma_zalloc((uma_zone_t)pool_ref, M_NOWAIT);
3886#endif
3887	if (io != NULL)
3888		io->io_hdr.pool = pool_ref;
3889	return (io);
3890}
3891
3892void
3893ctl_free_io(union ctl_io *io)
3894{
3895#ifdef IO_POOLS
3896	struct ctl_io_pool *pool;
3897#endif
3898
3899	if (io == NULL)
3900		return;
3901
3902#ifdef IO_POOLS
3903	pool = (struct ctl_io_pool *)io->io_hdr.pool;
3904	uma_zfree(pool->zone, io);
3905#else
3906	uma_zfree((uma_zone_t)io->io_hdr.pool, io);
3907#endif
3908}
3909
3910void
3911ctl_zero_io(union ctl_io *io)
3912{
3913	void *pool_ref;
3914
3915	if (io == NULL)
3916		return;
3917
3918	/*
3919	 * May need to preserve linked list pointers at some point too.
3920	 */
3921	pool_ref = io->io_hdr.pool;
3922	memset(io, 0, sizeof(*io));
3923	io->io_hdr.pool = pool_ref;
3924}
3925
3926/*
3927 * This routine is currently used for internal copies of ctl_ios that need
3928 * to persist for some reason after we've already returned status to the
3929 * FETD.  (Thus the flag set.)
3930 *
3931 * XXX XXX
3932 * Note that this makes a blind copy of all fields in the ctl_io, except
3933 * for the pool reference.  This includes any memory that has been
3934 * allocated!  That memory will no longer be valid after done has been
3935 * called, so this would be VERY DANGEROUS for command that actually does
3936 * any reads or writes.  Right now (11/7/2005), this is only used for immediate
3937 * start and stop commands, which don't transfer any data, so this is not a
3938 * problem.  If it is used for anything else, the caller would also need to
3939 * allocate data buffer space and this routine would need to be modified to
3940 * copy the data buffer(s) as well.
3941 */
3942void
3943ctl_copy_io(union ctl_io *src, union ctl_io *dest)
3944{
3945	void *pool_ref;
3946
3947	if ((src == NULL)
3948	 || (dest == NULL))
3949		return;
3950
3951	/*
3952	 * May need to preserve linked list pointers at some point too.
3953	 */
3954	pool_ref = dest->io_hdr.pool;
3955
3956	memcpy(dest, src, MIN(sizeof(*src), sizeof(*dest)));
3957
3958	dest->io_hdr.pool = pool_ref;
3959	/*
3960	 * We need to know that this is an internal copy, and doesn't need
3961	 * to get passed back to the FETD that allocated it.
3962	 */
3963	dest->io_hdr.flags |= CTL_FLAG_INT_COPY;
3964}
3965
3966int
3967ctl_expand_number(const char *buf, uint64_t *num)
3968{
3969	char *endptr;
3970	uint64_t number;
3971	unsigned shift;
3972
3973	number = strtoq(buf, &endptr, 0);
3974
3975	switch (tolower((unsigned char)*endptr)) {
3976	case 'e':
3977		shift = 60;
3978		break;
3979	case 'p':
3980		shift = 50;
3981		break;
3982	case 't':
3983		shift = 40;
3984		break;
3985	case 'g':
3986		shift = 30;
3987		break;
3988	case 'm':
3989		shift = 20;
3990		break;
3991	case 'k':
3992		shift = 10;
3993		break;
3994	case 'b':
3995	case '\0': /* No unit. */
3996		*num = number;
3997		return (0);
3998	default:
3999		/* Unrecognized unit. */
4000		return (-1);
4001	}
4002
4003	if ((number << shift) >> shift != number) {
4004		/* Overflow */
4005		return (-1);
4006	}
4007	*num = number << shift;
4008	return (0);
4009}
4010
4011
4012/*
4013 * This routine could be used in the future to load default and/or saved
4014 * mode page parameters for a particuar lun.
4015 */
4016static int
4017ctl_init_page_index(struct ctl_lun *lun)
4018{
4019	int i;
4020	struct ctl_page_index *page_index;
4021	const char *value;
4022	uint64_t ival;
4023
4024	memcpy(&lun->mode_pages.index, page_index_template,
4025	       sizeof(page_index_template));
4026
4027	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
4028
4029		page_index = &lun->mode_pages.index[i];
4030		/*
4031		 * If this is a disk-only mode page, there's no point in
4032		 * setting it up.  For some pages, we have to have some
4033		 * basic information about the disk in order to calculate the
4034		 * mode page data.
4035		 */
4036		if ((lun->be_lun->lun_type != T_DIRECT)
4037		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4038			continue;
4039
4040		switch (page_index->page_code & SMPH_PC_MASK) {
4041		case SMS_RW_ERROR_RECOVERY_PAGE: {
4042			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4043				panic("subpage is incorrect!");
4044			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT],
4045			       &rw_er_page_default,
4046			       sizeof(rw_er_page_default));
4047			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_CHANGEABLE],
4048			       &rw_er_page_changeable,
4049			       sizeof(rw_er_page_changeable));
4050			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_DEFAULT],
4051			       &rw_er_page_default,
4052			       sizeof(rw_er_page_default));
4053			memcpy(&lun->mode_pages.rw_er_page[CTL_PAGE_SAVED],
4054			       &rw_er_page_default,
4055			       sizeof(rw_er_page_default));
4056			page_index->page_data =
4057				(uint8_t *)lun->mode_pages.rw_er_page;
4058			break;
4059		}
4060		case SMS_FORMAT_DEVICE_PAGE: {
4061			struct scsi_format_page *format_page;
4062
4063			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4064				panic("subpage is incorrect!");
4065
4066			/*
4067			 * Sectors per track are set above.  Bytes per
4068			 * sector need to be set here on a per-LUN basis.
4069			 */
4070			memcpy(&lun->mode_pages.format_page[CTL_PAGE_CURRENT],
4071			       &format_page_default,
4072			       sizeof(format_page_default));
4073			memcpy(&lun->mode_pages.format_page[
4074			       CTL_PAGE_CHANGEABLE], &format_page_changeable,
4075			       sizeof(format_page_changeable));
4076			memcpy(&lun->mode_pages.format_page[CTL_PAGE_DEFAULT],
4077			       &format_page_default,
4078			       sizeof(format_page_default));
4079			memcpy(&lun->mode_pages.format_page[CTL_PAGE_SAVED],
4080			       &format_page_default,
4081			       sizeof(format_page_default));
4082
4083			format_page = &lun->mode_pages.format_page[
4084				CTL_PAGE_CURRENT];
4085			scsi_ulto2b(lun->be_lun->blocksize,
4086				    format_page->bytes_per_sector);
4087
4088			format_page = &lun->mode_pages.format_page[
4089				CTL_PAGE_DEFAULT];
4090			scsi_ulto2b(lun->be_lun->blocksize,
4091				    format_page->bytes_per_sector);
4092
4093			format_page = &lun->mode_pages.format_page[
4094				CTL_PAGE_SAVED];
4095			scsi_ulto2b(lun->be_lun->blocksize,
4096				    format_page->bytes_per_sector);
4097
4098			page_index->page_data =
4099				(uint8_t *)lun->mode_pages.format_page;
4100			break;
4101		}
4102		case SMS_RIGID_DISK_PAGE: {
4103			struct scsi_rigid_disk_page *rigid_disk_page;
4104			uint32_t sectors_per_cylinder;
4105			uint64_t cylinders;
4106#ifndef	__XSCALE__
4107			int shift;
4108#endif /* !__XSCALE__ */
4109
4110			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4111				panic("invalid subpage value %d",
4112				      page_index->subpage);
4113
4114			/*
4115			 * Rotation rate and sectors per track are set
4116			 * above.  We calculate the cylinders here based on
4117			 * capacity.  Due to the number of heads and
4118			 * sectors per track we're using, smaller arrays
4119			 * may turn out to have 0 cylinders.  Linux and
4120			 * FreeBSD don't pay attention to these mode pages
4121			 * to figure out capacity, but Solaris does.  It
4122			 * seems to deal with 0 cylinders just fine, and
4123			 * works out a fake geometry based on the capacity.
4124			 */
4125			memcpy(&lun->mode_pages.rigid_disk_page[
4126			       CTL_PAGE_DEFAULT], &rigid_disk_page_default,
4127			       sizeof(rigid_disk_page_default));
4128			memcpy(&lun->mode_pages.rigid_disk_page[
4129			       CTL_PAGE_CHANGEABLE],&rigid_disk_page_changeable,
4130			       sizeof(rigid_disk_page_changeable));
4131
4132			sectors_per_cylinder = CTL_DEFAULT_SECTORS_PER_TRACK *
4133				CTL_DEFAULT_HEADS;
4134
4135			/*
4136			 * The divide method here will be more accurate,
4137			 * probably, but results in floating point being
4138			 * used in the kernel on i386 (__udivdi3()).  On the
4139			 * XScale, though, __udivdi3() is implemented in
4140			 * software.
4141			 *
4142			 * The shift method for cylinder calculation is
4143			 * accurate if sectors_per_cylinder is a power of
4144			 * 2.  Otherwise it might be slightly off -- you
4145			 * might have a bit of a truncation problem.
4146			 */
4147#ifdef	__XSCALE__
4148			cylinders = (lun->be_lun->maxlba + 1) /
4149				sectors_per_cylinder;
4150#else
4151			for (shift = 31; shift > 0; shift--) {
4152				if (sectors_per_cylinder & (1 << shift))
4153					break;
4154			}
4155			cylinders = (lun->be_lun->maxlba + 1) >> shift;
4156#endif
4157
4158			/*
4159			 * We've basically got 3 bytes, or 24 bits for the
4160			 * cylinder size in the mode page.  If we're over,
4161			 * just round down to 2^24.
4162			 */
4163			if (cylinders > 0xffffff)
4164				cylinders = 0xffffff;
4165
4166			rigid_disk_page = &lun->mode_pages.rigid_disk_page[
4167				CTL_PAGE_DEFAULT];
4168			scsi_ulto3b(cylinders, rigid_disk_page->cylinders);
4169
4170			if ((value = ctl_get_opt(&lun->be_lun->options,
4171			    "rpm")) != NULL) {
4172				scsi_ulto2b(strtol(value, NULL, 0),
4173				     rigid_disk_page->rotation_rate);
4174			}
4175
4176			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_CURRENT],
4177			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4178			       sizeof(rigid_disk_page_default));
4179			memcpy(&lun->mode_pages.rigid_disk_page[CTL_PAGE_SAVED],
4180			       &lun->mode_pages.rigid_disk_page[CTL_PAGE_DEFAULT],
4181			       sizeof(rigid_disk_page_default));
4182
4183			page_index->page_data =
4184				(uint8_t *)lun->mode_pages.rigid_disk_page;
4185			break;
4186		}
4187		case SMS_CACHING_PAGE: {
4188			struct scsi_caching_page *caching_page;
4189
4190			if (page_index->subpage != SMS_SUBPAGE_PAGE_0)
4191				panic("invalid subpage value %d",
4192				      page_index->subpage);
4193			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_DEFAULT],
4194			       &caching_page_default,
4195			       sizeof(caching_page_default));
4196			memcpy(&lun->mode_pages.caching_page[
4197			       CTL_PAGE_CHANGEABLE], &caching_page_changeable,
4198			       sizeof(caching_page_changeable));
4199			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4200			       &caching_page_default,
4201			       sizeof(caching_page_default));
4202			caching_page = &lun->mode_pages.caching_page[
4203			    CTL_PAGE_SAVED];
4204			value = ctl_get_opt(&lun->be_lun->options, "writecache");
4205			if (value != NULL && strcmp(value, "off") == 0)
4206				caching_page->flags1 &= ~SCP_WCE;
4207			value = ctl_get_opt(&lun->be_lun->options, "readcache");
4208			if (value != NULL && strcmp(value, "off") == 0)
4209				caching_page->flags1 |= SCP_RCD;
4210			memcpy(&lun->mode_pages.caching_page[CTL_PAGE_CURRENT],
4211			       &lun->mode_pages.caching_page[CTL_PAGE_SAVED],
4212			       sizeof(caching_page_default));
4213			page_index->page_data =
4214				(uint8_t *)lun->mode_pages.caching_page;
4215			break;
4216		}
4217		case SMS_CONTROL_MODE_PAGE: {
4218			switch (page_index->subpage) {
4219			case SMS_SUBPAGE_PAGE_0: {
4220				struct scsi_control_page *control_page;
4221
4222				memcpy(&lun->mode_pages.control_page[
4223				    CTL_PAGE_DEFAULT],
4224				       &control_page_default,
4225				       sizeof(control_page_default));
4226				memcpy(&lun->mode_pages.control_page[
4227				    CTL_PAGE_CHANGEABLE],
4228				       &control_page_changeable,
4229				       sizeof(control_page_changeable));
4230				memcpy(&lun->mode_pages.control_page[
4231				    CTL_PAGE_SAVED],
4232				       &control_page_default,
4233				       sizeof(control_page_default));
4234				control_page = &lun->mode_pages.control_page[
4235				    CTL_PAGE_SAVED];
4236				value = ctl_get_opt(&lun->be_lun->options,
4237				    "reordering");
4238				if (value != NULL &&
4239				    strcmp(value, "unrestricted") == 0) {
4240					control_page->queue_flags &=
4241					    ~SCP_QUEUE_ALG_MASK;
4242					control_page->queue_flags |=
4243					    SCP_QUEUE_ALG_UNRESTRICTED;
4244				}
4245				memcpy(&lun->mode_pages.control_page[
4246				    CTL_PAGE_CURRENT],
4247				       &lun->mode_pages.control_page[
4248				    CTL_PAGE_SAVED],
4249				       sizeof(control_page_default));
4250				page_index->page_data =
4251				    (uint8_t *)lun->mode_pages.control_page;
4252				break;
4253			}
4254			case 0x01:
4255				memcpy(&lun->mode_pages.control_ext_page[
4256				    CTL_PAGE_DEFAULT],
4257				       &control_ext_page_default,
4258				       sizeof(control_ext_page_default));
4259				memcpy(&lun->mode_pages.control_ext_page[
4260				    CTL_PAGE_CHANGEABLE],
4261				       &control_ext_page_changeable,
4262				       sizeof(control_ext_page_changeable));
4263				memcpy(&lun->mode_pages.control_ext_page[
4264				    CTL_PAGE_SAVED],
4265				       &control_ext_page_default,
4266				       sizeof(control_ext_page_default));
4267				memcpy(&lun->mode_pages.control_ext_page[
4268				    CTL_PAGE_CURRENT],
4269				       &lun->mode_pages.control_ext_page[
4270				    CTL_PAGE_SAVED],
4271				       sizeof(control_ext_page_default));
4272				page_index->page_data =
4273				    (uint8_t *)lun->mode_pages.control_ext_page;
4274				break;
4275			}
4276			break;
4277		}
4278		case SMS_INFO_EXCEPTIONS_PAGE: {
4279			switch (page_index->subpage) {
4280			case SMS_SUBPAGE_PAGE_0:
4281				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_CURRENT],
4282				       &ie_page_default,
4283				       sizeof(ie_page_default));
4284				memcpy(&lun->mode_pages.ie_page[
4285				       CTL_PAGE_CHANGEABLE], &ie_page_changeable,
4286				       sizeof(ie_page_changeable));
4287				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_DEFAULT],
4288				       &ie_page_default,
4289				       sizeof(ie_page_default));
4290				memcpy(&lun->mode_pages.ie_page[CTL_PAGE_SAVED],
4291				       &ie_page_default,
4292				       sizeof(ie_page_default));
4293				page_index->page_data =
4294					(uint8_t *)lun->mode_pages.ie_page;
4295				break;
4296			case 0x02: {
4297				struct ctl_logical_block_provisioning_page *page;
4298
4299				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_DEFAULT],
4300				       &lbp_page_default,
4301				       sizeof(lbp_page_default));
4302				memcpy(&lun->mode_pages.lbp_page[
4303				       CTL_PAGE_CHANGEABLE], &lbp_page_changeable,
4304				       sizeof(lbp_page_changeable));
4305				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4306				       &lbp_page_default,
4307				       sizeof(lbp_page_default));
4308				page = &lun->mode_pages.lbp_page[CTL_PAGE_SAVED];
4309				value = ctl_get_opt(&lun->be_lun->options,
4310				    "avail-threshold");
4311				if (value != NULL &&
4312				    ctl_expand_number(value, &ival) == 0) {
4313					page->descr[0].flags |= SLBPPD_ENABLED |
4314					    SLBPPD_ARMING_DEC;
4315					if (lun->be_lun->blocksize)
4316						ival /= lun->be_lun->blocksize;
4317					else
4318						ival /= 512;
4319					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4320					    page->descr[0].count);
4321				}
4322				value = ctl_get_opt(&lun->be_lun->options,
4323				    "used-threshold");
4324				if (value != NULL &&
4325				    ctl_expand_number(value, &ival) == 0) {
4326					page->descr[1].flags |= SLBPPD_ENABLED |
4327					    SLBPPD_ARMING_INC;
4328					if (lun->be_lun->blocksize)
4329						ival /= lun->be_lun->blocksize;
4330					else
4331						ival /= 512;
4332					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4333					    page->descr[1].count);
4334				}
4335				value = ctl_get_opt(&lun->be_lun->options,
4336				    "pool-avail-threshold");
4337				if (value != NULL &&
4338				    ctl_expand_number(value, &ival) == 0) {
4339					page->descr[2].flags |= SLBPPD_ENABLED |
4340					    SLBPPD_ARMING_DEC;
4341					if (lun->be_lun->blocksize)
4342						ival /= lun->be_lun->blocksize;
4343					else
4344						ival /= 512;
4345					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4346					    page->descr[2].count);
4347				}
4348				value = ctl_get_opt(&lun->be_lun->options,
4349				    "pool-used-threshold");
4350				if (value != NULL &&
4351				    ctl_expand_number(value, &ival) == 0) {
4352					page->descr[3].flags |= SLBPPD_ENABLED |
4353					    SLBPPD_ARMING_INC;
4354					if (lun->be_lun->blocksize)
4355						ival /= lun->be_lun->blocksize;
4356					else
4357						ival /= 512;
4358					scsi_ulto4b(ival >> CTL_LBP_EXPONENT,
4359					    page->descr[3].count);
4360				}
4361				memcpy(&lun->mode_pages.lbp_page[CTL_PAGE_CURRENT],
4362				       &lun->mode_pages.lbp_page[CTL_PAGE_SAVED],
4363				       sizeof(lbp_page_default));
4364				page_index->page_data =
4365					(uint8_t *)lun->mode_pages.lbp_page;
4366			}}
4367			break;
4368		}
4369		case SMS_VENDOR_SPECIFIC_PAGE:{
4370			switch (page_index->subpage) {
4371			case DBGCNF_SUBPAGE_CODE: {
4372				memcpy(&lun->mode_pages.debugconf_subpage[
4373				       CTL_PAGE_CURRENT],
4374				       &debugconf_page_default,
4375				       sizeof(debugconf_page_default));
4376				memcpy(&lun->mode_pages.debugconf_subpage[
4377				       CTL_PAGE_CHANGEABLE],
4378				       &debugconf_page_changeable,
4379				       sizeof(debugconf_page_changeable));
4380				memcpy(&lun->mode_pages.debugconf_subpage[
4381				       CTL_PAGE_DEFAULT],
4382				       &debugconf_page_default,
4383				       sizeof(debugconf_page_default));
4384				memcpy(&lun->mode_pages.debugconf_subpage[
4385				       CTL_PAGE_SAVED],
4386				       &debugconf_page_default,
4387				       sizeof(debugconf_page_default));
4388				page_index->page_data =
4389				    (uint8_t *)lun->mode_pages.debugconf_subpage;
4390				break;
4391			}
4392			default:
4393				panic("invalid subpage value %d",
4394				      page_index->subpage);
4395				break;
4396			}
4397   			break;
4398		}
4399		default:
4400			panic("invalid page value %d",
4401			      page_index->page_code & SMPH_PC_MASK);
4402			break;
4403    	}
4404	}
4405
4406	return (CTL_RETVAL_COMPLETE);
4407}
4408
4409static int
4410ctl_init_log_page_index(struct ctl_lun *lun)
4411{
4412	struct ctl_page_index *page_index;
4413	int i, j, k, prev;
4414
4415	memcpy(&lun->log_pages.index, log_page_index_template,
4416	       sizeof(log_page_index_template));
4417
4418	prev = -1;
4419	for (i = 0, j = 0, k = 0; i < CTL_NUM_LOG_PAGES; i++) {
4420
4421		page_index = &lun->log_pages.index[i];
4422		/*
4423		 * If this is a disk-only mode page, there's no point in
4424		 * setting it up.  For some pages, we have to have some
4425		 * basic information about the disk in order to calculate the
4426		 * mode page data.
4427		 */
4428		if ((lun->be_lun->lun_type != T_DIRECT)
4429		 && (page_index->page_flags & CTL_PAGE_FLAG_DISK_ONLY))
4430			continue;
4431
4432		if (page_index->page_code == SLS_LOGICAL_BLOCK_PROVISIONING &&
4433		     lun->backend->lun_attr == NULL)
4434			continue;
4435
4436		if (page_index->page_code != prev) {
4437			lun->log_pages.pages_page[j] = page_index->page_code;
4438			prev = page_index->page_code;
4439			j++;
4440		}
4441		lun->log_pages.subpages_page[k*2] = page_index->page_code;
4442		lun->log_pages.subpages_page[k*2+1] = page_index->subpage;
4443		k++;
4444	}
4445	lun->log_pages.index[0].page_data = &lun->log_pages.pages_page[0];
4446	lun->log_pages.index[0].page_len = j;
4447	lun->log_pages.index[1].page_data = &lun->log_pages.subpages_page[0];
4448	lun->log_pages.index[1].page_len = k * 2;
4449	lun->log_pages.index[2].page_data = &lun->log_pages.lbp_page[0];
4450	lun->log_pages.index[2].page_len = 12*CTL_NUM_LBP_PARAMS;
4451	lun->log_pages.index[3].page_data = (uint8_t *)&lun->log_pages.stat_page;
4452	lun->log_pages.index[3].page_len = sizeof(lun->log_pages.stat_page);
4453
4454	return (CTL_RETVAL_COMPLETE);
4455}
4456
4457static int
4458hex2bin(const char *str, uint8_t *buf, int buf_size)
4459{
4460	int i;
4461	u_char c;
4462
4463	memset(buf, 0, buf_size);
4464	while (isspace(str[0]))
4465		str++;
4466	if (str[0] == '0' && (str[1] == 'x' || str[1] == 'X'))
4467		str += 2;
4468	buf_size *= 2;
4469	for (i = 0; str[i] != 0 && i < buf_size; i++) {
4470		c = str[i];
4471		if (isdigit(c))
4472			c -= '0';
4473		else if (isalpha(c))
4474			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
4475		else
4476			break;
4477		if (c >= 16)
4478			break;
4479		if ((i & 1) == 0)
4480			buf[i / 2] |= (c << 4);
4481		else
4482			buf[i / 2] |= c;
4483	}
4484	return ((i + 1) / 2);
4485}
4486
4487/*
4488 * LUN allocation.
4489 *
4490 * Requirements:
4491 * - caller allocates and zeros LUN storage, or passes in a NULL LUN if he
4492 *   wants us to allocate the LUN and he can block.
4493 * - ctl_softc is always set
4494 * - be_lun is set if the LUN has a backend (needed for disk LUNs)
4495 *
4496 * Returns 0 for success, non-zero (errno) for failure.
4497 */
4498static int
4499ctl_alloc_lun(struct ctl_softc *ctl_softc, struct ctl_lun *ctl_lun,
4500	      struct ctl_be_lun *const be_lun)
4501{
4502	struct ctl_lun *nlun, *lun;
4503	struct scsi_vpd_id_descriptor *desc;
4504	struct scsi_vpd_id_t10 *t10id;
4505	const char *eui, *naa, *scsiname, *vendor;
4506	int lun_number, i, lun_malloced;
4507	int devidlen, idlen1, idlen2 = 0, len;
4508
4509	if (be_lun == NULL)
4510		return (EINVAL);
4511
4512	/*
4513	 * We currently only support Direct Access or Processor LUN types.
4514	 */
4515	switch (be_lun->lun_type) {
4516	case T_DIRECT:
4517		break;
4518	case T_PROCESSOR:
4519		break;
4520	case T_SEQUENTIAL:
4521	case T_CHANGER:
4522	default:
4523		be_lun->lun_config_status(be_lun->be_lun,
4524					  CTL_LUN_CONFIG_FAILURE);
4525		break;
4526	}
4527	if (ctl_lun == NULL) {
4528		lun = malloc(sizeof(*lun), M_CTL, M_WAITOK);
4529		lun_malloced = 1;
4530	} else {
4531		lun_malloced = 0;
4532		lun = ctl_lun;
4533	}
4534
4535	memset(lun, 0, sizeof(*lun));
4536	if (lun_malloced)
4537		lun->flags = CTL_LUN_MALLOCED;
4538
4539	/* Generate LUN ID. */
4540	devidlen = max(CTL_DEVID_MIN_LEN,
4541	    strnlen(be_lun->device_id, CTL_DEVID_LEN));
4542	idlen1 = sizeof(*t10id) + devidlen;
4543	len = sizeof(struct scsi_vpd_id_descriptor) + idlen1;
4544	scsiname = ctl_get_opt(&be_lun->options, "scsiname");
4545	if (scsiname != NULL) {
4546		idlen2 = roundup2(strlen(scsiname) + 1, 4);
4547		len += sizeof(struct scsi_vpd_id_descriptor) + idlen2;
4548	}
4549	eui = ctl_get_opt(&be_lun->options, "eui");
4550	if (eui != NULL) {
4551		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4552	}
4553	naa = ctl_get_opt(&be_lun->options, "naa");
4554	if (naa != NULL) {
4555		len += sizeof(struct scsi_vpd_id_descriptor) + 16;
4556	}
4557	lun->lun_devid = malloc(sizeof(struct ctl_devid) + len,
4558	    M_CTL, M_WAITOK | M_ZERO);
4559	desc = (struct scsi_vpd_id_descriptor *)lun->lun_devid->data;
4560	desc->proto_codeset = SVPD_ID_CODESET_ASCII;
4561	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN | SVPD_ID_TYPE_T10;
4562	desc->length = idlen1;
4563	t10id = (struct scsi_vpd_id_t10 *)&desc->identifier[0];
4564	memset(t10id->vendor, ' ', sizeof(t10id->vendor));
4565	if ((vendor = ctl_get_opt(&be_lun->options, "vendor")) == NULL) {
4566		strncpy((char *)t10id->vendor, CTL_VENDOR, sizeof(t10id->vendor));
4567	} else {
4568		strncpy(t10id->vendor, vendor,
4569		    min(sizeof(t10id->vendor), strlen(vendor)));
4570	}
4571	strncpy((char *)t10id->vendor_spec_id,
4572	    (char *)be_lun->device_id, devidlen);
4573	if (scsiname != NULL) {
4574		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4575		    desc->length);
4576		desc->proto_codeset = SVPD_ID_CODESET_UTF8;
4577		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4578		    SVPD_ID_TYPE_SCSI_NAME;
4579		desc->length = idlen2;
4580		strlcpy(desc->identifier, scsiname, idlen2);
4581	}
4582	if (eui != NULL) {
4583		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4584		    desc->length);
4585		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4586		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4587		    SVPD_ID_TYPE_EUI64;
4588		desc->length = hex2bin(eui, desc->identifier, 16);
4589		desc->length = desc->length > 12 ? 16 :
4590		    (desc->length > 8 ? 12 : 8);
4591		len -= 16 - desc->length;
4592	}
4593	if (naa != NULL) {
4594		desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
4595		    desc->length);
4596		desc->proto_codeset = SVPD_ID_CODESET_BINARY;
4597		desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_LUN |
4598		    SVPD_ID_TYPE_NAA;
4599		desc->length = hex2bin(naa, desc->identifier, 16);
4600		desc->length = desc->length > 8 ? 16 : 8;
4601		len -= 16 - desc->length;
4602	}
4603	lun->lun_devid->len = len;
4604
4605	mtx_lock(&ctl_softc->ctl_lock);
4606	/*
4607	 * See if the caller requested a particular LUN number.  If so, see
4608	 * if it is available.  Otherwise, allocate the first available LUN.
4609	 */
4610	if (be_lun->flags & CTL_LUN_FLAG_ID_REQ) {
4611		if ((be_lun->req_lun_id > (CTL_MAX_LUNS - 1))
4612		 || (ctl_is_set(ctl_softc->ctl_lun_mask, be_lun->req_lun_id))) {
4613			mtx_unlock(&ctl_softc->ctl_lock);
4614			if (be_lun->req_lun_id > (CTL_MAX_LUNS - 1)) {
4615				printf("ctl: requested LUN ID %d is higher "
4616				       "than CTL_MAX_LUNS - 1 (%d)\n",
4617				       be_lun->req_lun_id, CTL_MAX_LUNS - 1);
4618			} else {
4619				/*
4620				 * XXX KDM return an error, or just assign
4621				 * another LUN ID in this case??
4622				 */
4623				printf("ctl: requested LUN ID %d is already "
4624				       "in use\n", be_lun->req_lun_id);
4625			}
4626			if (lun->flags & CTL_LUN_MALLOCED)
4627				free(lun, M_CTL);
4628			be_lun->lun_config_status(be_lun->be_lun,
4629						  CTL_LUN_CONFIG_FAILURE);
4630			return (ENOSPC);
4631		}
4632		lun_number = be_lun->req_lun_id;
4633	} else {
4634		lun_number = ctl_ffz(ctl_softc->ctl_lun_mask, 0, CTL_MAX_LUNS);
4635		if (lun_number == -1) {
4636			mtx_unlock(&ctl_softc->ctl_lock);
4637			printf("ctl: can't allocate LUN, out of LUNs\n");
4638			if (lun->flags & CTL_LUN_MALLOCED)
4639				free(lun, M_CTL);
4640			be_lun->lun_config_status(be_lun->be_lun,
4641						  CTL_LUN_CONFIG_FAILURE);
4642			return (ENOSPC);
4643		}
4644	}
4645	ctl_set_mask(ctl_softc->ctl_lun_mask, lun_number);
4646
4647	mtx_init(&lun->lun_lock, "CTL LUN", NULL, MTX_DEF);
4648	lun->lun = lun_number;
4649	lun->be_lun = be_lun;
4650	/*
4651	 * The processor LUN is always enabled.  Disk LUNs come on line
4652	 * disabled, and must be enabled by the backend.
4653	 */
4654	lun->flags |= CTL_LUN_DISABLED;
4655	lun->backend = be_lun->be;
4656	be_lun->ctl_lun = lun;
4657	be_lun->lun_id = lun_number;
4658	atomic_add_int(&be_lun->be->num_luns, 1);
4659	if (be_lun->flags & CTL_LUN_FLAG_OFFLINE)
4660		lun->flags |= CTL_LUN_OFFLINE;
4661
4662	if (be_lun->flags & CTL_LUN_FLAG_POWERED_OFF)
4663		lun->flags |= CTL_LUN_STOPPED;
4664
4665	if (be_lun->flags & CTL_LUN_FLAG_INOPERABLE)
4666		lun->flags |= CTL_LUN_INOPERABLE;
4667
4668	if (be_lun->flags & CTL_LUN_FLAG_PRIMARY)
4669		lun->flags |= CTL_LUN_PRIMARY_SC;
4670
4671	lun->ctl_softc = ctl_softc;
4672#ifdef CTL_TIME_IO
4673	lun->last_busy = getsbinuptime();
4674#endif
4675	TAILQ_INIT(&lun->ooa_queue);
4676	TAILQ_INIT(&lun->blocked_queue);
4677	STAILQ_INIT(&lun->error_list);
4678	ctl_tpc_lun_init(lun);
4679
4680	/*
4681	 * Initialize the mode and log page index.
4682	 */
4683	ctl_init_page_index(lun);
4684	ctl_init_log_page_index(lun);
4685
4686	/*
4687	 * Now, before we insert this lun on the lun list, set the lun
4688	 * inventory changed UA for all other luns.
4689	 */
4690	STAILQ_FOREACH(nlun, &ctl_softc->lun_list, links) {
4691		mtx_lock(&nlun->lun_lock);
4692		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4693		mtx_unlock(&nlun->lun_lock);
4694	}
4695
4696	STAILQ_INSERT_TAIL(&ctl_softc->lun_list, lun, links);
4697
4698	ctl_softc->ctl_luns[lun_number] = lun;
4699
4700	ctl_softc->num_luns++;
4701
4702	/* Setup statistics gathering */
4703	lun->stats.device_type = be_lun->lun_type;
4704	lun->stats.lun_number = lun_number;
4705	if (lun->stats.device_type == T_DIRECT)
4706		lun->stats.blocksize = be_lun->blocksize;
4707	else
4708		lun->stats.flags = CTL_LUN_STATS_NO_BLOCKSIZE;
4709	for (i = 0;i < CTL_MAX_PORTS;i++)
4710		lun->stats.ports[i].targ_port = i;
4711
4712	mtx_unlock(&ctl_softc->ctl_lock);
4713
4714	lun->be_lun->lun_config_status(lun->be_lun->be_lun, CTL_LUN_CONFIG_OK);
4715	return (0);
4716}
4717
4718/*
4719 * Delete a LUN.
4720 * Assumptions:
4721 * - LUN has already been marked invalid and any pending I/O has been taken
4722 *   care of.
4723 */
4724static int
4725ctl_free_lun(struct ctl_lun *lun)
4726{
4727	struct ctl_softc *softc;
4728	struct ctl_lun *nlun;
4729	int i;
4730
4731	softc = lun->ctl_softc;
4732
4733	mtx_assert(&softc->ctl_lock, MA_OWNED);
4734
4735	STAILQ_REMOVE(&softc->lun_list, lun, ctl_lun, links);
4736
4737	ctl_clear_mask(softc->ctl_lun_mask, lun->lun);
4738
4739	softc->ctl_luns[lun->lun] = NULL;
4740
4741	if (!TAILQ_EMPTY(&lun->ooa_queue))
4742		panic("Freeing a LUN %p with outstanding I/O!!\n", lun);
4743
4744	softc->num_luns--;
4745
4746	/*
4747	 * Tell the backend to free resources, if this LUN has a backend.
4748	 */
4749	atomic_subtract_int(&lun->be_lun->be->num_luns, 1);
4750	lun->be_lun->lun_shutdown(lun->be_lun->be_lun);
4751
4752	ctl_tpc_lun_shutdown(lun);
4753	mtx_destroy(&lun->lun_lock);
4754	free(lun->lun_devid, M_CTL);
4755	for (i = 0; i < CTL_MAX_PORTS; i++)
4756		free(lun->pending_ua[i], M_CTL);
4757	for (i = 0; i < CTL_MAX_PORTS; i++)
4758		free(lun->pr_keys[i], M_CTL);
4759	free(lun->write_buffer, M_CTL);
4760	if (lun->flags & CTL_LUN_MALLOCED)
4761		free(lun, M_CTL);
4762
4763	STAILQ_FOREACH(nlun, &softc->lun_list, links) {
4764		mtx_lock(&nlun->lun_lock);
4765		ctl_est_ua_all(nlun, -1, CTL_UA_LUN_CHANGE);
4766		mtx_unlock(&nlun->lun_lock);
4767	}
4768
4769	return (0);
4770}
4771
4772static void
4773ctl_create_lun(struct ctl_be_lun *be_lun)
4774{
4775
4776	/*
4777	 * ctl_alloc_lun() should handle all potential failure cases.
4778	 */
4779	ctl_alloc_lun(control_softc, NULL, be_lun);
4780}
4781
4782int
4783ctl_add_lun(struct ctl_be_lun *be_lun)
4784{
4785	struct ctl_softc *softc = control_softc;
4786
4787	mtx_lock(&softc->ctl_lock);
4788	STAILQ_INSERT_TAIL(&softc->pending_lun_queue, be_lun, links);
4789	mtx_unlock(&softc->ctl_lock);
4790	wakeup(&softc->pending_lun_queue);
4791
4792	return (0);
4793}
4794
4795int
4796ctl_enable_lun(struct ctl_be_lun *be_lun)
4797{
4798	struct ctl_softc *softc;
4799	struct ctl_port *port, *nport;
4800	struct ctl_lun *lun;
4801	int retval;
4802
4803	lun = (struct ctl_lun *)be_lun->ctl_lun;
4804	softc = lun->ctl_softc;
4805
4806	mtx_lock(&softc->ctl_lock);
4807	mtx_lock(&lun->lun_lock);
4808	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4809		/*
4810		 * eh?  Why did we get called if the LUN is already
4811		 * enabled?
4812		 */
4813		mtx_unlock(&lun->lun_lock);
4814		mtx_unlock(&softc->ctl_lock);
4815		return (0);
4816	}
4817	lun->flags &= ~CTL_LUN_DISABLED;
4818	mtx_unlock(&lun->lun_lock);
4819
4820	for (port = STAILQ_FIRST(&softc->port_list); port != NULL; port = nport) {
4821		nport = STAILQ_NEXT(port, links);
4822		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4823		    port->lun_map != NULL || port->lun_enable == NULL)
4824			continue;
4825
4826		/*
4827		 * Drop the lock while we call the FETD's enable routine.
4828		 * This can lead to a callback into CTL (at least in the
4829		 * case of the internal initiator frontend.
4830		 */
4831		mtx_unlock(&softc->ctl_lock);
4832		retval = port->lun_enable(port->targ_lun_arg, lun->lun);
4833		mtx_lock(&softc->ctl_lock);
4834		if (retval != 0) {
4835			printf("%s: FETD %s port %d returned error "
4836			       "%d for lun_enable on lun %jd\n",
4837			       __func__, port->port_name, port->targ_port,
4838			       retval, (intmax_t)lun->lun);
4839		}
4840	}
4841
4842	mtx_unlock(&softc->ctl_lock);
4843	ctl_isc_announce_lun(lun);
4844
4845	return (0);
4846}
4847
4848int
4849ctl_disable_lun(struct ctl_be_lun *be_lun)
4850{
4851	struct ctl_softc *softc;
4852	struct ctl_port *port;
4853	struct ctl_lun *lun;
4854	int retval;
4855
4856	lun = (struct ctl_lun *)be_lun->ctl_lun;
4857	softc = lun->ctl_softc;
4858
4859	mtx_lock(&softc->ctl_lock);
4860	mtx_lock(&lun->lun_lock);
4861	if (lun->flags & CTL_LUN_DISABLED) {
4862		mtx_unlock(&lun->lun_lock);
4863		mtx_unlock(&softc->ctl_lock);
4864		return (0);
4865	}
4866	lun->flags |= CTL_LUN_DISABLED;
4867	mtx_unlock(&lun->lun_lock);
4868
4869	STAILQ_FOREACH(port, &softc->port_list, links) {
4870		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0 ||
4871		    port->lun_map != NULL || port->lun_disable == NULL)
4872			continue;
4873
4874		/*
4875		 * Drop the lock before we call the frontend's disable
4876		 * routine, to avoid lock order reversals.
4877		 *
4878		 * XXX KDM what happens if the frontend list changes while
4879		 * we're traversing it?  It's unlikely, but should be handled.
4880		 */
4881		mtx_unlock(&softc->ctl_lock);
4882		retval = port->lun_disable(port->targ_lun_arg, lun->lun);
4883		mtx_lock(&softc->ctl_lock);
4884		if (retval != 0) {
4885			printf("%s: FETD %s port %d returned error "
4886			       "%d for lun_disable on lun %jd\n",
4887			       __func__, port->port_name, port->targ_port,
4888			       retval, (intmax_t)lun->lun);
4889		}
4890	}
4891
4892	mtx_unlock(&softc->ctl_lock);
4893	ctl_isc_announce_lun(lun);
4894
4895	return (0);
4896}
4897
4898int
4899ctl_start_lun(struct ctl_be_lun *be_lun)
4900{
4901	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4902
4903	mtx_lock(&lun->lun_lock);
4904	lun->flags &= ~CTL_LUN_STOPPED;
4905	mtx_unlock(&lun->lun_lock);
4906	return (0);
4907}
4908
4909int
4910ctl_stop_lun(struct ctl_be_lun *be_lun)
4911{
4912	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4913
4914	mtx_lock(&lun->lun_lock);
4915	lun->flags |= CTL_LUN_STOPPED;
4916	mtx_unlock(&lun->lun_lock);
4917	return (0);
4918}
4919
4920int
4921ctl_lun_offline(struct ctl_be_lun *be_lun)
4922{
4923	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4924
4925	mtx_lock(&lun->lun_lock);
4926	lun->flags |= CTL_LUN_OFFLINE;
4927	mtx_unlock(&lun->lun_lock);
4928	return (0);
4929}
4930
4931int
4932ctl_lun_online(struct ctl_be_lun *be_lun)
4933{
4934	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4935
4936	mtx_lock(&lun->lun_lock);
4937	lun->flags &= ~CTL_LUN_OFFLINE;
4938	mtx_unlock(&lun->lun_lock);
4939	return (0);
4940}
4941
4942int
4943ctl_lun_primary(struct ctl_be_lun *be_lun)
4944{
4945	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4946
4947	mtx_lock(&lun->lun_lock);
4948	lun->flags |= CTL_LUN_PRIMARY_SC;
4949	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4950	mtx_unlock(&lun->lun_lock);
4951	ctl_isc_announce_lun(lun);
4952	return (0);
4953}
4954
4955int
4956ctl_lun_secondary(struct ctl_be_lun *be_lun)
4957{
4958	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
4959
4960	mtx_lock(&lun->lun_lock);
4961	lun->flags &= ~CTL_LUN_PRIMARY_SC;
4962	ctl_est_ua_all(lun, -1, CTL_UA_ASYM_ACC_CHANGE);
4963	mtx_unlock(&lun->lun_lock);
4964	ctl_isc_announce_lun(lun);
4965	return (0);
4966}
4967
4968int
4969ctl_invalidate_lun(struct ctl_be_lun *be_lun)
4970{
4971	struct ctl_softc *softc;
4972	struct ctl_lun *lun;
4973
4974	lun = (struct ctl_lun *)be_lun->ctl_lun;
4975	softc = lun->ctl_softc;
4976
4977	mtx_lock(&lun->lun_lock);
4978
4979	/*
4980	 * The LUN needs to be disabled before it can be marked invalid.
4981	 */
4982	if ((lun->flags & CTL_LUN_DISABLED) == 0) {
4983		mtx_unlock(&lun->lun_lock);
4984		return (-1);
4985	}
4986	/*
4987	 * Mark the LUN invalid.
4988	 */
4989	lun->flags |= CTL_LUN_INVALID;
4990
4991	/*
4992	 * If there is nothing in the OOA queue, go ahead and free the LUN.
4993	 * If we have something in the OOA queue, we'll free it when the
4994	 * last I/O completes.
4995	 */
4996	if (TAILQ_EMPTY(&lun->ooa_queue)) {
4997		mtx_unlock(&lun->lun_lock);
4998		mtx_lock(&softc->ctl_lock);
4999		ctl_free_lun(lun);
5000		mtx_unlock(&softc->ctl_lock);
5001	} else
5002		mtx_unlock(&lun->lun_lock);
5003
5004	return (0);
5005}
5006
5007int
5008ctl_lun_inoperable(struct ctl_be_lun *be_lun)
5009{
5010	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5011
5012	mtx_lock(&lun->lun_lock);
5013	lun->flags |= CTL_LUN_INOPERABLE;
5014	mtx_unlock(&lun->lun_lock);
5015	return (0);
5016}
5017
5018int
5019ctl_lun_operable(struct ctl_be_lun *be_lun)
5020{
5021	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5022
5023	mtx_lock(&lun->lun_lock);
5024	lun->flags &= ~CTL_LUN_INOPERABLE;
5025	mtx_unlock(&lun->lun_lock);
5026	return (0);
5027}
5028
5029void
5030ctl_lun_capacity_changed(struct ctl_be_lun *be_lun)
5031{
5032	struct ctl_lun *lun = (struct ctl_lun *)be_lun->ctl_lun;
5033	union ctl_ha_msg msg;
5034
5035	mtx_lock(&lun->lun_lock);
5036	ctl_est_ua_all(lun, -1, CTL_UA_CAPACITY_CHANGED);
5037	mtx_unlock(&lun->lun_lock);
5038	if (lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
5039		/* Send msg to other side. */
5040		bzero(&msg.ua, sizeof(msg.ua));
5041		msg.hdr.msg_type = CTL_MSG_UA;
5042		msg.hdr.nexus.initid = -1;
5043		msg.hdr.nexus.targ_port = -1;
5044		msg.hdr.nexus.targ_lun = lun->lun;
5045		msg.hdr.nexus.targ_mapped_lun = lun->lun;
5046		msg.ua.ua_all = 1;
5047		msg.ua.ua_set = 1;
5048		msg.ua.ua_type = CTL_UA_CAPACITY_CHANGED;
5049		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg, sizeof(msg.ua),
5050		    M_WAITOK);
5051	}
5052}
5053
5054/*
5055 * Backend "memory move is complete" callback for requests that never
5056 * make it down to say RAIDCore's configuration code.
5057 */
5058int
5059ctl_config_move_done(union ctl_io *io)
5060{
5061	int retval;
5062
5063	CTL_DEBUG_PRINT(("ctl_config_move_done\n"));
5064	KASSERT(io->io_hdr.io_type == CTL_IO_SCSI,
5065	    ("Config I/O type isn't CTL_IO_SCSI (%d)!", io->io_hdr.io_type));
5066
5067	if ((io->io_hdr.port_status != 0) &&
5068	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5069	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5070		/*
5071		 * For hardware error sense keys, the sense key
5072		 * specific value is defined to be a retry count,
5073		 * but we use it to pass back an internal FETD
5074		 * error code.  XXX KDM  Hopefully the FETD is only
5075		 * using 16 bits for an error code, since that's
5076		 * all the space we have in the sks field.
5077		 */
5078		ctl_set_internal_failure(&io->scsiio,
5079					 /*sks_valid*/ 1,
5080					 /*retry_count*/
5081					 io->io_hdr.port_status);
5082	}
5083
5084	if (ctl_debug & CTL_DEBUG_CDB_DATA)
5085		ctl_data_print(io);
5086	if (((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN) ||
5087	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5088	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) ||
5089	    ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0)) {
5090		/*
5091		 * XXX KDM just assuming a single pointer here, and not a
5092		 * S/G list.  If we start using S/G lists for config data,
5093		 * we'll need to know how to clean them up here as well.
5094		 */
5095		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5096			free(io->scsiio.kern_data_ptr, M_CTL);
5097		ctl_done(io);
5098		retval = CTL_RETVAL_COMPLETE;
5099	} else {
5100		/*
5101		 * XXX KDM now we need to continue data movement.  Some
5102		 * options:
5103		 * - call ctl_scsiio() again?  We don't do this for data
5104		 *   writes, because for those at least we know ahead of
5105		 *   time where the write will go and how long it is.  For
5106		 *   config writes, though, that information is largely
5107		 *   contained within the write itself, thus we need to
5108		 *   parse out the data again.
5109		 *
5110		 * - Call some other function once the data is in?
5111		 */
5112
5113		/*
5114		 * XXX KDM call ctl_scsiio() again for now, and check flag
5115		 * bits to see whether we're allocated or not.
5116		 */
5117		retval = ctl_scsiio(&io->scsiio);
5118	}
5119	return (retval);
5120}
5121
5122/*
5123 * This gets called by a backend driver when it is done with a
5124 * data_submit method.
5125 */
5126void
5127ctl_data_submit_done(union ctl_io *io)
5128{
5129	/*
5130	 * If the IO_CONT flag is set, we need to call the supplied
5131	 * function to continue processing the I/O, instead of completing
5132	 * the I/O just yet.
5133	 *
5134	 * If there is an error, though, we don't want to keep processing.
5135	 * Instead, just send status back to the initiator.
5136	 */
5137	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5138	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5139	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5140	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5141		io->scsiio.io_cont(io);
5142		return;
5143	}
5144	ctl_done(io);
5145}
5146
5147/*
5148 * This gets called by a backend driver when it is done with a
5149 * configuration write.
5150 */
5151void
5152ctl_config_write_done(union ctl_io *io)
5153{
5154	uint8_t *buf;
5155
5156	/*
5157	 * If the IO_CONT flag is set, we need to call the supplied
5158	 * function to continue processing the I/O, instead of completing
5159	 * the I/O just yet.
5160	 *
5161	 * If there is an error, though, we don't want to keep processing.
5162	 * Instead, just send status back to the initiator.
5163	 */
5164	if ((io->io_hdr.flags & CTL_FLAG_IO_CONT) &&
5165	    (io->io_hdr.flags & CTL_FLAG_ABORT) == 0 &&
5166	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_STATUS_NONE ||
5167	     (io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS)) {
5168		io->scsiio.io_cont(io);
5169		return;
5170	}
5171	/*
5172	 * Since a configuration write can be done for commands that actually
5173	 * have data allocated, like write buffer, and commands that have
5174	 * no data, like start/stop unit, we need to check here.
5175	 */
5176	if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5177		buf = io->scsiio.kern_data_ptr;
5178	else
5179		buf = NULL;
5180	ctl_done(io);
5181	if (buf)
5182		free(buf, M_CTL);
5183}
5184
5185void
5186ctl_config_read_done(union ctl_io *io)
5187{
5188	uint8_t *buf;
5189
5190	/*
5191	 * If there is some error -- we are done, skip data transfer.
5192	 */
5193	if ((io->io_hdr.flags & CTL_FLAG_ABORT) != 0 ||
5194	    ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
5195	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS)) {
5196		if (io->io_hdr.flags & CTL_FLAG_ALLOCATED)
5197			buf = io->scsiio.kern_data_ptr;
5198		else
5199			buf = NULL;
5200		ctl_done(io);
5201		if (buf)
5202			free(buf, M_CTL);
5203		return;
5204	}
5205
5206	/*
5207	 * If the IO_CONT flag is set, we need to call the supplied
5208	 * function to continue processing the I/O, instead of completing
5209	 * the I/O just yet.
5210	 */
5211	if (io->io_hdr.flags & CTL_FLAG_IO_CONT) {
5212		io->scsiio.io_cont(io);
5213		return;
5214	}
5215
5216	ctl_datamove(io);
5217}
5218
5219/*
5220 * SCSI release command.
5221 */
5222int
5223ctl_scsi_release(struct ctl_scsiio *ctsio)
5224{
5225	struct ctl_lun *lun;
5226	uint32_t residx;
5227
5228	CTL_DEBUG_PRINT(("ctl_scsi_release\n"));
5229
5230	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5231	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5232
5233	/*
5234	 * XXX KDM right now, we only support LUN reservation.  We don't
5235	 * support 3rd party reservations, or extent reservations, which
5236	 * might actually need the parameter list.  If we've gotten this
5237	 * far, we've got a LUN reservation.  Anything else got kicked out
5238	 * above.  So, according to SPC, ignore the length.
5239	 */
5240
5241	mtx_lock(&lun->lun_lock);
5242
5243	/*
5244	 * According to SPC, it is not an error for an intiator to attempt
5245	 * to release a reservation on a LUN that isn't reserved, or that
5246	 * is reserved by another initiator.  The reservation can only be
5247	 * released, though, by the initiator who made it or by one of
5248	 * several reset type events.
5249	 */
5250	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == residx))
5251			lun->flags &= ~CTL_LUN_RESERVED;
5252
5253	mtx_unlock(&lun->lun_lock);
5254
5255	ctl_set_success(ctsio);
5256	ctl_done((union ctl_io *)ctsio);
5257	return (CTL_RETVAL_COMPLETE);
5258}
5259
5260int
5261ctl_scsi_reserve(struct ctl_scsiio *ctsio)
5262{
5263	struct ctl_lun *lun;
5264	uint32_t residx;
5265
5266	CTL_DEBUG_PRINT(("ctl_reserve\n"));
5267
5268	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5269	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5270
5271	/*
5272	 * XXX KDM right now, we only support LUN reservation.  We don't
5273	 * support 3rd party reservations, or extent reservations, which
5274	 * might actually need the parameter list.  If we've gotten this
5275	 * far, we've got a LUN reservation.  Anything else got kicked out
5276	 * above.  So, according to SPC, ignore the length.
5277	 */
5278
5279	mtx_lock(&lun->lun_lock);
5280	if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx != residx)) {
5281		ctl_set_reservation_conflict(ctsio);
5282		goto bailout;
5283	}
5284	lun->flags |= CTL_LUN_RESERVED;
5285	lun->res_idx = residx;
5286	ctl_set_success(ctsio);
5287
5288bailout:
5289	mtx_unlock(&lun->lun_lock);
5290	ctl_done((union ctl_io *)ctsio);
5291	return (CTL_RETVAL_COMPLETE);
5292}
5293
5294int
5295ctl_start_stop(struct ctl_scsiio *ctsio)
5296{
5297	struct scsi_start_stop_unit *cdb;
5298	struct ctl_lun *lun;
5299	int retval;
5300
5301	CTL_DEBUG_PRINT(("ctl_start_stop\n"));
5302
5303	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5304	retval = 0;
5305
5306	cdb = (struct scsi_start_stop_unit *)ctsio->cdb;
5307
5308	/*
5309	 * XXX KDM
5310	 * We don't support the immediate bit on a stop unit.  In order to
5311	 * do that, we would need to code up a way to know that a stop is
5312	 * pending, and hold off any new commands until it completes, one
5313	 * way or another.  Then we could accept or reject those commands
5314	 * depending on its status.  We would almost need to do the reverse
5315	 * of what we do below for an immediate start -- return the copy of
5316	 * the ctl_io to the FETD with status to send to the host (and to
5317	 * free the copy!) and then free the original I/O once the stop
5318	 * actually completes.  That way, the OOA queue mechanism can work
5319	 * to block commands that shouldn't proceed.  Another alternative
5320	 * would be to put the copy in the queue in place of the original,
5321	 * and return the original back to the caller.  That could be
5322	 * slightly safer..
5323	 */
5324	if ((cdb->byte2 & SSS_IMMED)
5325	 && ((cdb->how & SSS_START) == 0)) {
5326		ctl_set_invalid_field(ctsio,
5327				      /*sks_valid*/ 1,
5328				      /*command*/ 1,
5329				      /*field*/ 1,
5330				      /*bit_valid*/ 1,
5331				      /*bit*/ 0);
5332		ctl_done((union ctl_io *)ctsio);
5333		return (CTL_RETVAL_COMPLETE);
5334	}
5335
5336	if ((lun->flags & CTL_LUN_PR_RESERVED)
5337	 && ((cdb->how & SSS_START)==0)) {
5338		uint32_t residx;
5339
5340		residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5341		if (ctl_get_prkey(lun, residx) == 0
5342		 || (lun->pr_res_idx!=residx && lun->res_type < 4)) {
5343
5344			ctl_set_reservation_conflict(ctsio);
5345			ctl_done((union ctl_io *)ctsio);
5346			return (CTL_RETVAL_COMPLETE);
5347		}
5348	}
5349
5350	/*
5351	 * If there is no backend on this device, we can't start or stop
5352	 * it.  In theory we shouldn't get any start/stop commands in the
5353	 * first place at this level if the LUN doesn't have a backend.
5354	 * That should get stopped by the command decode code.
5355	 */
5356	if (lun->backend == NULL) {
5357		ctl_set_invalid_opcode(ctsio);
5358		ctl_done((union ctl_io *)ctsio);
5359		return (CTL_RETVAL_COMPLETE);
5360	}
5361
5362	/*
5363	 * XXX KDM Copan-specific offline behavior.
5364	 * Figure out a reasonable way to port this?
5365	 */
5366#ifdef NEEDTOPORT
5367	mtx_lock(&lun->lun_lock);
5368
5369	if (((cdb->byte2 & SSS_ONOFFLINE) == 0)
5370	 && (lun->flags & CTL_LUN_OFFLINE)) {
5371		/*
5372		 * If the LUN is offline, and the on/offline bit isn't set,
5373		 * reject the start or stop.  Otherwise, let it through.
5374		 */
5375		mtx_unlock(&lun->lun_lock);
5376		ctl_set_lun_not_ready(ctsio);
5377		ctl_done((union ctl_io *)ctsio);
5378	} else {
5379		mtx_unlock(&lun->lun_lock);
5380#endif /* NEEDTOPORT */
5381		/*
5382		 * This could be a start or a stop when we're online,
5383		 * or a stop/offline or start/online.  A start or stop when
5384		 * we're offline is covered in the case above.
5385		 */
5386		/*
5387		 * In the non-immediate case, we send the request to
5388		 * the backend and return status to the user when
5389		 * it is done.
5390		 *
5391		 * In the immediate case, we allocate a new ctl_io
5392		 * to hold a copy of the request, and send that to
5393		 * the backend.  We then set good status on the
5394		 * user's request and return it immediately.
5395		 */
5396		if (cdb->byte2 & SSS_IMMED) {
5397			union ctl_io *new_io;
5398
5399			new_io = ctl_alloc_io(ctsio->io_hdr.pool);
5400			ctl_copy_io((union ctl_io *)ctsio, new_io);
5401			retval = lun->backend->config_write(new_io);
5402			ctl_set_success(ctsio);
5403			ctl_done((union ctl_io *)ctsio);
5404		} else {
5405			retval = lun->backend->config_write(
5406				(union ctl_io *)ctsio);
5407		}
5408#ifdef NEEDTOPORT
5409	}
5410#endif
5411	return (retval);
5412}
5413
5414/*
5415 * We support the SYNCHRONIZE CACHE command (10 and 16 byte versions), but
5416 * we don't really do anything with the LBA and length fields if the user
5417 * passes them in.  Instead we'll just flush out the cache for the entire
5418 * LUN.
5419 */
5420int
5421ctl_sync_cache(struct ctl_scsiio *ctsio)
5422{
5423	struct ctl_lun *lun;
5424	struct ctl_softc *softc;
5425	struct ctl_lba_len_flags *lbalen;
5426	uint64_t starting_lba;
5427	uint32_t block_count;
5428	int retval;
5429	uint8_t byte2;
5430
5431	CTL_DEBUG_PRINT(("ctl_sync_cache\n"));
5432
5433	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5434	softc = lun->ctl_softc;
5435	retval = 0;
5436
5437	switch (ctsio->cdb[0]) {
5438	case SYNCHRONIZE_CACHE: {
5439		struct scsi_sync_cache *cdb;
5440		cdb = (struct scsi_sync_cache *)ctsio->cdb;
5441
5442		starting_lba = scsi_4btoul(cdb->begin_lba);
5443		block_count = scsi_2btoul(cdb->lb_count);
5444		byte2 = cdb->byte2;
5445		break;
5446	}
5447	case SYNCHRONIZE_CACHE_16: {
5448		struct scsi_sync_cache_16 *cdb;
5449		cdb = (struct scsi_sync_cache_16 *)ctsio->cdb;
5450
5451		starting_lba = scsi_8btou64(cdb->begin_lba);
5452		block_count = scsi_4btoul(cdb->lb_count);
5453		byte2 = cdb->byte2;
5454		break;
5455	}
5456	default:
5457		ctl_set_invalid_opcode(ctsio);
5458		ctl_done((union ctl_io *)ctsio);
5459		goto bailout;
5460		break; /* NOTREACHED */
5461	}
5462
5463	/*
5464	 * We check the LBA and length, but don't do anything with them.
5465	 * A SYNCHRONIZE CACHE will cause the entire cache for this lun to
5466	 * get flushed.  This check will just help satisfy anyone who wants
5467	 * to see an error for an out of range LBA.
5468	 */
5469	if ((starting_lba + block_count) > (lun->be_lun->maxlba + 1)) {
5470		ctl_set_lba_out_of_range(ctsio);
5471		ctl_done((union ctl_io *)ctsio);
5472		goto bailout;
5473	}
5474
5475	/*
5476	 * If this LUN has no backend, we can't flush the cache anyway.
5477	 */
5478	if (lun->backend == NULL) {
5479		ctl_set_invalid_opcode(ctsio);
5480		ctl_done((union ctl_io *)ctsio);
5481		goto bailout;
5482	}
5483
5484	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5485	lbalen->lba = starting_lba;
5486	lbalen->len = block_count;
5487	lbalen->flags = byte2;
5488
5489	/*
5490	 * Check to see whether we're configured to send the SYNCHRONIZE
5491	 * CACHE command directly to the back end.
5492	 */
5493	mtx_lock(&lun->lun_lock);
5494	if ((softc->flags & CTL_FLAG_REAL_SYNC)
5495	 && (++(lun->sync_count) >= lun->sync_interval)) {
5496		lun->sync_count = 0;
5497		mtx_unlock(&lun->lun_lock);
5498		retval = lun->backend->config_write((union ctl_io *)ctsio);
5499	} else {
5500		mtx_unlock(&lun->lun_lock);
5501		ctl_set_success(ctsio);
5502		ctl_done((union ctl_io *)ctsio);
5503	}
5504
5505bailout:
5506
5507	return (retval);
5508}
5509
5510int
5511ctl_format(struct ctl_scsiio *ctsio)
5512{
5513	struct scsi_format *cdb;
5514	struct ctl_lun *lun;
5515	int length, defect_list_len;
5516
5517	CTL_DEBUG_PRINT(("ctl_format\n"));
5518
5519	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5520
5521	cdb = (struct scsi_format *)ctsio->cdb;
5522
5523	length = 0;
5524	if (cdb->byte2 & SF_FMTDATA) {
5525		if (cdb->byte2 & SF_LONGLIST)
5526			length = sizeof(struct scsi_format_header_long);
5527		else
5528			length = sizeof(struct scsi_format_header_short);
5529	}
5530
5531	if (((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0)
5532	 && (length > 0)) {
5533		ctsio->kern_data_ptr = malloc(length, M_CTL, M_WAITOK);
5534		ctsio->kern_data_len = length;
5535		ctsio->kern_total_len = length;
5536		ctsio->kern_data_resid = 0;
5537		ctsio->kern_rel_offset = 0;
5538		ctsio->kern_sg_entries = 0;
5539		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5540		ctsio->be_move_done = ctl_config_move_done;
5541		ctl_datamove((union ctl_io *)ctsio);
5542
5543		return (CTL_RETVAL_COMPLETE);
5544	}
5545
5546	defect_list_len = 0;
5547
5548	if (cdb->byte2 & SF_FMTDATA) {
5549		if (cdb->byte2 & SF_LONGLIST) {
5550			struct scsi_format_header_long *header;
5551
5552			header = (struct scsi_format_header_long *)
5553				ctsio->kern_data_ptr;
5554
5555			defect_list_len = scsi_4btoul(header->defect_list_len);
5556			if (defect_list_len != 0) {
5557				ctl_set_invalid_field(ctsio,
5558						      /*sks_valid*/ 1,
5559						      /*command*/ 0,
5560						      /*field*/ 2,
5561						      /*bit_valid*/ 0,
5562						      /*bit*/ 0);
5563				goto bailout;
5564			}
5565		} else {
5566			struct scsi_format_header_short *header;
5567
5568			header = (struct scsi_format_header_short *)
5569				ctsio->kern_data_ptr;
5570
5571			defect_list_len = scsi_2btoul(header->defect_list_len);
5572			if (defect_list_len != 0) {
5573				ctl_set_invalid_field(ctsio,
5574						      /*sks_valid*/ 1,
5575						      /*command*/ 0,
5576						      /*field*/ 2,
5577						      /*bit_valid*/ 0,
5578						      /*bit*/ 0);
5579				goto bailout;
5580			}
5581		}
5582	}
5583
5584	/*
5585	 * The format command will clear out the "Medium format corrupted"
5586	 * status if set by the configuration code.  That status is really
5587	 * just a way to notify the host that we have lost the media, and
5588	 * get them to issue a command that will basically make them think
5589	 * they're blowing away the media.
5590	 */
5591	mtx_lock(&lun->lun_lock);
5592	lun->flags &= ~CTL_LUN_INOPERABLE;
5593	mtx_unlock(&lun->lun_lock);
5594
5595	ctl_set_success(ctsio);
5596bailout:
5597
5598	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5599		free(ctsio->kern_data_ptr, M_CTL);
5600		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5601	}
5602
5603	ctl_done((union ctl_io *)ctsio);
5604	return (CTL_RETVAL_COMPLETE);
5605}
5606
5607int
5608ctl_read_buffer(struct ctl_scsiio *ctsio)
5609{
5610	struct ctl_lun *lun;
5611	uint64_t buffer_offset;
5612	uint32_t len;
5613	uint8_t byte2;
5614	static uint8_t descr[4];
5615	static uint8_t echo_descr[4] = { 0 };
5616
5617	CTL_DEBUG_PRINT(("ctl_read_buffer\n"));
5618	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5619	switch (ctsio->cdb[0]) {
5620	case READ_BUFFER: {
5621		struct scsi_read_buffer *cdb;
5622
5623		cdb = (struct scsi_read_buffer *)ctsio->cdb;
5624		buffer_offset = scsi_3btoul(cdb->offset);
5625		len = scsi_3btoul(cdb->length);
5626		byte2 = cdb->byte2;
5627		break;
5628	}
5629	case READ_BUFFER_16: {
5630		struct scsi_read_buffer_16 *cdb;
5631
5632		cdb = (struct scsi_read_buffer_16 *)ctsio->cdb;
5633		buffer_offset = scsi_8btou64(cdb->offset);
5634		len = scsi_4btoul(cdb->length);
5635		byte2 = cdb->byte2;
5636		break;
5637	}
5638	default: /* This shouldn't happen. */
5639		ctl_set_invalid_opcode(ctsio);
5640		ctl_done((union ctl_io *)ctsio);
5641		return (CTL_RETVAL_COMPLETE);
5642	}
5643
5644	if ((byte2 & RWB_MODE) != RWB_MODE_DATA &&
5645	    (byte2 & RWB_MODE) != RWB_MODE_ECHO_DESCR &&
5646	    (byte2 & RWB_MODE) != RWB_MODE_DESCR) {
5647		ctl_set_invalid_field(ctsio,
5648				      /*sks_valid*/ 1,
5649				      /*command*/ 1,
5650				      /*field*/ 1,
5651				      /*bit_valid*/ 1,
5652				      /*bit*/ 4);
5653		ctl_done((union ctl_io *)ctsio);
5654		return (CTL_RETVAL_COMPLETE);
5655	}
5656
5657	if (buffer_offset > CTL_WRITE_BUFFER_SIZE ||
5658	    buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5659		ctl_set_invalid_field(ctsio,
5660				      /*sks_valid*/ 1,
5661				      /*command*/ 1,
5662				      /*field*/ 6,
5663				      /*bit_valid*/ 0,
5664				      /*bit*/ 0);
5665		ctl_done((union ctl_io *)ctsio);
5666		return (CTL_RETVAL_COMPLETE);
5667	}
5668
5669	if ((byte2 & RWB_MODE) == RWB_MODE_DESCR) {
5670		descr[0] = 0;
5671		scsi_ulto3b(CTL_WRITE_BUFFER_SIZE, &descr[1]);
5672		ctsio->kern_data_ptr = descr;
5673		len = min(len, sizeof(descr));
5674	} else if ((byte2 & RWB_MODE) == RWB_MODE_ECHO_DESCR) {
5675		ctsio->kern_data_ptr = echo_descr;
5676		len = min(len, sizeof(echo_descr));
5677	} else {
5678		if (lun->write_buffer == NULL) {
5679			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5680			    M_CTL, M_WAITOK);
5681		}
5682		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5683	}
5684	ctsio->kern_data_len = len;
5685	ctsio->kern_total_len = len;
5686	ctsio->kern_data_resid = 0;
5687	ctsio->kern_rel_offset = 0;
5688	ctsio->kern_sg_entries = 0;
5689	ctl_set_success(ctsio);
5690	ctsio->be_move_done = ctl_config_move_done;
5691	ctl_datamove((union ctl_io *)ctsio);
5692	return (CTL_RETVAL_COMPLETE);
5693}
5694
5695int
5696ctl_write_buffer(struct ctl_scsiio *ctsio)
5697{
5698	struct scsi_write_buffer *cdb;
5699	struct ctl_lun *lun;
5700	int buffer_offset, len;
5701
5702	CTL_DEBUG_PRINT(("ctl_write_buffer\n"));
5703
5704	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5705	cdb = (struct scsi_write_buffer *)ctsio->cdb;
5706
5707	if ((cdb->byte2 & RWB_MODE) != RWB_MODE_DATA) {
5708		ctl_set_invalid_field(ctsio,
5709				      /*sks_valid*/ 1,
5710				      /*command*/ 1,
5711				      /*field*/ 1,
5712				      /*bit_valid*/ 1,
5713				      /*bit*/ 4);
5714		ctl_done((union ctl_io *)ctsio);
5715		return (CTL_RETVAL_COMPLETE);
5716	}
5717
5718	len = scsi_3btoul(cdb->length);
5719	buffer_offset = scsi_3btoul(cdb->offset);
5720
5721	if (buffer_offset + len > CTL_WRITE_BUFFER_SIZE) {
5722		ctl_set_invalid_field(ctsio,
5723				      /*sks_valid*/ 1,
5724				      /*command*/ 1,
5725				      /*field*/ 6,
5726				      /*bit_valid*/ 0,
5727				      /*bit*/ 0);
5728		ctl_done((union ctl_io *)ctsio);
5729		return (CTL_RETVAL_COMPLETE);
5730	}
5731
5732	/*
5733	 * If we've got a kernel request that hasn't been malloced yet,
5734	 * malloc it and tell the caller the data buffer is here.
5735	 */
5736	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5737		if (lun->write_buffer == NULL) {
5738			lun->write_buffer = malloc(CTL_WRITE_BUFFER_SIZE,
5739			    M_CTL, M_WAITOK);
5740		}
5741		ctsio->kern_data_ptr = lun->write_buffer + buffer_offset;
5742		ctsio->kern_data_len = len;
5743		ctsio->kern_total_len = len;
5744		ctsio->kern_data_resid = 0;
5745		ctsio->kern_rel_offset = 0;
5746		ctsio->kern_sg_entries = 0;
5747		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5748		ctsio->be_move_done = ctl_config_move_done;
5749		ctl_datamove((union ctl_io *)ctsio);
5750
5751		return (CTL_RETVAL_COMPLETE);
5752	}
5753
5754	ctl_set_success(ctsio);
5755	ctl_done((union ctl_io *)ctsio);
5756	return (CTL_RETVAL_COMPLETE);
5757}
5758
5759int
5760ctl_write_same(struct ctl_scsiio *ctsio)
5761{
5762	struct ctl_lun *lun;
5763	struct ctl_lba_len_flags *lbalen;
5764	uint64_t lba;
5765	uint32_t num_blocks;
5766	int len, retval;
5767	uint8_t byte2;
5768
5769	CTL_DEBUG_PRINT(("ctl_write_same\n"));
5770
5771	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5772
5773	switch (ctsio->cdb[0]) {
5774	case WRITE_SAME_10: {
5775		struct scsi_write_same_10 *cdb;
5776
5777		cdb = (struct scsi_write_same_10 *)ctsio->cdb;
5778
5779		lba = scsi_4btoul(cdb->addr);
5780		num_blocks = scsi_2btoul(cdb->length);
5781		byte2 = cdb->byte2;
5782		break;
5783	}
5784	case WRITE_SAME_16: {
5785		struct scsi_write_same_16 *cdb;
5786
5787		cdb = (struct scsi_write_same_16 *)ctsio->cdb;
5788
5789		lba = scsi_8btou64(cdb->addr);
5790		num_blocks = scsi_4btoul(cdb->length);
5791		byte2 = cdb->byte2;
5792		break;
5793	}
5794	default:
5795		/*
5796		 * We got a command we don't support.  This shouldn't
5797		 * happen, commands should be filtered out above us.
5798		 */
5799		ctl_set_invalid_opcode(ctsio);
5800		ctl_done((union ctl_io *)ctsio);
5801
5802		return (CTL_RETVAL_COMPLETE);
5803		break; /* NOTREACHED */
5804	}
5805
5806	/* ANCHOR flag can be used only together with UNMAP */
5807	if ((byte2 & SWS_UNMAP) == 0 && (byte2 & SWS_ANCHOR) != 0) {
5808		ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
5809		    /*command*/ 1, /*field*/ 1, /*bit_valid*/ 1, /*bit*/ 0);
5810		ctl_done((union ctl_io *)ctsio);
5811		return (CTL_RETVAL_COMPLETE);
5812	}
5813
5814	/*
5815	 * The first check is to make sure we're in bounds, the second
5816	 * check is to catch wrap-around problems.  If the lba + num blocks
5817	 * is less than the lba, then we've wrapped around and the block
5818	 * range is invalid anyway.
5819	 */
5820	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5821	 || ((lba + num_blocks) < lba)) {
5822		ctl_set_lba_out_of_range(ctsio);
5823		ctl_done((union ctl_io *)ctsio);
5824		return (CTL_RETVAL_COMPLETE);
5825	}
5826
5827	/* Zero number of blocks means "to the last logical block" */
5828	if (num_blocks == 0) {
5829		if ((lun->be_lun->maxlba + 1) - lba > UINT32_MAX) {
5830			ctl_set_invalid_field(ctsio,
5831					      /*sks_valid*/ 0,
5832					      /*command*/ 1,
5833					      /*field*/ 0,
5834					      /*bit_valid*/ 0,
5835					      /*bit*/ 0);
5836			ctl_done((union ctl_io *)ctsio);
5837			return (CTL_RETVAL_COMPLETE);
5838		}
5839		num_blocks = (lun->be_lun->maxlba + 1) - lba;
5840	}
5841
5842	len = lun->be_lun->blocksize;
5843
5844	/*
5845	 * If we've got a kernel request that hasn't been malloced yet,
5846	 * malloc it and tell the caller the data buffer is here.
5847	 */
5848	if ((byte2 & SWS_NDOB) == 0 &&
5849	    (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5850		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5851		ctsio->kern_data_len = len;
5852		ctsio->kern_total_len = len;
5853		ctsio->kern_data_resid = 0;
5854		ctsio->kern_rel_offset = 0;
5855		ctsio->kern_sg_entries = 0;
5856		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5857		ctsio->be_move_done = ctl_config_move_done;
5858		ctl_datamove((union ctl_io *)ctsio);
5859
5860		return (CTL_RETVAL_COMPLETE);
5861	}
5862
5863	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5864	lbalen->lba = lba;
5865	lbalen->len = num_blocks;
5866	lbalen->flags = byte2;
5867	retval = lun->backend->config_write((union ctl_io *)ctsio);
5868
5869	return (retval);
5870}
5871
5872int
5873ctl_unmap(struct ctl_scsiio *ctsio)
5874{
5875	struct ctl_lun *lun;
5876	struct scsi_unmap *cdb;
5877	struct ctl_ptr_len_flags *ptrlen;
5878	struct scsi_unmap_header *hdr;
5879	struct scsi_unmap_desc *buf, *end, *endnz, *range;
5880	uint64_t lba;
5881	uint32_t num_blocks;
5882	int len, retval;
5883	uint8_t byte2;
5884
5885	CTL_DEBUG_PRINT(("ctl_unmap\n"));
5886
5887	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5888	cdb = (struct scsi_unmap *)ctsio->cdb;
5889
5890	len = scsi_2btoul(cdb->length);
5891	byte2 = cdb->byte2;
5892
5893	/*
5894	 * If we've got a kernel request that hasn't been malloced yet,
5895	 * malloc it and tell the caller the data buffer is here.
5896	 */
5897	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
5898		ctsio->kern_data_ptr = malloc(len, M_CTL, M_WAITOK);;
5899		ctsio->kern_data_len = len;
5900		ctsio->kern_total_len = len;
5901		ctsio->kern_data_resid = 0;
5902		ctsio->kern_rel_offset = 0;
5903		ctsio->kern_sg_entries = 0;
5904		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
5905		ctsio->be_move_done = ctl_config_move_done;
5906		ctl_datamove((union ctl_io *)ctsio);
5907
5908		return (CTL_RETVAL_COMPLETE);
5909	}
5910
5911	len = ctsio->kern_total_len - ctsio->kern_data_resid;
5912	hdr = (struct scsi_unmap_header *)ctsio->kern_data_ptr;
5913	if (len < sizeof (*hdr) ||
5914	    len < (scsi_2btoul(hdr->length) + sizeof(hdr->length)) ||
5915	    len < (scsi_2btoul(hdr->desc_length) + sizeof (*hdr)) ||
5916	    scsi_2btoul(hdr->desc_length) % sizeof(*buf) != 0) {
5917		ctl_set_invalid_field(ctsio,
5918				      /*sks_valid*/ 0,
5919				      /*command*/ 0,
5920				      /*field*/ 0,
5921				      /*bit_valid*/ 0,
5922				      /*bit*/ 0);
5923		goto done;
5924	}
5925	len = scsi_2btoul(hdr->desc_length);
5926	buf = (struct scsi_unmap_desc *)(hdr + 1);
5927	end = buf + len / sizeof(*buf);
5928
5929	endnz = buf;
5930	for (range = buf; range < end; range++) {
5931		lba = scsi_8btou64(range->lba);
5932		num_blocks = scsi_4btoul(range->length);
5933		if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
5934		 || ((lba + num_blocks) < lba)) {
5935			ctl_set_lba_out_of_range(ctsio);
5936			ctl_done((union ctl_io *)ctsio);
5937			return (CTL_RETVAL_COMPLETE);
5938		}
5939		if (num_blocks != 0)
5940			endnz = range + 1;
5941	}
5942
5943	/*
5944	 * Block backend can not handle zero last range.
5945	 * Filter it out and return if there is nothing left.
5946	 */
5947	len = (uint8_t *)endnz - (uint8_t *)buf;
5948	if (len == 0) {
5949		ctl_set_success(ctsio);
5950		goto done;
5951	}
5952
5953	mtx_lock(&lun->lun_lock);
5954	ptrlen = (struct ctl_ptr_len_flags *)
5955	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
5956	ptrlen->ptr = (void *)buf;
5957	ptrlen->len = len;
5958	ptrlen->flags = byte2;
5959	ctl_check_blocked(lun);
5960	mtx_unlock(&lun->lun_lock);
5961
5962	retval = lun->backend->config_write((union ctl_io *)ctsio);
5963	return (retval);
5964
5965done:
5966	if (ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) {
5967		free(ctsio->kern_data_ptr, M_CTL);
5968		ctsio->io_hdr.flags &= ~CTL_FLAG_ALLOCATED;
5969	}
5970	ctl_done((union ctl_io *)ctsio);
5971	return (CTL_RETVAL_COMPLETE);
5972}
5973
5974/*
5975 * Note that this function currently doesn't actually do anything inside
5976 * CTL to enforce things if the DQue bit is turned on.
5977 *
5978 * Also note that this function can't be used in the default case, because
5979 * the DQue bit isn't set in the changeable mask for the control mode page
5980 * anyway.  This is just here as an example for how to implement a page
5981 * handler, and a placeholder in case we want to allow the user to turn
5982 * tagged queueing on and off.
5983 *
5984 * The D_SENSE bit handling is functional, however, and will turn
5985 * descriptor sense on and off for a given LUN.
5986 */
5987int
5988ctl_control_page_handler(struct ctl_scsiio *ctsio,
5989			 struct ctl_page_index *page_index, uint8_t *page_ptr)
5990{
5991	struct scsi_control_page *current_cp, *saved_cp, *user_cp;
5992	struct ctl_lun *lun;
5993	int set_ua;
5994	uint32_t initidx;
5995
5996	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
5997	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
5998	set_ua = 0;
5999
6000	user_cp = (struct scsi_control_page *)page_ptr;
6001	current_cp = (struct scsi_control_page *)
6002		(page_index->page_data + (page_index->page_len *
6003		CTL_PAGE_CURRENT));
6004	saved_cp = (struct scsi_control_page *)
6005		(page_index->page_data + (page_index->page_len *
6006		CTL_PAGE_SAVED));
6007
6008	mtx_lock(&lun->lun_lock);
6009	if (((current_cp->rlec & SCP_DSENSE) == 0)
6010	 && ((user_cp->rlec & SCP_DSENSE) != 0)) {
6011		/*
6012		 * Descriptor sense is currently turned off and the user
6013		 * wants to turn it on.
6014		 */
6015		current_cp->rlec |= SCP_DSENSE;
6016		saved_cp->rlec |= SCP_DSENSE;
6017		lun->flags |= CTL_LUN_SENSE_DESC;
6018		set_ua = 1;
6019	} else if (((current_cp->rlec & SCP_DSENSE) != 0)
6020		&& ((user_cp->rlec & SCP_DSENSE) == 0)) {
6021		/*
6022		 * Descriptor sense is currently turned on, and the user
6023		 * wants to turn it off.
6024		 */
6025		current_cp->rlec &= ~SCP_DSENSE;
6026		saved_cp->rlec &= ~SCP_DSENSE;
6027		lun->flags &= ~CTL_LUN_SENSE_DESC;
6028		set_ua = 1;
6029	}
6030	if ((current_cp->queue_flags & SCP_QUEUE_ALG_MASK) !=
6031	    (user_cp->queue_flags & SCP_QUEUE_ALG_MASK)) {
6032		current_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6033		current_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6034		saved_cp->queue_flags &= ~SCP_QUEUE_ALG_MASK;
6035		saved_cp->queue_flags |= user_cp->queue_flags & SCP_QUEUE_ALG_MASK;
6036		set_ua = 1;
6037	}
6038	if ((current_cp->eca_and_aen & SCP_SWP) !=
6039	    (user_cp->eca_and_aen & SCP_SWP)) {
6040		current_cp->eca_and_aen &= ~SCP_SWP;
6041		current_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6042		saved_cp->eca_and_aen &= ~SCP_SWP;
6043		saved_cp->eca_and_aen |= user_cp->eca_and_aen & SCP_SWP;
6044		set_ua = 1;
6045	}
6046	if (set_ua != 0)
6047		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6048	mtx_unlock(&lun->lun_lock);
6049	if (set_ua) {
6050		ctl_isc_announce_mode(lun,
6051		    ctl_get_initindex(&ctsio->io_hdr.nexus),
6052		    page_index->page_code, page_index->subpage);
6053	}
6054	return (0);
6055}
6056
6057int
6058ctl_caching_sp_handler(struct ctl_scsiio *ctsio,
6059		     struct ctl_page_index *page_index, uint8_t *page_ptr)
6060{
6061	struct scsi_caching_page *current_cp, *saved_cp, *user_cp;
6062	struct ctl_lun *lun;
6063	int set_ua;
6064	uint32_t initidx;
6065
6066	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6067	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
6068	set_ua = 0;
6069
6070	user_cp = (struct scsi_caching_page *)page_ptr;
6071	current_cp = (struct scsi_caching_page *)
6072		(page_index->page_data + (page_index->page_len *
6073		CTL_PAGE_CURRENT));
6074	saved_cp = (struct scsi_caching_page *)
6075		(page_index->page_data + (page_index->page_len *
6076		CTL_PAGE_SAVED));
6077
6078	mtx_lock(&lun->lun_lock);
6079	if ((current_cp->flags1 & (SCP_WCE | SCP_RCD)) !=
6080	    (user_cp->flags1 & (SCP_WCE | SCP_RCD))) {
6081		current_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6082		current_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6083		saved_cp->flags1 &= ~(SCP_WCE | SCP_RCD);
6084		saved_cp->flags1 |= user_cp->flags1 & (SCP_WCE | SCP_RCD);
6085		set_ua = 1;
6086	}
6087	if (set_ua != 0)
6088		ctl_est_ua_all(lun, initidx, CTL_UA_MODE_CHANGE);
6089	mtx_unlock(&lun->lun_lock);
6090	if (set_ua) {
6091		ctl_isc_announce_mode(lun,
6092		    ctl_get_initindex(&ctsio->io_hdr.nexus),
6093		    page_index->page_code, page_index->subpage);
6094	}
6095	return (0);
6096}
6097
6098int
6099ctl_debugconf_sp_select_handler(struct ctl_scsiio *ctsio,
6100				struct ctl_page_index *page_index,
6101				uint8_t *page_ptr)
6102{
6103	uint8_t *c;
6104	int i;
6105
6106	c = ((struct copan_debugconf_subpage *)page_ptr)->ctl_time_io_secs;
6107	ctl_time_io_secs =
6108		(c[0] << 8) |
6109		(c[1] << 0) |
6110		0;
6111	CTL_DEBUG_PRINT(("set ctl_time_io_secs to %d\n", ctl_time_io_secs));
6112	printf("set ctl_time_io_secs to %d\n", ctl_time_io_secs);
6113	printf("page data:");
6114	for (i=0; i<8; i++)
6115		printf(" %.2x",page_ptr[i]);
6116	printf("\n");
6117	return (0);
6118}
6119
6120int
6121ctl_debugconf_sp_sense_handler(struct ctl_scsiio *ctsio,
6122			       struct ctl_page_index *page_index,
6123			       int pc)
6124{
6125	struct copan_debugconf_subpage *page;
6126
6127	page = (struct copan_debugconf_subpage *)page_index->page_data +
6128		(page_index->page_len * pc);
6129
6130	switch (pc) {
6131	case SMS_PAGE_CTRL_CHANGEABLE >> 6:
6132	case SMS_PAGE_CTRL_DEFAULT >> 6:
6133	case SMS_PAGE_CTRL_SAVED >> 6:
6134		/*
6135		 * We don't update the changable or default bits for this page.
6136		 */
6137		break;
6138	case SMS_PAGE_CTRL_CURRENT >> 6:
6139		page->ctl_time_io_secs[0] = ctl_time_io_secs >> 8;
6140		page->ctl_time_io_secs[1] = ctl_time_io_secs >> 0;
6141		break;
6142	default:
6143#ifdef NEEDTOPORT
6144		EPRINT(0, "Invalid PC %d!!", pc);
6145#endif /* NEEDTOPORT */
6146		break;
6147	}
6148	return (0);
6149}
6150
6151
6152static int
6153ctl_do_mode_select(union ctl_io *io)
6154{
6155	struct scsi_mode_page_header *page_header;
6156	struct ctl_page_index *page_index;
6157	struct ctl_scsiio *ctsio;
6158	int control_dev, page_len;
6159	int page_len_offset, page_len_size;
6160	union ctl_modepage_info *modepage_info;
6161	struct ctl_lun *lun;
6162	int *len_left, *len_used;
6163	int retval, i;
6164
6165	ctsio = &io->scsiio;
6166	page_index = NULL;
6167	page_len = 0;
6168	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6169
6170	if (lun->be_lun->lun_type != T_DIRECT)
6171		control_dev = 1;
6172	else
6173		control_dev = 0;
6174
6175	modepage_info = (union ctl_modepage_info *)
6176		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6177	len_left = &modepage_info->header.len_left;
6178	len_used = &modepage_info->header.len_used;
6179
6180do_next_page:
6181
6182	page_header = (struct scsi_mode_page_header *)
6183		(ctsio->kern_data_ptr + *len_used);
6184
6185	if (*len_left == 0) {
6186		free(ctsio->kern_data_ptr, M_CTL);
6187		ctl_set_success(ctsio);
6188		ctl_done((union ctl_io *)ctsio);
6189		return (CTL_RETVAL_COMPLETE);
6190	} else if (*len_left < sizeof(struct scsi_mode_page_header)) {
6191
6192		free(ctsio->kern_data_ptr, M_CTL);
6193		ctl_set_param_len_error(ctsio);
6194		ctl_done((union ctl_io *)ctsio);
6195		return (CTL_RETVAL_COMPLETE);
6196
6197	} else if ((page_header->page_code & SMPH_SPF)
6198		&& (*len_left < sizeof(struct scsi_mode_page_header_sp))) {
6199
6200		free(ctsio->kern_data_ptr, M_CTL);
6201		ctl_set_param_len_error(ctsio);
6202		ctl_done((union ctl_io *)ctsio);
6203		return (CTL_RETVAL_COMPLETE);
6204	}
6205
6206
6207	/*
6208	 * XXX KDM should we do something with the block descriptor?
6209	 */
6210	for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6211
6212		if ((control_dev != 0)
6213		 && (lun->mode_pages.index[i].page_flags &
6214		     CTL_PAGE_FLAG_DISK_ONLY))
6215			continue;
6216
6217		if ((lun->mode_pages.index[i].page_code & SMPH_PC_MASK) !=
6218		    (page_header->page_code & SMPH_PC_MASK))
6219			continue;
6220
6221		/*
6222		 * If neither page has a subpage code, then we've got a
6223		 * match.
6224		 */
6225		if (((lun->mode_pages.index[i].page_code & SMPH_SPF) == 0)
6226		 && ((page_header->page_code & SMPH_SPF) == 0)) {
6227			page_index = &lun->mode_pages.index[i];
6228			page_len = page_header->page_length;
6229			break;
6230		}
6231
6232		/*
6233		 * If both pages have subpages, then the subpage numbers
6234		 * have to match.
6235		 */
6236		if ((lun->mode_pages.index[i].page_code & SMPH_SPF)
6237		  && (page_header->page_code & SMPH_SPF)) {
6238			struct scsi_mode_page_header_sp *sph;
6239
6240			sph = (struct scsi_mode_page_header_sp *)page_header;
6241
6242			if (lun->mode_pages.index[i].subpage ==
6243			    sph->subpage) {
6244				page_index = &lun->mode_pages.index[i];
6245				page_len = scsi_2btoul(sph->page_length);
6246				break;
6247			}
6248		}
6249	}
6250
6251	/*
6252	 * If we couldn't find the page, or if we don't have a mode select
6253	 * handler for it, send back an error to the user.
6254	 */
6255	if ((page_index == NULL)
6256	 || (page_index->select_handler == NULL)) {
6257		ctl_set_invalid_field(ctsio,
6258				      /*sks_valid*/ 1,
6259				      /*command*/ 0,
6260				      /*field*/ *len_used,
6261				      /*bit_valid*/ 0,
6262				      /*bit*/ 0);
6263		free(ctsio->kern_data_ptr, M_CTL);
6264		ctl_done((union ctl_io *)ctsio);
6265		return (CTL_RETVAL_COMPLETE);
6266	}
6267
6268	if (page_index->page_code & SMPH_SPF) {
6269		page_len_offset = 2;
6270		page_len_size = 2;
6271	} else {
6272		page_len_size = 1;
6273		page_len_offset = 1;
6274	}
6275
6276	/*
6277	 * If the length the initiator gives us isn't the one we specify in
6278	 * the mode page header, or if they didn't specify enough data in
6279	 * the CDB to avoid truncating this page, kick out the request.
6280	 */
6281	if ((page_len != (page_index->page_len - page_len_offset -
6282			  page_len_size))
6283	 || (*len_left < page_index->page_len)) {
6284
6285
6286		ctl_set_invalid_field(ctsio,
6287				      /*sks_valid*/ 1,
6288				      /*command*/ 0,
6289				      /*field*/ *len_used + page_len_offset,
6290				      /*bit_valid*/ 0,
6291				      /*bit*/ 0);
6292		free(ctsio->kern_data_ptr, M_CTL);
6293		ctl_done((union ctl_io *)ctsio);
6294		return (CTL_RETVAL_COMPLETE);
6295	}
6296
6297	/*
6298	 * Run through the mode page, checking to make sure that the bits
6299	 * the user changed are actually legal for him to change.
6300	 */
6301	for (i = 0; i < page_index->page_len; i++) {
6302		uint8_t *user_byte, *change_mask, *current_byte;
6303		int bad_bit;
6304		int j;
6305
6306		user_byte = (uint8_t *)page_header + i;
6307		change_mask = page_index->page_data +
6308			      (page_index->page_len * CTL_PAGE_CHANGEABLE) + i;
6309		current_byte = page_index->page_data +
6310			       (page_index->page_len * CTL_PAGE_CURRENT) + i;
6311
6312		/*
6313		 * Check to see whether the user set any bits in this byte
6314		 * that he is not allowed to set.
6315		 */
6316		if ((*user_byte & ~(*change_mask)) ==
6317		    (*current_byte & ~(*change_mask)))
6318			continue;
6319
6320		/*
6321		 * Go through bit by bit to determine which one is illegal.
6322		 */
6323		bad_bit = 0;
6324		for (j = 7; j >= 0; j--) {
6325			if ((((1 << i) & ~(*change_mask)) & *user_byte) !=
6326			    (((1 << i) & ~(*change_mask)) & *current_byte)) {
6327				bad_bit = i;
6328				break;
6329			}
6330		}
6331		ctl_set_invalid_field(ctsio,
6332				      /*sks_valid*/ 1,
6333				      /*command*/ 0,
6334				      /*field*/ *len_used + i,
6335				      /*bit_valid*/ 1,
6336				      /*bit*/ bad_bit);
6337		free(ctsio->kern_data_ptr, M_CTL);
6338		ctl_done((union ctl_io *)ctsio);
6339		return (CTL_RETVAL_COMPLETE);
6340	}
6341
6342	/*
6343	 * Decrement these before we call the page handler, since we may
6344	 * end up getting called back one way or another before the handler
6345	 * returns to this context.
6346	 */
6347	*len_left -= page_index->page_len;
6348	*len_used += page_index->page_len;
6349
6350	retval = page_index->select_handler(ctsio, page_index,
6351					    (uint8_t *)page_header);
6352
6353	/*
6354	 * If the page handler returns CTL_RETVAL_QUEUED, then we need to
6355	 * wait until this queued command completes to finish processing
6356	 * the mode page.  If it returns anything other than
6357	 * CTL_RETVAL_COMPLETE (e.g. CTL_RETVAL_ERROR), then it should have
6358	 * already set the sense information, freed the data pointer, and
6359	 * completed the io for us.
6360	 */
6361	if (retval != CTL_RETVAL_COMPLETE)
6362		goto bailout_no_done;
6363
6364	/*
6365	 * If the initiator sent us more than one page, parse the next one.
6366	 */
6367	if (*len_left > 0)
6368		goto do_next_page;
6369
6370	ctl_set_success(ctsio);
6371	free(ctsio->kern_data_ptr, M_CTL);
6372	ctl_done((union ctl_io *)ctsio);
6373
6374bailout_no_done:
6375
6376	return (CTL_RETVAL_COMPLETE);
6377
6378}
6379
6380int
6381ctl_mode_select(struct ctl_scsiio *ctsio)
6382{
6383	int param_len, pf, sp;
6384	int header_size, bd_len;
6385	union ctl_modepage_info *modepage_info;
6386
6387	switch (ctsio->cdb[0]) {
6388	case MODE_SELECT_6: {
6389		struct scsi_mode_select_6 *cdb;
6390
6391		cdb = (struct scsi_mode_select_6 *)ctsio->cdb;
6392
6393		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6394		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6395		param_len = cdb->length;
6396		header_size = sizeof(struct scsi_mode_header_6);
6397		break;
6398	}
6399	case MODE_SELECT_10: {
6400		struct scsi_mode_select_10 *cdb;
6401
6402		cdb = (struct scsi_mode_select_10 *)ctsio->cdb;
6403
6404		pf = (cdb->byte2 & SMS_PF) ? 1 : 0;
6405		sp = (cdb->byte2 & SMS_SP) ? 1 : 0;
6406		param_len = scsi_2btoul(cdb->length);
6407		header_size = sizeof(struct scsi_mode_header_10);
6408		break;
6409	}
6410	default:
6411		ctl_set_invalid_opcode(ctsio);
6412		ctl_done((union ctl_io *)ctsio);
6413		return (CTL_RETVAL_COMPLETE);
6414	}
6415
6416	/*
6417	 * From SPC-3:
6418	 * "A parameter list length of zero indicates that the Data-Out Buffer
6419	 * shall be empty. This condition shall not be considered as an error."
6420	 */
6421	if (param_len == 0) {
6422		ctl_set_success(ctsio);
6423		ctl_done((union ctl_io *)ctsio);
6424		return (CTL_RETVAL_COMPLETE);
6425	}
6426
6427	/*
6428	 * Since we'll hit this the first time through, prior to
6429	 * allocation, we don't need to free a data buffer here.
6430	 */
6431	if (param_len < header_size) {
6432		ctl_set_param_len_error(ctsio);
6433		ctl_done((union ctl_io *)ctsio);
6434		return (CTL_RETVAL_COMPLETE);
6435	}
6436
6437	/*
6438	 * Allocate the data buffer and grab the user's data.  In theory,
6439	 * we shouldn't have to sanity check the parameter list length here
6440	 * because the maximum size is 64K.  We should be able to malloc
6441	 * that much without too many problems.
6442	 */
6443	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
6444		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
6445		ctsio->kern_data_len = param_len;
6446		ctsio->kern_total_len = param_len;
6447		ctsio->kern_data_resid = 0;
6448		ctsio->kern_rel_offset = 0;
6449		ctsio->kern_sg_entries = 0;
6450		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6451		ctsio->be_move_done = ctl_config_move_done;
6452		ctl_datamove((union ctl_io *)ctsio);
6453
6454		return (CTL_RETVAL_COMPLETE);
6455	}
6456
6457	switch (ctsio->cdb[0]) {
6458	case MODE_SELECT_6: {
6459		struct scsi_mode_header_6 *mh6;
6460
6461		mh6 = (struct scsi_mode_header_6 *)ctsio->kern_data_ptr;
6462		bd_len = mh6->blk_desc_len;
6463		break;
6464	}
6465	case MODE_SELECT_10: {
6466		struct scsi_mode_header_10 *mh10;
6467
6468		mh10 = (struct scsi_mode_header_10 *)ctsio->kern_data_ptr;
6469		bd_len = scsi_2btoul(mh10->blk_desc_len);
6470		break;
6471	}
6472	default:
6473		panic("Invalid CDB type %#x", ctsio->cdb[0]);
6474		break;
6475	}
6476
6477	if (param_len < (header_size + bd_len)) {
6478		free(ctsio->kern_data_ptr, M_CTL);
6479		ctl_set_param_len_error(ctsio);
6480		ctl_done((union ctl_io *)ctsio);
6481		return (CTL_RETVAL_COMPLETE);
6482	}
6483
6484	/*
6485	 * Set the IO_CONT flag, so that if this I/O gets passed to
6486	 * ctl_config_write_done(), it'll get passed back to
6487	 * ctl_do_mode_select() for further processing, or completion if
6488	 * we're all done.
6489	 */
6490	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
6491	ctsio->io_cont = ctl_do_mode_select;
6492
6493	modepage_info = (union ctl_modepage_info *)
6494		ctsio->io_hdr.ctl_private[CTL_PRIV_MODEPAGE].bytes;
6495	memset(modepage_info, 0, sizeof(*modepage_info));
6496	modepage_info->header.len_left = param_len - header_size - bd_len;
6497	modepage_info->header.len_used = header_size + bd_len;
6498
6499	return (ctl_do_mode_select((union ctl_io *)ctsio));
6500}
6501
6502int
6503ctl_mode_sense(struct ctl_scsiio *ctsio)
6504{
6505	struct ctl_lun *lun;
6506	int pc, page_code, dbd, llba, subpage;
6507	int alloc_len, page_len, header_len, total_len;
6508	struct scsi_mode_block_descr *block_desc;
6509	struct ctl_page_index *page_index;
6510	int control_dev;
6511
6512	dbd = 0;
6513	llba = 0;
6514	block_desc = NULL;
6515	page_index = NULL;
6516
6517	CTL_DEBUG_PRINT(("ctl_mode_sense\n"));
6518
6519	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6520
6521	if (lun->be_lun->lun_type != T_DIRECT)
6522		control_dev = 1;
6523	else
6524		control_dev = 0;
6525
6526	switch (ctsio->cdb[0]) {
6527	case MODE_SENSE_6: {
6528		struct scsi_mode_sense_6 *cdb;
6529
6530		cdb = (struct scsi_mode_sense_6 *)ctsio->cdb;
6531
6532		header_len = sizeof(struct scsi_mode_hdr_6);
6533		if (cdb->byte2 & SMS_DBD)
6534			dbd = 1;
6535		else
6536			header_len += sizeof(struct scsi_mode_block_descr);
6537
6538		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6539		page_code = cdb->page & SMS_PAGE_CODE;
6540		subpage = cdb->subpage;
6541		alloc_len = cdb->length;
6542		break;
6543	}
6544	case MODE_SENSE_10: {
6545		struct scsi_mode_sense_10 *cdb;
6546
6547		cdb = (struct scsi_mode_sense_10 *)ctsio->cdb;
6548
6549		header_len = sizeof(struct scsi_mode_hdr_10);
6550
6551		if (cdb->byte2 & SMS_DBD)
6552			dbd = 1;
6553		else
6554			header_len += sizeof(struct scsi_mode_block_descr);
6555		if (cdb->byte2 & SMS10_LLBAA)
6556			llba = 1;
6557		pc = (cdb->page & SMS_PAGE_CTRL_MASK) >> 6;
6558		page_code = cdb->page & SMS_PAGE_CODE;
6559		subpage = cdb->subpage;
6560		alloc_len = scsi_2btoul(cdb->length);
6561		break;
6562	}
6563	default:
6564		ctl_set_invalid_opcode(ctsio);
6565		ctl_done((union ctl_io *)ctsio);
6566		return (CTL_RETVAL_COMPLETE);
6567		break; /* NOTREACHED */
6568	}
6569
6570	/*
6571	 * We have to make a first pass through to calculate the size of
6572	 * the pages that match the user's query.  Then we allocate enough
6573	 * memory to hold it, and actually copy the data into the buffer.
6574	 */
6575	switch (page_code) {
6576	case SMS_ALL_PAGES_PAGE: {
6577		int i;
6578
6579		page_len = 0;
6580
6581		/*
6582		 * At the moment, values other than 0 and 0xff here are
6583		 * reserved according to SPC-3.
6584		 */
6585		if ((subpage != SMS_SUBPAGE_PAGE_0)
6586		 && (subpage != SMS_SUBPAGE_ALL)) {
6587			ctl_set_invalid_field(ctsio,
6588					      /*sks_valid*/ 1,
6589					      /*command*/ 1,
6590					      /*field*/ 3,
6591					      /*bit_valid*/ 0,
6592					      /*bit*/ 0);
6593			ctl_done((union ctl_io *)ctsio);
6594			return (CTL_RETVAL_COMPLETE);
6595		}
6596
6597		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6598			if ((control_dev != 0)
6599			 && (lun->mode_pages.index[i].page_flags &
6600			     CTL_PAGE_FLAG_DISK_ONLY))
6601				continue;
6602
6603			/*
6604			 * We don't use this subpage if the user didn't
6605			 * request all subpages.
6606			 */
6607			if ((lun->mode_pages.index[i].subpage != 0)
6608			 && (subpage == SMS_SUBPAGE_PAGE_0))
6609				continue;
6610
6611#if 0
6612			printf("found page %#x len %d\n",
6613			       lun->mode_pages.index[i].page_code &
6614			       SMPH_PC_MASK,
6615			       lun->mode_pages.index[i].page_len);
6616#endif
6617			page_len += lun->mode_pages.index[i].page_len;
6618		}
6619		break;
6620	}
6621	default: {
6622		int i;
6623
6624		page_len = 0;
6625
6626		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6627			/* Look for the right page code */
6628			if ((lun->mode_pages.index[i].page_code &
6629			     SMPH_PC_MASK) != page_code)
6630				continue;
6631
6632			/* Look for the right subpage or the subpage wildcard*/
6633			if ((lun->mode_pages.index[i].subpage != subpage)
6634			 && (subpage != SMS_SUBPAGE_ALL))
6635				continue;
6636
6637			/* Make sure the page is supported for this dev type */
6638			if ((control_dev != 0)
6639			 && (lun->mode_pages.index[i].page_flags &
6640			     CTL_PAGE_FLAG_DISK_ONLY))
6641				continue;
6642
6643#if 0
6644			printf("found page %#x len %d\n",
6645			       lun->mode_pages.index[i].page_code &
6646			       SMPH_PC_MASK,
6647			       lun->mode_pages.index[i].page_len);
6648#endif
6649
6650			page_len += lun->mode_pages.index[i].page_len;
6651		}
6652
6653		if (page_len == 0) {
6654			ctl_set_invalid_field(ctsio,
6655					      /*sks_valid*/ 1,
6656					      /*command*/ 1,
6657					      /*field*/ 2,
6658					      /*bit_valid*/ 1,
6659					      /*bit*/ 5);
6660			ctl_done((union ctl_io *)ctsio);
6661			return (CTL_RETVAL_COMPLETE);
6662		}
6663		break;
6664	}
6665	}
6666
6667	total_len = header_len + page_len;
6668#if 0
6669	printf("header_len = %d, page_len = %d, total_len = %d\n",
6670	       header_len, page_len, total_len);
6671#endif
6672
6673	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
6674	ctsio->kern_sg_entries = 0;
6675	ctsio->kern_data_resid = 0;
6676	ctsio->kern_rel_offset = 0;
6677	if (total_len < alloc_len) {
6678		ctsio->residual = alloc_len - total_len;
6679		ctsio->kern_data_len = total_len;
6680		ctsio->kern_total_len = total_len;
6681	} else {
6682		ctsio->residual = 0;
6683		ctsio->kern_data_len = alloc_len;
6684		ctsio->kern_total_len = alloc_len;
6685	}
6686
6687	switch (ctsio->cdb[0]) {
6688	case MODE_SENSE_6: {
6689		struct scsi_mode_hdr_6 *header;
6690
6691		header = (struct scsi_mode_hdr_6 *)ctsio->kern_data_ptr;
6692
6693		header->datalen = MIN(total_len - 1, 254);
6694		if (control_dev == 0) {
6695			header->dev_specific = 0x10; /* DPOFUA */
6696			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6697			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6698			    .eca_and_aen & SCP_SWP) != 0)
6699				    header->dev_specific |= 0x80; /* WP */
6700		}
6701		if (dbd)
6702			header->block_descr_len = 0;
6703		else
6704			header->block_descr_len =
6705				sizeof(struct scsi_mode_block_descr);
6706		block_desc = (struct scsi_mode_block_descr *)&header[1];
6707		break;
6708	}
6709	case MODE_SENSE_10: {
6710		struct scsi_mode_hdr_10 *header;
6711		int datalen;
6712
6713		header = (struct scsi_mode_hdr_10 *)ctsio->kern_data_ptr;
6714
6715		datalen = MIN(total_len - 2, 65533);
6716		scsi_ulto2b(datalen, header->datalen);
6717		if (control_dev == 0) {
6718			header->dev_specific = 0x10; /* DPOFUA */
6719			if ((lun->be_lun->flags & CTL_LUN_FLAG_READONLY) ||
6720			    (lun->mode_pages.control_page[CTL_PAGE_CURRENT]
6721			    .eca_and_aen & SCP_SWP) != 0)
6722				    header->dev_specific |= 0x80; /* WP */
6723		}
6724		if (dbd)
6725			scsi_ulto2b(0, header->block_descr_len);
6726		else
6727			scsi_ulto2b(sizeof(struct scsi_mode_block_descr),
6728				    header->block_descr_len);
6729		block_desc = (struct scsi_mode_block_descr *)&header[1];
6730		break;
6731	}
6732	default:
6733		panic("invalid CDB type %#x", ctsio->cdb[0]);
6734		break; /* NOTREACHED */
6735	}
6736
6737	/*
6738	 * If we've got a disk, use its blocksize in the block
6739	 * descriptor.  Otherwise, just set it to 0.
6740	 */
6741	if (dbd == 0) {
6742		if (control_dev == 0)
6743			scsi_ulto3b(lun->be_lun->blocksize,
6744				    block_desc->block_len);
6745		else
6746			scsi_ulto3b(0, block_desc->block_len);
6747	}
6748
6749	switch (page_code) {
6750	case SMS_ALL_PAGES_PAGE: {
6751		int i, data_used;
6752
6753		data_used = header_len;
6754		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6755			struct ctl_page_index *page_index;
6756
6757			page_index = &lun->mode_pages.index[i];
6758
6759			if ((control_dev != 0)
6760			 && (page_index->page_flags &
6761			    CTL_PAGE_FLAG_DISK_ONLY))
6762				continue;
6763
6764			/*
6765			 * We don't use this subpage if the user didn't
6766			 * request all subpages.  We already checked (above)
6767			 * to make sure the user only specified a subpage
6768			 * of 0 or 0xff in the SMS_ALL_PAGES_PAGE case.
6769			 */
6770			if ((page_index->subpage != 0)
6771			 && (subpage == SMS_SUBPAGE_PAGE_0))
6772				continue;
6773
6774			/*
6775			 * Call the handler, if it exists, to update the
6776			 * page to the latest values.
6777			 */
6778			if (page_index->sense_handler != NULL)
6779				page_index->sense_handler(ctsio, page_index,pc);
6780
6781			memcpy(ctsio->kern_data_ptr + data_used,
6782			       page_index->page_data +
6783			       (page_index->page_len * pc),
6784			       page_index->page_len);
6785			data_used += page_index->page_len;
6786		}
6787		break;
6788	}
6789	default: {
6790		int i, data_used;
6791
6792		data_used = header_len;
6793
6794		for (i = 0; i < CTL_NUM_MODE_PAGES; i++) {
6795			struct ctl_page_index *page_index;
6796
6797			page_index = &lun->mode_pages.index[i];
6798
6799			/* Look for the right page code */
6800			if ((page_index->page_code & SMPH_PC_MASK) != page_code)
6801				continue;
6802
6803			/* Look for the right subpage or the subpage wildcard*/
6804			if ((page_index->subpage != subpage)
6805			 && (subpage != SMS_SUBPAGE_ALL))
6806				continue;
6807
6808			/* Make sure the page is supported for this dev type */
6809			if ((control_dev != 0)
6810			 && (page_index->page_flags &
6811			     CTL_PAGE_FLAG_DISK_ONLY))
6812				continue;
6813
6814			/*
6815			 * Call the handler, if it exists, to update the
6816			 * page to the latest values.
6817			 */
6818			if (page_index->sense_handler != NULL)
6819				page_index->sense_handler(ctsio, page_index,pc);
6820
6821			memcpy(ctsio->kern_data_ptr + data_used,
6822			       page_index->page_data +
6823			       (page_index->page_len * pc),
6824			       page_index->page_len);
6825			data_used += page_index->page_len;
6826		}
6827		break;
6828	}
6829	}
6830
6831	ctl_set_success(ctsio);
6832	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
6833	ctsio->be_move_done = ctl_config_move_done;
6834	ctl_datamove((union ctl_io *)ctsio);
6835	return (CTL_RETVAL_COMPLETE);
6836}
6837
6838int
6839ctl_lbp_log_sense_handler(struct ctl_scsiio *ctsio,
6840			       struct ctl_page_index *page_index,
6841			       int pc)
6842{
6843	struct ctl_lun *lun;
6844	struct scsi_log_param_header *phdr;
6845	uint8_t *data;
6846	uint64_t val;
6847
6848	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6849	data = page_index->page_data;
6850
6851	if (lun->backend->lun_attr != NULL &&
6852	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksavail"))
6853	     != UINT64_MAX) {
6854		phdr = (struct scsi_log_param_header *)data;
6855		scsi_ulto2b(0x0001, phdr->param_code);
6856		phdr->param_control = SLP_LBIN | SLP_LP;
6857		phdr->param_len = 8;
6858		data = (uint8_t *)(phdr + 1);
6859		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6860		data[4] = 0x02; /* per-pool */
6861		data += phdr->param_len;
6862	}
6863
6864	if (lun->backend->lun_attr != NULL &&
6865	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "blocksused"))
6866	     != UINT64_MAX) {
6867		phdr = (struct scsi_log_param_header *)data;
6868		scsi_ulto2b(0x0002, phdr->param_code);
6869		phdr->param_control = SLP_LBIN | SLP_LP;
6870		phdr->param_len = 8;
6871		data = (uint8_t *)(phdr + 1);
6872		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6873		data[4] = 0x01; /* per-LUN */
6874		data += phdr->param_len;
6875	}
6876
6877	if (lun->backend->lun_attr != NULL &&
6878	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksavail"))
6879	     != UINT64_MAX) {
6880		phdr = (struct scsi_log_param_header *)data;
6881		scsi_ulto2b(0x00f1, phdr->param_code);
6882		phdr->param_control = SLP_LBIN | SLP_LP;
6883		phdr->param_len = 8;
6884		data = (uint8_t *)(phdr + 1);
6885		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6886		data[4] = 0x02; /* per-pool */
6887		data += phdr->param_len;
6888	}
6889
6890	if (lun->backend->lun_attr != NULL &&
6891	    (val = lun->backend->lun_attr(lun->be_lun->be_lun, "poolblocksused"))
6892	     != UINT64_MAX) {
6893		phdr = (struct scsi_log_param_header *)data;
6894		scsi_ulto2b(0x00f2, phdr->param_code);
6895		phdr->param_control = SLP_LBIN | SLP_LP;
6896		phdr->param_len = 8;
6897		data = (uint8_t *)(phdr + 1);
6898		scsi_ulto4b(val >> CTL_LBP_EXPONENT, data);
6899		data[4] = 0x02; /* per-pool */
6900		data += phdr->param_len;
6901	}
6902
6903	page_index->page_len = data - page_index->page_data;
6904	return (0);
6905}
6906
6907int
6908ctl_sap_log_sense_handler(struct ctl_scsiio *ctsio,
6909			       struct ctl_page_index *page_index,
6910			       int pc)
6911{
6912	struct ctl_lun *lun;
6913	struct stat_page *data;
6914	uint64_t rn, wn, rb, wb;
6915	struct bintime rt, wt;
6916	int i;
6917
6918	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6919	data = (struct stat_page *)page_index->page_data;
6920
6921	scsi_ulto2b(SLP_SAP, data->sap.hdr.param_code);
6922	data->sap.hdr.param_control = SLP_LBIN;
6923	data->sap.hdr.param_len = sizeof(struct scsi_log_stat_and_perf) -
6924	    sizeof(struct scsi_log_param_header);
6925	rn = wn = rb = wb = 0;
6926	bintime_clear(&rt);
6927	bintime_clear(&wt);
6928	for (i = 0; i < CTL_MAX_PORTS; i++) {
6929		rn += lun->stats.ports[i].operations[CTL_STATS_READ];
6930		wn += lun->stats.ports[i].operations[CTL_STATS_WRITE];
6931		rb += lun->stats.ports[i].bytes[CTL_STATS_READ];
6932		wb += lun->stats.ports[i].bytes[CTL_STATS_WRITE];
6933		bintime_add(&rt, &lun->stats.ports[i].time[CTL_STATS_READ]);
6934		bintime_add(&wt, &lun->stats.ports[i].time[CTL_STATS_WRITE]);
6935	}
6936	scsi_u64to8b(rn, data->sap.read_num);
6937	scsi_u64to8b(wn, data->sap.write_num);
6938	if (lun->stats.blocksize > 0) {
6939		scsi_u64to8b(wb / lun->stats.blocksize,
6940		    data->sap.recvieved_lba);
6941		scsi_u64to8b(rb / lun->stats.blocksize,
6942		    data->sap.transmitted_lba);
6943	}
6944	scsi_u64to8b((uint64_t)rt.sec * 1000 + rt.frac / (UINT64_MAX / 1000),
6945	    data->sap.read_int);
6946	scsi_u64to8b((uint64_t)wt.sec * 1000 + wt.frac / (UINT64_MAX / 1000),
6947	    data->sap.write_int);
6948	scsi_u64to8b(0, data->sap.weighted_num);
6949	scsi_u64to8b(0, data->sap.weighted_int);
6950	scsi_ulto2b(SLP_IT, data->it.hdr.param_code);
6951	data->it.hdr.param_control = SLP_LBIN;
6952	data->it.hdr.param_len = sizeof(struct scsi_log_idle_time) -
6953	    sizeof(struct scsi_log_param_header);
6954#ifdef CTL_TIME_IO
6955	scsi_u64to8b(lun->idle_time / SBT_1MS, data->it.idle_int);
6956#endif
6957	scsi_ulto2b(SLP_TI, data->ti.hdr.param_code);
6958	data->it.hdr.param_control = SLP_LBIN;
6959	data->ti.hdr.param_len = sizeof(struct scsi_log_time_interval) -
6960	    sizeof(struct scsi_log_param_header);
6961	scsi_ulto4b(3, data->ti.exponent);
6962	scsi_ulto4b(1, data->ti.integer);
6963
6964	page_index->page_len = sizeof(*data);
6965	return (0);
6966}
6967
6968int
6969ctl_log_sense(struct ctl_scsiio *ctsio)
6970{
6971	struct ctl_lun *lun;
6972	int i, pc, page_code, subpage;
6973	int alloc_len, total_len;
6974	struct ctl_page_index *page_index;
6975	struct scsi_log_sense *cdb;
6976	struct scsi_log_header *header;
6977
6978	CTL_DEBUG_PRINT(("ctl_log_sense\n"));
6979
6980	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
6981	cdb = (struct scsi_log_sense *)ctsio->cdb;
6982	pc = (cdb->page & SLS_PAGE_CTRL_MASK) >> 6;
6983	page_code = cdb->page & SLS_PAGE_CODE;
6984	subpage = cdb->subpage;
6985	alloc_len = scsi_2btoul(cdb->length);
6986
6987	page_index = NULL;
6988	for (i = 0; i < CTL_NUM_LOG_PAGES; i++) {
6989		page_index = &lun->log_pages.index[i];
6990
6991		/* Look for the right page code */
6992		if ((page_index->page_code & SL_PAGE_CODE) != page_code)
6993			continue;
6994
6995		/* Look for the right subpage or the subpage wildcard*/
6996		if (page_index->subpage != subpage)
6997			continue;
6998
6999		break;
7000	}
7001	if (i >= CTL_NUM_LOG_PAGES) {
7002		ctl_set_invalid_field(ctsio,
7003				      /*sks_valid*/ 1,
7004				      /*command*/ 1,
7005				      /*field*/ 2,
7006				      /*bit_valid*/ 0,
7007				      /*bit*/ 0);
7008		ctl_done((union ctl_io *)ctsio);
7009		return (CTL_RETVAL_COMPLETE);
7010	}
7011
7012	total_len = sizeof(struct scsi_log_header) + page_index->page_len;
7013
7014	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7015	ctsio->kern_sg_entries = 0;
7016	ctsio->kern_data_resid = 0;
7017	ctsio->kern_rel_offset = 0;
7018	if (total_len < alloc_len) {
7019		ctsio->residual = alloc_len - total_len;
7020		ctsio->kern_data_len = total_len;
7021		ctsio->kern_total_len = total_len;
7022	} else {
7023		ctsio->residual = 0;
7024		ctsio->kern_data_len = alloc_len;
7025		ctsio->kern_total_len = alloc_len;
7026	}
7027
7028	header = (struct scsi_log_header *)ctsio->kern_data_ptr;
7029	header->page = page_index->page_code;
7030	if (page_index->subpage) {
7031		header->page |= SL_SPF;
7032		header->subpage = page_index->subpage;
7033	}
7034	scsi_ulto2b(page_index->page_len, header->datalen);
7035
7036	/*
7037	 * Call the handler, if it exists, to update the
7038	 * page to the latest values.
7039	 */
7040	if (page_index->sense_handler != NULL)
7041		page_index->sense_handler(ctsio, page_index, pc);
7042
7043	memcpy(header + 1, page_index->page_data, page_index->page_len);
7044
7045	ctl_set_success(ctsio);
7046	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7047	ctsio->be_move_done = ctl_config_move_done;
7048	ctl_datamove((union ctl_io *)ctsio);
7049	return (CTL_RETVAL_COMPLETE);
7050}
7051
7052int
7053ctl_read_capacity(struct ctl_scsiio *ctsio)
7054{
7055	struct scsi_read_capacity *cdb;
7056	struct scsi_read_capacity_data *data;
7057	struct ctl_lun *lun;
7058	uint32_t lba;
7059
7060	CTL_DEBUG_PRINT(("ctl_read_capacity\n"));
7061
7062	cdb = (struct scsi_read_capacity *)ctsio->cdb;
7063
7064	lba = scsi_4btoul(cdb->addr);
7065	if (((cdb->pmi & SRC_PMI) == 0)
7066	 && (lba != 0)) {
7067		ctl_set_invalid_field(/*ctsio*/ ctsio,
7068				      /*sks_valid*/ 1,
7069				      /*command*/ 1,
7070				      /*field*/ 2,
7071				      /*bit_valid*/ 0,
7072				      /*bit*/ 0);
7073		ctl_done((union ctl_io *)ctsio);
7074		return (CTL_RETVAL_COMPLETE);
7075	}
7076
7077	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7078
7079	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7080	data = (struct scsi_read_capacity_data *)ctsio->kern_data_ptr;
7081	ctsio->residual = 0;
7082	ctsio->kern_data_len = sizeof(*data);
7083	ctsio->kern_total_len = sizeof(*data);
7084	ctsio->kern_data_resid = 0;
7085	ctsio->kern_rel_offset = 0;
7086	ctsio->kern_sg_entries = 0;
7087
7088	/*
7089	 * If the maximum LBA is greater than 0xfffffffe, the user must
7090	 * issue a SERVICE ACTION IN (16) command, with the read capacity
7091	 * serivce action set.
7092	 */
7093	if (lun->be_lun->maxlba > 0xfffffffe)
7094		scsi_ulto4b(0xffffffff, data->addr);
7095	else
7096		scsi_ulto4b(lun->be_lun->maxlba, data->addr);
7097
7098	/*
7099	 * XXX KDM this may not be 512 bytes...
7100	 */
7101	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7102
7103	ctl_set_success(ctsio);
7104	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7105	ctsio->be_move_done = ctl_config_move_done;
7106	ctl_datamove((union ctl_io *)ctsio);
7107	return (CTL_RETVAL_COMPLETE);
7108}
7109
7110int
7111ctl_read_capacity_16(struct ctl_scsiio *ctsio)
7112{
7113	struct scsi_read_capacity_16 *cdb;
7114	struct scsi_read_capacity_data_long *data;
7115	struct ctl_lun *lun;
7116	uint64_t lba;
7117	uint32_t alloc_len;
7118
7119	CTL_DEBUG_PRINT(("ctl_read_capacity_16\n"));
7120
7121	cdb = (struct scsi_read_capacity_16 *)ctsio->cdb;
7122
7123	alloc_len = scsi_4btoul(cdb->alloc_len);
7124	lba = scsi_8btou64(cdb->addr);
7125
7126	if ((cdb->reladr & SRC16_PMI)
7127	 && (lba != 0)) {
7128		ctl_set_invalid_field(/*ctsio*/ ctsio,
7129				      /*sks_valid*/ 1,
7130				      /*command*/ 1,
7131				      /*field*/ 2,
7132				      /*bit_valid*/ 0,
7133				      /*bit*/ 0);
7134		ctl_done((union ctl_io *)ctsio);
7135		return (CTL_RETVAL_COMPLETE);
7136	}
7137
7138	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7139
7140	ctsio->kern_data_ptr = malloc(sizeof(*data), M_CTL, M_WAITOK | M_ZERO);
7141	data = (struct scsi_read_capacity_data_long *)ctsio->kern_data_ptr;
7142
7143	if (sizeof(*data) < alloc_len) {
7144		ctsio->residual = alloc_len - sizeof(*data);
7145		ctsio->kern_data_len = sizeof(*data);
7146		ctsio->kern_total_len = sizeof(*data);
7147	} else {
7148		ctsio->residual = 0;
7149		ctsio->kern_data_len = alloc_len;
7150		ctsio->kern_total_len = alloc_len;
7151	}
7152	ctsio->kern_data_resid = 0;
7153	ctsio->kern_rel_offset = 0;
7154	ctsio->kern_sg_entries = 0;
7155
7156	scsi_u64to8b(lun->be_lun->maxlba, data->addr);
7157	/* XXX KDM this may not be 512 bytes... */
7158	scsi_ulto4b(lun->be_lun->blocksize, data->length);
7159	data->prot_lbppbe = lun->be_lun->pblockexp & SRC16_LBPPBE;
7160	scsi_ulto2b(lun->be_lun->pblockoff & SRC16_LALBA_A, data->lalba_lbp);
7161	if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP)
7162		data->lalba_lbp[0] |= SRC16_LBPME | SRC16_LBPRZ;
7163
7164	ctl_set_success(ctsio);
7165	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7166	ctsio->be_move_done = ctl_config_move_done;
7167	ctl_datamove((union ctl_io *)ctsio);
7168	return (CTL_RETVAL_COMPLETE);
7169}
7170
7171int
7172ctl_get_lba_status(struct ctl_scsiio *ctsio)
7173{
7174	struct scsi_get_lba_status *cdb;
7175	struct scsi_get_lba_status_data *data;
7176	struct ctl_lun *lun;
7177	struct ctl_lba_len_flags *lbalen;
7178	uint64_t lba;
7179	uint32_t alloc_len, total_len;
7180	int retval;
7181
7182	CTL_DEBUG_PRINT(("ctl_get_lba_status\n"));
7183
7184	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7185	cdb = (struct scsi_get_lba_status *)ctsio->cdb;
7186	lba = scsi_8btou64(cdb->addr);
7187	alloc_len = scsi_4btoul(cdb->alloc_len);
7188
7189	if (lba > lun->be_lun->maxlba) {
7190		ctl_set_lba_out_of_range(ctsio);
7191		ctl_done((union ctl_io *)ctsio);
7192		return (CTL_RETVAL_COMPLETE);
7193	}
7194
7195	total_len = sizeof(*data) + sizeof(data->descr[0]);
7196	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7197	data = (struct scsi_get_lba_status_data *)ctsio->kern_data_ptr;
7198
7199	if (total_len < alloc_len) {
7200		ctsio->residual = alloc_len - total_len;
7201		ctsio->kern_data_len = total_len;
7202		ctsio->kern_total_len = total_len;
7203	} else {
7204		ctsio->residual = 0;
7205		ctsio->kern_data_len = alloc_len;
7206		ctsio->kern_total_len = alloc_len;
7207	}
7208	ctsio->kern_data_resid = 0;
7209	ctsio->kern_rel_offset = 0;
7210	ctsio->kern_sg_entries = 0;
7211
7212	/* Fill dummy data in case backend can't tell anything. */
7213	scsi_ulto4b(4 + sizeof(data->descr[0]), data->length);
7214	scsi_u64to8b(lba, data->descr[0].addr);
7215	scsi_ulto4b(MIN(UINT32_MAX, lun->be_lun->maxlba + 1 - lba),
7216	    data->descr[0].length);
7217	data->descr[0].status = 0; /* Mapped or unknown. */
7218
7219	ctl_set_success(ctsio);
7220	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7221	ctsio->be_move_done = ctl_config_move_done;
7222
7223	lbalen = (struct ctl_lba_len_flags *)&ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
7224	lbalen->lba = lba;
7225	lbalen->len = total_len;
7226	lbalen->flags = 0;
7227	retval = lun->backend->config_read((union ctl_io *)ctsio);
7228	return (CTL_RETVAL_COMPLETE);
7229}
7230
7231int
7232ctl_read_defect(struct ctl_scsiio *ctsio)
7233{
7234	struct scsi_read_defect_data_10 *ccb10;
7235	struct scsi_read_defect_data_12 *ccb12;
7236	struct scsi_read_defect_data_hdr_10 *data10;
7237	struct scsi_read_defect_data_hdr_12 *data12;
7238	uint32_t alloc_len, data_len;
7239	uint8_t format;
7240
7241	CTL_DEBUG_PRINT(("ctl_read_defect\n"));
7242
7243	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7244		ccb10 = (struct scsi_read_defect_data_10 *)&ctsio->cdb;
7245		format = ccb10->format;
7246		alloc_len = scsi_2btoul(ccb10->alloc_length);
7247		data_len = sizeof(*data10);
7248	} else {
7249		ccb12 = (struct scsi_read_defect_data_12 *)&ctsio->cdb;
7250		format = ccb12->format;
7251		alloc_len = scsi_4btoul(ccb12->alloc_length);
7252		data_len = sizeof(*data12);
7253	}
7254	if (alloc_len == 0) {
7255		ctl_set_success(ctsio);
7256		ctl_done((union ctl_io *)ctsio);
7257		return (CTL_RETVAL_COMPLETE);
7258	}
7259
7260	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
7261	if (data_len < alloc_len) {
7262		ctsio->residual = alloc_len - data_len;
7263		ctsio->kern_data_len = data_len;
7264		ctsio->kern_total_len = data_len;
7265	} else {
7266		ctsio->residual = 0;
7267		ctsio->kern_data_len = alloc_len;
7268		ctsio->kern_total_len = alloc_len;
7269	}
7270	ctsio->kern_data_resid = 0;
7271	ctsio->kern_rel_offset = 0;
7272	ctsio->kern_sg_entries = 0;
7273
7274	if (ctsio->cdb[0] == READ_DEFECT_DATA_10) {
7275		data10 = (struct scsi_read_defect_data_hdr_10 *)
7276		    ctsio->kern_data_ptr;
7277		data10->format = format;
7278		scsi_ulto2b(0, data10->length);
7279	} else {
7280		data12 = (struct scsi_read_defect_data_hdr_12 *)
7281		    ctsio->kern_data_ptr;
7282		data12->format = format;
7283		scsi_ulto2b(0, data12->generation);
7284		scsi_ulto4b(0, data12->length);
7285	}
7286
7287	ctl_set_success(ctsio);
7288	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7289	ctsio->be_move_done = ctl_config_move_done;
7290	ctl_datamove((union ctl_io *)ctsio);
7291	return (CTL_RETVAL_COMPLETE);
7292}
7293
7294int
7295ctl_report_tagret_port_groups(struct ctl_scsiio *ctsio)
7296{
7297	struct scsi_maintenance_in *cdb;
7298	int retval;
7299	int alloc_len, ext, total_len = 0, g, pc, pg, gs, os;
7300	int num_target_port_groups, num_target_ports;
7301	struct ctl_lun *lun;
7302	struct ctl_softc *softc;
7303	struct ctl_port *port;
7304	struct scsi_target_group_data *rtg_ptr;
7305	struct scsi_target_group_data_extended *rtg_ext_ptr;
7306	struct scsi_target_port_group_descriptor *tpg_desc;
7307
7308	CTL_DEBUG_PRINT(("ctl_report_tagret_port_groups\n"));
7309
7310	cdb = (struct scsi_maintenance_in *)ctsio->cdb;
7311	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7312	softc = lun->ctl_softc;
7313
7314	retval = CTL_RETVAL_COMPLETE;
7315
7316	switch (cdb->byte2 & STG_PDF_MASK) {
7317	case STG_PDF_LENGTH:
7318		ext = 0;
7319		break;
7320	case STG_PDF_EXTENDED:
7321		ext = 1;
7322		break;
7323	default:
7324		ctl_set_invalid_field(/*ctsio*/ ctsio,
7325				      /*sks_valid*/ 1,
7326				      /*command*/ 1,
7327				      /*field*/ 2,
7328				      /*bit_valid*/ 1,
7329				      /*bit*/ 5);
7330		ctl_done((union ctl_io *)ctsio);
7331		return(retval);
7332	}
7333
7334	if (softc->is_single)
7335		num_target_port_groups = 1;
7336	else
7337		num_target_port_groups = NUM_TARGET_PORT_GROUPS;
7338	num_target_ports = 0;
7339	mtx_lock(&softc->ctl_lock);
7340	STAILQ_FOREACH(port, &softc->port_list, links) {
7341		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7342			continue;
7343		if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7344			continue;
7345		num_target_ports++;
7346	}
7347	mtx_unlock(&softc->ctl_lock);
7348
7349	if (ext)
7350		total_len = sizeof(struct scsi_target_group_data_extended);
7351	else
7352		total_len = sizeof(struct scsi_target_group_data);
7353	total_len += sizeof(struct scsi_target_port_group_descriptor) *
7354		num_target_port_groups +
7355	    sizeof(struct scsi_target_port_descriptor) * num_target_ports;
7356
7357	alloc_len = scsi_4btoul(cdb->length);
7358
7359	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7360
7361	ctsio->kern_sg_entries = 0;
7362
7363	if (total_len < alloc_len) {
7364		ctsio->residual = alloc_len - total_len;
7365		ctsio->kern_data_len = total_len;
7366		ctsio->kern_total_len = total_len;
7367	} else {
7368		ctsio->residual = 0;
7369		ctsio->kern_data_len = alloc_len;
7370		ctsio->kern_total_len = alloc_len;
7371	}
7372	ctsio->kern_data_resid = 0;
7373	ctsio->kern_rel_offset = 0;
7374
7375	if (ext) {
7376		rtg_ext_ptr = (struct scsi_target_group_data_extended *)
7377		    ctsio->kern_data_ptr;
7378		scsi_ulto4b(total_len - 4, rtg_ext_ptr->length);
7379		rtg_ext_ptr->format_type = 0x10;
7380		rtg_ext_ptr->implicit_transition_time = 0;
7381		tpg_desc = &rtg_ext_ptr->groups[0];
7382	} else {
7383		rtg_ptr = (struct scsi_target_group_data *)
7384		    ctsio->kern_data_ptr;
7385		scsi_ulto4b(total_len - 4, rtg_ptr->length);
7386		tpg_desc = &rtg_ptr->groups[0];
7387	}
7388
7389	mtx_lock(&softc->ctl_lock);
7390	pg = softc->port_min / softc->port_cnt;
7391	if (softc->ha_link == CTL_HA_LINK_OFFLINE)
7392		gs = TPG_ASYMMETRIC_ACCESS_UNAVAILABLE;
7393	else if (softc->ha_link == CTL_HA_LINK_UNKNOWN)
7394		gs = TPG_ASYMMETRIC_ACCESS_TRANSITIONING;
7395	else if (softc->ha_mode == CTL_HA_MODE_ACT_STBY)
7396		gs = TPG_ASYMMETRIC_ACCESS_STANDBY;
7397	else
7398		gs = TPG_ASYMMETRIC_ACCESS_NONOPTIMIZED;
7399	if (lun->flags & CTL_LUN_PRIMARY_SC) {
7400		os = gs;
7401		gs = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7402	} else
7403		os = TPG_ASYMMETRIC_ACCESS_OPTIMIZED;
7404	for (g = 0; g < num_target_port_groups; g++) {
7405		tpg_desc->pref_state = (g == pg) ? gs : os;
7406		tpg_desc->support = TPG_AO_SUP | TPG_AN_SUP | TPG_S_SUP |
7407		    TPG_U_SUP | TPG_T_SUP;
7408		scsi_ulto2b(g + 1, tpg_desc->target_port_group);
7409		tpg_desc->status = TPG_IMPLICIT;
7410		pc = 0;
7411		STAILQ_FOREACH(port, &softc->port_list, links) {
7412			if (port->targ_port < g * softc->port_cnt ||
7413			    port->targ_port >= (g + 1) * softc->port_cnt)
7414				continue;
7415			if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
7416				continue;
7417			if (ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
7418				continue;
7419			scsi_ulto2b(port->targ_port, tpg_desc->descriptors[pc].
7420			    relative_target_port_identifier);
7421			pc++;
7422		}
7423		tpg_desc->target_port_count = pc;
7424		tpg_desc = (struct scsi_target_port_group_descriptor *)
7425		    &tpg_desc->descriptors[pc];
7426	}
7427	mtx_unlock(&softc->ctl_lock);
7428
7429	ctl_set_success(ctsio);
7430	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7431	ctsio->be_move_done = ctl_config_move_done;
7432	ctl_datamove((union ctl_io *)ctsio);
7433	return(retval);
7434}
7435
7436int
7437ctl_report_supported_opcodes(struct ctl_scsiio *ctsio)
7438{
7439	struct ctl_lun *lun;
7440	struct scsi_report_supported_opcodes *cdb;
7441	const struct ctl_cmd_entry *entry, *sentry;
7442	struct scsi_report_supported_opcodes_all *all;
7443	struct scsi_report_supported_opcodes_descr *descr;
7444	struct scsi_report_supported_opcodes_one *one;
7445	int retval;
7446	int alloc_len, total_len;
7447	int opcode, service_action, i, j, num;
7448
7449	CTL_DEBUG_PRINT(("ctl_report_supported_opcodes\n"));
7450
7451	cdb = (struct scsi_report_supported_opcodes *)ctsio->cdb;
7452	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7453
7454	retval = CTL_RETVAL_COMPLETE;
7455
7456	opcode = cdb->requested_opcode;
7457	service_action = scsi_2btoul(cdb->requested_service_action);
7458	switch (cdb->options & RSO_OPTIONS_MASK) {
7459	case RSO_OPTIONS_ALL:
7460		num = 0;
7461		for (i = 0; i < 256; i++) {
7462			entry = &ctl_cmd_table[i];
7463			if (entry->flags & CTL_CMD_FLAG_SA5) {
7464				for (j = 0; j < 32; j++) {
7465					sentry = &((const struct ctl_cmd_entry *)
7466					    entry->execute)[j];
7467					if (ctl_cmd_applicable(
7468					    lun->be_lun->lun_type, sentry))
7469						num++;
7470				}
7471			} else {
7472				if (ctl_cmd_applicable(lun->be_lun->lun_type,
7473				    entry))
7474					num++;
7475			}
7476		}
7477		total_len = sizeof(struct scsi_report_supported_opcodes_all) +
7478		    num * sizeof(struct scsi_report_supported_opcodes_descr);
7479		break;
7480	case RSO_OPTIONS_OC:
7481		if (ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) {
7482			ctl_set_invalid_field(/*ctsio*/ ctsio,
7483					      /*sks_valid*/ 1,
7484					      /*command*/ 1,
7485					      /*field*/ 2,
7486					      /*bit_valid*/ 1,
7487					      /*bit*/ 2);
7488			ctl_done((union ctl_io *)ctsio);
7489			return (CTL_RETVAL_COMPLETE);
7490		}
7491		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7492		break;
7493	case RSO_OPTIONS_OC_SA:
7494		if ((ctl_cmd_table[opcode].flags & CTL_CMD_FLAG_SA5) == 0 ||
7495		    service_action >= 32) {
7496			ctl_set_invalid_field(/*ctsio*/ ctsio,
7497					      /*sks_valid*/ 1,
7498					      /*command*/ 1,
7499					      /*field*/ 2,
7500					      /*bit_valid*/ 1,
7501					      /*bit*/ 2);
7502			ctl_done((union ctl_io *)ctsio);
7503			return (CTL_RETVAL_COMPLETE);
7504		}
7505		total_len = sizeof(struct scsi_report_supported_opcodes_one) + 32;
7506		break;
7507	default:
7508		ctl_set_invalid_field(/*ctsio*/ ctsio,
7509				      /*sks_valid*/ 1,
7510				      /*command*/ 1,
7511				      /*field*/ 2,
7512				      /*bit_valid*/ 1,
7513				      /*bit*/ 2);
7514		ctl_done((union ctl_io *)ctsio);
7515		return (CTL_RETVAL_COMPLETE);
7516	}
7517
7518	alloc_len = scsi_4btoul(cdb->length);
7519
7520	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7521
7522	ctsio->kern_sg_entries = 0;
7523
7524	if (total_len < alloc_len) {
7525		ctsio->residual = alloc_len - total_len;
7526		ctsio->kern_data_len = total_len;
7527		ctsio->kern_total_len = total_len;
7528	} else {
7529		ctsio->residual = 0;
7530		ctsio->kern_data_len = alloc_len;
7531		ctsio->kern_total_len = alloc_len;
7532	}
7533	ctsio->kern_data_resid = 0;
7534	ctsio->kern_rel_offset = 0;
7535
7536	switch (cdb->options & RSO_OPTIONS_MASK) {
7537	case RSO_OPTIONS_ALL:
7538		all = (struct scsi_report_supported_opcodes_all *)
7539		    ctsio->kern_data_ptr;
7540		num = 0;
7541		for (i = 0; i < 256; i++) {
7542			entry = &ctl_cmd_table[i];
7543			if (entry->flags & CTL_CMD_FLAG_SA5) {
7544				for (j = 0; j < 32; j++) {
7545					sentry = &((const struct ctl_cmd_entry *)
7546					    entry->execute)[j];
7547					if (!ctl_cmd_applicable(
7548					    lun->be_lun->lun_type, sentry))
7549						continue;
7550					descr = &all->descr[num++];
7551					descr->opcode = i;
7552					scsi_ulto2b(j, descr->service_action);
7553					descr->flags = RSO_SERVACTV;
7554					scsi_ulto2b(sentry->length,
7555					    descr->cdb_length);
7556				}
7557			} else {
7558				if (!ctl_cmd_applicable(lun->be_lun->lun_type,
7559				    entry))
7560					continue;
7561				descr = &all->descr[num++];
7562				descr->opcode = i;
7563				scsi_ulto2b(0, descr->service_action);
7564				descr->flags = 0;
7565				scsi_ulto2b(entry->length, descr->cdb_length);
7566			}
7567		}
7568		scsi_ulto4b(
7569		    num * sizeof(struct scsi_report_supported_opcodes_descr),
7570		    all->length);
7571		break;
7572	case RSO_OPTIONS_OC:
7573		one = (struct scsi_report_supported_opcodes_one *)
7574		    ctsio->kern_data_ptr;
7575		entry = &ctl_cmd_table[opcode];
7576		goto fill_one;
7577	case RSO_OPTIONS_OC_SA:
7578		one = (struct scsi_report_supported_opcodes_one *)
7579		    ctsio->kern_data_ptr;
7580		entry = &ctl_cmd_table[opcode];
7581		entry = &((const struct ctl_cmd_entry *)
7582		    entry->execute)[service_action];
7583fill_one:
7584		if (ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
7585			one->support = 3;
7586			scsi_ulto2b(entry->length, one->cdb_length);
7587			one->cdb_usage[0] = opcode;
7588			memcpy(&one->cdb_usage[1], entry->usage,
7589			    entry->length - 1);
7590		} else
7591			one->support = 1;
7592		break;
7593	}
7594
7595	ctl_set_success(ctsio);
7596	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7597	ctsio->be_move_done = ctl_config_move_done;
7598	ctl_datamove((union ctl_io *)ctsio);
7599	return(retval);
7600}
7601
7602int
7603ctl_report_supported_tmf(struct ctl_scsiio *ctsio)
7604{
7605	struct scsi_report_supported_tmf *cdb;
7606	struct scsi_report_supported_tmf_data *data;
7607	int retval;
7608	int alloc_len, total_len;
7609
7610	CTL_DEBUG_PRINT(("ctl_report_supported_tmf\n"));
7611
7612	cdb = (struct scsi_report_supported_tmf *)ctsio->cdb;
7613
7614	retval = CTL_RETVAL_COMPLETE;
7615
7616	total_len = sizeof(struct scsi_report_supported_tmf_data);
7617	alloc_len = scsi_4btoul(cdb->length);
7618
7619	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7620
7621	ctsio->kern_sg_entries = 0;
7622
7623	if (total_len < alloc_len) {
7624		ctsio->residual = alloc_len - total_len;
7625		ctsio->kern_data_len = total_len;
7626		ctsio->kern_total_len = total_len;
7627	} else {
7628		ctsio->residual = 0;
7629		ctsio->kern_data_len = alloc_len;
7630		ctsio->kern_total_len = alloc_len;
7631	}
7632	ctsio->kern_data_resid = 0;
7633	ctsio->kern_rel_offset = 0;
7634
7635	data = (struct scsi_report_supported_tmf_data *)ctsio->kern_data_ptr;
7636	data->byte1 |= RST_ATS | RST_ATSS | RST_CTSS | RST_LURS | RST_QTS |
7637	    RST_TRS;
7638	data->byte2 |= RST_QAES | RST_QTSS | RST_ITNRS;
7639
7640	ctl_set_success(ctsio);
7641	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7642	ctsio->be_move_done = ctl_config_move_done;
7643	ctl_datamove((union ctl_io *)ctsio);
7644	return (retval);
7645}
7646
7647int
7648ctl_report_timestamp(struct ctl_scsiio *ctsio)
7649{
7650	struct scsi_report_timestamp *cdb;
7651	struct scsi_report_timestamp_data *data;
7652	struct timeval tv;
7653	int64_t timestamp;
7654	int retval;
7655	int alloc_len, total_len;
7656
7657	CTL_DEBUG_PRINT(("ctl_report_timestamp\n"));
7658
7659	cdb = (struct scsi_report_timestamp *)ctsio->cdb;
7660
7661	retval = CTL_RETVAL_COMPLETE;
7662
7663	total_len = sizeof(struct scsi_report_timestamp_data);
7664	alloc_len = scsi_4btoul(cdb->length);
7665
7666	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7667
7668	ctsio->kern_sg_entries = 0;
7669
7670	if (total_len < alloc_len) {
7671		ctsio->residual = alloc_len - total_len;
7672		ctsio->kern_data_len = total_len;
7673		ctsio->kern_total_len = total_len;
7674	} else {
7675		ctsio->residual = 0;
7676		ctsio->kern_data_len = alloc_len;
7677		ctsio->kern_total_len = alloc_len;
7678	}
7679	ctsio->kern_data_resid = 0;
7680	ctsio->kern_rel_offset = 0;
7681
7682	data = (struct scsi_report_timestamp_data *)ctsio->kern_data_ptr;
7683	scsi_ulto2b(sizeof(*data) - 2, data->length);
7684	data->origin = RTS_ORIG_OUTSIDE;
7685	getmicrotime(&tv);
7686	timestamp = (int64_t)tv.tv_sec * 1000 + tv.tv_usec / 1000;
7687	scsi_ulto4b(timestamp >> 16, data->timestamp);
7688	scsi_ulto2b(timestamp & 0xffff, &data->timestamp[4]);
7689
7690	ctl_set_success(ctsio);
7691	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7692	ctsio->be_move_done = ctl_config_move_done;
7693	ctl_datamove((union ctl_io *)ctsio);
7694	return (retval);
7695}
7696
7697int
7698ctl_persistent_reserve_in(struct ctl_scsiio *ctsio)
7699{
7700	struct scsi_per_res_in *cdb;
7701	int alloc_len, total_len = 0;
7702	/* struct scsi_per_res_in_rsrv in_data; */
7703	struct ctl_lun *lun;
7704	struct ctl_softc *softc;
7705	uint64_t key;
7706
7707	CTL_DEBUG_PRINT(("ctl_persistent_reserve_in\n"));
7708
7709	cdb = (struct scsi_per_res_in *)ctsio->cdb;
7710
7711	alloc_len = scsi_2btoul(cdb->length);
7712
7713	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
7714	softc = lun->ctl_softc;
7715
7716retry:
7717	mtx_lock(&lun->lun_lock);
7718	switch (cdb->action) {
7719	case SPRI_RK: /* read keys */
7720		total_len = sizeof(struct scsi_per_res_in_keys) +
7721			lun->pr_key_count *
7722			sizeof(struct scsi_per_res_key);
7723		break;
7724	case SPRI_RR: /* read reservation */
7725		if (lun->flags & CTL_LUN_PR_RESERVED)
7726			total_len = sizeof(struct scsi_per_res_in_rsrv);
7727		else
7728			total_len = sizeof(struct scsi_per_res_in_header);
7729		break;
7730	case SPRI_RC: /* report capabilities */
7731		total_len = sizeof(struct scsi_per_res_cap);
7732		break;
7733	case SPRI_RS: /* read full status */
7734		total_len = sizeof(struct scsi_per_res_in_header) +
7735		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7736		    lun->pr_key_count;
7737		break;
7738	default:
7739		panic("Invalid PR type %x", cdb->action);
7740	}
7741	mtx_unlock(&lun->lun_lock);
7742
7743	ctsio->kern_data_ptr = malloc(total_len, M_CTL, M_WAITOK | M_ZERO);
7744
7745	if (total_len < alloc_len) {
7746		ctsio->residual = alloc_len - total_len;
7747		ctsio->kern_data_len = total_len;
7748		ctsio->kern_total_len = total_len;
7749	} else {
7750		ctsio->residual = 0;
7751		ctsio->kern_data_len = alloc_len;
7752		ctsio->kern_total_len = alloc_len;
7753	}
7754
7755	ctsio->kern_data_resid = 0;
7756	ctsio->kern_rel_offset = 0;
7757	ctsio->kern_sg_entries = 0;
7758
7759	mtx_lock(&lun->lun_lock);
7760	switch (cdb->action) {
7761	case SPRI_RK: { // read keys
7762        struct scsi_per_res_in_keys *res_keys;
7763		int i, key_count;
7764
7765		res_keys = (struct scsi_per_res_in_keys*)ctsio->kern_data_ptr;
7766
7767		/*
7768		 * We had to drop the lock to allocate our buffer, which
7769		 * leaves time for someone to come in with another
7770		 * persistent reservation.  (That is unlikely, though,
7771		 * since this should be the only persistent reservation
7772		 * command active right now.)
7773		 */
7774		if (total_len != (sizeof(struct scsi_per_res_in_keys) +
7775		    (lun->pr_key_count *
7776		     sizeof(struct scsi_per_res_key)))){
7777			mtx_unlock(&lun->lun_lock);
7778			free(ctsio->kern_data_ptr, M_CTL);
7779			printf("%s: reservation length changed, retrying\n",
7780			       __func__);
7781			goto retry;
7782		}
7783
7784		scsi_ulto4b(lun->PRGeneration, res_keys->header.generation);
7785
7786		scsi_ulto4b(sizeof(struct scsi_per_res_key) *
7787			     lun->pr_key_count, res_keys->header.length);
7788
7789		for (i = 0, key_count = 0; i < CTL_MAX_INITIATORS; i++) {
7790			if ((key = ctl_get_prkey(lun, i)) == 0)
7791				continue;
7792
7793			/*
7794			 * We used lun->pr_key_count to calculate the
7795			 * size to allocate.  If it turns out the number of
7796			 * initiators with the registered flag set is
7797			 * larger than that (i.e. they haven't been kept in
7798			 * sync), we've got a problem.
7799			 */
7800			if (key_count >= lun->pr_key_count) {
7801#ifdef NEEDTOPORT
7802				csevent_log(CSC_CTL | CSC_SHELF_SW |
7803					    CTL_PR_ERROR,
7804					    csevent_LogType_Fault,
7805					    csevent_AlertLevel_Yellow,
7806					    csevent_FRU_ShelfController,
7807					    csevent_FRU_Firmware,
7808				        csevent_FRU_Unknown,
7809					    "registered keys %d >= key "
7810					    "count %d", key_count,
7811					    lun->pr_key_count);
7812#endif
7813				key_count++;
7814				continue;
7815			}
7816			scsi_u64to8b(key, res_keys->keys[key_count].key);
7817			key_count++;
7818		}
7819		break;
7820	}
7821	case SPRI_RR: { // read reservation
7822		struct scsi_per_res_in_rsrv *res;
7823		int tmp_len, header_only;
7824
7825		res = (struct scsi_per_res_in_rsrv *)ctsio->kern_data_ptr;
7826
7827		scsi_ulto4b(lun->PRGeneration, res->header.generation);
7828
7829		if (lun->flags & CTL_LUN_PR_RESERVED)
7830		{
7831			tmp_len = sizeof(struct scsi_per_res_in_rsrv);
7832			scsi_ulto4b(sizeof(struct scsi_per_res_in_rsrv_data),
7833				    res->header.length);
7834			header_only = 0;
7835		} else {
7836			tmp_len = sizeof(struct scsi_per_res_in_header);
7837			scsi_ulto4b(0, res->header.length);
7838			header_only = 1;
7839		}
7840
7841		/*
7842		 * We had to drop the lock to allocate our buffer, which
7843		 * leaves time for someone to come in with another
7844		 * persistent reservation.  (That is unlikely, though,
7845		 * since this should be the only persistent reservation
7846		 * command active right now.)
7847		 */
7848		if (tmp_len != total_len) {
7849			mtx_unlock(&lun->lun_lock);
7850			free(ctsio->kern_data_ptr, M_CTL);
7851			printf("%s: reservation status changed, retrying\n",
7852			       __func__);
7853			goto retry;
7854		}
7855
7856		/*
7857		 * No reservation held, so we're done.
7858		 */
7859		if (header_only != 0)
7860			break;
7861
7862		/*
7863		 * If the registration is an All Registrants type, the key
7864		 * is 0, since it doesn't really matter.
7865		 */
7866		if (lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
7867			scsi_u64to8b(ctl_get_prkey(lun, lun->pr_res_idx),
7868			    res->data.reservation);
7869		}
7870		res->data.scopetype = lun->res_type;
7871		break;
7872	}
7873	case SPRI_RC:     //report capabilities
7874	{
7875		struct scsi_per_res_cap *res_cap;
7876		uint16_t type_mask;
7877
7878		res_cap = (struct scsi_per_res_cap *)ctsio->kern_data_ptr;
7879		scsi_ulto2b(sizeof(*res_cap), res_cap->length);
7880		res_cap->flags2 |= SPRI_TMV | SPRI_ALLOW_5;
7881		type_mask = SPRI_TM_WR_EX_AR |
7882			    SPRI_TM_EX_AC_RO |
7883			    SPRI_TM_WR_EX_RO |
7884			    SPRI_TM_EX_AC |
7885			    SPRI_TM_WR_EX |
7886			    SPRI_TM_EX_AC_AR;
7887		scsi_ulto2b(type_mask, res_cap->type_mask);
7888		break;
7889	}
7890	case SPRI_RS: { // read full status
7891		struct scsi_per_res_in_full *res_status;
7892		struct scsi_per_res_in_full_desc *res_desc;
7893		struct ctl_port *port;
7894		int i, len;
7895
7896		res_status = (struct scsi_per_res_in_full*)ctsio->kern_data_ptr;
7897
7898		/*
7899		 * We had to drop the lock to allocate our buffer, which
7900		 * leaves time for someone to come in with another
7901		 * persistent reservation.  (That is unlikely, though,
7902		 * since this should be the only persistent reservation
7903		 * command active right now.)
7904		 */
7905		if (total_len < (sizeof(struct scsi_per_res_in_header) +
7906		    (sizeof(struct scsi_per_res_in_full_desc) + 256) *
7907		     lun->pr_key_count)){
7908			mtx_unlock(&lun->lun_lock);
7909			free(ctsio->kern_data_ptr, M_CTL);
7910			printf("%s: reservation length changed, retrying\n",
7911			       __func__);
7912			goto retry;
7913		}
7914
7915		scsi_ulto4b(lun->PRGeneration, res_status->header.generation);
7916
7917		res_desc = &res_status->desc[0];
7918		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
7919			if ((key = ctl_get_prkey(lun, i)) == 0)
7920				continue;
7921
7922			scsi_u64to8b(key, res_desc->res_key.key);
7923			if ((lun->flags & CTL_LUN_PR_RESERVED) &&
7924			    (lun->pr_res_idx == i ||
7925			     lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS)) {
7926				res_desc->flags = SPRI_FULL_R_HOLDER;
7927				res_desc->scopetype = lun->res_type;
7928			}
7929			scsi_ulto2b(i / CTL_MAX_INIT_PER_PORT,
7930			    res_desc->rel_trgt_port_id);
7931			len = 0;
7932			port = softc->ctl_ports[i / CTL_MAX_INIT_PER_PORT];
7933			if (port != NULL)
7934				len = ctl_create_iid(port,
7935				    i % CTL_MAX_INIT_PER_PORT,
7936				    res_desc->transport_id);
7937			scsi_ulto4b(len, res_desc->additional_length);
7938			res_desc = (struct scsi_per_res_in_full_desc *)
7939			    &res_desc->transport_id[len];
7940		}
7941		scsi_ulto4b((uint8_t *)res_desc - (uint8_t *)&res_status->desc[0],
7942		    res_status->header.length);
7943		break;
7944	}
7945	default:
7946		/*
7947		 * This is a bug, because we just checked for this above,
7948		 * and should have returned an error.
7949		 */
7950		panic("Invalid PR type %x", cdb->action);
7951		break; /* NOTREACHED */
7952	}
7953	mtx_unlock(&lun->lun_lock);
7954
7955	ctl_set_success(ctsio);
7956	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
7957	ctsio->be_move_done = ctl_config_move_done;
7958	ctl_datamove((union ctl_io *)ctsio);
7959	return (CTL_RETVAL_COMPLETE);
7960}
7961
7962/*
7963 * Returns 0 if ctl_persistent_reserve_out() should continue, non-zero if
7964 * it should return.
7965 */
7966static int
7967ctl_pro_preempt(struct ctl_softc *softc, struct ctl_lun *lun, uint64_t res_key,
7968		uint64_t sa_res_key, uint8_t type, uint32_t residx,
7969		struct ctl_scsiio *ctsio, struct scsi_per_res_out *cdb,
7970		struct scsi_per_res_out_parms* param)
7971{
7972	union ctl_ha_msg persis_io;
7973	int i;
7974
7975	mtx_lock(&lun->lun_lock);
7976	if (sa_res_key == 0) {
7977		if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
7978			/* validate scope and type */
7979			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
7980			     SPR_LU_SCOPE) {
7981				mtx_unlock(&lun->lun_lock);
7982				ctl_set_invalid_field(/*ctsio*/ ctsio,
7983						      /*sks_valid*/ 1,
7984						      /*command*/ 1,
7985						      /*field*/ 2,
7986						      /*bit_valid*/ 1,
7987						      /*bit*/ 4);
7988				ctl_done((union ctl_io *)ctsio);
7989				return (1);
7990			}
7991
7992		        if (type>8 || type==2 || type==4 || type==0) {
7993				mtx_unlock(&lun->lun_lock);
7994				ctl_set_invalid_field(/*ctsio*/ ctsio,
7995       	           				      /*sks_valid*/ 1,
7996						      /*command*/ 1,
7997						      /*field*/ 2,
7998						      /*bit_valid*/ 1,
7999						      /*bit*/ 0);
8000				ctl_done((union ctl_io *)ctsio);
8001				return (1);
8002		        }
8003
8004			/*
8005			 * Unregister everybody else and build UA for
8006			 * them
8007			 */
8008			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8009				if (i == residx || ctl_get_prkey(lun, i) == 0)
8010					continue;
8011
8012				ctl_clr_prkey(lun, i);
8013				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8014			}
8015			lun->pr_key_count = 1;
8016			lun->res_type = type;
8017			if (lun->res_type != SPR_TYPE_WR_EX_AR
8018			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8019				lun->pr_res_idx = residx;
8020			lun->PRGeneration++;
8021			mtx_unlock(&lun->lun_lock);
8022
8023			/* send msg to other side */
8024			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8025			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8026			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8027			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8028			persis_io.pr.pr_info.res_type = type;
8029			memcpy(persis_io.pr.pr_info.sa_res_key,
8030			       param->serv_act_res_key,
8031			       sizeof(param->serv_act_res_key));
8032			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8033			    sizeof(persis_io.pr), M_WAITOK);
8034		} else {
8035			/* not all registrants */
8036			mtx_unlock(&lun->lun_lock);
8037			free(ctsio->kern_data_ptr, M_CTL);
8038			ctl_set_invalid_field(ctsio,
8039					      /*sks_valid*/ 1,
8040					      /*command*/ 0,
8041					      /*field*/ 8,
8042					      /*bit_valid*/ 0,
8043					      /*bit*/ 0);
8044			ctl_done((union ctl_io *)ctsio);
8045			return (1);
8046		}
8047	} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8048		|| !(lun->flags & CTL_LUN_PR_RESERVED)) {
8049		int found = 0;
8050
8051		if (res_key == sa_res_key) {
8052			/* special case */
8053			/*
8054			 * The spec implies this is not good but doesn't
8055			 * say what to do. There are two choices either
8056			 * generate a res conflict or check condition
8057			 * with illegal field in parameter data. Since
8058			 * that is what is done when the sa_res_key is
8059			 * zero I'll take that approach since this has
8060			 * to do with the sa_res_key.
8061			 */
8062			mtx_unlock(&lun->lun_lock);
8063			free(ctsio->kern_data_ptr, M_CTL);
8064			ctl_set_invalid_field(ctsio,
8065					      /*sks_valid*/ 1,
8066					      /*command*/ 0,
8067					      /*field*/ 8,
8068					      /*bit_valid*/ 0,
8069					      /*bit*/ 0);
8070			ctl_done((union ctl_io *)ctsio);
8071			return (1);
8072		}
8073
8074		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8075			if (ctl_get_prkey(lun, i) != sa_res_key)
8076				continue;
8077
8078			found = 1;
8079			ctl_clr_prkey(lun, i);
8080			lun->pr_key_count--;
8081			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8082		}
8083		if (!found) {
8084			mtx_unlock(&lun->lun_lock);
8085			free(ctsio->kern_data_ptr, M_CTL);
8086			ctl_set_reservation_conflict(ctsio);
8087			ctl_done((union ctl_io *)ctsio);
8088			return (CTL_RETVAL_COMPLETE);
8089		}
8090		lun->PRGeneration++;
8091		mtx_unlock(&lun->lun_lock);
8092
8093		/* send msg to other side */
8094		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8095		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8096		persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8097		persis_io.pr.pr_info.residx = lun->pr_res_idx;
8098		persis_io.pr.pr_info.res_type = type;
8099		memcpy(persis_io.pr.pr_info.sa_res_key,
8100		       param->serv_act_res_key,
8101		       sizeof(param->serv_act_res_key));
8102		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8103		    sizeof(persis_io.pr), M_WAITOK);
8104	} else {
8105		/* Reserved but not all registrants */
8106		/* sa_res_key is res holder */
8107		if (sa_res_key == ctl_get_prkey(lun, lun->pr_res_idx)) {
8108			/* validate scope and type */
8109			if ((cdb->scope_type & SPR_SCOPE_MASK) !=
8110			     SPR_LU_SCOPE) {
8111				mtx_unlock(&lun->lun_lock);
8112				ctl_set_invalid_field(/*ctsio*/ ctsio,
8113						      /*sks_valid*/ 1,
8114						      /*command*/ 1,
8115						      /*field*/ 2,
8116						      /*bit_valid*/ 1,
8117						      /*bit*/ 4);
8118				ctl_done((union ctl_io *)ctsio);
8119				return (1);
8120			}
8121
8122			if (type>8 || type==2 || type==4 || type==0) {
8123				mtx_unlock(&lun->lun_lock);
8124				ctl_set_invalid_field(/*ctsio*/ ctsio,
8125						      /*sks_valid*/ 1,
8126						      /*command*/ 1,
8127						      /*field*/ 2,
8128						      /*bit_valid*/ 1,
8129						      /*bit*/ 0);
8130				ctl_done((union ctl_io *)ctsio);
8131				return (1);
8132			}
8133
8134			/*
8135			 * Do the following:
8136			 * if sa_res_key != res_key remove all
8137			 * registrants w/sa_res_key and generate UA
8138			 * for these registrants(Registrations
8139			 * Preempted) if it wasn't an exclusive
8140			 * reservation generate UA(Reservations
8141			 * Preempted) for all other registered nexuses
8142			 * if the type has changed. Establish the new
8143			 * reservation and holder. If res_key and
8144			 * sa_res_key are the same do the above
8145			 * except don't unregister the res holder.
8146			 */
8147
8148			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8149				if (i == residx || ctl_get_prkey(lun, i) == 0)
8150					continue;
8151
8152				if (sa_res_key == ctl_get_prkey(lun, i)) {
8153					ctl_clr_prkey(lun, i);
8154					lun->pr_key_count--;
8155					ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8156				} else if (type != lun->res_type
8157					&& (lun->res_type == SPR_TYPE_WR_EX_RO
8158					 || lun->res_type ==SPR_TYPE_EX_AC_RO)){
8159					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8160				}
8161			}
8162			lun->res_type = type;
8163			if (lun->res_type != SPR_TYPE_WR_EX_AR
8164			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8165				lun->pr_res_idx = residx;
8166			else
8167				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8168			lun->PRGeneration++;
8169			mtx_unlock(&lun->lun_lock);
8170
8171			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8172			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8173			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8174			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8175			persis_io.pr.pr_info.res_type = type;
8176			memcpy(persis_io.pr.pr_info.sa_res_key,
8177			       param->serv_act_res_key,
8178			       sizeof(param->serv_act_res_key));
8179			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8180			    sizeof(persis_io.pr), M_WAITOK);
8181		} else {
8182			/*
8183			 * sa_res_key is not the res holder just
8184			 * remove registrants
8185			 */
8186			int found=0;
8187
8188			for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8189				if (sa_res_key != ctl_get_prkey(lun, i))
8190					continue;
8191
8192				found = 1;
8193				ctl_clr_prkey(lun, i);
8194				lun->pr_key_count--;
8195				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8196			}
8197
8198			if (!found) {
8199				mtx_unlock(&lun->lun_lock);
8200				free(ctsio->kern_data_ptr, M_CTL);
8201				ctl_set_reservation_conflict(ctsio);
8202				ctl_done((union ctl_io *)ctsio);
8203		        	return (1);
8204			}
8205			lun->PRGeneration++;
8206			mtx_unlock(&lun->lun_lock);
8207
8208			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8209			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8210			persis_io.pr.pr_info.action = CTL_PR_PREEMPT;
8211			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8212			persis_io.pr.pr_info.res_type = type;
8213			memcpy(persis_io.pr.pr_info.sa_res_key,
8214			       param->serv_act_res_key,
8215			       sizeof(param->serv_act_res_key));
8216			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8217			    sizeof(persis_io.pr), M_WAITOK);
8218		}
8219	}
8220	return (0);
8221}
8222
8223static void
8224ctl_pro_preempt_other(struct ctl_lun *lun, union ctl_ha_msg *msg)
8225{
8226	uint64_t sa_res_key;
8227	int i;
8228
8229	sa_res_key = scsi_8btou64(msg->pr.pr_info.sa_res_key);
8230
8231	if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS
8232	 || lun->pr_res_idx == CTL_PR_NO_RESERVATION
8233	 || sa_res_key != ctl_get_prkey(lun, lun->pr_res_idx)) {
8234		if (sa_res_key == 0) {
8235			/*
8236			 * Unregister everybody else and build UA for
8237			 * them
8238			 */
8239			for(i = 0; i < CTL_MAX_INITIATORS; i++) {
8240				if (i == msg->pr.pr_info.residx ||
8241				    ctl_get_prkey(lun, i) == 0)
8242					continue;
8243
8244				ctl_clr_prkey(lun, i);
8245				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8246			}
8247
8248			lun->pr_key_count = 1;
8249			lun->res_type = msg->pr.pr_info.res_type;
8250			if (lun->res_type != SPR_TYPE_WR_EX_AR
8251			 && lun->res_type != SPR_TYPE_EX_AC_AR)
8252				lun->pr_res_idx = msg->pr.pr_info.residx;
8253		} else {
8254		        for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8255				if (sa_res_key == ctl_get_prkey(lun, i))
8256					continue;
8257
8258				ctl_clr_prkey(lun, i);
8259				lun->pr_key_count--;
8260				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8261			}
8262		}
8263	} else {
8264		for (i = 0; i < CTL_MAX_INITIATORS; i++) {
8265			if (i == msg->pr.pr_info.residx ||
8266			    ctl_get_prkey(lun, i) == 0)
8267				continue;
8268
8269			if (sa_res_key == ctl_get_prkey(lun, i)) {
8270				ctl_clr_prkey(lun, i);
8271				lun->pr_key_count--;
8272				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8273			} else if (msg->pr.pr_info.res_type != lun->res_type
8274				&& (lun->res_type == SPR_TYPE_WR_EX_RO
8275				 || lun->res_type == SPR_TYPE_EX_AC_RO)) {
8276				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8277			}
8278		}
8279		lun->res_type = msg->pr.pr_info.res_type;
8280		if (lun->res_type != SPR_TYPE_WR_EX_AR
8281		 && lun->res_type != SPR_TYPE_EX_AC_AR)
8282			lun->pr_res_idx = msg->pr.pr_info.residx;
8283		else
8284			lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8285	}
8286	lun->PRGeneration++;
8287
8288}
8289
8290
8291int
8292ctl_persistent_reserve_out(struct ctl_scsiio *ctsio)
8293{
8294	int retval;
8295	u_int32_t param_len;
8296	struct scsi_per_res_out *cdb;
8297	struct ctl_lun *lun;
8298	struct scsi_per_res_out_parms* param;
8299	struct ctl_softc *softc;
8300	uint32_t residx;
8301	uint64_t res_key, sa_res_key, key;
8302	uint8_t type;
8303	union ctl_ha_msg persis_io;
8304	int    i;
8305
8306	CTL_DEBUG_PRINT(("ctl_persistent_reserve_out\n"));
8307
8308	retval = CTL_RETVAL_COMPLETE;
8309
8310	cdb = (struct scsi_per_res_out *)ctsio->cdb;
8311	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8312	softc = lun->ctl_softc;
8313
8314	/*
8315	 * We only support whole-LUN scope.  The scope & type are ignored for
8316	 * register, register and ignore existing key and clear.
8317	 * We sometimes ignore scope and type on preempts too!!
8318	 * Verify reservation type here as well.
8319	 */
8320	type = cdb->scope_type & SPR_TYPE_MASK;
8321	if ((cdb->action == SPRO_RESERVE)
8322	 || (cdb->action == SPRO_RELEASE)) {
8323		if ((cdb->scope_type & SPR_SCOPE_MASK) != SPR_LU_SCOPE) {
8324			ctl_set_invalid_field(/*ctsio*/ ctsio,
8325					      /*sks_valid*/ 1,
8326					      /*command*/ 1,
8327					      /*field*/ 2,
8328					      /*bit_valid*/ 1,
8329					      /*bit*/ 4);
8330			ctl_done((union ctl_io *)ctsio);
8331			return (CTL_RETVAL_COMPLETE);
8332		}
8333
8334		if (type>8 || type==2 || type==4 || type==0) {
8335			ctl_set_invalid_field(/*ctsio*/ ctsio,
8336					      /*sks_valid*/ 1,
8337					      /*command*/ 1,
8338					      /*field*/ 2,
8339					      /*bit_valid*/ 1,
8340					      /*bit*/ 0);
8341			ctl_done((union ctl_io *)ctsio);
8342			return (CTL_RETVAL_COMPLETE);
8343		}
8344	}
8345
8346	param_len = scsi_4btoul(cdb->length);
8347
8348	if ((ctsio->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0) {
8349		ctsio->kern_data_ptr = malloc(param_len, M_CTL, M_WAITOK);
8350		ctsio->kern_data_len = param_len;
8351		ctsio->kern_total_len = param_len;
8352		ctsio->kern_data_resid = 0;
8353		ctsio->kern_rel_offset = 0;
8354		ctsio->kern_sg_entries = 0;
8355		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
8356		ctsio->be_move_done = ctl_config_move_done;
8357		ctl_datamove((union ctl_io *)ctsio);
8358
8359		return (CTL_RETVAL_COMPLETE);
8360	}
8361
8362	param = (struct scsi_per_res_out_parms *)ctsio->kern_data_ptr;
8363
8364	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
8365	res_key = scsi_8btou64(param->res_key.key);
8366	sa_res_key = scsi_8btou64(param->serv_act_res_key);
8367
8368	/*
8369	 * Validate the reservation key here except for SPRO_REG_IGNO
8370	 * This must be done for all other service actions
8371	 */
8372	if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REG_IGNO) {
8373		mtx_lock(&lun->lun_lock);
8374		if ((key = ctl_get_prkey(lun, residx)) != 0) {
8375			if (res_key != key) {
8376				/*
8377				 * The current key passed in doesn't match
8378				 * the one the initiator previously
8379				 * registered.
8380				 */
8381				mtx_unlock(&lun->lun_lock);
8382				free(ctsio->kern_data_ptr, M_CTL);
8383				ctl_set_reservation_conflict(ctsio);
8384				ctl_done((union ctl_io *)ctsio);
8385				return (CTL_RETVAL_COMPLETE);
8386			}
8387		} else if ((cdb->action & SPRO_ACTION_MASK) != SPRO_REGISTER) {
8388			/*
8389			 * We are not registered
8390			 */
8391			mtx_unlock(&lun->lun_lock);
8392			free(ctsio->kern_data_ptr, M_CTL);
8393			ctl_set_reservation_conflict(ctsio);
8394			ctl_done((union ctl_io *)ctsio);
8395			return (CTL_RETVAL_COMPLETE);
8396		} else if (res_key != 0) {
8397			/*
8398			 * We are not registered and trying to register but
8399			 * the register key isn't zero.
8400			 */
8401			mtx_unlock(&lun->lun_lock);
8402			free(ctsio->kern_data_ptr, M_CTL);
8403			ctl_set_reservation_conflict(ctsio);
8404			ctl_done((union ctl_io *)ctsio);
8405			return (CTL_RETVAL_COMPLETE);
8406		}
8407		mtx_unlock(&lun->lun_lock);
8408	}
8409
8410	switch (cdb->action & SPRO_ACTION_MASK) {
8411	case SPRO_REGISTER:
8412	case SPRO_REG_IGNO: {
8413
8414#if 0
8415		printf("Registration received\n");
8416#endif
8417
8418		/*
8419		 * We don't support any of these options, as we report in
8420		 * the read capabilities request (see
8421		 * ctl_persistent_reserve_in(), above).
8422		 */
8423		if ((param->flags & SPR_SPEC_I_PT)
8424		 || (param->flags & SPR_ALL_TG_PT)
8425		 || (param->flags & SPR_APTPL)) {
8426			int bit_ptr;
8427
8428			if (param->flags & SPR_APTPL)
8429				bit_ptr = 0;
8430			else if (param->flags & SPR_ALL_TG_PT)
8431				bit_ptr = 2;
8432			else /* SPR_SPEC_I_PT */
8433				bit_ptr = 3;
8434
8435			free(ctsio->kern_data_ptr, M_CTL);
8436			ctl_set_invalid_field(ctsio,
8437					      /*sks_valid*/ 1,
8438					      /*command*/ 0,
8439					      /*field*/ 20,
8440					      /*bit_valid*/ 1,
8441					      /*bit*/ bit_ptr);
8442			ctl_done((union ctl_io *)ctsio);
8443			return (CTL_RETVAL_COMPLETE);
8444		}
8445
8446		mtx_lock(&lun->lun_lock);
8447
8448		/*
8449		 * The initiator wants to clear the
8450		 * key/unregister.
8451		 */
8452		if (sa_res_key == 0) {
8453			if ((res_key == 0
8454			  && (cdb->action & SPRO_ACTION_MASK) == SPRO_REGISTER)
8455			 || ((cdb->action & SPRO_ACTION_MASK) == SPRO_REG_IGNO
8456			  && ctl_get_prkey(lun, residx) == 0)) {
8457				mtx_unlock(&lun->lun_lock);
8458				goto done;
8459			}
8460
8461			ctl_clr_prkey(lun, residx);
8462			lun->pr_key_count--;
8463
8464			if (residx == lun->pr_res_idx) {
8465				lun->flags &= ~CTL_LUN_PR_RESERVED;
8466				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8467
8468				if ((lun->res_type == SPR_TYPE_WR_EX_RO
8469				  || lun->res_type == SPR_TYPE_EX_AC_RO)
8470				 && lun->pr_key_count) {
8471					/*
8472					 * If the reservation is a registrants
8473					 * only type we need to generate a UA
8474					 * for other registered inits.  The
8475					 * sense code should be RESERVATIONS
8476					 * RELEASED
8477					 */
8478
8479					for (i = softc->init_min; i < softc->init_max; i++){
8480						if (ctl_get_prkey(lun, i) == 0)
8481							continue;
8482						ctl_est_ua(lun, i,
8483						    CTL_UA_RES_RELEASE);
8484					}
8485				}
8486				lun->res_type = 0;
8487			} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8488				if (lun->pr_key_count==0) {
8489					lun->flags &= ~CTL_LUN_PR_RESERVED;
8490					lun->res_type = 0;
8491					lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8492				}
8493			}
8494			lun->PRGeneration++;
8495			mtx_unlock(&lun->lun_lock);
8496
8497			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8498			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8499			persis_io.pr.pr_info.action = CTL_PR_UNREG_KEY;
8500			persis_io.pr.pr_info.residx = residx;
8501			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8502			    sizeof(persis_io.pr), M_WAITOK);
8503		} else /* sa_res_key != 0 */ {
8504
8505			/*
8506			 * If we aren't registered currently then increment
8507			 * the key count and set the registered flag.
8508			 */
8509			ctl_alloc_prkey(lun, residx);
8510			if (ctl_get_prkey(lun, residx) == 0)
8511				lun->pr_key_count++;
8512			ctl_set_prkey(lun, residx, sa_res_key);
8513			lun->PRGeneration++;
8514			mtx_unlock(&lun->lun_lock);
8515
8516			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8517			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8518			persis_io.pr.pr_info.action = CTL_PR_REG_KEY;
8519			persis_io.pr.pr_info.residx = residx;
8520			memcpy(persis_io.pr.pr_info.sa_res_key,
8521			       param->serv_act_res_key,
8522			       sizeof(param->serv_act_res_key));
8523			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8524			    sizeof(persis_io.pr), M_WAITOK);
8525		}
8526
8527		break;
8528	}
8529	case SPRO_RESERVE:
8530#if 0
8531                printf("Reserve executed type %d\n", type);
8532#endif
8533		mtx_lock(&lun->lun_lock);
8534		if (lun->flags & CTL_LUN_PR_RESERVED) {
8535			/*
8536			 * if this isn't the reservation holder and it's
8537			 * not a "all registrants" type or if the type is
8538			 * different then we have a conflict
8539			 */
8540			if ((lun->pr_res_idx != residx
8541			  && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS)
8542			 || lun->res_type != type) {
8543				mtx_unlock(&lun->lun_lock);
8544				free(ctsio->kern_data_ptr, M_CTL);
8545				ctl_set_reservation_conflict(ctsio);
8546				ctl_done((union ctl_io *)ctsio);
8547				return (CTL_RETVAL_COMPLETE);
8548			}
8549			mtx_unlock(&lun->lun_lock);
8550		} else /* create a reservation */ {
8551			/*
8552			 * If it's not an "all registrants" type record
8553			 * reservation holder
8554			 */
8555			if (type != SPR_TYPE_WR_EX_AR
8556			 && type != SPR_TYPE_EX_AC_AR)
8557				lun->pr_res_idx = residx; /* Res holder */
8558			else
8559				lun->pr_res_idx = CTL_PR_ALL_REGISTRANTS;
8560
8561			lun->flags |= CTL_LUN_PR_RESERVED;
8562			lun->res_type = type;
8563
8564			mtx_unlock(&lun->lun_lock);
8565
8566			/* send msg to other side */
8567			persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8568			persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8569			persis_io.pr.pr_info.action = CTL_PR_RESERVE;
8570			persis_io.pr.pr_info.residx = lun->pr_res_idx;
8571			persis_io.pr.pr_info.res_type = type;
8572			ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8573			    sizeof(persis_io.pr), M_WAITOK);
8574		}
8575		break;
8576
8577	case SPRO_RELEASE:
8578		mtx_lock(&lun->lun_lock);
8579		if ((lun->flags & CTL_LUN_PR_RESERVED) == 0) {
8580			/* No reservation exists return good status */
8581			mtx_unlock(&lun->lun_lock);
8582			goto done;
8583		}
8584		/*
8585		 * Is this nexus a reservation holder?
8586		 */
8587		if (lun->pr_res_idx != residx
8588		 && lun->pr_res_idx != CTL_PR_ALL_REGISTRANTS) {
8589			/*
8590			 * not a res holder return good status but
8591			 * do nothing
8592			 */
8593			mtx_unlock(&lun->lun_lock);
8594			goto done;
8595		}
8596
8597		if (lun->res_type != type) {
8598			mtx_unlock(&lun->lun_lock);
8599			free(ctsio->kern_data_ptr, M_CTL);
8600			ctl_set_illegal_pr_release(ctsio);
8601			ctl_done((union ctl_io *)ctsio);
8602			return (CTL_RETVAL_COMPLETE);
8603		}
8604
8605		/* okay to release */
8606		lun->flags &= ~CTL_LUN_PR_RESERVED;
8607		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8608		lun->res_type = 0;
8609
8610		/*
8611		 * if this isn't an exclusive access
8612		 * res generate UA for all other
8613		 * registrants.
8614		 */
8615		if (type != SPR_TYPE_EX_AC
8616		 && type != SPR_TYPE_WR_EX) {
8617			for (i = softc->init_min; i < softc->init_max; i++) {
8618				if (i == residx || ctl_get_prkey(lun, i) == 0)
8619					continue;
8620				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8621			}
8622		}
8623		mtx_unlock(&lun->lun_lock);
8624
8625		/* Send msg to other side */
8626		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8627		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8628		persis_io.pr.pr_info.action = CTL_PR_RELEASE;
8629		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8630		     sizeof(persis_io.pr), M_WAITOK);
8631		break;
8632
8633	case SPRO_CLEAR:
8634		/* send msg to other side */
8635
8636		mtx_lock(&lun->lun_lock);
8637		lun->flags &= ~CTL_LUN_PR_RESERVED;
8638		lun->res_type = 0;
8639		lun->pr_key_count = 0;
8640		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8641
8642		ctl_clr_prkey(lun, residx);
8643		for (i = 0; i < CTL_MAX_INITIATORS; i++)
8644			if (ctl_get_prkey(lun, i) != 0) {
8645				ctl_clr_prkey(lun, i);
8646				ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8647			}
8648		lun->PRGeneration++;
8649		mtx_unlock(&lun->lun_lock);
8650
8651		persis_io.hdr.nexus = ctsio->io_hdr.nexus;
8652		persis_io.hdr.msg_type = CTL_MSG_PERS_ACTION;
8653		persis_io.pr.pr_info.action = CTL_PR_CLEAR;
8654		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &persis_io,
8655		     sizeof(persis_io.pr), M_WAITOK);
8656		break;
8657
8658	case SPRO_PREEMPT:
8659	case SPRO_PRE_ABO: {
8660		int nretval;
8661
8662		nretval = ctl_pro_preempt(softc, lun, res_key, sa_res_key, type,
8663					  residx, ctsio, cdb, param);
8664		if (nretval != 0)
8665			return (CTL_RETVAL_COMPLETE);
8666		break;
8667	}
8668	default:
8669		panic("Invalid PR type %x", cdb->action);
8670	}
8671
8672done:
8673	free(ctsio->kern_data_ptr, M_CTL);
8674	ctl_set_success(ctsio);
8675	ctl_done((union ctl_io *)ctsio);
8676
8677	return (retval);
8678}
8679
8680/*
8681 * This routine is for handling a message from the other SC pertaining to
8682 * persistent reserve out. All the error checking will have been done
8683 * so only perorming the action need be done here to keep the two
8684 * in sync.
8685 */
8686static void
8687ctl_hndl_per_res_out_on_other_sc(union ctl_ha_msg *msg)
8688{
8689	struct ctl_softc *softc = control_softc;
8690	struct ctl_lun *lun;
8691	int i;
8692	uint32_t residx, targ_lun;
8693
8694	targ_lun = msg->hdr.nexus.targ_mapped_lun;
8695	mtx_lock(&softc->ctl_lock);
8696	if ((targ_lun >= CTL_MAX_LUNS) ||
8697	    ((lun = softc->ctl_luns[targ_lun]) == NULL)) {
8698		mtx_unlock(&softc->ctl_lock);
8699		return;
8700	}
8701	mtx_lock(&lun->lun_lock);
8702	mtx_unlock(&softc->ctl_lock);
8703	if (lun->flags & CTL_LUN_DISABLED) {
8704		mtx_unlock(&lun->lun_lock);
8705		return;
8706	}
8707	residx = ctl_get_initindex(&msg->hdr.nexus);
8708	switch(msg->pr.pr_info.action) {
8709	case CTL_PR_REG_KEY:
8710		ctl_alloc_prkey(lun, msg->pr.pr_info.residx);
8711		if (ctl_get_prkey(lun, msg->pr.pr_info.residx) == 0)
8712			lun->pr_key_count++;
8713		ctl_set_prkey(lun, msg->pr.pr_info.residx,
8714		    scsi_8btou64(msg->pr.pr_info.sa_res_key));
8715		lun->PRGeneration++;
8716		break;
8717
8718	case CTL_PR_UNREG_KEY:
8719		ctl_clr_prkey(lun, msg->pr.pr_info.residx);
8720		lun->pr_key_count--;
8721
8722		/* XXX Need to see if the reservation has been released */
8723		/* if so do we need to generate UA? */
8724		if (msg->pr.pr_info.residx == lun->pr_res_idx) {
8725			lun->flags &= ~CTL_LUN_PR_RESERVED;
8726			lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8727
8728			if ((lun->res_type == SPR_TYPE_WR_EX_RO
8729			  || lun->res_type == SPR_TYPE_EX_AC_RO)
8730			 && lun->pr_key_count) {
8731				/*
8732				 * If the reservation is a registrants
8733				 * only type we need to generate a UA
8734				 * for other registered inits.  The
8735				 * sense code should be RESERVATIONS
8736				 * RELEASED
8737				 */
8738
8739				for (i = softc->init_min; i < softc->init_max; i++) {
8740					if (ctl_get_prkey(lun, i) == 0)
8741						continue;
8742
8743					ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8744				}
8745			}
8746			lun->res_type = 0;
8747		} else if (lun->pr_res_idx == CTL_PR_ALL_REGISTRANTS) {
8748			if (lun->pr_key_count==0) {
8749				lun->flags &= ~CTL_LUN_PR_RESERVED;
8750				lun->res_type = 0;
8751				lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8752			}
8753		}
8754		lun->PRGeneration++;
8755		break;
8756
8757	case CTL_PR_RESERVE:
8758		lun->flags |= CTL_LUN_PR_RESERVED;
8759		lun->res_type = msg->pr.pr_info.res_type;
8760		lun->pr_res_idx = msg->pr.pr_info.residx;
8761
8762		break;
8763
8764	case CTL_PR_RELEASE:
8765		/*
8766		 * if this isn't an exclusive access res generate UA for all
8767		 * other registrants.
8768		 */
8769		if (lun->res_type != SPR_TYPE_EX_AC
8770		 && lun->res_type != SPR_TYPE_WR_EX) {
8771			for (i = softc->init_min; i < softc->init_max; i++)
8772				if (i == residx || ctl_get_prkey(lun, i) == 0)
8773					continue;
8774				ctl_est_ua(lun, i, CTL_UA_RES_RELEASE);
8775		}
8776
8777		lun->flags &= ~CTL_LUN_PR_RESERVED;
8778		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8779		lun->res_type = 0;
8780		break;
8781
8782	case CTL_PR_PREEMPT:
8783		ctl_pro_preempt_other(lun, msg);
8784		break;
8785	case CTL_PR_CLEAR:
8786		lun->flags &= ~CTL_LUN_PR_RESERVED;
8787		lun->res_type = 0;
8788		lun->pr_key_count = 0;
8789		lun->pr_res_idx = CTL_PR_NO_RESERVATION;
8790
8791		for (i=0; i < CTL_MAX_INITIATORS; i++) {
8792			if (ctl_get_prkey(lun, i) == 0)
8793				continue;
8794			ctl_clr_prkey(lun, i);
8795			ctl_est_ua(lun, i, CTL_UA_REG_PREEMPT);
8796		}
8797		lun->PRGeneration++;
8798		break;
8799	}
8800
8801	mtx_unlock(&lun->lun_lock);
8802}
8803
8804int
8805ctl_read_write(struct ctl_scsiio *ctsio)
8806{
8807	struct ctl_lun *lun;
8808	struct ctl_lba_len_flags *lbalen;
8809	uint64_t lba;
8810	uint32_t num_blocks;
8811	int flags, retval;
8812	int isread;
8813
8814	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
8815
8816	CTL_DEBUG_PRINT(("ctl_read_write: command: %#x\n", ctsio->cdb[0]));
8817
8818	flags = 0;
8819	isread = ctsio->cdb[0] == READ_6  || ctsio->cdb[0] == READ_10
8820	      || ctsio->cdb[0] == READ_12 || ctsio->cdb[0] == READ_16;
8821	switch (ctsio->cdb[0]) {
8822	case READ_6:
8823	case WRITE_6: {
8824		struct scsi_rw_6 *cdb;
8825
8826		cdb = (struct scsi_rw_6 *)ctsio->cdb;
8827
8828		lba = scsi_3btoul(cdb->addr);
8829		/* only 5 bits are valid in the most significant address byte */
8830		lba &= 0x1fffff;
8831		num_blocks = cdb->length;
8832		/*
8833		 * This is correct according to SBC-2.
8834		 */
8835		if (num_blocks == 0)
8836			num_blocks = 256;
8837		break;
8838	}
8839	case READ_10:
8840	case WRITE_10: {
8841		struct scsi_rw_10 *cdb;
8842
8843		cdb = (struct scsi_rw_10 *)ctsio->cdb;
8844		if (cdb->byte2 & SRW10_FUA)
8845			flags |= CTL_LLF_FUA;
8846		if (cdb->byte2 & SRW10_DPO)
8847			flags |= CTL_LLF_DPO;
8848		lba = scsi_4btoul(cdb->addr);
8849		num_blocks = scsi_2btoul(cdb->length);
8850		break;
8851	}
8852	case WRITE_VERIFY_10: {
8853		struct scsi_write_verify_10 *cdb;
8854
8855		cdb = (struct scsi_write_verify_10 *)ctsio->cdb;
8856		flags |= CTL_LLF_FUA;
8857		if (cdb->byte2 & SWV_DPO)
8858			flags |= CTL_LLF_DPO;
8859		lba = scsi_4btoul(cdb->addr);
8860		num_blocks = scsi_2btoul(cdb->length);
8861		break;
8862	}
8863	case READ_12:
8864	case WRITE_12: {
8865		struct scsi_rw_12 *cdb;
8866
8867		cdb = (struct scsi_rw_12 *)ctsio->cdb;
8868		if (cdb->byte2 & SRW12_FUA)
8869			flags |= CTL_LLF_FUA;
8870		if (cdb->byte2 & SRW12_DPO)
8871			flags |= CTL_LLF_DPO;
8872		lba = scsi_4btoul(cdb->addr);
8873		num_blocks = scsi_4btoul(cdb->length);
8874		break;
8875	}
8876	case WRITE_VERIFY_12: {
8877		struct scsi_write_verify_12 *cdb;
8878
8879		cdb = (struct scsi_write_verify_12 *)ctsio->cdb;
8880		flags |= CTL_LLF_FUA;
8881		if (cdb->byte2 & SWV_DPO)
8882			flags |= CTL_LLF_DPO;
8883		lba = scsi_4btoul(cdb->addr);
8884		num_blocks = scsi_4btoul(cdb->length);
8885		break;
8886	}
8887	case READ_16:
8888	case WRITE_16: {
8889		struct scsi_rw_16 *cdb;
8890
8891		cdb = (struct scsi_rw_16 *)ctsio->cdb;
8892		if (cdb->byte2 & SRW12_FUA)
8893			flags |= CTL_LLF_FUA;
8894		if (cdb->byte2 & SRW12_DPO)
8895			flags |= CTL_LLF_DPO;
8896		lba = scsi_8btou64(cdb->addr);
8897		num_blocks = scsi_4btoul(cdb->length);
8898		break;
8899	}
8900	case WRITE_ATOMIC_16: {
8901		struct scsi_write_atomic_16 *cdb;
8902
8903		if (lun->be_lun->atomicblock == 0) {
8904			ctl_set_invalid_opcode(ctsio);
8905			ctl_done((union ctl_io *)ctsio);
8906			return (CTL_RETVAL_COMPLETE);
8907		}
8908
8909		cdb = (struct scsi_write_atomic_16 *)ctsio->cdb;
8910		if (cdb->byte2 & SRW12_FUA)
8911			flags |= CTL_LLF_FUA;
8912		if (cdb->byte2 & SRW12_DPO)
8913			flags |= CTL_LLF_DPO;
8914		lba = scsi_8btou64(cdb->addr);
8915		num_blocks = scsi_2btoul(cdb->length);
8916		if (num_blocks > lun->be_lun->atomicblock) {
8917			ctl_set_invalid_field(ctsio, /*sks_valid*/ 1,
8918			    /*command*/ 1, /*field*/ 12, /*bit_valid*/ 0,
8919			    /*bit*/ 0);
8920			ctl_done((union ctl_io *)ctsio);
8921			return (CTL_RETVAL_COMPLETE);
8922		}
8923		break;
8924	}
8925	case WRITE_VERIFY_16: {
8926		struct scsi_write_verify_16 *cdb;
8927
8928		cdb = (struct scsi_write_verify_16 *)ctsio->cdb;
8929		flags |= CTL_LLF_FUA;
8930		if (cdb->byte2 & SWV_DPO)
8931			flags |= CTL_LLF_DPO;
8932		lba = scsi_8btou64(cdb->addr);
8933		num_blocks = scsi_4btoul(cdb->length);
8934		break;
8935	}
8936	default:
8937		/*
8938		 * We got a command we don't support.  This shouldn't
8939		 * happen, commands should be filtered out above us.
8940		 */
8941		ctl_set_invalid_opcode(ctsio);
8942		ctl_done((union ctl_io *)ctsio);
8943
8944		return (CTL_RETVAL_COMPLETE);
8945		break; /* NOTREACHED */
8946	}
8947
8948	/*
8949	 * The first check is to make sure we're in bounds, the second
8950	 * check is to catch wrap-around problems.  If the lba + num blocks
8951	 * is less than the lba, then we've wrapped around and the block
8952	 * range is invalid anyway.
8953	 */
8954	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
8955	 || ((lba + num_blocks) < lba)) {
8956		ctl_set_lba_out_of_range(ctsio);
8957		ctl_done((union ctl_io *)ctsio);
8958		return (CTL_RETVAL_COMPLETE);
8959	}
8960
8961	/*
8962	 * According to SBC-3, a transfer length of 0 is not an error.
8963	 * Note that this cannot happen with WRITE(6) or READ(6), since 0
8964	 * translates to 256 blocks for those commands.
8965	 */
8966	if (num_blocks == 0) {
8967		ctl_set_success(ctsio);
8968		ctl_done((union ctl_io *)ctsio);
8969		return (CTL_RETVAL_COMPLETE);
8970	}
8971
8972	/* Set FUA and/or DPO if caches are disabled. */
8973	if (isread) {
8974		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8975		    SCP_RCD) != 0)
8976			flags |= CTL_LLF_FUA | CTL_LLF_DPO;
8977	} else {
8978		if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
8979		    SCP_WCE) == 0)
8980			flags |= CTL_LLF_FUA;
8981	}
8982
8983	lbalen = (struct ctl_lba_len_flags *)
8984	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
8985	lbalen->lba = lba;
8986	lbalen->len = num_blocks;
8987	lbalen->flags = (isread ? CTL_LLF_READ : CTL_LLF_WRITE) | flags;
8988
8989	ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
8990	ctsio->kern_rel_offset = 0;
8991
8992	CTL_DEBUG_PRINT(("ctl_read_write: calling data_submit()\n"));
8993
8994	retval = lun->backend->data_submit((union ctl_io *)ctsio);
8995	return (retval);
8996}
8997
8998static int
8999ctl_cnw_cont(union ctl_io *io)
9000{
9001	struct ctl_scsiio *ctsio;
9002	struct ctl_lun *lun;
9003	struct ctl_lba_len_flags *lbalen;
9004	int retval;
9005
9006	ctsio = &io->scsiio;
9007	ctsio->io_hdr.status = CTL_STATUS_NONE;
9008	ctsio->io_hdr.flags &= ~CTL_FLAG_IO_CONT;
9009	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9010	lbalen = (struct ctl_lba_len_flags *)
9011	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9012	lbalen->flags &= ~CTL_LLF_COMPARE;
9013	lbalen->flags |= CTL_LLF_WRITE;
9014
9015	CTL_DEBUG_PRINT(("ctl_cnw_cont: calling data_submit()\n"));
9016	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9017	return (retval);
9018}
9019
9020int
9021ctl_cnw(struct ctl_scsiio *ctsio)
9022{
9023	struct ctl_lun *lun;
9024	struct ctl_lba_len_flags *lbalen;
9025	uint64_t lba;
9026	uint32_t num_blocks;
9027	int flags, retval;
9028
9029	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9030
9031	CTL_DEBUG_PRINT(("ctl_cnw: command: %#x\n", ctsio->cdb[0]));
9032
9033	flags = 0;
9034	switch (ctsio->cdb[0]) {
9035	case COMPARE_AND_WRITE: {
9036		struct scsi_compare_and_write *cdb;
9037
9038		cdb = (struct scsi_compare_and_write *)ctsio->cdb;
9039		if (cdb->byte2 & SRW10_FUA)
9040			flags |= CTL_LLF_FUA;
9041		if (cdb->byte2 & SRW10_DPO)
9042			flags |= CTL_LLF_DPO;
9043		lba = scsi_8btou64(cdb->addr);
9044		num_blocks = cdb->length;
9045		break;
9046	}
9047	default:
9048		/*
9049		 * We got a command we don't support.  This shouldn't
9050		 * happen, commands should be filtered out above us.
9051		 */
9052		ctl_set_invalid_opcode(ctsio);
9053		ctl_done((union ctl_io *)ctsio);
9054
9055		return (CTL_RETVAL_COMPLETE);
9056		break; /* NOTREACHED */
9057	}
9058
9059	/*
9060	 * The first check is to make sure we're in bounds, the second
9061	 * check is to catch wrap-around problems.  If the lba + num blocks
9062	 * is less than the lba, then we've wrapped around and the block
9063	 * range is invalid anyway.
9064	 */
9065	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9066	 || ((lba + num_blocks) < lba)) {
9067		ctl_set_lba_out_of_range(ctsio);
9068		ctl_done((union ctl_io *)ctsio);
9069		return (CTL_RETVAL_COMPLETE);
9070	}
9071
9072	/*
9073	 * According to SBC-3, a transfer length of 0 is not an error.
9074	 */
9075	if (num_blocks == 0) {
9076		ctl_set_success(ctsio);
9077		ctl_done((union ctl_io *)ctsio);
9078		return (CTL_RETVAL_COMPLETE);
9079	}
9080
9081	/* Set FUA if write cache is disabled. */
9082	if ((lun->mode_pages.caching_page[CTL_PAGE_CURRENT].flags1 &
9083	    SCP_WCE) == 0)
9084		flags |= CTL_LLF_FUA;
9085
9086	ctsio->kern_total_len = 2 * num_blocks * lun->be_lun->blocksize;
9087	ctsio->kern_rel_offset = 0;
9088
9089	/*
9090	 * Set the IO_CONT flag, so that if this I/O gets passed to
9091	 * ctl_data_submit_done(), it'll get passed back to
9092	 * ctl_ctl_cnw_cont() for further processing.
9093	 */
9094	ctsio->io_hdr.flags |= CTL_FLAG_IO_CONT;
9095	ctsio->io_cont = ctl_cnw_cont;
9096
9097	lbalen = (struct ctl_lba_len_flags *)
9098	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9099	lbalen->lba = lba;
9100	lbalen->len = num_blocks;
9101	lbalen->flags = CTL_LLF_COMPARE | flags;
9102
9103	CTL_DEBUG_PRINT(("ctl_cnw: calling data_submit()\n"));
9104	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9105	return (retval);
9106}
9107
9108int
9109ctl_verify(struct ctl_scsiio *ctsio)
9110{
9111	struct ctl_lun *lun;
9112	struct ctl_lba_len_flags *lbalen;
9113	uint64_t lba;
9114	uint32_t num_blocks;
9115	int bytchk, flags;
9116	int retval;
9117
9118	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9119
9120	CTL_DEBUG_PRINT(("ctl_verify: command: %#x\n", ctsio->cdb[0]));
9121
9122	bytchk = 0;
9123	flags = CTL_LLF_FUA;
9124	switch (ctsio->cdb[0]) {
9125	case VERIFY_10: {
9126		struct scsi_verify_10 *cdb;
9127
9128		cdb = (struct scsi_verify_10 *)ctsio->cdb;
9129		if (cdb->byte2 & SVFY_BYTCHK)
9130			bytchk = 1;
9131		if (cdb->byte2 & SVFY_DPO)
9132			flags |= CTL_LLF_DPO;
9133		lba = scsi_4btoul(cdb->addr);
9134		num_blocks = scsi_2btoul(cdb->length);
9135		break;
9136	}
9137	case VERIFY_12: {
9138		struct scsi_verify_12 *cdb;
9139
9140		cdb = (struct scsi_verify_12 *)ctsio->cdb;
9141		if (cdb->byte2 & SVFY_BYTCHK)
9142			bytchk = 1;
9143		if (cdb->byte2 & SVFY_DPO)
9144			flags |= CTL_LLF_DPO;
9145		lba = scsi_4btoul(cdb->addr);
9146		num_blocks = scsi_4btoul(cdb->length);
9147		break;
9148	}
9149	case VERIFY_16: {
9150		struct scsi_rw_16 *cdb;
9151
9152		cdb = (struct scsi_rw_16 *)ctsio->cdb;
9153		if (cdb->byte2 & SVFY_BYTCHK)
9154			bytchk = 1;
9155		if (cdb->byte2 & SVFY_DPO)
9156			flags |= CTL_LLF_DPO;
9157		lba = scsi_8btou64(cdb->addr);
9158		num_blocks = scsi_4btoul(cdb->length);
9159		break;
9160	}
9161	default:
9162		/*
9163		 * We got a command we don't support.  This shouldn't
9164		 * happen, commands should be filtered out above us.
9165		 */
9166		ctl_set_invalid_opcode(ctsio);
9167		ctl_done((union ctl_io *)ctsio);
9168		return (CTL_RETVAL_COMPLETE);
9169	}
9170
9171	/*
9172	 * The first check is to make sure we're in bounds, the second
9173	 * check is to catch wrap-around problems.  If the lba + num blocks
9174	 * is less than the lba, then we've wrapped around and the block
9175	 * range is invalid anyway.
9176	 */
9177	if (((lba + num_blocks) > (lun->be_lun->maxlba + 1))
9178	 || ((lba + num_blocks) < lba)) {
9179		ctl_set_lba_out_of_range(ctsio);
9180		ctl_done((union ctl_io *)ctsio);
9181		return (CTL_RETVAL_COMPLETE);
9182	}
9183
9184	/*
9185	 * According to SBC-3, a transfer length of 0 is not an error.
9186	 */
9187	if (num_blocks == 0) {
9188		ctl_set_success(ctsio);
9189		ctl_done((union ctl_io *)ctsio);
9190		return (CTL_RETVAL_COMPLETE);
9191	}
9192
9193	lbalen = (struct ctl_lba_len_flags *)
9194	    &ctsio->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
9195	lbalen->lba = lba;
9196	lbalen->len = num_blocks;
9197	if (bytchk) {
9198		lbalen->flags = CTL_LLF_COMPARE | flags;
9199		ctsio->kern_total_len = num_blocks * lun->be_lun->blocksize;
9200	} else {
9201		lbalen->flags = CTL_LLF_VERIFY | flags;
9202		ctsio->kern_total_len = 0;
9203	}
9204	ctsio->kern_rel_offset = 0;
9205
9206	CTL_DEBUG_PRINT(("ctl_verify: calling data_submit()\n"));
9207	retval = lun->backend->data_submit((union ctl_io *)ctsio);
9208	return (retval);
9209}
9210
9211int
9212ctl_report_luns(struct ctl_scsiio *ctsio)
9213{
9214	struct ctl_softc *softc;
9215	struct scsi_report_luns *cdb;
9216	struct scsi_report_luns_data *lun_data;
9217	struct ctl_lun *lun, *request_lun;
9218	struct ctl_port *port;
9219	int num_luns, retval;
9220	uint32_t alloc_len, lun_datalen;
9221	int num_filled;
9222	uint32_t initidx, targ_lun_id, lun_id;
9223
9224	retval = CTL_RETVAL_COMPLETE;
9225	cdb = (struct scsi_report_luns *)ctsio->cdb;
9226	port = ctl_io_port(&ctsio->io_hdr);
9227	softc = port->ctl_softc;
9228
9229	CTL_DEBUG_PRINT(("ctl_report_luns\n"));
9230
9231	mtx_lock(&softc->ctl_lock);
9232	num_luns = 0;
9233	for (targ_lun_id = 0; targ_lun_id < CTL_MAX_LUNS; targ_lun_id++) {
9234		if (ctl_lun_map_from_port(port, targ_lun_id) < CTL_MAX_LUNS)
9235			num_luns++;
9236	}
9237	mtx_unlock(&softc->ctl_lock);
9238
9239	switch (cdb->select_report) {
9240	case RPL_REPORT_DEFAULT:
9241	case RPL_REPORT_ALL:
9242	case RPL_REPORT_NONSUBSID:
9243		break;
9244	case RPL_REPORT_WELLKNOWN:
9245	case RPL_REPORT_ADMIN:
9246	case RPL_REPORT_CONGLOM:
9247		num_luns = 0;
9248		break;
9249	default:
9250		ctl_set_invalid_field(ctsio,
9251				      /*sks_valid*/ 1,
9252				      /*command*/ 1,
9253				      /*field*/ 2,
9254				      /*bit_valid*/ 0,
9255				      /*bit*/ 0);
9256		ctl_done((union ctl_io *)ctsio);
9257		return (retval);
9258		break; /* NOTREACHED */
9259	}
9260
9261	alloc_len = scsi_4btoul(cdb->length);
9262	/*
9263	 * The initiator has to allocate at least 16 bytes for this request,
9264	 * so he can at least get the header and the first LUN.  Otherwise
9265	 * we reject the request (per SPC-3 rev 14, section 6.21).
9266	 */
9267	if (alloc_len < (sizeof(struct scsi_report_luns_data) +
9268	    sizeof(struct scsi_report_luns_lundata))) {
9269		ctl_set_invalid_field(ctsio,
9270				      /*sks_valid*/ 1,
9271				      /*command*/ 1,
9272				      /*field*/ 6,
9273				      /*bit_valid*/ 0,
9274				      /*bit*/ 0);
9275		ctl_done((union ctl_io *)ctsio);
9276		return (retval);
9277	}
9278
9279	request_lun = (struct ctl_lun *)
9280		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9281
9282	lun_datalen = sizeof(*lun_data) +
9283		(num_luns * sizeof(struct scsi_report_luns_lundata));
9284
9285	ctsio->kern_data_ptr = malloc(lun_datalen, M_CTL, M_WAITOK | M_ZERO);
9286	lun_data = (struct scsi_report_luns_data *)ctsio->kern_data_ptr;
9287	ctsio->kern_sg_entries = 0;
9288
9289	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9290
9291	mtx_lock(&softc->ctl_lock);
9292	for (targ_lun_id = 0, num_filled = 0; targ_lun_id < CTL_MAX_LUNS && num_filled < num_luns; targ_lun_id++) {
9293		lun_id = ctl_lun_map_from_port(port, targ_lun_id);
9294		if (lun_id >= CTL_MAX_LUNS)
9295			continue;
9296		lun = softc->ctl_luns[lun_id];
9297		if (lun == NULL)
9298			continue;
9299
9300		if (targ_lun_id <= 0xff) {
9301			/*
9302			 * Peripheral addressing method, bus number 0.
9303			 */
9304			lun_data->luns[num_filled].lundata[0] =
9305				RPL_LUNDATA_ATYP_PERIPH;
9306			lun_data->luns[num_filled].lundata[1] = targ_lun_id;
9307			num_filled++;
9308		} else if (targ_lun_id <= 0x3fff) {
9309			/*
9310			 * Flat addressing method.
9311			 */
9312			lun_data->luns[num_filled].lundata[0] =
9313				RPL_LUNDATA_ATYP_FLAT | (targ_lun_id >> 8);
9314			lun_data->luns[num_filled].lundata[1] =
9315				(targ_lun_id & 0xff);
9316			num_filled++;
9317		} else if (targ_lun_id <= 0xffffff) {
9318			/*
9319			 * Extended flat addressing method.
9320			 */
9321			lun_data->luns[num_filled].lundata[0] =
9322			    RPL_LUNDATA_ATYP_EXTLUN | 0x12;
9323			scsi_ulto3b(targ_lun_id,
9324			    &lun_data->luns[num_filled].lundata[1]);
9325			num_filled++;
9326		} else {
9327			printf("ctl_report_luns: bogus LUN number %jd, "
9328			       "skipping\n", (intmax_t)targ_lun_id);
9329		}
9330		/*
9331		 * According to SPC-3, rev 14 section 6.21:
9332		 *
9333		 * "The execution of a REPORT LUNS command to any valid and
9334		 * installed logical unit shall clear the REPORTED LUNS DATA
9335		 * HAS CHANGED unit attention condition for all logical
9336		 * units of that target with respect to the requesting
9337		 * initiator. A valid and installed logical unit is one
9338		 * having a PERIPHERAL QUALIFIER of 000b in the standard
9339		 * INQUIRY data (see 6.4.2)."
9340		 *
9341		 * If request_lun is NULL, the LUN this report luns command
9342		 * was issued to is either disabled or doesn't exist. In that
9343		 * case, we shouldn't clear any pending lun change unit
9344		 * attention.
9345		 */
9346		if (request_lun != NULL) {
9347			mtx_lock(&lun->lun_lock);
9348			ctl_clr_ua(lun, initidx, CTL_UA_LUN_CHANGE);
9349			mtx_unlock(&lun->lun_lock);
9350		}
9351	}
9352	mtx_unlock(&softc->ctl_lock);
9353
9354	/*
9355	 * It's quite possible that we've returned fewer LUNs than we allocated
9356	 * space for.  Trim it.
9357	 */
9358	lun_datalen = sizeof(*lun_data) +
9359		(num_filled * sizeof(struct scsi_report_luns_lundata));
9360
9361	if (lun_datalen < alloc_len) {
9362		ctsio->residual = alloc_len - lun_datalen;
9363		ctsio->kern_data_len = lun_datalen;
9364		ctsio->kern_total_len = lun_datalen;
9365	} else {
9366		ctsio->residual = 0;
9367		ctsio->kern_data_len = alloc_len;
9368		ctsio->kern_total_len = alloc_len;
9369	}
9370	ctsio->kern_data_resid = 0;
9371	ctsio->kern_rel_offset = 0;
9372	ctsio->kern_sg_entries = 0;
9373
9374	/*
9375	 * We set this to the actual data length, regardless of how much
9376	 * space we actually have to return results.  If the user looks at
9377	 * this value, he'll know whether or not he allocated enough space
9378	 * and reissue the command if necessary.  We don't support well
9379	 * known logical units, so if the user asks for that, return none.
9380	 */
9381	scsi_ulto4b(lun_datalen - 8, lun_data->length);
9382
9383	/*
9384	 * We can only return SCSI_STATUS_CHECK_COND when we can't satisfy
9385	 * this request.
9386	 */
9387	ctl_set_success(ctsio);
9388	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9389	ctsio->be_move_done = ctl_config_move_done;
9390	ctl_datamove((union ctl_io *)ctsio);
9391	return (retval);
9392}
9393
9394int
9395ctl_request_sense(struct ctl_scsiio *ctsio)
9396{
9397	struct scsi_request_sense *cdb;
9398	struct scsi_sense_data *sense_ptr;
9399	struct ctl_softc *ctl_softc;
9400	struct ctl_lun *lun;
9401	uint32_t initidx;
9402	int have_error;
9403	scsi_sense_data_type sense_format;
9404	ctl_ua_type ua_type;
9405
9406	cdb = (struct scsi_request_sense *)ctsio->cdb;
9407
9408	ctl_softc = control_softc;
9409	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9410
9411	CTL_DEBUG_PRINT(("ctl_request_sense\n"));
9412
9413	/*
9414	 * Determine which sense format the user wants.
9415	 */
9416	if (cdb->byte2 & SRS_DESC)
9417		sense_format = SSD_TYPE_DESC;
9418	else
9419		sense_format = SSD_TYPE_FIXED;
9420
9421	ctsio->kern_data_ptr = malloc(sizeof(*sense_ptr), M_CTL, M_WAITOK);
9422	sense_ptr = (struct scsi_sense_data *)ctsio->kern_data_ptr;
9423	ctsio->kern_sg_entries = 0;
9424
9425	/*
9426	 * struct scsi_sense_data, which is currently set to 256 bytes, is
9427	 * larger than the largest allowed value for the length field in the
9428	 * REQUEST SENSE CDB, which is 252 bytes as of SPC-4.
9429	 */
9430	ctsio->residual = 0;
9431	ctsio->kern_data_len = cdb->length;
9432	ctsio->kern_total_len = cdb->length;
9433
9434	ctsio->kern_data_resid = 0;
9435	ctsio->kern_rel_offset = 0;
9436	ctsio->kern_sg_entries = 0;
9437
9438	/*
9439	 * If we don't have a LUN, we don't have any pending sense.
9440	 */
9441	if (lun == NULL)
9442		goto no_sense;
9443
9444	have_error = 0;
9445	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
9446	/*
9447	 * Check for pending sense, and then for pending unit attentions.
9448	 * Pending sense gets returned first, then pending unit attentions.
9449	 */
9450	mtx_lock(&lun->lun_lock);
9451#ifdef CTL_WITH_CA
9452	if (ctl_is_set(lun->have_ca, initidx)) {
9453		scsi_sense_data_type stored_format;
9454
9455		/*
9456		 * Check to see which sense format was used for the stored
9457		 * sense data.
9458		 */
9459		stored_format = scsi_sense_type(&lun->pending_sense[initidx]);
9460
9461		/*
9462		 * If the user requested a different sense format than the
9463		 * one we stored, then we need to convert it to the other
9464		 * format.  If we're going from descriptor to fixed format
9465		 * sense data, we may lose things in translation, depending
9466		 * on what options were used.
9467		 *
9468		 * If the stored format is SSD_TYPE_NONE (i.e. invalid),
9469		 * for some reason we'll just copy it out as-is.
9470		 */
9471		if ((stored_format == SSD_TYPE_FIXED)
9472		 && (sense_format == SSD_TYPE_DESC))
9473			ctl_sense_to_desc((struct scsi_sense_data_fixed *)
9474			    &lun->pending_sense[initidx],
9475			    (struct scsi_sense_data_desc *)sense_ptr);
9476		else if ((stored_format == SSD_TYPE_DESC)
9477		      && (sense_format == SSD_TYPE_FIXED))
9478			ctl_sense_to_fixed((struct scsi_sense_data_desc *)
9479			    &lun->pending_sense[initidx],
9480			    (struct scsi_sense_data_fixed *)sense_ptr);
9481		else
9482			memcpy(sense_ptr, &lun->pending_sense[initidx],
9483			       MIN(sizeof(*sense_ptr),
9484			       sizeof(lun->pending_sense[initidx])));
9485
9486		ctl_clear_mask(lun->have_ca, initidx);
9487		have_error = 1;
9488	} else
9489#endif
9490	{
9491		ua_type = ctl_build_ua(lun, initidx, sense_ptr, sense_format);
9492		if (ua_type != CTL_UA_NONE)
9493			have_error = 1;
9494		if (ua_type == CTL_UA_LUN_CHANGE) {
9495			mtx_unlock(&lun->lun_lock);
9496			mtx_lock(&ctl_softc->ctl_lock);
9497			ctl_clr_ua_allluns(ctl_softc, initidx, ua_type);
9498			mtx_unlock(&ctl_softc->ctl_lock);
9499			mtx_lock(&lun->lun_lock);
9500		}
9501
9502	}
9503	mtx_unlock(&lun->lun_lock);
9504
9505	/*
9506	 * We already have a pending error, return it.
9507	 */
9508	if (have_error != 0) {
9509		/*
9510		 * We report the SCSI status as OK, since the status of the
9511		 * request sense command itself is OK.
9512		 * We report 0 for the sense length, because we aren't doing
9513		 * autosense in this case.  We're reporting sense as
9514		 * parameter data.
9515		 */
9516		ctl_set_success(ctsio);
9517		ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9518		ctsio->be_move_done = ctl_config_move_done;
9519		ctl_datamove((union ctl_io *)ctsio);
9520		return (CTL_RETVAL_COMPLETE);
9521	}
9522
9523no_sense:
9524
9525	/*
9526	 * No sense information to report, so we report that everything is
9527	 * okay.
9528	 */
9529	ctl_set_sense_data(sense_ptr,
9530			   lun,
9531			   sense_format,
9532			   /*current_error*/ 1,
9533			   /*sense_key*/ SSD_KEY_NO_SENSE,
9534			   /*asc*/ 0x00,
9535			   /*ascq*/ 0x00,
9536			   SSD_ELEM_NONE);
9537
9538	/*
9539	 * We report 0 for the sense length, because we aren't doing
9540	 * autosense in this case.  We're reporting sense as parameter data.
9541	 */
9542	ctl_set_success(ctsio);
9543	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9544	ctsio->be_move_done = ctl_config_move_done;
9545	ctl_datamove((union ctl_io *)ctsio);
9546	return (CTL_RETVAL_COMPLETE);
9547}
9548
9549int
9550ctl_tur(struct ctl_scsiio *ctsio)
9551{
9552
9553	CTL_DEBUG_PRINT(("ctl_tur\n"));
9554
9555	ctl_set_success(ctsio);
9556	ctl_done((union ctl_io *)ctsio);
9557
9558	return (CTL_RETVAL_COMPLETE);
9559}
9560
9561/*
9562 * SCSI VPD page 0x00, the Supported VPD Pages page.
9563 */
9564static int
9565ctl_inquiry_evpd_supported(struct ctl_scsiio *ctsio, int alloc_len)
9566{
9567	struct scsi_vpd_supported_pages *pages;
9568	int sup_page_size;
9569	struct ctl_lun *lun;
9570	int p;
9571
9572	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9573
9574	sup_page_size = sizeof(struct scsi_vpd_supported_pages) *
9575	    SCSI_EVPD_NUM_SUPPORTED_PAGES;
9576	ctsio->kern_data_ptr = malloc(sup_page_size, M_CTL, M_WAITOK | M_ZERO);
9577	pages = (struct scsi_vpd_supported_pages *)ctsio->kern_data_ptr;
9578	ctsio->kern_sg_entries = 0;
9579
9580	if (sup_page_size < alloc_len) {
9581		ctsio->residual = alloc_len - sup_page_size;
9582		ctsio->kern_data_len = sup_page_size;
9583		ctsio->kern_total_len = sup_page_size;
9584	} else {
9585		ctsio->residual = 0;
9586		ctsio->kern_data_len = alloc_len;
9587		ctsio->kern_total_len = alloc_len;
9588	}
9589	ctsio->kern_data_resid = 0;
9590	ctsio->kern_rel_offset = 0;
9591	ctsio->kern_sg_entries = 0;
9592
9593	/*
9594	 * The control device is always connected.  The disk device, on the
9595	 * other hand, may not be online all the time.  Need to change this
9596	 * to figure out whether the disk device is actually online or not.
9597	 */
9598	if (lun != NULL)
9599		pages->device = (SID_QUAL_LU_CONNECTED << 5) |
9600				lun->be_lun->lun_type;
9601	else
9602		pages->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9603
9604	p = 0;
9605	/* Supported VPD pages */
9606	pages->page_list[p++] = SVPD_SUPPORTED_PAGES;
9607	/* Serial Number */
9608	pages->page_list[p++] = SVPD_UNIT_SERIAL_NUMBER;
9609	/* Device Identification */
9610	pages->page_list[p++] = SVPD_DEVICE_ID;
9611	/* Extended INQUIRY Data */
9612	pages->page_list[p++] = SVPD_EXTENDED_INQUIRY_DATA;
9613	/* Mode Page Policy */
9614	pages->page_list[p++] = SVPD_MODE_PAGE_POLICY;
9615	/* SCSI Ports */
9616	pages->page_list[p++] = SVPD_SCSI_PORTS;
9617	/* Third-party Copy */
9618	pages->page_list[p++] = SVPD_SCSI_TPC;
9619	if (lun != NULL && lun->be_lun->lun_type == T_DIRECT) {
9620		/* Block limits */
9621		pages->page_list[p++] = SVPD_BLOCK_LIMITS;
9622		/* Block Device Characteristics */
9623		pages->page_list[p++] = SVPD_BDC;
9624		/* Logical Block Provisioning */
9625		pages->page_list[p++] = SVPD_LBP;
9626	}
9627	pages->length = p;
9628
9629	ctl_set_success(ctsio);
9630	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9631	ctsio->be_move_done = ctl_config_move_done;
9632	ctl_datamove((union ctl_io *)ctsio);
9633	return (CTL_RETVAL_COMPLETE);
9634}
9635
9636/*
9637 * SCSI VPD page 0x80, the Unit Serial Number page.
9638 */
9639static int
9640ctl_inquiry_evpd_serial(struct ctl_scsiio *ctsio, int alloc_len)
9641{
9642	struct scsi_vpd_unit_serial_number *sn_ptr;
9643	struct ctl_lun *lun;
9644	int data_len;
9645
9646	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9647
9648	data_len = 4 + CTL_SN_LEN;
9649	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9650	sn_ptr = (struct scsi_vpd_unit_serial_number *)ctsio->kern_data_ptr;
9651	if (data_len < alloc_len) {
9652		ctsio->residual = alloc_len - data_len;
9653		ctsio->kern_data_len = data_len;
9654		ctsio->kern_total_len = data_len;
9655	} else {
9656		ctsio->residual = 0;
9657		ctsio->kern_data_len = alloc_len;
9658		ctsio->kern_total_len = alloc_len;
9659	}
9660	ctsio->kern_data_resid = 0;
9661	ctsio->kern_rel_offset = 0;
9662	ctsio->kern_sg_entries = 0;
9663
9664	/*
9665	 * The control device is always connected.  The disk device, on the
9666	 * other hand, may not be online all the time.  Need to change this
9667	 * to figure out whether the disk device is actually online or not.
9668	 */
9669	if (lun != NULL)
9670		sn_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9671				  lun->be_lun->lun_type;
9672	else
9673		sn_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9674
9675	sn_ptr->page_code = SVPD_UNIT_SERIAL_NUMBER;
9676	sn_ptr->length = CTL_SN_LEN;
9677	/*
9678	 * If we don't have a LUN, we just leave the serial number as
9679	 * all spaces.
9680	 */
9681	if (lun != NULL) {
9682		strncpy((char *)sn_ptr->serial_num,
9683			(char *)lun->be_lun->serial_num, CTL_SN_LEN);
9684	} else
9685		memset(sn_ptr->serial_num, 0x20, CTL_SN_LEN);
9686
9687	ctl_set_success(ctsio);
9688	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9689	ctsio->be_move_done = ctl_config_move_done;
9690	ctl_datamove((union ctl_io *)ctsio);
9691	return (CTL_RETVAL_COMPLETE);
9692}
9693
9694
9695/*
9696 * SCSI VPD page 0x86, the Extended INQUIRY Data page.
9697 */
9698static int
9699ctl_inquiry_evpd_eid(struct ctl_scsiio *ctsio, int alloc_len)
9700{
9701	struct scsi_vpd_extended_inquiry_data *eid_ptr;
9702	struct ctl_lun *lun;
9703	int data_len;
9704
9705	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9706
9707	data_len = sizeof(struct scsi_vpd_extended_inquiry_data);
9708	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9709	eid_ptr = (struct scsi_vpd_extended_inquiry_data *)ctsio->kern_data_ptr;
9710	ctsio->kern_sg_entries = 0;
9711
9712	if (data_len < alloc_len) {
9713		ctsio->residual = alloc_len - data_len;
9714		ctsio->kern_data_len = data_len;
9715		ctsio->kern_total_len = data_len;
9716	} else {
9717		ctsio->residual = 0;
9718		ctsio->kern_data_len = alloc_len;
9719		ctsio->kern_total_len = alloc_len;
9720	}
9721	ctsio->kern_data_resid = 0;
9722	ctsio->kern_rel_offset = 0;
9723	ctsio->kern_sg_entries = 0;
9724
9725	/*
9726	 * The control device is always connected.  The disk device, on the
9727	 * other hand, may not be online all the time.
9728	 */
9729	if (lun != NULL)
9730		eid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9731				     lun->be_lun->lun_type;
9732	else
9733		eid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9734	eid_ptr->page_code = SVPD_EXTENDED_INQUIRY_DATA;
9735	scsi_ulto2b(data_len - 4, eid_ptr->page_length);
9736	/*
9737	 * We support head of queue, ordered and simple tags.
9738	 */
9739	eid_ptr->flags2 = SVPD_EID_HEADSUP | SVPD_EID_ORDSUP | SVPD_EID_SIMPSUP;
9740	/*
9741	 * Volatile cache supported.
9742	 */
9743	eid_ptr->flags3 = SVPD_EID_V_SUP;
9744
9745	/*
9746	 * This means that we clear the REPORTED LUNS DATA HAS CHANGED unit
9747	 * attention for a particular IT nexus on all LUNs once we report
9748	 * it to that nexus once.  This bit is required as of SPC-4.
9749	 */
9750	eid_ptr->flags4 = SVPD_EID_LUICLT;
9751
9752	/*
9753	 * XXX KDM in order to correctly answer this, we would need
9754	 * information from the SIM to determine how much sense data it
9755	 * can send.  So this would really be a path inquiry field, most
9756	 * likely.  This can be set to a maximum of 252 according to SPC-4,
9757	 * but the hardware may or may not be able to support that much.
9758	 * 0 just means that the maximum sense data length is not reported.
9759	 */
9760	eid_ptr->max_sense_length = 0;
9761
9762	ctl_set_success(ctsio);
9763	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9764	ctsio->be_move_done = ctl_config_move_done;
9765	ctl_datamove((union ctl_io *)ctsio);
9766	return (CTL_RETVAL_COMPLETE);
9767}
9768
9769static int
9770ctl_inquiry_evpd_mpp(struct ctl_scsiio *ctsio, int alloc_len)
9771{
9772	struct scsi_vpd_mode_page_policy *mpp_ptr;
9773	struct ctl_lun *lun;
9774	int data_len;
9775
9776	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9777
9778	data_len = sizeof(struct scsi_vpd_mode_page_policy) +
9779	    sizeof(struct scsi_vpd_mode_page_policy_descr);
9780
9781	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9782	mpp_ptr = (struct scsi_vpd_mode_page_policy *)ctsio->kern_data_ptr;
9783	ctsio->kern_sg_entries = 0;
9784
9785	if (data_len < alloc_len) {
9786		ctsio->residual = alloc_len - data_len;
9787		ctsio->kern_data_len = data_len;
9788		ctsio->kern_total_len = data_len;
9789	} else {
9790		ctsio->residual = 0;
9791		ctsio->kern_data_len = alloc_len;
9792		ctsio->kern_total_len = alloc_len;
9793	}
9794	ctsio->kern_data_resid = 0;
9795	ctsio->kern_rel_offset = 0;
9796	ctsio->kern_sg_entries = 0;
9797
9798	/*
9799	 * The control device is always connected.  The disk device, on the
9800	 * other hand, may not be online all the time.
9801	 */
9802	if (lun != NULL)
9803		mpp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9804				     lun->be_lun->lun_type;
9805	else
9806		mpp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9807	mpp_ptr->page_code = SVPD_MODE_PAGE_POLICY;
9808	scsi_ulto2b(data_len - 4, mpp_ptr->page_length);
9809	mpp_ptr->descr[0].page_code = 0x3f;
9810	mpp_ptr->descr[0].subpage_code = 0xff;
9811	mpp_ptr->descr[0].policy = SVPD_MPP_SHARED;
9812
9813	ctl_set_success(ctsio);
9814	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9815	ctsio->be_move_done = ctl_config_move_done;
9816	ctl_datamove((union ctl_io *)ctsio);
9817	return (CTL_RETVAL_COMPLETE);
9818}
9819
9820/*
9821 * SCSI VPD page 0x83, the Device Identification page.
9822 */
9823static int
9824ctl_inquiry_evpd_devid(struct ctl_scsiio *ctsio, int alloc_len)
9825{
9826	struct scsi_vpd_device_id *devid_ptr;
9827	struct scsi_vpd_id_descriptor *desc;
9828	struct ctl_softc *softc;
9829	struct ctl_lun *lun;
9830	struct ctl_port *port;
9831	int data_len;
9832	uint8_t proto;
9833
9834	softc = control_softc;
9835
9836	port = ctl_io_port(&ctsio->io_hdr);
9837	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9838
9839	data_len = sizeof(struct scsi_vpd_device_id) +
9840	    sizeof(struct scsi_vpd_id_descriptor) +
9841		sizeof(struct scsi_vpd_id_rel_trgt_port_id) +
9842	    sizeof(struct scsi_vpd_id_descriptor) +
9843		sizeof(struct scsi_vpd_id_trgt_port_grp_id);
9844	if (lun && lun->lun_devid)
9845		data_len += lun->lun_devid->len;
9846	if (port && port->port_devid)
9847		data_len += port->port_devid->len;
9848	if (port && port->target_devid)
9849		data_len += port->target_devid->len;
9850
9851	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9852	devid_ptr = (struct scsi_vpd_device_id *)ctsio->kern_data_ptr;
9853	ctsio->kern_sg_entries = 0;
9854
9855	if (data_len < alloc_len) {
9856		ctsio->residual = alloc_len - data_len;
9857		ctsio->kern_data_len = data_len;
9858		ctsio->kern_total_len = data_len;
9859	} else {
9860		ctsio->residual = 0;
9861		ctsio->kern_data_len = alloc_len;
9862		ctsio->kern_total_len = alloc_len;
9863	}
9864	ctsio->kern_data_resid = 0;
9865	ctsio->kern_rel_offset = 0;
9866	ctsio->kern_sg_entries = 0;
9867
9868	/*
9869	 * The control device is always connected.  The disk device, on the
9870	 * other hand, may not be online all the time.
9871	 */
9872	if (lun != NULL)
9873		devid_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
9874				     lun->be_lun->lun_type;
9875	else
9876		devid_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
9877	devid_ptr->page_code = SVPD_DEVICE_ID;
9878	scsi_ulto2b(data_len - 4, devid_ptr->length);
9879
9880	if (port && port->port_type == CTL_PORT_FC)
9881		proto = SCSI_PROTO_FC << 4;
9882	else if (port && port->port_type == CTL_PORT_ISCSI)
9883		proto = SCSI_PROTO_ISCSI << 4;
9884	else
9885		proto = SCSI_PROTO_SPI << 4;
9886	desc = (struct scsi_vpd_id_descriptor *)devid_ptr->desc_list;
9887
9888	/*
9889	 * We're using a LUN association here.  i.e., this device ID is a
9890	 * per-LUN identifier.
9891	 */
9892	if (lun && lun->lun_devid) {
9893		memcpy(desc, lun->lun_devid->data, lun->lun_devid->len);
9894		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9895		    lun->lun_devid->len);
9896	}
9897
9898	/*
9899	 * This is for the WWPN which is a port association.
9900	 */
9901	if (port && port->port_devid) {
9902		memcpy(desc, port->port_devid->data, port->port_devid->len);
9903		desc = (struct scsi_vpd_id_descriptor *)((uint8_t *)desc +
9904		    port->port_devid->len);
9905	}
9906
9907	/*
9908	 * This is for the Relative Target Port(type 4h) identifier
9909	 */
9910	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9911	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9912	    SVPD_ID_TYPE_RELTARG;
9913	desc->length = 4;
9914	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port, &desc->identifier[2]);
9915	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9916	    sizeof(struct scsi_vpd_id_rel_trgt_port_id));
9917
9918	/*
9919	 * This is for the Target Port Group(type 5h) identifier
9920	 */
9921	desc->proto_codeset = proto | SVPD_ID_CODESET_BINARY;
9922	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
9923	    SVPD_ID_TYPE_TPORTGRP;
9924	desc->length = 4;
9925	scsi_ulto2b(ctsio->io_hdr.nexus.targ_port / softc->port_cnt + 1,
9926	    &desc->identifier[2]);
9927	desc = (struct scsi_vpd_id_descriptor *)(&desc->identifier[0] +
9928	    sizeof(struct scsi_vpd_id_trgt_port_grp_id));
9929
9930	/*
9931	 * This is for the Target identifier
9932	 */
9933	if (port && port->target_devid) {
9934		memcpy(desc, port->target_devid->data, port->target_devid->len);
9935	}
9936
9937	ctl_set_success(ctsio);
9938	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
9939	ctsio->be_move_done = ctl_config_move_done;
9940	ctl_datamove((union ctl_io *)ctsio);
9941	return (CTL_RETVAL_COMPLETE);
9942}
9943
9944static int
9945ctl_inquiry_evpd_scsi_ports(struct ctl_scsiio *ctsio, int alloc_len)
9946{
9947	struct ctl_softc *softc = control_softc;
9948	struct scsi_vpd_scsi_ports *sp;
9949	struct scsi_vpd_port_designation *pd;
9950	struct scsi_vpd_port_designation_cont *pdc;
9951	struct ctl_lun *lun;
9952	struct ctl_port *port;
9953	int data_len, num_target_ports, iid_len, id_len;
9954
9955	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
9956
9957	num_target_ports = 0;
9958	iid_len = 0;
9959	id_len = 0;
9960	mtx_lock(&softc->ctl_lock);
9961	STAILQ_FOREACH(port, &softc->port_list, links) {
9962		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
9963			continue;
9964		if (lun != NULL &&
9965		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
9966			continue;
9967		num_target_ports++;
9968		if (port->init_devid)
9969			iid_len += port->init_devid->len;
9970		if (port->port_devid)
9971			id_len += port->port_devid->len;
9972	}
9973	mtx_unlock(&softc->ctl_lock);
9974
9975	data_len = sizeof(struct scsi_vpd_scsi_ports) +
9976	    num_target_ports * (sizeof(struct scsi_vpd_port_designation) +
9977	     sizeof(struct scsi_vpd_port_designation_cont)) + iid_len + id_len;
9978	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
9979	sp = (struct scsi_vpd_scsi_ports *)ctsio->kern_data_ptr;
9980	ctsio->kern_sg_entries = 0;
9981
9982	if (data_len < alloc_len) {
9983		ctsio->residual = alloc_len - data_len;
9984		ctsio->kern_data_len = data_len;
9985		ctsio->kern_total_len = data_len;
9986	} else {
9987		ctsio->residual = 0;
9988		ctsio->kern_data_len = alloc_len;
9989		ctsio->kern_total_len = alloc_len;
9990	}
9991	ctsio->kern_data_resid = 0;
9992	ctsio->kern_rel_offset = 0;
9993	ctsio->kern_sg_entries = 0;
9994
9995	/*
9996	 * The control device is always connected.  The disk device, on the
9997	 * other hand, may not be online all the time.  Need to change this
9998	 * to figure out whether the disk device is actually online or not.
9999	 */
10000	if (lun != NULL)
10001		sp->device = (SID_QUAL_LU_CONNECTED << 5) |
10002				  lun->be_lun->lun_type;
10003	else
10004		sp->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10005
10006	sp->page_code = SVPD_SCSI_PORTS;
10007	scsi_ulto2b(data_len - sizeof(struct scsi_vpd_scsi_ports),
10008	    sp->page_length);
10009	pd = &sp->design[0];
10010
10011	mtx_lock(&softc->ctl_lock);
10012	STAILQ_FOREACH(port, &softc->port_list, links) {
10013		if ((port->status & CTL_PORT_STATUS_ONLINE) == 0)
10014			continue;
10015		if (lun != NULL &&
10016		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
10017			continue;
10018		scsi_ulto2b(port->targ_port, pd->relative_port_id);
10019		if (port->init_devid) {
10020			iid_len = port->init_devid->len;
10021			memcpy(pd->initiator_transportid,
10022			    port->init_devid->data, port->init_devid->len);
10023		} else
10024			iid_len = 0;
10025		scsi_ulto2b(iid_len, pd->initiator_transportid_length);
10026		pdc = (struct scsi_vpd_port_designation_cont *)
10027		    (&pd->initiator_transportid[iid_len]);
10028		if (port->port_devid) {
10029			id_len = port->port_devid->len;
10030			memcpy(pdc->target_port_descriptors,
10031			    port->port_devid->data, port->port_devid->len);
10032		} else
10033			id_len = 0;
10034		scsi_ulto2b(id_len, pdc->target_port_descriptors_length);
10035		pd = (struct scsi_vpd_port_designation *)
10036		    ((uint8_t *)pdc->target_port_descriptors + id_len);
10037	}
10038	mtx_unlock(&softc->ctl_lock);
10039
10040	ctl_set_success(ctsio);
10041	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10042	ctsio->be_move_done = ctl_config_move_done;
10043	ctl_datamove((union ctl_io *)ctsio);
10044	return (CTL_RETVAL_COMPLETE);
10045}
10046
10047static int
10048ctl_inquiry_evpd_block_limits(struct ctl_scsiio *ctsio, int alloc_len)
10049{
10050	struct scsi_vpd_block_limits *bl_ptr;
10051	struct ctl_lun *lun;
10052
10053	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10054
10055	ctsio->kern_data_ptr = malloc(sizeof(*bl_ptr), M_CTL, M_WAITOK | M_ZERO);
10056	bl_ptr = (struct scsi_vpd_block_limits *)ctsio->kern_data_ptr;
10057	ctsio->kern_sg_entries = 0;
10058
10059	if (sizeof(*bl_ptr) < alloc_len) {
10060		ctsio->residual = alloc_len - sizeof(*bl_ptr);
10061		ctsio->kern_data_len = sizeof(*bl_ptr);
10062		ctsio->kern_total_len = sizeof(*bl_ptr);
10063	} else {
10064		ctsio->residual = 0;
10065		ctsio->kern_data_len = alloc_len;
10066		ctsio->kern_total_len = alloc_len;
10067	}
10068	ctsio->kern_data_resid = 0;
10069	ctsio->kern_rel_offset = 0;
10070	ctsio->kern_sg_entries = 0;
10071
10072	/*
10073	 * The control device is always connected.  The disk device, on the
10074	 * other hand, may not be online all the time.  Need to change this
10075	 * to figure out whether the disk device is actually online or not.
10076	 */
10077	if (lun != NULL)
10078		bl_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10079				  lun->be_lun->lun_type;
10080	else
10081		bl_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10082
10083	bl_ptr->page_code = SVPD_BLOCK_LIMITS;
10084	scsi_ulto2b(sizeof(*bl_ptr) - 4, bl_ptr->page_length);
10085	bl_ptr->max_cmp_write_len = 0xff;
10086	scsi_ulto4b(0xffffffff, bl_ptr->max_txfer_len);
10087	if (lun != NULL) {
10088		scsi_ulto4b(lun->be_lun->opttxferlen, bl_ptr->opt_txfer_len);
10089		if (lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10090			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_lba_cnt);
10091			scsi_ulto4b(0xffffffff, bl_ptr->max_unmap_blk_cnt);
10092			if (lun->be_lun->ublockexp != 0) {
10093				scsi_ulto4b((1 << lun->be_lun->ublockexp),
10094				    bl_ptr->opt_unmap_grain);
10095				scsi_ulto4b(0x80000000 | lun->be_lun->ublockoff,
10096				    bl_ptr->unmap_grain_align);
10097			}
10098		}
10099		scsi_ulto4b(lun->be_lun->atomicblock,
10100		    bl_ptr->max_atomic_transfer_length);
10101		scsi_ulto4b(0, bl_ptr->atomic_alignment);
10102		scsi_ulto4b(0, bl_ptr->atomic_transfer_length_granularity);
10103		scsi_ulto4b(0, bl_ptr->max_atomic_transfer_length_with_atomic_boundary);
10104		scsi_ulto4b(0, bl_ptr->max_atomic_boundary_size);
10105	}
10106	scsi_u64to8b(UINT64_MAX, bl_ptr->max_write_same_length);
10107
10108	ctl_set_success(ctsio);
10109	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10110	ctsio->be_move_done = ctl_config_move_done;
10111	ctl_datamove((union ctl_io *)ctsio);
10112	return (CTL_RETVAL_COMPLETE);
10113}
10114
10115static int
10116ctl_inquiry_evpd_bdc(struct ctl_scsiio *ctsio, int alloc_len)
10117{
10118	struct scsi_vpd_block_device_characteristics *bdc_ptr;
10119	struct ctl_lun *lun;
10120	const char *value;
10121	u_int i;
10122
10123	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10124
10125	ctsio->kern_data_ptr = malloc(sizeof(*bdc_ptr), M_CTL, M_WAITOK | M_ZERO);
10126	bdc_ptr = (struct scsi_vpd_block_device_characteristics *)ctsio->kern_data_ptr;
10127	ctsio->kern_sg_entries = 0;
10128
10129	if (sizeof(*bdc_ptr) < alloc_len) {
10130		ctsio->residual = alloc_len - sizeof(*bdc_ptr);
10131		ctsio->kern_data_len = sizeof(*bdc_ptr);
10132		ctsio->kern_total_len = sizeof(*bdc_ptr);
10133	} else {
10134		ctsio->residual = 0;
10135		ctsio->kern_data_len = alloc_len;
10136		ctsio->kern_total_len = alloc_len;
10137	}
10138	ctsio->kern_data_resid = 0;
10139	ctsio->kern_rel_offset = 0;
10140	ctsio->kern_sg_entries = 0;
10141
10142	/*
10143	 * The control device is always connected.  The disk device, on the
10144	 * other hand, may not be online all the time.  Need to change this
10145	 * to figure out whether the disk device is actually online or not.
10146	 */
10147	if (lun != NULL)
10148		bdc_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10149				  lun->be_lun->lun_type;
10150	else
10151		bdc_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10152	bdc_ptr->page_code = SVPD_BDC;
10153	scsi_ulto2b(sizeof(*bdc_ptr) - 4, bdc_ptr->page_length);
10154	if (lun != NULL &&
10155	    (value = ctl_get_opt(&lun->be_lun->options, "rpm")) != NULL)
10156		i = strtol(value, NULL, 0);
10157	else
10158		i = CTL_DEFAULT_ROTATION_RATE;
10159	scsi_ulto2b(i, bdc_ptr->medium_rotation_rate);
10160	if (lun != NULL &&
10161	    (value = ctl_get_opt(&lun->be_lun->options, "formfactor")) != NULL)
10162		i = strtol(value, NULL, 0);
10163	else
10164		i = 0;
10165	bdc_ptr->wab_wac_ff = (i & 0x0f);
10166	bdc_ptr->flags = SVPD_FUAB | SVPD_VBULS;
10167
10168	ctl_set_success(ctsio);
10169	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10170	ctsio->be_move_done = ctl_config_move_done;
10171	ctl_datamove((union ctl_io *)ctsio);
10172	return (CTL_RETVAL_COMPLETE);
10173}
10174
10175static int
10176ctl_inquiry_evpd_lbp(struct ctl_scsiio *ctsio, int alloc_len)
10177{
10178	struct scsi_vpd_logical_block_prov *lbp_ptr;
10179	struct ctl_lun *lun;
10180
10181	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10182
10183	ctsio->kern_data_ptr = malloc(sizeof(*lbp_ptr), M_CTL, M_WAITOK | M_ZERO);
10184	lbp_ptr = (struct scsi_vpd_logical_block_prov *)ctsio->kern_data_ptr;
10185	ctsio->kern_sg_entries = 0;
10186
10187	if (sizeof(*lbp_ptr) < alloc_len) {
10188		ctsio->residual = alloc_len - sizeof(*lbp_ptr);
10189		ctsio->kern_data_len = sizeof(*lbp_ptr);
10190		ctsio->kern_total_len = sizeof(*lbp_ptr);
10191	} else {
10192		ctsio->residual = 0;
10193		ctsio->kern_data_len = alloc_len;
10194		ctsio->kern_total_len = alloc_len;
10195	}
10196	ctsio->kern_data_resid = 0;
10197	ctsio->kern_rel_offset = 0;
10198	ctsio->kern_sg_entries = 0;
10199
10200	/*
10201	 * The control device is always connected.  The disk device, on the
10202	 * other hand, may not be online all the time.  Need to change this
10203	 * to figure out whether the disk device is actually online or not.
10204	 */
10205	if (lun != NULL)
10206		lbp_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10207				  lun->be_lun->lun_type;
10208	else
10209		lbp_ptr->device = (SID_QUAL_LU_OFFLINE << 5) | T_DIRECT;
10210
10211	lbp_ptr->page_code = SVPD_LBP;
10212	scsi_ulto2b(sizeof(*lbp_ptr) - 4, lbp_ptr->page_length);
10213	lbp_ptr->threshold_exponent = CTL_LBP_EXPONENT;
10214	if (lun != NULL && lun->be_lun->flags & CTL_LUN_FLAG_UNMAP) {
10215		lbp_ptr->flags = SVPD_LBP_UNMAP | SVPD_LBP_WS16 |
10216		    SVPD_LBP_WS10 | SVPD_LBP_RZ | SVPD_LBP_ANC_SUP;
10217		lbp_ptr->prov_type = SVPD_LBP_THIN;
10218	}
10219
10220	ctl_set_success(ctsio);
10221	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10222	ctsio->be_move_done = ctl_config_move_done;
10223	ctl_datamove((union ctl_io *)ctsio);
10224	return (CTL_RETVAL_COMPLETE);
10225}
10226
10227/*
10228 * INQUIRY with the EVPD bit set.
10229 */
10230static int
10231ctl_inquiry_evpd(struct ctl_scsiio *ctsio)
10232{
10233	struct ctl_lun *lun;
10234	struct scsi_inquiry *cdb;
10235	int alloc_len, retval;
10236
10237	lun = (struct ctl_lun *)ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10238	cdb = (struct scsi_inquiry *)ctsio->cdb;
10239	alloc_len = scsi_2btoul(cdb->length);
10240
10241	switch (cdb->page_code) {
10242	case SVPD_SUPPORTED_PAGES:
10243		retval = ctl_inquiry_evpd_supported(ctsio, alloc_len);
10244		break;
10245	case SVPD_UNIT_SERIAL_NUMBER:
10246		retval = ctl_inquiry_evpd_serial(ctsio, alloc_len);
10247		break;
10248	case SVPD_DEVICE_ID:
10249		retval = ctl_inquiry_evpd_devid(ctsio, alloc_len);
10250		break;
10251	case SVPD_EXTENDED_INQUIRY_DATA:
10252		retval = ctl_inquiry_evpd_eid(ctsio, alloc_len);
10253		break;
10254	case SVPD_MODE_PAGE_POLICY:
10255		retval = ctl_inquiry_evpd_mpp(ctsio, alloc_len);
10256		break;
10257	case SVPD_SCSI_PORTS:
10258		retval = ctl_inquiry_evpd_scsi_ports(ctsio, alloc_len);
10259		break;
10260	case SVPD_SCSI_TPC:
10261		retval = ctl_inquiry_evpd_tpc(ctsio, alloc_len);
10262		break;
10263	case SVPD_BLOCK_LIMITS:
10264		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10265			goto err;
10266		retval = ctl_inquiry_evpd_block_limits(ctsio, alloc_len);
10267		break;
10268	case SVPD_BDC:
10269		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10270			goto err;
10271		retval = ctl_inquiry_evpd_bdc(ctsio, alloc_len);
10272		break;
10273	case SVPD_LBP:
10274		if (lun == NULL || lun->be_lun->lun_type != T_DIRECT)
10275			goto err;
10276		retval = ctl_inquiry_evpd_lbp(ctsio, alloc_len);
10277		break;
10278	default:
10279err:
10280		ctl_set_invalid_field(ctsio,
10281				      /*sks_valid*/ 1,
10282				      /*command*/ 1,
10283				      /*field*/ 2,
10284				      /*bit_valid*/ 0,
10285				      /*bit*/ 0);
10286		ctl_done((union ctl_io *)ctsio);
10287		retval = CTL_RETVAL_COMPLETE;
10288		break;
10289	}
10290
10291	return (retval);
10292}
10293
10294/*
10295 * Standard INQUIRY data.
10296 */
10297static int
10298ctl_inquiry_std(struct ctl_scsiio *ctsio)
10299{
10300	struct scsi_inquiry_data *inq_ptr;
10301	struct scsi_inquiry *cdb;
10302	struct ctl_softc *softc = control_softc;
10303	struct ctl_port *port;
10304	struct ctl_lun *lun;
10305	char *val;
10306	uint32_t alloc_len, data_len;
10307	ctl_port_type port_type;
10308
10309	port = ctl_io_port(&ctsio->io_hdr);
10310	port_type = port->port_type;
10311	if (port_type == CTL_PORT_IOCTL || port_type == CTL_PORT_INTERNAL)
10312		port_type = CTL_PORT_SCSI;
10313
10314	lun = ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
10315	cdb = (struct scsi_inquiry *)ctsio->cdb;
10316	alloc_len = scsi_2btoul(cdb->length);
10317
10318	/*
10319	 * We malloc the full inquiry data size here and fill it
10320	 * in.  If the user only asks for less, we'll give him
10321	 * that much.
10322	 */
10323	data_len = offsetof(struct scsi_inquiry_data, vendor_specific1);
10324	ctsio->kern_data_ptr = malloc(data_len, M_CTL, M_WAITOK | M_ZERO);
10325	inq_ptr = (struct scsi_inquiry_data *)ctsio->kern_data_ptr;
10326	ctsio->kern_sg_entries = 0;
10327	ctsio->kern_data_resid = 0;
10328	ctsio->kern_rel_offset = 0;
10329
10330	if (data_len < alloc_len) {
10331		ctsio->residual = alloc_len - data_len;
10332		ctsio->kern_data_len = data_len;
10333		ctsio->kern_total_len = data_len;
10334	} else {
10335		ctsio->residual = 0;
10336		ctsio->kern_data_len = alloc_len;
10337		ctsio->kern_total_len = alloc_len;
10338	}
10339
10340	if (lun != NULL) {
10341		if ((lun->flags & CTL_LUN_PRIMARY_SC) ||
10342		    softc->ha_link >= CTL_HA_LINK_UNKNOWN) {
10343			inq_ptr->device = (SID_QUAL_LU_CONNECTED << 5) |
10344			    lun->be_lun->lun_type;
10345		} else {
10346			inq_ptr->device = (SID_QUAL_LU_OFFLINE << 5) |
10347			    lun->be_lun->lun_type;
10348		}
10349	} else
10350		inq_ptr->device = (SID_QUAL_BAD_LU << 5) | T_NODEVICE;
10351
10352	/* RMB in byte 2 is 0 */
10353	inq_ptr->version = SCSI_REV_SPC4;
10354
10355	/*
10356	 * According to SAM-3, even if a device only supports a single
10357	 * level of LUN addressing, it should still set the HISUP bit:
10358	 *
10359	 * 4.9.1 Logical unit numbers overview
10360	 *
10361	 * All logical unit number formats described in this standard are
10362	 * hierarchical in structure even when only a single level in that
10363	 * hierarchy is used. The HISUP bit shall be set to one in the
10364	 * standard INQUIRY data (see SPC-2) when any logical unit number
10365	 * format described in this standard is used.  Non-hierarchical
10366	 * formats are outside the scope of this standard.
10367	 *
10368	 * Therefore we set the HiSup bit here.
10369	 *
10370	 * The reponse format is 2, per SPC-3.
10371	 */
10372	inq_ptr->response_format = SID_HiSup | 2;
10373
10374	inq_ptr->additional_length = data_len -
10375	    (offsetof(struct scsi_inquiry_data, additional_length) + 1);
10376	CTL_DEBUG_PRINT(("additional_length = %d\n",
10377			 inq_ptr->additional_length));
10378
10379	inq_ptr->spc3_flags = SPC3_SID_3PC | SPC3_SID_TPGS_IMPLICIT;
10380	/* 16 bit addressing */
10381	if (port_type == CTL_PORT_SCSI)
10382		inq_ptr->spc2_flags = SPC2_SID_ADDR16;
10383	/* XXX set the SID_MultiP bit here if we're actually going to
10384	   respond on multiple ports */
10385	inq_ptr->spc2_flags |= SPC2_SID_MultiP;
10386
10387	/* 16 bit data bus, synchronous transfers */
10388	if (port_type == CTL_PORT_SCSI)
10389		inq_ptr->flags = SID_WBus16 | SID_Sync;
10390	/*
10391	 * XXX KDM do we want to support tagged queueing on the control
10392	 * device at all?
10393	 */
10394	if ((lun == NULL)
10395	 || (lun->be_lun->lun_type != T_PROCESSOR))
10396		inq_ptr->flags |= SID_CmdQue;
10397	/*
10398	 * Per SPC-3, unused bytes in ASCII strings are filled with spaces.
10399	 * We have 8 bytes for the vendor name, and 16 bytes for the device
10400	 * name and 4 bytes for the revision.
10401	 */
10402	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10403	    "vendor")) == NULL) {
10404		strncpy(inq_ptr->vendor, CTL_VENDOR, sizeof(inq_ptr->vendor));
10405	} else {
10406		memset(inq_ptr->vendor, ' ', sizeof(inq_ptr->vendor));
10407		strncpy(inq_ptr->vendor, val,
10408		    min(sizeof(inq_ptr->vendor), strlen(val)));
10409	}
10410	if (lun == NULL) {
10411		strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10412		    sizeof(inq_ptr->product));
10413	} else if ((val = ctl_get_opt(&lun->be_lun->options, "product")) == NULL) {
10414		switch (lun->be_lun->lun_type) {
10415		case T_DIRECT:
10416			strncpy(inq_ptr->product, CTL_DIRECT_PRODUCT,
10417			    sizeof(inq_ptr->product));
10418			break;
10419		case T_PROCESSOR:
10420			strncpy(inq_ptr->product, CTL_PROCESSOR_PRODUCT,
10421			    sizeof(inq_ptr->product));
10422			break;
10423		default:
10424			strncpy(inq_ptr->product, CTL_UNKNOWN_PRODUCT,
10425			    sizeof(inq_ptr->product));
10426			break;
10427		}
10428	} else {
10429		memset(inq_ptr->product, ' ', sizeof(inq_ptr->product));
10430		strncpy(inq_ptr->product, val,
10431		    min(sizeof(inq_ptr->product), strlen(val)));
10432	}
10433
10434	/*
10435	 * XXX make this a macro somewhere so it automatically gets
10436	 * incremented when we make changes.
10437	 */
10438	if (lun == NULL || (val = ctl_get_opt(&lun->be_lun->options,
10439	    "revision")) == NULL) {
10440		strncpy(inq_ptr->revision, "0001", sizeof(inq_ptr->revision));
10441	} else {
10442		memset(inq_ptr->revision, ' ', sizeof(inq_ptr->revision));
10443		strncpy(inq_ptr->revision, val,
10444		    min(sizeof(inq_ptr->revision), strlen(val)));
10445	}
10446
10447	/*
10448	 * For parallel SCSI, we support double transition and single
10449	 * transition clocking.  We also support QAS (Quick Arbitration
10450	 * and Selection) and Information Unit transfers on both the
10451	 * control and array devices.
10452	 */
10453	if (port_type == CTL_PORT_SCSI)
10454		inq_ptr->spi3data = SID_SPI_CLOCK_DT_ST | SID_SPI_QAS |
10455				    SID_SPI_IUS;
10456
10457	/* SAM-5 (no version claimed) */
10458	scsi_ulto2b(0x00A0, inq_ptr->version1);
10459	/* SPC-4 (no version claimed) */
10460	scsi_ulto2b(0x0460, inq_ptr->version2);
10461	if (port_type == CTL_PORT_FC) {
10462		/* FCP-2 ANSI INCITS.350:2003 */
10463		scsi_ulto2b(0x0917, inq_ptr->version3);
10464	} else if (port_type == CTL_PORT_SCSI) {
10465		/* SPI-4 ANSI INCITS.362:200x */
10466		scsi_ulto2b(0x0B56, inq_ptr->version3);
10467	} else if (port_type == CTL_PORT_ISCSI) {
10468		/* iSCSI (no version claimed) */
10469		scsi_ulto2b(0x0960, inq_ptr->version3);
10470	} else if (port_type == CTL_PORT_SAS) {
10471		/* SAS (no version claimed) */
10472		scsi_ulto2b(0x0BE0, inq_ptr->version3);
10473	}
10474
10475	if (lun == NULL) {
10476		/* SBC-4 (no version claimed) */
10477		scsi_ulto2b(0x0600, inq_ptr->version4);
10478	} else {
10479		switch (lun->be_lun->lun_type) {
10480		case T_DIRECT:
10481			/* SBC-4 (no version claimed) */
10482			scsi_ulto2b(0x0600, inq_ptr->version4);
10483			break;
10484		case T_PROCESSOR:
10485		default:
10486			break;
10487		}
10488	}
10489
10490	ctl_set_success(ctsio);
10491	ctsio->io_hdr.flags |= CTL_FLAG_ALLOCATED;
10492	ctsio->be_move_done = ctl_config_move_done;
10493	ctl_datamove((union ctl_io *)ctsio);
10494	return (CTL_RETVAL_COMPLETE);
10495}
10496
10497int
10498ctl_inquiry(struct ctl_scsiio *ctsio)
10499{
10500	struct scsi_inquiry *cdb;
10501	int retval;
10502
10503	CTL_DEBUG_PRINT(("ctl_inquiry\n"));
10504
10505	cdb = (struct scsi_inquiry *)ctsio->cdb;
10506	if (cdb->byte2 & SI_EVPD)
10507		retval = ctl_inquiry_evpd(ctsio);
10508	else if (cdb->page_code == 0)
10509		retval = ctl_inquiry_std(ctsio);
10510	else {
10511		ctl_set_invalid_field(ctsio,
10512				      /*sks_valid*/ 1,
10513				      /*command*/ 1,
10514				      /*field*/ 2,
10515				      /*bit_valid*/ 0,
10516				      /*bit*/ 0);
10517		ctl_done((union ctl_io *)ctsio);
10518		return (CTL_RETVAL_COMPLETE);
10519	}
10520
10521	return (retval);
10522}
10523
10524/*
10525 * For known CDB types, parse the LBA and length.
10526 */
10527static int
10528ctl_get_lba_len(union ctl_io *io, uint64_t *lba, uint64_t *len)
10529{
10530	if (io->io_hdr.io_type != CTL_IO_SCSI)
10531		return (1);
10532
10533	switch (io->scsiio.cdb[0]) {
10534	case COMPARE_AND_WRITE: {
10535		struct scsi_compare_and_write *cdb;
10536
10537		cdb = (struct scsi_compare_and_write *)io->scsiio.cdb;
10538
10539		*lba = scsi_8btou64(cdb->addr);
10540		*len = cdb->length;
10541		break;
10542	}
10543	case READ_6:
10544	case WRITE_6: {
10545		struct scsi_rw_6 *cdb;
10546
10547		cdb = (struct scsi_rw_6 *)io->scsiio.cdb;
10548
10549		*lba = scsi_3btoul(cdb->addr);
10550		/* only 5 bits are valid in the most significant address byte */
10551		*lba &= 0x1fffff;
10552		*len = cdb->length;
10553		break;
10554	}
10555	case READ_10:
10556	case WRITE_10: {
10557		struct scsi_rw_10 *cdb;
10558
10559		cdb = (struct scsi_rw_10 *)io->scsiio.cdb;
10560
10561		*lba = scsi_4btoul(cdb->addr);
10562		*len = scsi_2btoul(cdb->length);
10563		break;
10564	}
10565	case WRITE_VERIFY_10: {
10566		struct scsi_write_verify_10 *cdb;
10567
10568		cdb = (struct scsi_write_verify_10 *)io->scsiio.cdb;
10569
10570		*lba = scsi_4btoul(cdb->addr);
10571		*len = scsi_2btoul(cdb->length);
10572		break;
10573	}
10574	case READ_12:
10575	case WRITE_12: {
10576		struct scsi_rw_12 *cdb;
10577
10578		cdb = (struct scsi_rw_12 *)io->scsiio.cdb;
10579
10580		*lba = scsi_4btoul(cdb->addr);
10581		*len = scsi_4btoul(cdb->length);
10582		break;
10583	}
10584	case WRITE_VERIFY_12: {
10585		struct scsi_write_verify_12 *cdb;
10586
10587		cdb = (struct scsi_write_verify_12 *)io->scsiio.cdb;
10588
10589		*lba = scsi_4btoul(cdb->addr);
10590		*len = scsi_4btoul(cdb->length);
10591		break;
10592	}
10593	case READ_16:
10594	case WRITE_16: {
10595		struct scsi_rw_16 *cdb;
10596
10597		cdb = (struct scsi_rw_16 *)io->scsiio.cdb;
10598
10599		*lba = scsi_8btou64(cdb->addr);
10600		*len = scsi_4btoul(cdb->length);
10601		break;
10602	}
10603	case WRITE_ATOMIC_16: {
10604		struct scsi_write_atomic_16 *cdb;
10605
10606		cdb = (struct scsi_write_atomic_16 *)io->scsiio.cdb;
10607
10608		*lba = scsi_8btou64(cdb->addr);
10609		*len = scsi_2btoul(cdb->length);
10610		break;
10611	}
10612	case WRITE_VERIFY_16: {
10613		struct scsi_write_verify_16 *cdb;
10614
10615		cdb = (struct scsi_write_verify_16 *)io->scsiio.cdb;
10616
10617		*lba = scsi_8btou64(cdb->addr);
10618		*len = scsi_4btoul(cdb->length);
10619		break;
10620	}
10621	case WRITE_SAME_10: {
10622		struct scsi_write_same_10 *cdb;
10623
10624		cdb = (struct scsi_write_same_10 *)io->scsiio.cdb;
10625
10626		*lba = scsi_4btoul(cdb->addr);
10627		*len = scsi_2btoul(cdb->length);
10628		break;
10629	}
10630	case WRITE_SAME_16: {
10631		struct scsi_write_same_16 *cdb;
10632
10633		cdb = (struct scsi_write_same_16 *)io->scsiio.cdb;
10634
10635		*lba = scsi_8btou64(cdb->addr);
10636		*len = scsi_4btoul(cdb->length);
10637		break;
10638	}
10639	case VERIFY_10: {
10640		struct scsi_verify_10 *cdb;
10641
10642		cdb = (struct scsi_verify_10 *)io->scsiio.cdb;
10643
10644		*lba = scsi_4btoul(cdb->addr);
10645		*len = scsi_2btoul(cdb->length);
10646		break;
10647	}
10648	case VERIFY_12: {
10649		struct scsi_verify_12 *cdb;
10650
10651		cdb = (struct scsi_verify_12 *)io->scsiio.cdb;
10652
10653		*lba = scsi_4btoul(cdb->addr);
10654		*len = scsi_4btoul(cdb->length);
10655		break;
10656	}
10657	case VERIFY_16: {
10658		struct scsi_verify_16 *cdb;
10659
10660		cdb = (struct scsi_verify_16 *)io->scsiio.cdb;
10661
10662		*lba = scsi_8btou64(cdb->addr);
10663		*len = scsi_4btoul(cdb->length);
10664		break;
10665	}
10666	case UNMAP: {
10667		*lba = 0;
10668		*len = UINT64_MAX;
10669		break;
10670	}
10671	case SERVICE_ACTION_IN: {	/* GET LBA STATUS */
10672		struct scsi_get_lba_status *cdb;
10673
10674		cdb = (struct scsi_get_lba_status *)io->scsiio.cdb;
10675		*lba = scsi_8btou64(cdb->addr);
10676		*len = UINT32_MAX;
10677		break;
10678	}
10679	default:
10680		return (1);
10681		break; /* NOTREACHED */
10682	}
10683
10684	return (0);
10685}
10686
10687static ctl_action
10688ctl_extent_check_lba(uint64_t lba1, uint64_t len1, uint64_t lba2, uint64_t len2,
10689    bool seq)
10690{
10691	uint64_t endlba1, endlba2;
10692
10693	endlba1 = lba1 + len1 - (seq ? 0 : 1);
10694	endlba2 = lba2 + len2 - 1;
10695
10696	if ((endlba1 < lba2) || (endlba2 < lba1))
10697		return (CTL_ACTION_PASS);
10698	else
10699		return (CTL_ACTION_BLOCK);
10700}
10701
10702static int
10703ctl_extent_check_unmap(union ctl_io *io, uint64_t lba2, uint64_t len2)
10704{
10705	struct ctl_ptr_len_flags *ptrlen;
10706	struct scsi_unmap_desc *buf, *end, *range;
10707	uint64_t lba;
10708	uint32_t len;
10709
10710	/* If not UNMAP -- go other way. */
10711	if (io->io_hdr.io_type != CTL_IO_SCSI ||
10712	    io->scsiio.cdb[0] != UNMAP)
10713		return (CTL_ACTION_ERROR);
10714
10715	/* If UNMAP without data -- block and wait for data. */
10716	ptrlen = (struct ctl_ptr_len_flags *)
10717	    &io->io_hdr.ctl_private[CTL_PRIV_LBA_LEN];
10718	if ((io->io_hdr.flags & CTL_FLAG_ALLOCATED) == 0 ||
10719	    ptrlen->ptr == NULL)
10720		return (CTL_ACTION_BLOCK);
10721
10722	/* UNMAP with data -- check for collision. */
10723	buf = (struct scsi_unmap_desc *)ptrlen->ptr;
10724	end = buf + ptrlen->len / sizeof(*buf);
10725	for (range = buf; range < end; range++) {
10726		lba = scsi_8btou64(range->lba);
10727		len = scsi_4btoul(range->length);
10728		if ((lba < lba2 + len2) && (lba + len > lba2))
10729			return (CTL_ACTION_BLOCK);
10730	}
10731	return (CTL_ACTION_PASS);
10732}
10733
10734static ctl_action
10735ctl_extent_check(union ctl_io *io1, union ctl_io *io2, bool seq)
10736{
10737	uint64_t lba1, lba2;
10738	uint64_t len1, len2;
10739	int retval;
10740
10741	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10742		return (CTL_ACTION_ERROR);
10743
10744	retval = ctl_extent_check_unmap(io1, lba2, len2);
10745	if (retval != CTL_ACTION_ERROR)
10746		return (retval);
10747
10748	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10749		return (CTL_ACTION_ERROR);
10750
10751	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10752		seq = FALSE;
10753	return (ctl_extent_check_lba(lba1, len1, lba2, len2, seq));
10754}
10755
10756static ctl_action
10757ctl_extent_check_seq(union ctl_io *io1, union ctl_io *io2)
10758{
10759	uint64_t lba1, lba2;
10760	uint64_t len1, len2;
10761
10762	if (io1->io_hdr.flags & CTL_FLAG_SERSEQ_DONE)
10763		return (CTL_ACTION_PASS);
10764	if (ctl_get_lba_len(io1, &lba1, &len1) != 0)
10765		return (CTL_ACTION_ERROR);
10766	if (ctl_get_lba_len(io2, &lba2, &len2) != 0)
10767		return (CTL_ACTION_ERROR);
10768
10769	if (lba1 + len1 == lba2)
10770		return (CTL_ACTION_BLOCK);
10771	return (CTL_ACTION_PASS);
10772}
10773
10774static ctl_action
10775ctl_check_for_blockage(struct ctl_lun *lun, union ctl_io *pending_io,
10776    union ctl_io *ooa_io)
10777{
10778	const struct ctl_cmd_entry *pending_entry, *ooa_entry;
10779	const ctl_serialize_action *serialize_row;
10780
10781	/*
10782	 * The initiator attempted multiple untagged commands at the same
10783	 * time.  Can't do that.
10784	 */
10785	if ((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10786	 && (ooa_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10787	 && ((pending_io->io_hdr.nexus.targ_port ==
10788	      ooa_io->io_hdr.nexus.targ_port)
10789	  && (pending_io->io_hdr.nexus.initid ==
10790	      ooa_io->io_hdr.nexus.initid))
10791	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10792	      CTL_FLAG_STATUS_SENT)) == 0))
10793		return (CTL_ACTION_OVERLAP);
10794
10795	/*
10796	 * The initiator attempted to send multiple tagged commands with
10797	 * the same ID.  (It's fine if different initiators have the same
10798	 * tag ID.)
10799	 *
10800	 * Even if all of those conditions are true, we don't kill the I/O
10801	 * if the command ahead of us has been aborted.  We won't end up
10802	 * sending it to the FETD, and it's perfectly legal to resend a
10803	 * command with the same tag number as long as the previous
10804	 * instance of this tag number has been aborted somehow.
10805	 */
10806	if ((pending_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10807	 && (ooa_io->scsiio.tag_type != CTL_TAG_UNTAGGED)
10808	 && (pending_io->scsiio.tag_num == ooa_io->scsiio.tag_num)
10809	 && ((pending_io->io_hdr.nexus.targ_port ==
10810	      ooa_io->io_hdr.nexus.targ_port)
10811	  && (pending_io->io_hdr.nexus.initid ==
10812	      ooa_io->io_hdr.nexus.initid))
10813	 && ((ooa_io->io_hdr.flags & (CTL_FLAG_ABORT |
10814	      CTL_FLAG_STATUS_SENT)) == 0))
10815		return (CTL_ACTION_OVERLAP_TAG);
10816
10817	/*
10818	 * If we get a head of queue tag, SAM-3 says that we should
10819	 * immediately execute it.
10820	 *
10821	 * What happens if this command would normally block for some other
10822	 * reason?  e.g. a request sense with a head of queue tag
10823	 * immediately after a write.  Normally that would block, but this
10824	 * will result in its getting executed immediately...
10825	 *
10826	 * We currently return "pass" instead of "skip", so we'll end up
10827	 * going through the rest of the queue to check for overlapped tags.
10828	 *
10829	 * XXX KDM check for other types of blockage first??
10830	 */
10831	if (pending_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10832		return (CTL_ACTION_PASS);
10833
10834	/*
10835	 * Ordered tags have to block until all items ahead of them
10836	 * have completed.  If we get called with an ordered tag, we always
10837	 * block, if something else is ahead of us in the queue.
10838	 */
10839	if (pending_io->scsiio.tag_type == CTL_TAG_ORDERED)
10840		return (CTL_ACTION_BLOCK);
10841
10842	/*
10843	 * Simple tags get blocked until all head of queue and ordered tags
10844	 * ahead of them have completed.  I'm lumping untagged commands in
10845	 * with simple tags here.  XXX KDM is that the right thing to do?
10846	 */
10847	if (((pending_io->scsiio.tag_type == CTL_TAG_UNTAGGED)
10848	  || (pending_io->scsiio.tag_type == CTL_TAG_SIMPLE))
10849	 && ((ooa_io->scsiio.tag_type == CTL_TAG_HEAD_OF_QUEUE)
10850	  || (ooa_io->scsiio.tag_type == CTL_TAG_ORDERED)))
10851		return (CTL_ACTION_BLOCK);
10852
10853	pending_entry = ctl_get_cmd_entry(&pending_io->scsiio, NULL);
10854	ooa_entry = ctl_get_cmd_entry(&ooa_io->scsiio, NULL);
10855
10856	serialize_row = ctl_serialize_table[ooa_entry->seridx];
10857
10858	switch (serialize_row[pending_entry->seridx]) {
10859	case CTL_SER_BLOCK:
10860		return (CTL_ACTION_BLOCK);
10861	case CTL_SER_EXTENT:
10862		return (ctl_extent_check(ooa_io, pending_io,
10863		    (lun->be_lun && lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10864	case CTL_SER_EXTENTOPT:
10865		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10866		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10867			return (ctl_extent_check(ooa_io, pending_io,
10868			    (lun->be_lun &&
10869			     lun->be_lun->serseq == CTL_LUN_SERSEQ_ON)));
10870		return (CTL_ACTION_PASS);
10871	case CTL_SER_EXTENTSEQ:
10872		if (lun->be_lun && lun->be_lun->serseq != CTL_LUN_SERSEQ_OFF)
10873			return (ctl_extent_check_seq(ooa_io, pending_io));
10874		return (CTL_ACTION_PASS);
10875	case CTL_SER_PASS:
10876		return (CTL_ACTION_PASS);
10877	case CTL_SER_BLOCKOPT:
10878		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT].queue_flags
10879		    & SCP_QUEUE_ALG_MASK) != SCP_QUEUE_ALG_UNRESTRICTED)
10880			return (CTL_ACTION_BLOCK);
10881		return (CTL_ACTION_PASS);
10882	case CTL_SER_SKIP:
10883		return (CTL_ACTION_SKIP);
10884	default:
10885		panic("invalid serialization value %d",
10886		      serialize_row[pending_entry->seridx]);
10887	}
10888
10889	return (CTL_ACTION_ERROR);
10890}
10891
10892/*
10893 * Check for blockage or overlaps against the OOA (Order Of Arrival) queue.
10894 * Assumptions:
10895 * - pending_io is generally either incoming, or on the blocked queue
10896 * - starting I/O is the I/O we want to start the check with.
10897 */
10898static ctl_action
10899ctl_check_ooa(struct ctl_lun *lun, union ctl_io *pending_io,
10900	      union ctl_io *starting_io)
10901{
10902	union ctl_io *ooa_io;
10903	ctl_action action;
10904
10905	mtx_assert(&lun->lun_lock, MA_OWNED);
10906
10907	/*
10908	 * Run back along the OOA queue, starting with the current
10909	 * blocked I/O and going through every I/O before it on the
10910	 * queue.  If starting_io is NULL, we'll just end up returning
10911	 * CTL_ACTION_PASS.
10912	 */
10913	for (ooa_io = starting_io; ooa_io != NULL;
10914	     ooa_io = (union ctl_io *)TAILQ_PREV(&ooa_io->io_hdr, ctl_ooaq,
10915	     ooa_links)){
10916
10917		/*
10918		 * This routine just checks to see whether
10919		 * cur_blocked is blocked by ooa_io, which is ahead
10920		 * of it in the queue.  It doesn't queue/dequeue
10921		 * cur_blocked.
10922		 */
10923		action = ctl_check_for_blockage(lun, pending_io, ooa_io);
10924		switch (action) {
10925		case CTL_ACTION_BLOCK:
10926		case CTL_ACTION_OVERLAP:
10927		case CTL_ACTION_OVERLAP_TAG:
10928		case CTL_ACTION_SKIP:
10929		case CTL_ACTION_ERROR:
10930			return (action);
10931			break; /* NOTREACHED */
10932		case CTL_ACTION_PASS:
10933			break;
10934		default:
10935			panic("invalid action %d", action);
10936			break;  /* NOTREACHED */
10937		}
10938	}
10939
10940	return (CTL_ACTION_PASS);
10941}
10942
10943/*
10944 * Assumptions:
10945 * - An I/O has just completed, and has been removed from the per-LUN OOA
10946 *   queue, so some items on the blocked queue may now be unblocked.
10947 */
10948static int
10949ctl_check_blocked(struct ctl_lun *lun)
10950{
10951	struct ctl_softc *softc = lun->ctl_softc;
10952	union ctl_io *cur_blocked, *next_blocked;
10953
10954	mtx_assert(&lun->lun_lock, MA_OWNED);
10955
10956	/*
10957	 * Run forward from the head of the blocked queue, checking each
10958	 * entry against the I/Os prior to it on the OOA queue to see if
10959	 * there is still any blockage.
10960	 *
10961	 * We cannot use the TAILQ_FOREACH() macro, because it can't deal
10962	 * with our removing a variable on it while it is traversing the
10963	 * list.
10964	 */
10965	for (cur_blocked = (union ctl_io *)TAILQ_FIRST(&lun->blocked_queue);
10966	     cur_blocked != NULL; cur_blocked = next_blocked) {
10967		union ctl_io *prev_ooa;
10968		ctl_action action;
10969
10970		next_blocked = (union ctl_io *)TAILQ_NEXT(&cur_blocked->io_hdr,
10971							  blocked_links);
10972
10973		prev_ooa = (union ctl_io *)TAILQ_PREV(&cur_blocked->io_hdr,
10974						      ctl_ooaq, ooa_links);
10975
10976		/*
10977		 * If cur_blocked happens to be the first item in the OOA
10978		 * queue now, prev_ooa will be NULL, and the action
10979		 * returned will just be CTL_ACTION_PASS.
10980		 */
10981		action = ctl_check_ooa(lun, cur_blocked, prev_ooa);
10982
10983		switch (action) {
10984		case CTL_ACTION_BLOCK:
10985			/* Nothing to do here, still blocked */
10986			break;
10987		case CTL_ACTION_OVERLAP:
10988		case CTL_ACTION_OVERLAP_TAG:
10989			/*
10990			 * This shouldn't happen!  In theory we've already
10991			 * checked this command for overlap...
10992			 */
10993			break;
10994		case CTL_ACTION_PASS:
10995		case CTL_ACTION_SKIP: {
10996			const struct ctl_cmd_entry *entry;
10997
10998			/*
10999			 * The skip case shouldn't happen, this transaction
11000			 * should have never made it onto the blocked queue.
11001			 */
11002			/*
11003			 * This I/O is no longer blocked, we can remove it
11004			 * from the blocked queue.  Since this is a TAILQ
11005			 * (doubly linked list), we can do O(1) removals
11006			 * from any place on the list.
11007			 */
11008			TAILQ_REMOVE(&lun->blocked_queue, &cur_blocked->io_hdr,
11009				     blocked_links);
11010			cur_blocked->io_hdr.flags &= ~CTL_FLAG_BLOCKED;
11011
11012			if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
11013			    (cur_blocked->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)){
11014				/*
11015				 * Need to send IO back to original side to
11016				 * run
11017				 */
11018				union ctl_ha_msg msg_info;
11019
11020				cur_blocked->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11021				msg_info.hdr.original_sc =
11022					cur_blocked->io_hdr.original_sc;
11023				msg_info.hdr.serializing_sc = cur_blocked;
11024				msg_info.hdr.msg_type = CTL_MSG_R2R;
11025				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11026				    sizeof(msg_info.hdr), M_NOWAIT);
11027				break;
11028			}
11029			entry = ctl_get_cmd_entry(&cur_blocked->scsiio, NULL);
11030
11031			/*
11032			 * Check this I/O for LUN state changes that may
11033			 * have happened while this command was blocked.
11034			 * The LUN state may have been changed by a command
11035			 * ahead of us in the queue, so we need to re-check
11036			 * for any states that can be caused by SCSI
11037			 * commands.
11038			 */
11039			if (ctl_scsiio_lun_check(lun, entry,
11040						 &cur_blocked->scsiio) == 0) {
11041				cur_blocked->io_hdr.flags |=
11042				                      CTL_FLAG_IS_WAS_ON_RTR;
11043				ctl_enqueue_rtr(cur_blocked);
11044			} else
11045				ctl_done(cur_blocked);
11046			break;
11047		}
11048		default:
11049			/*
11050			 * This probably shouldn't happen -- we shouldn't
11051			 * get CTL_ACTION_ERROR, or anything else.
11052			 */
11053			break;
11054		}
11055	}
11056
11057	return (CTL_RETVAL_COMPLETE);
11058}
11059
11060/*
11061 * This routine (with one exception) checks LUN flags that can be set by
11062 * commands ahead of us in the OOA queue.  These flags have to be checked
11063 * when a command initially comes in, and when we pull a command off the
11064 * blocked queue and are preparing to execute it.  The reason we have to
11065 * check these flags for commands on the blocked queue is that the LUN
11066 * state may have been changed by a command ahead of us while we're on the
11067 * blocked queue.
11068 *
11069 * Ordering is somewhat important with these checks, so please pay
11070 * careful attention to the placement of any new checks.
11071 */
11072static int
11073ctl_scsiio_lun_check(struct ctl_lun *lun,
11074    const struct ctl_cmd_entry *entry, struct ctl_scsiio *ctsio)
11075{
11076	struct ctl_softc *softc = lun->ctl_softc;
11077	int retval;
11078	uint32_t residx;
11079
11080	retval = 0;
11081
11082	mtx_assert(&lun->lun_lock, MA_OWNED);
11083
11084	/*
11085	 * If this shelf is a secondary shelf controller, we may have to
11086	 * reject some commands disallowed by HA mode and link state.
11087	 */
11088	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0) {
11089		if (softc->ha_link == CTL_HA_LINK_OFFLINE &&
11090		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11091			ctl_set_lun_unavail(ctsio);
11092			retval = 1;
11093			goto bailout;
11094		}
11095		if ((lun->flags & CTL_LUN_PEER_SC_PRIMARY) == 0 &&
11096		    (entry->flags & CTL_CMD_FLAG_OK_ON_UNAVAIL) == 0) {
11097			ctl_set_lun_transit(ctsio);
11098			retval = 1;
11099			goto bailout;
11100		}
11101		if (softc->ha_mode == CTL_HA_MODE_ACT_STBY &&
11102		    (entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0) {
11103			ctl_set_lun_standby(ctsio);
11104			retval = 1;
11105			goto bailout;
11106		}
11107
11108		/* The rest of checks are only done on executing side */
11109		if (softc->ha_mode == CTL_HA_MODE_XFER)
11110			goto bailout;
11111	}
11112
11113	if (entry->pattern & CTL_LUN_PAT_WRITE) {
11114		if (lun->be_lun &&
11115		    lun->be_lun->flags & CTL_LUN_FLAG_READONLY) {
11116			ctl_set_hw_write_protected(ctsio);
11117			retval = 1;
11118			goto bailout;
11119		}
11120		if ((lun->mode_pages.control_page[CTL_PAGE_CURRENT]
11121		    .eca_and_aen & SCP_SWP) != 0) {
11122			ctl_set_sense(ctsio, /*current_error*/ 1,
11123			    /*sense_key*/ SSD_KEY_DATA_PROTECT,
11124			    /*asc*/ 0x27, /*ascq*/ 0x02, SSD_ELEM_NONE);
11125			retval = 1;
11126			goto bailout;
11127		}
11128	}
11129
11130	/*
11131	 * Check for a reservation conflict.  If this command isn't allowed
11132	 * even on reserved LUNs, and if this initiator isn't the one who
11133	 * reserved us, reject the command with a reservation conflict.
11134	 */
11135	residx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11136	if ((lun->flags & CTL_LUN_RESERVED)
11137	 && ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_RESV) == 0)) {
11138		if (lun->res_idx != residx) {
11139			ctl_set_reservation_conflict(ctsio);
11140			retval = 1;
11141			goto bailout;
11142		}
11143	}
11144
11145	if ((lun->flags & CTL_LUN_PR_RESERVED) == 0 ||
11146	    (entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_RESV)) {
11147		/* No reservation or command is allowed. */;
11148	} else if ((entry->flags & CTL_CMD_FLAG_ALLOW_ON_PR_WRESV) &&
11149	    (lun->res_type == SPR_TYPE_WR_EX ||
11150	     lun->res_type == SPR_TYPE_WR_EX_RO ||
11151	     lun->res_type == SPR_TYPE_WR_EX_AR)) {
11152		/* The command is allowed for Write Exclusive resv. */;
11153	} else {
11154		/*
11155		 * if we aren't registered or it's a res holder type
11156		 * reservation and this isn't the res holder then set a
11157		 * conflict.
11158		 */
11159		if (ctl_get_prkey(lun, residx) == 0
11160		 || (residx != lun->pr_res_idx && lun->res_type < 4)) {
11161			ctl_set_reservation_conflict(ctsio);
11162			retval = 1;
11163			goto bailout;
11164		}
11165	}
11166
11167	if ((lun->flags & CTL_LUN_OFFLINE)
11168	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STANDBY) == 0)) {
11169		ctl_set_lun_not_ready(ctsio);
11170		retval = 1;
11171		goto bailout;
11172	}
11173
11174	if ((lun->flags & CTL_LUN_STOPPED)
11175	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_STOPPED) == 0)) {
11176		/* "Logical unit not ready, initializing cmd. required" */
11177		ctl_set_lun_stopped(ctsio);
11178		retval = 1;
11179		goto bailout;
11180	}
11181
11182	if ((lun->flags & CTL_LUN_INOPERABLE)
11183	 && ((entry->flags & CTL_CMD_FLAG_OK_ON_INOPERABLE) == 0)) {
11184		/* "Medium format corrupted" */
11185		ctl_set_medium_format_corrupted(ctsio);
11186		retval = 1;
11187		goto bailout;
11188	}
11189
11190bailout:
11191	return (retval);
11192}
11193
11194static void
11195ctl_failover_io(union ctl_io *io, int have_lock)
11196{
11197	ctl_set_busy(&io->scsiio);
11198	ctl_done(io);
11199}
11200
11201static void
11202ctl_failover_lun(union ctl_io *rio)
11203{
11204	struct ctl_softc *softc = control_softc;
11205	struct ctl_lun *lun;
11206	struct ctl_io_hdr *io, *next_io;
11207	uint32_t targ_lun;
11208
11209	targ_lun = rio->io_hdr.nexus.targ_mapped_lun;
11210	CTL_DEBUG_PRINT(("FAILOVER for lun %ju\n", targ_lun));
11211
11212	/* Find and lock the LUN. */
11213	mtx_lock(&softc->ctl_lock);
11214	if ((targ_lun < CTL_MAX_LUNS) &&
11215	    ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11216		mtx_lock(&lun->lun_lock);
11217		mtx_unlock(&softc->ctl_lock);
11218		if (lun->flags & CTL_LUN_DISABLED) {
11219			mtx_unlock(&lun->lun_lock);
11220			return;
11221		}
11222	} else {
11223		mtx_unlock(&softc->ctl_lock);
11224		return;
11225	}
11226
11227	if (softc->ha_mode == CTL_HA_MODE_XFER) {
11228		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11229			/* We are master */
11230			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11231				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11232					io->flags |= CTL_FLAG_ABORT;
11233					io->flags |= CTL_FLAG_FAILOVER;
11234				} else { /* This can be only due to DATAMOVE */
11235					io->msg_type = CTL_MSG_DATAMOVE_DONE;
11236					io->flags &= ~CTL_FLAG_DMA_INPROG;
11237					io->flags |= CTL_FLAG_IO_ACTIVE;
11238					io->port_status = 31340;
11239					ctl_enqueue_isc((union ctl_io *)io);
11240				}
11241			}
11242			/* We are slave */
11243			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11244				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11245				if (io->flags & CTL_FLAG_IO_ACTIVE) {
11246					io->flags |= CTL_FLAG_FAILOVER;
11247				} else {
11248					ctl_set_busy(&((union ctl_io *)io)->
11249					    scsiio);
11250					ctl_done((union ctl_io *)io);
11251				}
11252			}
11253		}
11254	} else { /* SERIALIZE modes */
11255		TAILQ_FOREACH_SAFE(io, &lun->blocked_queue, blocked_links,
11256		    next_io) {
11257			/* We are master */
11258			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11259				TAILQ_REMOVE(&lun->blocked_queue, io,
11260				    blocked_links);
11261				io->flags &= ~CTL_FLAG_BLOCKED;
11262				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11263				ctl_free_io((union ctl_io *)io);
11264			}
11265		}
11266		TAILQ_FOREACH_SAFE(io, &lun->ooa_queue, ooa_links, next_io) {
11267			/* We are master */
11268			if (io->flags & CTL_FLAG_FROM_OTHER_SC) {
11269				TAILQ_REMOVE(&lun->ooa_queue, io, ooa_links);
11270				ctl_free_io((union ctl_io *)io);
11271			}
11272			/* We are slave */
11273			if (io->flags & CTL_FLAG_SENT_2OTHER_SC) {
11274				io->flags &= ~CTL_FLAG_SENT_2OTHER_SC;
11275				if (!(io->flags & CTL_FLAG_IO_ACTIVE)) {
11276					ctl_set_busy(&((union ctl_io *)io)->
11277					    scsiio);
11278					ctl_done((union ctl_io *)io);
11279				}
11280			}
11281		}
11282		ctl_check_blocked(lun);
11283	}
11284	mtx_unlock(&lun->lun_lock);
11285}
11286
11287static int
11288ctl_scsiio_precheck(struct ctl_softc *softc, struct ctl_scsiio *ctsio)
11289{
11290	struct ctl_lun *lun;
11291	const struct ctl_cmd_entry *entry;
11292	uint32_t initidx, targ_lun;
11293	int retval;
11294
11295	retval = 0;
11296
11297	lun = NULL;
11298
11299	targ_lun = ctsio->io_hdr.nexus.targ_mapped_lun;
11300	if ((targ_lun < CTL_MAX_LUNS)
11301	 && ((lun = softc->ctl_luns[targ_lun]) != NULL)) {
11302		/*
11303		 * If the LUN is invalid, pretend that it doesn't exist.
11304		 * It will go away as soon as all pending I/O has been
11305		 * completed.
11306		 */
11307		mtx_lock(&lun->lun_lock);
11308		if (lun->flags & CTL_LUN_DISABLED) {
11309			mtx_unlock(&lun->lun_lock);
11310			lun = NULL;
11311			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11312			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11313		} else {
11314			ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = lun;
11315			ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr =
11316				lun->be_lun;
11317
11318			/*
11319			 * Every I/O goes into the OOA queue for a
11320			 * particular LUN, and stays there until completion.
11321			 */
11322#ifdef CTL_TIME_IO
11323			if (TAILQ_EMPTY(&lun->ooa_queue)) {
11324				lun->idle_time += getsbinuptime() -
11325				    lun->last_busy;
11326			}
11327#endif
11328			TAILQ_INSERT_TAIL(&lun->ooa_queue, &ctsio->io_hdr,
11329			    ooa_links);
11330		}
11331	} else {
11332		ctsio->io_hdr.ctl_private[CTL_PRIV_LUN].ptr = NULL;
11333		ctsio->io_hdr.ctl_private[CTL_PRIV_BACKEND_LUN].ptr = NULL;
11334	}
11335
11336	/* Get command entry and return error if it is unsuppotyed. */
11337	entry = ctl_validate_command(ctsio);
11338	if (entry == NULL) {
11339		if (lun)
11340			mtx_unlock(&lun->lun_lock);
11341		return (retval);
11342	}
11343
11344	ctsio->io_hdr.flags &= ~CTL_FLAG_DATA_MASK;
11345	ctsio->io_hdr.flags |= entry->flags & CTL_FLAG_DATA_MASK;
11346
11347	/*
11348	 * Check to see whether we can send this command to LUNs that don't
11349	 * exist.  This should pretty much only be the case for inquiry
11350	 * and request sense.  Further checks, below, really require having
11351	 * a LUN, so we can't really check the command anymore.  Just put
11352	 * it on the rtr queue.
11353	 */
11354	if (lun == NULL) {
11355		if (entry->flags & CTL_CMD_FLAG_OK_ON_NO_LUN) {
11356			ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11357			ctl_enqueue_rtr((union ctl_io *)ctsio);
11358			return (retval);
11359		}
11360
11361		ctl_set_unsupported_lun(ctsio);
11362		ctl_done((union ctl_io *)ctsio);
11363		CTL_DEBUG_PRINT(("ctl_scsiio_precheck: bailing out due to invalid LUN\n"));
11364		return (retval);
11365	} else {
11366		/*
11367		 * Make sure we support this particular command on this LUN.
11368		 * e.g., we don't support writes to the control LUN.
11369		 */
11370		if (!ctl_cmd_applicable(lun->be_lun->lun_type, entry)) {
11371			mtx_unlock(&lun->lun_lock);
11372			ctl_set_invalid_opcode(ctsio);
11373			ctl_done((union ctl_io *)ctsio);
11374			return (retval);
11375		}
11376	}
11377
11378	initidx = ctl_get_initindex(&ctsio->io_hdr.nexus);
11379
11380#ifdef CTL_WITH_CA
11381	/*
11382	 * If we've got a request sense, it'll clear the contingent
11383	 * allegiance condition.  Otherwise, if we have a CA condition for
11384	 * this initiator, clear it, because it sent down a command other
11385	 * than request sense.
11386	 */
11387	if ((ctsio->cdb[0] != REQUEST_SENSE)
11388	 && (ctl_is_set(lun->have_ca, initidx)))
11389		ctl_clear_mask(lun->have_ca, initidx);
11390#endif
11391
11392	/*
11393	 * If the command has this flag set, it handles its own unit
11394	 * attention reporting, we shouldn't do anything.  Otherwise we
11395	 * check for any pending unit attentions, and send them back to the
11396	 * initiator.  We only do this when a command initially comes in,
11397	 * not when we pull it off the blocked queue.
11398	 *
11399	 * According to SAM-3, section 5.3.2, the order that things get
11400	 * presented back to the host is basically unit attentions caused
11401	 * by some sort of reset event, busy status, reservation conflicts
11402	 * or task set full, and finally any other status.
11403	 *
11404	 * One issue here is that some of the unit attentions we report
11405	 * don't fall into the "reset" category (e.g. "reported luns data
11406	 * has changed").  So reporting it here, before the reservation
11407	 * check, may be technically wrong.  I guess the only thing to do
11408	 * would be to check for and report the reset events here, and then
11409	 * check for the other unit attention types after we check for a
11410	 * reservation conflict.
11411	 *
11412	 * XXX KDM need to fix this
11413	 */
11414	if ((entry->flags & CTL_CMD_FLAG_NO_SENSE) == 0) {
11415		ctl_ua_type ua_type;
11416
11417		ua_type = ctl_build_ua(lun, initidx, &ctsio->sense_data,
11418		    SSD_TYPE_NONE);
11419		if (ua_type != CTL_UA_NONE) {
11420			mtx_unlock(&lun->lun_lock);
11421			ctsio->scsi_status = SCSI_STATUS_CHECK_COND;
11422			ctsio->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
11423			ctsio->sense_len = SSD_FULL_SIZE;
11424			ctl_done((union ctl_io *)ctsio);
11425			return (retval);
11426		}
11427	}
11428
11429
11430	if (ctl_scsiio_lun_check(lun, entry, ctsio) != 0) {
11431		mtx_unlock(&lun->lun_lock);
11432		ctl_done((union ctl_io *)ctsio);
11433		return (retval);
11434	}
11435
11436	/*
11437	 * XXX CHD this is where we want to send IO to other side if
11438	 * this LUN is secondary on this SC. We will need to make a copy
11439	 * of the IO and flag the IO on this side as SENT_2OTHER and the flag
11440	 * the copy we send as FROM_OTHER.
11441	 * We also need to stuff the address of the original IO so we can
11442	 * find it easily. Something similar will need be done on the other
11443	 * side so when we are done we can find the copy.
11444	 */
11445	if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
11446	    (lun->flags & CTL_LUN_PEER_SC_PRIMARY) != 0 &&
11447	    (entry->flags & CTL_CMD_FLAG_RUN_HERE) == 0) {
11448		union ctl_ha_msg msg_info;
11449		int isc_retval;
11450
11451		ctsio->io_hdr.flags |= CTL_FLAG_SENT_2OTHER_SC;
11452		ctsio->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
11453		mtx_unlock(&lun->lun_lock);
11454
11455		msg_info.hdr.msg_type = CTL_MSG_SERIALIZE;
11456		msg_info.hdr.original_sc = (union ctl_io *)ctsio;
11457		msg_info.hdr.serializing_sc = NULL;
11458		msg_info.hdr.nexus = ctsio->io_hdr.nexus;
11459		msg_info.scsi.tag_num = ctsio->tag_num;
11460		msg_info.scsi.tag_type = ctsio->tag_type;
11461		msg_info.scsi.cdb_len = ctsio->cdb_len;
11462		memcpy(msg_info.scsi.cdb, ctsio->cdb, CTL_MAX_CDBLEN);
11463
11464		if ((isc_retval = ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11465		    sizeof(msg_info.scsi) - sizeof(msg_info.scsi.sense_data),
11466		    M_WAITOK)) > CTL_HA_STATUS_SUCCESS) {
11467			ctl_set_busy(ctsio);
11468			ctl_done((union ctl_io *)ctsio);
11469			return (retval);
11470		}
11471		return (retval);
11472	}
11473
11474	switch (ctl_check_ooa(lun, (union ctl_io *)ctsio,
11475			      (union ctl_io *)TAILQ_PREV(&ctsio->io_hdr,
11476			      ctl_ooaq, ooa_links))) {
11477	case CTL_ACTION_BLOCK:
11478		ctsio->io_hdr.flags |= CTL_FLAG_BLOCKED;
11479		TAILQ_INSERT_TAIL(&lun->blocked_queue, &ctsio->io_hdr,
11480				  blocked_links);
11481		mtx_unlock(&lun->lun_lock);
11482		return (retval);
11483	case CTL_ACTION_PASS:
11484	case CTL_ACTION_SKIP:
11485		ctsio->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
11486		mtx_unlock(&lun->lun_lock);
11487		ctl_enqueue_rtr((union ctl_io *)ctsio);
11488		break;
11489	case CTL_ACTION_OVERLAP:
11490		mtx_unlock(&lun->lun_lock);
11491		ctl_set_overlapped_cmd(ctsio);
11492		ctl_done((union ctl_io *)ctsio);
11493		break;
11494	case CTL_ACTION_OVERLAP_TAG:
11495		mtx_unlock(&lun->lun_lock);
11496		ctl_set_overlapped_tag(ctsio, ctsio->tag_num & 0xff);
11497		ctl_done((union ctl_io *)ctsio);
11498		break;
11499	case CTL_ACTION_ERROR:
11500	default:
11501		mtx_unlock(&lun->lun_lock);
11502		ctl_set_internal_failure(ctsio,
11503					 /*sks_valid*/ 0,
11504					 /*retry_count*/ 0);
11505		ctl_done((union ctl_io *)ctsio);
11506		break;
11507	}
11508	return (retval);
11509}
11510
11511const struct ctl_cmd_entry *
11512ctl_get_cmd_entry(struct ctl_scsiio *ctsio, int *sa)
11513{
11514	const struct ctl_cmd_entry *entry;
11515	int service_action;
11516
11517	entry = &ctl_cmd_table[ctsio->cdb[0]];
11518	if (sa)
11519		*sa = ((entry->flags & CTL_CMD_FLAG_SA5) != 0);
11520	if (entry->flags & CTL_CMD_FLAG_SA5) {
11521		service_action = ctsio->cdb[1] & SERVICE_ACTION_MASK;
11522		entry = &((const struct ctl_cmd_entry *)
11523		    entry->execute)[service_action];
11524	}
11525	return (entry);
11526}
11527
11528const struct ctl_cmd_entry *
11529ctl_validate_command(struct ctl_scsiio *ctsio)
11530{
11531	const struct ctl_cmd_entry *entry;
11532	int i, sa;
11533	uint8_t diff;
11534
11535	entry = ctl_get_cmd_entry(ctsio, &sa);
11536	if (entry->execute == NULL) {
11537		if (sa)
11538			ctl_set_invalid_field(ctsio,
11539					      /*sks_valid*/ 1,
11540					      /*command*/ 1,
11541					      /*field*/ 1,
11542					      /*bit_valid*/ 1,
11543					      /*bit*/ 4);
11544		else
11545			ctl_set_invalid_opcode(ctsio);
11546		ctl_done((union ctl_io *)ctsio);
11547		return (NULL);
11548	}
11549	KASSERT(entry->length > 0,
11550	    ("Not defined length for command 0x%02x/0x%02x",
11551	     ctsio->cdb[0], ctsio->cdb[1]));
11552	for (i = 1; i < entry->length; i++) {
11553		diff = ctsio->cdb[i] & ~entry->usage[i - 1];
11554		if (diff == 0)
11555			continue;
11556		ctl_set_invalid_field(ctsio,
11557				      /*sks_valid*/ 1,
11558				      /*command*/ 1,
11559				      /*field*/ i,
11560				      /*bit_valid*/ 1,
11561				      /*bit*/ fls(diff) - 1);
11562		ctl_done((union ctl_io *)ctsio);
11563		return (NULL);
11564	}
11565	return (entry);
11566}
11567
11568static int
11569ctl_cmd_applicable(uint8_t lun_type, const struct ctl_cmd_entry *entry)
11570{
11571
11572	switch (lun_type) {
11573	case T_PROCESSOR:
11574		if ((entry->flags & CTL_CMD_FLAG_OK_ON_PROC) == 0)
11575			return (0);
11576		break;
11577	case T_DIRECT:
11578		if ((entry->flags & CTL_CMD_FLAG_OK_ON_SLUN) == 0)
11579			return (0);
11580		break;
11581	default:
11582		return (0);
11583	}
11584	return (1);
11585}
11586
11587static int
11588ctl_scsiio(struct ctl_scsiio *ctsio)
11589{
11590	int retval;
11591	const struct ctl_cmd_entry *entry;
11592
11593	retval = CTL_RETVAL_COMPLETE;
11594
11595	CTL_DEBUG_PRINT(("ctl_scsiio cdb[0]=%02X\n", ctsio->cdb[0]));
11596
11597	entry = ctl_get_cmd_entry(ctsio, NULL);
11598
11599	/*
11600	 * If this I/O has been aborted, just send it straight to
11601	 * ctl_done() without executing it.
11602	 */
11603	if (ctsio->io_hdr.flags & CTL_FLAG_ABORT) {
11604		ctl_done((union ctl_io *)ctsio);
11605		goto bailout;
11606	}
11607
11608	/*
11609	 * All the checks should have been handled by ctl_scsiio_precheck().
11610	 * We should be clear now to just execute the I/O.
11611	 */
11612	retval = entry->execute(ctsio);
11613
11614bailout:
11615	return (retval);
11616}
11617
11618/*
11619 * Since we only implement one target right now, a bus reset simply resets
11620 * our single target.
11621 */
11622static int
11623ctl_bus_reset(struct ctl_softc *softc, union ctl_io *io)
11624{
11625	return(ctl_target_reset(softc, io, CTL_UA_BUS_RESET));
11626}
11627
11628static int
11629ctl_target_reset(struct ctl_softc *softc, union ctl_io *io,
11630		 ctl_ua_type ua_type)
11631{
11632	struct ctl_port *port;
11633	struct ctl_lun *lun;
11634	int retval;
11635
11636	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11637		union ctl_ha_msg msg_info;
11638
11639		msg_info.hdr.nexus = io->io_hdr.nexus;
11640		if (ua_type==CTL_UA_TARG_RESET)
11641			msg_info.task.task_action = CTL_TASK_TARGET_RESET;
11642		else
11643			msg_info.task.task_action = CTL_TASK_BUS_RESET;
11644		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11645		msg_info.hdr.original_sc = NULL;
11646		msg_info.hdr.serializing_sc = NULL;
11647		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11648		    sizeof(msg_info.task), M_WAITOK);
11649	}
11650	retval = 0;
11651
11652	mtx_lock(&softc->ctl_lock);
11653	port = ctl_io_port(&io->io_hdr);
11654	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11655		if (port != NULL &&
11656		    ctl_lun_map_to_port(port, lun->lun) >= CTL_MAX_LUNS)
11657			continue;
11658		retval += ctl_do_lun_reset(lun, io, ua_type);
11659	}
11660	mtx_unlock(&softc->ctl_lock);
11661	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11662	return (retval);
11663}
11664
11665/*
11666 * The LUN should always be set.  The I/O is optional, and is used to
11667 * distinguish between I/Os sent by this initiator, and by other
11668 * initiators.  We set unit attention for initiators other than this one.
11669 * SAM-3 is vague on this point.  It does say that a unit attention should
11670 * be established for other initiators when a LUN is reset (see section
11671 * 5.7.3), but it doesn't specifically say that the unit attention should
11672 * be established for this particular initiator when a LUN is reset.  Here
11673 * is the relevant text, from SAM-3 rev 8:
11674 *
11675 * 5.7.2 When a SCSI initiator port aborts its own tasks
11676 *
11677 * When a SCSI initiator port causes its own task(s) to be aborted, no
11678 * notification that the task(s) have been aborted shall be returned to
11679 * the SCSI initiator port other than the completion response for the
11680 * command or task management function action that caused the task(s) to
11681 * be aborted and notification(s) associated with related effects of the
11682 * action (e.g., a reset unit attention condition).
11683 *
11684 * XXX KDM for now, we're setting unit attention for all initiators.
11685 */
11686static int
11687ctl_do_lun_reset(struct ctl_lun *lun, union ctl_io *io, ctl_ua_type ua_type)
11688{
11689	union ctl_io *xio;
11690#if 0
11691	uint32_t initidx;
11692#endif
11693#ifdef CTL_WITH_CA
11694	int i;
11695#endif
11696
11697	mtx_lock(&lun->lun_lock);
11698	/*
11699	 * Run through the OOA queue and abort each I/O.
11700	 */
11701	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11702	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11703		xio->io_hdr.flags |= CTL_FLAG_ABORT | CTL_FLAG_ABORT_STATUS;
11704	}
11705
11706	/*
11707	 * This version sets unit attention for every
11708	 */
11709#if 0
11710	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11711	ctl_est_ua_all(lun, initidx, ua_type);
11712#else
11713	ctl_est_ua_all(lun, -1, ua_type);
11714#endif
11715
11716	/*
11717	 * A reset (any kind, really) clears reservations established with
11718	 * RESERVE/RELEASE.  It does not clear reservations established
11719	 * with PERSISTENT RESERVE OUT, but we don't support that at the
11720	 * moment anyway.  See SPC-2, section 5.6.  SPC-3 doesn't address
11721	 * reservations made with the RESERVE/RELEASE commands, because
11722	 * those commands are obsolete in SPC-3.
11723	 */
11724	lun->flags &= ~CTL_LUN_RESERVED;
11725
11726#ifdef CTL_WITH_CA
11727	for (i = 0; i < CTL_MAX_INITIATORS; i++)
11728		ctl_clear_mask(lun->have_ca, i);
11729#endif
11730	mtx_unlock(&lun->lun_lock);
11731
11732	return (0);
11733}
11734
11735static int
11736ctl_lun_reset(struct ctl_softc *softc, union ctl_io *io)
11737{
11738	struct ctl_lun *lun;
11739	uint32_t targ_lun;
11740	int retval;
11741
11742	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11743	mtx_lock(&softc->ctl_lock);
11744	if ((targ_lun >= CTL_MAX_LUNS) ||
11745	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11746		mtx_unlock(&softc->ctl_lock);
11747		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11748		return (1);
11749	}
11750	retval = ctl_do_lun_reset(lun, io, CTL_UA_LUN_RESET);
11751	mtx_unlock(&softc->ctl_lock);
11752	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11753
11754	if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0) {
11755		union ctl_ha_msg msg_info;
11756
11757		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11758		msg_info.hdr.nexus = io->io_hdr.nexus;
11759		msg_info.task.task_action = CTL_TASK_LUN_RESET;
11760		msg_info.hdr.original_sc = NULL;
11761		msg_info.hdr.serializing_sc = NULL;
11762		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11763		    sizeof(msg_info.task), M_WAITOK);
11764	}
11765	return (retval);
11766}
11767
11768static void
11769ctl_abort_tasks_lun(struct ctl_lun *lun, uint32_t targ_port, uint32_t init_id,
11770    int other_sc)
11771{
11772	union ctl_io *xio;
11773
11774	mtx_assert(&lun->lun_lock, MA_OWNED);
11775
11776	/*
11777	 * Run through the OOA queue and attempt to find the given I/O.
11778	 * The target port, initiator ID, tag type and tag number have to
11779	 * match the values that we got from the initiator.  If we have an
11780	 * untagged command to abort, simply abort the first untagged command
11781	 * we come to.  We only allow one untagged command at a time of course.
11782	 */
11783	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11784	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11785
11786		if ((targ_port == UINT32_MAX ||
11787		     targ_port == xio->io_hdr.nexus.targ_port) &&
11788		    (init_id == UINT32_MAX ||
11789		     init_id == xio->io_hdr.nexus.initid)) {
11790			if (targ_port != xio->io_hdr.nexus.targ_port ||
11791			    init_id != xio->io_hdr.nexus.initid)
11792				xio->io_hdr.flags |= CTL_FLAG_ABORT_STATUS;
11793			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11794			if (!other_sc && !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11795				union ctl_ha_msg msg_info;
11796
11797				msg_info.hdr.nexus = xio->io_hdr.nexus;
11798				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11799				msg_info.task.tag_num = xio->scsiio.tag_num;
11800				msg_info.task.tag_type = xio->scsiio.tag_type;
11801				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11802				msg_info.hdr.original_sc = NULL;
11803				msg_info.hdr.serializing_sc = NULL;
11804				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11805				    sizeof(msg_info.task), M_NOWAIT);
11806			}
11807		}
11808	}
11809}
11810
11811static int
11812ctl_abort_task_set(union ctl_io *io)
11813{
11814	struct ctl_softc *softc = control_softc;
11815	struct ctl_lun *lun;
11816	uint32_t targ_lun;
11817
11818	/*
11819	 * Look up the LUN.
11820	 */
11821	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11822	mtx_lock(&softc->ctl_lock);
11823	if ((targ_lun >= CTL_MAX_LUNS) ||
11824	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11825		mtx_unlock(&softc->ctl_lock);
11826		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11827		return (1);
11828	}
11829
11830	mtx_lock(&lun->lun_lock);
11831	mtx_unlock(&softc->ctl_lock);
11832	if (io->taskio.task_action == CTL_TASK_ABORT_TASK_SET) {
11833		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11834		    io->io_hdr.nexus.initid,
11835		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11836	} else { /* CTL_TASK_CLEAR_TASK_SET */
11837		ctl_abort_tasks_lun(lun, UINT32_MAX, UINT32_MAX,
11838		    (io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) != 0);
11839	}
11840	mtx_unlock(&lun->lun_lock);
11841	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11842	return (0);
11843}
11844
11845static int
11846ctl_i_t_nexus_reset(union ctl_io *io)
11847{
11848	struct ctl_softc *softc = control_softc;
11849	struct ctl_lun *lun;
11850	uint32_t initidx;
11851
11852	if (!(io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC)) {
11853		union ctl_ha_msg msg_info;
11854
11855		msg_info.hdr.nexus = io->io_hdr.nexus;
11856		msg_info.task.task_action = CTL_TASK_I_T_NEXUS_RESET;
11857		msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11858		msg_info.hdr.original_sc = NULL;
11859		msg_info.hdr.serializing_sc = NULL;
11860		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11861		    sizeof(msg_info.task), M_WAITOK);
11862	}
11863
11864	initidx = ctl_get_initindex(&io->io_hdr.nexus);
11865	mtx_lock(&softc->ctl_lock);
11866	STAILQ_FOREACH(lun, &softc->lun_list, links) {
11867		mtx_lock(&lun->lun_lock);
11868		ctl_abort_tasks_lun(lun, io->io_hdr.nexus.targ_port,
11869		    io->io_hdr.nexus.initid, 1);
11870#ifdef CTL_WITH_CA
11871		ctl_clear_mask(lun->have_ca, initidx);
11872#endif
11873		if ((lun->flags & CTL_LUN_RESERVED) && (lun->res_idx == initidx))
11874			lun->flags &= ~CTL_LUN_RESERVED;
11875		ctl_est_ua(lun, initidx, CTL_UA_I_T_NEXUS_LOSS);
11876		mtx_unlock(&lun->lun_lock);
11877	}
11878	mtx_unlock(&softc->ctl_lock);
11879	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
11880	return (0);
11881}
11882
11883static int
11884ctl_abort_task(union ctl_io *io)
11885{
11886	union ctl_io *xio;
11887	struct ctl_lun *lun;
11888	struct ctl_softc *softc;
11889#if 0
11890	struct sbuf sb;
11891	char printbuf[128];
11892#endif
11893	int found;
11894	uint32_t targ_lun;
11895
11896	softc = control_softc;
11897	found = 0;
11898
11899	/*
11900	 * Look up the LUN.
11901	 */
11902	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
11903	mtx_lock(&softc->ctl_lock);
11904	if ((targ_lun >= CTL_MAX_LUNS) ||
11905	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
11906		mtx_unlock(&softc->ctl_lock);
11907		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
11908		return (1);
11909	}
11910
11911#if 0
11912	printf("ctl_abort_task: called for lun %lld, tag %d type %d\n",
11913	       lun->lun, io->taskio.tag_num, io->taskio.tag_type);
11914#endif
11915
11916	mtx_lock(&lun->lun_lock);
11917	mtx_unlock(&softc->ctl_lock);
11918	/*
11919	 * Run through the OOA queue and attempt to find the given I/O.
11920	 * The target port, initiator ID, tag type and tag number have to
11921	 * match the values that we got from the initiator.  If we have an
11922	 * untagged command to abort, simply abort the first untagged command
11923	 * we come to.  We only allow one untagged command at a time of course.
11924	 */
11925	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
11926	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
11927#if 0
11928		sbuf_new(&sb, printbuf, sizeof(printbuf), SBUF_FIXEDLEN);
11929
11930		sbuf_printf(&sb, "LUN %lld tag %d type %d%s%s%s%s: ",
11931			    lun->lun, xio->scsiio.tag_num,
11932			    xio->scsiio.tag_type,
11933			    (xio->io_hdr.blocked_links.tqe_prev
11934			    == NULL) ? "" : " BLOCKED",
11935			    (xio->io_hdr.flags &
11936			    CTL_FLAG_DMA_INPROG) ? " DMA" : "",
11937			    (xio->io_hdr.flags &
11938			    CTL_FLAG_ABORT) ? " ABORT" : "",
11939			    (xio->io_hdr.flags &
11940			    CTL_FLAG_IS_WAS_ON_RTR ? " RTR" : ""));
11941		ctl_scsi_command_string(&xio->scsiio, NULL, &sb);
11942		sbuf_finish(&sb);
11943		printf("%s\n", sbuf_data(&sb));
11944#endif
11945
11946		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
11947		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
11948		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
11949			continue;
11950
11951		/*
11952		 * If the abort says that the task is untagged, the
11953		 * task in the queue must be untagged.  Otherwise,
11954		 * we just check to see whether the tag numbers
11955		 * match.  This is because the QLogic firmware
11956		 * doesn't pass back the tag type in an abort
11957		 * request.
11958		 */
11959#if 0
11960		if (((xio->scsiio.tag_type == CTL_TAG_UNTAGGED)
11961		  && (io->taskio.tag_type == CTL_TAG_UNTAGGED))
11962		 || (xio->scsiio.tag_num == io->taskio.tag_num))
11963#endif
11964		/*
11965		 * XXX KDM we've got problems with FC, because it
11966		 * doesn't send down a tag type with aborts.  So we
11967		 * can only really go by the tag number...
11968		 * This may cause problems with parallel SCSI.
11969		 * Need to figure that out!!
11970		 */
11971		if (xio->scsiio.tag_num == io->taskio.tag_num) {
11972			xio->io_hdr.flags |= CTL_FLAG_ABORT;
11973			found = 1;
11974			if ((io->io_hdr.flags & CTL_FLAG_FROM_OTHER_SC) == 0 &&
11975			    !(lun->flags & CTL_LUN_PRIMARY_SC)) {
11976				union ctl_ha_msg msg_info;
11977
11978				msg_info.hdr.nexus = io->io_hdr.nexus;
11979				msg_info.task.task_action = CTL_TASK_ABORT_TASK;
11980				msg_info.task.tag_num = io->taskio.tag_num;
11981				msg_info.task.tag_type = io->taskio.tag_type;
11982				msg_info.hdr.msg_type = CTL_MSG_MANAGE_TASKS;
11983				msg_info.hdr.original_sc = NULL;
11984				msg_info.hdr.serializing_sc = NULL;
11985#if 0
11986				printf("Sent Abort to other side\n");
11987#endif
11988				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg_info,
11989				    sizeof(msg_info.task), M_NOWAIT);
11990			}
11991#if 0
11992			printf("ctl_abort_task: found I/O to abort\n");
11993#endif
11994		}
11995	}
11996	mtx_unlock(&lun->lun_lock);
11997
11998	if (found == 0) {
11999		/*
12000		 * This isn't really an error.  It's entirely possible for
12001		 * the abort and command completion to cross on the wire.
12002		 * This is more of an informative/diagnostic error.
12003		 */
12004#if 0
12005		printf("ctl_abort_task: ABORT sent for nonexistent I/O: "
12006		       "%u:%u:%u tag %d type %d\n",
12007		       io->io_hdr.nexus.initid,
12008		       io->io_hdr.nexus.targ_port,
12009		       io->io_hdr.nexus.targ_lun, io->taskio.tag_num,
12010		       io->taskio.tag_type);
12011#endif
12012	}
12013	io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12014	return (0);
12015}
12016
12017static int
12018ctl_query_task(union ctl_io *io, int task_set)
12019{
12020	union ctl_io *xio;
12021	struct ctl_lun *lun;
12022	struct ctl_softc *softc;
12023	int found = 0;
12024	uint32_t targ_lun;
12025
12026	softc = control_softc;
12027	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12028	mtx_lock(&softc->ctl_lock);
12029	if ((targ_lun >= CTL_MAX_LUNS) ||
12030	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12031		mtx_unlock(&softc->ctl_lock);
12032		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12033		return (1);
12034	}
12035	mtx_lock(&lun->lun_lock);
12036	mtx_unlock(&softc->ctl_lock);
12037	for (xio = (union ctl_io *)TAILQ_FIRST(&lun->ooa_queue); xio != NULL;
12038	     xio = (union ctl_io *)TAILQ_NEXT(&xio->io_hdr, ooa_links)) {
12039
12040		if ((xio->io_hdr.nexus.targ_port != io->io_hdr.nexus.targ_port)
12041		 || (xio->io_hdr.nexus.initid != io->io_hdr.nexus.initid)
12042		 || (xio->io_hdr.flags & CTL_FLAG_ABORT))
12043			continue;
12044
12045		if (task_set || xio->scsiio.tag_num == io->taskio.tag_num) {
12046			found = 1;
12047			break;
12048		}
12049	}
12050	mtx_unlock(&lun->lun_lock);
12051	if (found)
12052		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12053	else
12054		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12055	return (0);
12056}
12057
12058static int
12059ctl_query_async_event(union ctl_io *io)
12060{
12061	struct ctl_lun *lun;
12062	struct ctl_softc *softc;
12063	ctl_ua_type ua;
12064	uint32_t targ_lun, initidx;
12065
12066	softc = control_softc;
12067	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12068	mtx_lock(&softc->ctl_lock);
12069	if ((targ_lun >= CTL_MAX_LUNS) ||
12070	    (lun = softc->ctl_luns[targ_lun]) == NULL) {
12071		mtx_unlock(&softc->ctl_lock);
12072		io->taskio.task_status = CTL_TASK_LUN_DOES_NOT_EXIST;
12073		return (1);
12074	}
12075	mtx_lock(&lun->lun_lock);
12076	mtx_unlock(&softc->ctl_lock);
12077	initidx = ctl_get_initindex(&io->io_hdr.nexus);
12078	ua = ctl_build_qae(lun, initidx, io->taskio.task_resp);
12079	mtx_unlock(&lun->lun_lock);
12080	if (ua != CTL_UA_NONE)
12081		io->taskio.task_status = CTL_TASK_FUNCTION_SUCCEEDED;
12082	else
12083		io->taskio.task_status = CTL_TASK_FUNCTION_COMPLETE;
12084	return (0);
12085}
12086
12087static void
12088ctl_run_task(union ctl_io *io)
12089{
12090	struct ctl_softc *softc = control_softc;
12091	int retval = 1;
12092
12093	CTL_DEBUG_PRINT(("ctl_run_task\n"));
12094	KASSERT(io->io_hdr.io_type == CTL_IO_TASK,
12095	    ("ctl_run_task: Unextected io_type %d\n", io->io_hdr.io_type));
12096	io->taskio.task_status = CTL_TASK_FUNCTION_NOT_SUPPORTED;
12097	bzero(io->taskio.task_resp, sizeof(io->taskio.task_resp));
12098	switch (io->taskio.task_action) {
12099	case CTL_TASK_ABORT_TASK:
12100		retval = ctl_abort_task(io);
12101		break;
12102	case CTL_TASK_ABORT_TASK_SET:
12103	case CTL_TASK_CLEAR_TASK_SET:
12104		retval = ctl_abort_task_set(io);
12105		break;
12106	case CTL_TASK_CLEAR_ACA:
12107		break;
12108	case CTL_TASK_I_T_NEXUS_RESET:
12109		retval = ctl_i_t_nexus_reset(io);
12110		break;
12111	case CTL_TASK_LUN_RESET:
12112		retval = ctl_lun_reset(softc, io);
12113		break;
12114	case CTL_TASK_TARGET_RESET:
12115		retval = ctl_target_reset(softc, io, CTL_UA_TARG_RESET);
12116		break;
12117	case CTL_TASK_BUS_RESET:
12118		retval = ctl_bus_reset(softc, io);
12119		break;
12120	case CTL_TASK_PORT_LOGIN:
12121		break;
12122	case CTL_TASK_PORT_LOGOUT:
12123		break;
12124	case CTL_TASK_QUERY_TASK:
12125		retval = ctl_query_task(io, 0);
12126		break;
12127	case CTL_TASK_QUERY_TASK_SET:
12128		retval = ctl_query_task(io, 1);
12129		break;
12130	case CTL_TASK_QUERY_ASYNC_EVENT:
12131		retval = ctl_query_async_event(io);
12132		break;
12133	default:
12134		printf("%s: got unknown task management event %d\n",
12135		       __func__, io->taskio.task_action);
12136		break;
12137	}
12138	if (retval == 0)
12139		io->io_hdr.status = CTL_SUCCESS;
12140	else
12141		io->io_hdr.status = CTL_ERROR;
12142	ctl_done(io);
12143}
12144
12145/*
12146 * For HA operation.  Handle commands that come in from the other
12147 * controller.
12148 */
12149static void
12150ctl_handle_isc(union ctl_io *io)
12151{
12152	int free_io;
12153	struct ctl_lun *lun;
12154	struct ctl_softc *softc = control_softc;
12155	uint32_t targ_lun;
12156
12157	targ_lun = io->io_hdr.nexus.targ_mapped_lun;
12158	lun = softc->ctl_luns[targ_lun];
12159
12160	switch (io->io_hdr.msg_type) {
12161	case CTL_MSG_SERIALIZE:
12162		free_io = ctl_serialize_other_sc_cmd(&io->scsiio);
12163		break;
12164	case CTL_MSG_R2R: {
12165		const struct ctl_cmd_entry *entry;
12166
12167		/*
12168		 * This is only used in SER_ONLY mode.
12169		 */
12170		free_io = 0;
12171		entry = ctl_get_cmd_entry(&io->scsiio, NULL);
12172		mtx_lock(&lun->lun_lock);
12173		if (ctl_scsiio_lun_check(lun,
12174		    entry, (struct ctl_scsiio *)io) != 0) {
12175			mtx_unlock(&lun->lun_lock);
12176			ctl_done(io);
12177			break;
12178		}
12179		io->io_hdr.flags |= CTL_FLAG_IS_WAS_ON_RTR;
12180		mtx_unlock(&lun->lun_lock);
12181		ctl_enqueue_rtr(io);
12182		break;
12183	}
12184	case CTL_MSG_FINISH_IO:
12185		if (softc->ha_mode == CTL_HA_MODE_XFER) {
12186			free_io = 0;
12187			ctl_done(io);
12188		} else {
12189			free_io = 1;
12190			mtx_lock(&lun->lun_lock);
12191			TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr,
12192				     ooa_links);
12193			ctl_check_blocked(lun);
12194			mtx_unlock(&lun->lun_lock);
12195		}
12196		break;
12197	case CTL_MSG_PERS_ACTION:
12198		ctl_hndl_per_res_out_on_other_sc(
12199			(union ctl_ha_msg *)&io->presio.pr_msg);
12200		free_io = 1;
12201		break;
12202	case CTL_MSG_BAD_JUJU:
12203		free_io = 0;
12204		ctl_done(io);
12205		break;
12206	case CTL_MSG_DATAMOVE:
12207		/* Only used in XFER mode */
12208		free_io = 0;
12209		ctl_datamove_remote(io);
12210		break;
12211	case CTL_MSG_DATAMOVE_DONE:
12212		/* Only used in XFER mode */
12213		free_io = 0;
12214		io->scsiio.be_move_done(io);
12215		break;
12216	case CTL_MSG_FAILOVER:
12217		ctl_failover_lun(io);
12218		free_io = 1;
12219		break;
12220	default:
12221		free_io = 1;
12222		printf("%s: Invalid message type %d\n",
12223		       __func__, io->io_hdr.msg_type);
12224		break;
12225	}
12226	if (free_io)
12227		ctl_free_io(io);
12228
12229}
12230
12231
12232/*
12233 * Returns the match type in the case of a match, or CTL_LUN_PAT_NONE if
12234 * there is no match.
12235 */
12236static ctl_lun_error_pattern
12237ctl_cmd_pattern_match(struct ctl_scsiio *ctsio, struct ctl_error_desc *desc)
12238{
12239	const struct ctl_cmd_entry *entry;
12240	ctl_lun_error_pattern filtered_pattern, pattern;
12241
12242	pattern = desc->error_pattern;
12243
12244	/*
12245	 * XXX KDM we need more data passed into this function to match a
12246	 * custom pattern, and we actually need to implement custom pattern
12247	 * matching.
12248	 */
12249	if (pattern & CTL_LUN_PAT_CMD)
12250		return (CTL_LUN_PAT_CMD);
12251
12252	if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_ANY)
12253		return (CTL_LUN_PAT_ANY);
12254
12255	entry = ctl_get_cmd_entry(ctsio, NULL);
12256
12257	filtered_pattern = entry->pattern & pattern;
12258
12259	/*
12260	 * If the user requested specific flags in the pattern (e.g.
12261	 * CTL_LUN_PAT_RANGE), make sure the command supports all of those
12262	 * flags.
12263	 *
12264	 * If the user did not specify any flags, it doesn't matter whether
12265	 * or not the command supports the flags.
12266	 */
12267	if ((filtered_pattern & ~CTL_LUN_PAT_MASK) !=
12268	     (pattern & ~CTL_LUN_PAT_MASK))
12269		return (CTL_LUN_PAT_NONE);
12270
12271	/*
12272	 * If the user asked for a range check, see if the requested LBA
12273	 * range overlaps with this command's LBA range.
12274	 */
12275	if (filtered_pattern & CTL_LUN_PAT_RANGE) {
12276		uint64_t lba1;
12277		uint64_t len1;
12278		ctl_action action;
12279		int retval;
12280
12281		retval = ctl_get_lba_len((union ctl_io *)ctsio, &lba1, &len1);
12282		if (retval != 0)
12283			return (CTL_LUN_PAT_NONE);
12284
12285		action = ctl_extent_check_lba(lba1, len1, desc->lba_range.lba,
12286					      desc->lba_range.len, FALSE);
12287		/*
12288		 * A "pass" means that the LBA ranges don't overlap, so
12289		 * this doesn't match the user's range criteria.
12290		 */
12291		if (action == CTL_ACTION_PASS)
12292			return (CTL_LUN_PAT_NONE);
12293	}
12294
12295	return (filtered_pattern);
12296}
12297
12298static void
12299ctl_inject_error(struct ctl_lun *lun, union ctl_io *io)
12300{
12301	struct ctl_error_desc *desc, *desc2;
12302
12303	mtx_assert(&lun->lun_lock, MA_OWNED);
12304
12305	STAILQ_FOREACH_SAFE(desc, &lun->error_list, links, desc2) {
12306		ctl_lun_error_pattern pattern;
12307		/*
12308		 * Check to see whether this particular command matches
12309		 * the pattern in the descriptor.
12310		 */
12311		pattern = ctl_cmd_pattern_match(&io->scsiio, desc);
12312		if ((pattern & CTL_LUN_PAT_MASK) == CTL_LUN_PAT_NONE)
12313			continue;
12314
12315		switch (desc->lun_error & CTL_LUN_INJ_TYPE) {
12316		case CTL_LUN_INJ_ABORTED:
12317			ctl_set_aborted(&io->scsiio);
12318			break;
12319		case CTL_LUN_INJ_MEDIUM_ERR:
12320			ctl_set_medium_error(&io->scsiio,
12321			    (io->io_hdr.flags & CTL_FLAG_DATA_MASK) !=
12322			     CTL_FLAG_DATA_OUT);
12323			break;
12324		case CTL_LUN_INJ_UA:
12325			/* 29h/00h  POWER ON, RESET, OR BUS DEVICE RESET
12326			 * OCCURRED */
12327			ctl_set_ua(&io->scsiio, 0x29, 0x00);
12328			break;
12329		case CTL_LUN_INJ_CUSTOM:
12330			/*
12331			 * We're assuming the user knows what he is doing.
12332			 * Just copy the sense information without doing
12333			 * checks.
12334			 */
12335			bcopy(&desc->custom_sense, &io->scsiio.sense_data,
12336			      MIN(sizeof(desc->custom_sense),
12337				  sizeof(io->scsiio.sense_data)));
12338			io->scsiio.scsi_status = SCSI_STATUS_CHECK_COND;
12339			io->scsiio.sense_len = SSD_FULL_SIZE;
12340			io->io_hdr.status = CTL_SCSI_ERROR | CTL_AUTOSENSE;
12341			break;
12342		case CTL_LUN_INJ_NONE:
12343		default:
12344			/*
12345			 * If this is an error injection type we don't know
12346			 * about, clear the continuous flag (if it is set)
12347			 * so it will get deleted below.
12348			 */
12349			desc->lun_error &= ~CTL_LUN_INJ_CONTINUOUS;
12350			break;
12351		}
12352		/*
12353		 * By default, each error injection action is a one-shot
12354		 */
12355		if (desc->lun_error & CTL_LUN_INJ_CONTINUOUS)
12356			continue;
12357
12358		STAILQ_REMOVE(&lun->error_list, desc, ctl_error_desc, links);
12359
12360		free(desc, M_CTL);
12361	}
12362}
12363
12364#ifdef CTL_IO_DELAY
12365static void
12366ctl_datamove_timer_wakeup(void *arg)
12367{
12368	union ctl_io *io;
12369
12370	io = (union ctl_io *)arg;
12371
12372	ctl_datamove(io);
12373}
12374#endif /* CTL_IO_DELAY */
12375
12376void
12377ctl_datamove(union ctl_io *io)
12378{
12379	struct ctl_lun *lun;
12380	void (*fe_datamove)(union ctl_io *io);
12381
12382	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12383
12384	CTL_DEBUG_PRINT(("ctl_datamove\n"));
12385
12386	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12387#ifdef CTL_TIME_IO
12388	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12389		char str[256];
12390		char path_str[64];
12391		struct sbuf sb;
12392
12393		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12394		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12395
12396		sbuf_cat(&sb, path_str);
12397		switch (io->io_hdr.io_type) {
12398		case CTL_IO_SCSI:
12399			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12400			sbuf_printf(&sb, "\n");
12401			sbuf_cat(&sb, path_str);
12402			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12403				    io->scsiio.tag_num, io->scsiio.tag_type);
12404			break;
12405		case CTL_IO_TASK:
12406			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12407				    "Tag Type: %d\n", io->taskio.task_action,
12408				    io->taskio.tag_num, io->taskio.tag_type);
12409			break;
12410		default:
12411			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12412			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12413			break;
12414		}
12415		sbuf_cat(&sb, path_str);
12416		sbuf_printf(&sb, "ctl_datamove: %jd seconds\n",
12417			    (intmax_t)time_uptime - io->io_hdr.start_time);
12418		sbuf_finish(&sb);
12419		printf("%s", sbuf_data(&sb));
12420	}
12421#endif /* CTL_TIME_IO */
12422
12423#ifdef CTL_IO_DELAY
12424	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
12425		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
12426	} else {
12427		if ((lun != NULL)
12428		 && (lun->delay_info.datamove_delay > 0)) {
12429
12430			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
12431			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
12432			callout_reset(&io->io_hdr.delay_callout,
12433				      lun->delay_info.datamove_delay * hz,
12434				      ctl_datamove_timer_wakeup, io);
12435			if (lun->delay_info.datamove_type ==
12436			    CTL_DELAY_TYPE_ONESHOT)
12437				lun->delay_info.datamove_delay = 0;
12438			return;
12439		}
12440	}
12441#endif
12442
12443	/*
12444	 * This command has been aborted.  Set the port status, so we fail
12445	 * the data move.
12446	 */
12447	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12448		printf("ctl_datamove: tag 0x%04x on (%u:%u:%u) aborted\n",
12449		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12450		       io->io_hdr.nexus.targ_port,
12451		       io->io_hdr.nexus.targ_lun);
12452		io->io_hdr.port_status = 31337;
12453		/*
12454		 * Note that the backend, in this case, will get the
12455		 * callback in its context.  In other cases it may get
12456		 * called in the frontend's interrupt thread context.
12457		 */
12458		io->scsiio.be_move_done(io);
12459		return;
12460	}
12461
12462	/* Don't confuse frontend with zero length data move. */
12463	if (io->scsiio.kern_data_len == 0) {
12464		io->scsiio.be_move_done(io);
12465		return;
12466	}
12467
12468	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12469	fe_datamove(io);
12470}
12471
12472static void
12473ctl_send_datamove_done(union ctl_io *io, int have_lock)
12474{
12475	union ctl_ha_msg msg;
12476#ifdef CTL_TIME_IO
12477	struct bintime cur_bt;
12478#endif
12479
12480	memset(&msg, 0, sizeof(msg));
12481	msg.hdr.msg_type = CTL_MSG_DATAMOVE_DONE;
12482	msg.hdr.original_sc = io;
12483	msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
12484	msg.hdr.nexus = io->io_hdr.nexus;
12485	msg.hdr.status = io->io_hdr.status;
12486	msg.scsi.tag_num = io->scsiio.tag_num;
12487	msg.scsi.tag_type = io->scsiio.tag_type;
12488	msg.scsi.scsi_status = io->scsiio.scsi_status;
12489	memcpy(&msg.scsi.sense_data, &io->scsiio.sense_data,
12490	       io->scsiio.sense_len);
12491	msg.scsi.sense_len = io->scsiio.sense_len;
12492	msg.scsi.sense_residual = io->scsiio.sense_residual;
12493	msg.scsi.fetd_status = io->io_hdr.port_status;
12494	msg.scsi.residual = io->scsiio.residual;
12495	io->io_hdr.flags &= ~CTL_FLAG_IO_ACTIVE;
12496	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12497		ctl_failover_io(io, /*have_lock*/ have_lock);
12498		return;
12499	}
12500	ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
12501	    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data) +
12502	    msg.scsi.sense_len, M_WAITOK);
12503
12504#ifdef CTL_TIME_IO
12505	getbinuptime(&cur_bt);
12506	bintime_sub(&cur_bt, &io->io_hdr.dma_start_bt);
12507	bintime_add(&io->io_hdr.dma_bt, &cur_bt);
12508#endif
12509	io->io_hdr.num_dmas++;
12510}
12511
12512/*
12513 * The DMA to the remote side is done, now we need to tell the other side
12514 * we're done so it can continue with its data movement.
12515 */
12516static void
12517ctl_datamove_remote_write_cb(struct ctl_ha_dt_req *rq)
12518{
12519	union ctl_io *io;
12520	int i;
12521
12522	io = rq->context;
12523
12524	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12525		printf("%s: ISC DMA write failed with error %d", __func__,
12526		       rq->ret);
12527		ctl_set_internal_failure(&io->scsiio,
12528					 /*sks_valid*/ 1,
12529					 /*retry_count*/ rq->ret);
12530	}
12531
12532	ctl_dt_req_free(rq);
12533
12534	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12535		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12536	free(io->io_hdr.remote_sglist, M_CTL);
12537	io->io_hdr.remote_sglist = NULL;
12538	io->io_hdr.local_sglist = NULL;
12539
12540	/*
12541	 * The data is in local and remote memory, so now we need to send
12542	 * status (good or back) back to the other side.
12543	 */
12544	ctl_send_datamove_done(io, /*have_lock*/ 0);
12545}
12546
12547/*
12548 * We've moved the data from the host/controller into local memory.  Now we
12549 * need to push it over to the remote controller's memory.
12550 */
12551static int
12552ctl_datamove_remote_dm_write_cb(union ctl_io *io)
12553{
12554	int retval;
12555
12556	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_WRITE,
12557					  ctl_datamove_remote_write_cb);
12558	return (retval);
12559}
12560
12561static void
12562ctl_datamove_remote_write(union ctl_io *io)
12563{
12564	int retval;
12565	void (*fe_datamove)(union ctl_io *io);
12566
12567	/*
12568	 * - Get the data from the host/HBA into local memory.
12569	 * - DMA memory from the local controller to the remote controller.
12570	 * - Send status back to the remote controller.
12571	 */
12572
12573	retval = ctl_datamove_remote_sgl_setup(io);
12574	if (retval != 0)
12575		return;
12576
12577	/* Switch the pointer over so the FETD knows what to do */
12578	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12579
12580	/*
12581	 * Use a custom move done callback, since we need to send completion
12582	 * back to the other controller, not to the backend on this side.
12583	 */
12584	io->scsiio.be_move_done = ctl_datamove_remote_dm_write_cb;
12585
12586	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12587	fe_datamove(io);
12588}
12589
12590static int
12591ctl_datamove_remote_dm_read_cb(union ctl_io *io)
12592{
12593#if 0
12594	char str[256];
12595	char path_str[64];
12596	struct sbuf sb;
12597#endif
12598	int i;
12599
12600	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12601		free(io->io_hdr.local_sglist[i].addr, M_CTL);
12602	free(io->io_hdr.remote_sglist, M_CTL);
12603	io->io_hdr.remote_sglist = NULL;
12604	io->io_hdr.local_sglist = NULL;
12605
12606#if 0
12607	scsi_path_string(io, path_str, sizeof(path_str));
12608	sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12609	sbuf_cat(&sb, path_str);
12610	scsi_command_string(&io->scsiio, NULL, &sb);
12611	sbuf_printf(&sb, "\n");
12612	sbuf_cat(&sb, path_str);
12613	sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12614		    io->scsiio.tag_num, io->scsiio.tag_type);
12615	sbuf_cat(&sb, path_str);
12616	sbuf_printf(&sb, "%s: flags %#x, status %#x\n", __func__,
12617		    io->io_hdr.flags, io->io_hdr.status);
12618	sbuf_finish(&sb);
12619	printk("%s", sbuf_data(&sb));
12620#endif
12621
12622
12623	/*
12624	 * The read is done, now we need to send status (good or bad) back
12625	 * to the other side.
12626	 */
12627	ctl_send_datamove_done(io, /*have_lock*/ 0);
12628
12629	return (0);
12630}
12631
12632static void
12633ctl_datamove_remote_read_cb(struct ctl_ha_dt_req *rq)
12634{
12635	union ctl_io *io;
12636	void (*fe_datamove)(union ctl_io *io);
12637
12638	io = rq->context;
12639
12640	if (rq->ret != CTL_HA_STATUS_SUCCESS) {
12641		printf("%s: ISC DMA read failed with error %d\n", __func__,
12642		       rq->ret);
12643		ctl_set_internal_failure(&io->scsiio,
12644					 /*sks_valid*/ 1,
12645					 /*retry_count*/ rq->ret);
12646	}
12647
12648	ctl_dt_req_free(rq);
12649
12650	/* Switch the pointer over so the FETD knows what to do */
12651	io->scsiio.kern_data_ptr = (uint8_t *)io->io_hdr.local_sglist;
12652
12653	/*
12654	 * Use a custom move done callback, since we need to send completion
12655	 * back to the other controller, not to the backend on this side.
12656	 */
12657	io->scsiio.be_move_done = ctl_datamove_remote_dm_read_cb;
12658
12659	/* XXX KDM add checks like the ones in ctl_datamove? */
12660
12661	fe_datamove = ctl_io_port(&io->io_hdr)->fe_datamove;
12662	fe_datamove(io);
12663}
12664
12665static int
12666ctl_datamove_remote_sgl_setup(union ctl_io *io)
12667{
12668	struct ctl_sg_entry *local_sglist;
12669	uint32_t len_to_go;
12670	int retval;
12671	int i;
12672
12673	retval = 0;
12674	local_sglist = io->io_hdr.local_sglist;
12675	len_to_go = io->scsiio.kern_data_len;
12676
12677	/*
12678	 * The difficult thing here is that the size of the various
12679	 * S/G segments may be different than the size from the
12680	 * remote controller.  That'll make it harder when DMAing
12681	 * the data back to the other side.
12682	 */
12683	for (i = 0; len_to_go > 0; i++) {
12684		local_sglist[i].len = MIN(len_to_go, CTL_HA_DATAMOVE_SEGMENT);
12685		local_sglist[i].addr =
12686		    malloc(local_sglist[i].len, M_CTL, M_WAITOK);
12687
12688		len_to_go -= local_sglist[i].len;
12689	}
12690	/*
12691	 * Reset the number of S/G entries accordingly.  The original
12692	 * number of S/G entries is available in rem_sg_entries.
12693	 */
12694	io->scsiio.kern_sg_entries = i;
12695
12696#if 0
12697	printf("%s: kern_sg_entries = %d\n", __func__,
12698	       io->scsiio.kern_sg_entries);
12699	for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12700		printf("%s: sg[%d] = %p, %lu\n", __func__, i,
12701		       local_sglist[i].addr, local_sglist[i].len);
12702#endif
12703
12704	return (retval);
12705}
12706
12707static int
12708ctl_datamove_remote_xfer(union ctl_io *io, unsigned command,
12709			 ctl_ha_dt_cb callback)
12710{
12711	struct ctl_ha_dt_req *rq;
12712	struct ctl_sg_entry *remote_sglist, *local_sglist;
12713	uint32_t local_used, remote_used, total_used;
12714	int i, j, isc_ret;
12715
12716	rq = ctl_dt_req_alloc();
12717
12718	/*
12719	 * If we failed to allocate the request, and if the DMA didn't fail
12720	 * anyway, set busy status.  This is just a resource allocation
12721	 * failure.
12722	 */
12723	if ((rq == NULL)
12724	 && ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12725	     (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS))
12726		ctl_set_busy(&io->scsiio);
12727
12728	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE &&
12729	    (io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS) {
12730
12731		if (rq != NULL)
12732			ctl_dt_req_free(rq);
12733
12734		/*
12735		 * The data move failed.  We need to return status back
12736		 * to the other controller.  No point in trying to DMA
12737		 * data to the remote controller.
12738		 */
12739
12740		ctl_send_datamove_done(io, /*have_lock*/ 0);
12741
12742		return (1);
12743	}
12744
12745	local_sglist = io->io_hdr.local_sglist;
12746	remote_sglist = io->io_hdr.remote_sglist;
12747	local_used = 0;
12748	remote_used = 0;
12749	total_used = 0;
12750
12751	/*
12752	 * Pull/push the data over the wire from/to the other controller.
12753	 * This takes into account the possibility that the local and
12754	 * remote sglists may not be identical in terms of the size of
12755	 * the elements and the number of elements.
12756	 *
12757	 * One fundamental assumption here is that the length allocated for
12758	 * both the local and remote sglists is identical.  Otherwise, we've
12759	 * essentially got a coding error of some sort.
12760	 */
12761	isc_ret = CTL_HA_STATUS_SUCCESS;
12762	for (i = 0, j = 0; total_used < io->scsiio.kern_data_len; ) {
12763		uint32_t cur_len;
12764		uint8_t *tmp_ptr;
12765
12766		rq->command = command;
12767		rq->context = io;
12768
12769		/*
12770		 * Both pointers should be aligned.  But it is possible
12771		 * that the allocation length is not.  They should both
12772		 * also have enough slack left over at the end, though,
12773		 * to round up to the next 8 byte boundary.
12774		 */
12775		cur_len = MIN(local_sglist[i].len - local_used,
12776			      remote_sglist[j].len - remote_used);
12777		rq->size = cur_len;
12778
12779		tmp_ptr = (uint8_t *)local_sglist[i].addr;
12780		tmp_ptr += local_used;
12781
12782#if 0
12783		/* Use physical addresses when talking to ISC hardware */
12784		if ((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0) {
12785			/* XXX KDM use busdma */
12786			rq->local = vtophys(tmp_ptr);
12787		} else
12788			rq->local = tmp_ptr;
12789#else
12790		KASSERT((io->io_hdr.flags & CTL_FLAG_BUS_ADDR) == 0,
12791		    ("HA does not support BUS_ADDR"));
12792		rq->local = tmp_ptr;
12793#endif
12794
12795		tmp_ptr = (uint8_t *)remote_sglist[j].addr;
12796		tmp_ptr += remote_used;
12797		rq->remote = tmp_ptr;
12798
12799		rq->callback = NULL;
12800
12801		local_used += cur_len;
12802		if (local_used >= local_sglist[i].len) {
12803			i++;
12804			local_used = 0;
12805		}
12806
12807		remote_used += cur_len;
12808		if (remote_used >= remote_sglist[j].len) {
12809			j++;
12810			remote_used = 0;
12811		}
12812		total_used += cur_len;
12813
12814		if (total_used >= io->scsiio.kern_data_len)
12815			rq->callback = callback;
12816
12817#if 0
12818		printf("%s: %s: local %p remote %p size %d\n", __func__,
12819		       (command == CTL_HA_DT_CMD_WRITE) ? "WRITE" : "READ",
12820		       rq->local, rq->remote, rq->size);
12821#endif
12822
12823		isc_ret = ctl_dt_single(rq);
12824		if (isc_ret > CTL_HA_STATUS_SUCCESS)
12825			break;
12826	}
12827	if (isc_ret != CTL_HA_STATUS_WAIT) {
12828		rq->ret = isc_ret;
12829		callback(rq);
12830	}
12831
12832	return (0);
12833}
12834
12835static void
12836ctl_datamove_remote_read(union ctl_io *io)
12837{
12838	int retval;
12839	int i;
12840
12841	/*
12842	 * This will send an error to the other controller in the case of a
12843	 * failure.
12844	 */
12845	retval = ctl_datamove_remote_sgl_setup(io);
12846	if (retval != 0)
12847		return;
12848
12849	retval = ctl_datamove_remote_xfer(io, CTL_HA_DT_CMD_READ,
12850					  ctl_datamove_remote_read_cb);
12851	if (retval != 0) {
12852		/*
12853		 * Make sure we free memory if there was an error..  The
12854		 * ctl_datamove_remote_xfer() function will send the
12855		 * datamove done message, or call the callback with an
12856		 * error if there is a problem.
12857		 */
12858		for (i = 0; i < io->scsiio.kern_sg_entries; i++)
12859			free(io->io_hdr.local_sglist[i].addr, M_CTL);
12860		free(io->io_hdr.remote_sglist, M_CTL);
12861		io->io_hdr.remote_sglist = NULL;
12862		io->io_hdr.local_sglist = NULL;
12863	}
12864}
12865
12866/*
12867 * Process a datamove request from the other controller.  This is used for
12868 * XFER mode only, not SER_ONLY mode.  For writes, we DMA into local memory
12869 * first.  Once that is complete, the data gets DMAed into the remote
12870 * controller's memory.  For reads, we DMA from the remote controller's
12871 * memory into our memory first, and then move it out to the FETD.
12872 */
12873static void
12874ctl_datamove_remote(union ctl_io *io)
12875{
12876
12877	mtx_assert(&control_softc->ctl_lock, MA_NOTOWNED);
12878
12879	if (io->io_hdr.flags & CTL_FLAG_FAILOVER) {
12880		ctl_failover_io(io, /*have_lock*/ 0);
12881		return;
12882	}
12883
12884	/*
12885	 * Note that we look for an aborted I/O here, but don't do some of
12886	 * the other checks that ctl_datamove() normally does.
12887	 * We don't need to run the datamove delay code, since that should
12888	 * have been done if need be on the other controller.
12889	 */
12890	if (io->io_hdr.flags & CTL_FLAG_ABORT) {
12891		printf("%s: tag 0x%04x on (%u:%u:%u) aborted\n", __func__,
12892		       io->scsiio.tag_num, io->io_hdr.nexus.initid,
12893		       io->io_hdr.nexus.targ_port,
12894		       io->io_hdr.nexus.targ_lun);
12895		io->io_hdr.port_status = 31338;
12896		ctl_send_datamove_done(io, /*have_lock*/ 0);
12897		return;
12898	}
12899
12900	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_OUT)
12901		ctl_datamove_remote_write(io);
12902	else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
12903		ctl_datamove_remote_read(io);
12904	else {
12905		io->io_hdr.port_status = 31339;
12906		ctl_send_datamove_done(io, /*have_lock*/ 0);
12907	}
12908}
12909
12910static void
12911ctl_process_done(union ctl_io *io)
12912{
12913	struct ctl_lun *lun;
12914	struct ctl_softc *softc = control_softc;
12915	void (*fe_done)(union ctl_io *io);
12916	union ctl_ha_msg msg;
12917	uint32_t targ_port = io->io_hdr.nexus.targ_port;
12918
12919	CTL_DEBUG_PRINT(("ctl_process_done\n"));
12920	fe_done = softc->ctl_ports[targ_port]->fe_done;
12921
12922#ifdef CTL_TIME_IO
12923	if ((time_uptime - io->io_hdr.start_time) > ctl_time_io_secs) {
12924		char str[256];
12925		char path_str[64];
12926		struct sbuf sb;
12927
12928		ctl_scsi_path_string(io, path_str, sizeof(path_str));
12929		sbuf_new(&sb, str, sizeof(str), SBUF_FIXEDLEN);
12930
12931		sbuf_cat(&sb, path_str);
12932		switch (io->io_hdr.io_type) {
12933		case CTL_IO_SCSI:
12934			ctl_scsi_command_string(&io->scsiio, NULL, &sb);
12935			sbuf_printf(&sb, "\n");
12936			sbuf_cat(&sb, path_str);
12937			sbuf_printf(&sb, "Tag: 0x%04x, type %d\n",
12938				    io->scsiio.tag_num, io->scsiio.tag_type);
12939			break;
12940		case CTL_IO_TASK:
12941			sbuf_printf(&sb, "Task I/O type: %d, Tag: 0x%04x, "
12942				    "Tag Type: %d\n", io->taskio.task_action,
12943				    io->taskio.tag_num, io->taskio.tag_type);
12944			break;
12945		default:
12946			printf("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12947			panic("Invalid CTL I/O type %d\n", io->io_hdr.io_type);
12948			break;
12949		}
12950		sbuf_cat(&sb, path_str);
12951		sbuf_printf(&sb, "ctl_process_done: %jd seconds\n",
12952			    (intmax_t)time_uptime - io->io_hdr.start_time);
12953		sbuf_finish(&sb);
12954		printf("%s", sbuf_data(&sb));
12955	}
12956#endif /* CTL_TIME_IO */
12957
12958	switch (io->io_hdr.io_type) {
12959	case CTL_IO_SCSI:
12960		break;
12961	case CTL_IO_TASK:
12962		if (ctl_debug & CTL_DEBUG_INFO)
12963			ctl_io_error_print(io, NULL);
12964		fe_done(io);
12965		return;
12966	default:
12967		panic("ctl_process_done: invalid io type %d\n",
12968		      io->io_hdr.io_type);
12969		break; /* NOTREACHED */
12970	}
12971
12972	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
12973	if (lun == NULL) {
12974		CTL_DEBUG_PRINT(("NULL LUN for lun %d\n",
12975				 io->io_hdr.nexus.targ_mapped_lun));
12976		goto bailout;
12977	}
12978
12979	mtx_lock(&lun->lun_lock);
12980
12981	/*
12982	 * Check to see if we have any errors to inject here.  We only
12983	 * inject errors for commands that don't already have errors set.
12984	 */
12985	if ((STAILQ_FIRST(&lun->error_list) != NULL) &&
12986	    ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS) &&
12987	    ((io->io_hdr.flags & CTL_FLAG_STATUS_SENT) == 0))
12988		ctl_inject_error(lun, io);
12989
12990	/*
12991	 * XXX KDM how do we treat commands that aren't completed
12992	 * successfully?
12993	 *
12994	 * XXX KDM should we also track I/O latency?
12995	 */
12996	if ((io->io_hdr.status & CTL_STATUS_MASK) == CTL_SUCCESS &&
12997	    io->io_hdr.io_type == CTL_IO_SCSI) {
12998#ifdef CTL_TIME_IO
12999		struct bintime cur_bt;
13000#endif
13001		int type;
13002
13003		if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13004		    CTL_FLAG_DATA_IN)
13005			type = CTL_STATS_READ;
13006		else if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) ==
13007		    CTL_FLAG_DATA_OUT)
13008			type = CTL_STATS_WRITE;
13009		else
13010			type = CTL_STATS_NO_IO;
13011
13012		lun->stats.ports[targ_port].bytes[type] +=
13013		    io->scsiio.kern_total_len;
13014		lun->stats.ports[targ_port].operations[type]++;
13015#ifdef CTL_TIME_IO
13016		bintime_add(&lun->stats.ports[targ_port].dma_time[type],
13017		   &io->io_hdr.dma_bt);
13018		getbinuptime(&cur_bt);
13019		bintime_sub(&cur_bt, &io->io_hdr.start_bt);
13020		bintime_add(&lun->stats.ports[targ_port].time[type], &cur_bt);
13021#endif
13022		lun->stats.ports[targ_port].num_dmas[type] +=
13023		    io->io_hdr.num_dmas;
13024	}
13025
13026	/*
13027	 * Remove this from the OOA queue.
13028	 */
13029	TAILQ_REMOVE(&lun->ooa_queue, &io->io_hdr, ooa_links);
13030#ifdef CTL_TIME_IO
13031	if (TAILQ_EMPTY(&lun->ooa_queue))
13032		lun->last_busy = getsbinuptime();
13033#endif
13034
13035	/*
13036	 * Run through the blocked queue on this LUN and see if anything
13037	 * has become unblocked, now that this transaction is done.
13038	 */
13039	ctl_check_blocked(lun);
13040
13041	/*
13042	 * If the LUN has been invalidated, free it if there is nothing
13043	 * left on its OOA queue.
13044	 */
13045	if ((lun->flags & CTL_LUN_INVALID)
13046	 && TAILQ_EMPTY(&lun->ooa_queue)) {
13047		mtx_unlock(&lun->lun_lock);
13048		mtx_lock(&softc->ctl_lock);
13049		ctl_free_lun(lun);
13050		mtx_unlock(&softc->ctl_lock);
13051	} else
13052		mtx_unlock(&lun->lun_lock);
13053
13054bailout:
13055
13056	/*
13057	 * If this command has been aborted, make sure we set the status
13058	 * properly.  The FETD is responsible for freeing the I/O and doing
13059	 * whatever it needs to do to clean up its state.
13060	 */
13061	if (io->io_hdr.flags & CTL_FLAG_ABORT)
13062		ctl_set_task_aborted(&io->scsiio);
13063
13064	/*
13065	 * If enabled, print command error status.
13066	 */
13067	if ((io->io_hdr.status & CTL_STATUS_MASK) != CTL_SUCCESS &&
13068	    (ctl_debug & CTL_DEBUG_INFO) != 0)
13069		ctl_io_error_print(io, NULL);
13070
13071	/*
13072	 * Tell the FETD or the other shelf controller we're done with this
13073	 * command.  Note that only SCSI commands get to this point.  Task
13074	 * management commands are completed above.
13075	 */
13076	if ((softc->ha_mode != CTL_HA_MODE_XFER) &&
13077	    (io->io_hdr.flags & CTL_FLAG_SENT_2OTHER_SC)) {
13078		memset(&msg, 0, sizeof(msg));
13079		msg.hdr.msg_type = CTL_MSG_FINISH_IO;
13080		msg.hdr.serializing_sc = io->io_hdr.serializing_sc;
13081		msg.hdr.nexus = io->io_hdr.nexus;
13082		ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13083		    sizeof(msg.scsi) - sizeof(msg.scsi.sense_data),
13084		    M_WAITOK);
13085	}
13086
13087	fe_done(io);
13088}
13089
13090#ifdef CTL_WITH_CA
13091/*
13092 * Front end should call this if it doesn't do autosense.  When the request
13093 * sense comes back in from the initiator, we'll dequeue this and send it.
13094 */
13095int
13096ctl_queue_sense(union ctl_io *io)
13097{
13098	struct ctl_lun *lun;
13099	struct ctl_port *port;
13100	struct ctl_softc *softc;
13101	uint32_t initidx, targ_lun;
13102
13103	softc = control_softc;
13104
13105	CTL_DEBUG_PRINT(("ctl_queue_sense\n"));
13106
13107	/*
13108	 * LUN lookup will likely move to the ctl_work_thread() once we
13109	 * have our new queueing infrastructure (that doesn't put things on
13110	 * a per-LUN queue initially).  That is so that we can handle
13111	 * things like an INQUIRY to a LUN that we don't have enabled.  We
13112	 * can't deal with that right now.
13113	 */
13114	mtx_lock(&softc->ctl_lock);
13115
13116	/*
13117	 * If we don't have a LUN for this, just toss the sense
13118	 * information.
13119	 */
13120	port = ctl_io_port(&ctsio->io_hdr);
13121	targ_lun = ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13122	if ((targ_lun < CTL_MAX_LUNS)
13123	 && (softc->ctl_luns[targ_lun] != NULL))
13124		lun = softc->ctl_luns[targ_lun];
13125	else
13126		goto bailout;
13127
13128	initidx = ctl_get_initindex(&io->io_hdr.nexus);
13129
13130	mtx_lock(&lun->lun_lock);
13131	/*
13132	 * Already have CA set for this LUN...toss the sense information.
13133	 */
13134	if (ctl_is_set(lun->have_ca, initidx)) {
13135		mtx_unlock(&lun->lun_lock);
13136		goto bailout;
13137	}
13138
13139	memcpy(&lun->pending_sense[initidx], &io->scsiio.sense_data,
13140	       MIN(sizeof(lun->pending_sense[initidx]),
13141	       sizeof(io->scsiio.sense_data)));
13142	ctl_set_mask(lun->have_ca, initidx);
13143	mtx_unlock(&lun->lun_lock);
13144
13145bailout:
13146	mtx_unlock(&softc->ctl_lock);
13147
13148	ctl_free_io(io);
13149
13150	return (CTL_RETVAL_COMPLETE);
13151}
13152#endif
13153
13154/*
13155 * Primary command inlet from frontend ports.  All SCSI and task I/O
13156 * requests must go through this function.
13157 */
13158int
13159ctl_queue(union ctl_io *io)
13160{
13161	struct ctl_port *port;
13162
13163	CTL_DEBUG_PRINT(("ctl_queue cdb[0]=%02X\n", io->scsiio.cdb[0]));
13164
13165#ifdef CTL_TIME_IO
13166	io->io_hdr.start_time = time_uptime;
13167	getbinuptime(&io->io_hdr.start_bt);
13168#endif /* CTL_TIME_IO */
13169
13170	/* Map FE-specific LUN ID into global one. */
13171	port = ctl_io_port(&io->io_hdr);
13172	io->io_hdr.nexus.targ_mapped_lun =
13173	    ctl_lun_map_from_port(port, io->io_hdr.nexus.targ_lun);
13174
13175	switch (io->io_hdr.io_type) {
13176	case CTL_IO_SCSI:
13177	case CTL_IO_TASK:
13178		if (ctl_debug & CTL_DEBUG_CDB)
13179			ctl_io_print(io);
13180		ctl_enqueue_incoming(io);
13181		break;
13182	default:
13183		printf("ctl_queue: unknown I/O type %d\n", io->io_hdr.io_type);
13184		return (EINVAL);
13185	}
13186
13187	return (CTL_RETVAL_COMPLETE);
13188}
13189
13190#ifdef CTL_IO_DELAY
13191static void
13192ctl_done_timer_wakeup(void *arg)
13193{
13194	union ctl_io *io;
13195
13196	io = (union ctl_io *)arg;
13197	ctl_done(io);
13198}
13199#endif /* CTL_IO_DELAY */
13200
13201void
13202ctl_serseq_done(union ctl_io *io)
13203{
13204	struct ctl_lun *lun;
13205
13206	lun = (struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13207	if (lun->be_lun == NULL ||
13208	    lun->be_lun->serseq == CTL_LUN_SERSEQ_OFF)
13209		return;
13210	mtx_lock(&lun->lun_lock);
13211	io->io_hdr.flags |= CTL_FLAG_SERSEQ_DONE;
13212	ctl_check_blocked(lun);
13213	mtx_unlock(&lun->lun_lock);
13214}
13215
13216void
13217ctl_done(union ctl_io *io)
13218{
13219
13220	/*
13221	 * Enable this to catch duplicate completion issues.
13222	 */
13223#if 0
13224	if (io->io_hdr.flags & CTL_FLAG_ALREADY_DONE) {
13225		printf("%s: type %d msg %d cdb %x iptl: "
13226		       "%u:%u:%u tag 0x%04x "
13227		       "flag %#x status %x\n",
13228			__func__,
13229			io->io_hdr.io_type,
13230			io->io_hdr.msg_type,
13231			io->scsiio.cdb[0],
13232			io->io_hdr.nexus.initid,
13233			io->io_hdr.nexus.targ_port,
13234			io->io_hdr.nexus.targ_lun,
13235			(io->io_hdr.io_type ==
13236			CTL_IO_TASK) ?
13237			io->taskio.tag_num :
13238			io->scsiio.tag_num,
13239		        io->io_hdr.flags,
13240			io->io_hdr.status);
13241	} else
13242		io->io_hdr.flags |= CTL_FLAG_ALREADY_DONE;
13243#endif
13244
13245	/*
13246	 * This is an internal copy of an I/O, and should not go through
13247	 * the normal done processing logic.
13248	 */
13249	if (io->io_hdr.flags & CTL_FLAG_INT_COPY)
13250		return;
13251
13252#ifdef CTL_IO_DELAY
13253	if (io->io_hdr.flags & CTL_FLAG_DELAY_DONE) {
13254		struct ctl_lun *lun;
13255
13256		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13257
13258		io->io_hdr.flags &= ~CTL_FLAG_DELAY_DONE;
13259	} else {
13260		struct ctl_lun *lun;
13261
13262		lun =(struct ctl_lun *)io->io_hdr.ctl_private[CTL_PRIV_LUN].ptr;
13263
13264		if ((lun != NULL)
13265		 && (lun->delay_info.done_delay > 0)) {
13266
13267			callout_init(&io->io_hdr.delay_callout, /*mpsafe*/ 1);
13268			io->io_hdr.flags |= CTL_FLAG_DELAY_DONE;
13269			callout_reset(&io->io_hdr.delay_callout,
13270				      lun->delay_info.done_delay * hz,
13271				      ctl_done_timer_wakeup, io);
13272			if (lun->delay_info.done_type == CTL_DELAY_TYPE_ONESHOT)
13273				lun->delay_info.done_delay = 0;
13274			return;
13275		}
13276	}
13277#endif /* CTL_IO_DELAY */
13278
13279	ctl_enqueue_done(io);
13280}
13281
13282static void
13283ctl_work_thread(void *arg)
13284{
13285	struct ctl_thread *thr = (struct ctl_thread *)arg;
13286	struct ctl_softc *softc = thr->ctl_softc;
13287	union ctl_io *io;
13288	int retval;
13289
13290	CTL_DEBUG_PRINT(("ctl_work_thread starting\n"));
13291
13292	for (;;) {
13293		/*
13294		 * We handle the queues in this order:
13295		 * - ISC
13296		 * - done queue (to free up resources, unblock other commands)
13297		 * - RtR queue
13298		 * - incoming queue
13299		 *
13300		 * If those queues are empty, we break out of the loop and
13301		 * go to sleep.
13302		 */
13303		mtx_lock(&thr->queue_lock);
13304		io = (union ctl_io *)STAILQ_FIRST(&thr->isc_queue);
13305		if (io != NULL) {
13306			STAILQ_REMOVE_HEAD(&thr->isc_queue, links);
13307			mtx_unlock(&thr->queue_lock);
13308			ctl_handle_isc(io);
13309			continue;
13310		}
13311		io = (union ctl_io *)STAILQ_FIRST(&thr->done_queue);
13312		if (io != NULL) {
13313			STAILQ_REMOVE_HEAD(&thr->done_queue, links);
13314			/* clear any blocked commands, call fe_done */
13315			mtx_unlock(&thr->queue_lock);
13316			ctl_process_done(io);
13317			continue;
13318		}
13319		io = (union ctl_io *)STAILQ_FIRST(&thr->incoming_queue);
13320		if (io != NULL) {
13321			STAILQ_REMOVE_HEAD(&thr->incoming_queue, links);
13322			mtx_unlock(&thr->queue_lock);
13323			if (io->io_hdr.io_type == CTL_IO_TASK)
13324				ctl_run_task(io);
13325			else
13326				ctl_scsiio_precheck(softc, &io->scsiio);
13327			continue;
13328		}
13329		io = (union ctl_io *)STAILQ_FIRST(&thr->rtr_queue);
13330		if (io != NULL) {
13331			STAILQ_REMOVE_HEAD(&thr->rtr_queue, links);
13332			mtx_unlock(&thr->queue_lock);
13333			retval = ctl_scsiio(&io->scsiio);
13334			if (retval != CTL_RETVAL_COMPLETE)
13335				CTL_DEBUG_PRINT(("ctl_scsiio failed\n"));
13336			continue;
13337		}
13338
13339		/* Sleep until we have something to do. */
13340		mtx_sleep(thr, &thr->queue_lock, PDROP | PRIBIO, "-", 0);
13341	}
13342}
13343
13344static void
13345ctl_lun_thread(void *arg)
13346{
13347	struct ctl_softc *softc = (struct ctl_softc *)arg;
13348	struct ctl_be_lun *be_lun;
13349
13350	CTL_DEBUG_PRINT(("ctl_lun_thread starting\n"));
13351
13352	for (;;) {
13353		mtx_lock(&softc->ctl_lock);
13354		be_lun = STAILQ_FIRST(&softc->pending_lun_queue);
13355		if (be_lun != NULL) {
13356			STAILQ_REMOVE_HEAD(&softc->pending_lun_queue, links);
13357			mtx_unlock(&softc->ctl_lock);
13358			ctl_create_lun(be_lun);
13359			continue;
13360		}
13361
13362		/* Sleep until we have something to do. */
13363		mtx_sleep(&softc->pending_lun_queue, &softc->ctl_lock,
13364		    PDROP | PRIBIO, "-", 0);
13365	}
13366}
13367
13368static void
13369ctl_thresh_thread(void *arg)
13370{
13371	struct ctl_softc *softc = (struct ctl_softc *)arg;
13372	struct ctl_lun *lun;
13373	struct scsi_da_rw_recovery_page *rwpage;
13374	struct ctl_logical_block_provisioning_page *page;
13375	const char *attr;
13376	union ctl_ha_msg msg;
13377	uint64_t thres, val;
13378	int i, e, set;
13379
13380	CTL_DEBUG_PRINT(("ctl_thresh_thread starting\n"));
13381
13382	for (;;) {
13383		mtx_lock(&softc->ctl_lock);
13384		STAILQ_FOREACH(lun, &softc->lun_list, links) {
13385			if ((lun->flags & CTL_LUN_DISABLED) ||
13386			    (lun->flags & CTL_LUN_OFFLINE) ||
13387			    lun->backend->lun_attr == NULL)
13388				continue;
13389			if ((lun->flags & CTL_LUN_PRIMARY_SC) == 0 &&
13390			    softc->ha_mode == CTL_HA_MODE_XFER)
13391				continue;
13392			rwpage = &lun->mode_pages.rw_er_page[CTL_PAGE_CURRENT];
13393			if ((rwpage->byte8 & SMS_RWER_LBPERE) == 0)
13394				continue;
13395			e = 0;
13396			page = &lun->mode_pages.lbp_page[CTL_PAGE_CURRENT];
13397			for (i = 0; i < CTL_NUM_LBP_THRESH; i++) {
13398				if ((page->descr[i].flags & SLBPPD_ENABLED) == 0)
13399					continue;
13400				thres = scsi_4btoul(page->descr[i].count);
13401				thres <<= CTL_LBP_EXPONENT;
13402				switch (page->descr[i].resource) {
13403				case 0x01:
13404					attr = "blocksavail";
13405					break;
13406				case 0x02:
13407					attr = "blocksused";
13408					break;
13409				case 0xf1:
13410					attr = "poolblocksavail";
13411					break;
13412				case 0xf2:
13413					attr = "poolblocksused";
13414					break;
13415				default:
13416					continue;
13417				}
13418				mtx_unlock(&softc->ctl_lock); // XXX
13419				val = lun->backend->lun_attr(
13420				    lun->be_lun->be_lun, attr);
13421				mtx_lock(&softc->ctl_lock);
13422				if (val == UINT64_MAX)
13423					continue;
13424				if ((page->descr[i].flags & SLBPPD_ARMING_MASK)
13425				    == SLBPPD_ARMING_INC)
13426					e = (val >= thres);
13427				else
13428					e = (val <= thres);
13429				if (e)
13430					break;
13431			}
13432			mtx_lock(&lun->lun_lock);
13433			if (e) {
13434				scsi_u64to8b((uint8_t *)&page->descr[i] -
13435				    (uint8_t *)page, lun->ua_tpt_info);
13436				if (lun->lasttpt == 0 ||
13437				    time_uptime - lun->lasttpt >= CTL_LBP_UA_PERIOD) {
13438					lun->lasttpt = time_uptime;
13439					ctl_est_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13440					set = 1;
13441				} else
13442					set = 0;
13443			} else {
13444				lun->lasttpt = 0;
13445				ctl_clr_ua_all(lun, -1, CTL_UA_THIN_PROV_THRES);
13446				set = -1;
13447			}
13448			mtx_unlock(&lun->lun_lock);
13449			if (set != 0 &&
13450			    lun->ctl_softc->ha_mode == CTL_HA_MODE_XFER) {
13451				/* Send msg to other side. */
13452				bzero(&msg.ua, sizeof(msg.ua));
13453				msg.hdr.msg_type = CTL_MSG_UA;
13454				msg.hdr.nexus.initid = -1;
13455				msg.hdr.nexus.targ_port = -1;
13456				msg.hdr.nexus.targ_lun = lun->lun;
13457				msg.hdr.nexus.targ_mapped_lun = lun->lun;
13458				msg.ua.ua_all = 1;
13459				msg.ua.ua_set = (set > 0);
13460				msg.ua.ua_type = CTL_UA_THIN_PROV_THRES;
13461				memcpy(msg.ua.ua_info, lun->ua_tpt_info, 8);
13462				mtx_unlock(&softc->ctl_lock); // XXX
13463				ctl_ha_msg_send(CTL_HA_CHAN_CTL, &msg,
13464				    sizeof(msg.ua), M_WAITOK);
13465				mtx_lock(&softc->ctl_lock);
13466			}
13467		}
13468		mtx_unlock(&softc->ctl_lock);
13469		pause("-", CTL_LBP_PERIOD * hz);
13470	}
13471}
13472
13473static void
13474ctl_enqueue_incoming(union ctl_io *io)
13475{
13476	struct ctl_softc *softc = control_softc;
13477	struct ctl_thread *thr;
13478	u_int idx;
13479
13480	idx = (io->io_hdr.nexus.targ_port * 127 +
13481	       io->io_hdr.nexus.initid) % worker_threads;
13482	thr = &softc->threads[idx];
13483	mtx_lock(&thr->queue_lock);
13484	STAILQ_INSERT_TAIL(&thr->incoming_queue, &io->io_hdr, links);
13485	mtx_unlock(&thr->queue_lock);
13486	wakeup(thr);
13487}
13488
13489static void
13490ctl_enqueue_rtr(union ctl_io *io)
13491{
13492	struct ctl_softc *softc = control_softc;
13493	struct ctl_thread *thr;
13494
13495	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13496	mtx_lock(&thr->queue_lock);
13497	STAILQ_INSERT_TAIL(&thr->rtr_queue, &io->io_hdr, links);
13498	mtx_unlock(&thr->queue_lock);
13499	wakeup(thr);
13500}
13501
13502static void
13503ctl_enqueue_done(union ctl_io *io)
13504{
13505	struct ctl_softc *softc = control_softc;
13506	struct ctl_thread *thr;
13507
13508	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13509	mtx_lock(&thr->queue_lock);
13510	STAILQ_INSERT_TAIL(&thr->done_queue, &io->io_hdr, links);
13511	mtx_unlock(&thr->queue_lock);
13512	wakeup(thr);
13513}
13514
13515static void
13516ctl_enqueue_isc(union ctl_io *io)
13517{
13518	struct ctl_softc *softc = control_softc;
13519	struct ctl_thread *thr;
13520
13521	thr = &softc->threads[io->io_hdr.nexus.targ_mapped_lun % worker_threads];
13522	mtx_lock(&thr->queue_lock);
13523	STAILQ_INSERT_TAIL(&thr->isc_queue, &io->io_hdr, links);
13524	mtx_unlock(&thr->queue_lock);
13525	wakeup(thr);
13526}
13527
13528/*
13529 *  vim: ts=8
13530 */
13531